home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
drafts
/
draft_ietf_q_t
/
draft-ietf-rsvp-policy-oops-00.txt
< prev
next >
Wrap
Text File
|
1997-03-20
|
61KB
|
1,741 lines
Internet Draft Shai Herzog
Expiration: Oct. 1997 Dimitrios Pendarakis
File: draft-ietf-rsvp-policy-oops-00.txt Raju Rajan
Roch Guerin
IBM T.J. Watson Research Center
Apr. 1997
Open Outsourcing Policy Service (OOPS) for RSVP
03/19/97
Status of Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
Abstract
This document describes a protocol for exchanging policy information
and decisions between an RSVP-capable router (client) and a policy
server. The OOPS protocol supports a wide range of router
configurations and RSVP implementations, and is compatible with the
RSVP Extensions for Policy Control [Ext].
Shai Herzog et al. Expiration: Oct. 1997 [Page 1]
Internet Draft OOPS: Policy Protocol for RSVP
Table of Contents
1 Overview 4
1.1 Representative OOPS Scenarios .......................... 4
2 Query-Response Protocol 6
2.1 Division of Labor between Client and Server ............ 6
2.1.1 Error Reporting ................................. 7
2.2 State Management ...................................... 8
2.2.1 Client State Information Cached at Server ........ 9
2.2.2 Server State Information Cached at Client ........ 9
2.2.3 State Change Notification ........................ 10
3 Client-Server Communications 10
3.1 Connection Establishment .............................. 10
3.1.1 Secure Communications ............................ 11
3.2 Reliable Communication ................................. 11
3.2.1 Sequence Numbers ................................ 12
3.2.2 Receiver initiated retransmit .................... 12
3.2.3 Keep-Alive Messages ............................. 12
3.2.4 Overhead ........................................ 13
3.3 Connection Termination ................................ 13
3.3.1 Explicit Termination ............................ 13
3.3.2 Implicit Termination ............................ 13
3.3.3 Post Termination ................................. 14
3.3.4 Switching to An Alternative Server .............. 14
4 OOPS Message Format 15
Shai Herzog et al. Expiration: Oct. 1997 [Page 2]
Internet Draft OOPS: Policy Protocol for RSVP
4.1 OOPS Operations ....................................... 16
4.1.1 Null-Notification (a.k.a Keep-Alive) ............. 17
4.1.2 Connection-Initiation-Query ..................... 17
4.1.3 Connection-Accept-Response ...................... 17
4.1.4 Connection-Reject-Response ...................... 18
4.1.5 Bye-Notification ................................ 18
4.1.6 Incoming-Policy-Query ........................... 18
4.1.7 Incoming-Policy-Response ........................ 19
4.1.8 Outgoing-Policy-Query ........................... 19
4.1.9 Outgoing-Policy-Response ........................ 19
4.1.10 Status-Query ................................... 20
4.1.11 Status-Response ................................ 20
4.1.12 Delete-State-Notification ...................... 21
4.1.13 Schedule-RSVP-Notification ..................... 21
4.1.14 Client-Status-Notification ..................... 22
4.1.15 Resend-Notification ............................ 22
4.1.16 Error-Notification ............................. 22
4.2 Fields format ......................................... 23
5 Acknowledgment 25
Shai Herzog et al. Expiration: Oct. 1997 [Page 3]
Internet Draft OOPS: Policy Protocol for RSVP
1. Overview
Open Outsourcing Policy Service (OOPS) is a protocol for exchanging
policy information and decisions between an RSVP-capable router
(client) and a policy server. As the name suggests, OOPS is an
outsourcing protocol which allows the partial or complete delegation
of the task of policy control from the local router to an external
server. Moreover, it is an open protocol in a sense that it does not
define or depend on particular policies; instead, it provides a
framework for adding, modifying and experimenting with new policies
in a modular, plug-n-play fashion.
The OOPS protocol was designed to be compatible with the RSVP
Extensions for Policy Control [Ext], both in the format of RSVP
objects, as well as the set of supported services.
The basic features of OOPS design are as follows:
Asymmetry between client and server
Adding policy support to RSVP may require substantial
modifications to platforms (e.g., routers) which may not have
the required implementation flexibility and/or processing power.
OOPS assumes that the server is more sophisticated than the
client, in terms of processing power and support for diverse
policies.
Support for a wide range of client implementation
The OOPS protocol supports a wide range of client
implementations. At one end of the spectrum, a "dumb" client
may delegate total responsibility to the server for all policy
decisions without even maintaining cached states. At the other
end, smart clients can perform most policy processing locally
and only address the server for a small number of policies and
only when they change (otherwise, cache can be used).
Minimal knowledge of RSVP's processing rules.
The server must be aware of the format of several RSVP objects
and basic RSVP message types. However, it is not required to
understand RSVP's processing rules (e.g., different reservation
styles).
Asynchronicity
Both client and server may asynchronously generate queries or
requests.
Shai Herzog et al. Expiration: Oct. 1997 [Page 4]
Internet Draft OOPS: Policy Protocol for RSVP
TCP for reliable communications
TCP is used as a reliable communication protocol between client
and server.
1.1 Representative OOPS Scenarios
Figure 1 depicts some representative scenarios for policy control
along an RSVP path, as envisioned in OOPS. Nodes A, B and C
belong to one administrative domain AD-1 (advised by policy server
PS-1), while D and E belong to AD-2 and AD-3, respectively.
