home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
internet-drafts
/
draft-ietf-mhsds-routdirectory-03.txt
< prev
next >
Wrap
Text File
|
1993-07-19
|
117KB
|
3,493 lines
Network Working S.E. Kille
Group ISODE Consortium
INTERNET-DRAFT July 1993
Expires: January 1994
MHS use of Directory to support MHS Routing
Status of this Memo
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other
documents at any time. It is not appropriate to use Internet Drafts
as reference material or to cite them other than as a ``working
draft'' or ``work in progress.''
Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any other Internet
Draft.
Abstract
This document specifies an approach for X.400 Message Handling Systems
to perform application level routing using the OSI Directory [16, 1].
Use of the directory in this manner is fundamental to enabling large
scale deployment of X.400.
This draft document will be submitted to the RFC editor as a protocol
standard. Distribution of this memo is unlimited. Please send
comments to the author or to the discussion group
<mhs-ds@mercury.udev.cdc.com>.
INTERNET--DRAFT MHS Routing using Directory July 1993
Contents
1 Introduction 6
2 Work to be done 6
3 Goals 7
4 Approach 9
5 Direct vs Indirect Connection 10
6 X.400 and RFC 822 13
7 Objects 13
8 Communities 15
9 Routing Trees 16
9.1 Routing Tree Definition . . . . . . . 17
9.2 The Open Community Routing Tree . . . . . 17
9.3 Routing Tree Location . . . . . . . 18
9.4 Example Routing Trees . . . . . . . 18
9.5 Use of Routing Trees to look up Information . . 19
10 Routing Tree Selection 19
10.1 Routing Tree Order . . . . . . . . 20
10.2 Example use of Routing Trees . . . . . . 21
10.2.1 Fully Open Organisation . . . . . 21
10.2.2 Open Organisation with Fallback . . . 21
10.2.3 Minimal-routing MTA . . . . . . 21
10.2.4 Organisation with Firewall . . . . . 21
10.2.5 Well Known Entry Points . . . . . 22
10.2.6 ADMD using the Open Community for Advertising 22
10.2.7 ADMD/PRMD gateway . . . . . . . 22
Kille Expires: January 1994 Page 1
INTERNET--DRAFT MHS Routing using Directory July 1993
11 Routing Information 23
11.1 MTA Choice . . . . . . . . . . 27
11.2 Routing Filters . . . . . . . . . 30
11.3 Indirect Connectivity . . . . . . . 31
12 Local Addresses (UAs) 32
12.1 Searching for Local Users . . . . . . 35
13 Direct Lookup 35
14 Alternate Routes 35
14.1 Finding Alternate Routes . . . . . . . 35
14.2 Sharing routing information . . . . . . 36
15 Looking up Information in the Directory 36
16 Naming MTAs 38
16.1 Naming 1984 MTAs . . . . . . . . . 40
17 Attributes Associated with the MTA 40
18 Bilateral Agreements 40
19 MTA Selection 42
19.1 Dealing with protocol mismatches . . . . . 42
19.2 Supported Protocols . . . . . . . . 42
19.3 MTA Capability Restrictions . . . . . . 43
19.4 Subtree Capability Restrictions . . . . . 43
20 MTA Pulling Messages 44
21 Security and Policy 45
21.1 Finding the Name of the Calling MTA . . . . 45
21.2 Authentication . . . . . . . . . 46
21.3 Authentication Information . . . . . . 48
Kille Expires: January 1994 Page 2
INTERNET--DRAFT MHS Routing using Directory July 1993
22 Policy and Authorisation 50
22.1 Simple MTA Policy . . . . . . . . 50
22.2 Complex MTA Policy . . . . . . . . 51
23 Redirects 52
24 Underspecified O/R Addresses 53
25 Non Delivery 54
26 Bad Addresses 54
27 Submission 56
27.1 Normal Derivation . . . . . . . . 56
27.2 Roles and Groups . . . . . . . . . 56
28 Access Units 56
29 The Overall Routing Algorithm 57
29.1 X.400 Routing . . . . . . . . . 58
29.2 Pseudo Code . . . . . . . . . . 59
29.3 Examples . . . . . . . . . . . 59
30 Performance 59
31 Acknowledgements 59
32 Security Considerations 61
33 Author's Address 61
A Object Identifier Assignment 62
B Community Identifier Assignments 64
C Protocol Identifier Assignments 65
Kille Expires: January 1994 Page 3
INTERNET--DRAFT MHS Routing using Directory July 1993
D ASN.1 Summary 65
E Regular Expression Syntax 65
F X.402 Definitions 65
Kille Expires: January 1994 Page 4
INTERNET--DRAFT MHS Routing using Directory July 1993
List of Figures
1 Location of Routing Trees . . . . . . 18
2 Routing Tree Use Definition . . . . . . 20
3 Routing Information at a Node . . . . . 24
4 Indirect Access . . . . . . . . . 31
5 UA Attributes . . . . . . . . . 32
6 MTA Definitions . . . . . . . . . 39
7 MTA Bilateral Table Entry . . . . . . 41
8 Transport Community Definition . . . . . 42
9 Subtree Capability Restriction . . . . . 44
10 Pulling Messages . . . . . . . . . 45
11 Authentication Requirements . . . . . . 47
12 MTA Authentication Parameters . . . . . 49
13 Simple MTA Policy Specification . . . . . 51
14 Redirect Definition . . . . . . . . 53
15 Non Delivery Information . . . . . . . 54
16 Bad Address Pointers . . . . . . . . 55
17 Access Unit Attributes . . . . . . . 57
18 Object Identifier Assignment . . . . . . 63
19 Transport Community Object Identifier Assignments 64
20 Protocol Object Identifier Assignments . . . 65
List of Tables
1 Possible target end to end delays . . . . 8
Kille Expires: January 1994 Page 5
INTERNET--DRAFT MHS Routing using Directory July 1993
1 Introduction
MHS Routing is the problem of controlling the path of a message as it
traverses one or more MTAs to reach its destination recipients.
Routing starts with a recipient O/R Address, and parameters associated
with the message to be routed. It is assumed that this is known a
priori, or is derived at submission time as described in Section 27.
The key problem in routing is to map from an O/R Address onto an MTA
(next hop). This should be an MTA which in some sense is ``nearer''
to the destination UA. This is done repeatedly until the message can
be directly delivered to the recipient UA. There are a number of
things which need to be considered to determine this. These are
discussed in the subsequent sections. A description of the overall
routing process is given in Section 29.
2 Work to be done
This section notes things which still need to be done to this
document, and also to other documents in the series. This includes:
1. Formalising ASN.1: defining modules and variable imports. (all
documents)
2. Provide pseudo-code to describe the algorithm more clearly
3. Write a general note on MHS Use of Directory, summarising what is
already defined in X.402, and showing how this work relates to it.
4. More examples
5. Notes on performance
6. Acknowledgements
7. Add appendix on regex
8. List of attributes which affect routing
9. Chase through note to ensure Application Process / Application
Entity
Kille Expires: January 1994 Page 6
INTERNET--DRAFT MHS Routing using Directory July 1993
10. Various minor changes marked with *** or as editor's notes
throughout the document
11. Some restructure to improve overall clarity of document.
Sections 18-22 will be the major targets.
3 Goals
Application level routing for MHS is a complex procedure, with many
requirements. The following goals for the solution are set:
o Straightforward to manage. Non-trivial configuration of routing
for current message handling systems is a black art, often
involving gathering and processing many tables, and editing
complex configuration files. Many problems are solved in a very
ad hoc manner. Managing routing for MHS is the most serious
headache for most mail system managers.
o Economic, both in terms of network and computational resources.
o Robust. Errors and out of date information should cause minimal
and local damage.
o Deal with link failures. There should be some ability to choose
alternative routes. In general, the routing approach should be
redundant.
o Load sharing. Information on routes should allow ``equal'' routes
to be specified, and thus facilitate load sharing.
o Support format and protocol conversion
o Dynamic and automatic. There should be no need for manual
propagation of tables or administrator intervention.
o Policy robust. It should not allow specification of policies
which cause undesirable routing effects.
o Reasonably straightforward to implement.
o Deal with X.400, RFC 822, and their interaction.
Kille Expires: January 1994 Page 7
INTERNET--DRAFT MHS Routing using Directory July 1993
_____________________________________________________________
|______________|High_Priority_|Normal_Priority_|Low_Priority_|_
|50%_max_delay_|0.5_hour______|1_hour__________|12_hours_____|
|98%_max_delay_|3_hours_______|12_hours________|24_hours_____|
|max_delay_____|6_hours_______|72_hours________|96_hours_____|
Table 1: Possible target end to end delays
o Extensible to other mail architectures
o Recognise existing RFC 822 routing, and coexist smoothly.
o Improve RFC 822 routing capabilities. This is particularly
important for RFC 822 sites not in the SMTP Internet.
o Deal correctly with different X.400 protocols (P1, P3, P7), and
with 1984 and 1988 versions.
o Support X.400 operation over multiple protocol stacks (TCP/IP,
CONS, CLNS) and in different communities.
o Messages should be routed consistently. Alternate routing
strategies, which might introduce unexpected delay, should be used
with care (e.g. routing through a protocol converter due to
unavailability of an X.400 MTA).
o Delay between message submission and delivery should be minimised.
Table 1 indicates the sort of target which might be aimed for.
The figures are illustrative of the sort of target which might be
set. They are better than achieved in most current Research
Networks. They are larger that the CEN/Cenelec figures, which
were probably written by someone who has never run an MHS Network.
The long tail-offs on Normal and Low priority recognise the fact
that some end systems will not get 24 hour operator coverage
(whereas any MTAs providing ADMD service should). In the case of
a high priority message, a non-delivery notification should be
returned within the suggested time.
o Interact sensibly with ADMD services provided by PTTs or RPOAs.
o Be global in scope
Kille Expires: January 1994 Page 8
INTERNET--DRAFT MHS Routing using Directory July 1993
o Routing strategy should deal with a scale of order of magnitude
106 -- 108 MTAs.
o Routing strategy should deal with of order 106 -- 108
Organisations.
o Information about alterations in topology should propagate rapidly
to sites affected by the change.
o Removal, examination, or destruction of messages by third parties
should be difficult. This is hard to quantify, but ``difficult''
should be comparable to the effort needed to break system security
on a typical MTA system.
o As with current Research Networks, it should be recognised that
prevention of forged mail will not always be possible. However,
this should be as hard as can be afforded.
o Sufficient tracing and logging should be available to track down
security violations and faults.
o Optimisation of routing messages with multiple recipients, in
cases where this involves selection of preferred single recipient
routes.
The following are not initial goals:
o Advanced optimisation of routing messages with multiple
recipients, noting dependencies between the recipients to find
routes which would not have been chosen for any of the single
recipients.
o Dynamic load balancing. The approach does not give a means to
determine load. However, information on alternate routes is
provided, which is the static information needed for load
balancing.
4 Approach
A broad problem statement, and a survey of earlier approaches to the
problem is given in the COSINE Study on MHS Topology and Routing [8].
Kille Expires: January 1994 Page 9
INTERNET--DRAFT MHS Routing using Directory July 1993
The interim (table-based) approach suggested in this study, whilst not
being followed in detail, broadly reflects what the MHS community is
doing. The evolving specification of the RARE table format is defined
in [5]. This document specifies the envisaged longer term approach.
