Skip to main content

Discovery of Network Rate-Limit Policies (NRLPs)
draft-brw-scone-rate-policy-discovery-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Authors Mohamed Boucadair , Dan Wing , Tirumaleswar Reddy.K , Sridharan Rajagopalan , Gyan Mishra , Markus Amend , Luis M. Contreras
Last updated 2024-10-09 (Latest revision 2024-10-08)
Replaces draft-brw-sconepro-rate-policy-discovery
RFC stream (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-brw-scone-rate-policy-discovery-00
scone                                                       M. Boucadair
Internet-Draft                                                    Orange
Intended status: Standards Track                                 D. Wing
Expires: 11 April 2025                              Cloud Software Group
                                                                T. Reddy
                                                                   Nokia
                                                          S. Rajagopalan
                                                    Cloud Software Group
                                                               G. Mishra
                                                             Verizon Inc
                                                                M. Amend
                                                        Deutsche Telekom
                                                            L. Contreras
                                                              Telefonica
                                                          8 October 2024

            Discovery of Network Rate-Limit Policies (NRLPs)
                draft-brw-scone-rate-policy-discovery-00

Abstract

   Traffic exchanged over a network attachment may be subject to rate-
   limit policies.  These policies may be intentional policies (e.g.,
   enforced as part of the activation of the network attachment and
   typically agreed upon service subscription) or be reactive policies
   (e.g., enforced temporarily to manage an overload or during a DDoS
   attack mitigation).  This document specifies a mechanims for hosts to
   dynamically discover Network Rate-Limit Policies (NRLPs).  This
   information is then passed to applicaitons that might adjust their
   behaviors accordingly.

   Networks already support mechanisms to advertize a set of network
   properties to hosts using Neighbor Discovery options.  Examples of
   such properties are link MTU (RFC 4861) and PREFIX64 (RFC 8781).
   This document complements these tools and specifies a Neighbor
   Discovery option to be used in Router Advertisements (RAs) to
   communicate these policies to hosts.  For address family parity, a
   new DHCP option is also defined.  The document also discusses how
   Provisioning Domains (PvD) can be used to notify hosts with NRLPs.

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/boucadair/draft-xxx-ac-rate-policy-discovery.

Boucadair, et al.         Expires 11 April 2025                 [Page 1]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 11 April 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Context . . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.2.  Networks Are Already Sharing Network Properties with
           Hosts . . . . . . . . . . . . . . . . . . . . . . . . . .   5
     1.3.  What's In?  . . . . . . . . . . . . . . . . . . . . . . .   6
     1.4.  What's Out? . . . . . . . . . . . . . . . . . . . . . . .   6
     1.5.  Design Motivation & Rationale . . . . . . . . . . . . . .   7
     1.6.  Sample Deployment Cases . . . . . . . . . . . . . . . . .   9
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .  10
   3.  NRLP Blob . . . . . . . . . . . . . . . . . . . . . . . . . .  10
   4.  IPv6 RA NRLP Option . . . . . . . . . . . . . . . . . . . . .  13
     4.1.  Option Format . . . . . . . . . . . . . . . . . . . . . .  13
     4.2.  IPv6 Host Behavior  . . . . . . . . . . . . . . . . . . .  15
   5.  DHCP NRLP Option  . . . . . . . . . . . . . . . . . . . . . .  16
     5.1.  Option Format . . . . . . . . . . . . . . . . . . . . . .  16

Boucadair, et al.         Expires 11 April 2025                 [Page 2]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

     5.2.  DHCPv4 Client Behavior  . . . . . . . . . . . . . . . . .  18
   6.  Provisioning Domains  . . . . . . . . . . . . . . . . . . . .  19
   7.  Operational Considerations  . . . . . . . . . . . . . . . . .  19
     7.1.  NRLP Is Complementary Not Replacement Solution  . . . . .  19
     7.2.  Provisionning Policies  . . . . . . . . . . . . . . . . .  19
     7.3.  Redundant vs. Useful Signal . . . . . . . . . . . . . . .  20
     7.4.  Fairness  . . . . . . . . . . . . . . . . . . . . . . . .  20
     7.5.  Architectural Considerations Matter . . . . . . . . . . .  20
     7.6.  Service Considerations: Application Diversity & Realistic
           Assessment  . . . . . . . . . . . . . . . . . . . . . . .  21
     7.7.  Operational Guidance for Signal Enforcement . . . . . . .  21
     7.8.  Signal Estimation . . . . . . . . . . . . . . . . . . . .  22
     7.9.  Signal "Interference" . . . . . . . . . . . . . . . . . .  22
   8.  Deployment Incentives . . . . . . . . . . . . . . . . . . . .  22
     8.1.  Networks  . . . . . . . . . . . . . . . . . . . . . . . .  22
     8.2.  Applications  . . . . . . . . . . . . . . . . . . . . . .  23
     8.3.  Host OS . . . . . . . . . . . . . . . . . . . . . . . . .  23
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  24
     9.1.  ND  . . . . . . . . . . . . . . . . . . . . . . . . . . .  24
     9.2.  DHCP  . . . . . . . . . . . . . . . . . . . . . . . . . .  25
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  25
     10.1.  Rate-Limit Policy Objects Registry Group . . . . . . . .  25
     10.2.  Optional Parameter Flags Registry  . . . . . . . . . . .  25
     10.3.  Flow Flags Registry  . . . . . . . . . . . . . . . . . .  26
     10.4.  Neighbor Discovery Option  . . . . . . . . . . . . . . .  27
     10.5.  DHCP Option  . . . . . . . . . . . . . . . . . . . . . .  27
     10.6.  DHCP Options Permitted in the RADIUS DHCPv4-Options
            Attribute  . . . . . . . . . . . . . . . . . . . . . . .  27
     10.7.  Provisioning Domains Split DNS Additional Information  .  28
     10.8.  New PvD Network Rate-Limit Policies (NRLPs) Registry . .  28
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  30
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  30
     11.2.  Informative References . . . . . . . . . . . . . . . . .  31
   Appendix A.  Example of Authentication, Authorization, and
           Accounting (AAA)  . . . . . . . . . . . . . . . . . . . .  35
   Appendix B.  Alternative/Complementary Mechanisms . . . . . . . .  36
     B.1.  L4S . . . . . . . . . . . . . . . . . . . . . . . . . . .  36
     B.2.  Network Slicing . . . . . . . . . . . . . . . . . . . . .  37
     B.3.  3GPP UE Route Selection Policy  . . . . . . . . . . . . .  37
     B.4.  Network APIs  . . . . . . . . . . . . . . . . . . . . . .  38
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  38
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  38

1.  Introduction

Boucadair, et al.         Expires 11 April 2025                 [Page 3]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

1.1.  Context

   Connectivity services are provided by networks to customers via
   dedicated terminating points, such as customer edges (CEs) or User
   Equipment (UE).  To facilitate data transfer via the provider
   network, it is assumed that appropriate setup is provisioned over the
   links that connect customer terminating points and a provider network
   (usually via a Provider Edge (PE)), successfully allowing data
   exchange over these links.  The required setup is referred to in this
   document as network attachments, while the underlying link is
   referred to as "bearers".

   The bearer can be a physical or logical link that connects a customer
   device to a provider network.  A bearer can be a wireless or wired
   link.  The same or multiple bearer technologies can be used to
   establish the bearer (e.g., WLAN, cellular) to graft customer
   terminating points to a network.

      Network attachment is also known as "Attachment Circuit (AC)"
      which is an established concept in the industry and also in the
      IETF ([RFC4026], [RFC4664], [RFC4364], etc.).

   Figure 1 shows an example of a network that connects CEs and hosts
   (UE, for example).These CEs are servicing other (internal) hosts.
   The identification of these hosts is hidden from the network.  The
   policies enforced at the network for an AC are per-subscriber, not
   per-host.  Typically, if a CE is provided with a /56 IPv6 prefix,
   policies are enforced on that /56 not the individual /64s that will
   be used by internal hosts.  A customer terminating point may be
   serviced with one (e.g., UE#1, CE#1, and CE#3) or multiple ACs (e.g.,
   CE#2).

