Internet DRAFT - draft-bless-nsis-est-mrm
draft-bless-nsis-est-mrm
NSIS Working Group R. Bless
Internet-Draft KIT
Intended status: Experimental June 16, 2010
Expires: December 18, 2010
An Explicit Signaling Target Message Routing Method (EST-MRM) for the
General Internet Signaling Transport (GIST) Protocol
draft-bless-nsis-est-mrm-02
Abstract
The standard operation of the General Internet Signaling Transport
(GIST) Protocol uses a path-coupled message routing method (PC-MRM)
to find nodes interested in signaling message exchanges. This
specification proposes an Explicit Signaling Target Message Routing
Method (EST-MRM) to allow for transmission of signaling messages to
explicit targets. While the PC-MRM implicitly addresses signaling
nodes by an interception method, the EST-MRM allows to explicitly
address signaling nodes.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 18, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Bless Expires December 18, 2010 [Page 1]
�
Internet-Draft Explicit Signaling Target MRM June 2010
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Explicit Signaling Target MRM . . . . . . . . . . . . . . . . 6
2.1. Explicit Signaling Target MRI . . . . . . . . . . . . . . 7
2.2. Implementation . . . . . . . . . . . . . . . . . . . . . . 9
2.3. MRM Requirements . . . . . . . . . . . . . . . . . . . . . 10
3. Security Considerations . . . . . . . . . . . . . . . . . . . 11
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.1. Normative References . . . . . . . . . . . . . . . . . . . 11
6.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12
Bless Expires December 18, 2010 [Page 2]
�
Internet-Draft Explicit Signaling Target MRM June 2010
1. Introduction
The standard operation of the General Internet Signaling Transport
(GIST) Protocol [I-D.ietf-nsis-ntlp] uses a path-coupled message
routing method (PC-MRM) to find nodes interested in signaling message
exchanges. The assumption is that signaling involves the
manipulation of state held in network elements along the flow's data
path. The path-coupled signaling paradigm tries to ensure the
alignment of control functions to the actual data path by letting
intermediate on-path nodes intercept the corresponding signaling
messages.
For mobility environments seamless handovers are a desirable
objective. If signaling takes place after a handover was performed,
it will take some time until the state update has been completed.
Thus, there exist proposals to start the signaling before the
handover takes place and to use the current point of attachment for
completion of the signaling process. This "anticipated handover"
enables a pre-reservation of resources in a quality-of-service
context for instance, i.e., for QoS NSLP signaling applications
[I-D.ietf-nsis-qos-nslp]. Therefore, a resource reservation can be
used immediately after the handover was performed.
With the path-coupled MRM, however, such kind of optimization is
impossible, since state should be established or manipulated along a
data path that is not used yet, but probably will be in the future.
Therefore, in order to support anticipated handovers a signaling
message routing is required that is not strictly on path.
In Figure 1 an example for an anticipated handover scenario is shown.
If the mobile node (MN) is a data sender for flow f_o and has
information that it may change its point of attachment from access A
to access B, it starts signaling for resources along the new path
that begins at B. First, the MN sends signaling messages to A and A
will signal to B. B can then use path-coupled signaling in order to
find the correct data path for the potential new flow f_n towards the
CN. Since signaling messages are sent to A, but concerning f_n, a
PC-MRM cannot be used. Similarly, the signaling between A and B is
not path related and must be done explicitly.
Bless Expires December 18, 2010 [Page 3]
�
Internet-Draft Explicit Signaling Target MRM June 2010
CN
|
+-----+
/ | \
| | |
| | | Domain 4
\ | /
+--|--+
|
+--|--+
/ | \
| #% |
| # % | Domain 3
\ # %
+--#--+ %
# %
+--#--+ % +-----+
/ # \ %/ \
| # | | % |
| # | | % |
\ # / \ % /
+-[A]-+ +-[B]-+
# Domain 1 Domain 2
# data flow f_o ##: MN->A->CN
MN data flow f_n %%: MN->B->CN
[A]: Access router A
[B]: Access router B
A handover scenario
Figure 1
Figure 2 indicates the related signaling flows:
(a): MN signals for flow f_n via its current access router A
(b): Access router A signals towards the candidate access router B
(c): On-path signaling for flow f_n starting from access router B
(proxy mode)
It is out of scope of this specification how the addressing
information about the future flow f_n is obtained by the MN or how A
determines the address of the candidate router B that must be
signaled next. One possibility is to use the CARD protocol [RFC4066]
or that some additional addressing information (such as MAC addresses
of access points) is carried in the NSLP. Thus, it is also allowed
to let the source address of f_n being unspecified if the MN has no
knowledge about its actual future address. Since it can be assumed
that B has enough information to determine the required address, it
is then up to B to fill in the missing information for the flow
Bless Expires December 18, 2010 [Page 4]
�
Internet-Draft Explicit Signaling Target MRM June 2010
before continuing with the path-coupled signaling in (c).
