Working Group: G. Bianchi
Internet Draft University of
Palermo, Italy
Document: N. Blefari-Melazzi
draft-bianchi-blefari-end-to-end-qos-02.txt University of
Perugia, Italy
Category: Informational November 2001
Expires April 2002
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. Internet-Drafts are draft
documents valid for a maximum of six months and may be updated,
replaced, or obsoleted by other documents at any time. It is
inappropriate to use Internet-Drafts as reference material or to
cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
1 Abstract
This document proposes an admission control paradigm, called GRIP
(Gauge&Gate Reservation with Independent Probing), devised to
transparently operate over DiffServ domains. GRIP relies the
decision to admit a new flow upon the successful and time
delivery, through the Internet, of probe packets independently
generated by the end points. The key idea is to use failed
receptions of probes to discover, at the end points, that a
congestion condition occurs in the network, and to reject the new
admission request. This idea is extremely close to what TCP
congestion control technique does, but it is used in the novel
context of admission control. While GRIP can be seamlessly applied
to DiffServ (and even legacy) Internet, a marginal increase in QoS
is envisioned in these existing scenarios. The performances of GRIP
are in fact related to the capability of routers to locally take
decisions about the degree of congestion in the network, and
suitably drop probe packets when congestion conditions are detected.
GRIP can be applied in a "decoupled" framework where admission
control is categorized as:
Bianchi&Blefari Informational - Expires April 2002 1
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
- End-to-end, where the end points of the admission control;
procedure are two end hosts;
- Cross-domain, or inter-domain, where the end points of the
reservation are located in different administrative domains but
not on end hosts;
- Edge-to-edge, or intra-domain where the end points of the
admission control procedure are two edge nodes located in the
same administrative domain.
Finally, we are fully aware that the possible application of the
principles described in this draft in the Internet raises many
issues, which we do not address.
Our aim, then, is not proposing a full-fledged solution for the
Internet, but contributing to the on-going discussions in the
international arena on these matters, by means of what we may see as
a problem statement document.
Table of Contents
1 Abstract ...........................................................1
2 Introduction .......................................................2
3 Related work .......................................................3
4 A "Decoupled" Approach to Admission Control ........................5
5 The Concept of Implicit Signaling and its Use in Admission Control .6
6 Implicit Cross-Domain Signaling ...................................11
7 Appendix D: Security considerations ...............................14
8 References ........................................................15
9 Author's Addresses ................................................16
10Full Copyright Statement ..........................................17
2 Introduction
Two QoS architectures are being discussed in the Internet arena:
Integrated Services and Differentiated Services. Nevertheless,
quoting the recent RFC [RFC2990], "both the Integrated Services
architecture and the Differentiated Services architecture have some
critical elements in terms of their current definition, which appear
to be acting as deterrents to widespread deployment... There appears
to be no single comprehensive service environment that possesses
both service accuracy and scaling properties". Our agreement with
the above statement is motivated as follows.
The IntServ/RSVP paradigm [RFC2205, RFC2210] is devised to establish
reservations at each router along a new connection path, and provide
"hard" QoS guarantees. The common criticism to RSVP is related to
its complexity and lack of scalability. In the heart of large-scale
networks, the cost of RSVP soft state maintenance and of processing
and signaling overhead in the routers is significant.
Bianchi&Blefari Informational - Expires April 2002 2
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
Moreover, we argue that complexity and scalability are not the
unique problem of RSVP. RSVP needs to be deployed in all the
involved routers, to provide end-to-end QoS guarantees; hence this
approach is not easily and smoothly compatible with existing
infrastructures. What we are trying to say is that complexity and
scalability are really important issues, but that backward
compatibility and smooth Internet upgrade in a multi-domain Internet
market scenario is probably even more important.
Following this line of reasoning, we argue that the success of the
DiffServ framework [RFC2474, RFC2475] does not uniquely stays in the
fact that it is an approach devised to overcome the scalability
limits of IntServ. As in the legacy Internet, the DiffServ network
is oblivious of individual flows. Each router merely implements a
suite of scheduling and buffering mechanisms, to provide different
aggregate service assurances to different traffic classes whose
packets are accordingly marked with a different value of the
Differentiated Services Code Point (DSCP) field in the IP packet
header. By leaving untouched the basic Internet principles, DiffServ
provides supplementary tools to further move the problem of Internet
traffic control up to the definition of suitable pricing/service
level agreements (SLAs) between peers. However, DiffServ lacks a
standardized admission control scheme, and does not intrinsically
solve the problem of controlling congestion in the Internet. Upon
overload in a given service class, all flows in that class suffer a
potentially harsh degradation of service. RFC [RFC2998] recognizes
this problem and points out that "further refinement of the QoS
architecture is required to integrate DiffServ network services into
an end-to-end service delivery model with the associated task of
resource reservation". It is thus suggested [RFC2990] to define an
"admission control function which can determine whether to admit a
service differentiated flow along the nominated network path".