                                                              Hosts
                                                              O O O
                                                               \|/
      .------.                .--------------------.         .------.
      |      +------+         |                    +---AC----+      |
      | UE#1 |      |         |                    +---AC----+ CE#2 |
      '------'      +---AC----+                    |         '------'
                              |     Network        |
      .------.      .---AC----+                    |
      |      |      |         |                    |         .------.
      | CE#1 +------'         |                    +---AC----+ CE#3 |
      '------'                |                    |         '------'
         /|\                  '--------------------'            /|\
        O O O                                                  O O O
        Hosts                                                  Hosts

Boucadair, et al.         Expires 11 April 2025                 [Page 4]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

                    Figure 1: Sample Network Attachments

   Customer terminating points are provided with a set of information
   (e.g., IP address/prefix) to successfully be able to send and receive
   traffic over an AC.  A comprehensive list of provisioning parameters
   that are available on the PE-side of an AC is documented in
   [I-D.ietf-opsawg-ntw-attachment-circuit].

   The required set of parameters is a function of the service offering.
   For example, a very limited set of parameters is required for mass-
   market service offering while a more elaborated set is required for
   Enterprise services (e.g., Layer 2 VPN [RFC9291] or Layer 3 VPN
   [RFC9182]).  This document *leverages access control, authorization,
   and authentication mechanisms that are already in place for the
   delivery of services over these ACs*.

1.2.  Networks Are Already Sharing Network Properties with Hosts

   To optimally deliver connectivity services via a network attachment,
   networks also advertize a set of network properties [RFC9473] to
   connected hosts such as:

   Link Maximum Transmission Unit (MTU):  For example, the 3GPP
      [TS-23.501] specifies that "the link MTU size for IPv4 is sent to
      the UE by including it in the PCO (see TS 24.501).  The link MTU
      size for IPv6 is sent to the UE by including it in the IPv6 Router
      Advertisement message (see RFC 4861)".

      Section 2.10 of [RFC7066] indicates that a cellular host should
      honor the MTU option in the Router Advertisement (Section 4.6.4 of
      [RFC4861]) given that the 3GPP system architecture uses extensive
      tunneling in its packet core network below the 3GPP link, and this
      may lead to packet fragmentation issues.

      MTU is cited as an example of path properties in Section 4 of
      [RFC9473].

   Prefixes of Network Address and Protocol Translation from IPv6
   clients to IPv4 servers (NAT64) [RFC8781]:  This option is useful to
      enable local DNSSEC validation, support networks with no DNS64,
      support IPv4 address literals on an IPv6-only host, etc.

      NAT is cited as an example of path properties (see "Service
      Function" bullet in Section 4 of [RFC9473]).

   Encrypted DNS option [RFC9463]:  This option is used to discover
      encrypted DNS resolvers of a network.

Boucadair, et al.         Expires 11 April 2025                 [Page 5]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

1.3.  What's In?

   *Given that all IPv6 hosts and networks are required to support
   Neighbor Discovery [RFC4861]*, this document specifies a Neighbor
   Discovery option to be used in Router Advertisements (RAs) to
   communicate rate-limit policies to hosts (Section 4).  For address
   family parity, a DHCP option [RFC2132] is also defined for IPv4 in
   Section 5.  Section 6 describes a discovery approach using
   Provisioning Domains (PvDs) [RFC8801].

   These options are called: Network Rate-Limit Policy (NRLP).

   In order to ensure consistent design for both IPv4 and IPv6 ACs,
   Section 3 groups the set of NRLP parameters that are returned
   independent of the address family.  This blob can be leveraged in
   networks where ND/DHCP/PvD are not used and ease the mapping with
   specific protocols used in these networks.  For example, *_a Protocol
   Configuration Option (PCO) [TS-24.008] NRLP Information Element can
   be defined in 3GPP_*.

   Whether host-to-network, network-to-host, or both policies are
   returned in an NRLP is deployment specific.  All these combinations
   are supported in this document.

   Also, the design supports returning one more NRLP instances for a
   given traffic direction.

1.4.  What's Out?

   This document does not make any assumption about the type of the
   network (fixed, cellular, etc.) that terminates an AC.

   Likewise, the document does not make any assumption about the
   services or applications that are delivered over an AC.  Whether one
   or multiple services are bound to the same AC is deployment specific.

   Applications will have access to all these NRLPs and will, thus,
   adjust their behavior as a function of scope and traffic category
   indicated in a policy (all traffic, streaming, etc.).  An application
   that couples multiple flow types will adjust each flow type to be
   consistent with the specific policy for the relevant traffic
   category.  Likewise, a host with multiple ACs may use the discovered
   NRLPs AC to decide how to distribute its flows over these ACs (prefer
   an AC to place an application session, migrate connection, etc.).
   That's said, this document does not make any recommendation about how
   a receiving host uses the discovered policy.

Boucadair, et al.         Expires 11 April 2025                 [Page 6]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   Networks that advertize NLRPs are likely to maintain the policing in
   place within the network because of the trust model (hosts are not
   considered as trusted devices).  Per-subscriber rate-limit policies
   are generally recommended to protect nodes against Denial of Service
   (DoS) attacks (e.g., Section 9.3 of [RFC8803] or Section 8 of
   [I-D.ietf-masque-quic-proxy]).  Discussion about conditions under
   which such a trust model can be relaxed is out of scope of this
   document.

   This document does not assume nor preclude that other mechanisms,
   e.g., Low Latency, Low Loss, and Scalable Throughput (L4S) [RFC9330],
   are enabled in a bottleneck link.  The reader may refer to Appendix B
   for a list of relevant mechanisms.  Whether these mechanism as
   alternative or complementary to explicit host/network signals is to
   be further assessed.

1.5.  Design Motivation & Rationale

   The main motivations for the use of ND for such a discovery are
   listed in Section 3 of [RFC8781]:

   *  Fate sharing

   *  Atomic configuration

   *  Updatability: change the policy at any time

   *  Deployability

   The solution specified in the document is designed to *ease
   integration with network management tools* that are used to manage
   and expose policies.  It does so by leveraging the policy structure
   defined in [I-D.ietf-opsawg-ntw-attachment-circuit].  That same
   structure is also used in the context of service activation such as
   Network Slicing [RFC9543]; see the example depicted in Appendix B.5
   of [I-D.ietf-teas-ietf-network-slice-nbi-yang].

   The solution defined in this document:

   *  *Does not require any data plane change*.

   *  *Applicable to any transport protocol*.

   *  *Does not impact the connection setup delay*.

   *  *Does not require to reveal the identity of the target server or
      the application itself* to consume the signal.

Boucadair, et al.         Expires 11 April 2025                 [Page 7]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   *  *Supports cascaded environments* where multiple levels to enforce
      rate-limiting polices is required (e.g., WAN and LAN shown in
      Figure 2).  NRLP signals can be coupled or decoupled as a function
      of the local policy.

   *  *Supports signaling policies bound to one or both traffic
      directions*.

   *  Is able to *signal whether a policy applies to a specific host or
      all hosts of a given subscriber*.

           .------.                      .--------------------.
           | Host +---+     .---.        |                    |
           |  #1  |   |     |   |        |                    |
           '------'   +-----+ C |        |                    |
                    nrlp#2  | P +--------+      Network       |
           .------.   .-----+ E | nrlp#1 |                    |
           | Host |   |     |   |        |                    |
           |  #2  +---'     '---'        |                    |
           '------' nrlp#3               |                    |
                                         '--------------------'

                    Figure 2: Example of Cascaded NRLPs

   Compared to a proxy or an encapsulation-based proposal (e.g.,
   [I-D.ihlar-masque-sconepro-mediabitrate]), the solution defined in
   this document:

   *  *Does not impact the MTU tweaking*: No packet overhead is
      required.

   *  *Does not suffer from side effects of multi-layer encryption
      schemes* on the packet processing and overall performance of
      involved network nodes.  Such issues are encountered, e.g., with
      the tunneled mode or long header packets in the forwarded QUIC
      proxy mode [I-D.ietf-masque-quic-proxy].

   *  *Does not suffer from nested congestion control* for tunneled
      proxy mode.

   *  *Does not incur multiple round-trips* in the forwarding mode for
      the client to start sending Short Header packets.

   *  *Does not incur the overhead of unauthenticated re-encryption of
      QUIC packets* in the scramble transform of the forwarding mode.

Boucadair, et al.         Expires 11 April 2025                 [Page 8]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   *  *Does not impact the forwarding peformance of network nodes*. For
      example, the proxy forwarded mode [I-D.ietf-masque-quic-proxy]
      requires rewriting connection identifiers; that is, the
      performance degradation will be at least equivalent to NAT.

   *  *Does not suffer from the complications of IP address sharing
      [RFC6269]*. Such issues are likely to be experienced for proxy-
      based solutions that multiplex internal connections using one or
      more external IP addresses.

   *  *Does not suffer from penalizing the proxy* which could serve both
      good and bad clients (e.g., launching Layer 7 DDoS attacks).

