Internet Draft Harsha Hegde Expiration: August 2001 Intel Corp. Brad Stone Resonate, Inc. Load Balancing Policy Information Base draft-hegde-load-balancing-pib-00.txt February 2001 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119]. Abstract This document specifies a set of provisioning classes (PRC) for configuring load balancing at load balancing devices. Instances of these classes reside in a virtual information store called Load Balancing Policy Information Base (PIB). COPS protocol [COPS] with the extensions for provisioning [COPS-PR] may be used to transmit this load balancing policy information to load balancing devices (e.g., dedicated load balancers or load balancing switch).The PRCs defined in this load balancing PIB are intended for use by the COPS- PR load balancing client type. They complement the PRCs defined in the Framework PIB [FR-PIB]. [Page 1] Internet Draft Load Balancing PIB February 2001 Table of Contents Status of this Memo................................................1 Conventions used in this document..................................1 Abstract...........................................................1 1. Introduction....................................................3 2. Operation Overview..............................................3 3. Structure of Load Balancing PIB.................................4 3.1. Classifier Classes............................................4 3.2. Capabilities Classes..........................................4 3.3. Server Classes................................................4 3.4. Service Classes...............................................4 4. The Load Balancing PIB..........................................5 5. Security Considerations........................................15 6. Intellectual Property Considerations...........................16 7. Authors' Addresses.............................................16 8. References.....................................................16 Hegde,Stone Expires August 2001 [Page 2] Internet Draft Load Balancing PIB February 2001 1. Introduction Load Balancing is widely used to balance Internet traffic to and from multiple servers at e-business data centers. Load balancers could be dedicated devices just performing load balancing or the load balancing functionality could be built into switches. Today, load balancers from various vendors use proprietary methods to manage these devices. It is becoming difficult manage various devices found in an e-business data center since there is no standard way to manage them. Policy Based Management (PBM), as specified in [RAP-FRAMEWORK], is a good solution to manage load balancers and many other devices usually found in e-business data centers. In PBM, using the configuration model, a Policy Decision Point (PDP) downloads policies to Policy Enforcement Points (PEPs) whenever required. One way to provision policy is by means of the COPS protocol [COPS] with the extensions for provisioning [COPS-PR]. Load balancers act as PEPs and a PDP can provision the required policies to these devices. This document specifies the format of policy information required for load balancing in the form of PIB. The PIB contained in this draft is written using SPPI (Structure of Policy Provisioning Information) as specified in [SPPI]. It will be updated as SPPI updates. This PIB specifies PRovisioning Classes (PRCs) for configuring a load balancer. The PRCs defined in this load balancing PIB are intended for use by the COPS-PR load balancing client type. Furthermore, these PRCs are in addition the PRCs defined in the Framework PIB [FR-PIB]. 2. Operation Overview A brief description of interaction between PEP (load balancing device) and PDP (policy server) is given in the next paragraph. For a more detailed description of protocol exchange between PDP and provisioning PEPs, please see [COPS-PR]. Once TCP connection is established between the PEP and the PDP, the PEP sends a Client-Open message to the PDP, specifying load balancing client type. The PDP responds with a Client-Accept (CAT) message. The PDP may send a Client-Close message, if it does not recognize the load balancing client type. After receiving CAT message, the PEP sends a request (REQ) message to the PDP. The REQ message contains æconfiguration requestÆ context object and relevant PIB class instances that include the PEPÆs capabilities, supported PIB classes etc. The PDP then sends a Decision (DEC) message that