Although this work is important and needed now, there is a coherent
interim approach, and this work should not be rushed.
Some documents have made useful contributions to this work:
o My paper on MHS use of directory, which laid out the broad
approach of mapping the O/R Address space on to the DIT [7].
o The current OSI Standardisation work on MHS use of Directory for
routing. The concept of Routing Entity is a useful one [17].
o The work of the VERDI Project [3].
o Work by Kevin Jordan of CDC [6].
o The routing approach of ACSNet [4, 15] paper. This gives useful
ideas on incremental routing, and replicating routing data.
o A lot of work on network routing is becoming increasingly
relevant. As the MHS routing problem increases in size, and
network routing increases in sophistication (e.g., policy based
routing), the two areas have increasing amounts in common. For
example, see [2].
5 Direct vs Indirect Connection
Two extreme approaches to routing connectivity are:
1. High connectivity between MTAs. An example of this is the way the
Domain Name Server system is used on the DARPA/NSF Internet.
Essentially, all MTAs are fully interconnected.
2. Low connectivity between MTAs. An example of this is the UUCP
network.
In general an intermediate approach is desirable. Too sparse a
connectivity is inefficient, and leads to undue delays. However, full
connectivity is not desirable, for the reasons discussed below.
Kille Expires: January 1994 Page 10
INTERNET--DRAFT MHS Routing using Directory July 1993
A number of general issues related to relaying are now considered.
The reasons for avoiding relaying are clear. These include.
o Efficiency. If there is an open network, it should be used.
o Extra hops introduce delay, and increase the (very small)
possibility of message loss. As a basic principle, hop count
should be minimised.
o Busy relays or Well Known Entry points can introduce high delay
and lead to single point of failure.
o If there is only one hop, it is straightforward for the user to
monitor progress of messages submitted. If a message is delayed,
the user can take appropriate action.
o Many users like the security of direct transmission. It is an
argument often given very strongly for use of SMTP.
Despite these very powerful arguments, there are a number of reasons
why some level of relaying is desirable:
o Charge optimisation. If there is an expensive network/link to be
traversed, it may make sense to restrict its usage to a small
number of MTAs. This would allow for optimisation with respect to
the charging policy of this link.
o Copy optimisation. If a message is being sent to two remote MTAs
which are close together, it is usually optimal to send the
message to one of the MTAs (for both recipients), and let it pass
a copy to the other MTA.
o To access an intermediate MTA for some value added service. In
particular for:
-- Message Format Conversion
-- Distribution List expansion
o Dealing with different protocols. The store and forward approach
allows for straightforward conversion. Relevant cases include:
Kille Expires: January 1994 Page 11
INTERNET--DRAFT MHS Routing using Directory July 1993
-- Provision of X.400 over different OSI Stacks (e.g.
Connectionless Network Service).
-- Use of a different version of X.400.
-- Interaction with non-X.400 mail services
o To compensate for inadequate directory services: If tables are
maintained in an ad hoc manner, the manual effort to gain full
connectivity is too high.
o To hide complexity of structure. If an organisation has many
MTAs, it may still be advantageous to advertise a single entry
point to the outside world. It will be more efficient to have an
extra hop, than to (widely) distribute the information required to
connect directly. This will also encourage stability, as
organisations need to change internal structure much more
frequently than their external entry points. For many
organisations, establishing such firewalls is high priority.
o To handle authorisation, charging and security issues. In
general, it is desirable to deal with user oriented authorisation
at the application level. This is essential when MHS specific
parameters must be taken into consideration. It may well be
beneficial for organisations to have a single MTA providing access
to the external world, which can apply a uniform access policy
(e.g. as to which people are allowed access). This would be
particularly true in a multi-vendor environment, where different
systems would otherwise have to enforce the same policy --- using
different vendor-specific mechanisms.
In summary there are strong reasons for an intermediate approach.
This will be achieved by providing mechanisms for both direct and
indirect connectivity. The manager of a configuration will then be
able to make appropriate choices for the environment.
Two models of managing large scale routing have evolved:
1. Use of a global directory/database. This is the approach proposed
here.
2. Use of a routing table in each MTA, which is managed either by a
management protocol or by directory. This is coupled with means
Kille Expires: January 1994 Page 12
INTERNET--DRAFT MHS Routing using Directory July 1993
to exchange routing information between MTAs. This approach is
more analogous to how network level routing is commonly performed.
It has good characteristics in terms of managing links and dealing
with link related policy. However, it assumes limited
connectivity and does not adapt well to a network environment with
high connectivity available.
6 X.400 and RFC 822
This document defines mechanisms for X.400 routing. It is important
that this can be integrated with RFC 822 base routing, as many MTAs
will work in both communities. This routing document is written with
this problem in mind, and support for RFC 822 routing using the same
basic infrastructure is defined in a companion document [13]. In
addition support for X.400/RFC 822 gatewaying is needed, to support
interaction. Directory based mechanisms for this are defined in [12].
The advantages of the approach defined by this set of specifications
are:
o Uniform management for sites which wish to support both protocols.
o Simpler management for gateways.
o Improved routing services for RFC 822 only sites.
For sites which are only X.400 or only RFC 822, the mechanisms
associated with gatewaying or with the other form of addressing are
not needed.
7 Objects
It is useful to start with a manager's perspective. Here is the set
of object classes used in this specification. It is important that
all information entered relates to something which is being managed.
If this is achieved, configuration decisions are much more likely to
be correct. In the examples, distinguished names are written using
the String Syntax for Distinguished Names [10]. The list of objects
used in this specification is:
Kille Expires: January 1994 Page 13
INTERNET--DRAFT MHS Routing using Directory July 1993
User An entry representing a single human user. This will typically
be named in an organisational context. For example:
CN=Steve Kille, OU=Computer Science,
O=University College London, C=GB
This entry would have associated information, such as telephone
number, postal address, and mailbox.
MTA A Message Transfer Agent. In general, the binding between
machines and MTAs will be complex. Often a small number of MTAs
will be used to support many machines, by use of local approaches
such as NFS. MTAs may support multiple protocols, and will
identify addressing information for each protocol.
To achieve support for multiple protocols, an MTA is modelled as
an Application Process, which is named in the directory. Each MTA
will have one or more associated Application Entities. Each
Application Entity is named as a child of the Application Process,
using a common name which conveniently identifies the Application
Entity relative to the Application Process. Each Application
Entity supports a single protocol, although different Application
Entities may support the same protocol. Where an MTA only
supports one protocol or where the addressing information for all
of the protocols supported have different attributes to represent
addressing information (e.g., P1(88) and SMTP) the Application
Entity(ies) may be represented by the single Application Process
entry.
User Agent (Mailbox) This defines the User Agent (UA) to which mail
may be delivered. This will define the account with which the UA
is associated, and may also point to the user(s) associated with
the UA. It will identify which MTAs1 are able to access the UA.
Role Some organisational function. For example:
CN=System Manager, OU=Computer Science,
O=University College London, C=GB
----------------------------
1. In the formal X.400 model, there will be a single MTA
delivering to a UA. In many practical configurations, multiple MTAs
can deliver to a single UA. This will increase robustness, and is
desirable.
Kille Expires: January 1994 Page 14
INTERNET--DRAFT MHS Routing using Directory July 1993
The associated entry would indicate the occupant of the role.
Distribution Lists There would be an entry representing the
distribution list, with information about the list, the manger,
and members of the list.
8 Communities
There are two basic types of agreement in which an MTA may participate
in order to facilitate routing:
Open Agreements An agreement between a collection of MTAs to behave
in a cooperative fashion to route traffic. This may be viewed as
a general bilateral agreement.
Bilateral Agreements An agreement between a pair of MTAs to route
certain types of traffic. This MTA pair agreement usually
reflects a higher level agreement. It is an important special
case of the first, as bilateral information must be held for the
link at both ends. In some cases, this information must be
private.
It is important to ensure that there are sufficient agreements in
place for all messages to be routed. This will usually be done by
having agreements which correspond to the addressing hierarchy. For
X.400, this is the model where a PRMD connects to an ADMD, and the
ADMD provides the inter PRMD connectivity, by the ability to route to
all other ADMDs. Other agreements may be added to this hierarchy, in
order to improve the efficiency of routing. In general, there may be
valid addresses, which cannot be routed to, either for connectivity or
policy reasons.
We model these two types of agreements as communities. A community is
a scope in which an MTA advertises its services and learns about other
services. Each MTA will:
1. Register its services in one or more communities.
2. Look up services in one or more communities.
Kille Expires: January 1994 Page 15
INTERNET--DRAFT MHS Routing using Directory July 1993
In most cases an MTA will deal with a very small number of communities
--- very often one only. There are a number of different types of
community.
The open community This is a public/global scope. It reflects
routing information which is made available to any MTA which
wishes to use it.
The local community This is the scope of a single MTA. It reflects
routing information private to the MTA. It will contain an MTA's
view of the set of bilateral agreements in which it participates,
and routing information private and local to the MTA.
Hierarchical communities A hierarchical community is a subtree of the
O/R Address tree. For example, it might be a management domain,
an organisation, or an organisational unit. This sort of
community will allow for firewalls to be established. A community
can have complex internal structure, and register a small subset
of that in the open community.
Closed communities A closed community is a set of MTAs which agrees
to route amongst themselves. Examples of this might be ADMDs
within a country, or a set of PRMDs representing the same
organisation in multiple countries.
Formally, a community indicates the scope over which a service is
advertised. In practice, it will tend to reflect the scope of
services offered. It does not make sense to offer a public service,
and only advertise it locally. Public advertising of a private
service makes more sense, and this is shown below. In general, having
a community offer services corresponding to the scope in which they
are advertised will lead to routing efficiency. Examples of how
communities can be used to implement a range of routing policies are
given in Section 10.2.
9 Routing Trees
Communities are a useful abstract definition of the routing approach
taken by this specification. Each community is represented in the
directory as a routing tree. There will be many routing trees
instantiated in the directory. Typically, an MTA will only be
Kille Expires: January 1994 Page 16
INTERNET--DRAFT MHS Routing using Directory July 1993
registered in and make use of a small number of routing trees. In
most cases, it will register in and use the same set of routing trees.
9.1 Routing Tree Definition
Each community has a model of the O/R address space. Within a
community, there is a general model of what to do with a given O/R
Address. This is structured hierarchically, according to the O/R
address hierarchy. A community can register different possible
actions, depending on the depth of match. This might include
identifying the MTA associated with a UA which is matched fully, and
providing a default route for an O/R address where there is no match
in the community --- and all intermediate forms.
The name structure of a routing tree follows the O/R address
hierarchy, which is specified in a separate document [11]. Where
there is any routing action associated with a node in a routing tree,
the node is of object class routingInformation, as defined in
Section 11.
9.2 The Open Community Routing Tree
The routing tree of the open community starts at the root of the DIT.
This routing tree also serves the special function of instantiating
the global O/R Address space in the Directory. Thus, if a UA wishes
to publish information to the world, this hierarchy allows it to do
so.