CN
|
+-----+
/ | \
| | |
| | | Domain 4
\ | /
+--|--+
|
+--|--+
/ | \
| # |
| # \\ | Domain 3
\ # \\
+--#--+ \\
# \\
+--#--+ \\ +-----+
/ # \ \\ \
| # | | \\ |
| # | | (c) |
\ # / \ || /
+-[A]=====(b)=====>[B]-+
/$\
$ Domain 1 Domain 2
$
(a) $$: signaling flow (a)
$ ==: signaling flow (b)
$ ||: signaling flow (c)
MN
Signaling in a handover scenario
Figure 2
Moreover, the path-coupled MRM uses the router alert option for
interception of signaling messages in intermediate nodes. This
raised some concerns on the wide applicability of NSIS signaling,
since packets with router alert options are normally processed by the
control processor (i.e., in the slow path) of the router. The herein
defined Explicit Signaling Target Message Routing Method (EST-MRM)
does not use a router alert option in Query packets and may be used
for direct signaling to dedicated signaling proxies or for relaying
signaling messages after the signaling messages have been properly
authorized by such dedicated systems.
Bless Expires December 18, 2010 [Page 5]
�
Internet-Draft Explicit Signaling Target MRM June 2010
The Hypath proposal [I-D.cordeiro-nsis-hypath] defined a similar MRM
for QoS signaling between off-path resource control elements like
bandwidth brokers. It is for further study, how the EST-MRM can be
unified with the Hypath proposal.
2. Explicit Signaling Target MRM
In order to support cases like the ones described in the
introduction, this document proposes the specification of an Explicit
Signaling Target MRM (EST-MRM).
The EST-MRM uses a normal encapsulation for Query messages, i.e., UDP
encapsulation with the destination default port for GIST and the
destination IP address set to the next signaling hop. The source IP
address SHOULD be set to the signaling source address of the node who
is sending the message. EST-MRM routed Query messages do not have to
be intercepted but are explicitly routed to their next (or final)
signaling destination. In contrast to the EST-MRM, the path-coupled
MRM requires Query messages to be sent with Q-mode encapsulation that
is using a router alert option. Furthermore, implementations must be
aware, that Query messages may use with a different encapsulation
method than Q-mode encapsulation, i.e., the check for wrong
encapsulation MUST consider the particular MRM that is being used.
The EST MRM defines an EST Message Routing Information (EST-MRI)
object that contains information about the actual data flow that is
being signaled as well as addressing information for the signaling
message routing and transport itself.
A node receiving a GIST message with an EST-MRI must check whether it
has one local address that matches the destination signaling address.
If it is not the case, it should forward the GIST message basically
unchanged towards the signaling destination address, only with a
decremented GIST Hop Count. Thus, even if the message gets
intercepted by accident, it will be forwarded to the final signaling
destination.
It is up to the signaling application's logic to determine the next
signaling hop. Usually, it will be related somehow to the given data
flow, e.g., the signaling target will be along a flows data path. In
the particular example of the anticipated handover, signaling targets
are the current access router as well as the candidate access router
that is presumably the next ingress node for the data flow.
When transmitting a signaling message with the EST-MRI, the outer IP
destination address SHOULD be set to the destination signaling
address of the EST-MRI. In principle it is also possible to forward
Bless Expires December 18, 2010 [Page 6]
�
Internet-Draft Explicit Signaling Target MRM June 2010
the signaling message to a node that is not the final destination
signaling node. In this case, the destination signaling address and
the IP destination address are not the same. This allows to let the
signaling take multiple intermediate hops. This mechanisms is,
however, for further study and its use is currently not recommended.