AD-1 AD-2 AD-3
_______________/\___________ __/\__ __/\__
{ } { } { }
+------+ +------+ +------+ +------+ +------+
+----+ | A | | B | | C | | D | | E | +----+
| S1 |--| RSVP |---| RSVP |---| RSVP |---| RSVP |---| RSVP |--| R1 |
+----+ +------+ +------+ +------+ +------+ +------+ +----+
| LPM | | LPM | | LPM | | LPM |
+------+ +------+ +------+ +------+
\ / |
\ / +------+
\ / |Policy|
\ / |Server|
\ / | PS-2 |
\ / +------+
+------+
|Policy|
|Server|
| PS-1 |
+------+
Figure 1: Policy Control along an RSVP path
The scenario includes four typical node types:
(1) Policy incapable nodes: Node B. (2) Self-sufficient policy
node: Node D is self-sufficient since its local LPM satisfies its
entire policy needs. (It has no need for server advice.) (3)
"Dumb" policy nodes: Node E is an unsophisticated node that lacks
processing power, code support or caching capabilities, and needs
to rely on PS-2 for every policy processing operation. In this
case, the volume of traffic and delay requirements make it
Shai Herzog et al. Expiration: Oct. 1997 [Page 5]
Internet Draft OOPS: Policy Protocol for RSVP
imperative to connect PS-2 to node E by a direct link or a LAN.
(4) "Smart" policy nodes: Nodes A and C include sophisticated
LPMs, in that these nodes can process some policies, and have the
capacity to cache responses from PS-1. In this case, the contact
between the clients and server will be limited to occasional
updates, and PS-1 could be located somewhere in AD-1.
Consider the case where the receiver R1 sends a Resv message
upstream toward sender S1. Assuming that the reservation is
successful, the conceptual flow of policy objects is:
R1 -- E -- ELPM -- PS-2 -- ELPM -- E -- D -- DLPM -- D -- C -- CLPM
-- PS-1 -- CLPM -- C -- B -- A -- ALPM -- PS-1 -- ALPM -- A -- S1.
Of course, other OOPS messages may be exchanged between policy
servers and nodes before authorizing the reservation at individual
nodes.
2. Query-Response Protocol
OOPS is a transaction protocol, in which most communication is in the
form of queries from the client followed by responses from the
server. However, a small portion of the communication may also
consist of queries originating from the server, or of unidirectional
notifications from one entity to another. In this context, it is
important that messages be distinguished by a unique sequence number,
so that responses may identify the query to which they correspond.
This section discusses two fundamental concepts of the OOPS protocol:
(a) flexible division of labor between client and server. (b)
consistent management of client, server and RSVP state.
2.1 Division of Labor between Client and Server
The OOPS protocol allows for a flexible division of
responsibilities between server and client. Processing of policies
(policy elements within POLICY_DATA objects) can be performed by
the server, the client, or by both. The decision on which
policies are to be handled locally and which are to be sent to the
server is always made by the client based on information exchanged
during the connection establishment handshake (see Section 3.1).
Before the client forwards incoming POLICY_DATA objects to the
server (Incoming-Policy-Query) it removes or marks the policy
elements it wishes the server to ignore. (Marking is performed by
changing the policy element P-type to zero.) When forwarding
incoming policy objects, the client may also set header flags to
inform the server that message integrity and/or rsvp hop has been
Shai Herzog et al. Expiration: Oct. 1997 [Page 6]
Internet Draft OOPS: Policy Protocol for RSVP
already checked.
OOPS does not impose limitations on the number of servers
connected to the client; when appropriate, the client could divide
the work along policy lines between several servers, and be
responsible for combining their results. In the rest of this
document we describe the protocol for a single server-client pair.
When the client receives outgoing POLICY_DATA objects in response
to a previous query (Outgoing-Policy-Response) it is responsible
for merging the server response with the locally generated
outgoing POLICY_DATA object. Merging is performed by
concatenating the local and server policy elements and if
necessary, computing some of the POLICY_DATA object fields (e.g.,
length, INTEGRITY, etc.)
When the client receive status results in response to a previous
query (Status-Policy-Response) it is responsible for merging the
results from the server with the local results. The following
rule applies for combining any number of policies, and
specifically, local and server policies:
o When responding to a status query (authorization check),
individual policy handlers may vote to ACCEPT, SNUB or VETO
the request. As their names suggest, a vote of accept
authorizes the request; a snub fails it, but remains
indifferent on its final outcome (i.e., other policies could
provide authorization); a veto vote excludes the possibility
of authorizing the request, even if other policy handlers
cast accept votes.
o The merge result provides an authorization if there is at
least one accept, and no vetoes. [Note 1]
(See [LPM]) for more details).
o The client and/or server should complete their policy
processing even if a veto was cast by some policy. [Note 2]
_________________________
[Note 1] A veto has a stronger semantics than a snub, since it has the
power to forcefully reject a flow regardless of any accept decisions
made by others.
[Note 2] A wide range of policies may not care about the final status
results and should be activated regardless. For instance: a policy that
logs all policy queries.
Shai Herzog et al. Expiration: Oct. 1997 [Page 7]
Internet Draft OOPS: Policy Protocol for RSVP
o Protocol errors are always considered as snubs, and thus,
neutral.
It is recommended (although not required) that all local status
processing at the client be completed before querying the server.
This allows the server to immediately commit the transaction
rather than having to wait until the client is done. (See the
Client-Status-Notification operation.)