includes all the PIB classes that are used to configure the PEP. They include filter groups, server groups, capabilities and service classes that connect filter groups, server groups and capabilities. Hegde,Stone Expires August 2001 [Page 3] Internet Draft Load Balancing PIB February 2001 The PEP uses the information in the DEC message and configures accordingly. The PEP then sends a Report-State (RPT) message to the PDP indicating success or failure to install the policies. The PEP may also send periodic RPT messages to inform about status of installed policies or to convey accounting/monitoring type information to the PDP. The PEP may issue updated REQ message if there is any change in its status and the PDP may send updated DEC message whenever necessary. The PEP can delete a request by sending Delete-Request (DRQ) message to the PDP. The PDP may also ask the PEP to delete an existing request state by sending a command via DEC message. Finally, Client-Close (CC) message is used to cancel the corresponding Client-Open message. 3. Structure of Load Balancing PIB The Load Balancing PIB consists of four main groups of PRCs. The first group contains PRCs for classification of incoming packets. The second group contains PRCs for load balancing capabilities or properties. The third group contains PRCs for data center servers and groups of servers. The fourth group contains PRCs for services that essentially tie instances of the first three groups together. 3.1. Classifier Classes This group contains a PRC for extending the IP filter defined in [FR-PIB] and a PRC for grouping of filters. A URL attribute is defined by a set of three attributes that form the extended filter used in the PIB. 3.2. Capabilities Classes This group contains a PRC that includes all the capabilities of a load balancer. This PRC is used both for notifying capabilities by PEP and for installing policies by PDP. 3.3. Server Classes This group contains a PRC for specifying a data center server and a PRC for grouping of these servers. 3.4. Service Classes This group contains a PRC that defines a service by combining instances of the other three classes mentioned above. Each instance of this PRC contains a pointer to a filter-group instance, a pointer to a capabilities instance and a pointer to a server-group instance, thus defining a complete policy. Hegde,Stone Expires August 2001 [Page 4] Internet Draft Load Balancing PIB February 2001 4. The Load Balancing PIB LOAD-BALANCING-PIB PIB-DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, TEXTUAL-CONVENTION, MODULE-COMPLIANCE, OBJECT-IDENTITY, OBJECT-GROUP FROM COPS-PR-SPPI TruthValue FROM SNMPv2-TC InstanceId, ReferenceId, TagId, TagReference FROM COPS-PR-SPPI-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddress, InetAddressType FROM INET-ADDRESS-MIB lbPolicyPib MODULE-IDENTITY SUBJECT-CATEGORIES SUBJECT-CATEGORY { tbd û Load Balancing Client Type } LAST-UPDATED "200102231000Z" ORGANIZATION " WG" CONTACT-INFO ö Harsha Hegde Intel Corporation MS JF3-206 2111 NE 25th Ave. Hillsboro, OR 97124 Phone: +1 503 264 1439 Fax: +1 503 264 3483 E-Mail: shriharsha.hegde@intel.com Brad Stone Resonate, Inc. 385 Moffett Park Drive Sunnyvale, CA 94089 Phone: +1 408 548 5929 Fax: +1 408 nnn nnnn Email: bstone@resonate.com ô DESCRIPTION "This PIB module contains a set of provisioning classes that describe load balancing policies." ::= { tbd } -- -- Classifier Classes -- lbClassifierClasses OBJECT IDENTIFIER ::= { lbPolicyPib 1 } Hegde,Stone Expires August 2001 [Page 5] Internet Draft Load Balancing PIB February 2001 -- -- Filter Table -- lbFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF LbFilterEntry PIB-ACCESS install STATUS current DESCRIPTION "This table consists of additional filters. The filters in this table extend the filters in frwkBaseFilterTable. A packet must match all the fields in a filter. Wildcards may be specified for those fields that are not relevant." ::= { lbClassifierClasses 1 } lbFilterEntry OBJECT-TYPE SYNTAX LbFilterEntry STATUS current DESCRIPTION "An instance of this class describes a filter. " EXTENDS { frwkIpFilterEntry } ::= { lbFilterTable 1 } LbFilterEntry ::= SEQUENCE { lbFilterUrlPrefix OCTET_STRING, lbFilterUrlDomain OCTET_STRING, lbFilterUrlSuffix OCTET_STRING } lbFilterUrlPrefix OBJECT-TYPE SYNTAX OCTET STRING STATUS current DESCRIPTION "The portion of an URL that identifies the protocol. for example, http,ftp. A æ*Æ character is used to match any string." ::= { lbFilterEntry 1 } lbFilterUrDomain OBJECT-TYPE SYNTAX OCTET STRING STATUS current DESCRIPTION "The portion of an URL that identifies the domain. for example, www.company.com. A æ*Æ character is used to match any string." ::= { lbFilterEntry 2 } lbFilterUrlSuffix OBJECT-TYPE Hegde,Stone Expires August 2001 [Page 6] Internet Draft Load Balancing PIB February 2001 SYNTAX OCTET STRING STATUS current DESCRIPTION "The portion of an URL that identifies the file name. for example, index.html, mypic.jpg. A æ*.