IPTEL Working Group J. Rosenberg, Bell Labs Internet Draft H. Salama, Cisco Systems draft-ietf-iptel-trip-00.txt M. Squire, Nortel Networks October 1999 Expires April 2000 Telephony Routing Information Protocol (TRIP) Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract This document presents the Telephony Routing Information Protocol (TRIP). TRIP is a policy driven inter-administrative domain protocol for advertising the reachability of telephony destinations between location servers, and for advertising attributes of the routes to those destinations. TRIP's operation is independent of any signaling protocol, hence TRIP can serve as the telephony routing protocol for any signaling protocol. The Border Gateway Protocol (BGP-4) is used to distribute routing information between administrative domains. TRIP is used to distribute telephony routing information between telephony administrative domains. The similarity between the two protocols is obvious, and hence TRIP is modeled after BGP-4. 2. Terminology A framework for a Gateway Location Protocol (GLP) is described in [1]. We assume the reader is familiar with the framework and terminology of [1]. TRIP is a specific instance of a Gateway Rosenberg, Salama, Squire 1 Internet Draft Telephony Routing over IP October 1999 Location Protocol, where GLP is used as a generic term for any inter-domain telephony routing protocol, and TRIP refers to the protocol specified in this document. We define and use the following terms in addition to those defined in [1]. Call Routing Information Base (CRIB): The database of reachable telephony destinations built and maintained at an LS as a result of its participation in TRIP. IP Telephony Administrative Domain (ITAD): The set of resources (gateways, location servers, etc.) under control of a single administrative authority. End users are customers of an ITAD. Less/More Specific Route. A route X is said to be less specific than a route Y if every destination in Y is also a destination in X, and X and Y are not equal. In this case, Y is also said to be more specific than X. Peers: Two LSs that share a logical association (a transport connection). If the LSs are in the same ITAD, they are internal peers. Otherwise, they are external peers. The logical association between two peer LSs is called a peering session. Telephony Routing Information Protocol (TRIP): The protocol defined in this specification. The function of TRIP is to advertise the reachability of telephony destinations, attributes associated with the destinations, as well as the attributes of the path towards those destinations. TRIP route: TRIP can be used to manage routing tables for multiple protocols (SIP, H323, etc.). In TRIP, a route is the combination of (a) a set of destinations (given by and address family and address prefix), and (b) an application protocol (SIP, H323, etc). 3. Introduction The gateway location and call routing problem has been introduced in [1]. It is considered one of the more difficult problems in IP telephony. The selection of an egress gateway for a telephony call, traversing an IP network towards an ultimate destination in the PSTN, is driven in large part by the policies of the various parties along the path, and by the relationships established between these parties. As such, a global directory of egress gateways in which users look up destination phone numbers is not a feasible solution. Rather, information about the availability of egress gateways is exchanged between providers, and subject to policy, made available locally and then propagated to other providers in other ITADs, thus creating call routes towards these egress gateways. This would allow each provider to create its own database of reachable phone numbers Rosenberg, Salama, Squire 2 Internet Draft Telephony Routing over IP October 1999 and the associated call routes - such a database could be very different for each provider depending on policy. TRIP is an inter-domain (i.e., inter-ITAD) gateway location and call routing protocol. The primary function of a TRIP speaker, called a location server (LS), is to exchange information with other LSs. This information includes the reachability of telephony destinations, the call routes towards these destinations, and information about gateways towards those telephony destinations residing in the PSTN. Thus TRIP satisfies the requirements of the GLP framework set forth in [1]. LSs exchange sufficient call routing information to construct a graph of ITAD connectivity so that call routing loops may be prevented. In addition, TRIP can be used to exchange attributes necessary to enforce policies and to select call routes based on path or gateway characteristics. This specification defines TRIP's transport and synchronization mechanisms, its finite state machine, and the TRIP data. This specification defines the basic attributes of TRIP. The TRIP attribute set is extendible, so additional TRIP attributes may be defined in future drafts. TRIP is modeled after the Border Gateway Protocol 4 (BGP-4) [2] and enhanced with some link state features as in the Open Shortest Path First (OSPF) protocol [3] and the Server Cache Synchronization Protocol (SCSP) [4]. TRIP uses BGP's inter-domain transport mechanism, BGP's peer communication, BGP's finite state machine, BGP's message formats, and some of BGP's attributes. Unlike BGP however, TRIP permits generic intra-domain LS topologies, which simplifies the configuration of intra-domain TRIP peers significantly, in contrast to BGP's full mesh requirement of internal BGP speakers. TRIP uses an intra-domain flooding mechanism similar to that used in OSPF [3] and SCSP [4]. TRIP permits aggregation of routes as they are advertised through the network. TRIP does not define a specific route selection algorithm. TRIP runs over a reliable transport protocol. This eliminates the need to implement explicit fragmentation, retransmission, acknowledgment, and sequencing. Any authentication scheme used by the transport protocol may be used in addition to TRIP's own authentication mechanisms. The error notification mechanism used in TRIP assumes that the transport protocol supports a "graceful" close, i.e., that all outstanding data will be delivered before the connection is closed. TRIP's operation is independent of any particular telephony signaling protocol. Therefore, TRIP can be used as the routing protocol for any of these protocols, e.g., H.323 [5] and SIP [6]. Rosenberg, Salama, Squire 3 Internet Draft Telephony Routing over IP October 1999 The LS peering topology is independent of the physical topology of the network. In addition, the boundaries of ITAD are independent of the boundaries of the layer 3 routing autonomous systems. Neither internal nor external TRIP peers need be physically adjacent. Editor's Note. Might want to beef up the intro a bit more. 4. Summary of Operation This section summarizes the operation of TRIP. Details are provided in later sections. 4.1 Peering Session Establishment and Maintenance Two peer LSs form a transport protocol connection between one another. They exchange messages to open and confirm the connection parameters, and to negotiate the capabilities of each LS as well as the type of information to be advertised of this connection. KEEPALIVE messages are sent periodically to ensure the liveness of the connection. NOTIFICATION messages are sent in response to errors or special conditions. If a connection encounters an error condition, a notification message is sent and the connection is closed. 4.2 Database Exchanges Once the peer connection has been established, the initial data flow is the LS's entire routing table. Incremental updates are sent as the TRIP routing tables change. TRIP does not require periodic refresh of the routes. Therefore, an LS must retain the current version of all routing entries. If a particular ITAD has multiple LSs and is providing transit service for other ITADs, then care must be taken to ensure a consistent view of routing within the ITAD. When synchronized the TRIP routing tables of all internal peers are identical. 4.3 Internal Versus External Synchronization As with BGP, TRIP distinguishes between internal and external peers. Within an ITAD, internal TRIP uses link-state mechanisms to flood database updates over an arbitrary topology. Externally, TRIP uses point-to-point peering relationships to exchange database information. Rosenberg, Salama, Squire 4 Internet Draft Telephony Routing over IP October 1999 To achieve internal synchronization, internal peer connections are configured between LSs of the same ITAD such that the resulting intra-domain LS topology is connected and sufficiently redundant. This is different from BGP's approach that requires all internal peers to be connected in a full mesh topology, which may result in scaling problems. When an update is received from an internal peer, the routes in the update are checked to determine if they are newer than the version already in the database. Newer routes are then flooded to all other peers in the same domain. 4.4 Advertising TRIP Routes In TRIP, a route is defined as the combination of (a) a set of destination addresses (given by an address family indicator and an address prefix), and (b) an application protocol (e.g. SIP, H323, etc.). Generally, there are additional attributes associated with each route (for example, the next-hop server). TRIP routes are advertised between pair of LSs in UPDATE messages. The destination addresses are included in the ReachableRoutes attribute of the UPDATE, while other attributes describe things like the path or egress gateway. If an LS chooses to advertise the TRIP route, it may add to or modify the attributes of the route before advertising it to a peer. TRIP provides mechanisms by which an LS can inform its peer that a previously advertised call route is no longer available for use. There are three methods by which a given LS can indicate that a route has been withdrawn from service: a) Include the route in the WithdrawnRoutes Attribute in an UPDATE message, thus marking the associated destinations as being no longer available for use. b) Advertise a replacement route with the same set of destinations in the ReachableRoutes Attribute. c) For external peers where flooding is not in use, the LS-to-LS peer connection can be closed, which implicitly removes from service all call routes which the pair of speakers had advertised to each other. Note that terminating an internal peering session does not necessarily remove the information advertised by the peer LS. 4.5 Call Routing Information Bases The Call Routing Information Base (CRIB) within an LS consists of three distinct parts: Rosenberg, Salama, Squire 5 Internet Draft Telephony Routing over IP October 1999 a) Adj-CRIBs-In: The Adj-CRIBs-In store routing information that has been learned from inbound UPDATE messages. Their contents represent TRIP routes that are available as an input to the Decision Process. These are the `unprocessed' routes received. The routes from each external peer LS and each internal LS are maintained in this database independently, so that updates from one peer do not effect the routes received from another LS. Note that there is an Adj-CRIBs-In for every LS within the domain, even those with which the LS is not directly peering. b) Loc-CRIB: The Loc-CRIB contains the local TRIP routing information that the LS has selected by applying its local policies to the call routing information contained in its Adj- CRIBs-In. c) Adj-CRIBs-Out: The Adj-CRIBs-Out store the information that the local LS has selected for advertisement to its external peers. The call routing information stored in the Adj-CRIBs-Out will be carried in the local LS's UPDATE messages and advertised to its peers. Figure 1 illustrates the relationship between the three parts of the call routing information base. Loc-CRIB . | Decision Process . | | . Adj-CRIBs-In Adj-CRIBs-Out Figure 1 CRIB Relationships Although the conceptual model distinguishes between Adj-CRIBs-In, Loc-CRIB, and Adj-CRIBs-Out, this neither implies nor requires that an implementation must maintain three separate copies of the routing information. The choice of implementation (for example, 3 copies of the information vs. 1 copy with pointers) is not constrained by the protocol. 5. Message Formats This section describes message formats used by TRIP. Messages are sent over a reliable transport protocol connection. A message MUST be processed only after it is entirely received. The maximum message size is 4096 octets. All implementations MUST support this maximum message size. The smallest message that MAY be sent consists of a TRIP header without a data portion, or 19 octets. Rosenberg, Salama, Squire 6 Internet Draft Telephony Routing over IP October 1999 5.1 Message Header Format Each message has a fixed-size header. There may or may not be a data portion following the header depending on the message type. The layout of the header fields is shown in Figure 2. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + + | Marker | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2 TRIP Header Marker: This 16-octet field contains a value that the receiver of the message can predict. If the Type of the message is OPEN, or if the OPEN message carries no Authentication Information (as an Optional Parameter), then the Marker must be all ones. Otherwise, the value of the marker can be predicted by some a computation specified as part of the authentication mechanism (which is specified as part of the Authentication Information). The Marker can be used to detect loss of synchronization between a pair of TRIP peers, and to authenticate incoming TRIP messages. Length: This 2-octet unsigned integer indicates the total length of the message, including the header, in octets. Thus, it allows one to locate in the transport-level stream the (Marker field of the) next message. The value of the Length field must always be at least 19 and no greater than 4096, and may be further constrained depending on the message type. No padding of extra data after the message is allowed, so the Length field must have the smallest value possible given the rest of the message. Type: This 1-octet unsigned integer indicates the type code of the message. The following type codes are defined Rosenberg, Salama, Squire 7 Internet Draft Telephony Routing over IP October 1999 1 - OPEN 2 - UPDATE 3 - NOTIFICATION 4 _ KEEPALIVE 5.2 OPEN Message Format After a transport protocol connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, UPDATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. In addition to the fixed-size TRIP header, the OPEN message contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version | My ITAD | Hold Time... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...cont | TRIP Identifier... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...cont | Opt Parm Len | Opt Parms... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... Optional Parameters (cont, variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3 TRIP OPEN Header Version: This 1-octed unsigned integer indicates the protocol version of the message. The current TRIP version number is 1. My ITAD System: This 2-octet unsigned integer indicates the ITAD number of the sender. Hold Time: This 2-octet unsigned integer indicates the number of seconds that the sender proposes for the value of the Hold Timer. Upon receipt of an OPEN message, an LS MUST calculate the value of the Hold Timer by using the smaller of its configured Hold Time and the Hold Time received in the OPEN message. The Hold Time MUST be either zero or at least three seconds. An implementation MAY reject connections on the basis of the Hold Time. The calculated value indicates the maximum number of seconds that may elapse between the Rosenberg, Salama, Squire 8 Internet Draft Telephony Routing over IP October 1999 receipt of successive KEEPALIVE and/or UPDATE messages by the sender. TRIP Identifier: This 4-octet unsigned integer indicates the TRIP Identifier of the sender. The TRIP Identifier MUST uniquely identify this LS within its ITAD. A given LS MAY set the value of its TRIP Identifier to an IPv4 address assigned to that LS. The value of the TRIP Identifier is determined on startup and MAY be different for different external peer connections, but MUST be the same for all internal peer connections. When comparing two TRIP identifiers, the TRIP Identifier is interpreted as a numerical 4-octet unsigned integer. Editor's Note [BGP]. Is the sentence about the TRIP ID restrictions ok(ie can it be different to different external peers)? Optional Parameters Length: This 2-octet unsigned integer indicates the total length of the Optional Parameters field in octets. If the value of this field is zero, no Optional Parameters are present. Optional Parameters: This field may contain a list of optional parameters, where each parameter is encoded as a triplet. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... | Parm. Type | Parm. Length | Parm Value... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... Figure 4 Optional Parameter Encoding Parameter Type is a one octet field that unambiguously identifies individual parameters. Parameter Length is a 2-octet field that contains the length of the Parameter Value field in octets. Parameter Value is a variable length field that is interpreted according to the value of the Parameter Type field. The minimum length of the OPEN message is 30 octets (including message header). OPEN messages not meeting this minimum requirement are handled as defined in Section 7.2. Rosenberg, Salama, Squire 9 Internet Draft Telephony Routing over IP October 1999 5.2.1 Open Message Optional Parameters This document defines the following Optional Parameters for the OPEN message. 5.2.1.1 Authentication Information Authentication Information uses Optional Parameter Type 1. This optional parameter may be used to authenticate data exchanges with a TRIP peer. The Parameter Value field contains a 1-octet Authentication Code followed by a variable length Authentication Data. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... | Auth. Code | Authentication Data (variable)... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... Figure 5 Authentication Information Optional Parameter Authentication Code: This 1-octet unsigned integer indicates the authentication mechanism being used. Whenever an authentication mechanism is specified for use within TRIP, three things must be included in the specification: - the value of the Authentication Code for that mechanism, - the form and meaning of the Authentication Data, and - the algorithm for computing values of Marker fields. Note that a separate authentication mechanism may be used in establishing the transport level connection. Authentication Data: The form and meaning of this field depend on the Authentication Code. Editor's Note [BGP]. Do we need this authentication parameter? Can't we just rely on IPSEC or TLS? This attribute seems useless unless some base authentication mechanisms are defined. If this attribute is useless, is Marker still needed? 5.2.1.2 Capability Information Capability Information uses Optional Parameter type 2. This is an optional parameter used by an LS to convey to its peer the list of Rosenberg, Salama, Squire 10 Internet Draft Telephony Routing over IP October 1999 capabilities supported by the LS. This permits an LS to learn of the capabilities of its peer LSs. Capability negotiation is defined in Section 9. The parameter contains one or more triples , where each triple is encoded as shown below: 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... | Cap. Code | Cap. Length | Capability Value (variable)... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... Figure 6 Capability Optional Parameter Capability Code: Capability Code is a one octet field that unambiguously identifies individual capabilities. Capability Length: Capability Length is a one octet field that contains the length of the Capability Value field in octets. Capability Value: Capability Value is a variable length field that is interpreted according to the value of the Capability Code field. A particular capability, as identified by its Capability Code, may appear more than once within the Optional Parameter. This document reserves Capability Codes 128-255 for vendor-specific applications. This document reserves value 0. Capability Codes (other than those reserved for vendor specific use) are assigned only by the IETF consensus process and IESG approval. The following Capability Codes are defined by this specification. a) Route Types Supported. The Route Types Supported Capability Code lists the route types supported in this peering session by the transmitting LS. An LS MUST NOT use route types that are not supported by the peer LS in any particular peering session. If the route types supported by a peer are not satisfactory, an LS MAY terminate the peering session. The format for a Route Type is: Rosenberg, Salama, Squire 11 Internet Draft Telephony Routing over IP October 1999 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Addr Fam | Appl Proto | Addr Fam | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 7 Route Types Supported Capability The Address Family and Application Protocol are as defined in Section 6.1.1. The first occurrence of Address Family lists the address family being routed(in the ReachableRoutes attribute). The second occurrence lists the underlying network address type (the type of address for the NextHopServer). The application protocol lists the application for which the routes apply. As an example, a route type for TRIP could be , indicating a set of E164 destinations for the SIP protocol being routed over an IPv4 network. The Route Types Supported Capability MAY contain multiple route types in the capability. The Capability Code is 1 and the length is variable. Editor's Note: Any other useful capabilities? 5.3 UPDATE Message Format UPDATE messages are used to transfer routing information between LSs. The information in the UPDATE packet can be used to construct a graph describing the relationships of the various ITADs. By applying rules to be discussed, routing information loops and some other anomalies may be prevented. An UPDATE message is used to both advertise and withdraw routes from service. An UPDATE message may simultaneously advertise and withdraw TRIP routes. In addition to the TRIP header, the TRIP UPDATE contains a list of routing attributes as shown in Figure 8. There is no padding between routing attributes. +------------------------------------------------+--... | First Route Attribute | Second Route Attribute | ... +------------------------------------------------+--... Figure 8 TRIP UPDATE Format The minimum length of an UPDATE message 27 octets (the TRIP header plus at least the WithdrawnRoutes and ReachableRoutes attributes). Rosenberg, Salama, Squire 12 Internet Draft Telephony Routing over IP October 1999 5.3.1 Routing Attributes A variable length sequence of routing attributes is present in every UPDATE message. Each attribute is a triple of variable length. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attr. Flags |Attr. Type Code| Attr. Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attribute Value (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 9 Routing Attribute Format Attribute Type is a two-octet field that consists of the Attribute Flags octet followed by the Attribute Type Code octet. The Attribute Type Code octet contains the Attribute Type Code. The basic TRIP-defined Attribute Type Codes are discussed later in this section. Attributes MUST appear in the UPDATE message in numerical order of the attribute Type Code. The third and the fourth octets of the call route attribute contain the length of the attribute value field in octets. The remaining octets of the attribute represent the Attribute Value and are interpreted according to the Attribute Flags and the Attribute Type Code. The basic supported attribute types, their values, and their uses are defined in this specification. These are the attributes necessary for proper loop free operation of TRIP, both inter-domain and intra-domain. Additional attributes may be defined in a future documents. 5.3.2 Attribute Flags It is clear that the set of attributes for TRIP will evolve over time. Hence it is essential that mechanisms be provided to handle attributes with unrecognized types. The handling of unrecognized attributes is controlled via the flags field of the attribute. Recognized attributes should be processed according to their specific definition. The following are the attribute flags defined by this specification: Bit Flag 0) Optional Flag 1) Transitive Flag 2) Dependent Flag 3) Partial Flag 4) Link-state Encapsulated Flag Rosenberg, Salama, Squire 13 Internet Draft Telephony Routing over IP October 1999 The high-order bit (bit 0) of the Attribute Flags octet is the Optional Bit. It defines whether the attribute is optional (if set to 1) or well-known (if set to 0). Implementations are not required support optional attributes, but MUST support well-known attributes. The second high-order bit (bit 1) of the Attribute Flags octet is the Transitive bit. It defines whether an optional attribute is transitive (if set to 1) or non-transitive (if set to 0). For well- known attributes, the Transitive bit MUST be set on transmit and MUST be ignored on receipt. The third high-order bit (bit 2) of the Attribute Flags octet is the Dependent bit. It defines whether a transitive attribute is dependent (if set to 1) or independent (if set to 0). For well-known attributes and for non-transitive attributes, the Dependent bit is irrelevant, and MUST be set to 1 on transmit and MUST be ignored on receipt. The fourth high-order bit (bit 3) of the Attribute Flags octet is the Partial bit. It defines whether the information contained in the optional transitive attribute is partial (if set to 1) or complete (if set to 0). For well-known attributes and for non-transitive attributes the Partial bit MUST be set to 0 on transmit and MUST be ignored on receipt. The fifth high-order bit (bit 4) of the Attribute Flags octet is the Link-state Encapsulation bit. This bit is only applicable to certain attributes (ReachableRoutes and WithdrawnRoutes) and determines the encapsulation of the routes within those attributes. If set, link-state encapsulation is used within the attribute. Otherwise, standard encapsulation is used within the attribute. The Link-state Encapsulation technique is described in Section 5.3.2.4. This flag is only valid on the ReachableRoutes and WithdrawnRoutes attributes. It MUST be cleared on transmit and MUST be ignored on receipt for all other attributes. The other bits of the Attribute Flags octet are unused. They MUST be zeroed on transmit and ignored on receipt. 5.3.2.1 Attribute Flags and Route Selection If an LS receives an UPDATE with a well-known attribute that has an unrecognized type, then the LS MUST ignore the ReachableRoutes within that message. If an LS receives an optional attribute with an unrecognized type, then it MUST process the attribute according to the Attribute Flags. If a recognized attribute is received for which the flags are not properly set, that attribute should be ignored and not propagated. Any recognized attribute can be used as input to the route selection Rosenberg, Salama, Squire 14 Internet Draft Telephony Routing over IP October 1999 process, although the utility of some attributes in route selection is minimal. 5.3.2.2 Attribute Flags and Route Dissemination TRIP provides for two variations of transitivity due to the fact that intermediate LSs need not modify the NextHopServer when propagating routes. Attributes may be non-transitive, dependent transitive, or independent transitive. An attribute cannot be both dependent transitive and independent transitive. Unrecognized *independent* transitive attributes may be propagated by any intermediate LS. Unrecognized *dependent* transitive attributes MAY only be propagated if the LS is NOT changing the next-hop server. The transitivity variations permit some attributes to be carried end-to-end (independent transitive), some to be carried between adjacent next-hop servers (dependent transitive), and other to be restricted to peer LSs (non-transitive). An LS that passes an unrecognized transitive attribute to a peer MUST set the Partial flag on that attribute. Any LS along a path MAY insert a transitive attribute into a route. If any LS except the originating LS inserts a new transitive attribute into a route, then it MUST set the Partial flag on that attribute. The Partial flag indicates that not every LS along the relevant path has processed and understood the attribute. For independent transitive attributes, the "relevant path" is the path given in the AdvertisementPath attribute, while for dependent transitive attributes, the relevant path is only those domains that have passed this object since the NextHopServer was last modified. The Partial flag in an independent transitive attribute MUST NOT be unset by any other LS along the path. The Partial flag in a dependent transitive attribute MUST be reset whenever the next-hop is changed, but MUST NOT be unset by any LS that is not changing the NextHopServer. The rules governing the addition of new non-transitive attributes are defined independently for each non-transitive attribute. Any attribute MAY be updated by an LS in the path. 5.3.2.3 Attribute Flags and Route Aggregation Each attribute defines how it is to be handled during route aggregation. The rules governing the handling of unknown attributes are guided by the Attribute Flags. Unrecognized transitive attributes are dropped during aggregation. There should be no unrecognized non-transitive attributes during aggregation because non-transitive attributes must be processed by the local LS in order to be propagated. Rosenberg, Salama, Squire 15 Internet Draft Telephony Routing over IP October 1999 Editor's Note: Are we still discussing other possibilities for handling unknown attributes during aggregation? 5.3.2.4 Attribute Flags Encapsulation Normally attributes have the simple format as described in Section 5.3.1. If the Link-state Encapsulation Flag is set, then the two additional fields are added to the attribute header as shown in Figure 10. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attr. Flags |Attr. Type Code| Attr. Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator TRIP Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attribute Value (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 10 Link State Encapsulation The Originator TRIP ID and Sequence Number are used to control the flooding of routing updates within a collection of servers. These fields are used to detect duplicate and old routes so that they are not further propagated within the servers. The use of these fields is defined in Section 11.1. 5.3.3 Mandatory Attributes Certain attributes are mandatory, they must be in every UPDATE message. Mandatory attributes are identified in their definition. By definition, mandatory attributes are also well-known. UPDATE messages that do not include all mandatory attributes are discarded. 5.3.4 TRIP UPDATE Attributes This section summarizes the attributes that may be carried in an UPDATE message. Attributes MUST appear in the UPDATE message in increasing order of the Attribute Type Code. Additional details are provided in Section 6. 