Robert Hancock
   Internet Draft                                       Eleanor Hepworth
   Document: draft-hancock-nsis-framework-00.txt      Siemens/Roke Manor
                                                                Research
   Expires: August 2002
                                                        Cornelia Kappler
                                                       Hannes Tschofenig
                                                             Jochen Eisl
                                                           Jorge Cuellar
                                                            Mehmet Ersue
                                                              Siemens AG

                                                             Xiaoming Fu
                                                             Holger Karl
                                                               TU Berlin

                                                          Marcus Brunner
                                                                     NEC

                                                         Andreas Kassler
                                                       University of Ulm

                                                       February 22, 2002


           Towards a Framework for QoS Signaling in the Internet
                   <draft-hancock-nsis-framework-00.txt>

Status of this Memo

   This document is an Internet-Draft and is in full conformance
   with all provisions of Section 10 of RFC2026.


   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
        http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
        http://www.ietf.org/shadow.html.

   Hancock et al.    Informational - Expires August 2002             1                 Towards a Framework for QoS Signaling    February 2002


Abstract

   This Internet Draft presents a framework for further development of
   QoS signaling in the Internet. We give a basic model for the
   entities involved in QoS signaling, which is intended to be
   applicable to a very wide range of networking environments, while
   still retaining the flexibility to allow lightweight implementations
   in particular environments and incremental deployment in the
   Internet as a whole.

   As well as the details of the framework itself, we also relate it to
   the NSIS requirements work by mapping the framework to the
   requirements themselves. We also present an initial assessment of
   the applicability of existing QoS mechanisms to be used within the
   framework. Security, scalability, and resilience are considered as
   special issues. The framework leaves open a number of questions
   relating to tradeoffs between simplicity and flexibility, and these
   are summarized in the conclusions.

Table of Contents

   1  Introduction ...................................................3
   1.1  Fundamental Approach .........................................4
   1.2  Scope and Design Principles ..................................5
   1.3  Document Structure ...........................................6
   2  Terminology ....................................................7
   3  Framework Overview .............................................7
   3.1  Fundamental Building Blocks ..................................7
   3.2  Fundamental Network Structures ..............................10
   3.3  Abstract Entities in QoS Signaling paths ....................14
   3.4  Basic Signaling Paths .......................................17
   3.4.1 Sender Initiated ...........................................18
   3.4.2 Receiver Initiated Reservations ............................18
   3.4.3 Bi-Directional Reservations ................................20
   3.5  Impact of Accounting Considerations .........................22
   3.6  Security Overview ...........................................23
   3.7  Refinements and Extensions ..................................24
   3.7.1 Proxy NSIS Agents ..........................................24
   3.7.2 Multicast ..................................................25
   4  Fundamental Framework Components ..............................26
   4.1  Interactions with Application Layers ........................26
   4.2  Interactions with QoS Provisioning ..........................27
   4.3  NSIS Signaling Protocols ....................................28
   4.4  NSIS Signaling Data .........................................30
   4.5  Routing Aspects .............................................32
   4.5.1 Implicit Routing of Signaling Packets ......................32
   4.5.2 Impact of Multi-Field Routing ..............................34
   5  Application to Generic Signaling Scenarios ....................35

   Hancock et al.    Informational - Expires August 2002             2                 Towards a Framework for QoS Signaling    February 2002


   5.1  Network / Proxy / Edge / End Signaling Scenarios ............35
   5.2  End-to-Network Signaling and Interworking with Higher-Layer QoS
   Signaling.........................................................35
   5.3  Transparent path traversal ..................................36
   5.4  Use of NSIS Signaling in QoS Provisioning ...................36
   5.5  Aggregation and Hierarchical Reservations ...................38
   5.5.1 NSIS Aggregation Techniques ................................38
   5.5.2 Aggregation Context ........................................40
   5.6  Operation over Addressing and Other Boundaries ..............40
   5.7  Support for Adaptive Applications ...........................42
   6  Applicability of Other QoS Frameworks and Protocols ...........43
   6.1  Incremental Deployment in an NSIS-Unaware Internet ..........43
   6.1.1 Step 1: NSIS compliant Islands .............................44
   6.1.2 Step 2: Heterogeneous Infrastructure .......................44
   6.1.3 Step 3: Widespread deployment of NSIS ......................45
   6.2  Basic Diffserv ..............................................45
   6.3  Basic Intserv ...............................................45
   6.4  RMD .........................................................45
   6.5  MPLS ........................................................47
   6.6  Bandwidth Broker ............................................47
   7  Possible NSIS Signaling Protocols .............................48
   7.1  RSVP and its Extensions .....................................48
   7.2  RSVP ultra-lite .............................................50
   7.3  In-band QoS Signaling .......................................51
   8  Possible NSIS QoS Class Descriptors ...........................52
   9  Security Considerations .......................................53
   9.1  End-Node to Network Signaling ...............................53
   9.2  Network to Network ..........................................57
   9.3  End-to-End ..................................................59
   10 Resilience and Scalability Considerations .....................60
   10.1 Resilience ..................................................60
   10.2 Scalability .................................................61
   11 Conclusion ....................................................63
   12 References ....................................................66
   13 Acknowledgments ...............................................67
   14 Author's Addresses ............................................67
   Appendix A. Mapping to Requirements ..............................69

 1  Introduction

   This Internet Draft presents a framework for further development of
   QoS signaling in the Internet. We give a basic model for the
   entities involved in QoS signaling, which is intended to be
   applicable to a very wide range of networking environments, while
   still retaining the flexibility to allow lightweight implementations

   Hancock et al.    Informational - Expires August 2002             3                 Towards a Framework for QoS Signaling    February 2002


   in particular environments and incremental deployment in the
   Internet as a whole.

   As well as the details of the framework itself, we also relate it to
   the NSIS requirements work [1], by comparing the framework to the
   requirements themselves. We present an initial assessment of the
   applicability of existing QoS mechanisms to be used within the
   framework. Security, scalability, and resilience are considered as
   special issues.

 1.1  Fundamental Approach

   Our basic approach is to define a set of entities which represent
   the QOS signaling and associated functions within and 'around' a
   single node. With a minor generalization, they can also represent a
   group of nodes which act as a unit for NSIS QoS signaling purposes
   (the 'virtual router'.)

   This approach is similar to that taken in the Policy area, where the
   abstract definition of Policy Enforcement and Policy Decision
   concepts allows their use in a wide variety of network scenarios.
   The same motivation applies in this case: the full variety of ways
   in which QoS signaling might get implemented in real networks is
   still unclear, and the more abstract the component definitions, the
   more deployment possibilities are enabled. In particular, we have
   avoided building the framework on concrete assumptions about
   possible network topologies and hierarchies, instead building these
   up from the basic components as a validation exercise.

   A second analogy can be drawn with the way routing is now handled in
   the Internet. The full routing problem is probably comparable in
   complexity to the full QoS signaling problem, and a modular routing
   framework has evolved which allows this problem to be solved
   piecemeal. For example, the host and network parts are quite
   decoupled, and the inter- and intra-domain areas are handled
   separately. Also, multicast is nowadays considered as a function to
   be built alongside or on top of unicast routing rather than as an
   integrated part of it. We believe that the same level of
   decomposition is both necessary and appropriate in considering QoS
   signaling solutions, which need to be both widely applicable without
   imposing the burden of a single full solution on all participating
   nodes.

   It is our intention that the framework is used to derive more
   concrete requirements for QoS signaling protocols and data, and
   possibly QoS extensions to existing protocols. This could be done by
   a more formal analysis of NSIS requirements in the context of the
   framework, and development of additional implementation requirements
   on the protocols themselves. The framework can also serve as a
   context for evaluating existing QoS and other mechanisms, either to
   be parts of the NSIS solution, or for interactions with it in areas
   such as accounting or application layer interactions.

   Hancock et al.    Informational - Expires August 2002             4                 Towards a Framework for QoS Signaling    February 2002



   Security is considered an integral problem within the framework
   itself. The reason for this is that when any differential QoS
   mechanism is available in a network, it may immediately become a
   target for abuses such as theft and denial of service; the
   assumption is commonly made that this is controlled by requiring
   some kind of authentication and accounting relationship between
   entities in the network. However, this only works if the
   corresponding security relationships are consistent with the way
   that the threats of QoS abuse propagate from peer to peer within the
   network. In other words, the QoS framework must be underpinned with
   a compatible security framework.

 1.2  Scope and Design Principles

   The fundamental goals of the framework presented here are three-
   fold:
   *) Applicability
   *) Adaptability
   *) Re-use

   'Applicability' means that minimal assumptions are made about the
   environment within which the framework can be used. It is supposed
   to be applicable in both access and core contexts, for fixed and
   wireless and mobile networks; also, it can operate over various
   boundary types, as administrative domain boundaries and also address
   space boundaries (including IPv4-IPv6 boundaries), and does not
   assume any single style of QoS provisioning paradigm. (A consequence
   of this wide applicability is that the core framework itself must be
   rather minimal, which is also a desirable characteristic.)

   Because we believe that network structures will continue to evolve
   into progressively more complex and nested relationships, we have
   avoided assuming any particular type of network hierarchy or
   classification of node types. The fundamental framework contains a
   single type of node that processes QoS signaling, which can be
   decorated with particular selections of signaling protocols and
   upper/lower layer interactions without modifying the overall
   operation.

   'Adaptability' means that the way the framework is instantiated in
   any particular node or network type must be adaptable to the special
   needs of that environment. For example, it must be possible to make
   it lightweight for hosts at the edge of the network while making it
   scalable in the core; security requirements are also likely to be
   network scenario dependent. In particular, the framework must be
   able to adapt to the fact that large parts of the Internet will at
   least initially be NSIS-unaware, so incremental, minimal-pain
   deployment must provide benefits even in this case.

   The main method for achieving this is to make the framework modular,
   so different parts can be adapted relatively independently: in

   Hancock et al.    Informational - Expires August 2002             5                 Towards a Framework for QoS Signaling    February 2002


   particular, the protocols used to carry QoS reservation information
   are considered independent of the that information itself, and QoS
   provisioning is treated strictly as a local matter, independent of
   these (allowing any QoS provisioning paradigm).

   'Re-use' means that the framework must be able to incorporate
   existing QoS solutions in a natural way, otherwise networks could be
   forced to deploy multiple QoS technologies in parallel. In this
   draft, we have considered the applicability of both existing
   architectural approaches to QoS such as DiffServ, RMD, and Bandwidth
   Brokering (section 6) and made an initial assessment of possible
   signaling protocols such as RSVP (section 7).

   A second aspect of re-use is that we have attempted to minimize the
   problem space of NSIS by having the framework hook into other
   functions - such as user administration, accounting and especially
   upper layer applications - in a well defined way, with a clear
   function split between these functions and NSIS. A secondary benefit
   of this is that these functions can be implemented with consistent
   interactions with QoS elements of the network layer, without having
   to be adapted to multiple QoS technology choices.

 1.3  Document Structure

   The document is structured as follows:
   - Section 2 introduces the additional terminology used within the
   draft.
   - Section 3 describes the framework, providing an overview of the
   entities and signaling concepts.  The different signaling options
   that should be considered for support by the framework are discussed
   and a brief overview of accounting and security considerations is
   included.
   - Section 4 explores in more detail the framework components, and
   discusses interactions with higher layer functions.  The interaction
   with local QoS provisioning mechanisms and routing are also
   highlighted.
   - Section 5 discusses various generic scenarios to illustrate the
   use of the functions and definitions described in the previous
   sections.
   - Section 6 describes other QoS frameworks and protocols and
   analyses how aspects of these solutions could be re-used within the
   scope of the NSIS framework.
   - Section 7 considers existing and potential future QoS signaling
   proposals and evaluates their suitability as an NSIS signaling
   protocol.
   - Section 8 provides on overview of existing QoS parameter
   descriptors, and analyses their applicability to the framework
   - Section 9 details the security aspects related to the framework.
   - Section 10 analyses the framework with regard to resilience and
   scalability concerns.
   - Section 11 describes the conclusions that can be drawn from the
   framework and highlights open issues that need to be addressed.

   Hancock et al.    Informational - Expires August 2002             6                 Towards a Framework for QoS Signaling    February 2002


   - Appendix A analyses the framework against the relevant
   requirements provided in [1].

 2  Terminology

   Where possible, this draft uses the terminology defined in [1].
   Exceptions and additions are stated here.

   Administrative Domain: a region of the network whose boundaries are
   defined by the point where common administrative control ends. Also
   called a QoS Domain or simply Domain in [1].

   Edge router: router at the boundary of a domain or QoS subdomain
   boundary; may be responsible for aggregation, shaping/policing, or
   similar QoS functions.

   NSIS Agent: any entity that takes part in NSIS QoS signaling. QoS
   Controllers and QoS Initiators (as defined in [1]) are particular
   types of NSIS Agents.

   Proxy NSIS Agent: an NSIS agent that acts on behalf of an end host
   (which might or might not be NSIS aware).

   QoS Provisioning Signaling: the signaling messages that are used to
   communicate provisioning commands from a QoS controller to its
   routers; part of the overall QoS provisioning mechanism. QoS
   provisioning signaling only exists where the QoS controller is
   physically separate from the routers it controls.

   Virtual Router: all routers provisioned under the control of a
   single QoS controller, and seen as a unit by the NSIS signaling.

 3  Framework Overview

 3.1  Fundamental Building Blocks

   This section introduces the building blocks used within the
   framework and the motivation for their definition.

   The QoS Initiator and QoS Controller concepts introduced in [1] can
   be placed at many different locations within a network, and made to
   interact with many other entities.  However, their QoS signaling
   attributes are not altered by differences in location, so it is
   possible to simplify the QoS initiator and QoS controller concepts
   to a single case and define how it supports QoS signaling.

   This single entity can then be taken and used to build more
   complicated scenarios by:
   -     linking entities together in various different ways, such as
     allowing two entities in neighboring domains to exchange
     information or allowing an entity to initiate QoS signaling for an
     aggregate.

   Hancock et al.    Informational - Expires August 2002             7                 Towards a Framework for QoS Signaling    February 2002


   -     giving the entities additional non-NSIS functions such as the
     ability to interact with applications, the ability to know about
     routing in the local network, or the ability to know about domain
     wide resource utilization etc.

   Figure 1 illustrates the framework entity identified above.

                           ^       ^        ^
                           .       .        .
                      Accounting   .   User Admin
                     Interaction   .  Interaction
                           .       .        .
                           .  Application   .
                           .  Interaction   .
                           .       .        .
                           V       V        V
                          +------------------+
                          |    NSIS Agent    |
                          |                  |
                          | +-------------+  |
                          | |             +=======================+\
                          | |             | Outgoing QoS requests   \
                          | |             | "I want QoS X2 for       >
                          | |     QoS     | packets described by Y" /
   +======================+ |     Flow    +=======================+/
   |Incoming QoS requests  \| Interworking|  |
   |"He wants QoS X for     >             | /+.....................+\
   |packets described by Y"/|             |/    Interaction with     \
   +======================+ |             <     routing, traffic      >
                          | |             |\    engineering etc.     /
                          | |             | \+.....................+/
                          | |             |  |
                          | |             |  |
                          | |             +=======================+\
                          | |             | Outgoing QoS requests   \
                          | |             |"I want modified QoS Z for>
                          | |             | packets described by Y" /
                          | |             +=======================+/
                          | +-------------+  |
                          |                  |
                          +-----+-----+------+
                                .     .
                                . QoS .
                             Provisioning
                               (local or
                                remote)
                                .     .
                                +     +
                                 \   /
                                  \ /
                                   v
                        Figure 1: Basic NSIS Agent

   Hancock et al.    Informational - Expires August 2002             8                 Towards a Framework for QoS Signaling    February 2002



   This framework entity is referred to as an NSIS agent.  NSIS agents
   communicate with each other using peer-to-peer QoS protocols, which
   carry the QoS information between NSIS Agents to provision resources
   for a traffic flow.

   Therefore, the NSIS Agent peer-to-peer protocol can be sub-divided
   into two parts:
   -     the NSIS signaling protocol that carries data including the QoS
     parameters, and which has to carry out operations such as peer
     discovery, and that should support features such as reservation
     timeouts.
   -     the NSIS signaling data that represents the flow and associated
     QoS requirements.
   These aspects are discussed further in sections 4.3 and 4.4.

   Different configurations of NSIS Agent can be identified based on
   their interactions with surrounding functions and optional
   capabilities in processing of QoS signaling messages.  These are as
   follows:
   -     If the NSIS Agent does not receive input signals from peer agents
     concerning QoS requirements, it probably receives QoS request
     information from the higher layers (applications).
   -     NSIS Agents can support N inputs and M outputs corresponding to a
     given flow, but 1:1 and n:1/1:n (to reflect the aggregation/
     deaggregation case) are the only common ones.
   -     QoS provisioning can be treated as a black box (invoked in an
     implementation dependent way for example via a technology-specific
     convergence layer) if the QoS provisioning signaling used when
     carrying it out cannot be fitted into the framework. In this
     sense, there may be QoS signaling protocols that do not come under
     the NSIS 'umbrella'; our general intention is to fit existing
     protocols into the framework if this can be done simply, but there
     is no aim to generalize the framework to cover all possible QoS-
     related protocols.
   -     Conversely, if the NSIS signaling is being propagated along the
     traffic path within the network, it might be used directly to
     control the local QoS provisioning, and no additional provisioning
     actions are needed from the QoS controller.
   -     Some NSIS agents might simply do protocol or address boundary
     interworking, or gather and forward accounting/authorization
     information. In this case, they wouldn't perform any QoS
     provisioning or modify the flow signaling at all.
   -     Specialised NSIS Agents may interact with routing protocols or
     traffic engineering protocols etc. to support features such as
     sophisticated path capability discovery. See Section 4.5
   -     NSIS Agents can assume the role of proxy, and in this capacity can
     initiate and terminate signaling on behalf of a QoS initiator.
     Further details of this are provided in Section 3.7.1.

   Hancock et al.    Informational - Expires August 2002             9                 Towards a Framework for QoS Signaling    February 2002


 3.2  Fundamental Network Structures

   In this section, we introduce some representative network structures
   which can be used to describe the range of actual allowable
   deployments of the fundamental NSIS agent building blocks of section
   3.1. At the highest level, we can picture the networks across which
   QoS is signaled with the following structure. The complete end to
   end path covers a number administrative domains, each carrying a
   single path segment. (Within each domain there may be further
   subdomains corresponding to QoS technology boundaries.)


   [+]------------------------- Path -------------------------------[+]

             [+]------- Path Segment ---------[+]

                          --------
   +------+  +-------+////        \\\\+--------+
   | End  +--| Edge  | Administrative |  Edge  |
   | Host |  | Router|    Domain      | Router |
   +------+  +-------+\\\\        ////+--------+
                          --------        .
                                          .
                             ..............
                             .
                             .         --------
                         +--------+////        \\\\+--------+  +------+
                         | Edge   | Administrative | Edge   +--+ End  |
                         | Router |    Domain      | Router |  | Host |
                         +--------+ \\                                   \  \        ////+--------+  +------+
                                       --------

                         [+]------- Path Segment ---------[+]

                   Figure 2: Top Level Network Structure

   We believe that it is crucial to consider the complete end to end
   path and then work down in detail to individual hops: this is partly
   because QoS is meaningful primarily as an end to end concept, and
   also because several critical technicalities (such as asymmetric
   routing) are emphasized by this 'macro' view.