*Æ string matches any file, a æ*.jpgÆ string matches all files with jpg extension, and a æindex.*Æ matches all æindexÆ files with any extension." ::= { lbFilterEntry 3 } -- -- Filter Group Table -- lbFilterGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF LbFilterGroupEntry PIB-ACCESS install STATUS current DESCRIPTION "A class that defines Filter Groups. Each Group being an ordered list of filters. Each instance of this class identifies one filter of a group and the precedence order of that filter with respect to other filters in the same group." ::= { lbClassifierClasses 2 } lbFilterGroupEntry OBJECT-TYPE SYNTAX LbFilterGroupEntry STATUS current DESCRIPTION "An instance of filter group." PIB-INDEX { lbFilterGroupPrid } ::= { lbFilterGroupTable 1 } LbFilterGroupEntry ::= SEQUENCE { lbFilterGroupPrid InstanceId, lbFilterGroupId TagId, lbFilterGroupFilterId ReferenceId, lbFilterGroupPriority Unsigned32 } lbFilterGroupPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index that uniquely identifies an instance of the lbFilterGroupEntry class." ::= { lbFilterGroupEntry 1 } Hegde,Stone Expires August 2001 [Page 7] Internet Draft Load Balancing PIB February 2001 lbFilterGroupId OBJECT-TYPE SYNTAX TagId STATUS current DESCRIPTION "An arbitrary integer that identifies the group of filters. The same lbFilterGroupId is used in all lbFilterGroupEntry instances that belong to a group." ::= { lbFilterGroupEntry 2 } lbFilterGroupFilterId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { lbFilterEntry } STATUS current DESCRIPTION "Pointer to an instance of filter. The filter with the same Id must be present." ::= { lbFilterGroupEntry 3 } lbFilterGroupPriority OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "An arbitrary integer index that specifies the position of this filter in the filter group. A filter with a given priority order is positioned in the filter group before one with a higher-value priority. Priority values within a group must be unique." ::= { lbFilterGroupEntry 4 } -- -- Capabilities Classes -- lbCapabilitiesClasses OBJECT IDENTIFIER ::= { lbPolicyPib 2 } -- -- Capabilities Table -- lbCapabilitiesTable OBJECT-TYPE SYNTAX SEQUENCE OF LbCapabilitiesEntry PIB-ACCESS install-notify STATUS current DESCRIPTION "This table consists of load balancer capabilities. Instances of this class are used by the PEP to notify PEP capabilities and by the PDP to install policies. The PDP must not install a capability not reported by the PEP " Hegde,Stone Expires August 2001 [Page 8] Internet Draft Load Balancing PIB February 2001 ::= { lbCapabilitiesClasses 1 } lbCapabilitiesEntry OBJECT-TYPE SYNTAX LbCapabilitiesEntry STATUS current DESCRIPTION "An instance of this class describes a set of capabilities of the load balancer or the capabilities applied to a service policy." ::= { lbCapabilitiesTable 1 } LbCapabilitiesEntry ::= SEQUENCE { lbCapPrid InstanceId, lbCapStickyMode BITS, lbCapHttpReturnCodes BITS, lbCapBalanceAlgorithm BITS, lbCapAlgorithmParams Prid, lbCapPreserveSrcAddr TruthValue, lbCapDirectReturn TruthValue } lbCapPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index that uniquely identifies an instance of the lbCapabilitiesEntry class." ::= { lbCapabilitiesEntry 1 } lbCapStickyMode OBJECT-TYPE SYNTAX BITS { cookieBased (1), sourceAddressBased (2) } STATUS current DESCRIPTION "Set of values indicating the type of Sticky Mode in this capabilities set. When PEP notifies PDP, the bits indicate the support of these mechanisms. When PDP installs policies, the bits indicate what mechanism must be used." ::= { lbCapabilitiesEntry 2 } lbCapReturnCodes OBJECT-TYPE SYNTAX BITS { http404(1), http505(2) } STATUS current DESCRIPTION "Set of values indicating the type of HTTP return codes that the load balancer can interpret and redirect the request to another server. When PEP notifies PDP, the bits indicate the ability to interpret the HTTP return codes. When PDP Hegde,Stone