Internet DRAFT - draft-ietf-rsvp-proxy

draft-ietf-rsvp-proxy



Network Working Group                                        Silvano Gai
Internet Draft                                             Dinesh G Dutt
draft-ietf-rsvp-proxy-03.txt                              Nitsan Elfassy
Expiration Date: September 2002                        Cisco Systems Inc.
                                                            Yoram Bernet 
                                                               Microsoft

                                                              March 2002


                               RSVP Proxy
                          

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress." 

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt. The list of
   Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html. 

   Distribution of this memo is unlimited.


Copyright Notice

   Copyright (C) The Internet Society (1998). All Rights Reserved.



Gai, Dutt, Elfassy, Bernet                                      [Page 1]

RSVP Proxy                                                    March 2002

Abstract

   RSVP has been extended in several directions [POLICY], [RSVP-APPID],
   [DCLASS], [AGGRRSVP], [RSVPDIFF]. These extensions have broadened the
   applicability of RSVP characterizing it as a signaling protocol
   usable both inside and outside the Integrated Services [INTSERV]
   model.

   With the addition of the "Null Service Type" [NULLSERV], RSVP is
   also being adopted by mission critical applications that require some
   form of prioritized service, but cannot quantify their resource
   requirements. In cases where RSVP cannot travel end-to-end, these
   applications may still benefit from reservations that are not truly
   end-to-end, but that are 'proxied' by a network node on the data path
   between the sender and the receiver(s).  

   RSVP Receiver Proxy is an extension to the RSVP message processing
   (not to the protocol itself) in which an intermediate network node
   originates the Resv message on behalf of the receiver(s) identified
   by the Path message. 

   RSVP Sender Proxy involves generating a Path message based on some
   match criteria at a router. For example, a packet filter can be
   installed at a router and the action associated with a match in the
   filter could be to generate a Path message. 

1. Introduction
   
   Network administrators and application developers would sometimes
   like to provide QoS to a flow based on information such as:

   o the type of application to which the flow belongs 
   o a specific transaction within an application to which the flow
     belongs 
   o the user running the application to which the flow belongs

   Typically, such flows belong to applications that cannot quantify
   their traffic characteristics.  

   Since the data packets themselves do not usually carry information
   such as application or user id, an alternative approach is to signal
   this information separately. 

   RSVP [RFC2205] is a well established, standard IETF protocol that is
   used by applications to signal their QoS requirements to the network
   and obtain feedback about the network's ability to provide the
   requested QoS. An existing RFC [RSVP-APPID] defines the objects that
   can be used to carry the application id/sub-id and user-id in an RSVP
   message. Also, ISSLL has defined a new service type called Null
   Service Type [NULLSERV] for use within the IntServ framework. This
   service is intended for applications whose QoS requirements are
   better left to the discretion of the network administrators.

Gai, Dutt, Elfassy, Bernet                                      [Page 2]

RSVP Proxy                                                    March 2002

   However, RSVP as currently defined travels end-to-end i.e. from the
   sender to the receiver and back. For the applications discussed
   above, this end-to-end nature of RSVP is not always applicable. For
   example, it might be that the application has been modified only on
   the sender side to support RSVP; there is no use in forwarding this
   message to the receiver since it does not support RSVP. Another
   example is where RSVP is used only within an administrative domain
   and a provisioned core is used outside of this domain. In such
   situations, RSVP is beneficial only within the administrative domain
   it has been enabled in. An example of this situation is QoS in
   PacketCable[DQOS], where resource reservations are used only within
   the access portion of the network and the core of the network is
   provisioned.

   RSVP Receiver Proxy is proposed to address such situations.

2. RSVP Receiver Proxy

   RSVP Receiver Proxy is a functionality provided by a network device, 
   such as a switch or a router, in which the network device originates 
   the Resv message in response to an incoming Path message, on behalf
   of the receiver(s) identified by the Path message. 

   The generation of the Resv message is done under policy control. 
   Policy control can be performed using policy that has either been
   locally specified or specified by a policy server via a protocol such
   as COPS for RSVP [COPS-RSVP].  

   The proxy functionality does not imply merely generating a single
   Resv message. Proxying the Resv involves installing state in the node
   doing the proxy i.e. the proxying node should act as if it had
   received a Resv from the true endpoint. This involves reserving
   resources (if required), sending periodic refreshes of the Resv
   message and tearing down the reservation if the Path is torn down.

   Optionally, the network device can also be configured to classify the
   packets and mark them with an appropriate DSCP. The codepoint used to
   mark these packets can also be communicated to the sender of the Path
   message via the DCLASS[DCLASS] object carried in the proxy Resv
   message.  

   RSVP Receiver Proxy does not change the "on-the-wire" RSVP protocol.
   It entails only a modification in the processing of the RSVP
   messages.