   At this level, we see the network foremost at the level of
   administrative domains and QoS subdomains rather than individual
   routers (except in the special case that the domain contains one
   link). Because administrative domains are defined as administrative
   entities, we can expect that special security requirements apply to
   the signaling between them. Subdomains are introduced to allow the
   fact a given QoS provisioning mechanism may only be used within a
   part of a domain, typically for a particular subnetwork technology
   boundary. Another example might be that a subdomain uses some
   special routing mechanisms, e.g. to support mobile hosts, and that

   Hancock et al.    Informational - Expires August 2002            10                 Towards a Framework for QoS Signaling    February 2002


   this may indirectly force the use of special QoS provisioning
   methods. End hosts may be connected through one or more domains;
   this is indicated by the dotted line in Figure 2.

   Note that although the simple idea of a sequence of domains with one
   level of subdomain covers many basic scenarios, it is certainly not
   rich enough to encompass the possible configurations that could
   arise in the real-world. For example:
   *) Administrations could be nested (reflecting internal
   organizational boundaries, where some subset of typical accounting
   or security requirements might be applicable).
   *) An end-user (as seen by the network) might support multiple end-
   hosts (as seen by the user). Examples might be a dial-up user
   supporting a home network, or a mobile cellular user supporting a
   PAN; in each case, the full weight of a single 'network-network'
   interface would be inappropriate.
   *) There may be address space or technology boundaries within or
   between networks, whose problems need to be addressed specially.

   For these reasons, we have not tried to identify a specific
   hierarchy of protocols; the framework is supposed to be more
   generally applicable. Once consistency of the framework at the
   overall level is understood, detailed requirements for protocols can
   be considered in terms of particular scenarios.

   Aggregation typically takes place at both domain and subdomain
   boundaries, where edge routers are located. Edge routers may have
   more responsibility than other routers, for example to carry out
   this aggregation, or perform admission control. Where these
   functions involve interactions with QoS signaling, there will be an
   NSIS agent performing this signaling role.

   The next figure shows the general structure of a domain or
   subdomain, which is simply a network of connected routers.

   Hancock et al.    Informational - Expires August 2002            11                 Towards a Framework for QoS Signaling    February 2002



      +------------------------------------------------------------+
      |                QoS (sub)domain using any                   |
      |                     QoS technology                         |
      |                                            +------+        |
      |                  +------+                  |Router|        |
      |                  |Router|    +------+      |      |        |
   +------+              |      |    |Router|------|      |----+------+
   | Edge |--------------|      |----|      |      +------+    | Edge |
   |router|              +------+    |      |        /         |router|
   |      |\               /   \     +------+       /         /|      |
   +------+ \             /     \          \       /         / +------+
      |      \           /       \          \     /        /       |
      |       \         /      +------+      \   /       /         |
      |        \   +------+    |Router|    +------+     /          |
      |         \  |Router|    |      |    |Router|   /            |
      |          \ |      +----|      |----+      | /              |
      |           \|      |    +------+    |      |/               |
      |            +------+                +------+                |
      +------------------------------------------------------------+

               Figure 3: General Domain/Subdomain Structure

   One particular scenario is that the resources of these routers may
   be governed by the decisions of a bandwidth broker, as shown in
   Figure 4.

      +-----------------------------------------------------------+
      |                   Domain/Subdomain                        |
      |                                                           |
      |                     +-----------+                         |
      |.....................| Bandwidth |.........................|
      |.            ........|  Broker   |............            .|
      |.            .       +-----------+           .            .|
      |.            .        .    .   .           +------+       .|
      |.            .   +------+  .   .           |Router|       .|
      |.            .   |Router|  . +------+      |      |       .|
   +------+         .   |      |  . |Router|------|      |----+------+
   | Edge |-------------|      |----|      |      +------+    | Edge |
   |router|         .   +------+  . |      |        /         |router|
   |      |         .     /   \   . +------+       /         /|      |
   +------+\        .    /     \  .       \       /         / +------+
      |     \       .   /       \ .        \     /        /       |
      |      \      .  /      +------+      \   /       /         |
      |       \   +------+    |Router|    +------+     /          |
      |        \  |Router|    |      |    |Router|   /            |
      |         \ |      +----|      |----+      | /              |
      |          \|      |    +------+    |      |/               |
      |           +------+                +------+                |
      +-----------------------------------------------------------+

            Figure 4: Bandwidth Broker in a Domain or Subdomain

   Hancock et al.    Informational - Expires August 2002            12                 Towards a Framework for QoS Signaling    February 2002


   Bandwidth broker or similar solutions can be expected to be common
   mechanisms where large or complex domains need to be QoS aware, and
   it is therefore important to consider how to fit them into the
   overall NSIS framework. At a minimum, we need to be able to
   propagate NSIS signaling between end hosts transparently through
   such a domain; ideally, there should be some interaction with the
   bandwidth broker itself to ensure that the provisioning it carries
   out reflects the QoS requirements of the underlying flows. The NSIS
   framework needs to define what mediates this interaction and where.

   Note that we don't consider the BB-router signaling as a fundamental
   part of NSIS, since it is essentially a local mechanism. However,
   there is an option to exploit work done in defining NSIS for use to
   carry out this type of remote provisioning. This possibility is
   discussed in section 5.4.

   A particularly crucial point to note about the macro-scale network
   structure is that end to end packet flows are likely to be
   asymmetric, and this applies to both signaling and data packets. A
   characteristic situation is shown in Figure 5. This simple fact has
   significant impact on the signaling possibilities even within a
   single edge domain, since only in special cases can the entry point
   for incoming traffic be predicted or controlled, in which case QoS
   signaling for this traffic has to be carefully routed. More
   implications of this situation are considered in section 3.4.


   >> = traffic flow H1->H2
   << = traffic flow H2->H1        +-------+
   H = Host                        |  QoS  |
   R = Router      +-----+         | domain|
                   |     |        +-+      |
                   |    +-+>>>>>>>|R|>     |
                   |   >|R|       +-+ >    |
                   |  > +-+        |   >  +-+
                   | >   |         |    >>|R|
                   |>    |         |      +-+
                   >     |         +------ >
   +--+    +-+    +-+    |                 >
   |H1|><><|R|<><>|R|    |                 >
   +--+    +-+    +-+<    \               +-+
                   |  <   |            +--|R|>----+
                   |   <  |            |  +-+ >   |
                   |    <+-+           |       > +-+
                   |     |R|<<<<<<<<   |        >|R|>>>>>+--+
                   |     +-+        < +-+        +-+     |H2|
                   | QoS  |          <|R|<<<<<<<<<<<<<<<<+--+
                   |domain|           +-+         |
                   +------+            |QoS domain|
                                       +----------+

             Figure 5: Asymmetric Routing at the Domain Level

   Hancock et al.    Informational - Expires August 2002            13                 Towards a Framework for QoS Signaling    February 2002


 3.3  Abstract Entities in QoS Signaling paths

   The NSIS requirements are phrased in terms of two abstract entities,
   the QoS Initiator, and the QoS Controller.

   The QoS initiator starts the request for QoS for a user flow.  It
   might be located in the end system or within some part of the
   network, such as the edge router for an access network, or even an
   application layer proxy. The distinguishing feature of the QoS
   initiator is that it acts on triggers coming (directly or
   indirectly) from the higher layers in the end systems, mapping the
   QoS requested by them. It also provides feedback information to the
   higher layers which might be used by transport layer rate management
   or adaptive applications.

   In our model, the QoS initiator is a particular instance of the
   generic NSIS agent shown in Figure 1, which will have
   *) Triggers from and feedback to upper layer applications
   *) Typically, no incoming QoS requests
   *) Typically, one outgoing QoS request per application data flow
   *) Local QoS provisioning functions for the first hop (for both the
   IP and link layers)

   Likewise, the QoS controller manages and enforces QoS further along
   the path. It might be located in some or all routers, or in a
   separate network element, e.g. in a bandwidth broker (note therefore
   that QoS controllers are not constrained to lie on the traffic
   path). If QoS is to be provisioned on a path segment, there must be
   at least one QoS controller to do this (but this would not be needed
   for example in overprovisioned QoS subdomains). The QoS controller
   does not interact with higher layers, but interacts with the QoS
   initiator and possibly more QoS controllers further along the path.

   In our model, the QoS controller is another particular instance of
   the generic NSIS agent, which will have:
   *) Incoming and outgoing QoS requests. Incoming QoS requests are
   interworked to outgoing requests. The interworking might consist of
   managing additional flows (e.g. aggregation or disaggregation), or
   interpreting the QoS requested by the user in terms of the QoS
   allowed by some SLA (e.g. on inter-domain links).
   *) If the local QoS cannot be provisioned by sending the appropriate
   outgoing QoS request, subdomain-specific QoS provisioning signaling
   can be invoked. In this case, the provisioning mechanism is opaque
   to NSIS and can be locally implementation specific.
   *) Accounting and authentication information may be exchanged with
   local AAA nodes. The precise protocol used to do this is again
   outside the scope of NSIS signaling.

   The QoS initiator and controller(s) interact with each other. This
   interaction involves the exchange of data (QoS control information)
   over some signaling protocol. In terms of our framework, this is
   simply considered as a peer-peer protocol exchange between NSIS

   Hancock et al.    Informational - Expires August 2002            14                 Towards a Framework for QoS Signaling    February 2002


   agents (i.e. there is no client-server concept, or differences
   between initiator-controller and controller-controller protocols
   built into the framework, although the protocol selected may still
   depend on the local environment).

   A simple layer model covering a single path segment with a single
   QoS controller is shown in Figure 6. The scope of NSIS within the
   context of this diagram is therefore the protocol between the NSIS
   agents (initiator and controller), including selection of signaling
   protocols to carry the QoS information, and the syntax/semantics of
   the information  that is exchanged. The provisioning is being
   carried out using non-NSIS mechanisms.


   ..............   ................
   .  request/  .   .  response/   .
   .trigger from.   . feedback to  .
   .higher layer.   .higher layers .
   ..............   ................
            |         ^
            |         |
            |         |        ...............
            |         |        . QoS Control .
            V         |        . Information .
       +----------------+      ...............     +----------------+
   --->|                |------------------------->|                |->
       |                |      QoS signaling       |                |
       | QoS Initiator  |     (request/query,      | QoS Controller |
       |                |   response/error etc.)   |                |
   <---|                |<-------------------------|                |<-
       +----------------+                          +----------------+
        ^              |                            ^              |
        | ............ |                            | ............ |
        |     QoS      |                            |     QoS      |
        | provisioning |                            | provisioning |
        |  commands &  |                            |  commands &  |
        |  responses   |                            |  responses   |
        | ............ |                            | ............ |
        |              |                            |              |
        |              V                            |              V
      +--------------------------------------------------------------+
      |        Administrative domain or QoS domain using any         |
      |                        Qos technology                        |
      |                                                              |
      |     +------+       +------+                     +------+     |
      |     | Edge |       |Router|                     | Edge |     |
   =========|Router|=======|      |=====================|Router|=======
      |     |      |       |      |       flow path     |      |     |
      |     +------+       +------+                     +------+     |
      +--------------------------------------------------------------+

                   Figure 6: Generic scope of signaling

   Hancock et al.    Informational - Expires August 2002            15                 Towards a Framework for QoS Signaling    February 2002



   A second diagram, Figure 7, concentrates more on the overall end to
   end (multiple QoS domains) aspects, in particular:

   1. The QoS initiator need not be located at the end system (for
   example, it might be an application signaling server), and the QoS
   controllers are not assumed to be located on the flow path. However,
   they must be able to identify the next hop QoS controller, to do
   which might require knowledge about the path's egress point; more
   detailed path information might be required to carry out the QoS
   provisioning correctly.

   2. Only a unicast flow is shown, with the QoS initiator at or near
   one end. However, we do not exclude bi-directional flows with the
   QoS requested by either end. Multicast or anycast flows or flows
   with variable paths within a subdomain (e.g. to a mobile end system)
   are also logically possible.

   3. Any domain may contain QoS administration functions (e.g. to do
   with traffic engineering, admission control, policy and so on).
   These are assumed to interact with the QoS initiator and controllers
   (and end systems) using standard mechanisms.

   Although the figures show QoS controllers at a very limited number
   of locations in the network (e.g. at domain or subdomain borders, or
   even controlling a complete domain), this is only one possible case.
   In general, we could expect QoS controllers to become more 'dense'
   towards the edges of the network, but this is not a requirement. An
   overprovisioned domain might contain no QoS controllers at all (and
   be NSIS transparent); at the other extreme, QoS controllers might be
   placed at every router. In the latter case, QoS provisioning can be
   carried out in a local implementation-dependent way without further
   signaling.


   Hancock et al.    Informational - Expires August 2002            16                 Towards a Framework for QoS Signaling    February 2002



                            +--------------------------+
                            |   Administrative Domain  |
   +----+    flow path     +-+                        +-+
   |Host|==================|R|========================|R|==========++
   +----+            /     +-+                        +-+          ||
         \          /       | \                      / |           ||
          \ +----+ /        |  \+----+        +----+/  |           ||
           \|QoS |/         |   |QoS |        |QoS |   |           ||
            |init|          |   |cont|        |cont|   |           ||
            +----+          |   +----+        +----+   |           ||
                            |      ^            ^      |           ||
                            |      |            |      |           ||
                            |      V            V      |           ||
   +-+                      |   +------------------+   |           ||
   |R| = Edge router        |   |QoS administration|   |           ||
   +-+                      |   |    functions     |   |           ||
                            |   +------------------+   |           ||
                            +--------------------------+           ||
                                                                   ||
                   +-----------------------------------------+     ||
                   |           +--------------------+        |     ||
                   |     +-----|   QoS controller   |--+     |     ||
                   |    /      +--------------------+   \    |     ||
                   |   /                                 \   |     ||
                   |  /     +--------------------------+  \  |     ||
                   | /      |      QoS Subdomain       |   \ |     ||
    +----+        +-+      +-+                        +-+   +-+    ||
    |Host|========|R|======|R|************************|R|===|R|====++
    +----+        +-+      +-+     aggregate path     +-+   +-+
                   |        | \                      / |     |
                   |        |  \+----+        +----+/  |     |
                   |        |   |QoS |        |QoS |   |     |
                   |        |   |cont|        |cont|   |     |
                   |Admin.  |   +----+        +----+   |     |
                   |Domain  +--------------------------+     |
                   +-----------------------------------------+

               Figure 7: Signaling in Multiple (QoS) Domains

 3.4  Basic Signaling Paths

   It has been a long term question in NSIS whether and how to support
   different reservation models, sender initiated, receiver initiated,
   or bi-directional. (Here, 'sender/receiver' refers to the direction
   of user traffic flow, while 'initiated' refers to the role of the
   QoS initiator. A bi-directional reservation is logically a
   combination of a sender and receiver initiated reservation carried
   out by a single QoS initiator.)

   There are several models for how this might take place at the macro-
   level (i.e. at the level of whole domains). Which model is used must

   Hancock et al.    Informational - Expires August 2002            17                 Towards a Framework for QoS Signaling    February 2002


   be fixed at this level level, since this cannot be decided locally
   without harming interoperability, especially taking into account
   that asymmetric routing is possible even at the domain level as
   discussed earlier.

 3.4.1  Sender Initiated

   Considering a sender initiated reservation for a single
   unidirectional flow, the eventual setup must converge to the
   situation shown in Figure 8. In the figure, each 'QC' represents a
   single 'virtual router' which could be a complete domain.

                    +---+     +---+             +---+
                    |QC1|-----|QC2|             |QC4|
                   /+---+     +---+\           /+---+\
                  /                 \         /       \
                 /                   \       /         \
            +--+/                     \+---+/           \+---+
            |QI|                       |QC3|             |QC5|
            +--+                       +---+    \        +---+
                                                |\
                     +--------------------------+ \
                     |       Traffic Flow          >
                     +--------------------------+ /
                                                |/
                                                /

               Figure 8: Basic Sender Initiated Reservation

   Here, it is natural to assume that the actual reservation message is
   generated at the QoS initiator QI, and then propagated sequentially
   through the QoS controllers QC1...QC5 to the endpoint. Since this
   runs in the same direction as the traffic flow, the underlying IP
   routing of the signaling packet towards the flow destination can
   usually be exploited to find the next hop QoS controller, although
   other mechanisms might also be allowed for particular inter-domain
   NSIS protocols. The use of the underlying routing protocol to reach
   the next QoS controller (shorthand: the 'routing method') is
   discussed in more detail in section 4.5.

   We therefore make the assumption that basic signaling message flows
   follow this pattern in the sender initiated case. Note that no
   special forwarding state is needed in the QoS controllers to route
   the signaling messages.

 3.4.2  Receiver Initiated Reservations

   In this case, the basic picture is very similar, except that the
   traffic flow is in the opposite direction. Because of asymmetric
   routing, QC2/3/4 have been replaced by QCa/b/c for the reverse
   direction. However, we cannot assume that propagation of the
   signaling messages from the QoS initiator is possible in the same

   Hancock et al.    Informational - Expires August 2002            18                 Towards a Framework for QoS Signaling    February 2002


   way as in the sender initiated case, because the underlying IP
   routing cannot be used to route the signaling packets backwards.

   Even if some QoS controllers can be configured to know their
   upstream neighbor for a particular flow, if even a single one (e.g.
   at an inter-domain boundary) needs the routing method to discover
   its neighbor, the whole signaling procedure will fail.

                    +---+             +---+
                    |QC1|             |QCb|
                   /+---+\           /+---+\
                  /       \         /       \
                 /         \       /         \
            +--+/            +                            \ ---+/           \+---+     +---+
            |QI|             |QCa|             |QCc|-----|QC5|
            +--+        /    +---+             +---+     +---+
                       /|
                      / +--------------------------+
                     <          Traffic Flow       |
                      \ +--------------------------+
                       \|
                        \

              Figure 9: Basic Receiver Initiated Reservation

   There appear to be two basic solutions to this problem:

   *) "RSVP style": Here, a message must be sent from the far end
   (QC5), which can use the routing method to work along QCc/b/a/1 back
   to QI. At each stage, per-flow forwarding state must be installed in
   the QoS controllers and QI so that each knows its upstream neighbor.
   (This message can also be used to probe for resources.) Then, the
   actual reservation can be initiated from QI in the same way as the
   sender initiated case. (We can regard the first message, analogous
   to an RSVP PATH, as part of a registration phase, see section 4.3.)
   Note that there must be some message to stimulate QC5, which might
   be application layer or part of the QoS signaling.

   *) "Reflection style": Here, the reservation message is generated by
   QI and sent directly to Q5 using normal routing. Q5 then sends the
   reservation request on behalf of QI, and the routing method can be
   used to discover the 'previous' hop QoS controllers along the path.
   This does not require reverse path forwarding state to be installed
   along the path and can save one end to end transmission time, but
   requires more careful consideration of security and accounting
   issues, since the reservation is now being set up in the reverse
   direction. Also, resource probing and exception handling may be more
   complex in such a approach.

   The tradeoffs between these two techniques essentially relate to

   Hancock et al.    Informational - Expires August 2002            19                 Towards a Framework for QoS Signaling    February 2002


   1. The amount of state stored at intermediate QoS controllers, and
   the necessity to maintain this state in the event of routing
   changes.
   2. The number of end to end transmissions required.
   3. The complexity of handling admission control and accounting
   policy information securely when the reservation starts from the
   'wrong' end.
   4. Resource query requirements.
   5. The necessity to retain backwards compatibility with end to end
   RSVP signaling (harder with reflection).

