Internet Draft R. Cohen Expires: September 2000 Y. Snir draft-ronc-domain-phb-set-ldap-rep-00.txt J. Strassner Cisco Systems March, 2000 LDAP schema for Domain Per Hop Behavior Set Abstract This memo provides an LDAP representation for Domain PHB sets. A Domain PHB set allows the network administrator to control and tune PHB parameters within its DS domain in an abstract form. 1. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). 2. Introduction Domain PHB Sets are defined in [PHBSET]. A Domain PHB set allows the network administrator to control and tune PHB parameters within its DS domain in an abstract form. This memo defines the mapping of the [PHBSET] information model classes to a directory that uses LDAPv3 as its access protocol. This memo fits into the overall framework for representing, deploying, and managing QoS policies being developed by the Policy Framework Working Group. The memo complements the framework built by the core policy schema [PCORE] and the QoS policy schema [PQoS]. Expiration: September 2000 [Page 1] Draft Domain PHB Set LDAP representation February 2000 Implementations that use an LDAP directory as their policy repository SHOULD use the LDAP policy schema defined in this document. This memo refers to [PHBSET] for details and examples of PHB Sets and their mapping to actual device configuration parameters. 3. General discussion on the Directory representation This section discuss the class definitions, specified in the next section, the DIT containment recommended and restriction on the implementation of a set of valid PHBs. 3.1 Naming Conventions Domain PHB sets are part of the QoS extensions to the core schema. The naming conventions for classes and attributes follow the rules and recommendations in [PCORE] and [PQoS]. All class names start with qosPolicy prefix, while attribute names start with qp prefix. Auxiliary classes names end with AuxClass suffix. 3.2 Classes and DIT structure Two classes are used to represent a Domain PHB set. An auxiliary class qosPolicyPHBSetAuxClass that carries global parameters of the PHB set, and a series of qosPolicyPHBClass structural classes, each representing a single PHB in the set. All qosPolicyPHB classes of the set must be located in the Data Information Tree (DIT) directly under the class the qosPolicyPHBSetAuxClass is attached to. PHB sets can be kept in a repository. A repository, modeled in [PCORE] using the structural class policyRepository is a container for reusable objects. A set of reusable PHB Sets can be used as a pre-prepared library of standard and non- standard PHB Sets a network administrator can choose from. A PHB Set can be reused in different QoS Domains. In order to put a PHB Set in a repository qosPolicyPHBSetAuxClass must be attached to the structural class policyInstance. The policy instance carries the name of the reusable PHB set and allows the instantiation of the PHB set object by providing a structural class for attachment. The reason for defining a PHB set class as auxiliary class lies in the general requirement of efficient representation of the policies in an LDAP server. A QoS Domain deploying differential services must include a Domain PHB set that specifies the set of PHBs provisioned in the domain. QoS domain is modeled in [PQoS] by the structural class qosPolicyDomain. There are two possible methods for associating a PHB set with a domain. The qpPHBset attribute of the Expiration: September 2000 [Page 2] Draft Domain PHB Set LDAP representation February 2000 qosPolicyDomain may hold a DN pointer to a PHB set in the repository. The PHB Set can be directly attached to the Domain if there is no need for reusability. In order to be able to build end to end QoS services, the same set of PHBs should be enforced on the entire domain. Nevertheless, in some circumstances a need to fine tune some of the PHB parameters on a smaller scope may be required. For example, modifying the reserved bandwidth on high speed interfaces for a given PHB. To allow overriding the domain PHB set parameters on a smaller scope, PHB sets can either be referenced from the qosPolicyNamedContainers qpPHBSet attribute, or attached to the named containers. Note that the consistency of end to end PHBs is not enforced by the schema, and the applications managing the schema should make sure that overriding does not break end to end behavior. 