2.1.1 Error Reporting
Policy error reporting is policy specific; it is performed by
sending POLICY_DATA objects with specific error objects toward
the originator of the error. The rules governing error
reporting are described in [Ext].
In this document, we discuss only error reporting between the
client and the server, which is intended to help the client
determine whether error reporting is required at all.
There are two types of possible errors; policy errors and
protocol errors. For the purpose of this protocol, policy
errors are considered as legitimate results (e.g., reject) and
not as errors. Protocol errors must be reported as such.
However, since they do not reveal any policy decisions they
should always be considered as snubs (and therefore neutral to
the overall policy decision).
When the client (or server) discovers a protocol error (syntax,
missing parameters, etc.), it is reported alongside and
orthogonal to the status results (accept, reject or veto).
Shai Herzog et al. Expiration: Oct. 1997 [Page 8]
Internet Draft OOPS: Policy Protocol for RSVP
2.2 State Management
In order for policy objects contained in RSVP messages to be
processed quickly and correctly, it is often required that the
results of past policy decisions be cached and maintained at the
LPM or the policy server. Maintenance of policy state must be
done in a manner that is consistent with the division of
responsibility for policy processing between client and server and
with RSVP's state management rules. [Note 3]
The most straightforward method for state maintenance is for the
LPM and the policy server to use the same soft-state mechanism as
the RSVP capable router. Unfortunately, this soft-state approach
has undesirable scaling properties since it requires the client to
contact the server on each refresh period (regardless of state
changes).
An alternative approach is to allow both client and server to use
hard-state mechanisms that could limit the client-server
communication to updates only. This alternative implies that the
client must be capable of recognizing objects that would result in
a change of policy state, as well as being able to translate
between the soft-state provided by RSVP and the hard-state
exchanged with the server.
Thus, we envision one end of the spectrum where a "dumb" client
would use a soft-state approach and simply pass all policy objects
to the server relying on it for all policy processing. The rate
of queries and lack of caching at the client implies the need for
a dedicated, close-by server (PS-2, in our example). As we move
towards the other extreme, clients become smarter, more capable of
caching, and dividing the work between themselves and the server.
Such clients could take advantage of the benefits of hard-state
management, and initiate queries only on actual state updates.
OOPS supports soft and hard state mechanisms seamlessly, as
described in this section. The client determines its desired type
of state management, and communicates it on an object-by-object
basis. A single client can use soft-state for some information,
and hard state for others. Furthermore, the OOPS protocol allows
clients to modify their caching strategies on the fly (without
_________________________
[Note 3] During normal processing, state split between client and server
should remain consistent, and timeout at roughly the same time at RSVP,
the client, and the server.
Shai Herzog et al. Expiration: Oct. 1997 [Page 9]
Internet Draft OOPS: Policy Protocol for RSVP
having to renegotiate with the server). While the protocol does
not impose strategy limitations, a client implementation could
restrict itself to a more modest and simple combination of soft
and hard state.
There are two types of state information that is stored at the
client: (a) client state information that was forwarded to the
server (e.g., policy objects in incoming Path/Resv messages). (b)
server state which is cached at the client (e.g., policy results
computed by the server). The OOPS protocol addresses each of these
types of states:
2.2.1 Client State Information Cached at Server
The client indicates that it desires hard (or soft) state
management of client state information cached at the server by
setting (or resetting) the OOPS_HardState flag in objects sent
to the server. When the client chooses soft-state management
for a particular object, policy state for that object would age
and expire at the server according to the timeout specified in
the object. The client must, therefore, forward each policy
refresh (update or not) to the server, to keep the soft-state
at the server from becoming stale and expiring. On the other
hand, when the client indicates hard-state management, it
assumes responsibility for reliably informing the server on
every policy update. In this case, the state cached at the
server would not expire unless explicitly modified by the
client, or when the communication channel to the client breaks.
The client may refrain from forwarding to the server any policy
objects that are identical to objects previously sent to the
server.
The client may switch between hard and soft states on the fly
by modifying the OOPS_HardState flag while forwarding input to
the server.
2.2.2 Server State Information Cached at Client
The client indicates that it is capable of hard (or soft) state
management of server state information by setting (or
resetting) the OOPS_HardState flag in queries sent to the
server. Here, hard state management refers to the caching of
response results at the client. Soft state management means
that the client, being incapable of caching, would purge them
after usage (one-time, or disposable results).
A non-cached response has no strings attached, but the client
must issue a query each time that responses are needed. When
Shai Herzog et al. Expiration: Oct. 1997 [Page 10]
Internet Draft OOPS: Policy Protocol for RSVP
the server responds to a cached (hard-state) query, it assumes
responsibility to reliably inform the client about any changes
that may occur later to the original results of this query.
The client may rely on cached results as long as the there is
no change in RSVP's state (which includes incoming policy
objects), [Note 4]
and the communication channel with the server is intact.
The client may switch between hard and soft states on the fly
by issuing a new query with a modified flag.
2.2.3 State Change Notification
State change notification is done by resending the same type as
the original message but with the modified state instead.
Client notification example (incoming POLICY_DATA objects for
Resv-X):
Seq# Type Data
--- ---- ----
Client ==> Server: 50 Notify:input Resv-X: PD-1
Time passes; the input POLICY_DATA object associated with
Resv-X changed to PD-2.
Client ==> Server: 90 Notify:input Resv-X: PD-2
Server notification example (status query for reservation
Resv-X):
Seq# Type Data
--- ---- ----
Client ==> Server: 150 Query:status Resv-X
Server ==> Client: 151 Resp :status #150: accept
Time passes; the status of Resv-X changed to "reject".