5.3.4.1 WithdrawnRoutes This attribute lists a set of routes that are being withdrawn from service. The transmitting LS has determined that these routes should no longer be advertised, and is propagating this information to its peers. Rosenberg, Salama, Squire 16 Internet Draft Telephony Routing over IP October 1999 5.3.4.2 ReachableRoutes This attribute lists set of routes that are being added to service. These routes have the potential to be inserted into the Adj-CRIBs-In of the receiving LS. 5.3.4.3 NextHopServer This attribute gives the network address of the entity to which messages should be sent along this routed path. The NextHopServer is specific to the set of destinations and application protocol defined in the ReachableRoutes attribute. Note that this is NOT the address to which media (voice, video, etc.) should be transmitted, only the application protocol given in ReachableRoutes. Unlike BGP4 [4], the next-hop server need not share a subnet with the LS, nor must an LS advertise only one of its own IP addresses as the next- hop. An LS MAY advertise a next-hop with which it does not share a subnet. 5.3.4.4 AdvertisementPath The AdvertisementPath is analogous to the AS_PATH in BGP4 [2]. The attribute records the sequence of domains through which this advertisement has passed. The attribute is used to detect when the routing advertisement is looping. This attribute does NOT reflect the path through which messages following this route would traverse. Since the next-hop need not be modified by each LS, the actual path to the destination might not have to traverse every domain in the AdvertisementPath. 5.3.4.5 RoutedPath The RoutedPath attribute is analogous to the AdvertisementPath attribute, except that it records the actual path (given by the list of domains) *to* the destinations. Unlike AdvertisementPath, which is modified each time the route is propagated, RoutedPath is only modified when the NextHopServer attribute changes. Thus, it records the subset of the AdvertisementPath over which messages following this particular route would traverse. 5.3.4.6 AtomicAggregate The AtomicAggregate attribute indicates that a route may actually include domains not listed in the RoutedPath. If an LS, when presented with a set of overlapping routes from a peer LS, selects a less specific route without selecting the more specific route, then the LS MUST include the AtomicAggregate attribute with the route. An LS receiving a route with an AtomicAggregate attribute MUST NOT make the set of destinations more specific when advertising it to other LSs. Rosenberg, Salama, Squire 17 Internet Draft Telephony Routing over IP October 1999 5.3.4.7 LocalPreference The LocalPreference attribute is an intra-domain attribute used to inform other LSs of the local LSs preference for a given route. Other LSs within the same ITAD use this attribute in their route selection process. This attribute has no significance between domains. Editor's Note. Clarify whether LocalPreference carries the computed preference at the domain's ingress LS. Editor's Note. Want/need Community attribute? 5.3.4.8 MultiExitDisc Two administrative domains may be connected by more than one pair of LSs. The MultiExitDisc attribute is used by an LS to express a preference for one link between the domains over another link between the domains. The use of the MultiExitDisc attribute is controlled by local policy. 5.3.4.9 LastModifiedBy Editor's Note [BGP]. Still need to work out adequate security. Is transport security enough? Should we permit per attribute signing via a new flag (ie new flag set indicates attribute in a 'signed' format with some type of authentication? 5.4 KEEPALIVE Message Format TRIP does not use any transport protocol-based keep-alive mechanism to determine if peers are reachable. Instead, KEEPALIVE messages are exchanged between peers often enough as not to cause the Hold Timer to expire. A reasonable maximum time between KEEPALIVE messages would be one third of the Hold Time interval. KEEPALIVE messages MUST NOT be sent more frequently than one per second. An implementation MAY adjust the rate at which it sends KEEPALIVE messages as a function of the negotiated Hold Time interval. If the negotiated Hold Time interval is zero, then periodic KEEPALIVE messages MUST NOT be sent. KEEPALIVE message consists of only message header and has a length of 19 octets. 5.5 NOTIFICATION Message Format Rosenberg, Salama, Squire 18 Internet Draft Telephony Routing over IP October 1999 A NOTIFICATION message is sent when an error condition is detected. The TRIP transport connection is closed immediately after sending a NOTIFICATION message In addition to the fixed-size TRIP header, the NOTIFICATION message contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error Code | Error Subcode | Data... (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 11 TRIP NOTIFICATION Format Error Code: This 1-octet unsigned integer indicates the type of NOTIFICATION. The following Error Codes have been defined: Error Code Symbolic Name Reference 1 Message Header Error Section 7.1 2 OPEN Message Error Section 7.2 3 UPDATE Message Error Section 7.3 4 Hold Timer Expired Section 7.5 5 Finite State Machine Error Section 7.6 6 Cease Section 7.7 Error Subcode: This 1-octet unsigned integer provides more specific information about the nature of the reported error. Each Error Code may have one or more Error Subcodes associated with it. If no appropriate Error Subcode is defined, then a zero (Unspecific) value is used for the Error Subcode field. Message Header Error Subcodes: 1 - Connection Not Synchronized. 2 - Bad Message Length. 3 - Bad Message Type. OPEN Message Error Subcodes: 1 - Unsupported Version Number. 2 - Bad Peer ITAD. 3 - Bad TRIP Identifier. 4 - Unsupported Optional Parameter. 5 - Authentication Failure. Rosenberg, Salama, Squire 19 Internet Draft Telephony Routing over IP October 1999 6 - Unacceptable Hold Time. 7 - Unsupported Capability. UPDATE Message Error Subcodes: 1 - Malformed Attribute List. 2 - Unrecognized Well-known Attribute. 3 - Missing Well-known Mandatory Attribute. 4 - Attribute Flags Error. 5 - Attribute Length Error. 6 - Invalid Attribute. Data: This variable-length field is used to diagnose the reason for the NOTIFICATION. The contents of the Data field depend upon the Error Code and Error Subcode. Note that the length of the Data field can be determined from the message Length field by the formula: Data Length = Message Length - 21 The minimum length of the NOTIFICATION message is 21 octets (including message header). Editor's Note. Generally, lengths are 2 bytes. Should types be one or two bytes? 6. TRIP Attributes This section provides details on the syntax and semantics of each TRIP UPDATE attribute. 6.1 WithdrawnRoutes Mandatory: TRUE. Required Flags: Well-known, Transitive. Potential Flags: Link-State Encapsulation (when flooding). TRIP Type Code: 1 The WithdrawnRoutes attribute MUST be included in every UPDATE message. It specifies a set of routes that are to be removed from service by the receiving LS(s). The set of routes MAY be empty. This is indicated by setting the length field to zero. 6.1.1 Syntax of WithdrawnRoutes Rosenberg, Salama, Squire 20 Internet Draft Telephony Routing over IP October 1999 The WithdrawnRoutes Attribute encodes a sequence of routes in its value field. The format for individual routes is given in Section 6.1.1.1. The WithdrawnRoutes Attribute lists the individual routes sequentially with no padding as shown in Figure 12. Each route includes a length field so that the individual routes within the attribute can be delineated. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... | WithdrawnRoute1... | WithdrawnRoute2... | ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... Figure 12 WithdrawnRoutes Format 6.1.1.1 Generic TRIP Route Format The generic format for a TRIP route is given in Figure 13. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Family | Applic Proto | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 13 Generic TRIP Route Format Address Family: The address family field gives the type of address for the route. Address families are defined in RFC 1700 [XXX]. Application Protocol: The application protocol gives the protocol for which this routing table is maintained. The currently defined application protocols are: 1) SIP 2) H323 Additional application protocols may be defined in the future. Length: The length of the address field, in bytes. Address: Rosenberg, Salama, Squire 21 Internet Draft Telephony Routing over IP October 1999 An address (prefix) of the family type given by Address Family. The octet length of the address is variable and is determined by the length field of the route. 6.1.1.2 Encoding of E164 Numbers A set of telephone numbers is specified by an E164 number prefix. E164 prefixes are represented by a string of digits, each digit encoded by its ASCII character representation. All phone numbers starting with this prefix are covered by this routing object. The syntax for the phone number prefix is: phone-number-bound = *phone-digit phone-digit = DIGIT DIGIT = '0'|'1'|'2'|'3'|'4'|'5'|'6'|'7'|'8'|'9' This format is similar to the format for a global telephone number as defined in SIP [6] without visual separators and without the international `+' prefix. This format facilitates efficient comparison when using TRIP to route SIP or H323, both of which use character based representations of phone numbers. The length of the prefix is given by the length field of the route. 6.2 ReachableRoutes Mandatory: TRUE. Required Flags: Well-known, Transitive. Potential Flags: Link-State Encapsulation (when flooding). Trip Type Code: 2 The ReachableRoutes attribute MUST be included in every UPDATE message. It specifies a set of routes that are to be added to service by the receiving LS(s). The set of routes MAY be empty, this is indicated by setting the length field to zero. 6.2.1 Syntax of ReachableRoutes The ReachableRoutes Attribute has the same syntax as the WithdrawnRoutes Attribute. See Section 6.1.1. 6.2.2 Route Origination and ReachableRoutes Routes are injected into TRIP by a method outside the scope of this specification. Possible methods include a front-end protocol, an intra-domain routing protocol, or static configuration. 6.2.3 Route Selection and ReachableRoutes The routes in ReachableRoutes are a necessary criteria for route selection. Rosenberg, Salama, Squire 22 Internet Draft Telephony Routing over IP October 1999 6.2.4 Aggregation and ReachableRoutes To aggregate multiple routes, the set of ReachableRoutes to be aggregated MUST combine to form a less specific set. There is no mechanism within TRIP to communicate that a particular address prefix is `invalid' and thus that aggregation could be performed by skipping these invalid addresses. LSs MAY use methods outside of TRIP to learn of invalid prefixes over which aggregation may be performed. 6.2.5 Route Dissemination and ReachableRoutes The ReachableRoutes attribute is recomputed at each LS except where flooding is being used (e.g., within a domain). 6.2.6 E164 Number Specifics A gateway that can reach all valid numbers in a specific prefix SHOULD advertise that prefix as the ReachableRoutes, even if there are more specific prefixes that do not actually exist on the PSTN. Generally, it takes 10 E164 prefixes of length n to aggregate into a prefix of length n-1. However, if an LS is aware that a prefix is an invalid PSTN prefix, then the LS MAY aggregate by skipping this prefix. For example, if the prefix +19191 is known not to exist, then an LS can aggregate to +1919 without +19191. A prefix representing an invalid set of PSTN destinations is sometimes referred to as a "black-hole". The method by which an LS is aware of black-holes is not within the scope of TRIP, but if an LS has such knowledge, it can use the knowledge when aggregating. 6.3 NextHopServer Mandatory: True. Required Flags: Well-known, Transitive. Potential Flags: None. TRIP Type Code: TBD. Given a route with application protocol A and destinations D, the NextHopServer indicates the next-hop that messages of protocol A destined for D should be sent. This may or may not represent the ultimate destination of those messages. 6.3.1 NextHopServer Syntax For generality, the address of the next-hop server may be of various types (IPv4, IPv6, etc). The NextHopServer attribute includes an address type identifier, address length, and a next-hop address. Rosenberg, Salama, Squire 23 Internet Draft Telephony Routing over IP October 1999 The type of address is given by an Address Family Identifier as defined in RFC1700 [XXX]. The syntax for the NextHopServer is given in Figure XXX. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Hop ITAD | Address Family | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Address (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 14 NextHopServer Syntax The Next-Hop ITAD indicates the domain of the next-hop. The Address Family field gives the type of address in use, the Length field gives the number of octets in the Address field, and the Address field contains the network address of the next-hop server. Editor's Note. How can we work the TCP/UDP protocol and ports in here? Have a _Subnetwork Address Field?_ Do we need these? Is Next Hop ITAD useful enough to put in there? 6.3.2 Route Origination and NextHopServer When an LS originates a routing object into TRIP, it MUST include a NextHopServer within its domain. The NextHopServer could be an address of the egress gateway or of a signaling proxy. 6.3.3 Route Selection and NextHopServer LS policy may prefer certain next-hops or next-hop domains over others. 6.3.4 Aggregation and NextHopServer When aggregating multiple routing objects into a single routing object, an LS MUST insert a new signaling server from within its domain as the new NextHopServer unless all of the routes being aggregated have the same next-hop. 6.3.5 Route Dissemination and NextHopSignalingServer When propagating routing objects to peers, an LS may choose to insert an address of a signaling proxy within its domain as the new next-hop, or it may leave the next-hop unchanged. Inserting a new address as the next-hop will cause the signaling messages to be sent to that address, and will provide finer control over the signaling path. Leaving the next-hop unchanged will yield a more efficient Rosenberg, Salama, Squire 24 Internet Draft Telephony Routing over IP October 1999 signaling path (ie fewer hops). It is a local policy decision of the LS to decide whether to propagate or change the NextHopServer. 6.4 AdvertisementPath Mandatory: TRUE. Required Flags: Well-known, Transitive. Potential Flags: Partial. TRIP Type Code: TBD. This attribute identifies the ITADs through which routing information carried in an advertisement has passed. The AdvertisementPath attribute is analogous to the AS_PATH attribute in BGP. The attributes differ in that BGP's AS_PATH also reflects the path to the destination. In TRIP, the next-hop need not be modified by every domain along the path, so the AdvertisementPath may include many more hops than the actual path to the destination. The RoutedPath attribute (Section 6.5) reflects the actual routed path to the destination. 