The O/R Address hierarchy is a registered tree, which may be
instantiated in the directory. Names at all points in the tree are
valid, and there is no requirement that the namespace is instantiated
by the owner of the name. For example, a PRMD may make an entry in
the DIT, even if the ADMD above it does not. In this case, there will
be a ``skeletal'' entry for the ADMD, which is used to hang the PRMD
entry in place. The skeletal entry contains the minimum number of
entries which are needed for it to exist in the DIT (Object Class and
Attribute information needed for the relative distinguished name).
This entry may be placed there solely to support the subordinate
entry, as its existence is inferred by the subordinate entry. Only
the owner of the entry may place information into it. This might be
thought of as directory knowledge information. An analogous situation
in current operational practice is to make DIT entries for Countries
and US States.
Kille Expires: January 1994 Page 17
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
routingTreeRoot OBJECT-CLASS
SUBCLASS OF routingInformation, subtree
::= oc-routing-tree-root
_________________Figure_1:__Location_of_Routing_Trees__________________
9.3 Routing Tree Location
All routing trees follow the same O/R address hierarchy. Routing
trees other than the open community routing tree are rooted at
arbitrary parts of the DIT. These routing trees are instantiated using
the subtree mechanism defined in the companion document ``Representing
Tables and Subtrees in the Directory'' [11]. A routing tree is
identified by the point at which it is rooted. An MTA will use a list
of routing trees, as determined by the mechanism described in
Section 10. Routing trees may be located in either the organisational
or O/R address structured part of the DIT. All routing trees, other
than the open community routing tree, are rooted by an entry of object
class RoutingTreeRoot, as defined in Figure 1.
9.4 Example Routing Trees
Consider routing trees with entries for O/R Address:
PRMD=UK.AC; ADMD=Gold 400; C=GB;
In the open community routing tree, this would have a distinguished
name of:
PRMD=UK.AC, ADMD=Gold 400, C=GB
Consider a routing tree which is private to:
O=University College London, C=GB
They might choose to label a routing tree root ``UCL Routing Tree'',
which would lead to a routing tree root of:
Kille Expires: January 1994 Page 18
INTERNET--DRAFT MHS Routing using Directory July 1993
CN=UCL Routing Tree, O=University College London, C=GB
The O/R address in question would be stored in this routing tree as:
PRMD=UK.AC, ADMD=Gold 400,
C=GB, CN=UCL Routing Tree,
O=University College London, C=GB
9.5 Use of Routing Trees to look up Information
Lookup of an O/R address in a routing tree is done as follows:
1. Map the O/R address onto the O/R address hierarchy described in
[11] in order to generate a Distinguished Name.
2. Append this to the Distinguished Name of the routing tree, and
then look up the whole name.
3. Handling of errors will depend on the application of the lookup,
and is discussed later.
Note that it is valid to look up a null O/R Address, as the routing
tree root may contain default routing information for the routing
tree. This is held in the root entry of the routing tree, which is a
subclass of routingInformation. The open community routing tree does
not have a default.
Routing trees may have aliases into other routing trees. This will
typically be done to optimise lookups from the first routing tree
which a given MTA uses. Lookup needs to take account of this.
10 Routing Tree Selection
The list of routing trees which a given MTA uses will be represented
in the directory. This uses the attribute defined in Figure 2.
This attribute defines the routing trees used by an MTA, and the order
in which they are used. Holding these in the directory eases
configuration management. It also enables an MTA to calculate the
routing choice of any other MTA which follows this specification,
provided that none of its routing trees have access restrictions.
Kille Expires: January 1994 Page 19
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
routingTreeList ATTRIBUTE
WITH ATTRIBUTE-SYNTAX RoutingTreeList
SINGLE VALUE
::= at-routing-tree-list
RoutingTreeList ::= SEQUENCE OF RoutingTreeName
RoutingTreeName ::= DistinguishedName,
________________Figure_2:__Routing_Tree_Use_Definition_________________
This should facilitate debugging routing problems.
10.1 Routing Tree Order
The order in which routing trees are used will be critical to the
operation of this algorithm. A common approach will be:
1. Access one or more shared private routing trees to access private
routing information.
2. Utilise the open routing tree.
3. Fall back to a default route from one of the private routing
trees.
Initially, the open routing tree will be very sparse, and there will
be little routing information in ADMD level nodes. Access to many
services will only be via ADMD services, which in turn will only be
accessible via private links. For most MTAs, the fallback routing
will be important, in order to gain access to an MTA which has the
right private connections configured.
In general, for a site, UAs will be registered in one routing tree
only, in order to avoid duplication. They may be placed into other
routing trees by use of aliases, in order to gain performance. For
some sites, Users and UAs with a 1:1 mapping will be mapped onto
single entries by use of aliases.
Kille Expires: January 1994 Page 20
INTERNET--DRAFT MHS Routing using Directory July 1993
10.2 Example use of Routing Trees
Some examples of how this structure might be used are now given. Many
other combinations are possible to suit organisational requirements.
10.2.1 Fully Open Organisation
The simplest usage is to place all routing information in the open
community routing tree. An organisation will simply establish O/R
addresses for all of its UAs in the open community tree, each
registering its supporting MTA. This will give access to all systems
accessible from this open community.
10.2.2 Open Organisation with Fallback
In practice, some MTAs and MDs will not be directly reachable from the
open community (e.g., ADMDs with a strong model of bilateral
agreements). These services will only be available to
users/communities with appropriate agreements in place. Therefore it
will be useful to have a second (local) routing tree, containing only
the name of the fallback MTA at its root.
Thus, open routing will be tried first, and if this fails the message
will be routed to a single selected MTA.
10.2.3 Minimal-routing MTA
The simplest approach to routing for an MTA is to deliver messages to
associated users, and send everything else to another MTA (possibly
with backup).
An organisation using MTAs with this approach will register its users
as for the fully open organisation. A single routing tree will be
established, with the name of the organisation being aliased into the
open community routing tree. Thus the MTA will correctly identify
local users, but use a fallback mechanism for all other addresses.
10.2.4 Organisation with Firewall
An organisation can establish an organisation community to build a
firewall, with the overall organisation being registered in the open
community. This is an important structure, which cannot be achieved
Kille Expires: January 1994 Page 21
INTERNET--DRAFT MHS Routing using Directory July 1993
easily with current technology (e.g., DNS with MX records).
o Some MTAs are registered in the open community routing tree to
give access into the organisation. This will include the O/R tree
down to the organisational level. Full O/R Address verification
will not take place externally.
o All users are registered in a private (organisational) routing
tree.
o All MTAs in the organisation are registered in the organisation's
private routing tree, and access information in the organisation's
community. This gives full internal connectivity.
o Some MTAs in the organisation access the open community routing
tree. These MTAs take traffic from the organisation to the
outside world. These will often be the same MTAs that are
externally advertised.
10.2.5 Well Known Entry Points
Well known entry points will be used to provide access to countries
and MDs which are oriented to private links. A private routing tree
will be established, which indicates these links. This tree would be
shared by the well known entry points.
10.2.6 ADMD using the Open Community for Advertising
An ADMD uses the open community for advertising. It advertises its
existence and also restrictive policy. This will be useful for:
o Address validation
o Advertising the mechanism for a bilateral link to be established
10.2.7 ADMD/PRMD gateway
An MTA provides a gateway from a PRMD to an ADMD. It is important to
note that many X.400 MDs will not use the directory. This is quite
legitimate. This technique can be used to register access into such
Kille Expires: January 1994 Page 22
INTERNET--DRAFT MHS Routing using Directory July 1993
communities from those that use the directory.
o The MTA registers the ADMD in its local community (private link)
o The MTA registers itself in the PRMD's community to give access to
the ADMD.
11 Routing Information
Routing trees are defined in the previous section, and are used as a
framework to hold routing information. Each node, other than a
skeletal one, in a routing tree has information associated with it,
which_is_defined_by_the_object_class_routingInformation_in_Figure_3.___
routingInformation OBJECT-CLASS
SUBCLASS OF top
MAY CONTAIN {
subtreeInformation,
routingFilter,
routingFailureAction,
mTAInfo,
accessMD,
nonDeliveryInfo,
badAddressSearchPoint, 10
badAddressSearchAttributes}
::= oc-routing-information
-- No naming attributes as this is not a
-- structural object class
subtreeInformation ATTRIBUTE
WITH ATTRIBUTE-SYNTAX SubtreeInfo
SINGLE VALUE 20
::= at-subtree-information
SubtreeInfo ::= ENUMERATED {
all-children-present(0),
not-all-children-present(1) }
routingFilter ATTRIBUTE
Kille Expires: January 1994 Page 23
INTERNET--DRAFT MHS Routing using Directory July 1993
WITH ATTRIBUTE-SYNTAX RoutingFilter
::= at-routing-filter 30
RoutingFilter ::= SEQUENCE{
attribute-type OBJECT-IDENTIFIER,
weight RouteWeight,
dda-key String OPTIONAL,
regex-match IA5String OPTIONAL,
node DistinguishedName }
String ::= CHOICE {PrintableString, TeletexString} 40
routingFailureAction ATTRIBUTE
WITH ATTRIBUTE-SYNTAX RoutingFailureAction
SINGLE VALUE
::= at-routing-failure-action
RoutingFailureAction ::= ENUMERATED {
next-level(0),
next-tree-only(1),
next-tree-first(2), 50
stop(3) }
mTAInfo ATTRIBUTE
WITH ATTRIBUTE-SYNTAX MTAInfo
::= at-mta-info
MTAInfo ::= SEQUENCE {
name DistinguishedName,
weight [1] RouteWeight DEFAULT preferred-access, 60
mta-attributes [2] SET OF Attribute OPTIONAL,
ae-info [4] SEQUENCE OF SEQUENCE {
aEQualifier PrintableString,
ae-weight RouteWeight DEFAULT preferred-access,
ae-attributes SET OF Attribute OPTIONAL} OPTIONAL
}
RouteWeight ::= INTEGER {endpoint(0),
preferred-access(5),
backup(10)} (0..20) 70
Kille Expires: January 1994 Page 24
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________Figure_3:__Routing_Information_at_a_Node________________
For example, information might be associated with the node:
PRMD=CDC, ADMD=ATTmail, C=US
If this node was in the open community routing tree, then the
information represents information published by the owner of the PRMD
relating to public access to that PRMD. If this node was present in
another routing tree, it would represent information published by the
owner of the routing tree about access information to the referenced
PRMD. The attributes associated with a routingInformation node provide
the following information:
o That the node corresponds a valid O/R address. This is implicit
in the existence of the entry.
o If the node is a UA. This will be true if the node is of object
class routedUA. This is described further in Section 12. If it is
not of this object class, it is an intermediate node in the O/R
Address hierarchy.
o Whether or not the node is authoritative for the level below is
specified by the subtreeInformation attribute. If it is
authoritative, indicated by the value all-children-present, this
will give the basis for (permanently) rejecting invalid O/R
Addresses. The attribute is encoded as enumerated, as it may be
later possible to add partial authority (e.g., for certain
attribute types). If this attribute is missing, the node is
assumed to be non-authoritative (not-all-children-present). For
example, consider the node:
MHS-O=X-Tel, PRMD=UK.AC, ADMD=Gold 400, C=GB
An organisation which has a bilateral agreement with this
organisation has this entry in its routing tree, with no children
entries. This is marked as non-authoritative. There is a second
routing tree maintained by X-Tel, which contains all of the
children of this node, and is marked as authoritative. When
considering an O/R Address
Kille Expires: January 1994 Page 25
INTERNET--DRAFT MHS Routing using Directory July 1993
MHS-G=Random + MHS-S=Unknown, MHS-O=Fast Fruit ltd.,
PRMD=MHS plc, ADMD=Gold 400, C=GB
only the second, authoritative routing tree can be used to
determine that this address is invalid.
o A list of MTAs and associated information defined by the mtaInfo
attribute. This information is discussed further in Sections 16
and 19. This information is the key information associated with
the node. When a node is matched in a lookup, it indicates the
validity of the route, and a set of MTAs to connect to. Selection
of MTAs is discussed in Sections 19 and Section 11.1.
o An action to be taken if none of the MTAs can be used directly (or
if there are no MTAs present) is defined by the
routingFailureAction attribute. When an routing tree is being
used, it is usually in the context of a sequence of routing trees.