_________________________
[Note 4] A configurable option may allow the client to use cached
results even when some RSVP state changes. Clearly, there is a trade-
off between fast and accurate policy processing, however, given that the
server is up, and that authorization was already granted previously for
that RSVP flow, some may find it a reasonable policy approach.
Shai Herzog et al. Expiration: Oct. 1997 [Page 11]
Internet Draft OOPS: Policy Protocol for RSVP
Server ==> Client: 205 Resp :status #150: reject
3. Client-Server Communications
This section describes the fundamentals of client-server
communications: connection establishment, communication channel
management, and connection termination.
3.1 Connection Establishment
Connections are always initiated by clients. The client
establishes a TCP connection to its preferred policy server, and
then initiates the OOPS session through a two way handshake.
o Communication Initiation by the Client
The client sends a Connection-Initiation-Query to the server.
This message identifies the client to the server and provides
the basic characteristics of the client.
o Response by the Server
The server responds with a Connection-Accept-Response to
connect to the client. It may also respond with a
Connection-Reject-Response to refuse and disconnect from the
client.
After connection establishment both the client and server
know the set of policies that the client can send to the
server, and which one of them should handle default
(unrecognized) policies. The Keep-Alive period is determined
as the minimum between the two values declared in the
handshake messages.
3.1.1 Secure Communications
The integrity of the communication channel between client and
server is guaranteed by the use of shared-key message digest.
(e.g., keyed MD5). A client, wishing to establish secure
communications adds a "Cookie" to the Connection-Initiation-
Query. The server may respond with a reply Cookie or with an
Error-Description [Note 5]
_________________________
[Note 5] The Error-Description provides reasons for rejecting the secure
communications request.
Shai Herzog et al. Expiration: Oct. 1997 [Page 12]
Internet Draft OOPS: Policy Protocol for RSVP
Shared keys may be obtained from local static configurations or
could be distributed dynamically. The exchange of cookies
provides the client and server with an opportunity for
establishing a temporary shared-key (e.g., from Kerberos) for
the connection length.
Once a shared key is available, each message sent by either
client or server includes an INTEGRITY object as described in
[Bak96]. The format and functionality of the INTEGRITY object
are identical to that of RSVP. The sender client or server
computes the message digest over the entire OOPS message; if
the receiver fails to verify the message, it response with an
error message.
The format of "cookies" is left for future versions of this
document.
3.2 Reliable Communication
We expect TCP to provide us with reliable, in-order delivery of
packets, as well as information on the liveliness of the
communication channel. Given that TCP is responsible for all the
time critical network operations, reliability errors are assumed
to be virtually nonexistent. However, to maintain application-
level reliability, OOPS uses a minimalistic reliability mechanism
using sequence numbers, selective retransmit and keep-alive
messages. This requires no retransmission timeouts, and has low
overhead.
3.2.1 Sequence Numbers
Each OOPS message, except a Resend-Notification, is uniquely
identified by a sequence number [Note 6]
(Mseq). These numbers do not imply any order of execution;
while the server receives messages in-order, it is free to
execute them in any reasonable order. [Note 7]
In addition, each message also carries the sequence number of
the last received message (Rseq). Both client and server begin
communication with Mseq = 0 (the handshake message), and number
consecutive messages in increasing order.
_________________________
[Note 6] Not counting wraparounds
[Note 7] Execution order is implementation and policy specific; any
order that does not violate the policy specific requirements is assumed
to be reasonable.
Shai Herzog et al. Expiration: Oct. 1997 [Page 13]
Internet Draft OOPS: Policy Protocol for RSVP
A transmitted message with Mseq = m is considered to be
acknowledged if m <= Rseq (Rseq from the latest received
message). [Note 8]
The sender must be prepared to retransmit (as requested) any
message that has not been acknowledged yet. Missing, or out-
of-order messages are identified by a gap in sequence numbers
of received messages.
3.2.2 Receiver initiated retransmit
When the receiver (client or server) detects missing messages
it immediately sends an explicit Resend-Notification listing
these messages. The Resend-Notification has a sequence number
0. [Note 9]
Upon receiving the Resend-Notification, the sender must
retransmit all the requested messages before sending new ones.
3.2.3 Keep-Alive Messages
Many platforms provide system support for detecting broken TCP
connections. OOPS can utilize, but does not depend on such
mechanisms. Instead, it relies on Keep-Alive messages to
provide application-level communication-channel verification,
as a server may be in a dysfunctional state while its TCP
connection is still open and viable.
The client sends a Keep-Alive message to the server only after
the receiving channel has been idle for longer than the Keep-
Alive period. The server responds promptly with a Keep-Alive
ack.
3.2.4 Overhead
These reliability mechanisms were designed to be simple and
impose minimal overhead in a busy working environment. When
the client supports a large number of RSVP sessions and has
frequent message exchange with the server, it would not be
_________________________
[Note 8] Mseq <= Rseq should take into account possible wrap-around of
sequence numbers.
[Note 9] Thus, Resend-Notification cannot participate in sequence number
reliability verification. A lost Resend-Notification cannot not be
detected, however, a new one is bound to be triggered sometime again.