6.4.1 AdvertisementPath Syntax AdvertisementPath is a variable length attribute that is composed of a sequence of ITAD path segments. Each ITAD path segment is represented by a triple . The path segment type is a 1-octet long field with the following values defined: Value Segment Type 1. AP_SET: unordered set of ITADs a route in the advertisement message has traversed 2. AP_SEQUENCE: ordered set of ITADs a route in the advertisement message has traversed The path segment length is a 1-octet long field containing the number of ITADs in the path segment value field. The path segment value field contains one or more ITAD numbers, each encoded as a 2-octets long field. ITAD numbers uniquely identify an Internet Telephony Administrative Domain, and must be obtained from IANA. See Section XXX for procedures to obtain an ITAD number from IANA. 6.4.2 Route Origination and AdvertisementPath When an LS originates a route then: Rosenberg, Salama, Squire 25 Internet Draft Telephony Routing over IP October 1999 a) The originating LS shall include its own ITAD number in the AdvertisementPath attribute of all advertisements sent to LSs located in neighboring ITADs. In this case, the ITAD number of the originating LS's ITAD will be the only entry in the AdvertisementPath attribute. b) The originating LS shall include an empty AdvertisementPath attribute in all advertisements sent to LSs located in its own ITAD. An empty AdvertisementPath attribute is one whose length field contains the value zero. 6.4.3 Route Selection and AdvertisementPath The AdvertisementPath may be used for route selection. Possible criteria to be used are the number of hops on the path and the presence or absence of particular ITADs on the path. As discussed in Section 11, the AdvertisementPath is used to prevent routing information from looping. If an LS receives a route with its own ITAD already in the AdvertisementPath, the route MUST be discarded. 6.4.4 Aggregation and AdvertisementPath The rules for aggregating AdvertisementPath attributes are given in the following sections, where the term `path' used in Section 6.4.4.1 and 6.4.4.2 is understood to mean AdvertisementPath. 6.4.4.1 Aggregating Routes with Identical Paths If all routes to be aggregated have identical path attributes, then the aggregated route has the same path attribute as the individual routes. 6.4.4.2 Aggregating Routes with Different Paths For the purpose of aggregating path attributes we model each ITAD within the path as a tuple , where "type" identifies a type of the path segment the ITAD belongs to (e.g. AP_SEQUENCE, AP_SET), and "value" is the ITAD number. Two ITADs are said to be the same if their corresponding are the same. If the routes to be aggregated have different path attributes, then the aggregated path attribute shall satisfy all of the following conditions: - All tuples of the type AP_SEQUENCE in the aggregated path MUST appear in all of the paths of routes to be aggregated. - All tuples of the type AP_SET in the aggregated path MUST appear in at least one of the paths of the initial set (they may appear as either AP_SET or AP_SEQUENCE types). Rosenberg, Salama, Squire 26 Internet Draft Telephony Routing over IP October 1999 - For any tuple X of the type AP_SEQUENCE that precedes tuple Y in the aggregated path, X precedes Y in each path of the initial set that contains Y, regardless of the type of Y. - No tuple with the same value shall appear more than once in the aggregated path, regardless of the tuple's type. An implementation may choose any algorithm that conforms to these rules. At a minimum a conformant implementation MUST be able to perform the following algorithm that meets all of the above conditions: - Determine the longest leading sequence of tuples (as defined above) common to all the paths of the routes to be aggregated. Make this sequence the leading sequence of the aggregated path. - Set the type of the rest of the tuples from the paths of the routes to be aggregated to AP_SET, and append them to the aggregated path. - If the aggregated path has more than one tuple with the same value (regardless of tuple's type), eliminate all, but one such tuple by deleting tuples of the type AP_SET from the aggregated path. An implementation which chooses to provide a path aggregation algorithm which retains significant amounts of path information may wish to use the procedure of Section 6.4.4.3. 6.4.4.3 Example Path Aggregation Algorithm An example algorithm to aggregate two paths works as follows: a) Identify the ITADs (as defined in Section 6.4.1) within each path attribute that are in the same relative order within both path attributes. Two ITADs, X and Y, are said to be in the same order if either X precedes Y in both paths, or if Y precedes X in both paths. b) The aggregated path consists of ITADs identified in (a) in exactly the same order as they appear in the paths to be aggregated. If two consecutive ITADs identified in (a) do not immediately follow each other in both of the paths to be aggregated, then the intervening ITADs (ITADs that are between the two consecutive ITADs that are the same) in both attributes are combined into an AP_SET path segment that consists of the intervening ITADs from both paths; this segment is then placed in between the two consecutive ITADs identified in (a) of the aggregated attribute. If two consecutive ITADs identified in (a) immediately follow each other in one attribute, but do not follow in another, then the intervening ITADs of the latter are combined into an AP_SET path segment; this segment is then placed in between the two consecutive ITADs identified in (a) of the aggregated path. Rosenberg, Salama, Squire 27 Internet Draft Telephony Routing over IP October 1999 If as a result of the above procedure a given ITAD number appears more than once within the aggregated path, all, but the last instance (rightmost occurrence) of that ITAD number should be removed from the aggregated path. 6.4.5 Route Dissemination and AdvertisementPath When an LS propagates a route which it has learned from another LS, it shall modify the route's AdvertisementPath attribute based on the location of the LS to which the route will be sent. a) When a LS advertises a route to another LS located in its own ITAD, the advertising LS MUST NOT modify the AdvertisementPath attribute associated with the route. b) When a LS advertises a route to an LS located in a neighboring ITAD, then the advertising LS MUST update the AdvertisementPath attribute as follows: 1) If the first path segment of the AdvertisementPath is of type AP_SEQUENCE, the local system shall prepend its own ITAD number as the last element of the sequence (put it in the leftmost position). 2) If the first path segment of the AdvertisementPath is of type AP_SET, the local system shall prepend a new path segment of type AP_SEQUENCE to the AdvertisementPath, including its own ITAD number in that segment. 6.5 RoutedPath Mandatory: False. Required Flags: Well-known, Transitive. Potential Flags: Partial. TRIP Type Code: TBD. Editor's Note. Should this be mandatory? This attribute identifies the ITADs through which messages sent using this route would pass. The ITADs in this path are a subset of those in the AdvertisementPath. 6.5.1 RoutedPath Syntax The syntax of the RoutedPath attribute is the same as that of the AdvertisementPath attribute. 6.5.2 Route Origination and RoutedPath Rosenberg, Salama, Squire 28 Internet Draft Telephony Routing over IP October 1999 When an LS originates a route it MAY include the RoutedPath attribute. If the originating LS includes the RoutedPath attribute then: a) The originating LS shall include its own ITAD number in the RoutedPath attribute of all advertisements sent to LSs located in neighboring ITADs. In this case, the ITAD number of the originating LS's ITAD will be the only entry in the RoutedPath attribute. b) The originating LS shall include an empty RoutedPath attribute in all advertisements sent to LSs located in its own ITAD. An empty RoutedPath attribute is one whose length field contains the value zero. 6.5.3 Route Selection and RoutedPath The RoutedPath MAY be used for route selection, and in most cases is preferred over the AdvertisementPath for this role. Possible criteria to be used are the number of hops on the path and the presence or absence of particular ITADs on the path. 6.5.4 Aggregation and RoutedPath The rules for aggregating RoutedPath attributes are given in Section 6.4.4.1 and 6.4.4.2, where the term `path' used in Section 6.4.4.1 and 6.4.4.2 is understood to mean RoutedPath. 6.5.5 Route Dissemination and RoutedPath When an LS propagates a route which it has learned from another LS, it shall modify the route's RoutedPath attribute based on the location of the LS to which the route is sent. a) When a LS advertises a route to another LS located in its own ITAD, the advertising LS MUST NOT modify the RoutedPath attribute associated with the route. b) If the LS has not changed the NextHopServer attribute, then the LS MUST NOT change the RoutedPath attribute. c) Otherwise, the LS has changed the NextHopServer and is advertising the route to an LS in another ITAD. The advertising LS MUST update the RoutedPath attribute as follows: 1) If the first path segment of the RoutedPath is of type AP_SEQUENCE, the local system shall prepend its own ITAD number as the last element of the sequence (put it in the leftmost position). 2) If the first path segment of the RoutedPath is of type AP_SET, the local system shall prepend a new path segment of type Rosenberg, Salama, Squire 29 Internet Draft Telephony Routing over IP October 1999 AP_SEQUENCE to the RoutedPath, including its own ITAD number in that segment. 6.6 AtomicAggregate Mandatory: False. Required Flags: Well-known, Transitive. Potential Flags: None. TRIP Type Code: TBD. The AtomicAggregate attribute indicates that a route may traverse domains not listed in the RoutedPath. If an LS, when presented with a set of overlapping routes from a peer LS, selects the less specific route without selecting the more specific route, then the LS includes the AtomicAggregate attribute with the routing object. 6.6.1 AtomicAggregate Syntax This attribute has length zero (0), the value field is empty. 6.6.2 Route Origination and AtomicAggregate Routes are never originated with the AtomicAggregate attribute. 6.6.3 Route Selection and AtomicAggregate The AtomicAggregate attribute may be used in route selection _ it indicates that the RoutedPath may be incomplete. 6.6.4 Aggregation and AtomicAggregate If any of the routes to aggregate has the AtomicAggregate attribute, then so should the resultant aggregate. 6.6.5 Route Dissemination and AtomicAggregate If an LS, when presented with a set of overlapping routes from a peer LS, selects the less specific route (see Section 2) without selecting the more specific route, then the LS MUST include the AtomicAggregate attribute with the routing object (if it is not already present). An LS receiving a routing object with an AtomicAggregate attribute MUST NOT make the set of destinations more specific when advertising it to other LSs, and MUST NOT remove the attribute when propagating this object to a peer LS. Rosenberg, Salama, Squire 30 Internet Draft Telephony Routing over IP October 1999 6.7 LocalPreference Mandatory: False. Required Flags: Well-known, Transitive. Potential Flags: None. TRIP Type Code: TBD. The LocalPreference attribute is used intra-domain only, it indicates the local LS's preference for the routing object to other LSs within the same domain. This attribute MUST NOT be included when communicating to an LS in another domain, and MUST be included over intra-domain links. 6.7.1 LocalPreference Syntax The LocalPreference attribute is a 4-octet unsigned numeric value. A higher value indicates a higher preference. 6.7.2 Route Origination and LocalPreference Routes MUST NOT be originated with the LocalPreference attribute to inter-domain peers Routes to intra-domain peers MUST be originated with LocalPreference. 6.7.3 Route Selection and LocalPreference The LocalPreference attribute allows one LS in a domain to calculate a preference for a route, and to communicate this preference to other LSs in the domain. During route selection, an LS may determine its own preference for a route received from an intra- domain LS, or it may use the LocalPreference attribute as its preference. 6.7.4 Aggregation and LocalPreference The LocalPreference attribute is not affected by aggregation. 6.7.5 Route Dissemination and LocalPreference An LS MUST include the LocalPreference attribute when communicating with peer LSs within its own domain. An LS MUST NOT include the LocalPreference attribute when communicating with LSs in other domains. LocalPreference attributes received from inter-domain peers MUST be ignored. 6.8 MultiExitDisc Mandatory: False. Required Flags: Well-known, Transitive. Potential Flags: None. Rosenberg, Salama, Squire 31 Internet Draft Telephony Routing over IP October 1999 TRIP Type Code: TBD. When two ITADs are connected by more than one set of peers, the MultiExitDisc attribute may be used to specify preferences for routes received over one of those links versus routes received over other links. The MultiExitDisc parameter is used only for route selection. 6.8.1 MultiExitDisc Syntax The MultiExitDisc attribute carries a 4-octet unsigned numeric value. A lower value represents a more preferred routing object. 6.8.2 Route Origination and MultiExitDisc Routes originated to intra-domain peers MUST NOT be originated with the MultiExitDisc attribute. When originating a route to an inter- domain peer, the MultiExitDisc attribute may be included. 6.8.3 Route Selection and MultiExitDisc The MultiExitDisc attribute is used to express a preference when there are multiple links between two domains. If all other factors are equal, then a route with a lower MultiExitDisc attribute is preferred over a route with a higher MultiExitDisc attribute. 6.8.4 Aggregation and MultiExitDisc Routes with differing MultiExitDisc parameters MUST NOT be aggregated. Routes with the same value in the MultiExitDisc attribute MAY be aggregated and the same MultiExitDisc attribute attached to the aggregated object. 6.8.5 Route Dissemination and MultiExitDisc If received from a peer LS in another domain, a LS MAY propagate the MultiExitDisc to other LSs within its domain. The MultiExitDisc attribute MUST NOT be propagated to LSs in other domains. An LS may add the MultiExitDisc attribute when propagating routing objects to an LS in another domain. The inclusion of the MultiExitDisc attribute is a matter of policy, as is the value of the attribute. 6.9 ITAD Topology Mandatory: False. Required Flags: Well-known, Transitive, Link-State encapsulated. Potential Flags: None. TRIP Type Code: TBD. Rosenberg, Salama, Squire 32 Internet Draft Telephony Routing over IP October 1999 Within an ITAD, each LS must know the status of other LSs so that LS failure can be detected. To do this, each LS advertises its internal topology to other LSs within the domain. When an LS detects that another LS is no longer active, the information sourced by that LS can be deleted (the Adj-CRIB-In for that peer may be cleared). The ITAD Topology attribute is used to communicate this information to other LSs within the domain. Editor's Note. Two methods for this function are possible. One method advertises the topology, requires LSs to update their topology only when their internal peer set changes, and requires LSs to calculate to which LSs are active within their domain via a connectivity algorithm on the topology. The second option would require an LS to periodically issue a `keep-alive' type advertisement that gets flooded within the domain. LSs would determine which LSs are active by the set of received keep-alives. We are suggesting the former method as it allows faster detection of failure. 6.9.1 ITAD Topology Syntax The ITAD Topology attribute indicates the LSs with which the LS is currently peering. The attribute consists of a list of the TRIP Identifiers with which the LS is currently peering, the format is given in Figure 15. This attribute MUST use the link-state encapsulation as defined in Section 5.3.2.4. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TRIP Identifier 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TRIP Identifier 2 ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 15 ITAD Topology Syntax 6.9.2 Route Origination and ITAD Topology The ITAD Topology attribute is independent of any routes in the UPDATE. Whenever the set of internal peers of a LS changes, it MUST originate an UPDATE with the ITAD Topology Attribute included listing the current set of internal peers. The LS MUST include this attribute in the first UPDATE it sends to a peer after the peering session is established. 