   *  *Does not require manipulating extra steering policies on the
      host* to decide which flows can be forwarded over or outside the
      proxy connection.

   *  *Requires a minor change to the network*: For IPv6, upgrade PE
      nodes to support a new ND option.  Note that all IPv6 hosts and
      networks are required to support Neighbor Discovery [RFC4861].
      For IPv4, configure DHCP servers to include a new DHCP option.

1.6.  Sample Deployment Cases

   Some deployment use cases for NRLP are provided below:

   *  A network may advertize an NRLP when it is overloaded, including
      when it is under attack.  The rate-limit policy is basically a
      reactive policy that is meant to adjust the behavior of connected
      hosts to better control the load during these exceptional events
      (issue with RAN resources, for example).  The mechanism can also
      be used to enrich the tools that are already available to better
      handle attack traffic close to the source [RFC9066].

   *  Discovery of intentional policy applied on ACs (peering links, CE-
      PE links, etc.) when such information is not made available during
      the service activation or when network upgrades are performed.

   *  A user may configure policies on the CPE such as securing some
      resources to a specific internal host used for gaming or video
      streaming.  The CPE can use the NRLP option to share these rate-
      limit policies to connected hosts to adjust their forwarding
      behavior.

   Operational considerations are discussed in Section 7, while
   deployment incentives are described in Section 8.

Boucadair, et al.         Expires 11 April 2025                 [Page 9]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   This document uses the terms defined in Section 2 of
   [I-D.ietf-opsawg-ntw-attachment-circuit] and [RFC9473].

   Also, this document makes use fo the following terms:

   Reactive policy:  Treatment given to a flow when an exceptional event
      occurs, such as diminished throughput to the host caused by radio
      interference or weak radio signal, congestion on the network
      caused by other users or other applications on the same host.

   Intentional policy:  Configured bandwidth, pps, or similar throughput
      constraints applied to a flow, application, host, or subscriber.

   Rate-limit:  Used as a generic term to refer to a policy to restrict
      the maximum bitrate of a flow.

      It can be used with or without any traffic classification.

3.  NRLP Blob

   This section defines the set of attributes that are included in an
   NRLP blob:

   Optional Parameter Flags (OPF):  These flags indicate the presence of
      some optional parameters.  The following flags are defined (from
      MSB to LSB):

      E:  When set to "1", this flag indicates the presence of Excess
         Information Rate (EIR).

         When set to "0", this flag indicates that EIR is not present.

      P:  When set to "1", this flag indicates the presence of Peak
         Information Rate (PIR).

         When set to "0", this flag indicates that PIR is not present.

      U:  Unassigned bits.  See Section 10.2.

         Unassigned bits MUST be set to zero by senders and MUST be

Boucadair, et al.         Expires 11 April 2025                [Page 10]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

         ignored by receivers.

   Flow flags (FF):  These flags are used to express some generic
      properties of the flow.  The following flags are defined (from MSB
      to LSB):

      S (Scope):  1-bit field which specifies whether the policy is per
         host (when set to "1") or per subscriber (when set to "0).

      D (Direction):  1-bit flag which indicates the direction on which
         to apply the enclosed policy.

         When set to "1", this flag indicates that this policy is for
         network-to-host direction.

         When set to "0", this flag indicates that this policy is for
         host-to-network direction.

      R (Reliablity):  2-bit flag which indicates the reliability type
         of traffic on which to apply the enclosed policy.

         When set to "00b", this flag indicates that this policy is for
         unreliable traffic.

         When set to "01b", this flag indicates that this policy is for
         reliable traffic.

         When set to "10b", this flag indicates that this policy is for
         both reliable and unreliable traffic.

         No meaning is associated with setting the field to "11b".  Such
         value MUST be silently ignored by the receiver.

      U:  Unassigned bits.  See Section 10.3.

         Unassigned bits MUST be set to zero by senders and MUST be
         ignored by receivers.

   TC (Traffic Category):  6-bit field which specifies a traffic
      category to which this policy applies.

      The following values are supported:

      *  "0": All traffic.  This is the default value.

      *  "1": Streaming

      *  "2": Real-time

Boucadair, et al.         Expires 11 April 2025                [Page 11]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      *  "3": Bulk traffic

      *  4-63: Unassigned values

   Committed Information Rate (CIR) (Mbps):  Specifies the maximum
      number of bits that a network can receive or send during one
      second over an AC for a traffic category.

      If set to 0, this indicates to the host that an alternate path (if
      any) should be preferred over this one.

      This parameter is mandatory.

   Committed Burst Size (CBS) (bytes):  Specifies the maximum burst size
      that can be transmitted at CIR.

      MUST be greater than zero.

      This parameter is mandatory.

   Excess Information Rate (EIR) (Mbps):  MUST be present only if the E
      flag is set to '1'.

      Specifies the maximum number of bits that a network can receive or
      send during one second over an AC for a traffic category that is
      out of profile.

      This parameter is optional.

   Excess Burst Size (EBS) (bytes):  MUST be present only if EIR is also
      present.

      Indicates the maximum excess burst size that is allowed while not
      complying with the CIR.

      MUST be greater than zero, if present.

      This parameter is optional.

   Peak Information Rate (PIR) (Mbps):  MUST be present only if P flag
      is set to '1'.

      Traffic that exceeds the CIR and the CBS is metered to the PIR.

      This parameter is optional.

   Peak Burst Size (PBS) (bytes):  MUST be present only if PIR is also
      present.

Boucadair, et al.         Expires 11 April 2025                [Page 12]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      Specifies the maximum burst size that can be transmitted at PIR.

      MUST be greater than zero, if present.

   The reader should refer to [RFC2697], [RFC2698], and [RFC4115] for
   examples of how various combinations of CIR/CBS/EIR/EBS/PIR/PBS are
   used for policing.  Typically:

   *  A Single-Rate, Three-Color Marker [RFC2697] uses CIR, CBS, and
      EBS.

   *  A Dual-Rate, Three-Color Marker [RFC2698] uses CIR, CBS, PIR, and
      PBS.

4.  IPv6 RA NRLP Option

4.1.  Option Format

   The format of the IPv6 RA NRLP option, with only mandatory fields
   included, is illustrated in Figure 3.

     MSB                                                          LSB
      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |     Length    |  OPF  |     FF    |    TC     |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                Committed Information Rate (CIR)               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                  Committed Burst Size (CBS)                   |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Figure 3: NRLP Option Format with Mandatory Fields

   The format of the IPv6 RA NRLP option, with optional fields included,
   is illustrated in Figure 3.

Boucadair, et al.         Expires 11 April 2025                [Page 13]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |     Length    |  OPF  |     FF    |    TC     |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                Committed Information Rate (CIR)               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                  Committed Burst Size (CBS)                   |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |               Excess Information Rate (EIR) (Optional)        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                  Excess Burst Size (EBS) (Optional)           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |               Peak Information Rate (PIR) (Optional)          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                  Peak Burst Size (PBS) (Optional)             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Figure 4: NRLP Option Format with Optional Fields

   The fields of the option shown in Figure 4 are as follows:

   Type:  8-bit identifier of the NRLP option as assigned by IANA (TBD1)
      (see Section 10.4).

   Length:  8-bit unsigned integer.  The length of the option (including
      the Type and Length fields) is in units of 8 octets.

   OPF (Optional Parameter Flags):  4-bit flags which indicates the
      presence of some optional inforamtion in the option.

      See Section 3 for the structure of this field.

      See Table 1 for current assigned flags.

   FF (Flow flags):  6-bit flags used to express some generic properties
      of the flow.

      See Section 3 for the structure of this field.

      See Table 2 for current assigned flags.

   TC:  See Section 3.

   Committed Information Rate (CIR) (Mbps):  See Section 3.

   Committed Burst Size (CBS) (bytes):  See Section 3.

Boucadair, et al.         Expires 11 April 2025                [Page 14]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   Excess Information Rate (EIR) (Mbps):  See Section 3.  This is an
      optional field.

   Excess Burst Size (EBS) (bytes):  See Section 3.  This is an optional
      field.

   Peak Information Rate (PIR) (Mbps):  See Section 3.  This is an
      optional field.

   Peak Burst Size (PBS) (bytes):  See Section 3.  This is an optional
      field.

4.2.  IPv6 Host Behavior

   The procedure for rate-limit configuration is the same as it is with
   any other Neighbor Discovery option [RFC4861].

   The host MUST be prepared to receive multiple NRLP options in RAs;
   each with distinct scope and/or application group.