3.3 Inheritance Hierarchy The following diagram illustrates the class hierarchy of the PHB Set classes relative to the LDAP Core Policy Schema classes and QoS Policy schema classes. top | +--policy (abstract) | +--qosPolicyPHB (abstract) | | | +--qosPolicyPHBClass(structural) | +--qosPolicyPHBSet (auxiliary) | +--qosPolicyPHBSetAuxClass (auxiliary) qosPolicyPHB and qosPolicyPHBSet are defined in the QoS Policy Schema [PQoS]. 4. Class Definitions The formal language for specifying the classes, attributes, DIT structure and containment rules is defined in reference [ATTR]. Note: all attribute, object class, and name form OIDs, and all structure rule integers, are place holders, and syntax OIDs in definitions have been replaced by names for clarity. Expiration: September 2000 [Page 3] Draft Domain PHB Set LDAP representation February 2000 4.1 The Auxiliary class qosPolicyPHBSetAuxClass This class carries global parameters relevant to the entire PHB set and can be attached either to policyInstance when placed in a repository, to a qosPolicyDomain or to a qosPolicyNamedContainer. Class definition: ( NAME 'qosPolicyPHBSetAuxClass' DESC 'The central class for representing a PHB Set enforced on a domain' SUP Policy, qosPolicyPHBSet MAY (qpTotalBufferSize $ qpTotalPacketNum) ) The attributes are defined as follows: ( NAME 'qpTotalBufferSize' DESC 'The total buffer size in bytes available in each network node scheduling interface for queuing packets. This buffer space is shared between the PHBs.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpTotalPacketNum' DESC 'The total number of packets that can be queued on each network interface.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) One of this attribute is needed whenever the network administrator chooses to allocate percentage of the buffer space to each PHB and there is a need to get to definite number of queue and threshold sizes derived from the PHB Set. 4.1 The class qosPolicyPHBClass The qosPolicyPHBClass class represents a single PHB in the PHB Set. The qosPolicyPHBClass is a structural class, that has a single superior in the DIT containment definition, the Structural class qosPolicyPHBSetAuxClass is attached to. The defined scope of the qosPolicyPHBClass is the qosPolicyPHBSetAuxClass namespace. Expiration: September 2000 [Page 4] Draft Domain PHB Set LDAP representation February 2000 The qosPolicyPHBClass inherit the cn (common name) attribute from the abstract Policy class. The cn is used to provide a human friendly name for the PHB. Examples include 'EF', 'Mission Critical', etc. The attribute qpDSCP is used as the RDN for the qosPolicyPHBClass class, in order to enforce uniqueness of DSCP value per PHB. There is no requirement to define qosPolicyPHBClass object for every possible value of DSCP. The classes PolicyElementAuxClass [PCORE] and qosPolicyElementAuxClass [PQoS] can be attached to qosPolicyPHBClass entries to mark these entries as Policy elements and QoS policy elements respectively. This provides an easy selection criteria for efficient retrieval. Class definition: ( NAME 'qosPolicyPHBClass' DESC 'A class representing a single PHB within a PHB Set.' SUP policy, qosPolicyPHB MUST (qpDSCP) MAY (qpSchedulingClass $ qpDefaultClass $ qpImmediateFwrd $ qpReservedBW $ qpFwrdFctr $ qpResrvedPckts $ qpBufferFctr $ qpTrafficType $ qpPcktSize $ qpMaxPerHopDelay) ) For further discussion and examples of the use of each attribute refer to [PHBSET]. The attributes are defined as follows: ( NAME 'qpDSCP' DESC 'A PHB selector. Each PHB must have a distinct DSCP value. DSCP values range between 0..63' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpSchedulingClass' DESC 'A number identifying all PHBs that belong to the same scheduling class. Order of packets must be preserved for all PHB with the same scheduling class.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) Expiration: September 2000 [Page 5] Draft Domain PHB Set LDAP representation February 2000 ( NAME 'qpDefaultClass' DESC 'A Boolean flag that must be set on one and only one of the PHBs in the set. This specifies the default PHB provided to flows with an unspecified PHB selector.' SYNTAX Boolean EQUALITY booleanMatch SINGLE-VALUE ) ( NAME 'qpImmediateFwrd' DESC 'A Boolean flag that specifies whether immediate forwarding of packets belonging to this PHB is required.' SYNTAX Boolean EQUALITY booleanMatch SINGLE-VALUE ) ( NAME 'qpReservedBW' DESC 'Bandwidth in Kb/sec reserved for the behavior aggregate. For PHBs that do not require immediate forwarding, the reserved bandwidth value determines the minimal bandwidth reserved for this service. In immediate forwarding PHBs, the reserved bandwidth indicates the Maximal bandwidth allowed for this behavior aggregate.