3 Related work
Recent literature (see [BRE00] and references therein contained) has
shown that such an admission control function can possibly be
provided over stateless networks by means of the so-called Endpoint
Admission Control (EAC). EAC builds upon the idea that admission
control can be managed by pure end-to-end operation, involving only
the source and destination host. At connection set-up, each sender-
receiver pair starts a Probing phase whose goal is to determine
whether the considered connection can be admitted to the network. In
some EAC proposals [BOR99, ELE00, BRE00], during the Probing phase,
the source node sends packets that reproduce the characteristics (or
a subset of them) of the traffic that the source wants to emit
through the network. Upon reception of the first probing packet, the
destination host starts monitoring probing packets statistics (e.g.,
loss ratio, probes interarrival times) for a given period of time.
At the end of the measurement period and on the basis of suitable
Bianchi&Blefari Informational - Expires April 2002 3
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
criteria, the receiver takes the decision whether to admit or reject
the connection and notifies back this decision to the source node.
Although the described scheme looks elegant and promising (it is
scalable, it does not involve inner routers), a number of issues
come out when we look for QoS performance. A scheme purely based on
endpoint measurements suffers of performance drawbacks mostly
related to the necessarily limited (few hundreds of ms, for
reasonably bounded call setup times) measurement time spent at the
destination. Measurements taken over such a short time and on an
end-to-end basis cannot capture stationary network states, and thus
the decision whether to admit or reject a call is taken over a
snapshot of the network status, which can be quite an unrealistic
picture of the network congestion level.
The simplest solution to the above issue (other solutions are being
explored, but their complete discussion and understanding is way out
of the aims of the present paper) is to attempt to convey more
reliable network state information to the edge of the network.
Several solutions have been proposed in the literature. [CKN00]
proposes to drive EAC decisions from measurements performed on a
longer time scale among each ingress/egress pair of nodes within a
domain. [GKE99, SZH99, KEL00] use packet marking to convey explicit
congestion information to the relevant network nodes in charge of
taking admission control decisions. [MOR00] performs admission
control at layers above IP (i.e., TCP), by imposing each core router
to parse and capture TCP SYN and SYN/ACK segments, and forward such
packets only if local congestion conditions allow admission of a new
TCP flow. [ALM98] proposes a lightweight signaling protocol, with
explicit reservation messages, which requires network routers to
actively manage packets (via remarking of signaling packets when
congestion occurs), and thus it does not fit within a DiffServ
framework, where the core routers duty is strictly limited to
forwarding packets at the greatest possible speed (see e.g., what
stated in [BRE00]).
To summarize the above discussion, and to proceed further, we can
state that an abstract and general EAC can be defined as the
combination of three logically distinct components (although, in
some specific solutions the following issues are not clearly
distinct, this does not mean at all that these three specific issues
are not simultaneously present):
1: edge nodes in charge of taking explicit per flow accept/reject
decisions;
2: physical principles and measures on which decisions are based
(e.g., congestion status of an internal link or an
ingress/egress path, and particular measurement technique - if
any - adopted to detect such status);
3: the specific mechanisms adopted to convey internal network
information to edge nodes (e.g., received probing bandwidth
measurement, IP packet marking, exploitation of layers above IP
with a well-defined notion of connection or even explicit
signaling).
Bianchi&Blefari Informational - Expires April 2002 4
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
In such a view, and with reference to each of the above points, we
argue that:
1: to allow edge nodes to take learned accept/reject decisions, the
congestion status of the network can not be inferred only on an
end-to-end basis; inner routers must be actively involved, but
without adding functionality other than that of the DiffServ
paradigm, in the basic IP forwarding scheme.