2.1. Explicit Signaling Target MRI
The EST-MRI object (Figure 3) starts with the common MRI header (cf.
section A.3.1 of [I-D.ietf-nsis-ntlp]) and carries a data flow
address description that is identical to the one that is defined in
the Path-coupled MRI (PC-MRI). In addition to that it carries at
least information about the origin signaling address and the
destination signaling address, which are usually identical to the IP
source and IP destination address of the UDP encapsulated signaling
message. Furthermore, it may contain an additional IP address of a
network node where the data flow, which is described by the PC-MRI,
enters the network. It is necessary to provide this information in
some cases since the currently deployed routing protocols can only
determine the next hop in direction towards the destination, but not
backwards towards the source. Thus, this information must be
provided to the next hop in most cases.
The EST-MRI object has the following layout:
EST-MRI= MRI-header
PC-MRI
EST-Control
Origin-Signaling-Address
Destination-Signaling-Address
[ Ingress-Node-Address ]
Layout of the Explicit Signaling Target Message Routing Information
Figure 3
The binary representation is shown in Figure 4. First, it contains
the normal data flow address descriptor that is required for path-
coupled signaling. The latter is necessary so that a Resource
Management Function (RMF) can determine the path of the data flow
that is being signaled for. If the initiator cannot predict its
future address, it is allowed to set the source IP address in the PC-
MRI to unspecified (either 0.0.0.0 or ::). After the PC-MRI, an EST-
Control field is provided, that provides further information on the
following fields or their interpretation respectively. In addition
to this description three IP addresses may be provided. The Origin
Signaling Address is the address of the node who initiated the
signaling. The Destination Signaling Address is the address of the
Bless Expires December 18, 2010 [Page 7]
�
Internet-Draft Explicit Signaling Target MRM June 2010
signaling peer that should receive the signaling message. Both
Origin Signaling Address and Destination Signaling Address are
mandatory to specify. They may be both either IPv4 or IPv6. The
actual type is given by the version field (IPVerS) in the high order
EST-Control word. Currently, unicast, anycast, or multicast
addresses are allowed for the Destination Signaling Address, whereas
only unicast addresses are allowed for the Origin Signaling Address.
The same is true for the IP addresses of the outer UDP packet that
contains the Query message. Providing the signaling addresses
explicitly has several advantages: it can be detected if the outer
addresses are rewritten by a NAT or if the path-directed signaling is
relayed via several hops before arriving at the final peer.
The Ingress Node Address is optional to specify. When not present,
the version field (IPVerI) of the low order word in the EST-Control
field must be set to 0. Otherwise IPVerI indicates the IP version of
the address. It may have a different type than the Origin Signaling
Address or the Destination Signaling Address, but MUST have the same
type as the address pair in the PC-MRI flow address descriptor.
Mismatching versions must be rejected with an "MRI ValidationFailure"
error message with subcode 1 ("IP Version Mismatch"). The Ingress
Node Address is necessary to specify in some scenarios, because the
RMF cannot determine a flow path in the reverse direction, except for
very simple topologies.
Bless Expires December 18, 2010 [Page 8]
�
Internet-Draft Explicit Signaling Target MRM June 2010
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|IP-Ver |P|T|F|S|A|B|D|Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Source Address //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Destination Address //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Prefix | Dest Prefix | Protocol | DS-field |Rsv|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Reserved | Flow Label :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: SPI :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Source Port : Destination Port :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPVerS| Reserved | IPVerI| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Origin Signaling Address //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Destination Signaling Address //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Ingress Node Address //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4
The MRI common header carries the N-flag and SHOULD be set to 0 for
this MRM. A NAT may have to translate at least one of the Origin
Signaling Address, the Destination Signaling Address, or the Ingress
Node Address. Depending on the signaling scenario it may also have
to translate the contained PC-MRI information (for signaling messages
along (a) and (b) in Figure 2 this is usually not required).
2.2. Implementation
The EST-MRI was implemented and tested successfully in the GIST-ka
implementation [gistka]. Thanks to the object oriented design of the
protocol itself and also the implementation, the implementation
effort was quite low. It was shown that even MA re-use works across
PC-MRM and EST-MRM flows, i.e., if some flows are signaled path-
coupled and some are signaled explicitly, further signaling for both
types can re-use existing messaging associations.
Bless Expires December 18, 2010 [Page 9]
�
Internet-Draft Explicit Signaling Target MRM June 2010
2.3. MRM Requirements
Section 3.3. of [I-D.ietf-nsis-ntlp] mentions requirements on the
content of an MRM definition, that are discussed in this section.
"The format of the information that describes the path that the
signalling should take, the Message Routing Information (MRI).": This
specification describes the MRI format in Section 2.1. Since this
signaling message routing method is using an explicit target address
for the signaling destination (the Destination Signaling Address), as
well as the Flow Identifier of the data flow, it contains sufficient
information to determine the signaling path. The adjacent peer may
use the Flow Identifier information to determine the next explicit
signaling hop.