Expires August 2001 [Page 9] Internet Draft Load Balancing PIB February 2001 installs policies, the bits indicate enabling redirection on any of those HTTP return codes." ::= { lbCapabilitiesEntry 3 } lbCapBalanceAlgorithm OBJECT-TYPE SYNTAX BITS { roundRobin(1), weightedRoundRobin(2), leastConnections(3), weightedLeastConnections(4), fastestServerResponse(5), serverCpuUtilizaiton(6), priorityToUser(7) } STATUS current DESCRIPTION "Set of values indicating the type of server balance algorithm. When PEP notifies PDP, the bits indicate all the algorithms supported. When PDP installs policies the bits indicate only one algorithm that must be used. Additional parameters needed for the algorithm may be specified in another PRC instance identified by the lbCapAlgorithmParams attribute." ::= { lbCapabilitiesEntry 4 } lbCapAlgorithmParams OBJECT-TYPE SYNTAX Prid STATUS current DESCRIPTION "This points to PRI that contains parameters needed for a specific algorithm. The PRI pointed to must exist prior to the installation of this class. TBD: define parameters classes for all existing algorithms.ö ::= { lbCapabilitiesEntry 5 } lbCapPreserveSrcAddr OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "Indicates whether Source Address must be preserved when forwarding a request to server.ö ::= { lbCapabilitiesEntry 6 } lbCapDirectReturn OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "Indicates whether a response from data center server could go directly to client bypassing the load balancer.ö Hegde,Stone Expires August 2001 [Page 10] Internet Draft Load Balancing PIB February 2001 ::= { lbCapabilitiesEntry 7 } -- -- Server Classes -- lbServerClasses OBJECT IDENTIFIER ::= { lbPolicyPib 3 } -- -- Server Table -- lbServerTable OBJECT-TYPE SYNTAX SEQUENCE OF LbServerEntry PIB-ACCESS install STATUS current DESCRIPTION "This table consists of data center servers." ::= { lbCapabilitiesClasses 1 } lbServerEntry OBJECT-TYPE SYNTAX LbServerEntry STATUS current DESCRIPTION "An instance of this class describes a data center server." PIB-INDEX { lbServerPrid } ::= { lbServerTable 1 } LbServerEntry ::= SEQUENCE { lbServerPrid InstanceId, lbServerName SnmpAdminString, lbServerAddressType InetAddressType, lbServerAddress InetAddress, lbServerMode INTEGER } lbServerPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index that uniquely identifies an instance of the lbServerEntry class." ::= { lbServerEntry 1 } lbServerName OBJECT-TYPE SYNTAX SnmpAdminString STATUS current DESCRIPTION Hegde,Stone Expires August 2001 [Page 11] Internet Draft Load Balancing PIB February 2001 "A name for server." ::= { lbServerEntry 2 } lbServerAddressType OBJECT-TYPE SYNTAX InetAddressType STATUS current DESCRIPTION "Type of address for server." ::= { lbServerEntry 3 } lbServerAddress OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "Address (IP address or DNS Name) for server." ::= { lbServerEntry 4 } lbServerMode OBJECT-TYPE SYNTAX INTEGER { Disabled(0), Primary(1), Backup(2) } STATUS current DESCRIPTION "Indicates the mode of the server. Enumeration values are primary server (1) backup server (2) disabled (0)." ::= { lbServerEntry 5 } -- -- Server Group Table -- lbServerGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF LbServerGroupEntry PIB-ACCESS install STATUS current DESCRIPTION "A class that defines Server Groups. Each Group being an ordered list of data center servers. Each instance of this class identifies one server of a group and the precedence order of that server with respect to other servers in the same group." ::= { lbServerClasses 2 } lbServerGroupEntry OBJECT-TYPE SYNTAX LbServerGroupEntry Hegde,Stone Expires August 2001 [Page 12] Internet Draft Load Balancing PIB February 2001 STATUS current DESCRIPTION "An instance of server group." PIB-INDEX { lbServerGroupPrid } ::= { lbServerGroupTable 1 } LbServerGroupEntry ::= SEQUENCE { lbServerGroupPrid InstanceId, lbServerGroupId TagId, lbServerGroupServerId ReferenceId, lbServerGroupPriority Unsigned32 } lbServerGroupPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index that uniquely identifies an instance of the lbServerGroupEntry class." ::= { lbServerGroupEntry 1 } lbServerGroupId OBJECT-TYPE SYNTAX TagId STATUS current DESCRIPTION "An arbitrary integer that identifies the group of servers. The same lbServerGroupId is used in all lbServerGroupEntry instances that belong to a group." ::= { lbServerGroupEntry 2 } lbServerGroupServerId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { lbServerEntry } STATUS current DESCRIPTION "Pointer to an instance of server. The server with the same Id must be present." ::= { lbServerGroupEntry 3 } lbServerGroupPriority OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "An arbitrary integer index that specifies the position of this server in the server group. A server with a given priority order is positioned in the server group before one with a higher-value priority. Priority values within a group must be unique." Hegde,Stone Expires August 2001 [Page 13] Internet Draft Load Balancing PIB February 2001 ::= { lbServerGroupEntry 4 } -- -- Service Classes -- lbServiceClasses OBJECT IDENTIFIER ::= { lbPolicyPib 4 } -- -- Service Table -- lbServiceTable OBJECT-TYPE SYNTAX SEQUENCE OF LbServiceEntry PIB-ACCESS install STATUS current DESCRIPTION "This table consists of entries that combine filter groups, capabilities and server groups to form services." ::= { lbServiceClasses 1 } lbServiceEntry OBJECT-TYPE SYNTAX LbServiceEntry STATUS current DESCRIPTION "An instance of this class describes a service." PIB-INDEX { lbServicePrid } ::= { lbServiceTable 1 } LbServiceEntry ::= SEQUENCE { lbServicePrid InstanceId, lbServiceName SnmpAdminString, lbServiceFilterGroupId TagReference, lbServiceServerGroupId TagReference, lbServiceCapabilitiesId ReferenceId } lbServicePrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index that uniquely identifies an instance of the lbServiceEntry class." ::= { lbServiceEntry 1 } lbServiceName OBJECT-TYPE SYNTAX SnmpAdminString STATUS current DESCRIPTION Hegde,Stone Expires August 2001 [Page 14] Internet Draft Load Balancing PIB February 2001 "Name to identify a service." ::= { lbServiceEntry 2 } lbServiceFilterGroupId OBJECT-TYPE SYNTAX TagReference PIB-TAG { lbFilterGroupId } STATUS current DESCRIPTION "Pointer to a group of Filters. An instance of lbFilterGroupEntry with the same tag id must be present." ::= { lbServiceEntry 3 } lbServiceServerGroupId OBJECT-TYPE SYNTAX TagReference PIB-TAG { lbServerGroupId } STATUS current DESCRIPTION "Pointer to a group of Servers. An instance of lbServerGroupEntry with the same tag id must be present." ::= { lbServiceEntry 4 } lbServiceCapabilitiesId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { lbCapabilitiesEntry } STATUS current DESCRIPTION "Pointer to an instance of capabilities class. An instance of lbCapabilitiesEntry with the same tag id must be present." ::= { lbServiceEntry 5 } -- Compliance section -- TBD 5. Security Considerations The information contained in a PIB when transported by the COPS protocol [COPS-PR] may be sensitive, and its function of provisioning a PEP requires that only authorized communication take place. The use of IPSEC between PDP and PEP, as described in [COPS], provides the necessary protection against these threats. For a more detailed description of security considerations relevant to PIBs, please see [FR-PIB]. Hegde,Stone Expires August 2001 [Page 15] Internet Draft Load Balancing PIB February 2001 6. Intellectual Property Considerations The IETF is being notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. 7. Authors' Addresses Harsha Hegde Intel Corporation JF3-206 2111 NE 25th Ave Hillsboro, Oregon 97124 Phone: 503-264-1439 Email: shriharsha.hegde@intel.com Brad Stone Resonate, Inc. 385 Moffett Park Drive Sunnyvale, CA 94089 Phone: 408-548-5929 Email: bstone@resonate.com 8. References [COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and A. Sastry, "The COPS (Common Open Policy Service) Protocol" RFC 2748, January 2000. [COPS-PR] D. Durham, K. McCloghrie, J. Seligson, K. Chan, S. Gai, S. Herzog, A. Smith, R. Yavatkar, F. Reichmeyer., "COPS Usage for Policy Provisioning (COPS-PR)" draft-ietf-rap-cops-pr-05.txt, October 2000. [SPPI] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, R.Sahita, A. Smith, F. Reichmeyer., "Structure of Policy Provisioning Information," draft-ietf-rap-sppi-04.txt, January 2001. [FR-PIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, A. Smith, F. Reichmeyer "Framework Policy Information Base", Internet Draft ,November 2000 [RAP-FRAMEWORK] R. Yavatkar, D. Pendarakis, R. Guerin, "A Framework for Policy- based Admission Control", RFC 2753, January 2000. Hegde,Stone Expires August 2001 [Page 16] Internet Draft Load Balancing PIB February 2001 [SNMP-SMI] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Hegde,Stone Expires August 2001 [Page 17]