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpFwrdFctr' DESC 'A percentage of the scheduling resources consumed by the behavior aggregate. This is an alternative representation of the reserved bandwidth field. Within a domain PHB set, a mixed assignment of forwarding factors to some scheduling classes and reserved bandwidth to others classes is allowed. qoFwrdFctr value must be between 0-100' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) Expiration: September 2000 [Page 6] Draft Domain PHB Set LDAP representation February 2000 ( NAME 'qpReservedPckts' DESC 'Number of packets reserved in queue prior to discard. Large values allows sustain of bursts. Within a scheduling class, this parameter specifies the relative drop precedence of PHBs.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpBufferFctr' DESC 'A percentage of the buffer resources kept for this behavior aggregate. This is an alternative representation of the Reserved Packets field. The sum of buffer factors assigned to the scheduling classes is 100%. Within each scheduling class, the buffer factor specifies the relative drop precedence of the PHBs. qpBufferFctr value must be between 0-100' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpTrafficType' DESC 'An enumeration indicating the traffic responsiveness to loss. The defined values for this attribute are elastic (1) and in-elastic (2). SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpPcktSize' DESC 'Typical packet size in bytes of traffic of this behavior aggregate. This parameter is used for example when there is a need to arrive at a byte count representation of reserved packets field.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) ( NAME 'qpMaxPerHopDelay' DESC 'The maximal delay in msecs before a packet of this behavior aggregate is forwarded. This parameter is relevant mostly to immediate forwarding PHBs.' SYNTAX INTEGER EQUALITY integerMatch SINGLE-VALUE ) Expiration: September 2000 [Page 7] Draft Domain PHB Set LDAP representation February 2000 5. Acknowledgments This document is based on the work done by Arthur Zavalkovsky and Nitsan Elffasy in [PHBSET]. 6. Security Considerations Management of PHBs within a DS Domain requires adequate security measures. These measures are outside the scope of this memo and should be covered in the appropriate protocols used for provisioning the network. 7. Intellectual Property Considerations Cisco may have IPR on material contained in this draft. Upon approval by the IESG of the relevant Internet standards track specification and if any patents issue to Cisco or its subsidiaries with claims that are necessary for practicing this standard, any party will be able to obtain the right to implement, use and distribute the technology or works when implementing, using or distributing technology based upon the specific specification(s) under openly specified, reasonable, non -discriminatory terms. 8. Reference [PCORE] J. Strassner, E. Ellesson, B. Moore, Ryan Moats, "Policy Framework LDAP Core Schema", draft-ietf-policy-core-schema-06.txt, November 04 [PHBSET] R. Cohen, A. Zavalkovsky, N. Elffasy, " Domain PHB Set Specification", draft-ronc-domain-phb-set-specification-00.txt, February 2000. [DSARCH] S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss, "An Architecture for Differentiated Services", RFC2475, December 1998 [NEWTERMS] D. Grossman, "New Terminology for Diffserv", draft-ietf-diffserv-new-terms-00.txt, October 1999 [ATTR] Wahl, M., and A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. [PQoS] Y. Snir, Y. Ramberg, J. Strassner, R. Cohen "QoS Policy Schema", draft-ietf-policy-qos-schema-00.txt, March 2000. Expiration: September 2000 [Page 8] Draft Domain PHB Set LDAP representation February 2000 9. Authors' Address Ron Cohen Cisco Systems, Inc. Phone: +972-9-9700064 4 Maskit St. Email: ronc@cisco.com Herzeliya Pituach, Israel 46766 Yoram Snir Cisco Systems, Inc. Phone: +972-9-9700085 4 Maskit St. Email: ysnir@cisco.com Herzeliya Pituach, Israel 46766 John Strassner Cisco Systems, Inc Phone: +1 408-527-1069 170 West Tasman Drive Email: johns@cisco.com San Jose, CA 95134 Expiration: September 2000 [Page 9]