2: inner routers can determine whether a new call can be locally
admitted (i.e. as far as the local router is concerned) by means
of suitable Measurement Based Admission Controls (MBAC). Such
MBAC schemes operate according to some specific criteria (which
can be as simple as non performing any measure at all, and
taking a snapshot of the link state, or as complex as some of
the techniques proposed in [BJS00, GRO99]). These schemes do not
exploit per-flow state information and related traffic
specifications. Instead, they operate on the basis of per-node
aggregate traffic measurements carried out at the packet level.
The robustness of these schemes stays in the fact that, in
suitable conditions (e.g. flow peak rates small with respect to
link capacities), they are barely sensitive to uncertainties on
traffic profile parameters. As a consequence, it seems that
scalable estimations can be independently carried out by the
routers as far as local decisions are concerned. As a matter of
fact we propose one of such schemes in [BBFP01].
3: An important problem is then how to convey the status of inner
routers to the end points so that the latter devices can take
learned admission control decisions, without violating the
DiffServ paradigm. For obvious reasons, we cannot use explicit
per flow signaling. Similarly, we do not want to modify the
basic router operation, by introducing packet marking schemes or
forcing routers to parse and interpret higher layer information.
What we want to do is to implicitly convey the status of core
routers to the end points, by means of scalable, DiffServ
compliant procedures.
4 A "Decoupled" Approach to Admission Control
We feel that the way to QoS provisioning in the Internet should be
outlined following an evolutionary approach. For evolutionary
approach, we mean that each individual domain should be put in the
condition of independently and asynchronously upgrade its network
components and management schemes to provide support for QoS.
This implies that the point 3) above must be decoupled in the
following elements:
1. Intra-domain resource reservation mechanisms. These mechanisms
should be limited to provide admission and congestion control
functions whose scope is limited to a single administrative domain,
and whose design is related to the specific requirements of the
Bianchi&Blefari Informational - Expires April 2002 5
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
considered domain (e.g. a radio access network, a core backbone, a
small campus LAN, etc). The degree of QoS support provided within
each domain will depend on the tightness of control that the edge-
to-edge mechanism will be capable to support. Schemes ranging from
explicit per-flow resource reservation mechanisms (such as RSVP),
down to aggregate forms of traffic control (e.g. via measurement
based mechanisms, such as the one of GRIP) should be allowed to
independently operate in different domains. The ultimate goal is
that each domain should be placed in the ideal condition of
determining the suitable throughput/QoS support tradeoff within the
domain.
2. Inter-domain signaling mechanisms. To allow heterogeneous domain
to exchange basic control information, a cross-domain signaling
procedure should be deployed. Our view of such a cross domain
signaling exchange is twofold:
a: one possibility is to deploy a novel standard to allow domains
to exchange control information (e.g. whether a flow can be
admitted in the considered domain). The drawback of such a
solution is that the format and the contents of these control
packets needs to be standardized, and this may limit the timely
deployment of this cross-domain mechanism.
b: a much more simple, and in our opinion, appealing possibility,
is to define an IMPLICIT cross-domain signaling scheme, based on
drop of signaling packets. More discussion about this solution
is given in section 5 and 6.
5 The Concept of Implicit Signaling and its Use in Admission Control
Implicit signaling has been adopted to control network congestion
since the introduction of TCP congestion control in 1986. The idea
of implicit signaling is to allow the network endpoints to
autonomously determine whether congestion occurs along the network
path, and to react accordingly.
Congestion conditions are discovered at the end points by analyzing
packet losses. Upon congestion within a network node, packets are
lost, and this information is implicitly conveyed to the end nodes.
In particular, the authors of this draft have recently proposed an
implicit signaling paradigm, called GRIP (Gauge&Gate Reservation
with Independent Probing), devised to be compatible with DiffServ
scenarios [BB01, BBFP01]. GRIP is DiffServ compliant since all
traffic is managed according to the DS Code Point field only. In
particular, [BB01] shows that the GRIP way of operation is
semantically compatible with the AF PHB [RFC2597]. GRIP is briefly
described below.
5.1 GRIP End nodes operation
Bianchi&Blefari Informational - Expires April 2002 6
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
GRIP's end nodes operation is extremely simple. Let us consider the
setup of an "uplink" (source to destination) monodirectional flow.
When a user terminal requests a connection with a destination
terminal, the Source Node starts a Probing Phase, by injecting in
the network in principle just one Probe Packet. Meanwhile, it
activates a probing phase timeout, lasting for a reasonably low
time. If no response is received from the destination node before
the timeout expiration, the source node enforces rejection of the
connection setup attempt. Otherwise, if a Feedback packet is
received in time, the connection is accepted, the probing phase is
terminated, and control is given back to the user application which
starts a Data Phase, simply consisting in the transmission of
information packets.