   If the host receives multiple NRLP options with overlapping scope/TC,
   the host MUST silently discard all these options.

   If the receiving host has LAN capabilities (e.g., mobile CE or mobile
   handset with tethering), the following behavior applies:

   *  If an RA NRLP is advertised from the network, and absent local
      rate-limit policies, the device should send RAs to the downstream
      attached LAN devices with the same NRLP values received from the
      network.

   *  If local rate-limit policies are provided to the device, the
      device may change the scope or values received from the network to
      accommodate these policies.  The device may decide to not relay
      received RAs to internal nodes if local policies were already
      advertized using RAs and those policies are consistent with the
      network policies.

   Applications running over a host can learn the bitrates associated
   with a network attachment by invoking a dedicated API.  The exact
   details of the API is OS-specific and, thus, out of scope of this
   document.

Boucadair, et al.         Expires 11 April 2025                [Page 15]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

5.  DHCP NRLP Option

      Note that the base DHCP can only signal a rate policy change when
      the client first joins the network or renews its lease, whereas
      IPv6 ND can update the rate policy at the network's discretion.
      [RFC6704] specifies an approach for forcing reconfiguration of
      individual hosts without suffering from the limitations of the
      FORCERENEW design in [RFC3203].

5.1.  Option Format

   The format of the DHCP NRLP option is illustrated in Figure 5.

                 0                   1
                 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                | OPTION_V4_NRLP|     Length    |
                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                ~      NRLP Instance Data #1    ~
                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   ---
                .              ...              .    |
                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ optional
                ~      NRLP Instance Data #n    ~    |
                +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   ---

                     Figure 5: NRLP DHCP Option Format

   The fields of the option shown in Figure 5 are as follows:

   Code:  OPTION_V4_NRLP (TBD2).  (see Section 10.5).

   Length:  Indicates the length of the enclosed data in octets.

   NRLP Instance Data:  Includes a network rate-limit policy.  The
      format of this field with only mandatory parameters is shown in
      Figure 6.

      When several NRLPs are to be included, the "NRLP Instance Data"
      field is repeated.

Boucadair, et al.         Expires 11 April 2025                [Page 16]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

                      0                   1
                      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                     |   NRLP Instance Data Length   |
                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                     |  OPF  |     FF    |    TC     |
                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                     |  Committed Information Rate   |
                     |              (CIR)            |
                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                     |  Committed Burst Size (CBS)   |
                     |                               |
                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

         Figure 6: NRLP Instance Data Format with Mandatory Fields

   The format of this field, with optional parameters included, is shown
   in Figure 6.

                    0                   1
                    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |   NRLP Instance Data Length   |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |  OPF  |     FF    |    TC     |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |  Committed Information Rate   |
                   |              (CIR)            |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                   |  Committed Burst Size (CBS)   |
                   |                               |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---
                   |  Excess Information Rate      |  |
                   |             (EIR)             |  O
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  P
                   |    Excess Burst Size (CBS)    |  T
                   |                               |  I
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  O
                   |    Peak Information Rate      |  N
                   |             (PIR)             |  A
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  L
                   |      Peak Burst Size (PBS)    |  |
                   |                               |  |
                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---

     Figure 7: NRLP Instance Data Format with Optional Fields Included

   The fields shown in Figure 7 are as follows:

Boucadair, et al.         Expires 11 April 2025                [Page 17]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   NRLP Instance Data Length:  Length of all following data in octets.
      This field is set to '8' when only the nominal bitrate is provided
      for an NLRP instance.

   OPF (Optional Parameter Flags):  4-bit flags which indicates the
      presence of some optional inforamtion in the option.

      See Section 3 for the structure of this field.

      See Table 1 for current assigned flags.

   FF (Flow flags):  6-bit flags used to express some generic properties
      of the flow.

      See Section 3 for the structure of this field.

      See Table 2 for current assigned flags.

   TC:  See Section 3.

   Committed Information Rate (CIR) (Mbps):  See Section 3.

   Committed Burst Size (CBS) (bytes):  See Section 3.

   Excess Information Rate (EIR) (Mbps):  See Section 3.  This is an
      optional field.

   Excess Burst Size (EBS) (bytes):  See Section 3.  This is an optional
      field.

   Peak Information Rate (PIR) (Mbps):  See Section 3.  This is an
      optional field.

   Peak Burst Size (PBS) (bytes):  See Section 3.  This is an optional
      field.

   OPTION_V4_NRLP is a concatenation-requiring option.  As such, the
   mechanism specified in [RFC3396] MUST be used if OPTION_V4_NRLP
   exceeds the maximum DHCP option size of 255 octets.

   OPTION_V4_NRLP is permitted to be included in the RADIUS
   DHCPv4-Options Attribute [RFC9445].

5.2.  DHCPv4 Client Behavior

   To discover a network rate-limit policy, the DHCP client includes
   OPTION_V4_NRLP in a Parameter Request List option [RFC2132].

Boucadair, et al.         Expires 11 April 2025                [Page 18]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   The DHCP client MUST be prepared to receive multiple "NRLP Instance
   Data" field entries in the OPTION_V4_NRLP option; each instance is to
   be treated as a separate network rate-limit policy.

6.  Provisioning Domains

   PvD may also be used as a mechanism to discover NRLP.  Typically, the
   network will configured to set the H-flag so clients can request PvD
   Additional Information (Section 4.1 of [RFC8801]).

   Figure 8 provides an example of the returned "application/pvd+json"
   to indicate a network-to-host NRLP for all subscriber traffic.  The
   NRLP list may include multiple instances if distinct policies are to
   be returned for distinct traffic categories.

   {
      "nrlp":[
         {
            "direction":1,
            "scope":1,
            "tc":0,
            "cir":50,
            "cbs":10000,
            "ebs":20000
         }
      ]
   }

                      Figure 8: NRLP Example with PvD

7.  Operational Considerations

7.1.  NRLP Is Complementary Not Replacement Solution

   Sharing NRLP signals are not intended to replace usual actions to
   soften bottlenck issues (e.g., adequate network dimensioning and
   upgrades).  However, given that such actions may not be always
   immediately possible or economically justified, NRLP signals can be
   considered as complementary mitigations to soften these issues by
   introducing some collaboration between a host and its networks to
   adjust their behaviors.

7.2.  Provisionning Policies

   NRLP senders should be configured with instructions about the type of
   network rate-limit policies to be shared with requesting hosts.
   These types can be provided using mechanisms such as
   [I-D.ietf-opsawg-ntw-attachment-circuit].

Boucadair, et al.         Expires 11 April 2025                [Page 19]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

7.3.  Redundant vs. Useful Signal

   In contexts where the bitrate policies are known during the
   establishment of the underlying bearer (e.g., GBR PDU Sessions),
   sending NRLP signals over the AC may be redundant and should thus be
   disabled.

   In contexts where the (average) bitrate policies provided during the
   establishment of a bearer cannot be refreshed to echo network-
   specific conditions (e.g., overload) using bearer-specific
   mechanisms, sending NRLP signals over the AC would allow control the
   load at the source.

   When both bearer-specific policies and NRLP signals are communicated
   to a host, the NRLP signals takes precedence.

7.4.  Fairness

   Rate-limit policies enforced at the network are assumed to be
   consistent with the local jurisdictions.  For example:

   *  [BEREC] states that ISPs are prohibited from blocking or slowing
      down of Internet traffic, except for legal reasons, network
      security, or congestion, provided that equivalent categories of
      traffic are treated equally.

   *  [FCC] states that net neutrality policies "prohibits internet
      service providers from blocking, throttling, or engaging in paid
      prioritization of lawful content".  The FCC allows some
      exceptions, like for security and emergencies.

   These regulatory frameworks align with the goals of this document.

7.5.  Architectural Considerations Matter

   Approaches based on middleboxes are generally not recommended due to
   their inherent limitations, in terms of performance, scalability,
   redundancy, etc.  Specifically, if the management and operation of
   such middleboxes remain unclear, that motivate operational issues and
   responsibilities.  Furthermore, it is important to note that any
   middlebox could not necessarily cover an entire service end-to-end,
   thus *producing only partial observations which could not be
   sufficiently good at the time of generating appropriate signals*.

   The NRLP solution does not require such middleboxes but the
   consideration about partial observability applies.  That concern can
   be softened by cascaded NLRP design.  However, network integration of
   such appraoch is to be further elaborated.