6.9.3 Route Selection and ITAD Topology Rosenberg, Salama, Squire 33 Internet Draft Telephony Routing over IP October 1999 This attribute is independent of any routing information in the UPDATE. When an LS receives an UPDATE with an ITAD Topology attribute, it MUST compute the set of LSs currently active in the domain by performing a connectivity test on the ITAD topology as given by the set of originated ITAD Topology attributes. The LS MUST locally purge the Adj-CRIB-In for any LS that is no longer active in the domain. The LS MUST NOT propagate this purging information to other LSs as they will make make a similar decision. 6.9.4 Aggregation and ITAD Topology This information never leaves the domain and is does not affect aggregation. 6.9.5 Route Dissemination and ITAD Topology If received from a peer LS in another domain, a LS MUST ignore the attribute. An LS MUST NOT send this attribute to any inter-domain peers. 6.10 Considerations for Defining new TRIP Attributes Editor's Note: Text to be added. 7. TRIP Error Detection and Handling This section describes errors to be detected and the actions to be taken while processing TRIP messages. When any of the conditions described here are detected, a NOTIFICATION message with the indicated Error Code, Error Subcode, and Data fields MUST be sent, and the TRIP connection MUST be closed. If no Error Subcode is specified, then a zero Subcode MUST be used. The phrase "the TRIP connection is closed" means that the transport protocol connection has been closed and that all resources for that TRIP connection have been deallocated. If the connection was inter- domain, then routing table entries associated with the remote peer MUST be marked as invalid. Routing table entries MUST NOT be marked as invalid if an internal peering session is terminated. The fact that the routes have become invalid is passed to other TRIP peers before the routes are deleted from the system. Unless specified explicitly, the Data field of the NOTIFICATION message that is sent to indicate an error MUST be empty. Rosenberg, Salama, Squire 34 Internet Draft Telephony Routing over IP October 1999 7.1 Message Header Error Detection and Handling All errors detected while processing the Message Header are indicated by sending the NOTIFICATION message with Error Code _Message Header Error_. The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every message. The expected value of the Marker field of the message header is all ones if the message type is OPEN. The expected value of the Marker field for all other types of TRIP messages is determined based on the presence of the Authentication Information Optional Parameter in the TRIP OPEN message and the actual authentication mechanism (if the Authentication Information in the TRIP OPEN message is present). If the Marker field of the message header is not the expected one, then a synchronization error has occurred and the Error Subcode MUST be set to "Connection Not Synchronized." If the Length field of the message header is less than 19 or greater than 4096, or if the Length field of an OPEN message is less than the minimum length of the OPEN message, or if the Length field of an UPDATE message is less than the minimum length of the UPDATE message, or if the Length field of a KEEPALIVE message is not equal to 19, or if the Length field of a NOTIFICATION message is less than the minimum length of the NOTIFICATION message, then the Error Subcode MUST be set to "Bad Message Length." The Data field contains the erroneous Length field. If the Type field of the message header is not recognized, then the Error Subcode MUST be set to "Bad Message Type." The Data field contains the erroneous Type field. 7.2 OPEN Message Error Detection and Handling All errors detected while processing the OPEN message are indicated by sending the NOTIFICATION message with Error Code "OPEN Message Error." The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every OPEN message. If the version number contained in the Version field of the received OPEN message is not supported, then the Error Subcode MUST be set to "Unsupported Version Number." The Data field is a 2-octet unsigned integer, which indicates the largest locally supported version number less than the version the remote TRIP peer bid (as indicated in the received OPEN message). Rosenberg, Salama, Squire 35 Internet Draft Telephony Routing over IP October 1999 If the ITAD field of the OPEN message is unacceptable, then the Error Subcode MUST be set to "Bad Peer ITAD." The determination of acceptable ITAD numbers is outside the scope of this protocol. If the Hold Time field of the OPEN message is unacceptable, then the Error Subcode MUST be set to "Unacceptable Hold Time." An implementation MUST reject Hold Time values of one or two seconds. An implementation MAY reject any proposed Hold Time. An implementation which accepts a Hold Time MUST use the negotiated value for the Hold Time. If the TRIP Identifier field of the OPEN message is not valid, then the Error Subcode MUST be set to "Bad TRIP Identifier." A TRIP identifier is 4-octets and can take any value. An LS considers the TRIP Identifier invalid if it has an already open connection with another peer LS that has the same ITAD and TRIP Identifier. Any two LSs within the same ITAD MUST NOT have equal TRIP Identifier values. This restriction does not apply to LSs in differrent ITADs since the purpose is to uniquely identify an LS using its TRIP Identifier and its ITAD number. If one of the Optional Parameters in the OPEN message is not recognized, then the Error Subcode MUST be set to "Unsupported Optional Parameters." If the OPEN message carries Authentication Information (as an Optional Parameter), then the corresponding authentication procedure is invoked. If the authentication procedure (based on Authentication Code and Authentication Data) fails, then the Error Subcode MUST be set to "Authentication Failure." If the Optional Parameters of the OPEN message include Capability Information with an unsupported capability (unsupported in either capability type or value), then the Error Subcode MUST be set to "Unsupported Capability," and the entirety of the unsupported capabilities are listed in the Data field of the NOTIFICATION message. 7.3 UPDATE Message Error Detection and Handling All errors detected while processing the UPDATE message are indicated by sending the NOTIFICATION message with Error Code UPDATE Message Error. The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every UPDATE message. These error checks MUST occur before flooding procedures are invoked with internal peers. If any recognized attribute has Attribute Flags that conflict with the Attribute Type Code, then the Error Subcode MUST be set to Rosenberg, Salama, Squire 36 Internet Draft Telephony Routing over IP October 1999 "Attribute Flags Error." The Data field contains the erroneous attribute (type, length and value). If any recognized attribute has Attribute Length that conflicts with the expected length (based on the attribute type code), then the Error Subcode MUST be set to "Attribute Length Error." The Data field contains the erroneous attribute (type, length and value). If any of the mandatory well-known attributes are not present, then the Error Subcode MUST be set to "Missing Well-known Mandatory Attribute." The Data field contains the Attribute Type Code of the missing well-known mandatory attributes. If any of the mandatory well-known attributes are not recognized, then the Error Subcode MUST be set to "Unrecognized Well-known Attribute." The Data field contains the unrecognized attribute (type, length and value). If any attribute has a syntactically incorrect value, or an undefined value, then the Error Subcode is set to "Invalid Attribute." The Data field contains the incorrect attribute (type, length and value). Such a NOTIFICATION message is sent, for example, when a NextHopServer attribute is received with an invalid address. The information carried by the AdvertisementPath attribute is checked for ITAD loops. ITAD loop detection is done by scanning the full advertisement path, and checking that the ITAD number of the local ITAD does not appear in the advertisement path. If the local ITAD number appears in the advertisement path, then the route MAY be stored in the Adj-CRIB-In, but unless the LS is configured to accept call routes with its own ITAD in the advertisement path, the call route MUST not be passed to the TRIP Decision Process. Operations of an LS that is configured to accept call routes with its own ITAD number in the advertisement path are outside the scope of this document. If the UPDATE message was received from an internal peer and either the WithdrawnRoutes, ReachableRoutes, or ITAD Topology attribute does not have the Link-State Encapsulation flag set, then the Error Subcode is set to "Invalid Attribute" and the data field contains the attribute. Likewise, the attribute is invalid if received from an external peer and the Link-State Flag is set. If any attribute appears more than once in the UPDATE message, then the Error Subcode is set to "Malformed Attribute List." 7.4 NOTIFICATION Message Error Detection and Handling If a peer sends a NOTIFICATION message, and there is an error in that message, there is unfortunately no means of reporting this Rosenberg, Salama, Squire 37 Internet Draft Telephony Routing over IP October 1999 error via a subsequent NOTIFICATION message. Any such error, such as an unrecognized Error Code or Error Subcode, should be noticed, logged locally, and brought to the attention of the administration of the peer. The means to do this, however, are outside the scope of this document. 7.5 Hold Timer Expired Error Handling If a system does not receive successive messages within the period specified by the negotiated Hold Time, then a NOTIFICATION message with "Hold Timer Expired" Error Code MUST be sent and the TRIP connection MUST be closed. 7.6 Finite State Machine Error Handling An error detected by the TRIP Finite State Machine (e.g., receipt of an unexpected event) MUST result in sending a NOTIFICATION message with Error Code "Finite State Machine Error" and the TRIP connection MUST be closed. 7.7 Cease In the absence of any fatal errors (that are indicated in this section), a TRIP peer MAY choose at any given time to close its TRIP connection by sending the NOTIFICATION message with Error Code "Cease." However, the Cease NOTIFICATION message MUST NOT be used when a fatal error indicated by this section exists. 7.8 Connection Collision Detection If a pair of LSs try simultaneously to establish a transport connection to each other, then two parallel connections between this pair of speakers might well be formed. We refer to this situation as connection collision. Clearly, one of these connections must be closed. Based on the value of the TRIP Identifier a convention is established for detecting which TRIP connection is to be preserved when a collision occurs. The convention is to compare the TRIP Identifiers of the peers involved in the collision and to retain only the connection initiated by the LS with the higher-valued TRIP Identifier. Upon receipt of an OPEN message, the local LS MUST examine all of its connections that are in the OpenConfirm state. An LS MAY also examine connections in an OpenSent state if it knows the TRIP Identifier of the peer by means outside of the protocol. If among Rosenberg, Salama, Squire 38 Internet Draft Telephony Routing over IP October 1999 these connections there is a connection to a remote LS whose TRIP Identifier equals the one in the OPEN message, then the local LS MUST perform the following collision resolution procedure: 1. The TRIP Identifier of the local LS is compared to the TRIP Identifier of the remote LS (as specified in the OPEN message). Comparing TRIP Identifiers is done by treating them as 4-octet unsigned integers. 2. If the value of the local TRIP Identifier is less than the remote one, the local LS MUST close the TRIP connection that already exists (the one that is already in the OpenConfirm state), and accepts the TRIP connection initiated by the remote LS. 3. Otherwise, the local LS closes newly created TRIP connection (the one associated with the newly received OPEN message), and continues to use the existing one (the one that is already in the OpenConfirm state). If a connection collision occurs with an existing TRIP connection that is in the Established state, then the LS MUST unconditionally close of the newly created connection. Note that a connection collision cannot be detected with connections that are in Idle, Connect, or Active states. To close the TRIP connection (that results from the collision resolution procedure), an LS MUST send a NOTIFICATION message with the Error Code "Cease" and the TRIP connection MUST be closed. Editor's Note [BGP]. Above text mostly directly from BGP-4, but is the following a problem: A and B open connections to each other simultaneously, and both send OPENs. Both connections are in OPEN_SENT for the initiator. Then both receive the OPENS. A receives the OPEN over the connection initiated by B, but its other connection is in OpenSent (not OpenConfirm). So it doesn't examine the other connection and both stay up. Is this right? Is there a BGP4 problem? 8. TRIP Version Negotiation Peer LSs may negotiate the version of the protocol by making multiple attempts to open a TRIP connection, starting with the highest version number each supports. If an open attempt fails with an Error Code "OPEN Message Error" and an Error Subcode "Unsupported Version Number," then the LS has available the version number it tried, the version number its peer tried, the version number passed by its peer in the NOTIFICATION message, and the version numbers that it supports. If the two peers support one or more common Rosenberg, Salama, Squire 39 Internet Draft Telephony Routing over IP October 1999 versions, then this will allow them to rapidly determine the highest common version. In order to support TRIP version negotiation, future versions of TRIP must retain the format of the OPEN and NOTIFICATION messages. 