If a matched node cannot be used directly, the routing algorithm
will have the choice to move up a level in the current routing
tree, or to move on to the next routing tree with an option to
move back to the first tree later. This option to move back is to
allow for the common case where a tree is used to specify two
things:
1. Routing information private to the MTA (e.g., local UAs or
routing info for bilateral links).
2. Default routing information for the case where other routing
has failed.
The actions allow for a tree to be followed, for the private
information, then for other trees to be used, and finally to fall
back to the default situation. For very complex configurations it
might be necessary to split this into two trees. The options are:
1. Move up a level in the current routing tree. This is the
action implied if the attribute is omitted. This will usually
be the best action in the open community routing tree. It is
the default action if the attribute is not present.
2. Move to the next tree. This will be useful optimisation for a
routing tree where it is known that there is no useful
Kille Expires: January 1994 Page 26
INTERNET--DRAFT MHS Routing using Directory July 1993
additional routing information higher in the routing tree.
3. Move to the next tree, and then default back to the next level
in this tree if no route is found. This will be useful for an
MTA to operate in the sequence:
(a) Check for optimised private routes
(b) Try other available information
(c) Fall back to a local default route
o The accessMD attribute is discussed in Section 11.3. This
attribute is used to indicate MDs which provide indirect access to
the part of the tree that is being routed to.
o The badAddressSearchPoint and badAddressSearchAttributes are
discussed in Section 16. This attribute is for when an address
has been rejected, and allows information on alternative addresses
to be found.
o A set of routing filters, defined by the routingFilter attribute.
This attribute provides for routing on information in the
unmatched part of the O/R Address. This is described in
Section 11.2.
11.1 MTA Choice
This section considers how the choice between alternate MTAs is
made. First, it is useful to consider the conditions why an MTA
is entered into a node of the routing tree are:
-- The manager for the node of the tree must place it there.
This is a formality, but critical in terms of overall
authority.
-- The MTA manager should agree to it being placed there.
-- The MTA will in general (for some class of message) be
prepared to route to any valid O/R address in the subtree
implied by the address. The only exception to this is where
the MTA will route to a subset of the tree which cannot easily
be expressed by making entries at the level below. An example
Kille Expires: January 1994 Page 27
INTERNET--DRAFT MHS Routing using Directory July 1993
might be an MTA prepared to route to all of the subtree, with
certain explicit exceptions.
Information on each MTA is stored in an mTAInfo attribute. This
attribute contains:
name The Distinguished Name of the MTA (Application Process)
weight A weighting factor (Route Weight) which gives a basis to
choose between different MTAs.
mta-attributes Attributes from the MTAs entry. Information on
the MTA will generally be stored in the MTA's entry. The MTA
is represented here as a structure, which enables some of this
entry information to be represented in the routing node. This
can lead to considerable performance optimisation. For
example if ten MTAs were represented at a node, another MTA
making a routing decision might need to make ten reads in
order to obtain the information needed. If any attributes are
present here, all of the attributes needed to make a routing
decision will be included, and also all attributes at the
Application Entity level
Where an MTA supports a single protocol only, or the protocols it
supports have address information that can be represented in
non-conflicting attributes, then the MTA may be represented as an
application process only. In this case, the ae-info structure
which gives information on associated application entities may be
omitted, as the MTA is represented by a single application entity
which has the same name as the application process. In other
cases, the names of all application entities shall be included. A
weight is associated with each application entity to allow the MTA
to indicate a preference between its application entities.
ae-qualifier A printable string (e.g. ``x400-88''), used to
derive the relative distinguished name of the application
entity.
ae-weight A weighting factor (Route Weight) which gives a basis
to choose between different Application Entities (not between
different MTAs).
ae-attributes Attributes from the AEs entry.
Kille Expires: January 1994 Page 28
INTERNET--DRAFT MHS Routing using Directory July 1993
Route weighting is a mechanism to distinguish between different
route choices. A routing weight may be associated with the MTA in
the context of a routing tree entry. This is because routing
weight will always be context dependent. This will allow machines
which have other functions to be used as backup MTAs. The Route
Weight is an integer in range 0--20. The lower the value, the
better the choice of MTA. Where the weight is equal, and no other
factors apply, the choice between the MTAs should be random to
facilitate load balancing. If the MTA itself is in the list, it
should only route to an MTA of lower weight. The exact values
will be chosen by the manager of the relevant part of the routing
tree. For guidance, three fixed points are given:
-- 0. For an MTA which can deliver directly to the entire
subtree implied by the position in the routing tree.
-- 5. For an MTA which is preferred for this point in the
subtree.
-- 10. For a backup MTA.
When an organisation registers in multiple routing trees, the
route weight used is dependent on the context of the subtree. In
general it is not possible to compare weights between subtrees.
In some cases, use of route weighting can be used to divert
traffic away from expensive links.
Attributes that are available in the MTA entry and will be needed
for making a routing choice are:
*** list attributes which must be present here if they are in the
MTA ***
A full list of MTA attributes, with summaries of their
descriptions are given in Section 17.
*** delete following list when referenced section is filled in ***
-- Authentication policy of the MTA (e.g., some MTAs may require
strong authentication). This is discussed in Section 21.2.
-- Information on the stack offered by the MTA. This is discussed
in Section 19.1.
-- Policy for the traffic an MTA will route. This is discussed
in Section 22.
Kille Expires: January 1994 Page 29
INTERNET--DRAFT MHS Routing using Directory July 1993
11.2 Routing Filters
This attribute provides for routing on information in the
unmatched part of the O/R Address, including:
-- Routing on the basis of an O/R Address component type
-- Routing on the basis of a substring match of an O/R address
component. This might be used to route X121 addressed faxes
to an appropriate MTA.
When present, the procedures of analysing the routing filters
should be followed before other actions. The routing filter
overrides MTAinfo and accessMD attributes. The components of the
routingFilter attribute are:
attribute-type This gives the attribute type to be matched, and
is selected from the attribute types which have not been
matched to identify the routing entry. The filter applies to
this attribute type. If there is no regulear expression
present (as defined below), the filter is true if the
attribute is present. The value is the object identifier of
the X.500 attribute type (e.g., at-prmd-name).
weight This gives the weight of the filter, which is encoded as a
Route Weight. If multiple filters match, the weight of each
matched filter is used to select between them. If the weight
is the same, then a random choice should be made.
dda-key If the attribute is domain defined, then this parameter
may be used to identify the key.
regex-match This string is used to give a regular expression
match on the attribute value. The syntax for regular
expressions is defined in Appendix E.
node This defines where to get routing information for the
filter. It will be an entry with object class
routingInformation, which can be used to determine the MTA or
MTA choice.
An example of use of routing filters is now given, showing how to
route on X121 address to a fax gateway in Germany. Consider the
Kille Expires: January 1994 Page 30
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
accessMD ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
::= at-access-md
______________________Figure_4:__Indirect_Access_______________________
routing point.
PRMD=UK.AC, ADMD=Gold 400, C=GB
The entry associated would have two routing filters:
1. One with type x121 and no regular expression, to route a
default fax gateway.
2. One with type x121 and a regular expression ^9262 to route all
German faxes to a fax gateway located in Germany with which
there is a bilateral agreement. This would have a lower
weight, so that it would be selected over the default fax
gateway.
11.3 Indirect Connectivity
In some cases a part of the O/R Address space will be accessed
indirectly. For example, an ADMD without access from the open
community might have an agreement with another MD to provide this
access. This is achieved by use of the accessMD attribute defined in
Figure 4. If this attribute is found, the routing algorithm should
read the entry pointed to by this distinguished name and route
according to the information retrieved, in order to route to this
access MD.
The attribute is called an MD, as this is descriptive of its normal
use. It might point to a more closely defined part of the O/R Address
space.
It is possible for both access MD and MTAs to be specified. This
might be done if the MTAs only support access over a restricted set of
transport stacks. In this case, the access MD should only be routed
to if it is not possible to route to any of the MTAs.
This structure can also be used as an optimisation, where a set of
Kille Expires: January 1994 Page 31
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
routedUA OBJECT-CLASS
SUBCLASS OF routingInformation
MAY CONTAIN {
-- from X.402
mhs-deliverable-content-length,
mhs-deliverable-content-types,
mhs-deliverable-eits,
mhs-message-store,
mhs-preferred-delivery-methods, 10
-- ** Note to add supported P2 extensions
-- ** SEK cannot find standard reference
-- defined here
mandatoryRedirect,
supportingMTA,
filteredRedirect,
userName,
nonDeliveryInfo}
::= oc-routed-ua
20
supportingMTA ATTRIBUTE
SUBTYPE OF mtaInfo
::= at-supporting-mta
userName ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
::= at-user-name
_______________________Figure_5:__UA_Attributes________________________
MTAs provides access to several parts of the O/R Address space.
Rather than repeat the MTA information, a single access MD is used as
a means of grouping the MTAs. The value of the Distinguished Name of
the access MD will probably not be meaningful in this case.
12 Local Addresses (UAs)
Local addresses (UAs) are a special case for routing: the endpoint.
The definition of the routedUA object class is given in Figure 5.
This identifies a User Agent in a routing tree. This is needed for
several reasons:
Kille Expires: January 1994 Page 32
INTERNET--DRAFT MHS Routing using Directory July 1993
1. To allow UAs to be defined without having an entry in another part
of the DIT.
2. To identify which (leaf and non-leaf) nodes in a routing tree are
User Agents. In a pure X.400 environment, a UA (as distinct from
a connecting part of the O/R address space) is simply identified
by object class. Thus an organisation entry can itself be a UA. A
UA need not be a leaf, and can thus have children in the tree.
3. To allow UA parameters as defined in X.402 (e.g., the
mhs-deliverable-eits) to be determined efficiently from the
routing tree, without having to go to the user's entry.
4. To identify the MTA which supports a UA. The MTAs which support a
UA directly are noted in the SupportingMTA attribute, which may be
multi-valued. X.400 models that only one MTA is associated with a
UA. In practice, it is possible and useful for several MTAs to be
able to deliver to a single UA. This attribute is a subtype of
MTAinfo, as it is possible for an MTA to be registered to route to
a UA, without it actually being able to deliver messages to it.
This attribute must be present, unless the address is being
non-delivered or redirected.