Boucadair, et al.         Expires 11 April 2025                [Page 20]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

7.6.  Service Considerations: Application Diversity & Realistic
      Assessment

   Signals could be generated for multiple services and/or applications.
   For instance, services providing short video content might require
   signals different to those based on long videos.  This implies the
   need of defining a generic method suitable for any kind of service
   and application, avoiding the multiplicity of solutions and the
   dominance of some applications over others.

   It should be also noted that more experimentation is needed in order
   to fully understand the implications of the signals in the overall
   performance of the network.  On one hand, the co-existence of
   multiple flows, some of them using the signals for improving the
   experience, some others not.  For this, more experimentation and
   datasets are required, so then can be clear that no flows are
   negatively impacted at all.

   On the other hand, if the experience of the flows improves and
   depending on the nature of the signals themselves, this might
   motivate a more intense usage of the network, then requiring to
   accommodate larger number of flows, and in consequence, reducing the
   available resources per application.  This kind of paradox can be
   *assessed with more experimental results under realistic conditions
   (i.e., multiple users and multiple services in the network)*.

7.7.  Operational Guidance for Signal Enforcement

   Signals are conceived as indications from the network towards
   applications.  It is not clear the way of enforcing the application
   to follow the indication, especially in a context where different
   applications from a user, or multiple users, simultaneously access
   the network.  This can motivate a wastage of resources for generating
   signals with the risk of not being effective.  Furthermore, it might
   lead to a continuous loop of signal generation because the initial
   signals being ignored.  It is then necessary to define mechanisms to
   avoid permanent signal generation when ignored.

   Finally, signals could not be required at every moment, but only in
   situations that can benefit the service.  Such situations could be
   due, for instance, to given levels of congestion, or based on
   previous information shared by the application (e.g., SLO thresholds)
   so that signals can be triggered according to service conditions.
   *Elaborating more operational guidance on intended signal enforcment
   policy is key*.

Boucadair, et al.         Expires 11 April 2025                [Page 21]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

7.8.  Signal Estimation

   The validity of the estimation produced by a network might be
   questioned by the application.  Trust is required in a way that
   applications can safely follow guidance from a network.  Furthermore,
   whatever estimation should be timely produced, avoiding the
   generation of aged estimations that could not correspond to the
   actual service circumstances.  Finally, some common guidance is
   necessary to define a standard way of generating signals, for
   instance, per-flow or per group of flows.

   An open point is how to deal with adaptive applications, in the sense
   that signals could not be of value because the self-adaptation nature
   of these applications.

7.9.  Signal "Interference"

   The network is built on multiple layers.  In some cases, different
   solutions targeting similar objectives (e.g., congestion control or
   bottleneck mitigation) can be in place.  It is then necessary to
   *assess the simultaneous coexistence of these solutions to avoid
   contradictory effects or "interferences"*.

8.  Deployment Incentives

8.1.  Networks

   There are a set of tradeoffs for networks to deploy NRLP discovery:

   *  Cost vs. benefit

   *  Impact on operations vs incentive to deploy

   *  Enhanced experience vs. impacts on nominal mode

   The procedure defined in the document provides a mechanism to assist
   networks managing the load at the source and, thus, contribute to
   better handle network overloads and optimize the use of resources
   under non nominal conditions.  The mechanism also allows to enhance
   the quality of experience at the LAN by providing a simple tool to
   communicate local policies to hosts.  A minimal change is required to
   that aim.

   With the OS support, the following benefits might be considered by
   networks:

   Improved Network Performance:  The OS can schedule network requests

Boucadair, et al.         Expires 11 April 2025                [Page 22]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      more efficiently, preventing network congestion, and improving
      overall stability and network performance with NRLP signals.

   Cost Efficiency:  By managing network usage based on known rate
      limits, the OS can help reduce network-related costs.  However,
      this is difficult to assess.

   Networks that throttle bandwidth for reasons that are not compliant
   with local jurisdictions, not communicated to customers, etc. are
   unlikely to share NRLP signals.  If these signals are shared, it is
   unlikely that they will mirror the actual network configuration
   (e.g., application-specific policies).

8.2.  Applications

   Some applications support some forms of bandwidth measurements (e.g.,
   [app-measurement]) which feed how the content is accessed to using
   ABR.  Complementing or replacing these measurements with explicit
   signals depends upon:

   *  The extra cost that is required to support both mechanisms at the
      application layer.

   *  The complexity balance between performing the measurements vs.
      consuming the signal.

   *  Whether the measurements ("assessed property" per [RFC9473])
      reflect actual network conditions or severely diverge.

   *  The availability of the network signals at the first place: it is
      unlikely that all networks will support sending the signals.
      Deployment incentives at the network may vary.

   *  The host support may be variable.

   Applications that don't support (embedded) bandwidth measurement
   schemes will be enriched with the NRLP signals as this will be
   exposed by an OS API.

8.3.  Host OS

   API to facilitate Application Development:  An OS can provide more
      accurate available bandwidth to applications through the API (as
      mentioned in Section 8.2), making implementation easier for
      applications that don't requrie dedicated bandwidth measurement.

   Prevent Abuse:  The OS can allocate network resources more fairly

Boucadair, et al.         Expires 11 April 2025                [Page 23]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      among different processes, with NRLP signals, ensuring that no
      single process monopolizes the network.

   Better Resource Management:  OS can also optimize resource
      allocation, by deprioritizing background/inactive applications in
      the event of high network utilization.

   Enhanced Security:  Awareness of NRLPs can help the OS detect and
      mitigate network-related security threats, such as denial-of-
      service (DoS) attacks.

   Improved User Experience:  By avoiding network congestion and
      ensuring fair resource allocation, the OS can provide a smoother,
      more responsive user experience.

   Improved Application Development Efficiency:  OS providing rate
      limits through an API (as mentioned in Section 8.2) can provide
      the above listed benefits at per application level.

9.  Security Considerations

   The techniques discussed in the document offer the following security
   benefit: An OS can identify the type of application (background,
   foreground, streaming, real-time, etc.) and enforce appropriate
   network policies, even if a misbehaving application tries to evade
   the rate-limit policies.  If an application attempts to bypass rate-
   limiting by changing its 5-tuple or creating multiple flows, the OS
   can detect this and manage the application's traffic accordingly.

9.1.  ND

   As discussed in [RFC8781], because RAs are required in all IPv6
   configuration scenarios, RAs must already be secured, e.g., by
   deploying an RA-Guard [RFC6105].  Providing all configuration in RAs
   reduces the attack surface to be targeted by malicious attackers
   trying to provide hosts with invalid configuration, as compared to
   distributing the configuration through multiple different mechanisms
   that need to be secured independently.

   RAs are already used in mobile networks to advertize the link MTU.
   The same security considerations for MTU discovery apply for the NRLP
   discover.

   An attacker who has access to the RAs exchanged over an AC may:

   Decrease the bitrate:  This may lower the perceived QoS if the host
      aggressively lowers its transmission rate.

Boucadair, et al.         Expires 11 April 2025                [Page 24]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   Increase the bitrate value:  The AC will be overloaded, but still the
      rate-limit at the network will discard excess traffic.

   Drop RAs:  This is similar to the current operations, where no NRLP
      RA is shared.

   Inject fake RAs:  The implications are similar to the impacts of
      tweaking the values of a legitimate RA.

9.2.  DHCP

   An attacker who has access to the DHCP exchanged over an AC may do a
   lot of harm (e.g., prevent access to the network).

   The following mechanisms may be considered to mitigate spoofed or
   modified DHCP responses:

   DHCPv6-Shield [RFC7610]:  The network access node (e.g., a border
      router, a CPE, an Access Point (AP)) discards DHCP response
      messages received from any local endpoint.

   Source Address Validation Improvement (SAVI) solution for DHCP
   [RFC7513]:  The network access node filters packets with forged
      source IP addresses.

   The above mechanisms would ensure that the endpoint receives the
   correct NRLP information, but these mechanisms cannot provide any
   information about the DHCP server or the entity hosting the DHCP
   server.

10.  IANA Considerations

10.1.  Rate-Limit Policy Objects Registry Group

   This document requests IANA to create a new registry group entitled
   "Rate-Limit Policy Objects".

10.2.  Optional Parameter Flags Registry

   This document requests IANA to create a new registry entitled
   "Optional Parameter Flags" under the "Rate-Limit Policy Objects"
   registry group (Section 10.1).

   The initial values of this registry is provided in Table 1.