9. TRIP Capability Negotiation An LS MAY include the Capabilities Option in its OPEN message to a peer to indicate the capabilities supported by the LS. An LS receiving an OPEN message MUST NOT use any capabilities that were not included in the OPEN message of the peer when communicating with that peer. 10. TRIP Finite State Machine This section specifies TRIP operation in terms of a Finite State Machine (FSM). Following is a brief summary and overview of TRIP operations by state as determined by this FSM. A condensed version of the TRIP FSM is found in Appendix 1. There is a TRIP FSM per peer and these FSMs operate independently. Idle state: Initially TRIP is in the Idle state for each peer. In this state, TRIP refuses all incoming connections. No resources are allocated to the peer. In response to the Start event (initiated by either the system or the operator), the local system initializes all TRIP resources, starts the ConnectRetry timer, initiates a transport connection to the peer, starts listening for a connection that may be initiated by the remote TRIP peer, and changes its state to Connect. The exact value of the ConnectRetry timer is a local matter, but should be sufficiently large to allow TCP initialization. If an LS detects an error, it closes the transport connection and changes its state to Idle. Transitioning from the Idle state requires generation of the Start event. If such an event is generated automatically, then persistent TRIP errors may result in persistent flapping of the LS. To avoid such a condition, Start events MUST NOT be generated immediately for a peer that was previously transitioned to Idle due to an error. For a peer that was previously transitioned to Idle due to an error, the time between consecutive generation of Start events, if such events are generated automatically, MUST exponentially increase. The value of the initial timer SHOULD be 60 seconds, and the time SHOULD be at least doubled for each consecutive retry up to some maximum value. Any other event received in the Idle state is ignored. Rosenberg, Salama, Squire 40 Internet Draft Telephony Routing over IP October 1999 Connect state: In this state, an LS is waiting for a transport protocol connection to be completed to the peer, and is listening for inbound transport connections from the peer. If the transport protocol connection succeeds, the local LS clears the ConnectRetry timer, completes initialization, sends an OPEN message to its peer, sets its Hold Timer to a large value, and changes its state to OpenSent. A Hold Timer value of 4 minutes is suggested. If the transport protocol connect fails (e.g., retransmission timeout), the local system restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote LS, and changes its state to Active state. In response to the ConnectRetry timer expired event, the local LS cancels any outstanding transport connection to the peer, restarts the ConnectRetry timer, initiates a transport connection to the remote LS, continues to listen for a connection that may be initiated by the remote LS, and stays in the Connect state. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. The Start event is ignored in the Connect state. In response to any other event (initiated by either the system or the operator), the local system releases all TRIP resources associated with this connection and changes its state to Idle. Active state: In this state, an LS is listening for an inbound connection from the peer, but is not in the process of initiating a connection to the peer.. If the inbound transport protocol connection succeeds, the local LS clears the ConnectRetry timer, completes initialization, sends an OPEN message to its peer, sets its Hold Timer to a large value, Rosenberg, Salama, Squire 41 Internet Draft Telephony Routing over IP October 1999 and changes its state to OpenSent. A Hold Timer value of 4 minutes is suggested. In response to the ConnectRetry timer expired event, the local system restarts the ConnectRetry timer, initiates a transport connection to the TRIP peer, continues to listen for a connection that may be initiated by the remote TRIP peer, and changes its state to Connect. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. Start event is ignored in the Active state. In response to any other event (initiated by either the system or the operator), the local system releases all TRIP resources associated with this connection and changes its state to Idle. OpenSent state: In this state, an LS has sent an OPEN message to its peer and is waiting for an OPEN message from its peer. When an OPEN message is received, all fields are checked for correctness. If the TRIP message header checking or OPEN message checking detects an error (see Section7.2) or a connection collision (see Section7.8) the local system sends a NOTIFICATION message and changes its state to Idle. If there are no errors in the OPEN message, TRIP sends a KEEPALIVE message and sets a KeepAlive timer. The Hold Timer, which was originally set to a large value (see above), is replaced with the negotiated Hold Time value (see Section 5.2). If the negotiated Hold Time value is zero, then the Hold Time timer and KeepAlive timers are not started. If the value of the ITAD field is the same as the local ITAD number, then the connection is an "internal" connection; otherwise, it is "external" (this will effect UPDATE processing). Finally, the state is changed to OpenConfirm. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. Rosenberg, Salama, Squire 42 Internet Draft Telephony Routing over IP October 1999 If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. If the Hold Timer expires, the local LS sends NOTIFICATION message with Error Code "Hold Timer Expired" and changes its state to Idle. In response to the Stop event (initiated by either system or operator) the local LS sends NOTIFICATION message with Error Code "Cease" and changes its state to Idle. The Start event is ignored in the OpenSent state. In response to any other event the local LS sends NOTIFICATION message with Error Code "Finite State Machine Error" and changes its state to Idle. Whenever TRIP changes its state from OpenSent to Idle, it closes the transport connection and releases all resources associated with that connection. OpenConfirm state: In this state, an LS has sent an OPEN to its peer, received an OPEN from its peer, and sent a KEEPALIVE in response to the OPEN. The LS is now waiting for a KEEPALIVE or NOTIFICATION message in response to its OPEN. If the local LS receives a KEEPALIVE message, it changes its state to Established. If the Hold Timer expires before a KEEPALIVE message is received, the local LS sends NOTIFICATION message with Error Code "Hold Timer Expired" and changes its state to Idle. If the local LS receives a NOTIFICATION message, it changes its state to Idle. If the KeepAlive timer expires, the local LS sends a KEEPALIVE message and restarts its KeepAlive timer. If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. Rosenberg, Salama, Squire 43 Internet Draft Telephony Routing over IP October 1999 In response to the Stop event (initiated by either the system or the operator) the local LS sends NOTIFICATION message with Error Code "Cease" and changes its state to Idle. Start event is ignored in the OpenConfirm state. In response to any other event the local LS sends NOTIFICATION message with Error Code "Finite State Machine Error" and changes its state to Idle. Whenever TRIP changes its state from OpenConfirm to Idle, it closes the transport connection and releases all resources associated with that connection. Established state: In the Established state, an LS can exchange UPDATE, NOTIFICATION, and KEEPALIVE messages with its peer. If the negotiated Hold Timer is zero, then no procedures are necessary for keeping a peering session alive. If the negotiated Hold Time value is non-zero, the procedures of this paragraph apply. If the Hold Timer expires, the local LS sends a NOTIFICATION message with Error Code "Hold Timer Expired" and changes its state to Idle. If the KeepAlive Timer expires, then the local LS sends a KeepAlive message and restarts the KeepAlive Timer. If the local LS receives an UPDATE or KEEPALIVE message, then it restarts its Hold Timer. Each time the LS sends an UPDATE or KEEPALIVE message, it restarts its KeepAlive Timer. If the local LS receives a NOTIFICATION message, it changes its state to Idle. If the local LS receives an UPDATE message and the UPDATE message error handling procedure (see Section7.3) detects an error, the local LS sends a NOTIFICATION message and changes its state to Idle. If a disconnect notification is received from the underlying transport protocol, the local LS changes its state to Idle. In response to the Stop event (initiated by either the system or the operator), the local LS sends a NOTIFICATION message with Error Code "Cease" and changes its state to Idle. The Start event is ignored in the Established state. In response to any other event, the local LS sends NOTIFICATION message with Error Code _Finite State Machine Error_ and changes its state to Idle. Rosenberg, Salama, Squire 44 Internet Draft Telephony Routing over IP October 1999 Whenever TRIP changes its state from Established to Idle, it closes the transport) connection, releases all resources associated with that connection. Additionally, if the peer is an external peer, the LS deletes all routes derived from that connection. 11. UPDATE Message Handling An UPDATE message may be received only in the Established state. When an UPDATE message is received, each field is checked for validity as specified in Section 7.3. The rest of this section presumes that the UPDATE message has passed the error-checking procedures of Section 7.3. If the UPDATE message was received from an internal peer, the flooding procedures of Section 11.1 MUST be applied. The flooding process synchronizes the databases of all LSs within the domain. Certain routes within the UPDATE may be marked as old or duplicates by the flooding process and are ignored during the rest of the UPDATE processing. If the UPDATE message contains withdrawn call routes, then the corresponding previously advertised call routes shall be removed from the Adj-CRIB-In. This LS MUST run its Decision Process since the previously advertised call route is no longer available for use. If the UPDATE message contains a call route, then the route MUST be placed in the appropriate Adj-CRIB-In, and the following additional actions MUST be taken: i) If its destinations are identical to those of a call route currently stored in the Adj-CRIB-In, then the new call route MUST replace the older route in the Adj-CRIB-In, thus implicitly withdrawing the older call route from service. The LS MUST run its Decision Process since the older call route is no longer available for use. ii) If the new call route is more specific than an earlier route contained in the Adj-CRIB-In and has identical attributes, then no further actions are necessary. iii) If the new call route is more specific than an earlier call route contained in the Adj-CRIB-In but does not have identical attributes, then the LS MUST run its Decision Process since the more specific call route has implicitly made a portion of the less specific call route unavailable for use. Rosenberg, Salama, Squire 45 Internet Draft Telephony Routing over IP October 1999 iv) If the new call route has destinations that are not present in any of the routes currently stored in the Adj-CRIB-In, then the LS MUST run its Decision Process. v) If the new call route is less specific than an earlier call route contained in the Adj-CRIB-In, the LS MUST run its Decision Process on the set of destinations that are described only by the less specific call route. 11.1 Flooding Process When an LS receives an UPDATE message from an internal peer, the LS floods the new information from that message to all of its other internal peers. Flooding is used to efficiently synchronize all of the LSs within a domain without putting any constraints on the domain's internal topology. The flooding mechanism is based on the techniques used in OSPF [3] and SCSP [4]. 11.1.1 Database Information The LS MUST maintain the sequence number and originating TRIP identifier for each link-state encapsulated attribute in an internal Adj-CRIB-In. These values are included with the route in the ReachableRoutes, WithdrawnRoutes, and ITAD Topology attributes. The originating TRIP identifier gives the internal LS that originated this route into the ITAD, the sequence number gives the version of this route at that originating LS. 11.1.2 Determining Newness For each route in the ReachableRoutes or WithdrawnRoutes field, the LS determines if the route is new or old. This is determined by comparing the Sequence Number of the route in the UPDATE with the Sequence Number of the route saved in the Adj-CRIB-In. The route is new if either the route does not exist in the Adj-CRIB-In for the originating LS, or if the route does exist in the Adj-CRIB-In but the Sequence Number in the UPDATE is greater than the Sequence Number saved in the Adj-CRIBs-In. Note that the newness test is independently applied to each link-state encapsulated attribute in the UPDATE (WithdrawnRoutes or ReachableRoutes). 11.1.3 Flooding Each route in the ReachableRoutes or WithdrawnRoutes field that is determined to be old is ignored in further processing. If the route is determined to be new then the following actions occur. a) If the route is being withdrawn, then 1)If the WithdrawnRoutes attribute has the Acknowledgement Flag set then this is an acknowledgement of a route withdrawn by the Rosenberg, Salama, Squire 46 Internet Draft Telephony Routing over IP October 1999 local LS. The local LS MUST NOT flood this withdraw to its peers. 2)Otherwise, the Acknowledgement Flag is not set and this route is being withdrawn by the peer. The LS MUST mark the route as `withdrawn' in the Adj-CRIB-In, send a withdrawn acknowledgement back to the peer that sent the UPDATE (see Section 11.1.5), and flood the withdraw to all other internal peers. The route MUST not be deleted until the withdraw has been acknowledged by each internal peer. b) If the route is being updated but the route is marked as `withdrawn' in the Adj-CRIB-In, then 1) if the route came from a peer that had already acknowledged the withdraw, the new route information MUST be preserved and processed after the withdraw is acknowledged by all of the internal peers. 2) If the route came from a peer that had not yet acknowledged the withdraw, then the new route information is discarded _ the peer had not yet processed the transmitted withdraw when this route was sent. c) Otherwise, the route MUST be updated in the Adj-CRIB-In and flooded to the other internal peers. If these procedures result in changes to the Adj-CRIB-In, then the route is also made available for local route processing as described early in Section 11. The acknowledgement of a withdrawn route is necessary so that if a route is withdrawn and then re-entered, the re-entered version may have a lower sequence number but still be 'newer', so special actions must be taken to ensure that the withdrawal actually happens. To implement flooding, the following is recommended. All routes received in a single UPDATE message that are found to be new may be forwarded to all other internal peers in a single UPDATE message. Other variations on flooding are possible, but the local LS MUST ensure that each new route (and any associated attributes) received from an internal peer get forwarded to every other internal peer. 11.1.4 Sequence Number Considerations The Sequence Number is used to determine when one version of a route is newer than another version of a route. A larger Sequence Number indicates a newer version. The Sequence Number is assigned by the LS originating the route into the local ITAD. The Sequence Number is a signed 4-octet integer in the range _2^31+1 (0x80000001), called MinSequenceNum, to 2^31-1 (0x7fffffff), called Rosenberg, Salama, Squire 47 Internet Draft Telephony Routing over IP October 1999 MaxSequenceNum. The value -2^31 is reserved. When an LS first originates a route into its ITAD, it MUST originate it with a Sequence Number of MinSequenceNum. Each time the route is updated within the ITAD by the originator, the Sequence Number MUST be incremented. If it is ever the case that the sequence number is MaxSequenceNum-1 and it needs to be incremented, then the entry MUST first be purged from the database. See Section 11.1.5. 11.1.5 Purging a Route Within the ITAD To withdraw a route that it originated within the ITAD, an LS includes the route in the WithdrawnRoutes field of an UPDATE message. The Sequence Number MUST be greater than the last valid version of the route. The LS MAY choose to use a sequence number of MaxSequenceNum when withdrawing routes within its ITAD, but this is not required. An LS MUST retain a withdrawn route in its Adj-CRIB-In until it has received an acknowledgement from each of its peers. An LS receiving a withdrawn route MUST acknowledge the withdrawn route to the sender by including the withdrawn route in the WithdrawnRoutes field of an UPDATE message sent back to the sender, where the WithdrawnRoutes attribute has the Acknowledge Flag set. The acknowledgement may be immediate and not include any other information (ReachableRoutes) in the UPDATE, or the acknowledgement may be sent as part of the next UPDATE to the peer. An LS MUST not ensure that the acknowledgement is `timely', where the exact definition of timely is left to the implementation. 