   Selection between these options requires further analysis of the
   scenarios and requirements. Fortunately, it seems that the
   implications of this decision for the other parts of the framework
   are limited (there is a potential impact on QoS violation reporting,
   section 5.7).

 3.4.3  Bi-Directional Reservations

   In this case, QI wants to initiate the reservation for both
   directions of the flow.

   It is important first to consider exactly what benefit a special bi-
   directional reservation might provide over independent sender and
   receiver reservations made by QI in parallel. If the routing is
   totally asymmetric, the resulting configurations will be identical;
   therefore, bi-directional reservations are at most an optimization
   to exploit regions of symmetric routing, typically towards the edges
   of the network, e.g. starting at QI. In this symmetric region, it
   may be possible to provision the QoS for the two flows more
   efficiently when they are considered together (see also section
   4.2). We assume that once the bi-directional reservation splits it
   will be very hard to correlate the two parts at the other end, and
   to enable the two reservations to be treated together near QI
   without requiring complex correlation in the network, they should be
   signaled in a single message.


   Hancock et al.    Informational - Expires August 2002            20                 Towards a Framework for QoS Signaling    February 2002



                    +---+    +---+    +---+    +---+
                    |QC1|----|QC2|    |QCb|    |QC4|
                   /+---+\   +---+\  /+---+\  /+---+\
                  /       \        \/       \/       \
                 /         \       /\       /\        \
            +--+/           \+---+/  \+---+/  \+---+   \+---+
            |QI|             |QCa|    |QC3|    |QCc|----|QC5|
            +--+             +---+    +---+    +---+    +---+

                      /                          \
                     /|                          |\
                    / +--------------------------+ \
                   <          Traffic Flow          >
                    \ +--------------------------+ /
                     \|                          |/
                      \                          /

                Figure 10: Basic Bi-directional Reservation

   In the case shown in Figure 10, a bi-directional reservation could
   be set up between QI and QC1, but would then have to be split out
   into independent sender and receiver reservations for the remainder
   of the path. There appear to be two possibilities for how this could
   be done.

   1. The "RSVP style" is used to discover the upstream chain of QCs
   from QI. When QI notices that the first and last hop QoS controller
   are the same, it can send the combined reservation message to QC1,
   which then splits them for the uplink and downlink directions. The
   message flow then looks like a direct combination of a sender
   initiated reservation and RSVP style receiver initiated reservation,
   optimized over the first hops until the paths split.

   2. QI knows somehow (out of band) that it has a symmetric route to
   the first QoS controller (for example, as a consequence of the
   access technology it is using), and sends the bi-directional
   reservation directly to QC1. QC1 can then initiate a standard sender
   initiated reservation for the uplink direction, and use either style
   for the downlink direction.

   In neither case does the rest of the network (between QC1 and QC5)
   know that a bi-directional reservation has taken place.

   The first technique is clearly more general, but enforces the use of
   the RSVP style for the receive path everywhere. The second technique
   introduces a distinct third reservation type and can only apply
   where the QI knows about the uplink neighbor in this way. However,
   it is potentially more suited to operation in an environment where
   QC1 acts as a proxy initiator for QI (see section 3.7.1), and makes
   the signaling task for QI very simple indeed. It may cover the bulk
   of scenarios where bi-directional reservations are actually

   Hancock et al.    Informational - Expires August 2002            21                 Towards a Framework for QoS Signaling    February 2002


   valuable. Such a scenario is considered in more detail in section
   5.1.

   Therefore, again, a choice between the two methods requires further
   analysis of the critical scenarios and the tradeoffs between the two
   methods.

 3.5  Impact of Accounting Considerations

   The traditional way of collecting accounting information is the
   following: after the successful authentication and authorization of
   the user, appropriate filters and meters are installed at the edge
   devices to collect information about resource consumption. Those
   data are merged together and sent to the home domain of the user. In
   our case, also, the edge devices monitor also the QoS treatment and
   generate corresponding accounting data, and, moreover, each edge
   router of each administrative domain collects resource consumption
   information, including again the different QoS treatment.

   This distributed accounting data may be linked or merged into a
   single record, and periodically transmitted to the entity that takes
   care of the billing of the end entities. The charging entity could
   be for instance the home domain of the user. But also other business
   and payment models are possible, without changing the metering
   procedures sketched. Perhaps the domains pay to each other using
   their own measurements at their edge routers, based on service level
   agreements, and the user has to pay only what he is accounted for at
   his own access device. This also allows that QoS traffic of
   different users be aggregated. Obviously there is a need for
   different domains to be able to understand the collection of
   accounting data and the charging of them.

   Note that there is in general no need to collect and report the
   accounting data in real-time to the home network. Accounting data
   may be collected as a batch-job and transmitted via the existing
   infrastructure, for example COPS or DIAMETER. However within a
   single service provide it may still be necessary to collect all
   accounting data relatively quickly to determine whether a user has
   reached a particular limit or not.

   The above described mechanism should not only work with a
   subscription with a network provider or some form of network-based
   pre-payment, but also for a larger variety of forms of payment based
   on e.g. local cash payments, pre-paid cards, credit cards,
   electronic purses or micropayments. The form of payment may have
   some influence on the security architecture and on the accounting
   procedure.

   It is currently an open issue how the price for a QoS service
   reservation should be determined. Some work has be done in the
   academic community but it is still an issue whether the user should
   pay to the first service provider only (for the entire end-to-end

   Hancock et al.    Informational - Expires August 2002            22                 Towards a Framework for QoS Signaling    February 2002


   reservation) or whether it is necessary to somehow involve all other
   providers to determine the final price of the reservation.
   Those billing aspects (as opposed to accounting) are left out of the
   scope of this draft.

 3.6  Security Overview

   This section gives an overview of the security issues related to the
   described framework. The security architecture is divided into three
   categories: The first category raises security issues for the user
   to network communication. The second category discusses intra-domain
   and network-to-network issues. Finally the last category deals with
   end-to-end security issues.

   The main concern of security for the user-to-network communication
   deals with the separation of the initial authentication and key
   agreement step and the security protection of the QoS signaling
   messages originated from the user's host. Issues like the discovery
   of the entity to which the user has to authenticate, user identity
   confidentiality and different authentication and key agreement
   mechanisms are critical, and are discussed in detail in section 9.1.
   Signaling initiated by the user usually receives the highest
   attention since authorization and accounting procedures strongly
   depend on a successful authentication procedure.

   To secure the messages that travel within an administrative domain
   hop-by-hop security is applied. It is obvious that such a hop-by-hop
   security protection of signaling messages aims to be fast and is
   based on the assumption that the main threat originates from
   adversaries not residing on the path of the QoS signaling messages.
   However there is still a need to establish the security associations
   required to secure this communication. Because of the static network
   structure and the user-independence there is more flexibility for
   security association establishment. The communication between
   different networks is the next issue that needs investigation.
   Authentication, authorization and accounting that are also executed
   between different networks is assumed to be secure to guarantee that
   the traffic conforms to service level agreements.

   Finally there is the notion of end-to-end security. Two fields of
   further investigation have been identified which are usually not
   addressed within the context of QoS signaling protocols. A QoS
   signaling protocol may exploit existing security association
   (possibly established by preceding protocols and already available
   to the application) to protect parts of the QoS signaling message
   that are not modified in transit. Furthermore the QoS protocol may
   be used to carry key management protocol messages, which are likely
   to be opaque to the signaling protocol itself. If no end-to-end
   security association is available then message exchange of the
   signaling protocol may help reduce the latency for an application
   setup.


   Hancock et al.    Informational - Expires August 2002            23                 Towards a Framework for QoS Signaling    February 2002


   The mutual implications QoS and security have for each other have
   received relatively little consideration at system level up to now,
   so there is a large set of potential open issues about the correct
   way(s) to secure QoS signaling. These open issues are gathered
   together in the conclusions section 11.

 3.7  Refinements and Extensions

   This section discusses various ways in which the framework can be
   extended, or deployed to achieve additional functions compared to
   the core set introduced so far.

 3.7.1  Proxy NSIS Agents

   A Proxy NSIS Agent acts as a NSIS agent in lieu of an end host. It
   has a mandate from the end host to handle all NSIS-related signaling
   and processing in its place. In particular, it initiates (as QoS
   initiator) and terminates (as QoS controller) NSIS signaling on
   behalf of the end host. It is the proxy's responsibility to relay
   all relevant NSIS signaling information to the end host, possibly in
   a condensed or otherwise optimised form. Normally, the signaling
   between the proxy and end host should be considered a form of NSIS
   signaling and within the scope of the framework; however, a proxy
   with special functionality might also be used to isolate NSIS-aware
   and NSIS-unaware networks. This use of the term 'proxy' is analogous
   to the use in RSVP [22].

   The proxy is located upstream from the end host. For all other NSIS
   agents further upstream, the proxying can be considered transparent,
   that is, they do not need to be aware that they are talking to the
   proxy rather than to the end host directly (unless they happen to
   know the true IP address of the end host). The proxy inserts its own
   identification into the NSIS signaling to take the place of that of
   the end host (see also section 4.4). Note that this requires the
   flexibility that the network allows the QoS signaling to be managed
   from a point which is not the end point of the traffic flow, which
   is a fundamental assumption in our framework.

   The reasons for employing a proxy can be manifold. The end host
   might not have the processing capability necessary for acting as a
   NSIS agent and therefore uses a proxy to carry out this function for
   him. From the network operator's perspective, using a proxy is
   desirable when the connection between end host and network is either
   of low bandwidth (expensive) or error prone, or shouldn't be
   burdened with signaling for some other reason. A good example of
   such a connection is the air interface in UTMS. In this case, the
   network operator might even prescribe the use of this type of NSIS
   proxy agent. A proxy may also be useful for hiding micro-mobility
   from the network, and thus simplifying QoS reservation re-setup
   after handoff, it might be deployed at an addressing boundary where
   deep translation of signaling message content was required.


   Hancock et al.    Informational - Expires August 2002            24                 Towards a Framework for QoS Signaling    February 2002


   For scenarios illustrating the use of signaling proxies see Section
   5.1.

 3.7.2  Multicast

   It is currently an open question within NSIS whether support for
   signaling QoS for multicast applications is actually required. There
   are several reasons why it might be preferable to consider a
   unicast-only NSIS framework as the initial step: firstly, that
   multicast support is a source of considerable complexity in any
   network layer signaling and that one of the goals of NSIS is to
   allow lightweight signaling solutions; and secondly, that we already
   have a solution for the protocol for multicast signaling, namely
   RSVP.

   We must therefore ask how much commonality there is between
   signaling for unicast and multicast applications, and how much
   benefit there is to gain in having a single signaling solution.

   In terms of the framework presented so far, which has been developed
   mainly with the unicast case in mind, it is clear that several
   components could be re-used in a multicast scenario. For example,
   the NSIS signaling data (including QoS classes) should be mainly
   common, and likewise the basic concepts of NSIS agents inside QoS
   controllers and initiators (including issues like their peer-peer
   relationships, and authentication protocols and so on).

   On the other hand, some parts of the framework would be totally
   different. In particular, for multicast, it probably only makes
   sense to consider receiver initiated reservations, whereas for
   unicast a particularly simple sender-only case is possible (one
   solution, based on RSVP with the multicast capabilities removed, is
   outlined in section 7.2). Also, the accounting implications for
   multicast are not well understood which will have an impact on
   security analysis also. Finally, any QoS implementation that is
   routing aware (e.g. bandwidth brokers) would have to be multicast
   routing aware, not unicast routing aware.

   Because of these concerns, it makes sense to ask what benefit there
   is to integrate unicast and multicast QoS signaling, and at what
   level. The basic consideration is that both sets of signaling are
   for traffic that share the same physical resources. Therefore, it
   would be possible to have unicast and multicast QoS signaling that
   interacted only indirectly, via the QoS provisioning mechanisms,
   therefore having no effect on the NSIS parts of the framework. (This
   could be considered close to a 'ships in the night' approach,
   comparable to what is often done in multiprotocol routing).

   The main limitation of this approach is that there is no scope for
   joint negotiation of unicast and multicast flows. Without more
   detailed scenario analysis, it is hard to tell if this is a major
   concern or not. Therefore, at the current time, we have continued to

   Hancock et al.    Informational - Expires August 2002            25                 Towards a Framework for QoS Signaling    February 2002


   consider multicast as a second stage issue. If it becomes a concern
   for NSIS (for example, if RSVP is judged insufficient for this
   purpose), consideration should be given to what components of the
   unicast framework could be re-used to build a complete multicast QoS
   signaling solution.

 4  Fundamental Framework Components

 4.1  Interactions with Application Layers

   The application or higher layers can be seen as a service consumer
   for the services provided by the NSIS agent on behalf of the NSIS
   framework (the service provider). The task of the NSIS agent is to
   provide QoS to higher layers/application. The task of an application
   is to provide a QoS specification to describe the Quality of Service
   that the applications wants for its network traffic. Adaptive
   applications may want to adapt to changes in QoS delivery which may
   be the result of network failure or hand-over. Therefore, they need
   feedback information from the NSIS agent in form of monitoring or
   adapt requests.

   A typical interaction sequence is described below. The interaction
   with applications/higher layer is bi-directional as the consumer may
   (re-)negotiate for QoS and the NSIS agent may issue adapt requests.

   A consumer requests a certain QoS with a QoS specification that
   specifies the amount of network resources or the treatment of the
   application's data flow. Together with the desired QoS the consumer
   provides an identifier (e.g. one possibility would be port numbers,
   IP addresses, protocol IDs) for the data flow and a direction (e.g.
   send, receive, send/receive).

   The NSIS agent may in some cases invoke an admission control test to
   check if the QoS is available. In that phase, typically signaling is
   invoked. If the request is granted, the NSIS agent notifies the
   consumer about the success. If the request cannot be granted, the
   consumer is notified via an error message.

   Once the QoS is established, the consumer may re-negotiate
   dynamically with the NSIS agent for better or lower QoS at any time.
   This is necessary since the traffic characteristics may change over
   time (e.g. a scene break in the video may lead to a higher network
   resource consumption). The NSIS agent can again invoke an admission
   control test and notify the consumer about success or failure. If
   QoS delivery is not within the acceptable range, the consumer may
   request better QoS or adapt to the situation.

   Finally, the consumer releases the established QoS and the service
   provider releases the allocated resources, if any.

   At any time, network resource availability may change due to
   admission of new consumers, departure or re-negotiation of existing

   Hancock et al.    Informational - Expires August 2002            26                 Towards a Framework for QoS Signaling    February 2002


   consumers. This may lead to overload/underload situations detected
   by the NSIS agent (either directly, or notified to it by upstream
   peer agents - see section 5.7 for a discussion of the implications
   of this for the signaling protocols). In that case, the NSIS agent
   may force some or all consumers to adapt, i.e. downgrade the QoS
   requirements. The consumer can then restructure its internal
   operation and adapt to the new situation by sending an optional
   adapt response.

   There may be situations where an initial request could not be
   granted by the agent, e.g. if the requested QoS is not available.
   Then, the application/higher layer may at any time restart the
   process of requesting QoS (possibly at a lower level). This may lead
   to trial and error situations and can be avoided by introducing
   notifications. In that case the application would request to be
   notified by the NSIS agent, when the desired QoS is available. In
   addition, the application can first start to request QoS at a low
   level and ask the NSIS agent to provide notification when the full
   QoS is available.

   The discussion here has focused on the interaction between the NSIS
   agent and application layers in the case of the QoS initiator. The
   only other place in the network where the application layers are
   active is in the correspondent host at the other end of the traffic
   flow. Here, the interaction is much simpler: it appears that all
   that is needed is a notification capability that a QoS reservation
   has taken place, and this can be managed using the session
   identification information that must be carried in the signaling
   data anyway.

   It is also mentioned in the NSIS requirements that it may be helpful
   to be able to carry additional application layer messaging opaquely
   within the NSIS signaling messages. This has no other impact on the
   framework other than to require the existence of such a container,
   which is noted in section 4.4.

 4.2  Interactions with QoS Provisioning

   From the IP layer perspective, QoS provisioning techniques can
   implement virtual circuit style provisioning schemes like IntServ
   architecture or MPLS trunks etc. Alternative solutions are based on
   a hop by hop concept like the Diffserv architecture. Each
   provisioning scheme relies on router specific resource allocation
   mechanisms. Also, link layer specific characteristics may have major
   impacts on the performance of a QoS provisioning system. For
   example, in some link layers, there may be very efficient ways to
   allocate physical resources for a bidirectional flow, or more
   generally multiplex flows together. On the other hand wireless link
   layers may suffer from channel fading etc. These effects have to be
   taken into account for allowing efficient operation of the QoS
   provisioning system.


   Hancock et al.    Informational - Expires August 2002            27                 Towards a Framework for QoS Signaling    February 2002


   For flexible integration with various link layer technologies and
   router platforms it is suggested that NSIS agents interact with the
   QoS provisioning system on an abstract basis. Hence NSIS agents
   should not be involved in interpretation of signaling parameters to
   control a QoS provisioning system. Instead a generic interface is
   required to exchange parameters for various purposes between NSIS
   agents and the QoS provisioning system. As stated earlier in the
   document the QoS provisioning system may be co-located with NSIS
   agents or realized on one or more separate platforms. Following the
   principle of an open internet architecture a resource allocation
   protocol is required between NSIS agents and the QoS provisioning
   system.

   Adaptation to specific link layer characteristics is achieved by
   introduction of a link layer specific convergence sublayer for the
   QoS provisioning system. Support for a variety of NSIS compliant
   provisioning systems with specific link layer convergence mechanisms
   is a prerequisite for successful introduction of NSIS solutions.
   Accordingly routing and switching hardware need to come along with
   support for an NSIS based resource allocation protocol. This way
   signaling parameters together with ISP policies rules define a
   specified packet treatment behavior in a routing fabric. Finally,
   packet treatment is defined by architectural components like packet
   classifiers, queue buffers, schedulers and traffic conditioners.
   Some of these components may be directly controlled by signaling
   parameters.

   The QoS provisioning system should map status indications, hardware
   alarms and notifications into NSIS compliant reporting, which can be
   passed to NSIS agents for subsequent processing. Furthermore it is
   assumed that resource monitoring  is performed by the QoS
   provisioning system independently. Status information that is
   generated by the QoS provisioning hardware and requires mapping to
   be compliant with NSIS status reporting includes resource violation
   events, results of reservation requests and records about available
   resources.

 4.3  NSIS Signaling Protocols

   The NSIS Signaling Protocol supports the actual communication of QoS
   requirement information for a traffic flow/aggregate between NSIS
   agents.  In order to support this, a number of network related
   actions must be carried out, namely:

   - Peer Agent Discovery: the NSIS Agents should be able to discover
   peer NSIS Agents, and optionally establish a trust relationship with
   them.  One NSIS Agent may discover one or more peer NSIS Agents in a
   number of different domains.  NSIS Agents can also exchange SLA and
   the many types of policy information required for intra/inter-domain
   management. This refers both to the QoS initiator discovering its
   first hop QoS controller, and also to have QoS controllers discover
   each other.

   Hancock et al.    Informational - Expires August 2002            28                 Towards a Framework for QoS Signaling    February 2002



   - Agent Selection: the NSIS Agents that will be provisioning
   resources for the traffic flow or aggregate are identified, i.e.
   each NSIS Agent selects the next hop NSIS Agent from the peers with
   which it has established a relationship with during peer agent
   discovery. Policy information associated with the user, such as
   whether realtime accounting must be supported, can be exchanged if
   necessary. Agent selection will not be as dynamic in the core of the
   network than at the edges, and user policy will probably not
   propagate too far from the edges of the network.

