DTCP: Dynamic Tasking Control Protocol
draft-kala-dtcp-01

Document Type Active Internet-Draft (individual)
Last updated 2017-06-25 (latest revision 2017-06-21)
Replaces draft-cavuto-dtcp
Stream ISE
Intended RFC status Informational
Formats plain text pdf html bibtex
Stream ISE state Finding Reviewers
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
IP Performance Metrics Group                                 Sumit. Kala
Internet-Draft                                          Juniper Networks
Intended status: Standards Track                           David. Cavuto
Expires: December 21, 2017                                           ATT
                                                           June 21, 2017

                 DTCP: Dynamic Tasking Control Protocol
                           draft-kala-dtcp-01

Abstract

   Dynamic Tasking Control Protocol is a message-based interface by
   which an authorized client may connect to a server -- usually a
   network element (NE) or security policy enforcement point (PEP) --
   and issue dynamic requests for data.  These tasking requests contain,
   among other parameters, packet matching criteria that may apply to
   certain packets flowing through that network element.  The primary
   intent of the tasking request is to instruct that network element to
   send copies of packets matching those criteria to a destination
   (usually via tunneling) for further inspection or other action.  The
   protocol contains a security architecture to address client or server
   spoofing as well as replay prevention.  The protocol assumes that
   multiple clients may simultaneously control a single server.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 21, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Kala & Cavuto          Expires December 21, 2017                [Page 1]
Internet-Draft             draft-kala-dtcp-01                  June 2017

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (http://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Operational Modes  . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Performance Considerations . . . . . . . . . . . . . . . .  4
     1.3.  Conventions used in this document  . . . . . . . . . . . .  5
   2.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.1.  Server . . . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.2.  Client . . . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.3.  Control Source . . . . . . . . . . . . . . . . . . . . . .  5
     2.4.  Content Destination  . . . . . . . . . . . . . . . . . . .  5
     2.5.  Criteria . . . . . . . . . . . . . . . . . . . . . . . . .  6
   3.  Overview of Operation  . . . . . . . . . . . . . . . . . . . .  6
     3.1.  Request-Response Paradigm  . . . . . . . . . . . . . . . .  6
     3.2.  Asynchronous Notifications . . . . . . . . . . . . . . . .  7
     3.3.  Data Delivery Mechanism  . . . . . . . . . . . . . . . . .  8
   4.  Security Model . . . . . . . . . . . . . . . . . . . . . . . .  9
     4.1.  No Information Exposure  . . . . . . . . . . . . . . . . .  9
     4.2.  Independence of Control Sources  . . . . . . . . . . . . .  9
     4.3.  Control Source to Content Destination Access Control . . .  9
     4.4.  Per-Message Security Mechanisms  . . . . . . . . . . . . .  9
       4.4.1.  Sequence Number  . . . . . . . . . . . . . . . . . . .  9
         4.4.1.1.  Sequence Number Negative Window  . . . . . . . . . 10
       4.4.2.  Hashing Message Authentication Code (HMAC) . . . . . . 11
   5.  Application-Layer Message Formats  . . . . . . . . . . . . . . 12
     5.1.  Request General Format . . . . . . . . . . . . . . . . . . 13
     5.2.  Response General Format  . . . . . . . . . . . . . . . . . 13
     5.3.  Notification General Format  . . . . . . . . . . . . . . . 13
     5.4.  Add Request  . . . . . . . . . . . . . . . . . . . . . . . 14
Show full document text