5. The attribute nonDeliveryInfo mandates non-delivery to this
address, as described in Section 25.
6. The attributes mandatoryRedirect and filteredRedirect control
redirects, as described in Section 23.
7. The attribute userName points to the distinguished Name of the
user, as defined by the mhs-user in X.402. **REF** The pointer
from the user to the O/R Address is achieved by the
mhs-or-addresses attribute. This makes the UA/User linkage
symmetrical.
When routing to a UA, an MTA will read the supportingMTA attribute.
If it finds its own name present, it will know that the UA is local,
and invoke appropriate procedures for local delivery (e.g.,
co-resident or P3 access information). The cost of holding these
attributes for each UA at a site will often be reduced by use of
shared attributes (** REF X.500(92)).
The linkage between the UA and User entries was noted above. It is
also possible to use a single entry for both User and UA, as there is
Kille Expires: January 1994 Page 33
INTERNET--DRAFT MHS Routing using Directory July 1993
no conflict between these. In this case, the entries should be in one
part of the DIT, with aliases from the other.
Many sites will need to support local RFC 822 mailboxes (UAs). As the
RFC 822 mailboxes are untyped, it is necessary for such a site to
represent every mailbox as an routedUA object.
To support UAs of other object classes, there will then need to be
aliases to the correct entry. For example, suppose that there is a
UA:
MHS-CN=Postmaster, MHS-OU=CS, MHS-O=UCL,
PRMD=UK.AC, ADMD=Gold 400, C=GB
There will have to be an alias:
CN="/CN=Postmaster/", MHS-OU=CS, MHS-O=UCL,
PRMD=UK.AC, ADMD=Gold 400, C=GB
which points to the real entry. For user convenience, it will also be
desirable to have an alias:
CN=Postmaster, MHS-OU=CS, MHS-O=UCL,
PRMD=UK.AC, ADMD=Gold 400, C=GB
If there is a mailbox for:
MHS-OU=Sales, MHS-OU=CS, MHS-O=UCL,
PRMD=UK.AC, ADMD=Gold 400, C=GB
There will need to be an alias:
CN="/OU=Sales/", MHS-OU=CS, MHS-O=UCL,
PRMD=UK.AC, ADMD=Gold 400, C=GB
In general, aliases can be used extensively at this level to provide
alternate values for names. For routing purpose, UAs (Mailboxes) will
only be located by the read operation, not by searching. This is for
efficiency of overall routing.
Kille Expires: January 1994 Page 34
INTERNET--DRAFT MHS Routing using Directory July 1993
To support many UNIX mail utilities, it is important for UNIX sites to
alias the UNIX login ids as alternate values, and to have tools which
maintain this binding automatically.
12.1 Searching for Local Users
The approach defined in this specification performs all routing by use
of reads. This is done for performance reasons, as it is a reasonable
expectation that all DSA implementations will support a high
performance read operation. For local routing only, an MTA in
cooperation with the provider of the local routing tree may choose to
use a search operation to perform routing. The major benefit of this
is that there will not be a need to store aliases for alternate names,
and so the directory storage requirement and alias management will be
reduced. The difficulty with this approach is that it is hard to
define search criteria that would be effective in all situations and
well supported by all DUAs. There are also issues about determining
the validity of a route on the basis of partial matches.
13 Direct Lookup
Where an O/R address is registered in the open community and has one
or more ``open'' MTAs which support it, this will be optimised by
storing MTA information in the O/R address entry. In general, the
Directory will support this by use of attribute inheritance or an
implementation will optimise the storage or repeate informaion, and so
there will not be a large storage overhead implied. This is a
function of the basic routing approach.
As a further optimisation of this case, the User's distinguished name
entry may contain the MTAInfo attribute. This can be looked up from
the distinguished name, and thus routing on submission can be achieved
by use of a single read.
14 Alternate Routes
14.1 Finding Alternate Routes
The routing algorithm selects a single MTA to be routed to. It could
be extended to find alternate routes to a single MTA with possibly
Kille Expires: January 1994 Page 35
INTERNET--DRAFT MHS Routing using Directory July 1993
different weights. How far this is done should be a local
configuration choice. Provision of backup routing is desirable, and
leads to robust service, but excessive use of alternate routing is not
usually beneficial. It will often force messages onto convoluted
paths, when there was only a short outage on the preferred path.
It is important to note that this strategy will lead to picking the
first acceptable route. It is important to configure the routing
trees, so that the first route identified will also be the best route.
14.2 Sharing routing information
So far, only single addresses have been considered. Improving routing
choice for multiple addresses is analogous to dealing with multiple
routes. This section defines an optional improvement. When multiple
addresses are present, and alternate routes are available, the
preferred routes should be chosen so as to maximise the number of
recipients sent with each message.
Specification of routing trees can facilitate this optimisation.
Suppose there is a set of addresses (e.g., in an organisation) which
have different MTAs, but have access to an MTA which will do local
switching. If each address is registered with the optimal MTA as
preferred, but has the ``hub'' MTA registered with a higher route
weight, then optimisation will occur when a message is sent to
multiple addresses in the group.
15 Looking up Information in the Directory
The description so far has been abstract about lookup of information.
This section considers how information is looked up in the Directory.
Consider that an O/R Address is presented for lookup, and there is a
sequence of routing trees. At any point in the lookup sequence, there
is one of a set of actions that can take place:
Handle MTA Info Information from the node should be examined. If
suitable information is found, one of the following is done:
o Use the information and finish the routing process
o Continue the routing process in order to find more options to
choose from
Kille Expires: January 1994 Page 36
INTERNET--DRAFT MHS Routing using Directory July 1993
Unroutable Address Potentially valid address, which cannot be routed
Bad Address
Temporary Reject Try again later (** what action is implied?)
Permanent Reject Administrative error on the directory which should
be fixed, but which prevents routing.
***** Add info on what to do and which diagnostic codes and general
clarification
Each routing tree should be processed in turn. To start a new routing
tree, the full O/R address should be looked up in the routing tree.
The next routing tree should be started when:
o An entry is reached with routing action next-tree-only or
next-tree-first.
o A lookup is done in the routing tree at the top level (i.e.,
country), and no routing action is returned. In this case, it
should behave as if the action was next-tree-first. (*** SEK
editorial note here that I did not understand).
Unless the action is next-tree-only, or the root of the routing tree
has been processed, the routing tree which is about to be left should
be pushed onto a stack of routing trees for future processing. The
position in the tree should be retained.
Errors from the lookup (directory read) should be handled as follows:
AttributeError This leads to a permanent reject.
NameError The matched parameter is used to determine the number of
components of the name that have matched (possibly zero). The
read is then repeated with this name. This is the normal case,
and allows the ``best'' entry in the routing tree to be located
with two reads.
Referral The referral should be followed.
SecurityErrror Strip one component of the O/R address and continue.
Kille Expires: January 1994 Page 37
INTERNET--DRAFT MHS Routing using Directory July 1993
ServiceError This leads to a temporary reject (see above).
**** Clarify Popping
16 Naming MTAs
MTAs need to be named in the DIT, but the name does not have routing
significance, it is simply a unique key. Attributes associated with
naming MTAs are given in Figure 6. This figure also gives a list of
attributes, which may be present in the MTA entry. The use of most of
these is explained in subsequent sections. The mTAName and
globalDomainID attributes are needed to define the information that an
MTA places in trace information. As noted previously, and MTA is
represented as an Application Process, with one or more Application
Entities.
In X.400, MTAs are named by MD and a single string. This style of
naming is supported, with MTAs named in the O/R Address tree relative
to the root of the DIT (or possibly in a different routing tree). The
MTAName attribute is used to name MTAs in this case. For X.400(88) it
is assumed that the Distinguished Name may be passed as an AE Title.
MTAs may be named with any other DN, which can be in the O/R Address
or Organisational DIT hierarchy. There are several reasons why MTAs
might be named differently.
o The flat naming space is inadequate to support large MDs. MTA
name assignment using the directory would be awkward.
o An MD does not wish to register its MTAs in this way (essentially,
it prefers to give them private names in the directory).
o An organisation has a policy for naming application processes,
which does not fit this approach.
In this case, the MTA entry must contain the correct information to be
inserted in trace. The MTAName and GlobalDomainID attributes are used
to do this. They are single value. For an MTA which inserts
different trace in different circumstances, a more complex approach
would be needed.
An MD may choose to name its MTAs outside of the O/R address
hierarchy, and then link some or all of them with aliases. A pointer
Kille Expires: January 1994 Page 38
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
mTAName ATTRIBUTE
WITH ATTRIBUTE-SYNTAX
caseIgnoreIA5StringSyntax (SIZE(1..ub-mta-name-length)
SINGLE VALUE
::= at-mta-name
-- used for naming when
-- MTA is named in O=R Address Hierarchy
globalDomainID ATTRIBUTE
WITH ATTRIBUTE-SYNTAX 10
GlobalDomainIdentifier
SINGLE VALUE
::= at-global-domain-id
-- both attributes present when MTA
-- is named outside O=R Address Hierarchy
-- to enable trace to be written
mTAApplicationProcess OBJECT CLASS
SUBCLASS OF application-process
MAY CONTAIN { 20
mTAWillRoute,
globalDomainID, -- Default
routingTreeList,
accessMD,
localAccessUnit,
accessUnitsUsed
}
::= oc-mta-application-process
mTA OBJECT CLASS -- Application Entity 30
SUBCLASS OF mhs-message-transfer-agent
MAY CONTAIN {
mTAName,
globalDomainID, -- per AE variant
responderAuthenticationRequirements,
initiatorAuthenticationRequirements,
responderPullingAuthenticationRequirements,
initiatorPullingAuthenticationRequirements,
initiatorP1Mode,
responderP1Mode, 40
polledMTAs,
transportCommunity,
respondingRTSCredentials,
initiatingRTSCredentials,
callingPresentationAddress,
Kille callingSelectorValidity, Expires: January 1994 Page 39
bilateralTable
}
::= oc-mta
______________________Figure_6:__MTA_Definitions_______________________
INTERNET--DRAFT MHS Routing using Directory July 1993
from this space may help in resolving information based on MTA Trace.
16.1 Naming 1984 MTAs
Some simplifications are necessary for 1984 MTAs, and only one naming
approach may be used. In X.400, MTAs are named by MD and a single
string. This style of naming is supported, with MTAs named in the O/R
Address tree relative to the root of the DIT (or possibly in a
different routing tree). The MTAName attribute is used to name MTAs
in this case.
17 Attributes Associated with the MTA
This section lists the attributes which may be associated with an MTA
as defined in Figure 6, summarises their use, and gives pointers to
the relevant section.
*** tbs
18 Bilateral Agreements
*** Editorial note. Work thru this to sort out AP/AE tangle
*** this section needs to be clarified in general
In many cases, X.400 routing has to be on the basis of bilateral
agreement. We can now consider how these agreements are represented
in the Directory. A bilateral agreement is represented by one entry
associated with each MTA participating in the bilateral agreement.
For one end of the bilateral agreement, the agreement information will
be keyed by the name of the MTA at the other end. Each party to the
agreement will set up the entry which represents its half of the
agreed policy. The fact that these correspond is controlled by the
external agreement. In many cases, only one half of the agreement
will be in the directory. The other half might be in an ADMD MTA
configuration file.