   - Path Capability Discovery: the capabilities and resource
   availability of the nodes along the data path are determined.  There
   are open issues associated with whether this occurs locally or
   cumulatively and on a hop-by-hop or end-to-end basis.

   - Reservation Request: the actual request for resources that
   triggers the QoS provisioning, also carrying QoS parameters and
   possibly per flow/aggregate policy information.

   The potential transfer of authentication, authorisation and user
   information places additional confidentiality and integrity security
   requirements on the protocol (see section 3.6).  Also, the
   information transferred within and between domains is variable,
   implying a need for an easily extensible set of parameters that can
   be carried, possibly opaquely, by the protocol (see section 4.4). It
   is the responsibility of the NSIS signaling protocol to detect
   failure conditions along the data path, and to initiate recovery
   mechanisms.

   A single NSIS signaling protocol solution could address the aspects
   outlined above, however, since a goal of NSIS is to make the actual
   reservation signaling as lightweight as possible, it may be
   desirable to address the first two actions using a separate family
   of protocols, which do not necessarily need to be used on a per flow
   basis, that are initiated at some stage before the generation of the
   reservation request. We therefore potentially have a two-phase
   approach:

   1. 'Registration' phase - discovery, authentication, overall policy
      aspects and so on.
   2. 'Reservation' phase - any signaling associated with a single
      flow.

   The registration phase may depend strongly on other protocols that
   already exist, and may be entirely optional in some environments.
   The protocol for the reservation phase should be of minimal
   complexity. Indeed, note that in several significant environments,
   the registration phase could be omitted altogether. For example, in
   a cellular network, the host could know (on the basis of what link
   type it was using) that the first hop QoS controller was always to
   be reached via its default router, and that authentication and

   Hancock et al.    Informational - Expires August 2002            29                 Towards a Framework for QoS Signaling    February 2002


   policy aspects were managed by the network on the basis of access
   control rather than an explicit message exchange.

 4.4  NSIS Signaling Data

   The NSIS signaling protocol should be able to carry a variety of
   signaling data. The majority of the information is related to QoS,
   but some other parameters are required to support protocol
   operation, accounting, etc.

   Different parameters may have relevance in different parts of the
   network. End-to-end parameters carry application QoS requirements,
   and may additionally carry extra information such as
   - user policy information
   - session ID to identify the traffic flow
   - reservation ID to identify the reservation independently from the
     flow identifier
   - initiator ID to identify the requestor of the reservation. This
     necessity for this parameter is dependent on the decision made
     about some aspects of the framework.  The initiator id can be
     over-ridden be a proxy so that the proxy receives feedback
     messages etc. on behalf of the real initiator.
   - opaque transport of application layer signaling

   Other parameters may be exchanged between peer NSIS Agents to
   support, for example, inter-domain QoS and accounting. This could
   include parameters such as:
   - charging policy: indicating how the domain expects to be charged
     for the traffic flow
   - security parameters
   - aggregation parameters: may include preferred mapping of the
     aggregate exiting one domain onto an aggregate in the neighboring
     domain.

   Finally, some parameters may only have significance within a QoS
   domain, and should not propagate outside that domain. Such
   parameters may be:
   - wireless parameters: such as those outlined in [2]
   - optional router technology specific parameters: to support the use
     of NSIS as a QoS provisioning mechanism.

   Note: the scoping of the requirements above is intended mainly for
   demonstration purposes, there will be scenarios for which the scope
   of the parameters will not be the same as listed above. Framework
   level decisions may also effect the data that is carried.

   As mentioned previously, the information carried by the NSIS
   Signaling protocol may have different scoping characteristics
   depending on its type. The concept of scope of parameters plays an
   important part in the framework.  At a minimum, the NSIS signaling
   must carry the QoS parameters concerning the QoS requested by the

   Hancock et al.    Informational - Expires August 2002            30                 Towards a Framework for QoS Signaling    February 2002


   application end-to-end.  This could be considered as a 'global'
   scope.

   The end-to-end per-flow parameters may not be interpreted by every
   QoS controller along the data path and may pass transparently
   through domains or NSIS agents that do not maintain per-flow state.
   If per-flow information is interpreted by a QoS controller, these
   parameters may need to be translated into a local format to support
   legacy QoS mechanisms.

   End-to-end parameters may not only consist of unidirectional, per-
   flow information. In some cases, additional information could be
   added to support bi-directional flows or to communicate QoS
   requirements for multiple flows.  In the former case, information
   about both directions of the traffic flow would be included to
   optimize reservation establishment in segments of the network where
   bi-directional flows could be supported.  Further details are
   available in Section 3.4.3.  In the latter case, multiple QoS
   parameters sets could be provided for different flows from the same
   sender to the same receiver to try and optimize the installation
   time of multiple reservations.  The various merits of doing this
   compared to simply initiating multiple reservation requests
   simultaneously still need to be investigated.

   In addition to transporting the end-to-end QoS parameters, NSIS
   Agents have the ability to signal new parameters either across their
   administrative domain with a 'local' scope, or to peer NSIS Agents
   in other administrative domains with a 'one-hop inter-domain' scope.
   These parameters will be derived from parameters with greater scope,
   e.g. the end-to-end parameters. These parameters can also be
   modified or deleted from the signaling messages, but only if the
   NSIS Agent has the right to do so by either belonging to the same
   administrative domain as, or by having a peering relationship with,
   the NSIS Agent who inserted the parameter. The indication that an
   NSIS Agent has the right to modify or delete a parameter could be
   indicated by a scope ID.  The QoS Initiator is at liberty to include
   local scope parameters in the reservation request, for example, to
   provide information regarding how it wishes its sessions to be
   handled during handover if it is attached to a mobile network.

   Two options for the transport of 'local' scope and 'one-hop inter-
   domain' scope parameters can be identified:

        1.           A separate signaling message could be initiated to carry the
          parameters, which would also share the same scope as the
          parameters.  The end-to-end parameters could be signaled
          directly to the next NSIS Agent either at the egress point of
          the current domain, or to a peer NSIS Agent in a neighboring
          domain.

        2.           Parameters can be 'stacked' within the single NSIS signaling
          message travelling end-to-end.  NSIS Agents are allowed to

   Hancock et al.    Informational - Expires August 2002            31                 Towards a Framework for QoS Signaling    February 2002


          append parameters only to the top of the stack.  When an NSIS
          Agent determines that the scope ID is not valid beyond this
          point, it should remove all parameters with that scope ID.
          This is illustrated in Figure 11.

   +----------+
   | Peer QoS |
   |Controller|
   +----------+
        |   +------------+                 +------------+
        |   |+----------+|   +----------+  |+----------+|  +----------+
        +--->|   QoS    ||-->|   QoS    |-->|   QoS    ||->| Peer QoS |
   +------+ ||Controller||   |Controller|  ||controller||  |Controller|
   | user | |+----------+|   +----------+  |+----------+|  +----------+
   |params| |            |                 |            |
   +------+ |Ingress     | +------+------+ |      Egress|
            |router      | | user |domain| |      router|
            +------------+ |params|params| +------------+
                           +------+------+
           +------+------+                 +------+------+   +------+
           | user |domain|     Signaled    | user |domain|   | user |
           |params|params|    Parameters   |params|params|   |params|
           +------+------+                 +------+------+   +------+

            +-----------------QoS Domain----------------+
               Figure 11: Domain Local Signaling Parameters
   There are advantages and disadvantages associated with each
   approach.  The first approach minimizes the complexity of the end-
   to-end signaling protocol and allows an independence of message rate
   for the sets of signaling.  However, some synchronization between
   the signaling is required that could be quite complex to support.

   The second approach increases the complexity and size of the data
   carried by the signaling, but simplifies protocol interactions
   within the network.

 4.5  Routing Aspects

 4.5.1  Implicit Routing of Signaling Packets

   As described in sections 3.4 and 4.3, an NSIS agent needs to find
   out about its nearest neighbors, and which of them is responsible to
   handle signaling packets for which destinations. Additionally, it
   needs to know whether it is able to initiate provisioning of the
   path segment that is adjoining to the path segment provisioned by
   the last-hop NSIS agent. (In other words it needs to know whether it
   is the right QoS controller for this signaling packet.) When the
   next-hop QoS controller is known, signaling packets can be addressed
   directly to it.


   Hancock et al.    Informational - Expires August 2002            32                 Towards a Framework for QoS Signaling    February 2002


   However, there might be situations when a QoS controller doesn't
   know an appropriate next-hop QoS controller. This might be either
   because the adjacent domain is NSIS-unaware, or it is
   overprovisioned, or even because of some failure or other, or simply
   that the next hop has not yet been discovered. Along the same line,
   an end host initiating NSIS signaling might not now the appropriate
   QoS controller to address. Hence, there should be some simple
   'boostrap' ways for finding the next NSIS agent when its address is
   not yet known. We consider two basic approaches here, both relying
   on the underlying routing layer to forward some signaling packet
   towards the other end of the flow and have it intercepted. We call
   this type of approach generically 'implicit routing' of signaling
   messages.

   The first possibility is to forward the signaling packet with the
   signaling destination as the destination address (this requires that
   the signaling destination is coded somewhere in the signaling
   packet), so it can be intercepted by a router 'closer' to the next
   hop QoS controller and handled by it. The natural way to implement
   this with least impact on router efficiency is to use the IP Router
   Alert Option [3]. The signaling message will be read and forwarded
   by all routers on the path until it arrives at one which knows the
   next QoS controller. This provides the discovery mechanism
   (subsequent messages may turn off the IP Router Alert Option and be
   addressed directly). Note that even this case still requires some
   router to implement some special processing of the router alert
   option, although it may be possible to re-use the processing already
   defined for RSVP for this purpose.

   Obviously, for this default scenario to work, at least some NSIS
   agents need to be located in the data path. An end host (QoS
   initiator) might just send the NSIS signaling packet with the IP
   Router Alert Option set, addressed to the signaling end point. Then
   it would be sensible for the end host's Access Router to be able to
   forward this packet to the right QoS controller. Note that this
   method is sometimes referred to as 'proxying', although it is
   conceptually quite different from the proxying described in section
   3.7.1. In this case here the router is acting as a proxy, forwarding
   signaling packets to the 'real' QoS controller, but is doing no QoS
   signaling on its own behalf.

   A second possibility considers the case where QoS is required for
   inbound traffic to some end host, and the far end doesn't support
   any QoS (NSIS) signaling, but local bi-directional reservations are
   not possible (e.g. because of asymmetric routing). This can be
   achieved with a single inbound message from the remote end which is
   intercepted by a specialized router at the local domain boundary.
   The requirement here is that the message should use a lightweight
   protocol (preferably one which did not trigger exception processing
   in the rest of the network), and was 'firewall friendly' in using
   well known protocols and carrying minimal data to minimize security
   concerns. Some type of ICMP request/response exchange might be

   Hancock et al.    Informational - Expires August 2002            33                 Towards a Framework for QoS Signaling    February 2002


   appropriate here. Note that the response does not have to be
   returned from the ultimate endpoint, just any router which knew it
   was on the return path - so a site border firewall could
   legitimately do this.

   These techniques can be considered complementary. The adoption of
   either of them requires a consideration of deployment considerations
   for them. The first is naturally a generalisation of RSVP, while the
   second provides part of the solution to the problem of QoS in multi-
   homed networks having minimal impact on the rest of the network.

 4.5.2  Impact of Multi-Field Routing

   Classically, routing is destination based, that is, all packets from
   one source with the same destination IP address usually travel along
   the same route. Therefore, a flow usually will follow the same route
   as the signaling packet that signaled QoS for that flow if they are
   addressed to the same destination. This allows the signaling packet
   to distribute QoS information locally (i.e. to the routers actually
   on the flow path), where it will be needed. This is the set of
   circumstances where implicit routing functions correctly.

   However, routing may also be more complicated, and it is
   increasingly deployed that way. It might be constraint based, or it
   may be based on other fields in addition to the destination
   (multifield routing), e.g. the TOS/DS field or higher layer
   information. In such a case, some effort specific to the routing
   applied in a particular area may be necessary for making the
   signaling packet travel along the same route as the flow it is
   signaling for - e.g. the signaling and flow need the identical TOS
   Byte (and hence, as a possibly unwanted side effect, this signaling
   packet would receive the same QoS as the signaled flow). Since the
   fields or constraints on which routing is based might change in each
   QoS subdomain, this might be difficult to achieve.

   The problem is somewhat different when QoS controllers are not
   located on every hop. They might for example be located on edge
   routers only. In this case each QoS controller obviously controls
   (or at least is aware of) the resources of a number of routers.
   Depending on how finely-grained it controls these resources, it
   needs to know the routing table, including the path taken by the
   flow a particular signaling packet is signaling for. Additionally it
   needs to know the boundary of its control over this path, and the
   identity of the QoS controller for the next segment.

   It is interesting that by incorporating the functionality that
   supports interworking with multi-field and constraint-based routing,
   we automatically must consider signaling traveling off the data
   path. In that case, integrating QoS Controllers off the data path,
   such as bandwidth brokers, does not require any extra effort.


   Hancock et al.    Informational - Expires August 2002            34                 Towards a Framework for QoS Signaling    February 2002


 5  Application to Generic Signaling Scenarios

 5.1  Network / Proxy / Edge / End Signaling Scenarios

   One important requirement for QoS signaling [1] is that the NSIS
   protocol work in various scenarios end-to-end, edge-to-edge, end-to-
   network etc. i.e. the location of QoS initiator and signaling end
   point can be chosen freely.

   The QoS initiator usually can be assumed to know the termination
   point, e.g. when a reservation for aggregates is to be established
   within a domain, the QoS initiator could be the ingress router, and
   signaling is to be terminated at the egress router. In this case,
   the signaling packet carries as its termination address (as opposed
   to destination address, which typically is the address of the next-
   hop QoS controller, see 4.5) the egress router. A slightly special
   case is when the signaling end point is a signaling proxy. In this
   case, the signaling end point addressed is thought to be a
   particular end host, whereas in reality it is a signaling proxy
   impersonating the end host.

   It is clear that most combinations of QoS initiator and signaling
   end point that can be composed of the section heading are addressed
   straight forwardly by the framework. The only combinations which are
   less evident are those involving the "network". This is discussed in
   the next section, including defining more precisely what in this
   context is meant by "network", see subsequent section.

 5.2  End-to-Network Signaling and Interworking with Higher-Layer QoS
      Signaling

   In some cases when NSIS signaling is to be used for reserving QoS
   along a particular path, all relevant QoS parameters might already
   have been exchanged by, or can be derived from, another form of
   signaling, e.g. SIP /SDP [4]. If, additionally, the backbone is
   overprovisioned, it is desirable to confine NSIS signaling to those
   areas where it is needed, i.e. the (access) network up to the
   backbone. Particularly, it would be desirable to not NSIS signal
   end-to-end, but just (from both sides) end-to-network.

   The problem with the above optimisation is that the use of upper-
   layer end-to-end QoS exchange should in principle be transparent to
   NSIS agents and the NSIS protocol. It is of course possible to build
   hooks into the protocol to carry this information. However, this is
   a clear case of layer-violation, would complicate the NSIS protocol
   and is not recommended. Alternatively, one could use the fact that
   the end host might know end-to-end QoS information has already been
   exchanged. But on the other hand it wouldn't know whether the
   network is overprovisioned or not.

   A possible scenario for solving the problem is the employment of
   Proxy NSIS agents at the edge to the overprovisioned domain, acting

   Hancock et al.    Informational - Expires August 2002            35                 Towards a Framework for QoS Signaling    February 2002


   as proxies for the end host on the other side. These proxies would
   be configured such that they _always_ block NSIS signaling from
   going any further into the network. Obviously, analogous proxies are
   needed on the other side of the network. Such an approach can only
   work however, when all operators involved agree (via SLAs) that
   typically end-to-end exchange of QoS information has taken place
   before NSIS signaling is invoked, and that in all other cases, end-
   to-end QoS exchange is unnecessary. Further complication arises when
   asymmetric paths through the overprovisioned domain are considered,
   such that the ingress for upstream data is not the same as the
   egress for downstream data.

   A solution as described above is conceivable for relatively isolated
   networks with a well-defined service structure, such as e.g.
   commercial mobile networks.

 5.3  Transparent path traversal

   One of the requirements in [1](5.2.4) states that it should be
   possible for NSIS signaling to traverse path segments transparently,
   i.e. without interpretation by some QoS controllers. This ability
   can e.g. be useful when a local QoS provisioning protocol, or
   DiffServ, is employed in a subdomain. There is no need for NSIS
   signaling to be interpreted in this region (However, in this case
   there simply might not be any QoS controllers in this region). It is
   also useful for tunnelling per-flow or per-sub-aggregate NSIS
   signaling through aggregation regions.

   Within the NSIS framework, such scenarios can easily be realised. As
   described in 4.5, it is possible to directly address a particular
   QoS controller. Thus, when the signaling is to enter the transparent
   region, the adjacent controller (typically the ingress router to the
   subdomain) would choose the next QoS controller beyond the
   transparent region (typically the egress router) as a next-hop QoS
   controller.

 5.4  Use of NSIS Signaling in QoS Provisioning

   The following scenario describes how QoS provisioning can be fitted
   within the NSIS framework. The framework has the flexibility to
   allow NSIS signaling to be used as part of the intra-domain QoS
   provisioning mechanism with no additional complexity.

   When NSIS is used in this way, it carries additional domain specific
   parameters indicating the configuration requirements for the packet
   engine, e.g. the schedulers. This sort of specific information is
   not envisaged as being carried by 'normal' NSIS signaling. In
   addition, the NSIS Agents in the routers pass configuration
   parameters direct to the packet engine.

   (Note that this is not the only type of QoS provisioning option
   supported by the framework. Section 4.2 considers the implications

   Hancock et al.    Informational - Expires August 2002            36                 Towards a Framework for QoS Signaling    February 2002


   of using a 'black box' QoS provisioning mechanism, whose details are
   opaque to the framework, which may be the more usual case.)  If
   desired, NSIS for QoS provisioning can be supported by the framework
   in any of the following ways:

   1. The NSIS protocol can be interpreted hop-by-hop along the data
   path by placing an NSIS agent in every router. This would use NSIS
   signaling to trigger the QoS provisioning mechanism locally; some
   form of RSVP would be an appropriate protocol for this purpose,
   provided RSVP can be fitted into the framework.

   2. A central NSIS agent can initiate NSIS signaling to agents on
   each router to configure resources directly.  Used in this way,
   protocols such as COPS-PR can be fitted within the framework.