Shai Herzog et al. Expiration: Oct. 1997 [Page 14]
Internet Draft OOPS: Policy Protocol for RSVP
sending Keep-Alive messages. Similarly, since TCP is used for
reliable communications, there is a virtually zero probability
that Resend-Notification messages would be required. The only
timer required is for the Keep-Alive period; the timer is reset
on each message arrival and a Keep-Alive message is initiated
only when it expires.
3.3 Connection Termination
This section describes how communication breakdown is handled.
3.3.1 Explicit Termination
The client (or server) may terminate the connection by sending
a Bye-Notification, and wait until either it receives an echoed
Bye-Notification or a Keep-Alive period had passed. In between,
it should ignore incoming messages (and not reset the Keep-
Alive timer).
At the opposite side, when a client (or server) receive a Bye-
Notification message, they should echo it, and close the
connection.
After an explicit termination, both client and server may
cleans up and purges the state related to the closed
connection.
3.3.2 Implicit Termination
The communication channel may be unexpectedly disconnected
because of a misbehaving client or server, network split, or
other reasons. Both client and server must be able to detect
such channel failures and act accordingly.
Consider the case where OOPS is used for quota enforcement.
The server may approve a reservation while debiting X/min from
a local account. If the OOPS communication channel breaks, it
is critical for the server to detect it and stop debiting this
account.
A communication channel is assumed to be disconnected when the
channel was idle (no message was received on it) for over two
Keep-Alive periods.
3.3.3 Post Termination
Soft-state has an inherent cleanup mechanism; when the channel
disconnects, the soft-state would age and eventually expire
Shai Herzog et al. Expiration: Oct. 1997 [Page 15]
Internet Draft OOPS: Policy Protocol for RSVP
based on the same mechanism and refresh-period used by RSVP.
When hard-state is used, cached state is assumed to be valid
unless explicitly modified. However, when the channel
disconnects such an explicit notification is not possible.
Purging all state immediately upon disconnection is not an
acceptable approach since it may cause a disruption of service
before an alternate server is contacted. OOPS uses the
following simple rule:
When the communication channel disconnects, the hard state
associated with it is assumed to be soft-state that was just
refreshed.
Naturally, when any RSVP state changes (e.g., routing changes,
policy input changes, etc.), cached results at the client
should not be used and must be purged.
3.3.4 Switching to An Alternative Server
We assume that the client is provided a list of policy servers
and site specific selection criteria.
A switch to an alternate server may be triggered by a voluntary
disconnection (i.e., Bye-Notification) or an unexpected break
in the communication channel.
During normal operations, the client may wish to switch to an
alternate server (for any reason). The client is advised to
first connect to the new server before sending a Bye-
Notification to the original one. If the communication channel
unexpectedly disconnects, the client should quickly attempt to
connect to an alternate server.
In both cases, after the connection to a new server [Note 10]
is established, the aging cached state from the old server
would be gradually replaced by responses from the new server.
[Note 11]
_________________________
[Note 10] The term "new server" may be the same as the "previous
server"; it may happen that the connection encounters a problem and the
client chooses to disconnected and re-established the connection.
[Note 11] The client could speed-up replacement of cached state by
sending copies of cached input to the server and issuing repeated
queries, on connection establishment (instead of waiting until objects
arrive from RSVP).
Shai Herzog et al. Expiration: Oct. 1997 [Page 16]
Internet Draft OOPS: Policy Protocol for RSVP
As general guidelines, state replacement from a new server
should not cause a disruption of service that would not
otherwise occur (if a new server was not found). [Note 12]
4. OOPS Message Format
OOPS messages serve as a wrapper that may include one or more
protocol operations; this wrapper allows common operation (e.g., MD5
integrity, RSVP_HOPs, protocol version, etc.) to be verified and
performed in one-shot.
+---------------+---------------+---------------+---------------+
| Vers | Flags | op-objs# | Reserved (0) |
+---------------+---------------+---------------+---------------+
| Message Length |
+---------------+---------------+---------------+---------------+
| Message Sequence Number |
+---------------+---------------+---------------+---------------+
| Ack-ed Sequence Number |
+---------------+---------------+---------------+---------------+
| INTEGRITY Object... (optional) |
+---------------+---------------+---------------+---------------+
| List of operations |
+---------------+---------------+---------------+---------------+
Any OOPS message is composed of the following fields:
Version: 8 bits
Protocol version number. The current version is 1.
Flags: 8 bits
0x01 H_Integrity_Checked Integrity already checked by client
0x01 H_Hops_Checked RSVP_HOPs already checked by client
op-objs#: 8 bits
Number of objects included in this message.
Message Length: 32 bits
_________________________
[Note 12] Practically, this means that as long as there is no change in
RSVP messages, the client is advised to choose between cached and new
results in favor of authorizing the request.
Shai Herzog et al. Expiration: Oct. 1997 [Page 17]
Internet Draft OOPS: Policy Protocol for RSVP
The total length of this OOPS message in bytes.
Message Sequence Number: 32 bits
The sequence number of the message being sent.
Ack-ed Sequence Number: 32 bits
The sequence number of the last message received in-order from
the peer entity (client or server).
RSVP INTEGRITY Object (optional): variable length
This object is defined in [Bak96]. It provides a message digest
based on a shared key between the client and sender. The message
digest is calculated over the entire OOPS message.
List of OOPS operations: variable length
Described in the following section.
4.1 OOPS Operations
Each OOPS message may contain multiple OOPS operations each
encapsulating a different query, response or notification. For
example, multiple Incoming-Policy-Queries might be followed by a
Status-Query operation in the same message. Operations within an
OOPS message are sequentially numbered.