   RSVP Receiver Proxy can be used with all the service types -
   Controlled Load [CLSVC], Guaranteed Service[GUSVC] and Null Service -
   defined by Integrated Services.

2.1 Processing of other RSVP messages

   Apart from proxying the Resv message, the proxying node must also be

Gai, Dutt, Elfassy, Bernet                                      [Page 3]

RSVP Proxy                                                    March 2002

   modified to handle differently the following RSVP messages:

   o PathTear message is honored and its forwarding behavior is similar
     to a Path message. However, in addition to tearing down the Path
     state, the node must also send a ResvTear and tear down the
     reservation state. 

   o PathErr messages are treated as in normal RSVP. Just as in the case
     of PathTear, if a Resv is being proxied, the PathErr should also
     result in the tear down of the reservation state. 

   Processing of other RSVP messages is similar to existing behavior as
   defined in [RFC2205]. 

2.2 RSVP Receiver Proxy: An Example

   This section illustrates the RSVP Receiver Proxy functionality
   provided by a network device. The description is focussed mainly on
   the two fundamental messages in RSVP, i.e. the Path Message and the
   Resv message. 

   Figure 1 depicts a simple network topology consisting of two hosts H1
   and H2 and four intermediate routers, R1-R4.

                        Path Message ----->
                        <----- Resv Message

    +----+   +----+   +----+   +----+   +----+   +----+   
    | H1 |---| R1 |---| R2 |---| R3 |---| R4 |---| H2 |
    +----+   +----+   +----+   +----+   +----+   +----+   
    
      H1 ----> R1 ----> R2 ----> R3 ----> R4 ----> H2  Case A: Normal
                                                   |   RSVP Processing
                                                   v 
      H1 <---- R1 <---- R2 <---- R3 <---- R4 ----> H2        
    
    
      H1 ----> R1 
                |                       Case B: RSVP Receiver Proxy
                v
      H1 <---- R1 
    
    
      Hx: Host x
      Ry: Router y
    
   Figure 1: Possible Message Forwarding Behaviors in RSVP
    
   In Figure 1, case A illustrates the normal RSVP message processing. 
   The Path message is generated by H1, is destined to H2, and it gets
   to H2 from H1 via R1, R2, R3 and R4. The Resv message uses the

Gai, Dutt, Elfassy, Bernet                                      [Page 4]

RSVP Proxy                                                    March 2002

   reverse of the path setup by the Path message and goes hop-by-hop
   from H2 to H1.  

   With RSVP Receiver Proxy (case B) the RSVP Path message is terminated
   by the router R1 acting as a proxy for H2.

   A possible sequence of steps is:

   o An application on H1 indicates to the RSVP subsystem that it is a 
     sender wishing to use RSVP. It might specify additional parameters
     such as traffic characteristics and application specific
     information.   

   o This causes the RSVP subsystem on H1 to start transmitting RSVP
     Path messages in accordance with normal RSVP/SBM rules. 

   o The first hop network device (R1) receives this message and applies
     policy control to decide how to process this message. 

   o The policy specifies a decision to not forward the Path message,
     but instead to proxy a Resv on behalf of H2. Additionally, the
     policy could specify the list of objects that need to be sent in
     the Resv message. One such additional object is the DCLASS
     object. Further, the policy could specify a DSCP that the
     network device (R1) must mark the flow identified by the Path
     message. 

   o On receiving the Resv message, if the DCLASS object is specified
     the message, H1 can mark the packets of the traffic flow signaled,
     according to the DSCP specified in the DCLASS object.  

3. RSVP Sender Proxy

   Just as a network device can proxy a Resv message on behalf of a
   receiver, it can also be made to proxy a Path message on behalf of a
   sender. However the trigger that determines when a network device
   must generate a proxy Path message is potentially outside the RSVP
   subsystem. One mechanism for example, would be to install filter
   entries in the network device such that if an incoming flow matched
   one of the filters, the device would start generating a proxy Path 
   message. At this point, it could potentially contact a policy server
   or use local policy in determining the behavior and contents of the
   proxy Path message. 

   The device generating the Path message must correctly terminate the
   Resv, ResvTear and PathErr messages.

4. Where To Proxy

   In the example described in section 3, the Receiver Proxy
   functionality was placed in the network device that was the first hop

Gai, Dutt, Elfassy, Bernet                                      [Page 5]

RSVP Proxy                                                    March 2002

   from the sender of the Path message. This is one possibility, not
   a requirement. While designing a network, the following trade-offs
   should be considered:
   
   o In case of Receiver Proxy, proxying farther from the sender of the
     Path message enables additional downstream network elements to
     benefit from the information carried in the signaling messages, and
     to participate in the response. For example, if some receivers are
     located off low-bandwidth links and other receivers off
     high-bandwidth links, the QoS to be applied could be different for
     the different receivers.

   o The proxying might be done at the boundary of an access network and
     a core network as in the case of PacketCable. 

   o In case of Receiver Proxy, proxying closer to the sender results in
     a lower the latency experienced by the sender between the
     generation of the Path message and the receipt of the Resv
     message. This lower latency might be desirable to some
     applications. 