                              +--------------+
                              |+------------+|
               -------------->||            ||-------------->
       'Normal'<--------------|| NSIS Agent ||<--------------
     NSIS Signaling           |+------------+|
                             /| centralised  |\
                            / | controller   | \
                           /  +--------------+  \
                          /          |           \
                         /           |            \
                        /     NSIS Signaling       \
                       /   for QoS Provisioning     \
                       |             |              |
                       V             V              V
        +-----router-----+   +-----router-----+   +-----router-----+
        |+--------------+|   |+--------------+|   |+--------------+|
        ||              ||   ||              ||   ||              ||
   =====||  NSIS Agent  ||===||  NSIS Agent  ||===||  NSIS Agent  ||===
   flow |+--------------+|   |+--------------+|   |+--------------+|
   path | |              |   | |              |   | |              |
        | |configuration |   | |configuration |   | |configuration |
        | | parameters   |   | | parameters   |   | | parameters   |
        | |              |   | |              |   | |              |
        | | +----------+ |   | | +----------+ |   | | +----------+ |
        | +>|pkt engine| |   | +>|pkt engine| |   | +>|pkt engine| |
        |   +----------+ |   |   +----------+ |   |   +----------+ |
        +----------------+   +----------------+   +----------------+

        Figure 12: Domain-Local NSIS Signaling for QoS Provisioning

   In either case, domain specific information concerning the
   configuration of routers etc. would need to be included in the
   parameters carried by the NSIS protocol, but would be limited in
   scope to the area of the network where NSIS was being used as part
   of a provisioning mechanism. For some protocols, such as COPS-PR,
   the signaling has local scope and will not propagate outside the

   Hancock et al.    Informational - Expires August 2002            37                 Towards a Framework for QoS Signaling    February 2002


   domain.  For others, such as RSVP, indication must be provided to
   edge routers to indicate that the message must be terminated.  This
   could be done using, for example, a scope identifier (see section
   4.4)

 5.5  Aggregation and Hierarchical Reservations

   Aggregation of per-flow signaling (or - recursively - per-
   subaggregate signaling) is a technique contributing to scalability
   of both QoS signaling and QoS provisioning. It results in
   hierarchical reservation set-up.

   Aggregation / deaggregation of flow state information can be
   described by a functional component which may be located in NSIS
   agents. However, this task needs to be carried out by dedicated NSIS
   agents - not all NSIS agents need to implement aggregation and
   deaggregation functions. Aggregation is expected to be in deployment
   at all ingress routers of a particularly administrative domain or
   subdomain. Therefore deaggregation would happen at an egress router,
   but not necessarily within the same network domain.

   An aggregation region as defined by [5] may stretch along several
   domains with some level of nesting in aggregated domains. Therefore
   we assume that these tasks may represent an interdomain problem.
   Proper operation of aggregation mechanisms among several (sub-)
   domains need to make sure that all entities are provided with
   sufficient aggregation context. Correct interpretation of
   aggregation context may be handled by establishment of service level
   specifications (SLS's) among adjacent network domains.

   Prominent existing solutions for aggregating flow state information
   in a QoS signaling enabled network are namely the framework for
   IntServ operation over Diffserv networks [6] and the RSVP
   aggregation approach [5]. For the IntServ over Diffserv concept,
   aggregation usually is performed with coarse granularity, since RSVP
   style flow state information is mapped to a Diffserv transport
   service class, which defines a specific per hop behaviour (PHB).
   Aggregated RSVP represents a flexible solution to define the
   granularity of aggregation. Flow aggregation can however also be
   performed based on the NSIS signaling. In the following, all these
   possibilities are considered for the NSIS framework.

 5.5.1  NSIS Aggregation Techniques

   An NSIS agent should be able to either initiate aggregate signaling
   itself, or to interwork with network domains supporting their own
   flow aggregation techniques. These two approaches are considered in
   the following.

   In any event, in order to realise aggregation, usually two things
   are necessary:


   Hancock et al.    Informational - Expires August 2002            38                 Towards a Framework for QoS Signaling    February 2002


   (i)  per-flow or per-subaggregate NSIS signaling must pass the
   aggregation region  between ingress and egress (or aggregator and
   deaggregator) transparently. How this is done was handled in the
   previous section on Transparent Path Traversal.

   (ii) Per-aggregate signaling (NSIS-based or other QoS provisioning
   signaling) must be initiated by the aggregator and terminated at the
   deaggregator. The QoS information in the aggregate signaling message
   is somehow derived from the total of per-flow or per-subaggregate
   QoS information. However, the relation between them may be described
   by a rather complicated algorithm. Furthermore, they may work on
   very differently time scales. This corresponds to edge-to-edge
   signaling described in 5.1.

   NSIS-based Aggregation

   The following figure describes a possibility of mapping this
   scenario to the framework:

                +------------------+                  +-------------+
                |   +-------------+|                  |             |
                |   |Aggregation  ||                  |             |
                |   |algorithm    ||                  |             |
                |   |(application)||                  |             |
                |   +-------------+|                  |             |
                |      ^       |   |                  |             |
                |      |       |   |   Per-flow or    |             |
   +---------+  |+----------+  |   | per-subaggregate |+----------+ |
   |QoS      |  ||QoS       |  |   |    signaling     ||QoS       | |
   |Initiator|-->|Controller|--|---------------------->|Controller|-->
   +---------+  |+----------+  |   |                  |+----------+ |
                |              V   |                  |   ^         |
                |       +---------+|   +----------+   |   |         |
                |       |QoS      ||   |QoS       |   |   |         |
                |       |Initiator|--->|Controller|-------+         |
                |       +---------+|   +----------+   |             |
                |                  |                  |             |
                |   Aggregator     |                  |De-aggregator|
                +------------------+                  +-------------+

                      Figure 13: Aggregate Signaling

   In Figure 13, the QoS controller on the Aggregator communicates the
   per-flow or per-subaggregate QoS information to some kind of
   aggregation algorithm. The output of this algorithm are instructions
   to the QoS Initiator function on this same aggregator on how
   existing aggregates are to be modified, or what new aggregates are
   to be initiated. Sticking to the definition of QoS Initiator, the
   aggregation algorithm it communicates with resides in the
   application layer.


   Hancock et al.    Informational - Expires August 2002            39                 Towards a Framework for QoS Signaling    February 2002


   In an alternative scenario, the aggregation algorithm resides in a
   separate administrative entity. In this case, this administrative
   entity would trigger aggregate signaling in the Aggregator.
   Interpreting the framework definition strictly, in this case the
   administrative entity is the QoS initiator.

   Non-NSIS based Aggregation

   In this approach NSIS signaling data is forwarded to an adjacent
   domain which supports non-NSIS compliant aggregation techniques
   only, i.e. the considered domain is not capable of aggregating NSIS
   signaling state information, but supplies its own QoS provisioning
   signaling. In that situation the gateway NSIS agent must provide
   specific mechanisms for allowing the aggregation. A function is
   required to provide filter rules for classifying NSIS signaling
   state information and apply aggregation mechanisms to support
   interworking with the adjacent domain. This function may be co-
   located with an NSIS agent as an aggregation algorithm as described
   for NSIS-based Aggregation above.
   Aggregation of NSIS data into Diffserv classes for example requires
   an aggregation function to provide filter rules for mapping NSIS
   flow state information into predefined PHB transportation classes
   and coordinate DSCP codepoint marking to comply with service level
   specifications (SLS) for domain interworking.

 5.5.2  Aggregation Context

   An administritative entity is required to decide about NSIS agent
   responsibility to perform aggregation / deaggregation and to
   determine the appropriate rules for performing the tasks.
   Furthermore, participating entities should be identified and
   entitled to carry out aggregation and deaggregation tasks. In case
   of traffic trunks for example, tunneling endpoints might be
   responsible for performing aggregation and deaggregation. It is
   assumed that the administrative entity controls the distribution of
   required information, identifies potential aggregation entities
   (e.g. NSIS agents) and entitles them to execute the tasks. The term
   aggregation context represents the structured information that is
   required to enforce consistent execution of aggregation and
   deaggregation tasks. It is distributed by the administrative entity
   to entitled aggregation entities. Policy decision points (PDP's)and
   network administration servers represent such administrative
   entities. With appropriate extensions COPS and SNMP are envisioned
   candidate protocols to carry aggregation context information and
   related status and context messages.

   As described above, the actual algorithm for determining whether
   changes to aggregates or new aggregates are necessary might reside
   either in the administrative entity, or in the aggregator.

 5.6  Operation over Addressing and Other Boundaries


   Hancock et al.    Informational - Expires August 2002            40                 Towards a Framework for QoS Signaling    February 2002


   The ideal operational paradigm for the Internet is that end to end
   addressing transparency is preserved; in other words, the IP
   addresses in packets are unchanged between the sending and receiving
   end hosts. This is recognised as an optimal situation from the point
   of view of network simplicity and resilience [7].

   Unfortunately, this paradigm is broken in today's Internet for
   several reasons. The major current reason is NAT [8], although
   address translation techniques are also one method considered for
   IPv4-IPv6 transition [9]. In addition, some recent network layer
   protocol developments change or add to the addressing capabilities
   of the network layer header, including the HAO of Mobile IPv6 [10]
   and HIP [11]. Finally, tunneling mechanisms or application layer
   gateways can also be considered as falling into this category, but
   are less of a concern here: tunnels can be modeled (and are often
   implemented) relatively transparently as virtual links, while NSIS
   would see an application layer gateway as a signaling endpoint in
   its own right, not needing special consideration.

   The implications of addressing non-transparency for NSIS are two-
   fold.

   Firstly, the signaling messages themselves must be capable of
   passing through addressing boundaries and might have to use (or be
   able to exploit) these more recent addressing approaches. This
   requires consideration of the way in which possible NSIS signaling
   protocols can be treated in this way. This is particularly
   important, since it is likely that the NSIS signaling data will
   contain addressing information about signaling endpoints which will
   also need to be translated consistently.

   Secondly, the NSIS signaling data will contain packet classification
   information that is used to identify the user packets for which QoS
   is being requested. On the assumption that both the user packets and
   signaling packets have to be treated or interpreted consistently,
   the treatment (e.g. translation) applied to the user packets must be
   matched by updates to the signaling data carried in the NSIS
   packets. This may have implications for the security treatment
   applied to these packets.

   In our framework, it seems that the various boundary cases should be
   treated individually. Classic NAT is stateful and typically has to
   run over a single physical device. In this case, it is natural to
   locate a Proxy NSIS agent at the NAT device. In order to do
   consistent message processing on the user and signaling data, this
   will have to be closely integrated with the NAT functionality,
   probably according to a proprietary behavior specification; however,
   the rest of the network should continue to be unaware of its
   presence. On the other hand, SIIT being stateless, it should ideally
   also be possible to translate NSIS messages statelessly, which would
   require extensions to the current definition, comparable to those
   needed to handle IP options or extension headers. This requires

   Hancock et al.    Informational - Expires August 2002            41                 Towards a Framework for QoS Signaling    February 2002


   defining a NSIS data format which could have semantically identical
   v4 and v6 forms, but NSIS proxies should not be enforced for this
   case.

   The situation of modified network layer identifiers may require
   extended address format capabilities for NSIS signaling data to
   include the new formats, and also a precise definition of the
   semantics of addressing information elements (e.g. whether or not an
   address in a classifier refers to the HAO if present).

   It is certain that these addressing considerations will need to be
   re-evaluated when a more concrete NSIS solution is ready to be
   considered. At that stage, it might even be questioned whether
   support for all possible network scenarios (e.g. NAT) needs to be
   maintained.

 5.7  Support for Adaptive Applications

   Adaptive applications require feedback about the ongoing resource
   availability in the network, or the occurrence of QoS violations.
   The actual frequency and detail required in the feedback messages
   any vary depending on the scenario, e.g. mobile vs. fixed network.

   In the following discussion, it is assumed that the feedback
   information should be passed back to the initiator of the session,
   and then on to the application to whom the session belongs.  The
   application can choose to take adaptive action if required, which
   may result in a re-negotiation of resources along the data path.

   There are a number of ways that QoS feedback information to the
   Initiator.

   1.      Information can be sent direct to the QoS initiator: the NSIS
     Agents maintain the address of the initiator to allow the QoS
     violation notification to be signaled directly. When a proxy is
     present in the path and has modified the initiator identifier to
     identify itself, the message will be sent direct to the proxy
     instead of the real initiator. There may be trust issues
     associated with this approach concerning the fact that the
     initiator will be receiving information on which it is basing re-
     negotiation decisions from an untrusted node.  However, the
     signaling does not have to be processed by all intermediate NSIS
     Agents.

   2.      Information can be sent hop-by-hop back towards the initiator: the
     feedback information is signaled backwards between NSIS Agents on
     the data path until it reaches the QoS Initiator. Each NSIS Agent
     must maintain previous hop information and process the messages in
     part to forward the messages to the correct agent.  However, the
     Initiator will receive information from a peer NSIS Agent with
     whom it has established a trust relationship.


   Hancock et al.    Informational - Expires August 2002            42                 Towards a Framework for QoS Signaling    February 2002


   3.      Information can be sent downstream in the data path to destination
     domain and reflected back to the Initiator: the violation
     information is simply sent along the signaling path to the
     destination node that then reflects this information back to the
     receiver.  No state information is required within the NSIS
     Agents, but the propagation time for the signaling to reach the
     Initiator is increased

   Only the entities that know about violations need to support
   violation reporting.  When the QoS for a flow that is being
   transported as an aggregate is violated, it is a local matter as to
   whether this information is propagated, and implies some per-flow
   knowledge about the flows in the aggregate.  This is to allow the
   information to be propagated to the correct Initiator and is may be
   undesirable for scalability reasons.

   The decision about how feedback to applications is supported by the
   framework will impact the QoS signaling data that has to be carried
   by the protocol, and also the state information maintained by NSIS
   Agents depending on the chosen option.

 6  Applicability of Other QoS Frameworks and Protocols

 6.1  Incremental Deployment in an NSIS-Unaware Internet

   Introduction of NSIS compliant network components most likely will
   follow a step-by-step process where deployment in few networks has
   to be considered at the beginning. A three stage introduction
   process is described assuming few NSIS compliant domains at the
   beginning. If NSIS technology could gain more acceptance after the
   introductory phase a heterogeneous infrastructure with NSIS capable
   domains and non NSIS capable domains intermixed arbitrarily is
   assumed.

   For the non NSIS compliant domains in operation two cases can be
   thought of.

   a. Heterogeneous QoS Signaling Solutions

   A domain offers QoS provision mechanisms but QoS signaling is not
   compliant with NSIS protocols, e.g. an ISP's proprietary solution is
   in operation. Application of appropriate interworking mechanisms
   have to be considered then. NSIS signaling data traversing a non
   NSIS compliant domain should not be subject to loss or delay caused
   by low priority handling. To avoid loss, NSIS signaling information
   either may be encapsulated or may be forwarded transparently in non
   NSIS aware regions. Additionally non NSIS compliant domains have to
   provide mechanisms to forward NSIS signaling information with the
   required reliability and priority, which has to be defined by
   service level specifications (SLS's).

   b. Best Effort Forwarding Paradigm

   Hancock et al.    Informational - Expires August 2002            43                 Towards a Framework for QoS Signaling    February 2002



   In this case end to end signaling and QoS provision is broken by non
   QoS aware domain(s). Consequently delivery of end to end services is
   not possible with satisfactory service level guarantees.

 6.1.1  Step 1: NSIS compliant Islands

   In this situation deployment of NSIS technology is in its initial
   phase. The technology can be used for usage of intradomain QoS
   sensitive services. Then NSIS signaling can be applied e.g. for
   accessing services from a local host. This approach can be
   associated with the walled garden model [12]. A more complex
   scenario deals with application flows that may extend along non NSIS
   aware domains. A potential option for signaling between remote NSIS
   agents can be accomplished by using a leased line service for
   bridging the NSIS islands. Transport characteristics of  the leased
   line service have to be taken into account when deciding about
   admission of an NSIS resource reservation request. Therefore gateway
   node interfacing with the leased line service are responsible to
   perform AAA functions on single flows and flow aggregates, that
   require resources for bridging to a remote NSIS domain.

 6.1.2  Step 2: Heterogeneous Infrastructure

   With the incremental deployment of further NSIS technology a mixed
   infrastructure is assumed comprising NSIS compliant and non NSIS
   compliant domains. Some end to end NSIS signaling may be
   accomplished without break in between even if several domains have
   to be crossed. Still there remains some potential for unreliable
   transport and signaling especially when the QoS enabled path extends
   along several domains. This problem can be reduced by introducing
   "trusted" NSIS regions. This concept assumes 'strong' SLA's between
   several ISP's, extending a trusted NSIS region among several
   domains. Further enhancement can be achieved by an approach, which
   relies on an extended record route mechanism. Detection of next hop
   NSIS agent requires the tracking of all NSIS agents along and end to
   end path. The NSIS agent record can be used by all NSIS agent to
   check whether the next hop agent is available in a network domain
   with established SLA's for proper interworking. With the proposed
   concepts an ISP may be aware with reasonable high reliability which
   destination network will be reachable through NSIS signaling without
   signaling and service break in between.

   Destination networks may not be reachable without leaving an NSIS
   compliant region. Reliable transport of NSIS signaling with
   appropriate QoS provision could be enforced if there is no more than
   one non-compliant NSIS domain between NSIS compliant domains with
   appropriate SLA's in place.

   In the context of heterogeneous infrastructure we consider a
   scenario where a host or network node wants to act as QoS initiator
   for NSIS signaling without actually being capable of doing so. Proxy

   Hancock et al.    Informational - Expires August 2002            44                 Towards a Framework for QoS Signaling    February 2002


   NSIS agents described in this document may take over the QoS
   initiating part in this situation. ISP's could benefit from this
   scenario by offering QoS enabled services to a larger number of
   customers.

 6.1.3  Step 3: Widespread deployment of NSIS

   A widespread deployment of NSIS compliant domains represents an
   optimistic case though it may be considered for specific countries
   or federal states. Compared to step 2 of deployment there are no
   further technical issues to consider here.

 6.2  Basic Diffserv

   DiffServ domains can be deployed in a variety of ways. Particularly,
   they may work with or without admission control. If admission
   control is included, it may work based on a variety of data. In this
   context, DiffServ networks with the admission control based on the
   flow characteristics and the flow's QoS requirement are interesting.
   This information would be transferred by NSIS signaling. The
   admission control typically is handled by edge routers or by
   bandwidth brokers. Consequently, QoS controllers would be located on
   the corresponding entity(entities), as applicable for a particular
   network. The next QoS controller would be either the egress router,
   or the bandwidth broker of the next domain. Inside the DiffServ
   domain, usually no QoS controller is necessary.

   The responsibility of the QoS controller also includes providing for
   proper (re-)marking of data packets at the ingress router to the
   DiffServ domain. RODA [16]defines a signaling and resource
   reservation protocol for DiffServ domains. It can be regarded as a
   QoS provisioning signaling protocol, outside but compatible with the
   NSIS framework.

 6.3  Basic Intserv

   In an IntServ domain, each router is in charge of its own resources
   and needs QoS signaling information. Hence, each router in fact is a
   QoS controller.

   If RSVP will be used as the / one NSIS signaling protocol, this
   scenario fits in seamlessly. If on the other hand, NSIS decides on
   using another signaling protocol, we need interworking of the NSIS
   protocol and RSVP at the edge router of the IntServ domain. In this
   case, the edge routers are QoS Controllers only, and RSVP is QoS
   provisioning signaling.

 6.4  RMD

   Resource Management in Diffserv (RMD) is designed for edge-to-edge
   resource reservation in a Differentiated Services domain [13]. The
   RMD framework defines two architectural concepts:

   Hancock et al.    Informational - Expires August 2002            45                 Towards a Framework for QoS Signaling    February 2002



     - the Per Hop Reservation (PHR)
     - the Per Domain Reservation (PDR)

   Individual candidate resource reservation protocols are envisioned
   for both concepts. A PHR protocol is used within a Diffserv domain
   on a per-hop basis to augment the Diffserv Per Hop Behavior (PHB)
   with resource reservation. It is implemented in all nodes in a
   Diffserv domain. On the other hand, a PDR protocol manages the
   resource reservation per Diffserv domain, relying on installed PHR
   resource status in all nodes. The PDR is only implemented at the
   boundary of the domain(at the edge nodes).