Individual OOPS operations have the following header:
+---------------+---------------+---------------+---------------+
| Operation Type| Op. Subtype | Op. Seq# | Flags |
+---------------+---------------+---------------+---------------+
| Length (bytes) |
+---------------+---------------+---------------+---------------+
| | RSVP's Refresh Period |
+---------------+---------------+---------------+---------------+
The operation header has the following fields:
operation Type: 8 bits
The type of OOPS operation.
Operation Subtype: 8 bits
Shai Herzog et al. Expiration: Oct. 1997 [Page 18]
Internet Draft OOPS: Policy Protocol for RSVP
This field can be used to indicate an attribute of the
operation type, such as its version; currently it is always
set to 1.
Operation Sequence Number: 8 bits
The operation sequence number within the message.
Flags: 8 bits
0x01 OOPS_HardState: Hard State (soft-state if not set (0) )
0x02 OOPS_Shared : Resv shared among sources as filter specs
0x02 OOPS_FullList : Last in the set of status queries.
Length: 32 bits
Contains the total operation length in bytes.
RSVP's Refresh Period
The refresh-period RSVP associates with this object.
This remainder of this section describes the set of operations
that may appear in OOPS messages. Many data fields of these
operations are RSVP objects; they are typed in uppercase letters
and their format is defined in [RSVPSP]. The format of other
operations is listed in the following section.
4.1.1 Null-Notification (a.k.a Keep-Alive)
Operation Type = 0, sub-type = 0
<Null-Notification> ::= <Common OOPS header>
This empty or null notification triggers no operation; thus,
can be used as as Keep-Alive signal to test the viability of
the communication channel between client and server (see
Section 3.2.3).
4.1.2 Connection-Initiation-Query
Operation Type = 1, sub-type = 1
<Connection-Initiation-Query> ::= <Common OOPS header>
<Ver> <RSVP-K> <Flags>
<Client-ID>
Shai Herzog et al. Expiration: Oct. 1997 [Page 19]
Internet Draft OOPS: Policy Protocol for RSVP
<Max-Pkt-Size> <Keep-Alive period>
<Class Indicator>
<Cookie>
The client sends this query to establish a connection with a
server. This message is sent following the establishment of a
transport connection (TCP).
4.1.3 Connection-Accept-Response
Operation Type = 2, sub-type = 1
<Connection-Accept-Response> ::= <Common OOPS header>
<Max-Pkt-Size> <Keep-Alive period>
<Policy list>
<Cookie>
The server sends this response to accept a client's connection
connection request.
4.1.4 Connection-Reject-Response
Operation Type = 3, sub-type = 1
<Connection-Reject-Response> ::= <Common OOPS header>
<Error-Description>
The server sends this response to reject a client's connection
initiation. It specifies both reason code and text.
4.1.5 Bye-Notification
Operation Type = 4, sub-type = 1
<Bye-Notification> ::= <Common OOPS header>
This message is used by either client or server to terminate
the OOPS connection. (Section 3.3.1 includes a description of
explicit termination )
4.1.6 Incoming-Policy-Query
Operation Type = 5, sub-type = 1
<Incoming-Policy-Query> ::= <Common OOPS header>
<RSVP MESSAGE TYPE>
<SESSION>
Shai Herzog et al. Expiration: Oct. 1997 [Page 20]
Internet Draft OOPS: Policy Protocol for RSVP
<FILTER_SPEC list> <RSVP_HOP>
<resv_handle> <RESV_FLOWSPEC>
<counter (of in P.D.)>
<in POLICY_DATA objects>
This operation is used to forward POLICY_DATA objects from the
client to the server. Selection between hard and soft state
management is reflected in the OOPS_HardState flag. The other
fields are copied from the PC_InPolicy() function called by
RSVP. (See [Ext]).
4.1.7 Incoming-Policy-Response
Operation Type = 6, sub-type = 1
<Incoming-Policy-Query> ::= <Common OOPS header>
<Query Sequence Number>
<Error-Description>
Incoming-Policy-Response is used ONLY to report protocol errors
(e.g., syntax) found with incoming policy objects. (it is not
used in the normal operation of the protocol).
The <Query Sequence Number> links the response to the original
query.
4.1.8 Outgoing-Policy-Query
Operation Type = 7, sub-type = 1
<Outgoing-Policy-Query> ::= <Common OOPS header>
<RSVP MESSAGE TYPE>
<SESSION>
<FILTER_SPEC list>
<counter (of RSVP_HOPs)>
<RSVP_HOP list>
This operation queries the server for a set of outgoing policy
objects for a set of RSVP_HOPs. The client can choose between
hard and soft state management through the OOPS_HardState flag.
When hard state is selected, the client caches copies of the
outgoing objects and assumes they remain valid unless
explicitly modified by the server.
4.1.9 Outgoing-Policy-Response
Operation Type = 8, sub-type = 1
Shai Herzog et al. Expiration: Oct. 1997 [Page 21]
Internet Draft OOPS: Policy Protocol for RSVP
<Outgoing-Policy-Response> ::= <Common OOPS header>
<Query Sequence Number>
<Counter (of triplets)>
{ <RSVP_HOP>
<Error-Description>
<out POLICY_DATA objects>
} pair list
The <Query Sequence Number> links the response to the original
query.
In the response, the server provides a list of triplets, one
for each outgoing RSVP_HOP (For Path messages, only the LIH
part is significant). Each triplet contains a list of policy
objects for that hop and an error description.