The role of the Destination Node simply consists in monitoring the
incoming IP packets, intercepting the ones labeled as Probes,
reading their source address, and, for each incoming probe packet,
just relaying with the transmission of a feedback packet, if the
destination is willing to accept the set-up request.
The only mandatory requirement is that Probes and Information
packets are labeled with different values of the DS codepoint field
in the IP packet header. This enables DiffServ routers to provide
different forwarding methods for Probes and Information packets,
e.g. granting service priority to Information packets. In this case,
the Feedback packet shall be labeled as an Information packet (i.e.,
prioritary). Probing packets do not carry information describing the
characteristics of the associated data traffic (e.g. peak
bandwidth). This information is eventually conveyed by means of the
DSCP tag (i.e. a given kind of data traffic is associated with a
given DSCP tag).
Note that the described GRIP operation is trivially extended to
provide setup for bidirectional connections. In such a case, the
destination node will simply relay with a Probe packet instead than
with a Feedback packet. A Feedback will be ultimately sent back by
the source node upon reception of the destination Probe (to close
the three way connection setup handshake - independent probing
mechanisms are clearly needed to test both uplink and downlink
network paths, which generally differ). Finally, GRIP can be adapted
to support "downlink" (destination to source) flows. The source node
needs to issue a Trigger Packet to drive (by mean of application-
level protocol information, contained in the Trigger Packet payload)
the destination node to start a Probing Phase on its own.
To protect GRIP from possible route changes, due to the eventual
dynamics of routing protocols, we can think to additional Probing
packets periodically sent after the setup of a flow to "refresh" the
end-to-end path. On the other side, DiffServ will be probably
deployed in the core network where forwarding mechanisms such as
Bianchi&Blefari Informational - Expires April 2002 7
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
MPLS, will limit the frequency of route changes below typical
session duration. Note also that lost or severely delayed probe
packets are interpreted as congestion. A probe packet may be lost if
the (wireless) link has high error rates, or delayed if
retransmission at lower layers occurs. However, this problem is
common to other admission control frameworks and can be overcome by
defining more complex probing phase operations, e.g., by including
reattempt procedures after a setup failure, multiple timers and
probes during the probing phase, etc. This could lead to too much
extra traffic generated by probes, which is a phenomenon that could
occur also for instance with HTTP session where multiple TCP
connections are initiated. To alleviate the problem, Probes could be
piggybacked on TCP SYN packets.
Finally, we point out that a priority among probing packets
belonging to different traffic classes could be introduced by means
of different DSCP tags. This way, higher service class users would
receive favorite treatment. Still another issue is re-negotiation of
the flow parameters and requested performance after the flow is
accepted.
5.2 GRIP over a GRIP-unaware domain
The rationale of GRIP is to reject a new flow setup when a feedback
does not return to the source node before that the probing timeout
expires. When GRIP is operated over a GRIP-unaware domain, flow
rejection is purely driven by internal network congestion. Upon
congestion, the round trip delay (Probe plus Feedback) may become
larger than the probing phase timeout, and thus a flow setup is
rejected. Stability is guaranteed by the fact that, when network
congestion increases, a corresponding decrease in the probability
that setup is successful occurs. Therefore, a lower number of new
flows set up, and this allows the network to smoothly decongest.
Routers may be in principle oblivious of Probes, and may treat them
as normal IP packets. When packet differentiation is possible, as in
the DiffServ scenario, GRIP operation can be enhanced. This
particularly occurs when DiffServ routers are configured to
distinguish information packets from Probes on the basis of their
DSCP value, and serve information packets with higher service
priority (i.e. before) than probing packets. This operation has the
advantage that the delay experienced by Probing packets is
necessarily worse (and thus is a conservative measure) than that
experienced by packets belonging to accepted connections. Thus,
probes may detect internal router congestion earlier than data
packets, and earlier drive reject decisions at the end points.
The performance of GRIP over DiffServ routers has been preliminarily
evaluated in a previous paper of ours. Such results lead to the
conclusion that the throughput performance is marginally dependent
on the probing packet timeout setting, at least when this timeout is
kept in the order of at most few hundreds of ms. This implies that
Bianchi&Blefari Informational - Expires April 2002 8
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
the probing timeout is not an effective and tunable mean to
precisely control the QoS.