   The RMD framework uses the Diffserv classes Expedited Forwarding(EF)
   [14] and Assured Forwarding (AF) [15] as QoS classes. It is implies
   that any network supporting the RMD framework is able to classify,
   mark, police and schedule the traffic accordingly. A signaling
   protocol is proposed as well for allocating resources hop by hop in
   a DiffServ capable domain. An instantiation of a PHR protocol is
   named RODA [16] (Resource Management in Diffserv On DemAnd), which
   has been proposed recently. In contrast, the PDR can be supported
   either by a new protocol or (one or more) existing protocols.
   Examples of such existing protocols can be the Resource Reservation
   Protocol(RSVP) [17], RSVP aggregation [5] etc.

   For PHR the RMD Framework currently specifies two different groups:

   The Reservation-Based PHR group

   In this PHR group, each node in the communication path from ingress
   node to egress node keeps only one reservation state per PHB. The
   reservation is done in terms of resource units, which may be based
   on a single parameter, such as bandwidth, or on more sophisticated
   parameters. These resources are requested dynamically per PHB (i.e.,
   per DSCP) and reserved on demand on all nodes in the communication
   path from an ingress node to an egress node. Furthermore, this PHR
   group has to maintain a threshold for each PHB that specifies the
   maximum number of reservable resource units.

   The Measurement-based Admission Control (MBAC) PHR group

   This PHR group is used to check the availability of resources before
   flows are admitted.  That is, measurements are done on the real
   average traffic (user) data load. However, the measurement based PHR
   uses two states. One state per PHB that stores the measured user
   traffic load associated to the PHB and another state per PHB that
   stores the maximum allowable traffic load per PHB.

   The RMD framework supports signaling to achieve load sharing among
   several paths. Interior nodes are able to observe when a load
   sharing situation occurs and know the number of multiple equal cost
   paths that a routing protocol will use to provide the load sharing

   Hancock et al.    Informational - Expires August 2002            46                 Towards a Framework for QoS Signaling    February 2002


   principle. Subsequently, for each arrived PHR message which is
   affected by the load sharing principle, the interior node will be
   able to create the appropriate number of PHR messages of identical
   type as the original one. "Appropriate" here means the number of
   paths participating in the load split.

   In the following an assessment is done on fitting the RMD framework
   proposal with NSIS requirements [1]. The goal is to apply and reuse
   RMD concepts for NSIS based solutions where possible.

   The RMD framework proposes a scalable solution and fits with the
   ideas of lightweight signaling. In particular, little state
   information is required for hop by hop signaling in the Diffserv
   domain. A major benefit is the possible reuse of existing signaling
   protocols (RSVP etc.) and QoS provisioning mechanisms (Diffserv).
   Independence of signaling and provisioning paradigm is achieved by
   the RMD framework. PDR allows hiding the internal structure of a QoS
   domain from end-nodes and from other networks. A useful feature not
   explicitly part of the NSIS requirements is support for load
   balancing.

   RMD focus is on intradomain but does provide hooks for domain
   interworking, and requirements that typically come from the end to
   end or host to edge signaling cases are emphasised less. Resilience
   aspects are not explicitly mentioned. RMD doesn't consider
   interworking with QoS provisioning mechanisms other than Diffserv.
   Processed state information for each PHB is restricted to a maximum
   of two states, which are measured traffic load and maximum allowable
   traffic load by name. Mobility support is not considered in the RMD
   framework.

   Though the RMD framework does not cover some crucial requirements to
   be met by an NSIS solution it seems to fit into our overall NSIS
   framework. RMD can be considered to provide a sub-solution for our
   NSIS framework with beneficial extensions to an Diffserv network.

 6.5  MPLS

   In MPLS, the ingress router to a domain sets up LSPs e.g. edge-to-
   edge. Particular LSPs may be set up for a particular QoS class. For
   the ingress router it is necessary to know the QoS requirements of
   an incoming flow in order to map it to the appropriate LSP. Hence,
   in MPLS domains, ingress routers are QoS controllers. The next QoS
   controller is on the egress of the LSP of the signaled flow. Note
   that signaling inside the MPLS domain, e.g. for setting up LSPs, is
   not in any way changed by NSIS signaling but can regarded as a form
   of QoS signaling provisioning.

 6.6  Bandwidth Broker

   Bandwidth brokers are QoS controllers outside the data path. As
   illustrated in section 4.5 on Routing Aspects, such QoS controllers

   Hancock et al.    Informational - Expires August 2002            47                 Towards a Framework for QoS Signaling    February 2002


   naturally integrate into the NSIS framework, as signalling cannot be
   assumed to follow the data path anyways as soon as other than
   destination-based routing is employed. Examples of bandwidth brokers
   integration in NSIS signalling are given in the following.

   The basic scenario is a bandwidth broker being the only QoS
   controller in a domain. It makes its existence known to QoS
   controllers in neighbouring domains, and directly receives NSIS
   signalling from them. For provisioning QoS, the bandwidth broker may
   signal to all routers in the domain, as illustrated in section 5.4.
   Alternatively, the bandwidth broker may just monitor router loads in
   the domain, and base admission control decisions on monitoring
   results.

   In a more involved scenario, additional QoS controllers are located
   on edge routers. These edge routers are responsible for interworking
   with outside domains. NSIS signaling in this case arrives at edge
   routes first, which relay it (without any QoS provisioning action)
   to the bandwidth broker(s). The bandwidth broker addresses the  NSIS
   signaling to the next-hop QoS controller, the egress router. It
   needs to be investigated whether such a scenario is more robust,
   since edge routers are in the data path and can always be discovered
   by the default routing of NSIS signaling packets with Router Alert
   Option on (cf. section 4.5). Additionally, it facilitates topology
   hiding (at least the existence of the bandwidth broker is hidden)
   required by some operators.

   Of course, a bandwidth broker can also act as a QoS Initiator, for
   example for setting up inter-domain aggregate reservations.

 7  Possible NSIS Signaling Protocols

 7.1  RSVP and its Extensions

   RSVP has been extended in a number of directions, e.g., aggregation,
   DiffServ, tunnel, policy, proxy, and mobility support. Together with
   these extensions, RSVP serves for broader applicability of signaling
   beyond the IntServ model only.

   RSVPv1 provides an ability to communicate the application's
   requirements to network elements along the path and to convey QoS
   management information between network elements and the application.

   RFC 2746 [18] extends RSVP to provide signaling support in IP
   tunnels. The tunnel RSVP session views the two tunnel endpoints as
   two end hosts with a unicast FF style reservation in between; the
   e2e RSVP session views the tunnel as a single link on the path
   between the source(s) and destination(s). Inside the tunnel, the
   endpoint uses a new SESSION_ASSOC object in the Path message to map
   between an e2e session and a tunnel session, and uses a tunnel Resv
   to reserve resources.


   Hancock et al.    Informational - Expires August 2002            48                 Towards a Framework for QoS Signaling    February 2002


   RFC 2749 [19] supports COPS policy services in RSVP environments.
   All objects carried in RSVP messages received  by the PEP (if not
   matching its cache) are encapsulated in a Client Specific
   Information (CSI) object and sent to the PDP. COPS provides the PDP
   with flexible policy controls upon receipt of the CSI, making
   decision per reservation flow.

   With RFC 3175 [5], individual flows can be aggregated in an
   aggregated region. Aggregated Path/Resv messages are used in the
   region to setup and maintain aggregation sessions. According to
   DiffServ, DSCPs are used to identify the traffic belong to the
   correspondent aggregation. The DSCP can be specified by a DCLASS
   object per [20]. One or more Diff-Serv PHBs are used to offer the
   required forwarding treatment to this traffic.  The corresponding
   PHB is determined by the Intserv to Diffserv mapping rules
   recommended by [6].

   With the addition of [22], RSVP is also used to proxy the RSVP
   messages intended for one of the communication ends in  an
   intermediate node. The node running the rsvp-proxy takes the
   responsibility of the other communication end. A RSVP receiver
   proxy may generate a Resv message upon receipt of a Path  message. A
   RSVP sender proxy can initiates a proxy Path message upon some
   policy-based triggers.

   With various proposed mobility extensions, RSVP is used for
   signaling application's requirements when hosts are mobile. For
   examle, Shen  et al [21] suggest a way to use the mobile node's home
   address to identify the source or destination of a RSVP flow. In
   [23] a "mobile-proxy" is put at the edge of the access domain  on
   behalf of RSVP messages: inside and outside the access domain,  LCoA
   (local CoA) and RCoA (RCoA) of the mobile node will be used to
   identify the same RSVP session. The mobile-proxy will either change
   the session information in Path/Resv message accordingly and forward
   it (when it is an inter-domain handoff), or generate a Path toward
   the  mobile node / respond with a Resv message upon receipt of a
   Path  message from the mobile node (when it's an intra-domain
   handoff).

   Hancock et al.    Informational - Expires August 2002            49                 Towards a Framework for QoS Signaling    February 2002



 7.2  RSVP ultra-lite

   Per RSVPv1 [17], a unicast session is defined as session which has
   one or multiple senders, one receiver. Multicast as well as multiple
   senders unicast brings much difficulty e.g., in state merging and
   maintenance. However there are many cases when a session has one
   sender, one receiver. In this section a possible functionality set
   of the simplified RSVP for one sender, one receiver unicast is
   discussed.  We use the abbreviation "RSVPvs" in the following
   discussion.

   - The session identification in RSVPvs. In RSVPv1, a SCOPE object
   carries an explicit list of sender hosts, and (DestAddress,
   ProtocolID[, DstPort]) is used to identify a session. A fileterspec,
   together with the session information, defines the set of data
   packets to receive the QoS specified in a flowspec and is used to
   set parameters in the packet classifier function. In RSVPvs, there
   will be only one FF style for reservation, hence the sender address
   with a port number may be added in the session information; the
   SENDER_TEMPLATE, FILTER_SPEC, STYLE and SCOPE objects can be
   omitted. Alternatively it is also possible to keep the same session
   identification and use the (FILTER_SPEC, session) pair to classify
   the packets belongs to a session.

   - Message processing. The simplification as above may apply to all
   messages in RSVPvs. As a result of the one-to-one feature of
   sessions, in RSVPvs there will be no necessity for FLOWSPEC merging
   (or change) - and later, complexity in the state maintenance - when
   a session is reserved (or torn down). Path messages are reduced to
   transmit SENDER_TSPEC (and optional ADSPEC to find the predicted e2e
   QoS) and Resv messages are still used to reserve resources but no
   FLOWSPEC merging is required. It is possible for RSVPvs to simplify
   the sender-initiated reservation: senders are usually not able to
   predict the end-to-end service, thus it is possible to use only a
   Resv message in the direction which he/she wish to send. In this
   case, a SENDER_TSPEC will be required to be carried in the Resv
   message. An even simpler possibility is, a Resv message initiated by
   either the sender or the receiver, carrying a SENDER_TSPEC, a
   FLOWSPEC, and optionally an ADSPEC, may be sufficient for the NSIS
   signaling, and reduces to a pure "one-pass" approach.

   - Application for RSVP aggregation and other extensions. In RFC
   3175, it is suggested that reservation state is per multicast
   session inside the aggregation region, and multicast flows
   heterogeneous reservations increase the difficulty in RSVP
   aggregation. For RSVP proxy [22] and various proposed mobility
   extensions [23], it is extremely difficult to manage multicast
   sessions which are not supported for many applications. In contrast,
   RSVPvs allows a uniform method for flow aggregation in the aggregate
   region as well as in processing in proxy scenarios; thus largely
   decreases the overhead for multicast sessions.

   Hancock et al.    Informational - Expires August 2002            50                 Towards a Framework for QoS Signaling    February 2002



 7.3  In-band QoS Signaling

   In some scenarios, it may be advantageous to include QoS related
   data within existing, non-QoS specific signaling messages such as
   routing signaling or mobility related signaling, or even within
   ordinary IP data packets.

   As an example, if we consider a situation where a mobile node is
   attached to an access network, when the mobile changes its point of
   attachment i.e. handsover, the routing in the network must be
   updated so that traffic is sent to the mobile's new location. At the
   same time, any QoS state stored along the old path must also be
   moved to the new path.  This process can be optimized by including
   QoS information about a mobile's traffic flows in the routing update
   messages, so that re-routing and resource allocation occur
   simultaneously. INSIGNIA [24] proposes such an in-band signaling
   approach that explicitly carries control information in the IP
   packet header (so-called INSIGNIA IP option). This approach allows
   one-pass check for the required resources along the path toward the
   destination node.

   A similar concept has been suggested for QoS support in Mobile Ipv6
   [25]. The basic idea is to define a new hop-by-hop header containing
   a so-called QoS object. The QoS object codes the QoS desired by a
   flow and is attached to the mobile IP Binding Update. Each node
   along the path reads the QoS object (acts as a QoS controller) and
   provides QoS accordingly, if it has the resources to do so. This
   way, QoS along the new path after handover is provided by one-pass
   signaling simultaneously with the Binding Update. The QoS Initiator
   may be either the end host, or the Access Router who received the
   information on QoS desired by the end host e.g. by a SEAMOBY
   mechanism, or the Correspondent Node who received a Binding
   Update. The drawback of this one-pass signaling is of course that
   the QoS Initiator doesn't receive any feedback on whether the QoS
   desired is at all available along the new path.

   This problem is solved in [26]. Here, the Binding Update is
   conditionalized upon receiving the QoS desired along the new path.
   If a router cannot provide adequate QoS it returns the Binding
   Update as invalid. Furthermore, the QoS object does not need to be
   read by every host, but could be obtained by the new access router
   from the old access router e.g., by way of Context-Transfer [27].

   Lightweight QoS signaling via QoS object has so far only been
   investigated for providing QoS after hand-off. Whether it is a
   viable option for QoS signaling in general needs further study, but
   the mechanism is flexible enough to operate in many different
   situations, not only those related to mobility scenarios.

   Hancock et al.    Informational - Expires August 2002            51                 Towards a Framework for QoS Signaling    February 2002



 8  Possible NSIS QoS Class Descriptors

   It may be possible to re-use existing QoS class descriptors for use
   as QoS signaling data options. Re-use of parameters provides
   simplified interworking with existing QoS mechanisms such as IntServ
   or COPS based networks, and also stops 're-invention of the wheel'
   with existing work taken as a starting point for any extensions.

   The following section provides a brief introduction to the possible
   descriptors that could be re-used in the framework, and a brief
   overview of where they might be useful. However, an in-depth
   analysis will need to be performed at a later stage.

   - DiffServ PHBs/PDBs: the per-hop behavior (PHB) is a description of
     the externally observable forwarding behavior of a DiffServ node
     applied to a particular DiffServ behavior aggregate [28].  The Per
     Domain Behavior (PDB) describes the behavior that should be
     experienced by a particular set of packets as they cross the
     DiffServ domain by specifying how the forwarding path components
     work together [29].  These cannot be used to accurately describe
     the application requirements end-to-end, but may prove useful for
     aggregation purposes both within a domain, and potentially between
     domains if the appropriate administrative relationship is in
     place.

   - UMTS bearer classes [30]: provides four distinct classes of
     parameter for different types of application traffic,
     conversational, streaming, interactive, and background.  These
     parameters are fairly abstract and could be re-used to provide
     end-to-end application requirement descriptions.

   - IntServ Tspec/Rspec [31, 32]: describes a traffic flow in terms of
     token bucket and other parameters such as the maximum datagram
     size and an indication of the desired service (controlled load or
     guaranteed service).  The parameters exchanged in the Tspec and
     Rspec have been the result of intensive analysis work. These
     parameters are used to configure the schedulers within the
     routers. The IntServ Tspec/Rspec is appropriate for QoS
     provisioning since it indicates parameters for router
     configuration, but may also be suitable for end-to-end if it is
     flexible enough to meet all requirements.

     Additions to IntServ parameters have been proposed in [2] to
     improve the operation of Integrated Services in environments with
     wireless links.

   Translation between domains using different QoS parameters can be
   provided by local 'stacking' of parameters, but these must be
   derived from a well defined and understood set of parameters that
   are transferred end-to-end. Since the QoS class descriptors are

   Hancock et al.    Informational - Expires August 2002            52                 Towards a Framework for QoS Signaling    February 2002


   primarily for end-to-end use, excessive flexibility and support for
   multiple options may lead to inter-operability problems.

 9  Security Considerations

   This section tries to identify and describe possible security issues
   related to a QoS framework. We would like to focus on the security
   issues of the QoS signaling protocol and not to concentrate too much
   on the protocols supporting the QoS signaling and provisioning for
   example COPS, AAA, LDAP etc. For a security architecture it is
   useful to distinguish between user-related security and network
   domain security. The first part of this section concentrates on the
   user-related security, whereby an end-node (i.e. a user) issues a
   quality of service request that first reaches the network at the
   first hop router. That is, this section deals with the first stage
   of the QoS signaling. The next section discusses network-to-network
   and intra-domain signaling security. This addresses the network
   domain security part of the security architecture. Finally, the last
   section addresses end-to-end signaling issues which are also user-
   security related but usually not addressed in the context of QoS
   signaling. We, however, think that it is worth investigating issues
   concerning end-to-end security within a QoS framework.

 9.1  End-Node to Network Signaling

   In order to authenticate to the network the user has to know (at
   least for the case of symmetric cryptography) to which entity he has
   to authenticate since he has to select the appropriate security
   association and the corresponding key. To support the generic
   roaming case there must be a way for the mobile node to learn the
   identity of this node. This can be the first hop router or another
   node in the network. If these two entities already share a security
   association, then an initial key management protocol was executed
   because manual key distribution is practically not feasible in a
   mobile environment. This established security association can be
   created using protocols like PANA or could be the result of a AAA
   protocol exchange that took place at the time the mobile node had to
   authenticate to the network. Since the mobile node is likely to be
   attached to a network different to his home network cross-realm
   authentication may very likely be required. However there is no need
   to solely create the QoS required security association with the help
   of a separate run of a key management protocol supporting cross-
   realm authentication. It is sufficient to derive the QoS required
   security association based on some available session key distributed
   by some other protocol. Hence the actual authentication and key
   distribution procedure executed with the visited network may already
   be finished at the time the QoS signaling is started. However, from
   this there is still the need to derive QoS related security
   association. Furthermore, it may be required to transfer the key to
   the appropriate entity in the network with which the security
   association is required. For the discovery of this entity several
   mechanisms could be used that are already used in other protocols.