Boucadair, et al.         Expires 11 April 2025                [Page 25]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

              +==============+=============+===============+
              | Bit Position | Description | Reference     |
              +==============+=============+===============+
              | 1            | E-flag      | This-Document |
              +--------------+-------------+---------------+
              | 2            | P-flag      | This-Document |
              +--------------+-------------+---------------+
              | 3            | Unassigned  |               |
              +--------------+-------------+---------------+
              | 4            | Unassigned  |               |
              +--------------+-------------+---------------+

                    Table 1: Optional Parameter Flags

   The allocation policy of this new registry is "IETF Review"
   (Section 4.8 of [RFC8126]).

10.3.  Flow Flags Registry

   This document requests IANA to create a new registry entitled "Flow
   flags" under the "Rate-Limit Policy Objects" registry group
   (Section 10.1).

   The initial values of this registry is provided in Table 2.

         +==============+=======================+===============+
         | Bit Position | Description           | Reference     |
         +==============+=======================+===============+
         | 1            | Scope (S) Flag        | This-Document |
         +--------------+-----------------------+---------------+
         | 2            | Direction (D) Flag    | This-Document |
         +--------------+-----------------------+---------------+
         | 3-4          | Reliability (R) Flags | This-Document |
         +--------------+-----------------------+---------------+
         | 5            | Unassigned            |               |
         +--------------+-----------------------+---------------+
         | 6            | Unassigned            |               |
         +--------------+-----------------------+---------------+

                           Table 2: Flow flags

   The allocation policy of this new registry is "IETF Review"
   (Section 4.8 of [RFC8126]).

Boucadair, et al.         Expires 11 April 2025                [Page 26]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

10.4.  Neighbor Discovery Option

   This document requests IANA to assign the following new IPv6 Neighbor
   Discovery Option type in the "IPv6 Neighbor Discovery Option Formats"
   sub-registry under the "Internet Control Message Protocol version 6
   (ICMPv6) Parameters" registry maintained at [IANA-ND].

                  +======+=============+===============+
                  | Type | Description | Reference     |
                  +======+=============+===============+
                  | TBD1 | NRLP Option | This-Document |
                  +------+-------------+---------------+

                     Table 3: Neighbor Discovery NRLP
                                  Option

      Note to the RFC Editor: Please replace all "TBD1" occurrences with
      the assigned value.

10.5.  DHCP Option

   This document requests IANA to assign the following new DHCP Option
   Code in the "BOOTP Vendor Extensions and DHCP Options" registry
   maintained at [IANA-BOOTP].

   +======+================+=============+=============+===============+
   | Tag  | Name           | Data Length | Meaning     | Reference     |
   +======+================+=============+=============+===============+
   | TBD2 | OPTION_V4_NRLP | N           | NRLP        | This-Document |
   |      |                |             | Option      |               |
   +------+----------------+-------------+-------------+---------------+

                         Table 4: DHCP NRLP Option

      Note to the RFC Editor: Please replace all "TBD2" occurrences with
      the assigned value.

10.6.  DHCP Options Permitted in the RADIUS DHCPv4-Options Attribute

   This document requests IANA to add the following DHCP Option Code to
   the "DHCP Options Permitted in the RADIUS DHCPv4-Options Attribute"
   registry maintained at [IANA-BOOTP].

Boucadair, et al.         Expires 11 April 2025                [Page 27]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

           +======+================+===============+===========+
           | Tag  | Name           |               | Reference |
           +======+================+===============+===========+
           | TBD2 | OPTION_V4_NRLP | This-Document |           |
           +------+----------------+---------------+-----------+

              Table 5: New DHCP Option Permitted in the RADIUS
                     DHCPv4-Options Attribute Registry

10.7.  Provisioning Domains Split DNS Additional Information

   IANA is requested to add the following entry to the "Additional
   Information PvD Keys" registry under the "Provisioning Domains
   (PvDs)" registry group [IANA-PVD]:

   JSON key:  "nrlp"

   Description:  "Network Rate-Limit Policies (NRLPs)"

   Type:  Array of Objects

   Example:

      {
         "nrlp":[
            {
               "direction":1,
               "scope":1,
               "tc":0,
               "cir":50
            }
         ]
      }

   Reference:  This_Document

10.8.  New PvD Network Rate-Limit Policies (NRLPs) Registry

   IANA is requested to create a new registry "PvD Rate-Limit Policies
   (NRLPs)" registry, within the "Provisioning Domains (PvDs)" registry
   group.

   The initial contents of this registry are as follows:

Boucadair, et al.         Expires 11 April 2025                [Page 28]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   +===========+===================+=========+=========+===============+
   | JSON key  | Description       | Type    | Example | Reference     |
   +===========+===================+=========+=========+===============+
   | direction | Indicates the     | Boolean | 1       | This-Document |
   |           | traffic           |         |         |               |
   |           | direction to      |         |         |               |
   |           | which a policy    |         |         |               |
   |           | applies.  When    |         |         |               |
   |           | set to "1", this  |         |         |               |
   |           | parameter         |         |         |               |
   |           | indicates that    |         |         |               |
   |           | this policy is    |         |         |               |
   |           | for network-to-   |         |         |               |
   |           | host direction.   |         |         |               |
   |           | When set to "0",  |         |         |               |
   |           | this parameter    |         |         |               |
   |           | indicates that    |         |         |               |
   |           | this policy is    |         |         |               |
   |           | for host-to-      |         |         |               |
   |           | network           |         |         |               |
   |           | direction.        |         |         |               |
   +-----------+-------------------+---------+---------+---------------+
   | scope     | Specifies         | Boolean | 1       | This-Document |
   |           | whether the       |         |         |               |
   |           | policy is per     |         |         |               |
   |           | host (when set    |         |         |               |
   |           | to "1") or per    |         |         |               |
   |           | subscriber (when  |         |         |               |
   |           | set to "0)        |         |         |               |
   +-----------+-------------------+---------+---------+---------------+
   | tc        | Specifies a       | Integer | 0       | This-Document |
   |           | traffic category  |         |         |               |
   |           | to which this     |         |         |               |
   |           | policy applies.   |         |         |               |
   |           | Values are taken  |         |         |               |
   |           | from the Rate-    |         |         |               |
   |           | Limit Policy      |         |         |               |
   |           | Objects Registry  |         |         |               |
   |           | Section 10.1      |         |         |               |
   +-----------+-------------------+---------+---------+---------------+
   | cir       | Specifies the     | Integer | 50      | This-Document |
   |           | maximum number    |         |         |               |
   |           | of bits that a    |         |         |               |
   |           | network can       |         |         |               |
   |           | receive or send   |         |         |               |
   |           | during one        |         |         |               |
   |           | second over an    |         |         |               |
   |           | AC for a traffic  |         |         |               |

Boucadair, et al.         Expires 11 April 2025                [Page 29]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   |           | category.         |         |         |               |
   +-----------+-------------------+---------+---------+---------------+
   | xxx       | xxx               | xxx     | xx      | This-Document |
   +-----------+-------------------+---------+---------+---------------+

     Table 6: Initial PvD Network Rate-Limit Policies (NRLPs) Registry
                                  Content

   New assignments in the "PvD Network Rate-Limit Policies (NRLPs)"
   registry will be administered by IANA through Expert Review policy
   [RFC8126].  Experts are requested to ensure that defined keys do not
   overlap in names or semantics.

11.  References

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC2132]  Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
              Extensions", RFC 2132, DOI 10.17487/RFC2132, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2132>.

   [RFC3396]  Lemon, T. and S. Cheshire, "Encoding Long Options in the
              Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
              DOI 10.17487/RFC3396, November 2002,
              <https://www.rfc-editor.org/rfc/rfc3396>.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              DOI 10.17487/RFC4861, September 2007,
              <https://www.rfc-editor.org/rfc/rfc4861>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/rfc/rfc8126>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

Boucadair, et al.         Expires 11 April 2025                [Page 30]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   [RFC8801]  Pfister, P., Vyncke, É., Pauly, T., Schinazi, D., and W.
              Shao, "Discovering Provisioning Domain Names and Data",
              RFC 8801, DOI 10.17487/RFC8801, July 2020,
              <https://www.rfc-editor.org/rfc/rfc8801>.

   [RFC9445]  Boucadair, M., Reddy.K, T., and A. DeKok, "RADIUS
              Extensions for DHCP-Configured Services", RFC 9445,
              DOI 10.17487/RFC9445, August 2023,
              <https://www.rfc-editor.org/rfc/rfc9445>.

11.2.  Informative References

   [app-measurement]
              Gurel, Z. and A. C. Begen, "Bandwidth measurement for
              QUIC", 2024, <https://datatracker.ietf.org/doc/slides-119-
              moq-bandwidth-measurement-for-quic/>.