MTA bilateral information is stored in a table, as defined in [11].
An MTA has one such table, which controls agreements in both
directions. The definition of entries in this table are defined in
Figure 7. This table will usually be access controlled so that only a
single MTA or selected MTAs which appear externally as one MTA can
access it.
Kille Expires: January 1994 Page 40
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
mTABilateralTableEntry OBJECT-CLASS
SUBCLASS OF mTA, distinguishedNameTableEntry
::= oc-mta-bilateral-table-entry
_________________Figure_7:__MTA_Bilateral_Table_Entry__________________
Each entry in the table is of the object class
DistinguishedNameTableEntry, which is used to name the entry by the
distinguished name of the MTA. In some cases discussed in
Section 21.1, there will also be aliases of type textTableEntry. The
MTA attributes needed as a part of the bilateral agreement (typically
MTA Name/Password pairs), as described in Section 21.3, will always be
present. Other MTA attributes (e.g., presentation address) may be
present for one of two reasons:
1. As a performance optimisation
2. Because the MTA does not have a global entry
Every MTA with bilateral agreements will define a bilateral MTA table.
When a connection from a remote MTA is received, its Distinguished
Name is used to generate the name of the table entry. For 1984, the
MTA Name exchanged at the RTS level is used as a key into the table.
The location of the bilateral table used by the MTA is defined by the
bilateralTable attribute in the MTA entry, which is defined in
Figure 18.
For outbound connections, an attribute in the MTA's entry (either read
directly, or from mTAInfo from the routing tree) will indicate that a
bilateral connection should be used. The entry containing the
bilateral information for the MTA can be derived as for an incoming
connection.
**** Tie in the use of RTS parameters, and add control of various
types of trace stripping and orginator munging
Kille Expires: January 1994 Page 41
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
transportCommunity ATTRIBUTE
WITH ATTRIBUTE SYNTAX objectIdentifierSyntax
::= at-transport-community
______________Figure_8:__Transport_Community_Definition________________
19 MTA Selection
19.1 Dealing with protocol mismatches
MTAs may operate over different stacks. This means that some MTAs
cannot talk directly to each other. Even where the protocols are the
same, there may be reasons why a direct connection is not possible.
An environment where there is full connectivity over a single stack is
known as a transport community [9]. The set of transport communities
supported by an MTA is specified by use of the TransportCommunity
attribute defined in Figure 8. This is represented as a separate
attribute for the convenience of making routing decisions.
A community is identified by an object identifier, and so the
mechanism supports both well known and private communities. A list of
object identifiers corresponding to well known communities is given in
Appendix B.
19.2 Supported Protocols
It is important to know the protocol capabilities of an MTA. This is
done by the application context. There are standard definitions for
the following 1988 protocols.
o P3 (with and without RTS, both user and MTS initiated)
o P7 (with and without RTS).
o P1 (various modes). Strictly, this is the only one that matters
for routing.
In order to support P1(1984) and P1(1988) in X.410 mode, application
contexts which define these protocols are given in Appendix C. This
Kille Expires: January 1994 Page 42
INTERNET--DRAFT MHS Routing using Directory July 1993
context is for use in the directory only, and would never be exchanged
over the network.
For routing purposes, a message store which is not co-resident with an
MTA is represented as if it had a co-resident MTA and configured with
a single link to its supporting MTA.
In cases where the UA is involved in exchanges, the UA will be of
object class mhs-user-agent, and this will allow for appropriate
communication information to be registered.
19.3 MTA Capability Restrictions
In addition to policy restrictions, described in Section 22, an MTA
may have capability restrictions. The maximum size of MPDU is defined
by the standard attribute mhs-deliverable-content-length.
It may be useful to define other capability restrictions, for example
to enable routing of messages around MTAs with specific deficiencies.
It has been suggested using MTA capabilities as an optimised means of
expressing capabilities of all users associated with the MTA. This is
felt to be undesirable.
**** Add attribute which defines list of supported P1 extensions
19.4 Subtree Capability Restrictions
In many cases, users of a subtree will share the same capabilities.
It is possible to specify this by use of attributes, as defined in
Figure 9. This will allow for restrictions to be determined in cases
where there is no entry for the user or O/R Address. This will be a
useful optimisation in cases where the UA capability information is
not available from the directory, either for policy reasons or because
it is not there. This information may also be present in the domain
tree (RFC 822).
This shall be implemented as a collective attribute, so that it is
available to all entries in the subtree below the entry. This can
also be used for default setting in the subtree.
Kille Expires: January 1994 Page 43
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
restrictedSubtree OBJECT-CLASS
SUBCLASS OF top
MAY CONTAIN {
subtreeDeliverableContentLength,
subtreeDeliverableContentTypes,
subtreeDeliverableEITs }
::= oc-restricted-subtree
subtreeDeliverableContentLength ATTRIBUTE
SUBTYPE OF mhs-deliverable-content-length 10
::= at-subtree-deliverable-content-length
subtreeDeliverableContentTypes ATTRIBUTE
SUBTYPE OF mhs-deliverable-content-types
::= at-subtree-deliverable-content-types
subtreeDeliverableEITs ATTRIBUTE
SUBTYPE OF mhs-deliverable-eits
::= at-subtree-deliverable-eits
20
______________Figure_9:__Subtree_Capability_Restriction________________
20 MTA Pulling Messages
Pulling messages between MTAs, typically by use of two way alternate,
is for bilateral agreement. It is not the common case. There are two
circumstances in which it can arise.
1. Making use of a connection that was opened to push messages.
2. Explicitly polling in order to pull messages
Attributes to support this are defined in Figure 10. These attributes
indicate the capabilities of an MTA to pull messages, and allows a
list of polled MTAs to be specified. If omitted, the normal case of
push-only is specified.
Kille Expires: January 1994 Page 44
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
initiatorP1Mode ATTRIBUTE
WITH ATTRIBUTE-SYNTAX P1Mode
SINGLE VALUE
::= at-initiator-p1-mode
responderP1Mode ATTRIBUTE
WITH ATTRIBUTE-SYNTAX P1Mode
SINGLE VALUE
::= at-responder-p1-mode
10
P1Mode ::= ENUMERATED {
push-only(0),
pull-only(1),
twa(2) }
polledMTAs ATTRIBUTE
WITH ATTRIBUTE-SYNTAX PolledMTAs
:= at-polled-mtas
PolledMTAs ::= SEQUENCE { 20
mta DistinguishedName,
poll-frequency INTEGER OPTIONAL --frequency in minutes
}
*** Need to add control mechanism (list) for MTA being polled
*** to identify which MTAs can poll it
_____________________Figure_10:__Pulling_Messages______________________
21 Security and Policy
21.1 Finding the Name of the Calling MTA
A key issue for authentication is for the called MTA to find the name
of the calling MTA. This is needed for it to be able to look up
information on a bilateral agreement.
Where X.400(88) is used, the name is available as a distinguished name
from the AE-Title provided in the A-Associate. For X.400(84), it will
not be possible to derive a global name from the bind. The MTA Name
exchanged in the RTS Bind will provide a key into the private
bilateral agreement table. Thus for X.400(1984) it will only be
Kille Expires: January 1994 Page 45
INTERNET--DRAFT MHS Routing using Directory July 1993
possible to have bilateral inbound links or no authentication of the
calling MTA.
Editor's Note CDC use a search here, as a mechanism to use a single
table and an 88/84 independent access. This should be considered
for general adoption. It appears to make the data model cleaner,
possibly at the expense of some performance.
21.2 Authentication
The levels of authentication required by an MTA will have an impact on
routing. For example, if an MTA requires strong authentication, not
all MTAs will be able to route to it. The attributes which define the
authentication requirements are defined in Figure 11.
The attributes specify authentication levels for the following cases:
Responder These are the checks that the responder will make on the
initiator's credentials.
Initiator These are the checks that the initiator will make on the
responders credentials. Very often, no checks are needed ---
establishing the connection is sufficient.
Responder Pulling These are responder checks when messages are
pulled. These will often be stronger than for pushing.
Initiator Pulling For completeness.
If an attribute is omitted, no checks are required. If multiple
checks are required, then each of the relevant bits should be set. If
there are alternative acceptable checks, then multiple values of the
attribute are used.
The values of the authentication requirements mean:
mta-name-present That an RTS level MTA parameter should be present
for logging purposes.
aet-present That a distinguished name application entity title should
be provided at the ACSE level
Kille Expires: January 1994 Page 46
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
responderAuthenticationRequirements ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AuthenticationRequirements
SINGLE VALUE
::= at-responder-authentication-requirements
initiatorAuthenticationRequirements ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AuthenticationRequirements
SINGLE VALUE
::= at-initiator-authentication-requirements
10
repsonderPullingAuthenticationRequirements ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AuthenticationRequirements
SINGLE VALUE
::= at-responder-pulling-authentication-requirements
initiatorPullingAuthenticationRequirements ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AuthenticationRequirements
SINGLE VALUE
::= at-initiator-pulling-authentication-requirements
20
AuthenticationRequirements ::= BITSTRING {
mta-name-present(0),
aet-present(1),
aet-valid(2),
network-address(3),
simple-authentication(4),
strong-authentication(5),
bilateral-agreement-needed(6)}
_______________Figure_11:__Authentication_Requirements_________________
Kille Expires: January 1994 Page 47
INTERNET--DRAFT MHS Routing using Directory July 1993
aet-valid As for aet-present, and that the AET be registered in the
directory. This may be looked up as a part of the validation
process. If mta-name-present is set, the RTS value of mta and
password must correspond to those registered in the directory.
network-address This can only be used for the responder. The AET
must be looked up in the directory, and the
callingPresentationAddress attribute matched against the calling
address. This must match exactly at the network level. The
validity of selectors will be matched according to the
callingSelectorValidity attribute.
simple-authentication All MTA and password parameters needed for
simple authentication must be used. This will usually be in
conjunction with a bilateral agreement.
strong-authentication Use of strong authentication.
bilateral-agreement-needed This means that this MTA will only accept
connections in conjunction with a bilateral agreement. This link
cannot be used unless such an agreement exists.
These attributes may also be used to specify UA/MTA authentication
policy. They may be resident in the UA entry in environments where
this information cannot be modified by the user. Otherwise, it will
be present in an MTA table (represented in the directory).
An MTA could choose to have different authentication levels related to
different policies (Section 22). This is seen as too complex, and so
they are kept independent. The equivalent function can always be
achieved by using multiple Application Entities with the application
process.
21.3 Authentication Information
This section specifies connection information needed by P1. This is
essentially RTS parameterisation needed for authentication. This is
defined in Figure 12. Confidential bilateral information is implied
by these attributes, and this will be held in the bilateral
information agreement. This should have appropriate access control
applied. Note that in some cases, MTA information will be split
across a private and public entry.