5.3 GRIP over a GRIP-aware domain
Despite the above discussed performance drawbacks, our strongest
argument in favor of GRIP is that it opens a smooth migration path
toward a future QoS capable global infrastructure. Our thesis is
that GRIP widespread deployment may start over the actual best-
effort Internet to provide marginal performance improvements (i.e.
similar to the ones relevant to the Controlled Load service), with
the promise that QoS will be provided in the future by independent
router upgrades in independent IP domains.
To justify our statement, we assume that network routers are able to
recognize that packets labeled as Probes are managed at the network
end points for the sake of flow admission control. Hence, they may
intelligently enforce Probe dropping, on the basis of suitable
estimation of the QoS provided to the already admitted flows, and on
the basis of suitable predictions of emerging congestion conditions.
As, thanks to the GRIP operation, internal probe losses drive setup
rejections at the distributed end points, independent, localized and
proprietary decisions taken at the network routers may substantially
improve the QoS provided within a domain. The GRIP-aware router
operation is illustrated in Fig. 1.
-------------------------- -----
| / \
Data Queue |/ Server \---------
|\ / |
-------------------------- \ / |
|| ------ |
|| Measure |
\/ |
------------------------ --------\/----------
| Decision Criterion | | | Packets
| Controller Module | | Priority Server |-------->
------------------------ | |
|| --------------------
|| /\
|| Accept/Reject Switch |
\/ |
------------------------- ------ |
| / \ |
Probe Queue |/ Server \-----------
|\ /
------------------------- \ /
------
Figure 1: GRIP router operation
Bianchi&Blefari Informational - Expires April 2002 9
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
For convenience of presentation, we assume that the router handles
only GRIP controlled traffic. Other traffic classes (e.g., best-
effort traffic) can be handled by means of additional queues,
eventually with lower priority. At each router output port, GRIP
implements two distinct queues, one for data packets, i.e. belonging
to flows that have already passed an admission control test, and one
for probing traffic. Packets are dispatched to the respective
buffers according to the probe/data DSCP tag. The GRIP router
measures the aggregate accepted traffic. On the basis of the running
traffic measurements, the router enforces a Decision Criterion,
which continuously drives the router to switch between two states:
ACCEPT and REJECT. When in the ACCEPT state, the Probing queue
accommodates Probe packets, and serves them according to the
described priority mechanism. Conversely, when the router switches
to the REJECT state, it discards all the Probing packets contained
in the Probing queue, and blocks all new Probing packets arriving.
In other words, the router acts as a gate for the probing flow,
where the gate is opened or closed on the basis of the traffic
estimates (hence the Gauge&Gate in the acronym GRIP).
This mechanism provides an implicit signaling pipe to the end
points, of which the network remains unaware. Each router is locally
in charge of deciding, on the basis of its own criteria, whether it
can admit new flows, or it is congested. The internal router
decision is summarized in the router state (ACCEPT vs. REJECT), and
it is implicitly advertised to the end points (whose flow setup path
crosses the considered router) by letting Probes cross through the
router (ACCEPT) or blocking probes (REJECT).
With reference to the performance achievable, it is easy to conclude
that the level of QoS support provided depends on the degree of
effectiveness of the Decision Criterion implementation. Several
Measurement-Based mechanisms [BJS00] have been described in the
literature and may be applied to the GRIP routers [e.g., GRO99].
An example of a trivial decision criterion is to accept all Probe
packets when the measured throughput is lower than a given threshold
and reject them packets when the measurements overflow this
threshold. The resulting delay performance depends upon the link
capacity and the traffic model.
Tighter forms of traffic control are possible. As a second example
of a decision criterion, we demonstrated that hard (loss and/or
delay) QoS guarantees can be provided, within a specific domain,
under suitable assumptions on the offered traffic (i.e., traffic
sources regulated by standard Dual Leaky Buckets, as in the IntServ
framework) and with ad hoc defined measurement modules in the
routers [BBFP01].
Bianchi&Blefari Informational - Expires April 2002 10
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
Finally, we note that the decision criterion must not be necessarily
driven by traffic measurements. In fact, it can be driven by lower
layers QoS capabilities, (e.g., ATM, MAC) or by tunable proprietary
schemes.