4.1.10 Status-Query
Operation Type = 9, sub-type = 1
<Status_Query> ::= <Common OOPS header>
<RSVP MESSAGE TYPE>
<SESSION>
<FILTER_SPEC_LIST>
<counter (of Triplets)>
{ <LIH> <resv_handle> <RESV_FLOWSPEC> }
This operation queries the server for status results of a list
of LIHs. The client can choose between hard and soft state
management through the OOPS_HardState flag. When hard state is
selected, the client caches the status results and assumes they
remain valid unless explicitly modified by the server.
In the upstream direction (e.g., Resv) status may need to be
checked on multiple LIHs (all reservations for a flow). In such
cases, status queries can be perform separately for each LIH,
once for all LIHs, or anything in between. Flag OOPS_FullList
must be set at the last of status query of the series. [Note
13]
_________________________
[Note 13] When policies are interdependent across LIHs (as when the cost
is shared among downstream receivers), flag OOPS_FullList notifies the
server that the list of reserved LIH is complete and that it can safely
compute the status of these reservations.
Shai Herzog et al. Expiration: Oct. 1997 [Page 22]
Internet Draft OOPS: Policy Protocol for RSVP
4.1.11 Status-Response
Operation Type = 10, sub-type = 1
<Status_Response> ::= <Common OOPS header>
<Query Sequence Number>
<Counter (of triplets)>
{ <LIH>
<Status Result>
<Error-Description>
} pair list
The <Query Sequence Number> links the response to the original
query.
In the response, the server provides a list of triplets, each
of which contains an LIH, status, and any applicable error
results. The set of LIHs is an attribute of the results and
not of the query; the server is allowed to respond with a
superset of LIHs specified in the original query, as in the
following example:
Seq# Type Data
--- ---- ----
Client ==> Server: 150 Query:status Resv-X, LIH={2}
Server ==> Client: 153 Resp :status #150:{2,rej}
Two new reservations arrive, carrying new policy data objects:
Client ==> Server: 160 Query:status Resv-X, LIH={4,7}
Server ==> Client: 169 Resp :status #160:{2,acc;4,acc;7,rej}
4.1.12 Delete-State-Notification
Operation Type = 11, sub-type = 1
<Delete-State-Notification> ::= <Common OOPS header>
<RSVP MESSAGE TYPE>
<SESSION>
<FILTER_SPEC_LIST>
<RSVP_HOP>
<Op-type>
This operation informs the sender about an immediate RSVP
teardown of state caused by PATH_TEAR, RESV_TEAR, routes
change, etc. As a result, the server should ignore the
described state as if it was never received from the client.
Shai Herzog et al. Expiration: Oct. 1997 [Page 23]
Internet Draft OOPS: Policy Protocol for RSVP
Despite its name, this operation can be used to switch between
blockaded and non-blockaded state.
The semantics of this operation is described for PC_DelState()
in [Ext].
4.1.13 Schedule-RSVP-Notification
Operation Type = 12, sub-type = 1
<Schedule-RSVP-Notification> ::= <Common OOPS header>
<RSVP MESSAGE TYPE>
<SESSION>
<FILTER_SPEC list>
<RSVP_HOP>
The operation results in the generation of an outgoing RSVP
message (Path, Resv, etc.) in the client's RSVP. RSVP should
schedule the requested message to the specified RSVP_HOP.
4.1.14 Client-Status-Notification
Operation Type = 13, sub-type = 1
<Client-Status-Notification> ::= <Common OOPS header>
<Query Sequence Number>
<Status Result>
The Client notifies the server about the status results
computed at the client (that may also include results from
other servers, if policy computation is spread among several
servers).
The overall status of an RSVP flow is computed by merging the
client's status report with the server's. The server should not
commit a transaction (e.g., charge an account) before knowing
its final status. The Client-Status-Results operation can be
sent with the query, if the client computed its status prior to
making the query. It can also be sent later, after the server
sent its response to the status query.
4.1.15 Resend-Notification
Operation Type = 14, sub-type = 1
<Resend-Notification> ::= <Common OOPS header>
<Counter (of missing messages)>
<Message sequence number> list
Shai Herzog et al. Expiration: Oct. 1997 [Page 24]
Internet Draft OOPS: Policy Protocol for RSVP
Both client and server may issue a Resend-Messsage request when
they detect missing or out-of-order messages. The Resend-
Notification has message sequence number 0. The message
explicitly lists the sequence numbers of all missing messages.
Notice that since OOPS uses a reliable transmission protocol
this list should never be long. (See Section 3.2).
4.1.16 Error-Notification
Operation Type = 6, sub-type = 1
<Error-Notification> ::= <Common OOPS header>
<Message Sequence Number>
<Error-Description>
Error-Notification can be used by either client or server to
report errors associated with an entire message (as opposed to
a specific operation). Error-Notification may be triggered by
both syntax or substantive errors (e.g., failure to verify the
integrity of a previous message).
<Message Sequence Number> identified the message that triggered
the error.
Error-Notification is not acked.
4.2 Fields format
o <Ver> <RSVP-K> <Flags>
+---------------+---------------+---------------+---------------+
| Version | RSVP-K | Flags | 0 |
+---------------+---------------+---------------+---------------+
Ver: Currently, version 1.
RSVP-K: The K value used by RSVP as a refresh-period
multiplier.