   [BEREC]    BEREC, "All you need to know about Net Neutrality rules in
              the EU", <https://www.berec.europa.eu/en/all-you-need-to-
              know-about-net-neutrality-rules-in-the-eu-0>.

   [FCC]      FCC, "FCC Restores Net Neutrality",
              <https://www.fcc.gov/document/fcc-restores-net-neutrality-
              0>.

   [I-D.ietf-masque-quic-proxy]
              Pauly, T., Rosenberg, E., and D. Schinazi, "QUIC-Aware
              Proxying Using HTTP", Work in Progress, Internet-Draft,
              draft-ietf-masque-quic-proxy-03, 7 July 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-masque-
              quic-proxy-03>.

   [I-D.ietf-opsawg-ntw-attachment-circuit]
              Boucadair, M., Roberts, R., de Dios, O. G., Barguil, S.,
              and B. Wu, "A Network YANG Data Model for Attachment
              Circuits", Work in Progress, Internet-Draft, draft-ietf-
              opsawg-ntw-attachment-circuit-13, 5 September 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-
              ntw-attachment-circuit-13>.

   [I-D.ietf-teas-5g-ns-ip-mpls]
              Szarkowicz, K. G., Roberts, R., Lucek, J., Boucadair, M.,
              and L. M. Contreras, "A Realization of Network Slices for
              5G Networks Using Current IP/MPLS Technologies", Work in
              Progress, Internet-Draft, draft-ietf-teas-5g-ns-ip-mpls-
              12, 7 October 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-teas-5g-
              ns-ip-mpls-12>.

Boucadair, et al.         Expires 11 April 2025                [Page 31]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   [I-D.ietf-teas-ietf-network-slice-nbi-yang]
              Wu, B., Dhody, D., Rokui, R., Saad, T., and J. Mullooly,
              "A YANG Data Model for the RFC 9543 Network Slice
              Service", Work in Progress, Internet-Draft, draft-ietf-
              teas-ietf-network-slice-nbi-yang-16, 28 August 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-teas-
              ietf-network-slice-nbi-yang-16>.

   [I-D.ihlar-masque-sconepro-mediabitrate]
              Ihlar, M. and M. Kühlewind, "MASQUE extension for
              signaling media bitrate", Work in Progress, Internet-
              Draft, draft-ihlar-masque-sconepro-mediabitrate-00, 9
              February 2024, <https://datatracker.ietf.org/doc/html/
              draft-ihlar-masque-sconepro-mediabitrate-00>.

   [IANA-BOOTP]
              IANA, "BOOTP Vendor Extensions and DHCP Options",
              <https://www.iana.org/assignments/bootp-dhcp-parameters/>.

   [IANA-ND]  IANA, "IPv6 Neighbor Discovery Option Formats",
              <https://www.iana.org/assignments/icmpv6-parameters/>.

   [IANA-PVD] IANA, "Provisioning Domains (PvDs)",
              <https://www.iana.org/assignments/pvds/>.

   [RFC2697]  Heinanen, J. and R. Guerin, "A Single Rate Three Color
              Marker", RFC 2697, DOI 10.17487/RFC2697, September 1999,
              <https://www.rfc-editor.org/rfc/rfc2697>.

   [RFC2698]  Heinanen, J. and R. Guerin, "A Two Rate Three Color
              Marker", RFC 2698, DOI 10.17487/RFC2698, September 1999,
              <https://www.rfc-editor.org/rfc/rfc2698>.

   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, DOI 10.17487/RFC2865, June 2000,
              <https://www.rfc-editor.org/rfc/rfc2865>.

   [RFC3203]  T'Joens, Y., Hublet, C., and P. De Schrijver, "DHCP
              reconfigure extension", RFC 3203, DOI 10.17487/RFC3203,
              December 2001, <https://www.rfc-editor.org/rfc/rfc3203>.

   [RFC4026]  Andersson, L. and T. Madsen, "Provider Provisioned Virtual
              Private Network (VPN) Terminology", RFC 4026,
              DOI 10.17487/RFC4026, March 2005,
              <https://www.rfc-editor.org/rfc/rfc4026>.

Boucadair, et al.         Expires 11 April 2025                [Page 32]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   [RFC4115]  Aboul-Magd, O. and S. Rabie, "A Differentiated Service
              Two-Rate, Three-Color Marker with Efficient Handling of
              in-Profile Traffic", RFC 4115, DOI 10.17487/RFC4115, July
              2005, <https://www.rfc-editor.org/rfc/rfc4115>.

   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
              2006, <https://www.rfc-editor.org/rfc/rfc4364>.

   [RFC4664]  Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer
              2 Virtual Private Networks (L2VPNs)", RFC 4664,
              DOI 10.17487/RFC4664, September 2006,
              <https://www.rfc-editor.org/rfc/rfc4664>.

   [RFC6105]  Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J.
              Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105,
              DOI 10.17487/RFC6105, February 2011,
              <https://www.rfc-editor.org/rfc/rfc6105>.

   [RFC6269]  Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and
              P. Roberts, "Issues with IP Address Sharing", RFC 6269,
              DOI 10.17487/RFC6269, June 2011,
              <https://www.rfc-editor.org/rfc/rfc6269>.

   [RFC6704]  Miles, D., Dec, W., Bristow, J., and R. Maglione,
              "Forcerenew Nonce Authentication", RFC 6704,
              DOI 10.17487/RFC6704, August 2012,
              <https://www.rfc-editor.org/rfc/rfc6704>.

   [RFC7066]  Korhonen, J., Ed., Arkko, J., Ed., Savolainen, T., and S.
              Krishnan, "IPv6 for Third Generation Partnership Project
              (3GPP) Cellular Hosts", RFC 7066, DOI 10.17487/RFC7066,
              November 2013, <https://www.rfc-editor.org/rfc/rfc7066>.

   [RFC7513]  Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address
              Validation Improvement (SAVI) Solution for DHCP",
              RFC 7513, DOI 10.17487/RFC7513, May 2015,
              <https://www.rfc-editor.org/rfc/rfc7513>.

   [RFC7610]  Gont, F., Liu, W., and G. Van de Velde, "DHCPv6-Shield:
              Protecting against Rogue DHCPv6 Servers", BCP 199,
              RFC 7610, DOI 10.17487/RFC7610, August 2015,
              <https://www.rfc-editor.org/rfc/rfc7610>.

   [RFC8781]  Colitti, L. and J. Linkova, "Discovering PREF64 in Router
              Advertisements", RFC 8781, DOI 10.17487/RFC8781, April
              2020, <https://www.rfc-editor.org/rfc/rfc8781>.

Boucadair, et al.         Expires 11 April 2025                [Page 33]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   [RFC8803]  Bonaventure, O., Ed., Boucadair, M., Ed., Gundavelli, S.,
              Seo, S., and B. Hesmans, "0-RTT TCP Convert Protocol",
              RFC 8803, DOI 10.17487/RFC8803, July 2020,
              <https://www.rfc-editor.org/rfc/rfc8803>.

   [RFC9066]  Reddy.K, T., Boucadair, M., Ed., and J. Shallow,
              "Distributed Denial-of-Service Open Threat Signaling
              (DOTS) Signal Channel Call Home", RFC 9066,
              DOI 10.17487/RFC9066, December 2021,
              <https://www.rfc-editor.org/rfc/rfc9066>.

   [RFC9182]  Barguil, S., Gonzalez de Dios, O., Ed., Boucadair, M.,
              Ed., Munoz, L., and A. Aguado, "A YANG Network Data Model
              for Layer 3 VPNs", RFC 9182, DOI 10.17487/RFC9182,
              February 2022, <https://www.rfc-editor.org/rfc/rfc9182>.

   [RFC9291]  Boucadair, M., Ed., Gonzalez de Dios, O., Ed., Barguil,
              S., and L. Munoz, "A YANG Network Data Model for Layer 2
              VPNs", RFC 9291, DOI 10.17487/RFC9291, September 2022,
              <https://www.rfc-editor.org/rfc/rfc9291>.

   [RFC9330]  Briscoe, B., Ed., De Schepper, K., Bagnulo, M., and G.
              White, "Low Latency, Low Loss, and Scalable Throughput
              (L4S) Internet Service: Architecture", RFC 9330,
              DOI 10.17487/RFC9330, January 2023,
              <https://www.rfc-editor.org/rfc/rfc9330>.

   [RFC9463]  Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N.,
              and T. Jensen, "DHCP and Router Advertisement Options for
              the Discovery of Network-designated Resolvers (DNR)",
              RFC 9463, DOI 10.17487/RFC9463, November 2023,
              <https://www.rfc-editor.org/rfc/rfc9463>.