Kille Expires: January 1994 Page 48
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
respondingRTSCredentials ATTRIBUTE
WITH ATTRIBUTE-SYNTAX RTSCredentials
SINGLE VALUE
::= at-responding-rts-credentials
initiatingRTSCredentials ATTRIBUTE
WITH ATTRIBUTE-SYNTAX RTSCredentials
SINGLE VALUE 10
::= at-initiating-rts-credentials
RTSCredentials ::= SEQUENCE {
request [0] MTAandPassword OPTIONAL,
response [1] MTAandPassword OPTIONAL }
MTAandPassword ::= SEQUENCE {
MTAName, 20
Password } -- MTAName and Password
-- from X.411
callingPresentationAddress ATTRIBUTE
WITH ATTRIBUTE-SYNTAX PresentationAddress
MULTI VALUE
::= at-calling-presentation-address
callingSelectorValidity ATTRIBUTE 30
WITH ATTRIBUTE-SYNTAX CallingSelectorValidity
SINGLE VALUE
::= at-calling-selector-validity
CallingSelectorValidity ::= ENUMERATED {
all-selectors-fixed(0),
tsel-may-vary(1),
all-selectors-may-vary(2) }
______________Figure_12:__MTA_Authentication_Parameters________________
Kille Expires: January 1994 Page 49
INTERNET--DRAFT MHS Routing using Directory July 1993
The parameters are:
Initiating Credentials The credentials to be used when the local MTA
initiates the association. It gives the credentials to insert
into the request, and those expected in the response.
Responding Credentials The credentials to be used when the remote MTA
initiates the association. It gives the credential expected in
the request, and those to be inserted into the response.
Remote Presentation Address Valid presentation addresses, which the
remote MTA may connect from.
If an MTA/Password pair is omitted. The MTA should default to the
local MTA Name, and the password to a zero length OCTET STRING.
Note: It may be useful to add more information here relating to
parameters required for strong authentication.
22 Policy and Authorisation
22.1 Simple MTA Policy
The routing trees will generally be configured in order to identify
MTAs which will route to the destination. A simple means is
identified to specify an MTA's policy. This is defined in Figure 13.
The multi-valued attribute gives a set of policies which the MTA will
route. O/R Addresses are represented by a prefix, which identifies a
subtree. A distinguished name encoding of O/R Address is used. There
are three components:
from This gives a set of O/R addresses which are granted permission
by this attribute value. If omitted, ``all'' is implied.
to This gives the set of acceptable destinations. If omitted,
``all'' is implied.
from-excludes This defines (by prefix) subtrees of the O/R address
tree which are explicitly excluded from the ``from'' definition.
If omitted, there are no exclusions.
Kille Expires: January 1994 Page 50
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
mTAWillRoute ATTRIBUTE
WITH ATTRIBUTE-SYNTAX MTAWillRoute
::= at-mta-will-route
MTAWillRoute ::= SEQUENCE {
from [0] SET OF ORAddressPrefix OPTIONAL,
to [1] SET OF ORAddressPrefix OPTIONAL,
from-excludes [2] SET OF ORAddressPrefix OPTIONAL,
to-excludes [3] SET OF ORAddressPrefix OPTIONAL }
10
ORAddressPrefix ::= DistinguishedName
_____________Figure_13:__Simple_MTA_Policy_Specification_______________
to-excludes This defines (by prefix) subtrees of the O/R address tree
which are explicitly excluded from the ``to'' definition. If
omitted, there are no exclusions.
This simple policy should suffice for most cases. In particular, it
gives sufficient information for most real situations where a policy
choice is forced.
This simple prefixing approach does not deal explicitly with alias
dereferencing. The prefixes refer to O/R addresses where aliases have
been dereferenced. To match against these prefixes, O/R addresses
being matched need to be ``normalised'' by being looked up in the
directory to resolve alias values. If the lookup fails, it should be
assumed that the provided address is already normalised. This means
that policy may be misinterpreted for parts of the DIT not referenced
in the directory.
The originator refers to the MTS originator, and the recipient to the
MTS recipient, following any list expansion or redirect.
22.2 Complex MTA Policy
MTAs will generally have a much more complex policy mechanism, such as
that provided by PP [14]. Representing this as a part of the routing
decision does not seem worthwhile at present. Some of the issues
which need to be tackled are:
Kille Expires: January 1994 Page 51
INTERNET--DRAFT MHS Routing using Directory July 1993
o Use of charging and non-charging nets
o Policy dependent on message size
o Different policy for delivery reports.
o Policy dependent on attributes of the originator or
recipient(e.g., mail from students)
o Content type and encoded information types
o The path which the message has traversed to reach the MTA
o MTA bilateral agreements
o Pulling messages
o Costs. This sort of policy information may also be for
information only.
Policies relating to submission do not need to be public. They can be
private to the MTA.
23 Redirects
There is a need to specify redirects in the Directory. This will be
done at the O/R Address level (i.e., in a routing tree). This will be
useful for alternate names where an equivalent name (synonym) defined
by an alias is not natural. An example where this might be
appropriate is to redirect mail to a new O/R address where a user had
changed organisation. The definitions are given in Figure 14.
Mandatory redirects are specified by the mandatoryRedirect attribute.
A filtered redirect is provided, to allow small messages, large
messages, or messages containing specific EITs or content to be
redirected. Message size is measured in kBytes. Where multiple
elements are contained in the FilteredRedirect structure, they are
treated as having a ``logical or'' relationship.
When a delivery report is sent to an address which would be
redirected, X.400 would ignore the redirect. This means that every
O/R address would need to have a valid means of delivery. This would
seem to be awkward to manage. Therefore, the redirect should be
Kille Expires: January 1994 Page 52
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
mandatoryRedirect ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
SINGLE VALUE
::= at-mandatory-redirect
filteredRedirect ATTRIBUTE
WITH ATTRIBUTE-SYNTAX FilteredRedirect
SINGLE VALUE
::= at-filtered-redirect
10
FilteredRedirect ::= SEQUENCE {
redirect-to DistinguishedName,
SEQUENCE {
min-size [1] INTEGER,
max-size [2] INTEGER,
content [3] ContentType,
eit [4] ExternalEncodedInformationType }
}
20
___________________Figure_14:__Redirect_Definition_____________________
followed, and the delivery report delivered to the redirected address.
These reidrects are handled directly by the MTA. Redirects can also be
initiated by the UA, for example in the context of a P7 interaction.
24 Underspecified O/R Addresses
X.400 requires that some underspecified O/R Addresses are handled in a
given way. Where an underspecified O/R Address should be treated as
if it were another O/R Address, an alias should be used. If the O/R
Address should be rejected as ambiguous, and entry should be created
in the DIT, and forced non-delivery specified for this reason.
Kille Expires: January 1994 Page 53
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
nonDeliveryInfo ATTRIBUTE
WITH ATTRIBUTE SYNTAX NonDeliveryReason
::= at-non-delivery-info
NonDeliveryReason ::= SEQUENCE {
reason INTEGER (0..ub-reason-codes),
diagnostic INTEGER (0..ub-diagnostic-codes),
supplementaryInfo PrintableString }
_________________Figure_15:__Non_Delivery_Information__________________
25 Non Delivery
It is possible for a manager to define an address to non-deliver with
specified reason and diagnostic codes. This might be used for a range
of management purposes. The attribute to do this is defined in
Figure 15.
26 Bad Addresses
If there is a bad address, it is desirable to do a directory search to
find alternatives. This is a helpful user service and should be
provided. This function is invoked after address checking has failed,
and where this is no user supplied alternate recipient. This function
would be an MTA-chosen alternative to administratively assigned
alternate recipient.
Attributes to support handling of bad addresses are defined in
Figure 16. The attributes are:
badAddressSearchPoint This gives the point (or list of points) from
which to search.
badAddressSearchAttributes This gives the set of attribute types to
search on. The default is common name.
Searches are always single level, and always use approximate match.
If a small number of matches are made, this is returned to the
originator by use of the per recipient AlternativeAddresssInformation
in the delivery report (DR). This should be marked non-critical, so
Kille Expires: January 1994 Page 54
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
badAddressSearchPoint ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
::= at-bad-address-search-point
badAddressSearchAttributes ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AttributeType
::= at-bad-address-search-attributes
alternativeAddressInformation EXTENSION
AlternativeAddressInformation 10
::= id-alternative-address-information
AlternativeAddressInformation ::= SET OF SEQUENCE {
distinguished-name DistinguishedName OPTIONAL,
or-address ORAddress OPTIONAL,
other-useful-info SET OF Attribute }
___________________Figure_16:__Bad_Address_Pointers____________________
that it will not cause the DR to be discarded. This attribute allows
the Distinguished Name and O/R Address of possible alternate
recipients to be returned with the delivery report. There is also the
possibility to attach extra information in the form of directory
attributes. Typically this might be used to return attributes of the
entry which were matched in the search. A summary of the information
should also be returned using the delivery report supplementary
information filed (e.g., ``your message could not be delivered to
smith, try J. Smith or P. Smith''), so that the information is
available to user agents not supporting this extension. Note the
length restriction of this field is 256
(ub-supplementary-info-length).
If the directory search fails, or there are no matches returned, a
delivery report should be returned as if this extra check had not been
made.
Note: It might be useful to allow control of search type, and also
single level vs subtree in future versions.
Kille Expires: January 1994 Page 55
INTERNET--DRAFT MHS Routing using Directory July 1993
27 Submission
A message may be submitted with Distinguished Name only. If the MTA
to which the message is submitted supports this service, this section
describes how the mapping is done.
27.1 Normal Derivation
The Distinguished Name is looked up to find the attribute
mhs-or-addresses. If the attribute is single value, it is
straightforward. If there are multiple values, one O/R address should
be selected at random.
27.2 Roles and Groups
Some support for roles is given. If there is no O/R address, and the
entry is of object class role, then the roleOccupant attribute should
be dereferenced, and the message submitted to each of the role
occupants. Similarly, if the entry is of object class group, where
the groupMember attribute is used.
28 Access Units
Attributes needed for support of Access Units are defined in
Figure 17.
The attributes defined are:
localAccessUnit This defines the list of access units supported by
the MTA.
accessUnitsUsed This defines which access units are used by the MTA,
giving the type and MTA. An O/R Address filter is provided to
control which access unit is used for a given recipient. For a
filter to match an address, all attributes specificed in the
filter must match the given address. This is specified as an O/R
Address, so that routing to access units can be filtered on the
basis of attributes not mapped onto the directory (e.g., postal
attributes). Where a remote MTA is used, it may be necessary to
use source routing.
Kille Expires: January 1994 Page 56
INTERNET--DRAFT MHS Routing using Directory July 1993
_______________________________________________________________________
localAccessUnit ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AccessUnitType
::= at-local-access-unit
AccessUnitType ::= ENUMERATED {
fax (1),
physical-delivery (2),
teletex (3),
telex (4) }
10
accessUnitsUsed ATTRIBUTE
WITH SYNTAX
SelectedAccessUnit
::= at-access-units-used
SelectedAccessUnit ::= SEQUENCE {
type AccessUnitType,
providing-MTA DistinguishedName,
filter SET OF ORAddress OPTIONAL }
20
*** update to provide a more general filtering mechanism
__________________Figure_17:__Access_Unit_Attributes___________________
Note: This mechanism might be used to replace the routefilter
mechanism of the MTS routing.
29 The Overall Routing Algorithm
Having provided all the pieces, a summary of how routing works can be
given. The very top level of the routing algorithm is:
1. Route the message according to the protocol by which it arrives
(RFC 822 or X.400). In the case of RFC 822, this should follow
[13].