A last consideration is that GRIP shares with common MBAC schemes
the problem of defining precise admission control criteria when the
admitting flows are very different between each other in their
characteristics and in their required performance. To maintain the
advantages of GRIP, probes should not contain signaling information
to be parsed at core routers (while edge routers could execute this
function, see section 6). A possible way to solve this problem is to
impose that a given admission controlled traffic class is composed
of flows with homogeneous (or at least similar) characteristics and
requirements. In other words, QoS enabled sources are divided in
traffic classes, each comprising homogeneous (or similar) sources.
By envisioning a very small number of traffic classes (e.g., a class
could be IP telephony), each class could be handled in a
differentiated way, (according to the DiffServ approach, with its
own pair of DS codepoints for probing and data), by means of
suitable scheduling mechanisms, similar to those already defined
(e.g., WFQ, separate queues). Further details on this issue can be
found in [BB01].
We conclude by remarking that GRIP does not require any specific
protocol implementation in the core routers, which are stateless and
remain oblivious to individual flows. Scalability is guaranteed by
the fact that (i) no state information is stored in any router,
which handle traffic aggregates and not single flows, and that (ii)
the whole operation is fully distributed: the procedures have a
local scope and each network device operates autonomously.
6 Implicit Cross-Domain Signaling
The principle of packet losses as a way to notify congestion can be
extended to heterogeneous domains, each running independent intra-
domain reservation mechanisms. The foundation for implicit signaling
is only the capability for each ingress node of a domain to
recognize whether a packet contains signaling information versus
data payload, regardless of which specific signaling information is
actually contained. Note that this feature is possible by using
suitable packet marking in the DSCP field of the packet header [see
also BB01].
To better clarify, consider the scenario depicted in figure 2.
Here, the source to destination path comprises three different
domains, namely A, B, and C, each running a different - fictitious -
intra-domain reservation protocol (namely RP1, RP2, RPX). Each
Bianchi&Blefari Informational - Expires April 2002 11
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
reservation protocol has its own scheme, and is triggered by a
signaling packet eventually containing suitable information.
__________ __________ __________
/ \ / \ / \
/ \ / \ / \
|---| |--| |---| |---| |--| |---|
|SRC|--|R1| domain A | R2| domain B | R3| domain C |R4|--|DST|
|---| |--| (RP1) |---| (RP2) |---| (RPX) |--| |---|
\ / \ / \ /
\__________/ \__________/ \__________/
Figure 2: Multi-domain scenario
When the source needs to setup a flow to the destination, it injects
in the network a signaling (probe) packet. Similarly to what
described above in GRIP, the source node is in charge to wait for a
feedback packet, and then activate the flow by emitting data
packets. In case the feedback packet does not arrives back in due
time, the flow setup is aborted.
The signaling packet injected in the network can carry application-
level information to be used at the destination node. In addition,
it can eventually carry information that can be read by some
reservation protocols, e.g. RP1.
First, the signaling packet arrives at the ingress node of domain A.
This node recognizes, in the order, that
a: the packet is a signaling packet, and
b: it contains information usable by the specific reservation
protocol RP1 (e.g. RSVP).
This packet thus triggers the specific edge-to-edge reservation
mechanism RP1 running through domain A. At the end of the
reservation procedure, if the domain is capable of admitting the
flow, then the signaling packet is forwarded out of the domain by
the egress node. Otherwise, it is dropped.
The same approach is adopted at domain B. Here, the difference is
that the specific reservation protocol triggered by the arrival of
the signaling packet is different from that adopted in the previous
domain (e.g., domain B adopts a DS framework augmented with GRIP
admission control functionality, as its inner reservation scheme).
However, the result is semantically consistent with the previous
domain operation, i.e. the triggering packet is forwarded if the
connection can be accepted, and dropped otherwise. No explicit
signaling information is exploited, with the exception of the one
carried by the DS codepoint of the triggering packet [see BB01].
Finally, the triggering packet arrives at the ingress node of domain
C. Here, the ingress node recognizes that the packet is for
Bianchi&Blefari Informational - Expires April 2002 12
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
signaling, but it finds that the packet does not carry information
useful for the reservation protocol RPX (i.e. the packet and even
the relevant DS codepoint is incompatible with this domain inner DS
procedures). Therefore, domain C can decide to:
a: run a "generic" (e.g. un-parameterized) edge-to-edge signaling
procedure
b: drop the packet (i.e. drop the entire flow).
c: simply forward the packet, with no admission control, on a best
effort basis.
Although the above example is very loose, and several problems need
a thorough investigation, nevertheless it appears that such an
implicit signaling approach can be the "glue" for the coexistence of
highly heterogeneous edge-to-edge reservation mechanisms.