   Hancock et al.    Informational - Expires August 2002            53                 Towards a Framework for QoS Signaling    February 2002


   The mobile node could learn this information via Router
   Advertisements, address the entity with an anycast address, the
   mobile node could retrieve information from a DNS server or query a
   DHCP server. Additionally service location protocols could be used.
   Note however that there is a strong need to execute this task
   securely and as fast as possible since a real-time service would
   suffer from performance degradation. The mechanism which results in
   the lowest latency is probably to pre-configure a particular entity
   within the network whose identity is already constructed in a
   deterministic way. The first-hop router would be an example for such
   a node since its IP address is supposed to be known to the mobile
   node. The Kerberos principal name could be derived from the IP
   address with a specific service prefix and the realm name would then
   be taken from the Router Advertisement. Instead of having a pre-
   shared security association of some kind it would be possible to
   make use of Kerberos to dynamically derive one. Kerberos has the
   main advantage that it obsoletes a separate, independent, previously
   executed key management protocol since the purpose of the ticket
   inside the AP_REQ request is to provide the session key to the other
   party and to provide authentication. Note that the authentication
   and the guarantee of freshness provided with the Kerberos
   Authenticator can also be replaced by some other mechanisms similar
   to those provided by the Integrity Object in RSVP. Usually the
   Kerberos message exchange required to request the session ticket for
   a particular principal is outside the scope of a QoS signaling
   protocol but may require several roundtrips because of a cross-realm
   authentication procedure. The total number of messages that need to
   be transmitted depend on the type of inter-realm navigation that is
   required to navigate from the home domain possibly via several
   intermediate domains to the visited domain. This "navigation"
   involves the request for cross-realm ticket granting tickets and the
   corresponding response. Note that PKCROSS allows reducing the number
   of round-trips for a cross-realm navigation and PKINIT allows a user
   to use public key based mechanisms to request the initial ticket
   granting ticket. PKINIT therefore also allows problems related to
   dictionary attacks to be defended. The usage of passwords and
   Kerberos has often caused concerns and some papers have been
   published to address these issues and how to prevent them.

   If we speak about authentication then we also have to answer the
   question of what identities to use for identification. For the QoS
   Initiator possible identification entities are the user, the host on
   which the user resides and an entire network as described in more
   detail in the next section. The type of identity used heavily
   depends on the authentication protocol. Different identifiers are
   used in Kerberos, AAA or as subject names inside certificates.
   Additionally to the identity used by the user a host identity (i.e.
   IP address) must be transmitted to the network and updated in case
   of a movement since the accounting rules and firewall filters at the
   edge of the network must reflect the fact that a particular user is
   allowed to transmit data traffic that receives the desired QoS
   treatment. Kerberos additionally complicates the authentication by

   Hancock et al.    Informational - Expires August 2002            54                 Towards a Framework for QoS Signaling    February 2002


   the fact that the mobile node needs to learn the principal name of a
   node for which he has to request the session ticket.

   There may also be a concern about the user identity confidentiality.
   Hence it might be favorable to use a temporal identity for
   subsequent sessions after a successful authentication. Note that the
   question of user identity confidentiality might raise other
   difficult questions that need to be answered. The initial
   authentication protocol must provide some means of identity
   protection which is not the case for current protocols like
   Kerberos, Radius, Diameter etc. If the underlying authentication
   protocol reveals the user identity then it might be difficult to
   provide some useful protection at the QoS signaling level.
   Furthermore it must be clear against whom these user identities need
   to be protected i.e. what threat scenarios are applicable. For a
   service provided at the visited network it might not be necessary to
   know the real name of the user issuing the QoS request - a pseudonym
   might be sufficient. The name must however provide enough
   information to find and associate the corresponding home realm with
   the user if traditional accounting with AAA protocols is used. Hence
   there is a strong relationship with accounting and payment at this
   point. Furthermore it might be necessary to protect the transmitted
   identity against eavesdropper on the link between the mobile node
   and for example the first hop router. These issues require a careful
   investigation since there are strong interdependencies with other
   protocols and hence this issue might be difficult to solve in
   general.

   To provide mutual authentication a second step has to be executed
   after the user is authenticated to the network. In most cases it is
   assumed that the initial key management protocol already provided
   enough evidence to authenticate both parties mutually against each
   other to prevent false base station like attacks. However note that
   care must be taken if such an assumption does not hold. The fact
   that most QoS signaling protocols use a message from the imitator to
   the network and vice versa allows the initiator to be assured that
   the other party knows the session key.

   The authorization step executed after a successful authentication of
   a QoS request may result in a token to be transmitted along the QoS
   signaling path within the same administrative domain to provide
   subsequent nodes with enough information to do admission control.
   The authorization step usually requires a router that receives a
   properly secured resource request to trigger other protocols to
   retrieve the desired information. Such a token may have already been
   handed over to the QoS initiator as part of a protocol executed
   preceding the QoS signaling (e.g. a SIP signaling protocol run) and
   used to provide a pointer to an already executed authorization step.

   The issue of public key based authentication of the mobile node to
   the visited network is somewhat more complex than the symmetric
   case. If we assume that accounting (and the payment of the consumed

   Hancock et al.    Informational - Expires August 2002            55                 Towards a Framework for QoS Signaling    February 2002


   resources) is the main goal of the authentication of the mobile node
   (i.e. of the user) then there must be a strong interrelationship
   between a payment protocol and the public key based authentication
   protocol. Otherwise it would be quite difficult to accomplish the
   accounting task. This requires some investigations for alternative
   means of access authentication and payment. The combination between
   a public key based authentication and the traditional AAA
   infrastructure may lead to the conclusion that two different
   authentication mechanisms are used together although a single one
   might be sufficient. Furthermore it should not be underestimated
   that public key based authentication involves substantially more
   computational operations than symmetric cryptography and then there
   are issues related to certificate path validation, certificate
   revocation, etc. This may imply that a digital signature used to
   protect every QoS signaling message might not be an advantage in the
   context of "lightweight" QoS signaling. If a digital signature is
   used with every QoS signaling message then denial of service attacks
   are more easy to launch since the verification of the signature
   requires more performance demanding cryptographic computations than
   the verification of keyed message digest.

   Public key based mechanisms may therefore be more interesting for
   initial key distribution (key transport or key agreement) where
   several roundtrips are more likely to be accepted. The resulting
   session key could then be used to protect subsequent QoS signaling
   messages. User identity confidentiality however can be solved more
   efficient using public key based techniques compared to symmetric
   alternatives. The question of discovering the identity to which the
   user or the user's host has to authenticate is also less difficult.

   The main threats that must be prevented in this context are the
   following. A malicious user must not be able to request resources on
   behalf of another user. We can prevent this threat by requiring
   every user to authenticate and to issue only authenticated,
   integrity and replay protected QoS signaling messages. A subsequent
   step of authorization ensures that each user can only request the
   amount of resource he is entitled to. This step is executed as part
   of the policy based admission control procedure. If every user
   requesting resources is authenticated and the request is properly
   integrity and replay protected then there is no danger of denial of
   service attacks against the access network whereby an
   (unauthenticated) adversary massively requests resources. Special
   cases during the reservation setup like the RSVP Killer Reservation
   are no security issue by itself. A different threat, which was
   previously mentioned, is related to user identity confidentiality
   whereby an adversary learns the user identity and the corresponding
   QoS request issued. It is an open point of discussion whether this
   threat should be addressed or not.

   If we assume a preceding authentication and key agreement phase
   before the QoS signaling is started then we have the following
   advantages. First, the user can easily authenticate himself using

   Hancock et al.    Informational - Expires August 2002            56                 Towards a Framework for QoS Signaling    February 2002


   various types of protocols including public key based protocols. It
   may therefore be possible to run any "administrative tasks" which
   may be more time-consuming in advance to the actual QoS signaling.
   Second, such an initial phase allows the network and the user to
   establish the required QoS security association. Furthermore the
   identities used within the initial authentication step may be
   different to those used during the QoS signaling. For the benefit of
   user identity confidentiality and shorter messages it would be
   beneficial to use a short identifier with local meaning (independent
   of the IP address of the user's host) to select security
   associations and to identity the registered user. These messages
   have typically lower time constraints and the message exchange may
   involve several roundtrips. Please note that such an initial
   authentication and key agreement phase does not necessarily need to
   be part of the QoS protocol and may also be optional.

 9.2  Network to Network

   As soon as the QoS signaling message is authenticated and the
   request is authorized a token may be added to allow subsequent
   routers participating in the QoS signaling to immediately have a
   possibility to point to the already established authorization state
   maintained at some nodes in the network. Note that this
   authorization token may already be obtained from a different
   protocol executed before the QoS signaling took place. This issue
   was already mentioned in the previous section.

   The QoS signaling messages then travel within the same
   administrative domain and experience hop-by-hop protection. Note
   that hop-by-hop protection does not necessarily mean that each node
   along the path needs to participate in the QoS signaling. Hop-by-hop
   security could also mean that the ingress router adds a security
   object and the egress router verifies this object and removes it and
   the nodes within the network may be transparent from the signaling
   point of view. There may also be the case that a different QoS
   mechanism is in place within the network and that a different
   security mechanism may be used to protect these signaling messages.
   Hop-by-hop security assumes a certain trust relationship between the
   entities within the core network whereby protection against outsider
   attacks and against nodes that do not participate in the QoS
   signaling itself is guaranteed.

   To provide fast processing of the messages within the core network
   the common security mechanism deployed for this purpose is a keyed
   message digest of the entire signaling message including a replay
   protection indicator (for example a sequence number). To provide
   protection against resynchronization failures countermeasures must
   be in place. Additionally it is required to consider the case of
   sequence number rollovers to provide rekeying in those cases.

   The key used to provide this hop-by-hop protection is often
   distributed with protocols different from the QoS protocol. Because

   Hancock et al.    Informational - Expires August 2002            57                 Towards a Framework for QoS Signaling    February 2002


   of the static nature of the network structure various means of
   distributing these security associations are possible. The
   possibilities range from manual distribution (for small networks) to
   network management protocols that allow automatic distribution to
   standard key management protocols. Note that a manually established
   QoS security association does obviously not allow rekeying. In
   larger networks public key based key management protocols may be
   used to allow more flexibility for the network provider. One
   important issue that has to be mentioned is that the key management
   protocols used must be able to create security associations that can
   be used with the QoS protocol. One possibility to secure a QoS
   protocol independent of the protocol itself is to provide protection
   with IPSec in a hop-by-hop manner. It must be noted that in such a
   case it is obvious that the processing for policy aware and policy
   ignorant nodes cannot be distinguished. Such a differentiation
   between nodes that are QoS aware but policy ignorant and other nodes
   that are QoS and policy aware cannot be accomplished at the network
   layer.  Furthermore there is little possibility for the application
   to recognize the existence of the underlying (for the application
   transparent) IPSec protection. Missing protection because of a
   misconfiguration can therefore not be recognized by the QoS
   signaling daemon.

   In order to select the correct security association it is necessary
   for the individual QoS aware network element (i.e. the network
   element actively participating in the QoS signaling) to know the
   next hop. Such information should also be available to the key
   management protocol and to the entities distributing the security
   associations.

   From a threat scenario perspective it is obvious that the choice for
   a hop-by-hop security nature also implies that insider attacks
   cannot be prevented. Hence if an adversary is able to break the
   security of a router participating in the QoS signaling then there
   is no possibility to prevent this adversary from modifying the QoS
   signaling messages or from mounting denial of service attack against
   the network. But, anyway, if an adversary is able to break into a
   router, he has the possibility of mounting all types of DoS attacks,
   not only for QoS. He can just throw away some packets or change some
   headers or whatever. Such a threat can only be reduced by end-to-end
   security means whereby the end-to-end protection of QoS signaling
   message parts is limited to those objects that do not change in
   transit. Message parts that need to be modified hop-by-hop obviously
   cannot be protected end-to-end. From this point-of-view it would be
   appropriate to separate the message parts of the QoS signaling
   message into those that change during transit and others that remain
   unchanged (mutable and non-mutable message parts). More problematic
   is the case where the QoS signaling messages traverse networks where
   no security protection (hop-by-hop protection within the network) is
   applied at all and the hop-by-hop security principle is violated.
   Obviously, in such a case it is not possible to ensure appropriate
   protection. We assume that every network requires that QoS signaling

   Hancock et al.    Informational - Expires August 2002            58                 Towards a Framework for QoS Signaling    February 2002


   messages transmitted by users always receive the necessary security
   protection. The exact threat caused to the network depends on the
   QoS signaling protocol used and on the scenario in which such a
   signaling is used. QoS protocols with one roundtrip may have the
   advantage that the first message establishes some state information
   before the actual reservation takes place. It is therefore assumed
   that a reservation message that is transmitted without a preceding
   path message cannot result in fully successful end-to-end
   reservation. A more detailed threat analysis may however be required
   for a particular QoS signaling protocol.

   If the QoS message leaves one administrative domain and enters
   another then network-to-network authentication has to be executed.
   Note that the above description assumes that the QoS Initiator is
   the user and the subsequent QoS signaling messages traverse through
   the network. However QoS signaling can also be initiated by the
   network which has basically the same consequences for network-to-
   network and intra-domain signaling. Usually it is assumed that two
   domains already have service level agreements and have a trust
   relationship established. This initial trust relationship then
   allows a security association to be dynamically derived based on
   some pre-shared secret or an existing public key infrastructure.
   Since scalability issues are important and other QoS technologies
   may be used that do not provide fine-grained reservations on a flow
   level there is no notion of the user initially triggering the QoS
   request at this point of the signaling that issued the resource
   request. Hence admission control is executed based on policies
   shared between the different network service providers.

   Finally the QoS signaling message terminates at the destination and
   the last hop must also be secured. If we assume a previous initial
   authentication and key agreement step of the quality of service
   supporting end-device then this existing QoS security association
   can be used to protect the message at the last hop. If such a
   security association is not available then the corresponding key
   management protocol must be triggered to dynamically derive one. In
   case of Kerberos the reversed authentication from the network to the
   user - the so-called user-to-user authentication could be used. The
   Kerberos case however is especially difficult since the network (or
   some node within the network to be more precise) does not know the
   identity of the end-node and hence it is difficult to request a
   session ticket if the realm and the principal name is unknown. A DNS
   lookup to determine the Kerberos realm and principal name may be
   possible based on the mobile node's or the server's (home) IP
   address. Furthermore the network does not know which protocols are
   supported by the end-node (which may also be a mobile node) and
   hence such a task can be difficult.

 9.3  End-to-End

   Traditionally there is little support for end-to-end security at the
   QoS signaling level. However there are two reasons that might argue

   Hancock et al.    Informational - Expires August 2002            59                 Towards a Framework for QoS Signaling    February 2002


   for incorporating end-to-end security mechanisms into a QoS
   protocol. First QoS signaling messages contain parts that do not
   change during transit and are therefore subject to a possible end-
   to-end protection. This circumstance is already described in the
   previous section. Hence if a previous protocol already established
   an end-to-end security association then such a security association
   may be reused for protecting the QoS signaling messages end-to-end.
   The second issue tries to address the case where other protocols are
   not executed before the QoS signaling took place. In this case the
   QoS signaling could be reused to transport authentication and key
   agreement messages that are later used to provide protection of the
   end-to-end data communication subsequent to the QoS signaling. Some
   key management protocols have been proposed that try to establish a
   session key with a single roundtrip. These protocols use timestamps
   for replay protection. To provide independence against the
   underlying transport protocol the data of the key management
   protocol are embedded into SDP.

   Finally, there is the issue of the subsequent protection of data
   traffic between the two end-nodes along the pinned path. TLS and
   other higher layer security protocols are independent and unaffected
   of the underlying QoS established data path. But in case of network
   layer protection as achieved with IPSec the relevant filters need to
   be adjusted to be able to identify the encrypted data traffic
   accordingly. Whatever QoS protocols are used care must be taken to
   ensure to allow IPSec protected data traffic to be transmitted over
   the QoS established path.

 10 Resilience and Scalability Considerations

   Resilience and scalability considerations may influence the NSIS
   framework. Resilience usually implies that a network designer
   strives hard to avoid single points of failure. At the same time
   information needs to be replicated without impacts on performance.

 10.1 Resilience

   Resilience as considered in this draft deals with NSIS agent failure
   and the consequences for the QoS architecture. If QoS control
   components are located within the data path, when a node fails or
   the data path changes due to re-routing both the signaling and data
   paths are affected. Resilience can be achieved by redirection around
   the point of failure, using for example, constrained based routing
   schemes. However, any state information maintained by the failed
   node must be transferred to another node, or re-discovered. If the
   QoS enabled path, including the state information can be re-
   established in a considerably short time an application would
   experience service degradation only for a short time period.

   Resilience has also to be considered when NSIS agent resides off the
   data path. When there is a node failure or re-routing along the data
   path, there is no need to move state information since it still

   Hancock et al.    Informational - Expires August 2002            60                 Towards a Framework for QoS Signaling    February 2002


   resides in the same NSIS Agent.  However, if the NSIS Agent fails,
   then the signaling path and state information must be recovered.
   Redundancy is achieved if a substitute NSIS Agent can take over on
   demand. Usually in case of failure a smooth change over with
   traversal of all current state information is not possible. To
   minimize the loss of signaled state information NSIS Agents within
   the same network domain may periodically update each other with
   context information. A substitute NSIS Agent in action needs to be
   properly addressed to process upcoming resource requests. For this
   purpose the new NSIS Agent should advertise its presence to
   counterpart NSIS agents located in end terminals, adjacent network
   domains or any other locations in the Internet.

   Resilience issues are closely related to the location of state
   information within the network.  The locations where state
   information is required must be determined, and the more globally
   useful the state information is, the more state information will
   have to be maintained.

 10.2 Scalability

   In the NSIS framework critical criteria for scalability can be
   described by the amount of state information processing and by the
   signaling overhead that is fed into the network.

   The first issue deals with the signaling state information that has
   to be processed by the NSIS agent. This will rely strongly on a
   number of framework level decisions.  The following discussion aims
   to highlight the amount of state information that must be maintained
   for the different options highlighted for a number of open issues in
   the framework.

   *)Basic Signaling Paths

   The two options and their implications are as follows:
   -    Sender Initiated: no state information is maintained in NSIS
   Agents
   -    Receiver Initiated: the 'previous' hop NSIS Agent address must
   be maintained to support correct routing of the message if the 'RSVP
   style' option is used.


   *)NSIS Signaling Protocols

   Identified the need for NSIS Agents to maintain information
   regarding:
   -    Peer NSIS Agents and authentication state and policy associated
   with them
   -    The next hop NSIS Agent associated with a particular flow or
   aggregate
   -    Timeout periods for reservations


   Hancock et al.    Informational - Expires August 2002            61                 Towards a Framework for QoS Signaling    February 2002


   *)NSIS Signaling Data

   Identified the need for NSIS agents to maintain state about:
   -    Identifying the flow or aggregate
   -    Scope identification for scoping parameters

   *)NSIS Aggregation Techniques

   Aggregation techniques can have a large impact on the amount of per-
   flow state information maintained within the NSIS Agents.

   An open issue here concerns whether a domain that is performing
   aggregation still needs to maintain per-flow state information.

   *)Support for Adaptive Applications
   Two options for providing feedback to applications were identified:
   -    Send feedback directly to the initiator:  this required the
   initiator ID to be maintained in the NSIS Agents
   -    Send feedback hop-by-hop back towards the initiator: the
   previous hop NSIS Agent address must be maintained.
   -    If admission control failed, and the application has indicated
   that it would like to be informed when resources become available,
   per-flow information and the initiator identity must be maintained.
   -    Threshold values for when the level of service provided
   requires that the application be informed via feedback messages

   Signaling overhead is less critical but influences the throughput of
   the network to some degree. The amount of signaling information is
   influenced by the scale of flow aggregation, the amount of signaled
   information per flow and the frequency of state information update.
   The NSIS framework provides a flexible approach for transporting
   signaling parameters. Though an NSIS protocol should allow the
   transportation of a variety of signaling parameters it should at the
   same time provide a flexible structure for carrying only signaling
   information that is actually required for a specific purpose. For
   example an NSIS signaling message chould carry MAC layer specific
   parameters like bit error ratio (BER) etc. only if the considered
   link layer is able to provide and process this information suitably.
   Defining a flexible protocol avoids the transportation of "empty"
   information fields significantly.