11.1.6 Receiving Self-Originated Routes It is common for an LS to receive UPDATES for routes it originated within the ITAD via the flooding procedure. If the LS receives an UPDATE for a route that it originated that is newer than the LSs current version, then special actions must be taken. This should be a relatively rare occurrence and indicates that a route still exists within the ITAD since the LSs last restart/reboot. If an LS receives a self-originated route update that is newer than the current version of the route at the LS, then the following actions MUST be taken. If the LS still wishes to advertise the information in the route, then the LS MUST re-originate the increase the Sequence Number of the route to a value greater than that received in the UPDATE and re-originate the route. If the LS does not wish to still advertise the route, then it MUST purge the route as described in Section 11.1.5. Rosenberg, Salama, Squire 48 Internet Draft Telephony Routing over IP October 1999 11.2 Decision Process The Decision Process selects call routes for subsequent advertisement by applying the policies in the local Policy Information Base (PIB) to the call routes stored in its Adj-CRIBs- In. The output of the Decision Process is the set of call routes that will be advertised to all peers; the selected call routes will be stored in the local LS's Adj-CRIBs-Out. The selection process is formalized by defining a function that takes the attributes of a given call route as an argument and returns a non-negative integer denoting the degree of preference for the call route. The function that calculates the degree of preference for a given call route shall not use as its inputs any of the following: the existence of other call routes, the non- existence of other call routes, or the attributes of other call routes. Call route selection then consists of individual application of the degree of preference function to each feasible call route, followed by the choice of the one with the highest degree of preference. The Decision Process operates on call routes contained in each Adj- CRIBs-In, and is responsible for: - selection of call routes to be advertised to internal peers - selection of call routes to be advertised to external peers - call route aggregation and call route information reduction The Decision Process takes place in three distinct phases, each triggered by a different event: a) Phase 1 is responsible for calculating the degree of preference for each call route received from an external peer, and for advertising to all the internal peers the call routes from external peers that have the highest degree of preference for each distinct destination. b) Phase 2 is invoked on completion of phase 1. It is responsible for choosing the best call route out of all those available for each distinct destination, and for installing each chosen call route into the Loc-CRIB. c) Phase 3 is invoked after the Loc-CRIB has been modified. It is responsible for disseminating call routes in the Loc-CRIB to each external peer, according to the policies contained in the PIB. Call route aggregation and information reduction can optionally be performed within this phase. 11.2.1 Phase 1: Calculation of Degree of Preference Rosenberg, Salama, Squire 49 Internet Draft Telephony Routing over IP October 1999 The Phase 1 decision function shall be invoked whenever the local LS receives from a peer an UPDATE message that advertises a new call route, a replacement call route, or a withdrawn call route. The Phase 1 decision function is a separate process which completes when it has no further work to do. The Phase 1 decision function shall lock an Adj-CRIB-In prior to operating on any call route contained within it, and shall unlock it after operating on all new or replacement call routes contained within it. For each newly received or replacement call route, the local LS MUST determine a degree of preference. If the call route is learned from an internal peer, the value of the LocalPreference attribute MUST be taken as the degree of preference. If the call route is learned from an external peer, then the degree of preference MUST be computed based on preconfigured policy information and used as the LocalPreference value in any intra-domain TRIP advertisement. The exact nature of this policy information and the computation involved is a local matter. The local LS MUST then run the internal update process of 11.3.1 to select and advertise the most preferable call routes. The output of the degree of preference determination process is the local preference of a call route. The local LS computes the local preference of call routes learned from external peers or originated internally at that LS. The local preference of a call route learned from an internal peer is included in the LocalPreference attribute associated with that call route. 11.2.2 Phase 2: Call Route Selection The Phase 2 decision function shall be invoked on completion of Phase 1. The Phase 2 function is a separate process which completes when it has no further work to do. The Phase 2 process MUST consider all call routes that are present in the Adj-CRIBs-In, including those received from both internal and external peers. The Phase 2 decision function MUST be blocked from running while the Phase 3 decision function is in process. The Phase 2 function MUST lock all Adj-CRIBs-In prior to commencing its function, and MUST unlock them on completion. If the LS determines that the NextHopServer listed in a call route is unreachable, then the call route MAY be excluded from the Phase 2 decision function. The means by which such a determination is made is not mandated here. For each set of destinations for which a call route exists in the Adj-CRIBs-In, the local LS MUST identify the call route that has: Rosenberg, Salama, Squire 50 Internet Draft Telephony Routing over IP October 1999 a) the highest degree of preference of any call route to the same set of destinations, or b) is selected as a result of the Phase 2 tie breaking rules specified in 11.2.2.1. The local LS MUST then install that call route in the Loc-CRIB, replacing any call route to the same destination that is currently being held in the Loc-CRIB. Withdrawn call routes MUST be removed from the Loc-CRIB and the Adj- CRIBs-In. 11.2.2.1 Breaking Ties (Phase 2) In its Adj-CRIBs-In an LS may have several call routes to the same destination that have the same degree of preference. The local LS can select only one of these call routes for inclusion in the associated Loc-CRIB. The local LS considers all call routes with the same degrees of preference, both those received from internal peers, and those received from external peers. Ties shall be broken by the following algorithm. (a) If the local LS is configured to use the MultiExitDisc attribute to break ties, and the candidate routes differ in the value of the MultiExitDisc attribute, then select the route that has the larger value of MultiExitDisc. (b) If at least one of the routes was advertised by an LS in a neighboring ITAD, then select the route that was advertised by the LS that has the smallest TRIP ID. (c) Otherwise, select the route that was advertised by the internal LS that has the lowest TRIP ID. 11.2.3 Phase 3: Route Dissemination The Phase 3 decision function MUST be invoked on completion of Phase 2, or when any of the following events occur: a) when locally generated call routes learned by means outside of TRIP have changed, and b) when a new LS-to-LS peer connection has been established. The Phase 3 function is a separate process which completes when it has no further work to do. The Phase 3 Call Routing Decision function MUST be blocked from running while the Phase 2 decision function is in process. All call routes in the Loc-CRIB shall be processed into a corresponding entry in the associated Adj-CRIBs-Out. Call route Rosenberg, Salama, Squire 51 Internet Draft Telephony Routing over IP October 1999 aggregation and information reduction techniques (see 11.3.4) MAY optionally be applied. When the updating of the Adj-CRIBs-Out is complete, the local LS MUST run the external update process of 11.3.2. 11.2.4 Overlapping Call Routes When overlapping call routes are present in the same Adj-CRIB-In, the more specific call route shall take precedence, in order from more specific to least specific. The set of destinations described by the overlap represents a portion of the less specific call route that is feasible, but is not currently in use. If a more specific call route is later withdrawn, the set of destinations described by the overlap will still be reachable using the less specific call route. If an LS receives overlapping routes, the Decision Process MUST take into account the semantics of the overlapping routes. In particular, if an LS accepts the less specific route while rejecting the more specific route from the same peer, then the destinations represented by the overlap may not forward along the domains listed in the AdvertisementPath attribute of that route. Therefore, an LS has the following choices: a) Install both the less and the more specific routes b) Install the more specific route only c) Install the non-overlapping part of the less specific route only (that implies de-aggregation) d) Aggregate the two routes and install the aggregated route e) Install the less specific route only f) Install neither route If an LS chooses e), then it SHOULD add AtomicAggregate attribute to the route. A route that carries AtomicAggregate attribute MUST NOT be de-aggregated. That is, the route can not be made more specific. Forwarding along such a route does not guarantee that route traverses only domains listed in the AdvertisementPath of the route. If an LS chooses a), then it MUST NOT advertise the more general route without the more specific route. 11.3 Update-Send Process The Update-Send process is responsible for advertising UPDATE messages to all peers. For example, it distributes the call routes chosen by the Decision Process to other LSs which may be located in either the same ITAD or a neighboring ITAD. Rules for information exchange between peer LSs located in different ITADs are given in Rosenberg, Salama, Squire 52 Internet Draft Telephony Routing over IP October 1999 11.3.2; rules for information exchange between peer LSs located in the same ITAD are given in 11.3.1. Before forwarding routes to peers, an LS MUST determine which attributes should be forwarded along with that route. If an optional non-transitive attribute is unrecognized, it is quietly ignored. If an optional dependent-transitive attribute is unrecognized, and the NextHopServer attribute has been changed by this LS, the unrecognized attribute is quietly ignored. If an optional dependent-transitive attribute is unrecognized, and the NextHopServer attribute has not been modified by this LS, the Partial bit in the attribute flags octet is set to 1, and the attribute is retained for propagation to other TRIP speakers. Similarly, if an optional independent-transitive attribute is unrecognized, the Partial bit in the attribute flags octet is set to 1, and the attribute is retained for propagation to other TRIP speakers. If an optional attribute is recognized, and has a valid value, then, depending on the type of the optional attribute, it is updated, if necessary, for possible propagation to other TRIP speakers. 11.3.1 Internal Updates The Internal update process is concerned with the distribution of call routing information to internal peers. When an LS receives an UPDATE message from another BGP speaker located in its own autonomous system, it is flooded as described in Section 11.1. When an LS receives a new route from an LS in a neighboring ITAD, it MUST advertise that route to all other LSs in its ITAD by means of an UPDATE message if the new route has the highest degree of preference for all routes to some destination received from external peers by that LS, or if the route was selected via a tie-breaking procedure as specified in 11.3.1.1). When an LS receives an UPDATE message with a non-empty WithdrawnRoutes attribute from an external peer, the LS MUST remove from its Adj-RIB-In all routes whose destinations were carried in this field. The LS MUST take the following additional steps: 1) if the route had not been previously advertised, then no further action is necessary 2) if the route had been previously advertised, then: i) if a new route is selected for advertisement for those destinations, then the local LS MUST advertise the replacement route Rosenberg, Salama, Squire 53 Internet Draft Telephony Routing over IP October 1999 ii) if a replacement route is not available for advertisement, then the LS MUST include the destinations of the route in the WithdrawnRoutes attribute of an UPDATE message, and MUST send this message to each internal peer. All routes that are advertised MUST be placed in the appropriate Adj-RIBs-Out, and all routes that are withdrawn MUST be removed from the Adj-RIBs-Out. 11.3.1.1 Breaking Ties (Internal Updates) If a local LS has connections to several external peers, there will be multiple Adj-CRIBs-In associated with these peers. These Adj- CRIBs-In might contain several equally preferable call routes to the same destination, all of which were advertised by external peers. The local LS shall select one of these routes according to the following rules: (a) If the LS is configured to use the MultiExitDisc attribute to break ties, and the candidate routes differ in the value of the MultiExitDisc attribute, then select the route that has the lowest value of MultiExitDisc, else (b) Select the route that was advertised by the external LS that has the lowest TRIP Identifier. 11.3.2 External Updates The external update process is concerned with the distribution of routing information to external peers. As part of Phase 3 call route selection process, the LS has updated its Adj-CRIBs-Out. All newly installed call routes and all newly unfeasible call routes for which there is no replacement call route shall be advertised to external peers by means of UPDATE messages. Any routes in the Loc-CRIB marked as withdrawn shall be removed. Changes to the reachable destinations within its own ITAD shall also be advertised in an UPDATE message. 11.3.3 Controlling Routing Traffic Overhead The TRIP protocol constrains the amount of call routing traffic (that is, UPDATE messages) in order to limit both the link bandwidth needed to advertise UPDATE messages and the processing power needed by the Decision Process to digest the information contained in the UPDATE messages. 11.3.3.1 Frequency of Call Route Advertisement The parameter MinCallRouteAdvertisementInterval determines the minimum amount of time that must elapse between advertisement of call routes to a particular destination from a single LS. This rate Rosenberg, Salama, Squire 54 Internet Draft Telephony Routing over IP October 1999 limiting procedure applies on a per-destination basis, although the value of MinCallRouteAdvertisementInterval is set on a per LS peer basis. Two UPDATE messages sent from a single LS that advertise feasible call routes to some common set of destinations received from external peers must be separated by at least MinCallRouteAdvertisementInterval. Clearly, this can only be achieved precisely by keeping a separate timer for each common set of destinations. This would be unwarranted overhead. Any technique which ensures that the interval between two UPDATE messages sent from a single LS that advertise feasible call routes to some common set of destinations received from external peers will be at least MinCallRouteAdvertisementInterval, and will also ensure a constant upper bound on the interval is acceptable. Since fast convergence is needed within an autonomous system, this procedure does not apply for call routes received from other internal peers. To avoid long-lived black holes, the procedure does not apply to the explicit withdrawal of routes (that is, routes whose destinations explicitly withdrawn by UPDATE messages. This procedure does not limit the rate of call route selection, but only the rate of call route advertisement. If new call routes are selected multiple times while awaiting the expiration of MinCallRouteAdvertisementInterval, the last call route selected shall be advertised at the end of MinCallRouteAdvertisementInterval. 