Moreover, note that the outlined approach allows the coexistence of
domains running a reservation protocol with best effort domains.
Clearly, the QoS provisioned to the considered end-to-end flow will
be bottlenecked by the worst case domain. But in the same time,
domains that run a reservation mechanism are capable of limiting the
traffic admitted, and thus locally guaranteeing QoS support.
A thorough understanding of this latter issue is of importance. The
cross-domain reservation scheme described above is not necessarily
aimed at providing an end-to-end QoS support or performance
guarantees. Conversely, it is devised to guarantee each domain that
the performance encountered by packets crossing the given domain are
kept under control (depending on the degree of tightness of the
reservation protocol adopted). In other words, our view of the
performance provided is domain-centric, rather than an end-to-end
guaranteed performance view. Eventually, suitable routing schemes
and SLAs can find a path that comprises only QoS aware domains.
Note that this is line with the way of operation of other functions
in the Internet (e.g. routing), which allow different domains to
adopt different schemes.
A last issue regards the definition of DS codepoints to identify
probe (signaling) packets and data packets. In [BB01] we proposed to
use two dropping levels of a given AF class to this purpose.
However, we are aware that our suggested usage of AF is different
(and quite unexpected) from what intended in RFC 2597. The services
that are expected to make use of admission control are RTP/UDP
streams with delay and loss performance requirements, whose support
is currently envisioned by means of the EF PHB. On the contrary, AF
appears designed to provide better than best effort support for
generic TCP/UDP traffic. Thus, our study raises the case for the
transformation of the (single) EF PHB into a PHB class (i.e. by
adding an associated, "paired", probing pipe with a different DSCP).
An alternative is defining new "paired" PHBs.
Bianchi&Blefari Informational - Expires April 2002 13
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
On a different prospective, "paired" PHBs can be envisioned to
support more general control functions than admission control. For
example, the TCP fast retransmission and recovery algorithm might
take advantage of isolated data packets labeled as "control", and
thus expected to encounter loss if (controlled) congestion is
encountered in the network.
7 Appendix D: Security considerations
As all admission control functions, our solution presents the risk
of theft of resources through the unauthorized admission of traffic.
Although, logically, user terminals are the natural nodes where the
endpoint admission control should operate, this is clearly not
realistic, for the obvious reason that the user may bypass the
admission control test and directly send probe packets. Identity
authentication and integrity protection are therefore needed in
order to mitigate this potential for theft of resources [RFC2990].
Administrators are then expected to protect network resources by
configuring secure policers at interfaces (e.g. access routers) with
untrusted customers. Similar protections must be provided at the
interface between different domains. In particular, it may be
necessary to restrict the access to the DS class(es) used for
admission controlled traffic. For example, a DS domain should re-
mark packets when they come from an un-trusted adjacent DS domain.
In more generality, we remark that policing and conditioning rules
enforced at the border routers of each domain depend on the usage of
the considered class within the specific domain and thus have to be
accounted of in the definition of each specific PDB supporting
admission control.
A quite obvious security hazard is flooding the network with probe
packets. The objective is twofold. On one side, denial of service
situations can be easily created, as a massive loading of the
network with probe packets prevent the setup of normal connection.
On the other side, the goal might be to affect fairness: the
continuous transmission of probe packets at a rate higher than
normal connection requests is a mean to gain faster access to
resources when these are made available by a router along the path.
This implies that some form of traffic conditioning and policing is
necessary over probe streams. While it is simple to recognize an
hard attack, by monitoring the probe packets crossing an edge router
(the probe traffic - at most a few packets per originating
connection - is minimal in normal conditions, and thus sudden
increments of the probe load are suspicious), it may be not
straightforward for DS boundary routers to recognize smoother
fairness attacks. However, note that the same fairness problem is
present also in more complex reservation mechanisms, such as RSVP
(malicious users can continuously require setup to increase their
access possibility with respect to normal users).
Bianchi&Blefari Informational - Expires April 2002 14
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
Finally, all the security considerations expressed in [RFC2990]
apply also to our solution.
8 References
[ALM98] W.Almesberger, T.Ferrari, J. Y. Le Boudec: "SRP: a Scalable
Resource Reservation Protocol for the Internet", IWQoS'98, Napa
(California), May 1998.
[BB01] G. Bianchi, N. Blefari-Melazzi: "Per Flow Admission Control
over AF PHB Classes", Internet draft,
draft_bianchi_blefari_admcontr_over_af_phb.txt, March 2001, work in
progress.