   [RFC9473]  Enghardt, R. and C. Krähenbühl, "A Vocabulary of Path
              Properties", RFC 9473, DOI 10.17487/RFC9473, September
              2023, <https://www.rfc-editor.org/rfc/rfc9473>.

   [RFC9543]  Farrel, A., Ed., Drake, J., Ed., Rokui, R., Homma, S.,
              Makhijani, K., Contreras, L., and J. Tantsura, "A
              Framework for Network Slices in Networks Built from IETF
              Technologies", RFC 9543, DOI 10.17487/RFC9543, March 2024,
              <https://www.rfc-editor.org/rfc/rfc9543>.

   [TR-470]   BBF, "5G Wireless Wireline Convergence Architecture -
              Issue 2",
              <https://www.broadband-forum.org/pdfs/tr-470-2-0-0.pdf>.

Boucadair, et al.         Expires 11 April 2025                [Page 34]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   [TS-23.501]
              3GPP, "TS 23.501: System architecture for the 5G System
              (5GS)", 2024,
              <https://portal.3gpp.org/desktopmodules/Specifications/
              SpecificationDetails.aspx?specificationId=3144>.

   [TS-23.503]
              3GPP, "TS 23.503: Policy and charging control framework
              for the 5G System (5GS)", 2024,
              <https://portal.3gpp.org/desktopmodules/Specifications/
              SpecificationDetails.aspx?specificationId=3334>.

   [TS-24.008]
              3GPP, "Technical Specification Group Core Network and
              Terminals; Mobile radio interface Layer 3 specification;
              Core network protocols; Stage 3 (Release 18)", 2024,
              <https://www.3gpp.org/DynaReport/24008.htm>.

   [TS-29.522]
              3GPP, "TS 29.522: 5G System; Network Exposure Function
              Northbound APIs", 2024,
              <https://portal.3gpp.org/desktopmodules/Specifications/
              SpecificationDetails.aspx?specificationId=3437>.

Appendix A.  Example of Authentication, Authorization, and Accounting
             (AAA)

   Figure 9 provides an example of the exchanges that might occur
   between a DHCP server and an Authentication, Authorization, and
   Accounting (AAA) server to retrieve the per-subscriber NRLPs.

   This example assumes that the Network Access Server (NAS) embeds both
   Remote Authentication Dial-In User Service (RADIUS) [RFC2865] client
   and DHCP server capabilities.

Boucadair, et al.         Expires 11 April 2025                [Page 35]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

      .-------------.           .-------------.             .-------.
      |    Host     |           |     NAS     |             |  AAA  |
      | DHCP Client |           | DHCP Server |             |Server |
      |             |           |RADIUS Client|             |       |
      '------+------'           '------+------'             '---+---'
             |                         |                        |
             o------DHCPDISCOVER------>|                        |
             |                         o----Access-Request ---->|
             |                         |                        |
             |                         |<----Access-Accept------o
             |                         |     DHCPv4-Options     |
             |<-----DHCPOFFER----------o    (OPTION_V4_NRLP)    |
             |     (OPTION_V4_NRLP)    |                        |
             |                         |                        |
             o-----DHCPREQUEST-------->|                        |
             |     (OPTION_V4_NRLP)    |                        |
             |                         |                        |
             |<-------DHCPACK----------o                        |
             |     (OPTION_V4_NRLP)    |                        |
             |                         |                        |

                        DHCP                    RADIUS

               Figure 9: An Example of RADIUS NRLP Exchanges

Appendix B.  Alternative/Complementary Mechanisms

   In the event of bottlenecks in a network, there are other mechanisms
   that provide information or help to reserve resources.  These can be
   used within the bottleneck network or, in some cases, across network
   boundaries.  The following sections give examples of such mechanisms
   and provide background information.

B.1.  L4S

   Low Latency, Low Loss, and Scalable Throughput (L4S) is an
   architecture defined in [RFC9330] to avoid queuing at bottlenecks by
   capacity-seeking congestion controllers of senders.  L4S support
   addresses the investigated use case of this document, which considers
   rate limiting, which typically involves queuing discipline at the
   rate limiting bottleneck.  If all involved elements (UE, network, and
   service) support L4S, the use of Explicit Congestion Notification
   (ECN) provides the measure used to inform the network protocol and/or
   service endpoints in use of impending congestion.  Congestion
   detection and reaction may require a few RTTs to adjust to the
   network forwarding conditions.

Boucadair, et al.         Expires 11 April 2025                [Page 36]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   As of 3GPP Rel. 18 (5G Advanced, [TS-23.501]), L4S is also defined
   for the 5G system (5GS) and can be used by UE and its services, and
   for external parties of the 5GS by exposure of congestion
   information.

B.2.  Network Slicing

   One measure for guaranteeing resources in networks is network
   slicing.  This is achieved by configuring certain resources like
   adequate QoS setup for communication streams, which are taken into
   account in packet schedulers along the transport path. e.g., the RAN
   air interface.

   Network slicing is considered by 3GPP for 5G [TS-23.501] (an
   equivalent can be achieved in 4G by configuring QFI values), by IETF
   [RFC9543] for transport networks, and by BBF [TR-470] for wireline
   access.  A realization model in transport networks is detailed in
   [I-D.ietf-teas-5g-ns-ip-mpls].

   L4S Appendix B.1 can be used for the realization of a network slice.
   Network slices properties (e.g., throughput) can be retrieved from an
   operator network or configured by third parties via a network API
   Appendix B.4 (e.g., 3GPP NEF).

B.3.  3GPP UE Route Selection Policy

   UE Route Selection Policy (URSP) is a feature specified in 3GPP to
   match and forward traffic based upon a selection descriptor and a
   route descriptor as further detailed in [TS-23.503].

   Specified traffic descriptors may be:

   *  Application

   *  IP

   *  Domain

   *  Non-IP

   *  DNN

   *  Connection Capabilities

   *  Connectivity Group ID

   Specified route selection descriptors: must contain PDU Session Type
   Selection (e.g., IPv4v6 or IPv6) and may contain the following:

Boucadair, et al.         Expires 11 April 2025                [Page 37]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   *  SSC Mode

   *  Network Slice

   *  DNN

   *  Non-Seamless Offload indication

   *  Access Type preference

   URSP rules that contain both descriptors can be announced from the
   provider network to a UE or preconfigured in the UE, possibly
   subscription-based.  These rules can be used to identify services in
   the UE and to provide routes with explicit characteristics.  URSP
   rules might also be triggered by the usage of network APIs
   Appendix B.4 and combined with network slicing Appendix B.2, for
   example.

B.4.  Network APIs

   Network APIs are the interface between the operator network and
   third-party providers.  With 4G, the first methods were introduced to
   make network capabilities available, which has been greatly improved
   with the introduction of 5G.  To this end, the new Network Exposure
   Function (NEF) is responsible for 5G, which is specified in
   [TS-29.522], which defines a huge list of network capabilites for
   monitoring and configuration for external consumption.

   For integration into external services, initiatives such as the
   CAMARA Alliance and GSMA Open Gateway provide abstractions of these
   exposed network capabilities into service APIs for easy integration
   by developers.

   The CAMARA API "Network Slice Booking", which is currently under
   development, would be a way for a service provider to configure the
   necessary resources in the operator network.  In the background, 5G
   features such as network slicing Appendix B.2 , URSP Appendix B.3
   and, if necessary, L4S Appendix B.1 could then ensure implementation
   in the operator network.

Acknowledgments

   Thanks to Tommy Pauly for the comment on PvD.

Authors' Addresses

   Mohamed Boucadair
   Orange

Boucadair, et al.         Expires 11 April 2025                [Page 38]
Internet-Draft        Rate-Limit Policies Discovery         October 2024

   Email: mohamed.boucadair@orange.com

   Dan Wing
   Cloud Software Group Holdings, Inc.
   United States of America
   Email: danwing@gmail.com

   Tirumaleswar Reddy
   Nokia
   India
   Email: kondtir@gmail.com

   Sridharan Rajagopalan
   Cloud Software Group Holdings, Inc.
   United States of America
   Email: sridharan.girish@gmail.com

   Gyan Mishra
   Verizon Inc
   United States of America
   Email: gyan.s.mishra@verizon.com

   Markus Amend
   Deutsche Telekom
   Germany
   Email: markus.amend@telekom.de

   Luis M. Contreras
   Telefonica
   Spain
   Email: luismiguel.contrerasmurillo@telefonica.com

Boucadair, et al.         Expires 11 April 2025                [Page 39]