Flags:
0x01 OOPS_CONNECT_DefaultC Client handles default policies.
o <Max-Pkt-Size><Keep-Alive period>
+---------------+---------------+---------------+---------------+
| Max-Pkt-Size (in KBytes) | Keep-Alive period (in seconds)|
+---------------+---------------+---------------+---------------+
Shai Herzog et al. Expiration: Oct. 1997 [Page 25]
Internet Draft OOPS: Policy Protocol for RSVP
o <Class Indicator>
+---------------+---------------+---------------+---------------+
| Length (total) | Class Code |
+---------------+---------------+---------------+---------------+
| ASCII String ........ 0 Padded to multiples of 32 bits |
+---------------+---------------+---------------+---------------+
o <Client-ID>
Client address, uses the same format as RSVP's FILTER_SPEC
objects.
From the combination of Client-ID and Class-Indicator the
server can learn about the set of policies it is required to
support for this particular client.
o <Cookie>
+---------------+---------------+---------------+---------------+
| Length (total) | Type | 0 |
+---------------+---------------+---------------+---------------+
| Octet String ........ 0 Padded to multiples of 32 bits |
+---------------+---------------+---------------+---------------+
Currently, no values are defined.
o <Policy list>
+---------------+---------------+---------------+---------------+
| Number (or pairs) | 0 |
+---------------+---------------+---------------+---------------+
| From Policy 1 | To Policy 1 |
+---------------+---------------+---------------+---------------+
+---------------+---------------+---------------+---------------+
| From Policy n | To Policy n |
+---------------+---------------+---------------+---------------+
Each "From Policy m" and "To Policy m" pair represent a range
of policies that the server is willing to support.
o <Error-Description>
+---------------+---------------+---------------+---------------+
| Length (*) | Error-Type | Reason Code |
+---------------+---------------+---------------+---------------+
| Error ASCII String .... 0 Padded to multiples of 32 bits |
+---------------+---------------+---------------+---------------+
Shai Herzog et al. Expiration: Oct. 1997 [Page 26]
Internet Draft OOPS: Policy Protocol for RSVP
(*) Length of the overall <Error-Description> in 4 bytes
increments (i.e., length value of X should be interpreted as
X*4 bytes description and an (X-1)*4 bytes Error ASCII
String.
No errors are reported by setting the length to 1 (4 bytes)
and setting the Error-Type to 0.
Detailed Error-Types and Reason-Codes would be defined in
future versions of this document.
o <resv_handle>
+---------------+---------------+---------------+---------------+
| IntServ or Client-Specific Semantics |
+---------------+---------------+---------------+---------------+
The server may use the <resv_handle> to obtain IntServ and
other low-level information about the reservation.
The current version of this document does not define the
semantics of this field. It may be a pointer into some router
specific data structures (proprietary) or an index into mib
records obtainable through SNMP.
o <Query Sequence Number> (and internally, <Message Sequence
Number>)
+---------------+---------------+---------------+---------------+
| <Message Sequence Number> |
+---------------+---------------+---------------+---------------+
| Obj. Seq. Num.| 0 |
+---------------+---------------+---------------+---------------+
o <Counter>
+---------------+---------------+---------------+---------------+
| <Counter> |
+---------------+---------------+---------------+---------------+
o <Status Result>
+---------------+---------------+---------------+---------------+
| Results | 0 |
+---------------+---------------+---------------+---------------+
Results may have one of the following values:
Shai Herzog et al. Expiration: Oct. 1997 [Page 27]
Internet Draft OOPS: Policy Protocol for RSVP
1 : Accept
2 : Snub
3 : Veto
o <Op-Type>
+---------------+---------------+---------------+---------------+
| Mod-Type | 0 |
+---------------+---------------+---------------+---------------+
Op-Type values:
1 : Delete State
2 : Block State
3 : Unblock State
5. Acknowledgment
This document reflects feedback from many other RSVP collaborators.
Shai Herzog et al. Expiration: Oct. 1997 [Page 28]
Internet Draft OOPS: Policy Protocol for RSVP
References
[Bak96] F. Baker. RSVP Cryptographic Authentication "Internet-Draft",
draft-ietf-rsvp-md5-02.txt, 1996.
[RSVPSP] R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin,
Resource ReSerVation Protocol (RSVP) Version 1 Functional
Specification. "Internet-Draft", draft-ietf-RSVPSP-14.[ps,txt],
Nov. 1996.
[Arch] S. Herzog Accounting and Access Control Policies for Resource
Reservation Protocols. "Internet-Draft", draft-ietf-rsvp-policy-
arch-01.[ps,txt], Nov. 1996.
[LPM] S. Herzog Local Policy Modules (LPM): Policy Enforcement for
Resource Reservation Protocols. "Internet-Draft", draft-ietf-rsvp-
policy-lpm-01.[ps,txt], Nov. 1996.
[Ext] S. Herzog RSVP Extensions for Policy Control. "Internet-Draft",
draft-ietf-rsvp-policy-ext-02.[ps,txt], Apr. 1997.
Authors' Address
Shai Herzog Phone: (914) 784-6059
Email: herzog@watson.ibm.com
Dimitrios Pendarakis Phone: (914) 784-7536
Email: dimitris@watson.ibm.com
Raju Rajan Phone: (914) 784-7260
Email: raju@watson.ibm.com
Roch Guerin Phone: (914) 784-7038
Email: guerin@watson.ibm.com
IBM T. J. Watson Research Center
P.O. Box 704
Yorktown Heights, NY 10598
Shai Herzog et al. Expiration: Oct. 1997 [Page 29]