"A specification of the IP-level encapsulation of the messages which
probe the network to discover the adjacent peers. A downstream
encapsulation must be defined; an upstream encapsulation is
optional": This MRM is using an explicit target address for the
signaling destination, i.e., the adjacent peer. The IP-level
encapsulation is based on UDP normal encapsulation, i.e., the address
of the adjacent peer is explicitly written in the outer IP header.
There is no such thing as a downstream encapsulation since the EST
MRM may be used to route the signaling data 'sideways' if compared to
the direction of the data flow (cf. forwarding of signaling messages
along (b) in Figure 2).
"A specification of what validation checks GIST should apply to the
probe messages, for example to protect against IP address spoofing
attacks. The checks may be dependent on the direction (upstream or
downstream) of the message.": This specification requires that a node
receiving a GIST message with an EST-MRI must check whether it has
one local address that matches the destination signaling address.
Other specific validation checks cannot be provided within this
specification as they depend on the determination algorithm of the
next signaling hop. Validation checks should be applied if possible,
but they are probably only possible within the NSLP.
"The mechanism(s) available for route change detection, i.e. any
change in the neighbour relationships that the MRM discovers. The
default case for any MRM is soft-state refresh, but additional
supporting techniques may be possible;" Basically, this MRM also uses
soft-state refresh and the NLI as indicator whether the adjacent peer
has changed. However, since signaling messages routed with the EST
MRM are explicitly addressed to nodes and not intercepted there
should be no re-routing events as GIST level. Re-routing events at
IP-level will be transparent unless they lead to disconnection of the
signaling target.
Bless Expires December 18, 2010 [Page 10]
�
Internet-Draft Explicit Signaling Target MRM June 2010
3. Security Considerations
Basically, the security considerations of GIST apply. The main
change is that Query messages are not sent using Q-mode encapsulation
and that they contain a different MRI object. Since normal
encapsulation is already considered by GIST, no new security
considerations are necessary. Even for initial Query messages with
an EST-MRI, the usual mechanisms like authorized peer database
checking and late state installation mechanisms apply.
4. IANA Considerations
According to section 9 of [I-D.ietf-nsis-ntlp] this specification
requires assignment of a new MRI-ID. Until an assignment happens by
IANA, it is suggested to use MRI-ID 125 for the EST-MRM.
5. Acknowledgments
Part of this work was funded by Deutsche Telekom Laboratories and
developed in cooperation with T-Systems within the ScaleNet project.
6. References
6.1. Normative References
[I-D.ietf-nsis-ntlp]
Schulzrinne, H. and M. Stiemerling, "GIST: General
Internet Signalling Transport", draft-ietf-nsis-ntlp-20
(work in progress), June 2009.
6.2. Informative References
[I-D.cordeiro-nsis-hypath]
Cordeiro, L., "GIST Extension for Hybrid On-path Off-path
Signaling (HyPath)", draft-cordeiro-nsis-hypath-04 (work
in progress), July 2007.
[I-D.ietf-nsis-qos-nslp]
Manner, J., Karagiannis, G., and A. McDonald, "NSLP for
Quality-of-Service Signaling", draft-ietf-nsis-qos-nslp-18
(work in progress), January 2010.
[RFC4066] Liebsch, M., Singh, A., Chaskar, H., Funato, D., and E.
Shim, "Candidate Access Router Discovery (CARD)",
RFC 4066, July 2005.
Bless Expires December 18, 2010 [Page 11]
�
Internet-Draft Explicit Signaling Target MRM June 2010
[gistka] Bless, R., "NSIS-ka - A free C++ implementation of NSIS
protocols", June 2010, <http://nsis-ka.org/>.
Appendix A. Change History
Changes from -00 to -01:
o added Section 2.3
o added Section 5
Changes from -01 to -02:
o added another motivation in Section 1
o added text for type of addresses (unicast, anycast, multicast)
o changed intended status to experimental due to other NSIS
documents
o editorial nits
Author's Address
Roland Bless
Karlsruhe Institute of Technology
Institute of Telematics
Zirkel 2, Building 20.20
Karlsruhe 76131
Germany
Phone: +49 721 608 6413
Email: roland.bless@kit.edu
URI: http://tm.kit.edu/~bless
Bless Expires December 18, 2010 [Page 12]
�
