Internet Engineering Task Force Juha Heinanen INTERNET DRAFT Telia Finland, Inc. Expires February 1999 August, 1998 Assured Forwarding PHB Group Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract This document proposes a general use Differentiated Services (DS) [Black] Per-Hop-Behavior (PHB) Group called Assured Forwarding (AF). AF PHB group consists of two code points AF1 and AF2. A DS node delivers packets marked as AF1 with a very small propability of loss, whereas packets marked as AF2 are delivered as best effort. The DS node will not reorder AF packets of the same microflow no matter if some of the packets are marked as AF1 and some as AF2. There is no timing requirements associated with the delivery of AF packets. 1. Overview and Purpose There is a demand for assured delivery of packets over IP networks, for example, when a company uses the Internet to interconnect its geographically distributes sites or wants to provide high quality access to its Web pages. It is desirable that the delivery assurance holds for a certain information rate, which can be exceeded on best effort basis. It is also important that the IP network does not reorder packets that belong to the same microflow no matter if the Heinanen Assured Forwarding PHB Group [Page 1] INTERNET DRAFT August, 1998 assurance holds only to some of the packets of the microflow. Assured Forwarding (AF) PHB group is a means for a provider DS domain to assure delivery of some portion of IP packets received from a customer DS domain and offer best effort delivery for some other portion of the packets without reordering packets that belong to the same microflow. Those packets that belong to the assured portion of the traffic are marked with AF code point AF1 and those packets that belong to the best effort portion are marked as with AF code point AF2. Together these two code points form the AF PHB group. In order to avoid discarding AF1 packets in case of congestion (and thus violating the SLA that the provider DS domain has given to the customer DS domain), the assumption is that the volume of AF1 packets that enter the provider DS domain is limited by traffic conditioning actions at the ingress to the domain. Such an assumption is not needed for AF2 packets, since the provider DS domain needs to deliver them only as best effort on the basis of available resources. The AF PHB group is proposed for general use. It can be used to implement either end-to-end or domain edge-to-domain edge services. 2. Queueing and Discard Behavior It is possible that some packets of the same microflow get marked with code point AF1 and some with code point AF2. In order to avoid reordering of packets within a microflow, a DS node must place all packets of the same microflow to the same queue in the same order in which they were received no matter if they are marked as AF1 or AF2. In order to protect AF1 packets from being discarded due to congestion, a DS node must start discarding AF2 packets well before the queue space allocated for the particular AF1 packets starts to fill up. The discard mechanism may be based, for example, on the RED algorithm. 3. Packet Promotion/Demotion AF packets may be promoted or demoted within the AF PHB group by traffic conditioning actions at the edge of a DS domain. Promoting means remarking an AF2 packet as an AF1 packet and demoting means remarking an AF1 packet as an AF2 packet. No re-marking of AF packets should occur inside the DS domain. In addition to promoting and demoting AF packets, the traffic conditioning actions at the edge of a DS domain may also include re- marking packets marked with the default (best effort) PHB code point with AF1 or AF2 code point. In order to avoid packet reordering, Heinanen Assured Forwarding PHB Group [Page 2] INTERNET DRAFT August, 1998 such re-marking must be applied to all or none of the packets of the same microflow. 4. Tunneling AF packets may be tunneled provided that the PHB of the tunneling packet does not reduce the level of delivery assurance of the tunneled AF packet and does not cause reordering of AF packets belonging to the same microflow. 5. Interactions with Other PHB Groups Other PHB groups may co-exist with the AF group within the same DS domain provided that AF1 packets need not be discarded in a DS node due to lack of resources caused by packets belonging to these other PHB groups. 6. Security Implications In order to protect itself against denial of service attacks, a DS domain must limit at the edge the volume of incoming AF1 packets. Also, in order to protect a link to a customer DS domain from denial of service attacks, the provider DS domain should allow the customer DS domain to specify how the link to the customer DS domain is allocated to AF packets. Because source IP address may be one of the allocation criterias, the provider DS domain should verify the source addresses of all received AF packets. References [Black] Black, David, et al., An Architecture for Differentiated Services. Internet draft draft-ietf-diffserv-arch-00.txt, May 1998. Author Information Juha Heinanen Telia Finland, Inc. Myyrmaentie 2 01600 VANTAA Finland Phone +358 303 944 808 Email jh@telia.fi Heinanen Assured Forwarding PHB Group [Page 3]