[BBFP01] G. Bianchi, N. Blefari-Melazzi, M. Femminella, F. Pugini:
"GRIP: Technical report", work in progress,
(http://conan.diei.unipg.it/netweb/GRIP_tech_rep.pdf).
[BJS00] L. Breslau, S. Jamin, S. Schenker: "Comments on the
performance of measurement-based admission control algorithms", IEEE
Infocom 2000, Tel-Aviv, March 2000.
[BOR99] F. Borgonovo, A. Capone, L. Fratta, M. Marchese, C.
Petrioli, "PCP: A Bandwidth Guaranteed Transport Service for IP
networks", IEEE ICC'99, June 1999.
[BRE00] L. Breslau, E. W. Knightly, S. Schenker, I. Stoica, H.
Zhang: "Endpoint Admission Control: Architectural Issues and
Performance", ACM SIGCOMM 2000, Stockholm, Sweden, August 2000.
[CKN00] C. Cetinkaya, E. Knightly, "Egress Admission Control", Proc.
of IEEE Infocom 2000, Tel-Aviv, March 2000.
[ELE00] V. Elek, G. Karlsson, "Admission Control Based on End-to-End
Measurements", Proc. of IEEE Infocom 2000, Tel Aviv, Israel, March
2000.
[GKE99] R. J. Gibbens, F. P. Kelly, "Distributed Connection
Acceptance Control for a Connectionless Network", 16 ITC, Edimburgh,
June 1999.
[GRO99] M. Grossglauser, D. N. C. Tse: "A Time-Scale Decomposition
Approach to Measurement-Based Admission Control", Proc. of IEEE
Infocom 1999, New York, USA, March 1999.
[KEL00] F. P. Kelly, P. B. Key, S. Zachary: " Distributed Admission
Control", IEEE JSAC, Vol. 18, No. 12, December 2000.
Bianchi&Blefari Informational - Expires April 2002 15
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
[MOR00] R. Mortier, I. Pratt, C. Clark, S. Crosby: "Implicit
Admission Control", IEEE JSAC, Vol. 18, No. 12, December 2000.
[RFC2205] R. Braden, L Zhang, S. Berson, S. Herzog, S. Jamin,
"ResourceReSerVation Protocol (RSVP) - Version 1 Functional
Specification", RFC2205, September 1997.
[RFC2210] J. Wroclawsky, "The use of RSVP with IETF Integrated
Services", RFC2210, September 1997.
[RFC2474] K. Nichols, S. Blake, F. Baker, D. Black, "Definitions of
the Differentiated Service Field (DS Field) in the Ipv4 and Ipv6
Headers", RFC2474, December 1998.
[RFC2475] S. Blade, D. Black, M. Carlson, E. Davies, Z. Wang, W.
Weiss, "An Architecture for Differentiated Services", RFC2475,
December 1998.
[RFC2597] J. Heinanen, F. Baker, W. Weiss, J. Wroclawski, "Assured
Forwarding PHB Group", RFC 2597, June 1999.
[RFC2990] G. Huston, "Next Steps for the IP QoS Architecture",
RFC2990, November 2000.
[RFC2998] Bernet, Y., Yavatkar, R., Ford, P., Baker, F., Zhang, L.,
Speer, M., Braden, R., Davie, B., Wroclawski, J. and E. Felstaine,
"A Framework for Integrated Services Operation Over DiffServ
Networks", RFC 2998, November 2000.
[SZH99] I. Stoica, H. Zhang, "Providing guaranteed services without
per flow management", Proc. of ACM SIGCOMM 1999, Cambridge, MA,
September 2000.
9 Author's Addresses
Giuseppe Bianchi
DIE, University of Palermo
Viale delle Scienze, Parco d'Orleans
90128 Palermo, ITALY
Tel: +39 091 6566 276
E-mail: bianchi@elet.polimi.it
Nicola Blefari-Melazzi
DIEI, University of Perugia
Via G. Duranti 93, 06125 Perugia, ITALY
Tel: +39 075 585 3630
e-mail: blefari@diei.unipg.it
Bianchi&Blefari Informational - Expires April 2002 16
A Migration Path to provide End-to-End QoS over Stateless Networks by
Means of a Probing-driven Admission Control November 2001
10 Full Copyright Statement
"Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Bianchi&Blefari Informational - Expires April 2002 17