11.3.3.2 Frequency of Route Origination The parameter MinITADOriginationInterval determines the minimum amount of time that must elapse between successive advertisements of UPDATE messages that report changes within the advertising LS's own ITAD. 11.3.3.3 Jitter To minimize the likelihood that the distribution of TRIP messages by a given LS will contain peaks, jitter should be applied to the timers associated with MinITADOriginationInterval, Keepalive, and MinCallRouteAdvertisementInterval. A given LS shall apply the same jitter to each of these quantities regardless of the destinations to which the updates are being sent; that is, jitter will not be applied on a "per peer" basis. The amount of jitter to be introduced shall be determined by multiplying the base value of the appropriate timer by a random factor which is uniformly distributed in the range from 0.75 to 1.0. 11.3.4 Efficient Organization of Routing Information Rosenberg, Salama, Squire 55 Internet Draft Telephony Routing over IP October 1999 Having selected the call routing information which it will advertise, a TRIP speaker may avail itself of several methods to organize this information in an efficient manner. 11.3.4.1 Information Reduction Information reduction may imply a reduction in granularity of policy control - after information is collapsed, the same policies will apply to all destinations and paths in the equivalence class. The Decision Process may optionally reduce the amount of information that it will place in the Adj-CRIBs-Out by any of the following methods: a) The Destination Set (ReachableRoutes): A set of destinations can be usually represented in compact form. For example, a set of E.164 phone numbers can be represented in more compact form using E.164 prefixes. b) AdvertisementPaths: Advertisement path information can be represented as ordered AP_SEQUENCEs or unordered AP_SETs. AP_SETs are used in the call route aggregation algorithm described in 11.2.4.2. They reduce the size of the AP_PATH information by listing each ITAD number only once, regardless of how many times it may have appeared in multiple advertisement paths that were aggregated. An AP_SET implies that the destinations advertised in the UPDATE message can be reached through paths that traverse at least some of the constituent ITADs. AP_SETs provide sufficient information to avoid call routing information looping; however their use may prune potentially feasible paths, since such paths are no longer listed individually as in the form of AP_SEQUENCEs. In practice this is not likely to be a problem, since once an call arrives at the edge of a group of ITADs, the LS at that point is likely to have more detailed path information and can distinguish individual paths to destinations. 11.3.4.2 Aggregating Call Routing Information Aggregation is the process of combining the characteristics of several different call routes in such a way that a single call route can be advertised. Aggregation can occur as part of the decision process to reduce the amount of call routing information that will be placed in the Adj-CRIBs-Out. Aggregation reduces the amount of information that an LS must store and exchange with other LSs. Call routes can be aggregated by applying the following procedure separately to attributes of like type. Rosenberg, Salama, Squire 56 Internet Draft Telephony Routing over IP October 1999 Call routes that have the following attributes shall not be aggregated unless the corresponding attributes of each call route are identical: MultiExitDisc, NextHopServer. Attributes that have different type codes can not be aggregated together. Attributes of the same type code may be aggregated. The rules for aggregating each attribute MUST be provided together with attribute definition. For example, aggregation rules for TRIP's basic attributes, e.g., ReachableRoutes and AdvertisementPath, are given in 6. 11.4 Call Route Selection Criteria Generally speaking, additional rules for comparing call routes among several alternatives are outside the scope of this document. There are two exceptions: - If the local ITAD appears in the AdvertisementPath of the new call route being considered, then that new call route cannot be viewed as better than any other call route. If such a call route were ever used, a call routing loop could result (see Section 7.3). - In order to achieve successful distributed operation, only call routes with a likelihood of stability can be chosen. Thus, an ITAD must avoid using unstable call routes, and it must not make rapid spontaneous changes to its choice of call route. Quantifying the terms "unstable" and "rapid" in the previous sentence will require experience, but the principle is clear. 11.5 Originating TRIP routes An LS may originate TRIP call routes by injecting call routing information acquired by some other means (e.g. via an intra-domain call routing protocol or through manual configuration or some dynamic registration mechanism/protocol) into TRIP. An LS that originates TRIP routes shall assign the degree of preference to these call routes by passing them through the Decision Process (see Section 11.2). These call routes may also be distributed to other LSs within the local ITAD as part of the Internal update process (see Section 11.3.1). The decision whether to distribute non-TRIP acquired routes within an ITAD via TRIP or not depends on the environment within the ITAD (e.g. type of intra-domain call routing protocol) and should be controlled via configuration. 12. TRIP Transport Rosenberg, Salama, Squire 57 Internet Draft Telephony Routing over IP October 1999 This specification defines the use of TCP as the transport layer for TRIP. TRIP uses TCP port XXX. Running TRIP over other transport protocols is for further study. Note: We need to get a TCP port for TRIP. Appendix 1. TRIP FSM State Transitions and Actions This Appendix discusses the transitions between states in the TRIP FSM in response to TRIP events. The following is the list of these states and events when the negotiated Hold Time value is non-zero. TRIP States: 1 - Idle 2 - Connect 3 - Active 4 - OpenSent 5 - OpenConfirm 6 - Established TRIP Events: 1 - TRIP Start 2 - TRIP Stop 3 - TRIP Transport connection open 4 - TRIP Transport connection closed 5 - TRIP Transport connection open failed 6 - TRIP Transport fatal error 7 - ConnectRetry timer expired 8 - Hold Timer expired 9 - KeepAlive timer expired 10 - Receive OPEN message 11 - Receive KEEPALIVE message 12 - Receive UPDATE messages 13 - Receive NOTIFICATION message The following table describes the state transitions of the TRIP FSM and the actions triggered by these transitions. Event Actions Message Sent Next State -------------------------------------------------------------------- Idle (1) 1 Initialize resources none 2 Start ConnectRetry timer Initiate a transport connection others none none 1 Connect(2) 1 none none 2 3 Complete initialization OPEN 4 Rosenberg, Salama, Squire 58 Internet Draft Telephony Routing over IP October 1999 Clear ConnectRetry timer 5 Restart ConnectRetry timer none 3 7 Restart ConnectRetry timer none 2 Initiate a transport connection others Release resources none 1 Active (3) 1 none none 3 3 Complete initialization OPEN 4 Clear ConnectRetry timer 5 Close connection 3 Restart ConnectRetry timer 7 Restart ConnectRetry timer none 2 Initiate a transport connection others Release resources none 1 OpenSent(4) 1 none none 4 4 Close transport connection none 3 Restart ConnectRetry timer 6 Release resources none 1 10 Process OPEN is OK KEEPALIVE 5 Process OPEN failed NOTIFICATION 1 others Close transport connection NOTIFICATION 1 Release resources OpenConfirm (5) 1 none none 5 4 Release resources none 1 6 Release resources none 1 9 Restart KeepAlive timer KEEPALIVE 5 11 Complete initialization none 6 Restart Hold Timer 13 Close transport connection 1 Release resources others Close transport connection NOTIFICATION 1 Release resources Established (6) 1 none none 6 4 Release resources none 1 6 Release resources none 1 9 Restart KeepAlive timer KEEPALIVE 6 11 Restart Hold Timer KEEPALIVE 6 12 Process UPDATE is OK UPDATE 6 Process UPDATE failed NOTIFICATION 1 13 Close transport connection 1 Release resources others Close transport connection NOTIFICATION 1 Release resources ----------------------------------------------------------------- Rosenberg, Salama, Squire 59 Internet Draft Telephony Routing over IP October 1999 The following is a condensed version of the above state transition table. Events| Idle | Connect | Active | OpenSent | OpenConfirm | Estab | (1) | (2) | (3) | (4) | (5) | (6) |------------------------------------------------------------- 1 | 2 | 2 | 3 | 4 | 5 | 6 | | | | | | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | 3 | 1 | 4 | 4 | 1 | 1 | 1 | | | | | | 4 | 1 | 1 | 1 | 3 | 1 | 1 | | | | | | 5 | 1 | 3 | 3 | 1 | 1 | 1 | | | | | | 6 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | 7 | 1 | 2 | 2 | 1 | 1 | 1 | | | | | | 8 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | 9 | 1 | 1 | 1 | 1 | 5 | 6 | | | | | | 10 | 1 | 1 | 1 | 1 or 5 | 1 | 1 | | | | | | 11 | 1 | 1 | 1 | 1 | 6 | 6 | | | | | | 12 | 1 | 1 | 1 | 1 | 1 | 1 or 6 | | | | | | 13 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | -------------------------------------------------------------- Appendix 2. Implementation Recommendations This section presents some implementation recommendations. A.2.1. Multiple Networks Per Message The TRIP protocol allows for multiple address prefixes with the same advertisement path and next-hop server to be specified in one message. Making use of this capability is highly recommended. With one address prefix per message there is a substantial increase in overhead in the receiver. Not only does the system overhead increase due to the reception of multiple messages, but the overhead of scanning the call routing table for updates to TRIP peers is incurred multiple times as well. One method of building messages containing many address prefixes per advertisement path and next hop from a call routing table that is not organized per advertisement path is to build many messages as the call routing table is scanned. Rosenberg, Salama, Squire 60 Internet Draft Telephony Routing over IP October 1999 As each address prefix is processed, a message for the associated advertisement path and next hop is allocated, if it does not exist, and the new address prefix is added to it. If such a message exists, the new address prefix is just appended to it. If the message lacks the space to hold the new address prefix, it is transmitted, a new message is allocated, and the new address prefix is inserted into the new message. When the entire call routing table has been scanned, all allocated messages are sent and their resources released. Maximum compression is achieved when all the destinations covered by the address prefixes share a next hop server and common attributes, making it possible to send many address prefixes in one 4096-byte message. When peering with a TRIP implementation that does not compress multiple address prefixes into one message, it may be necessary to take steps to reduce the overhead from the flood of data received when a peer is acquired or a significant network topology change occurs. One method of doing this is to limit the rate of updates. This will eliminate the redundant scanning of the call routing table to provide flash updates for TRIP peers. A disadvantage of this approach is that it increases the propagation latency of call routing information. By choosing a minimum flash update interval that is not much greater than the time it takes to process the multiple messages this latency should be minimized. A better method would be to read all received messages before sending updates. A.2.2. Processing Messages on a Stream Protocol TRIP uses TCP as a transport mechanism. Due to the stream nature of TCP, all the data for received messages does not necessarily arrive at the same time. This can make it difficult to process the data as messages, especially on systems where it is not possible to determine how much data has been received but not yet processed. One method that can be used in this situation is to first try to read just the message header. For the KEEPALIVE message type, this is a complete message; for other message types, the header should first be verified, in particular the total length. If all checks are successful, the specified length, minus the size of the message header is the amount of data left to read. An implementation that would "hang" the routing information process while trying to read from a peer could set up a message buffer (4096 bytes) per peer and fill it with data as available until a complete message has been received. A.2.3. Reducing Route Flapping To avoid excessive route flapping a n LS which needs to withdraw a destination and send an update about a more specific or less specific route SHOULD combine them into the same UPDATE message. A.2.4. TRIP Timers Rosenberg, Salama, Squire 61 Internet Draft Telephony Routing over IP October 1999 TRIP employs five timers: ConnectRetry, Hold Time, KeepAlive, MinITADOriginationInterval, and MinCallRouteAdvertisementInterval The suggested value for the ConnectRetry timer is 120 seconds. The suggested value for the Hold Time is 90 seconds. The suggested value for the KeepAlive timer is 30 seconds. The suggested value for the MinITADOriginationInterval is 15 seconds. The suggested value for the MinCallRouteAdvertisementInterval is 30 seconds. An implementation of TRIP MUST allow these timers to be configurable. A.2.5. AP_SET Sorting Another useful optimization that can be done to simplify this situation is to sort the ITAD numbers found in an AP_SET. This optimization is entirely optional. Security Considerations TBD. Rosenberg, Salama, Squire 62 Internet Draft Telephony Routing over IP October 1999 References [1] J. Rosenberg and H. Schulzrinne, "A Framework for a Gateway Location Protocol" IETF Internet Draft, draft-ietf-iptel-gwloc- framework-03.txt, Work in Progress, June 1999. [2] Y. Rekhter and T. Li, "A Border Gateway Protocol 4 (BGP-4)," IETF RFC 1771, March 1995. [3] J. Moy, "Open Shortest Path First Version 2", IETF RFC 2328, April, 1998. [4] J. Luciani, et al, "Server Cache Synchronization Protocol (SCSP)," IETF RFC 2334, April, 1998. [5] International Telecommunication Union, "Visual Telephone Systems and Equipment for Local Area Networks which Provide a Non-Guaranteed Quality of Service," Recommendation H.323, Telecommunication Standardization Sector of ITU, Geneva, Switzerland, May 1996. [6] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP: Session Initiation Protocol," IETF Internet Draft, draft- ietf-mmusic-sip-12.txt, Work in Progress, January 1999. Rosenberg, Salama, Squire 63 Authors' Addresses Jonathan Rosenberg Lucent Technologies, Bell Laboratories 101 Crawfords Corner Rd. Holmdel, NJ 07733 Rm. 4C-526 email: jdrosen@bell-labs.com Hussein F. Salama Cisco Systems Mail Stop SJ-6/3 170 W. Tasman Drive San Jose, CA 95134 email: hsalama@cisco.com Matt Squire Nortel Networks 4309 Emporer Blvd Suite 200 Durham, NC 27703 email: msquire@nortelnetworks.com