2. If this fails, and gatewaying is supported, map the address and
attempt to route according to the other protocol using [12].
Kille Expires: January 1994 Page 57
INTERNET--DRAFT MHS Routing using Directory July 1993
29.1 X.400 Routing
The core of the X.400 routing is described in Section 11. A sequence
of routing trees are followed. As nodes of the routing tree are
matched, a set of MTAs will be passed upwards for evaluation. If all
of these are rejected, the trees are followed further2. A set of MTAs
is evaluated on the following criteria:
o If an MTA is the local MTA, deliver locally.
o Supported protocols. The MTA must support a protocol that the
current MTA supports3, as described in Section 19.2.
o The protocols must share a common transport community, as
described in Section 19.1.
o There must be no capability restrictions in the MTA which prevents
transfer of the current message, as described in Section 19.3.
o There must be no policy restrictions in the MTA which prevents
transfer of the current message, as described in Section 22.
o The authentication requirements of the MTA must be met by the
local MTA, as described in Section 21.2.
o If the authentication (Section 21.2) indicates that a bilateral
agreement is present, the MTA must be listed in the local set of
bilateral agreements, as described in Section 18.
o In cases where the recipient UA's capabilities can be determined,
there should either be no mismatch, or there must be an ability to
use local or remote reformatting capabilities, as described in
**** ref conversion I-D
----------------------------
2. It might be argued that the trees should be followed to find
alternate routes in the case that only one MTA is acceptable. This is
not proposed.
3. Note that this could be an RFC 822 protocol, as well as an
X.400 protocol.
Kille Expires: January 1994 Page 58
INTERNET--DRAFT MHS Routing using Directory July 1993
29.2 Pseudo Code
This section describes the routing algorithm in pseudo-code.
***** tbs
29.3 Examples
to be supplied
30 Performance
*** notes on the overall performance of the scheme, and notes on
implementation techniques to go faster
31 Acknowledgements
This ack section covers the whole document series.
*** tbs
This work was part funded by the COSINE Paradise project.
References
[1] The Directory --- overview of concepts, models and services,
December 1988. CCITT X.500 Series Recommendations.
[2] J.N. Chiappa. A new IP routing and addressing architecture,
1991. Internet Draft.
[3] A. Consael, M. Tschicholz, O. Wenzel, K. Bonacker, and M. Busch.
DFN-Directory nutzung durch MHS, April 1990. GMD Report.
[4] P. Dick-Lauder, R.J. Kummerfeld, and K.R. Elz. ACSNET - the
australian alternative to UUCP. In EUUG Conference, Paris, pages
60--69, April 1985.
[5] U. Eppenberger. Routing coordination for an X.400 MHS service
within a multi protocol environment, October 1991. Version 1.0,
RARE WG1 Document.
Kille Expires: January 1994 Page 59
INTERNET--DRAFT MHS Routing using Directory July 1993
[6] K.E. Jordan. Using X.500 directory services in support of X.400
routing and address mapping, November 1991. 3rd draft, IETF WG.
[7] S.E. Kille. MHS use of directory service for routing. In IFIP
6.5 Conference on Message Handling, Munich, pages 157--164.
North Holland Publishing, April 1987.
[8] S.E. Kille. Topology and routing for MHS. COSINE Specification
Phase 7.7, RARE, 1988.
[9] S.E. Kille. Encoding network addresses to support operation over
non-OSI lower layers. Request for Comments RFC 1277, Department
of Computer Science, University College London, November 1991.
[10] S.E. Kille. A string representation of distinguished name.
Request for Comments in preparation, Department of Computer
Science, University College London, January 1992.
[11] S.E. Kille. Representing the O/R Address hierarchy in the
directory information tree, July 1993. Internet Draft.
[12] S.E. Kille. Use of the directory to support mapping between
X.400 and RFC 822 addresses, July 1993. Internet Draft.
[13] S.E. Kille. Use of the directory to support routing for RFC 822
and related protocols, July 1993. Internet Draft.
[14] S.E. Kille and J.P. Onions. The PP manual, December 1991.
Version 6.0.
[15] P. Lauder, R.J. Kummerfeld, and A. Fekete. Hierarchical network
routing. In Tricomm 91, 1991.
[16] CCITT recommendations X.400 / ISO 10021, April 1988. CCITT
SG 5/VII / ISO/IEC JTC1, Message Handling: System and Service
Overview.
[17] Zen and the ART of navigating through the dark and murky regions
of the message transfer system: Working document on MTS
routing, September 1991. ISO SC 18 SWG Messaging.
Kille Expires: January 1994 Page 60
INTERNET--DRAFT MHS Routing using Directory July 1993
32 Security Considerations
Security considerations are not discussed in this INTERNET--DRAFT .
33 Author's Address
Steve Kille
ISODE Consortium
PO Box 505
London
SW11 1DX
England
Phone: +44-71-223-4062
EMail: S.Kille@ISODE.COM
DN: CN=Steve Kille,
O=ISODE Consortium, C=GB
UFN: S. Kille, ISODE Consortium, GB
Kille Expires: January 1994 Page 61
INTERNET--DRAFT MHS Routing using Directory July 1993
A Object Identifier Assignment
_______________________________________________________________________
mhs-ds OBJECT-IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4)
enterprises(1) isode-consortium (453) mhs-ds (7)}
routing OBJECT IDENTIFIER ::= {mhs-ds 3}
oc OBJECT IDENTIFIER ::= {routing 1}
at OBJECT IDENTIFIER ::= {routing 2}
id OBJECT IDENTIFIER ::= {routing 3}
10
oc-mta OBJECT IDENTIFIER ::= {oc 1}
oc-mta-bilateral-table-entry OBJECT IDENTIFIER ::= {oc 2}
oc-routing-information OBJECT IDENTIFIER ::= {oc 3}
oc-restricted-subtree OBJECT IDENTIFIER ::= {oc 4}
oc-routed-ua OBJECT IDENTIFIER ::= {oc 5}
oc-routing-tree-root OBJECT IDENTIFIER ::= {oc 6}
oc-mta-application-process OBJECT IDENTIFIER ::= {oc 7}
at-access-md OBJECT IDENTIFIER ::= {at 1}
at-access-units-used OBJECT IDENTIFIER ::= {at 2} 20
at-subtree-information OBJECT IDENTIFIER ::= {at 3}
at-bad-address-search-attributes OBJECT IDENTIFIER ::= {at 4}
at-bad-address-search-point OBJECT IDENTIFIER ::= {at 5}
at-calling-selector-validity OBJECT IDENTIFIER ::= {at 7}
at-filtered-redirect OBJECT IDENTIFIER ::= {at 38}
at-global-domain-id OBJECT IDENTIFIER ::= {at 10}
at-initiating-rts-credentials OBJECT IDENTIFIER ::= {at 11}
at-initiator-authentication-requirements OBJECT IDENTIFIER ::= {at 12}30
at-initiator-p1-mode OBJECT IDENTIFIER ::= {at 13}
at-initiator-pulling-authentication-requirements OBJECT IDENTIFIER ::= {at 14}
at-local-access-unit OBJECT IDENTIFIER ::= {at 15}
at-mandatory-redirect OBJECT IDENTIFIER ::= {at 16}
at-mta-info OBJECT IDENTIFIER ::= {at 40}
at-mta-name OBJECT IDENTIFIER ::= {at 19}
at-mta-will-route OBJECT IDENTIFIER ::= {at 21}
at-calling-presentation-address OBJECT IDENTIFIER ::= {at 22}
Kille Expires: January 1994 Page 62
INTERNET--DRAFT MHS Routing using Directory July 1993
at-responder-authentication-requirements OBJECT IDENTIFIER ::= {at 23}40
at-responder-p1-mode OBJECT IDENTIFIER ::= {at 24}
at-responder-pulling-authentication-requirements OBJECT IDENTIFIER ::= {at 25}
at-responding-rts-credentials OBJECT IDENTIFIER ::= {at 26}
at-routing-failure-action OBJECT IDENTIFIER ::= {at 27}
at-routing-filter OBJECT IDENTIFIER ::= {at 28}
at-routing-tree-list OBJECT IDENTIFIER ::= {at 29}
at-subtree-deliverable-content-length OBJECT IDENTIFIER ::= {at 30}
at-subtree-deliverable-content-types OBJECT IDENTIFIER ::= {at 31}
at-subtree-deliverable-eits OBJECT IDENTIFIER ::= {at 32}
at-supporting-mta OBJECT IDENTIFIER ::= {at 33} 50
at-transport-community OBJECT IDENTIFIER ::= {at 34}
at-user-name OBJECT IDENTIFIER ::= {at 35}
at-non-delivery-info OBJECT IDENTIFIER ::= {at 36}
at-polled-mtas OBJECT IDENTIFIER ::= {at 37}
at-bilateral-table OBJECT IDENTIFIER {at 41}
id-alternative-address-information OBJECT IDENTIFIER ::= {id 1}
60
_______________Figure_18:__Object_Identifier_Assignment________________
Kille Expires: January 1994 Page 63
INTERNET--DRAFT MHS Routing using Directory July 1993
B Community Identifier Assignments
_______________________________________________________________________
ts-communities OBJECT-IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4)
enterprises(1) isode-consortium (453) ts-communities (4)}
tc-cons OBJECT IDENTIFIER ::= {ts-communities 1} -- OSI CONS
tc-clns OBJECT IDENTIFIER ::= {ts-communities 2} -- OSI CLNS
tc-internet OBJECT IDENTIFIER ::= {ts-communities 3} -- Internet + RFC 1006
tc-int-x25 OBJECT IDENTIFIER ::= {ts-communities 4} -- International X.25
-- Without CONS
tc-ixi OBJECT IDENTIFIER ::= {ts-communities 5} -- IXI (Europe)10
tc-janet OBJECT IDENTIFIER ::= {ts-communities 6} -- Janet (UK)
____Figure_19:__Transport_Community_Object_Identifier_Assignments______
Kille Expires: January 1994 Page 64
INTERNET--DRAFT MHS Routing using Directory July 1993
C Protocol Identifier Assignments
_______________________________________________________________________
mail-protocol OBJECT-IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4)
enterprises(1) isode-consortium (453) mail-protocol (5)}
ac-p1-1984 OBJECT IDENTIFIER ::= {mail-protocol 1} -- p1(1984)
ac-p1-1988-x410 OBJECT IDENTIFIER ::= {mail-protocol 1} -- p1(1988) in X.410 mode
ac-smtp OBJECT IDENTIFIER ::= {mail-protocol 2} -- SMTP
ac-uucp OBJECT IDENTIFIER ::= {mail-protocol 3} -- UUCP Mail
ac-jnt-mail OBJECT IDENTIFIER ::= {mail-protocol 4} -- JNT Mail (UK)
__________Figure_20:__Protocol_Object_Identifier_Assignments___________
D ASN.1 Summary
To be supplied
E Regular Expression Syntax
*** tbs. Will be taken from ed(1) man page
*** Modified to be case insensitive and to handle leading and multiple
spaces according to X.400 matching rules
F X.402 Definitions
Extract Attribute and Object Class definitions from X.402.
This appendix will be moved to the ``overview'' document when it is
added
*** tbs
Kille Expires: January 1994 Page 65