   The network administrator must take into account such factors in
   deciding where to place the proxy.

5. Security Considerations

   The security considerations related to proxying are similar to those
   raised with respect to RSVP (section 2.8 in [RFC2205]). Specifically,
   the main concern in using a proxy is to ensure that unauthorized
   nodes do not mount a denial of service attack or cause theft of
   service by generating proxy RSVP messages on behalf of either a
   receiver or a sender. The problem is addressed via router to router 
   authentication and using the INTEGRITY object [RFC 2747] in RSVP
   messages. Security policy enforcement can further prevent such attacks. 

6. Intellectual Property Considerations

   The IETF is being notified of intellectual property rights claimed in
   regard to some or all of the specification contained in this document. 
   For more information consult the online list of claimed rights.

7. References

   [INTSERV]   R. Braden, D. Clark, S. Shenker, "Integrated Services in
               the Internet Architecture: an Overview," June 1994.

   [RFC2205]   R. Braden, L. Zhang, S. Berson, S. Herzog, S. Jamin,
               "Resource Reservation Protocol (RSVP) Version 1
               Functional Specification", RFC 2205, September 1997.

Gai, Dutt, Elfassy, Bernet                                      [Page 6]

RSVP Proxy                                                    March 2002

   [DIFFSERV]  K. Nichols, S. Blake, F. Baker, D. Black, "Definition of 
               the Differentiated Services Field (DS Field) in the IPv4 
               and IPv6 Headers," RFC 2474, December 1998.

   [CLSVC]     J. Wroclawski, "Specification of the Controlled-Load
               Network Element Service," RFC 2211, September 1997.

   [GUSVC]     S. Shenker, C. Partridge, R. Guerin, "Specification of
               Guaranteed Quality of Service," RFC 2212, September 1997.

   [COPS-RSVP] J. Boyle, R. Cohen, D. Durham, S. Herzog, R. Rajan,
               A. Sastry,  "COPS usage for RSVP," RFC 2749, 
               January 2000. 

   [POLICY]    Shai Herzog, "RSVP Extensions for Policy Control," 
               RFC 2750, January 2000. 

   [RSVPDIFF]  Y. Bernet, R. Yavatkar, et. al., "A Framework For
               Integrated Services Operation Over Diffserv Networks, " 
               RFC 2998, November 2000.

   [RSVP-APPID] Y. Bernet, R. Pabbati, "Application and Sub Application
                Identity Policy Element for Use with RSVP," RFC 2872,
                June 2000. 

   [AGGRRSVP]  F. Baker, C. Iturralde, F. Le Faucheur, B. Davie, 
               "Aggregation of RSVP for IP4 and IP6 Reservations,"
               RFC 3175, September 2001.

   [DCLASS]    Y. Bernet, "Format of the RSVP DCLASS Object",
               RFC 2996, November 2000.

   [NULLSERV]  Y. Bernet, A. Smith, B. Davie, "Specification of the Null
               Service Type," RFC 2997, November 2000.

   [DQOS]      PacketCable Dynamic Quality Of Service Specification, 
               Interim Version,
               http://www.packetcable.com/specs/pkt-sp-dqos-I01-991201.pdf. 

   [RFC2747]   F. Baker, B. Lindell, M.Talwar, "RSVP Cryptographic
               Authentication", RFC 2747, January 2000.

8. Author Information

Silvano Gai
Cisco Systems, Inc.
170 Tasman Dr.
San Jose, CA 95134-1706
Phone: (408) 527-2690
email: sgai@cisco.com


Gai, Dutt, Elfassy, Bernet                                      [Page 7]

RSVP Proxy                                                    March 2002

Dinesh G Dutt
Cisco Systems, Inc.
170 Tasman Dr.
San Jose, CA 95134-1706
Phone: (408) 527-0955
email: ddutt@cisco.com

Nitsan Elfassy
Cisco Systems, Inc.
Cisco Systems, Inc.
170 Tasman Dr.
San Jose, CA 95134-1706
Phone: +972 9 970 0066
email: nitsan@cisco.com

Yoram Bernet
Microsoft
One Microsoft Way,
Redmond, WA 98052
Phone: (425) 936-9568
Email: yoramb@microsoft.com

9. Full Copyright Statement

Copyright (C) The Internet Society (1997). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or 
assist in its implementation may be prepared, copied, published and 
distributed, in whole or in part, without restriction of any kind, 
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing the 
copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing 
Internet standards in which case the procedures for copyrights defined 

in the Internet Standards process must be followed, or as required to 
translate it into languages other than English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 
FITNESS FOR A PARTICULAR PURPOSE.

Gai, Dutt, Elfassy, Bernet                                      [Page 8]