   Another issue is the frequency of information state update by
   refresh messages. High accuracy of resource allocation requires the
   frequent exchange of refresh messages, which on the other hand
   increases the amount of signaling overhead. While host to network
   refresh frequency are controlled by the terminals, domain internal
   frequency may be determined by ISP policies, e.g. terminal to
   network refreshing could be delayed by an NSIS agent at the network
   ingress before initiating a separate refresh message at a later
   time. Generally an NSIS agent could consider policies for variable
   definition of timer refreshing, but this is a matter for the
   protocol.

   Hancock et al.    Informational - Expires August 2002            62                 Towards a Framework for QoS Signaling    February 2002



   Two outstanding decisions concerning the framework also impact on
   signaling overhead:

   *)Basic Signaling Paths

   The two options and their implications on signaling overhead are as
   follows:
   -    Sender Initiated: only one end-to-end transmission is required
   -    Receiver Initiated: additional round-trips may be required to
   determine the correct routing path.

   *)NSIS Signaling Data

   Identified two different approaches to exchanging parameters that do
   not have local scope:
   -    Parameter 'stacking': more information is carried by the
   signaling protocol, larger messages
   -    Separate signaling message: the signaling is lighter-weight,
   but more messages are required.

   There will be a trade-off between the information carried in the
   message as a parameter, and the amount of state information that is
   maintained at the NSIS Agent.

 11 Conclusion

   This document has presented a framework for further discussion of
   the requirements and possible implementation architectures of NSIS.
   We believe that this framework can be developed into the skeleton of
   a more concrete solution, that meets most if not all of the
   requirements that were identified in [1].

   It has been a major goal of the framework to be modular, so that it
   can support a wide range of features without forcing their use
   everywhere - lightweight but widely applicable. We believe that this
   approach is important for the success of NSIS, since a QoS solution
   that is optimised for only a single subset of the Internet will
   never gain the wide acceptance it needs to acquire the 'critical
   mass' necessary for pervasive deployment of QoS. Some of these
   modular capabilities are listed here:
   1. Use of bi-directional reservations is a local issue (section
      3.4.3). Outside the path segments subject to the bidirectional
      reservation, the rest of the network does not need to know that
      bidirectional reservations are being used.
   2. Multipart reservations could likewise be handled as a local
      matter.
   3. Proxy use (3.7.1 and 5.1) is similarly a local issue. The proxy
      simply hides the QoS initiator identification with its own; other
      parts of the network can ignore the fact that the proxy is not
      the real initiator.

   Hancock et al.    Informational - Expires August 2002            63                 Towards a Framework for QoS Signaling    February 2002


   4. Registration details are optional and can depend on the local
      environment, and the actual QoS reservation signaling can be made
      lightweight as a result.
   5. The framework emphasises the use of different signaling protocols
      and QoS provisioning techniques.
   6. Parameters can be scoped to allow local and inter-domain
      parameters to be transported, and the signaling protocol is not
      affected by their inclusion. QoS controllers are allowed to
      ignore all parameters that are out of their scope, and it should
      be trivial to organise packet formats to make this filtering a
      simple process.
   Many other aspects of the modularity requirement would be refined
   given a more detailed analysis of the QoS signaling data formats
   themselves. This would be a second stage of refinement of the
   networks.

   In developing the framework, we have discovered a number of open
   issues about the right way to proceed in more detail. Several of
   these are related to the detailed interpretation of particular
   requirements, while others are related to design tradeoffs between
   flexibility, complexity, and applicability. To resolve these issues,
   and to further validate the framework as it stands, a mapping of the
   scenarios of [1] onto the framework would be very beneficial in
   enabling a detailed comparison to be done.

    1.   Should we have a defined set of hierarchical levels in the
         framework, or allow arbitrary nesting? (For example, is there
         a well defined level of 'edges' in the Internet, or can there
         be edges within edges?)
    2.   Should receiver initiated reservations be propagated from the
         receiver against the traffic flow direction (requires reverse
         path forwarding state at all intermediate agents) or reflected
         via the sender (requires the QoS request to indicate 'I am
         sending you packets which you wanted'.)
    3.   As a related point, should bi-directional reservations be
         treated as a special case mainly to support proxy NSIS agents,
         or as an add on to standard reservations but requiring RSVP
         style receiver oriented reservations?
    4.   At what level does any multicast QoS framework need to be
         integrated with a unicast framework? Are common signaling
         protocols useful or necessary? Is a common set of traffic
         classes useful or necessary?
    5.   Is there any value in integrating QoS provisioning protocols
         (router remote control) into the NSIS framework, as discussed
         in section 5.4? Do they interact with each other?
    6.   Does the NSIS signaling security between the endpoints
         interact with any assumptions about how the application layers
         have associated with each other? Is security between the end
         hosts required at the NSIS level at all, or can all the
         necessary protection be propagated downwards from the higher
         (application) layers.

   Hancock et al.    Informational - Expires August 2002            64                 Towards a Framework for QoS Signaling    February 2002


    7.   Is it appropriate to assume that security associations to
         protect the signaling protocol itself are already available?
         If so, how are they hooked into the signaling protocol itself
         (since each end has to agree to use the same security
         association). If not, what is the overhead of developing an
         NSIS security protocol?
    8.   Is there a need to protect non-mutable message parts end-to-
         end in addition to the hop-by-hop security protection? Is
         there anyone that argues against the assumptions raised with
         hop-by-hop security?
    9.   Are public key based mechanisms appropriate for the protection
         of a lightweight signaling protocol? Please note that the
         answers might be different between the initial authentication
         and key agreement phase and the subsequent protection of
         signaling messages.
    10.  Are there further interrelationships between the signaling
         protocol and the process of accounting?
    11.  Which identity should be used for the purpose of
         authentication? Is it enough to have the user authenticate to
         the network or should also the host identity be involved?
    12.  Should end-to-end security mechanisms receive further
         investigation with a QoS signaling protocol?
    13.  Is user identity confidentiality a concern that needs to be
         addressed? In the scenarios where it is, can the proxy
         concepts of section 3.7.1 always be applied?
    14.  How does Path Capability Discovery operate? Are capabilities
         discovered locally or cumulatively, and on a hop-by-hop or
         end-to├Żend basis.
    15.  Do we need to support aggregate policy information, e.g.
         indicating between domains how one domain would like it's
         aggregate traffic to be treated, and if so, what does the
         policy information consist of?
    16.  How is the feedback of QoS violations and resource
         availability supported, and how does it interact with
         aggregate flows?
    17.  How do we address the issue of end-to-end QoS class
         descriptors to maintain flexibility but also avoid inter-
         operability problems?
    18.  Should the agent maintain total resource usage and request
         information, or should this be maintained by the local
         provisioning function? (May have implications for NSIS
         management, e.g. MIB design.)

   Hancock et al.    Informational - Expires August 2002            65                 Towards a Framework for QoS Signaling    February 2002



 12 References

   1 Brunner, M. (ed.), "Requirements for QoS Signaling Protocols",
      draft-ietf-nsis-req-00.txt, Work in Progress, February 2002
   2 Fodor G., Persson F., Williams B., "Proposal on new service
      parameters (wireless hints) on the controlled load integrated
      service", draft-fodor-intserv-wireless-params-01, January 2002
   3 Katz, D, " IP Router Alert Option", RFC 2113, February 1997
   4 W. Marshall, K. Ramakrishnan , E. Miller, G. Russell, B. Beser, M.
      Mannette, K. Steinbrenner, D. Oran, F. Andreasen, M. Ramalho, J.
      Pickens, P. Lalwaney, J. Fellows, D. Evans, K. Kelly, A. Roach, J.
      Rosenberg, D. Willis, S. Donovan and H. Schulzrinne, "Integration
      of Resource Management and SIP", draft-ietf-sip-manyfolks-
      resource-03.txt, work in progress, November 2001
   5 Baker F., Iturralde C., Le Faucheur F., Davie B., " Aggregation of
      RSVP for IPv4 and IPv6 Reservations", RFC 3175, September 2001
   6 Bernet, Y. et al, "A Framework for Integrated Services Operation
      over Diffserv Networks", RFC 2998, November 2000
   7 Hain, T. "Architectural Implications of NAT", RFC 2993, November
      2000
   8 Egevang, K, Francis, P, "The IP Network Address Translator (NAT)",
      RFC 1631, May 1994
   9 Nordmark, E. "Stateless IP/ICMP Translation Algorithm (SIIT)",
      RFC2765, February 2000
   10 Johnson, D. B, Perkins, C, "Mobility Support in IPv6", draft-
      ietf-mobileip-ipv6-15.txt, Work in Progress, July 2001
   11 Moskowitz, R. "Host Identity Payload And Protocol", draft-
      moskowitz-hip-05.txt, Work in Progress, November 2001
   12 D. Mitzel "Overview of 2000 IAB Wireless Internetworking
      Workshop" RFC 3002, December 2000
   13 L. Westberg "Resource Management in Diffserv (RMD) Framework",
      draft-westberg-rmd-framework-01.txt, Work in Progress, February
      2002
   14 V. Jacobson, "An Expedited Forwarding PHB", RFC 2598, June 1999
   15 J. Heinanen, "Assured Forwarding PHB Group", RFC 2597, June 1999
   16 L. Westberg "Resource Management in Diffserv On DemAnd (RODA)
      PHR", draft-westberg-rmd-od-phr-01.txt, Work in Progress, February
      2002
   17 Braden, B., Ed., et. al., "Resource Reservation Protocol (RSVP) -
      Version 1 Functional Specification", RFC 2205, September 1997
   18 Terzis, A., Krawczyk, J., Wroclawski, J. and L. Zhang, "RSVP
      Operation Over IP Tunnels", RFC 2746, January 2000
   19 S. Herzog (ed), et al, "COPS usage for RSVP", RFC 2749, January
      2000
   20 Bernet, Y., "Format of the RSVP DCLASS Object", RFC 2996,
      November 2000
   21 C. Q. Shen et al. "An Interoperation Framework for Using RSVP in
      Mobile IPv6 Neworks", draft-shen-rsvp-mobileipv6-inerop-00.txt,
      Work in Progress, July 2001

   Hancock et al.    Informational - Expires August 2002            66                 Towards a Framework for QoS Signaling    February 2002



   22 Silvano Gai, Dinesh G Dutt, Nitsan Elfassy, Yoram Bernet, "RSVP
      Proxy", draft-ietf-rsvp-proxy-02.txt, Work in Progress, July 2001
   23 S. Paskalis et al., "RSVP Mobility Proxy", draft-paskalis-rsvpmp-
      00.txt, Work in Progress, December 2001
   24 The INSIGNIA Project, http://www.comet.columbia.edu/insignia/
   25 Hemant Chaskar, Rajeev Koodli, "A Framework for QoS Support in
      Mobile IPv6", draft-chaskar-mobileip-qos-01.txt, work in progress,
      March 2001
   26 X. Fu, H. Karl, et al, "QoS-Conditionalized Binding Update in
      Mobile IPv6", draft-tkn-nsis-qosbinding-mipv6-00.txt, work in
      progress, January 2002
   27 Hamid Syed, et al, "General Requirements for Context Transfer",
      draft-ietf-seamoby-ct-reqs-03.txt, work in progress, January 2002
   28 Blake S., Black D., Carlson M., Davies E., Wang Z., Weiss W., "An
      Architecture for Differentiated Services", RFC 2475, December 1998
   29 Nichols K., Carpenter B., "Definition of Differentiated Services
      for Per Domain Behaviors and Rules for their Specification", RFC
      3086, April 2001
   30 3GPP, "QoS Concept and Architecture", TS23.107 v5.3.0, January
      2002
   31 Shenker S., Partridge C., Guerin R., "Specification of Guaranteed
      Quality of Service", RFC 2212, September 1997
   32 Wroclawski J., "Specification of the Controlled-Load Network
      Element Service", RFC 2211, September 1997

 13 Acknowledgments

   During the writing of this draft, we have benefited from insightful
   and detailed discussions with many of our colleagues and co-workers
   in the challenging areas of Internet QoS. In no particular order, we
   should mention Dirk Kroeselberg, Wolfgang Buecker, Mark West,
   Richard Price, Changpeng Fan, Jukka Manner, Louise Burness, Alberto
   Lopez. We also specially acknowledge Georgios Karigiannis for his
   stimulating contributions on hierarchical reservation set-up on the
   NSIS mailing list.

 14 Author's Addresses

   Robert Hancock (contact), Eleanor Hepworth
   Roke Manor Research Ltd
   Romsey, Hants, SO51 0ZN
   United Kingdom
   E-Mail: [robert.hancock|eleanor.hepworth]@roke.co.uk

   Cornelia Kappler
   Siemens AG
   Berlin  13623
   Germany
   E-Mail: cornelia.kappler@icn.siemens.de

   Hancock et al.    Informational - Expires August 2002            67                 Towards a Framework for QoS Signaling    February 2002



   Hannes Tschofenig
   Siemens AG
   Otto-Hahn-Ring 6
   81739 Munchen
   Germany
   E-mail: Hannes.Tschofenig@mchp.siemens.de

   Jorge R Cuellar
   Siemens AG
   Otto-Hahn Ring 6
   81730 Munich
   Germany
   E-mail:  jorge.cuellar@mchp.siemens.de

   Jochen Eisl
   Siemens AG
   Hofmannstr. 51
   81359 Muenchen
   Germany
   E-Mail: jochen.eisl@icn.siemens.de

   Mehmet Ersue
   Siemens AG
   Hofmannstr. 51
   81359 Munich
   Email:  Mehmet.Ersue@icn.siemens.de

   Xiaoming Fu, Holger Karl
   Technical University Berlin
   Sekr. FT 5-2, Einsteinufer 25
   Berlin  10587
   Germany
   E-Mail: [fu|karl]@ee.tu-berlin.de

   Marcus Brunner
   NEC Europe Ltd.
   Network Laboratories
   Adenauerplatz 6
   D-69115 Heidelberg
   Germany
   E-Mail: brunner@ccrle.nec.de

   Andreas Kassler
   Dept. Distributed Systems
   University of Ulm
   Oberer Eselsberg
   89069 Ulm
   Germany
   E-Mail: kassler@informatik.uni-ulm.de


   Hancock et al.    Informational - Expires August 2002            68                 Towards a Framework for QoS Signaling    February 2002


Appendix A. Mapping to Requirements

   The following section examines the requirements outlined in [1] and
   verifies that the framework can support the requirement and explains
   how it does so. The numbering of the requirements is taken directly
   from [1].

   5.1 Architecture and Design Goals

   5.1.1 Applicability for different QoS technologies.
   5.1.2 Resource availability information on request
   5.1.3 Modularity
   5.1.4 Decoupling of protocol and information it is carrying
   5.1.5 Reuse of existing QoS provisioning
   5.1.6 Avoid duplication of [sub]domain signaling functions
   5.1.7 Avoid modularity with large overhead (in various dimensions)
   5.1.8 Option to use the protocol for existing local technologies
   5.1.9 Independence of signaling and provisioning paradigm
   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.1.1       | General feature of framework, examples of how
               | QoS technologies can be used within the framework are
               | provided in sections 5.4 and 6.
   --------------------------------------------------------------------
   5.1.2       | Supported by the Path Capability Discovery aspects of
               | the QoS Signaling Protocol (section 4.3)
   --------------------------------------------------------------------
   5.1.2       | General feature of the framework, examples of this are
               | provided in sections 1 and 11
   --------------------------------------------------------------------
   5.1.4       | The NSIS Signaling Data (section 4.4) is independent
               | of the NSIS Signaling Protocol used in any particular
               | domain
   --------------------------------------------------------------------
   5.1.5       | Many types of different QoS provisioning techniques
               | can be fitted within the framework as illustrated in
               | sections 4.2 and 5.4
   --------------------------------------------------------------------
   5.1.6       | This must be considered in context of a more detailed
               | description of the QoS provisioning mechanisms and how
               | link layer aspects are managed here
   --------------------------------------------------------------------
   5.1.7       | Framework tries to achieve this in a number of ways,
               | see section 11
   --------------------------------------------------------------------
   5.1.8       | This is supported by the framework, see section 5.4
   --------------------------------------------------------------------
   5.1.9       | Fundamental characteristic of the framework to
               | separate signaling from actual QoS provisioning
   --------------------------------------------------------------------

   Hancock et al.    Informational - Expires August 2002            69                 Towards a Framework for QoS Signaling    February 2002



   5.2  Signaling Flows

   5.2.1  Free placement of QoS Initiator and QoS Controllers functions
   5.2.2  No constraint of the QoS signaling and QoS Controllers to be
   in the data path.
   5.2.3  Concealment of topology and technology information
   5.2.4  Optional transparency of QoS signaling to network
   5.2.5  Deal with IP fragmentation gracefully
   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.2.1       | The framework makes no assumptions about the location
               | of the NSIS Agents
   --------------------------------------------------------------------
   5.2.2       | NSIS Agents can be on or off the signaling path
   --------------------------------------------------------------------
   5.2.3       | Can be achieved using NSIS proxy agents and is also a
               | side effect of aggregation
   --------------------------------------------------------------------
   5.2.4       | The QoS signaling protocol supports the transparent
               | transport of parameters either by parameter 'stacking'
               | or by initiating multiple signaling flows (section
               | 4.4)
   --------------------------------------------------------------------
   5.2.4       | This is an open issue related to possible packet
               | classification rules. It cannot be solved purely
               | as a signaling issue
   --------------------------------------------------------------------

   5.3  Additional information beyond signaling of QoS information

   5.3.1  Explicit release of resources
   5.3.2  Ability to signal life-time of a reservation
   5.3.3  Possibility for automatic release of resources after failure
   5.3.4  Possibility for automatic re-setup of resources after
   recovery
   5.3.5  Prompt notification of QoS violation in case of error /
   failure to QoS Initiator and QoS Controllers
   5.3.6  Feedback about the actually received level of QoS guarantees
   5.3.7  Automatic notification on available resources not been
   granted before

   Hancock et al.    Informational - Expires August 2002            70                 Towards a Framework for QoS Signaling    February 2002


   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.3.1       | This is an attribute of the NSIS Signaling Protocol
   --------------------------------------------------------------------
   5.3.2       | This can be included in the NSIS Signaling Data
   --------------------------------------------------------------------
   5.3.3       | Something can be implemented by the NSIS agent to
               | support this provided the signaling protocol enables
               | failure detection
   --------------------------------------------------------------------
   5.3.4       | see 5.3.3
   --------------------------------------------------------------------
   5.3.5       | Supported by NSIS signaling feedback mechanism (
               | section 5.7)
   --------------------------------------------------------------------
   5.3.6       | Supported as part of the NSIS Signaling reservation
               | mechanism
   --------------------------------------------------------------------
   5.3.7       | This could be implemented given an asynchronous
               | signaling protocol and the appropriate monitoring
               | functionality within the QoS controller with support
               | from the provisioning mechanism
   --------------------------------------------------------------------

   5.4  Layering

   5.4.1  The signaling protocol and QoS control information should be
   application independent.
   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.4.1       | The framework makes no assumptions regarding
               | applications, and includes support for the opaque
               | transport of application information (section 4.4).
   --------------------------------------------------------------------

   5.5  QoS Control Information

   5.5.1  Mutability information on parameters
   5.5.2  Possibility to add and remove local domain information
   5.5.3  Simple mapping to lower-layer QoS provisioning parameters
   5.5.4  Aggregation method specification
   5.5.5  Multiple levels of detail
   5.5.6  Ranges in specification
   5.5.7  Independence of reservation identifier
   5.5.8  Seamless modification of already reserved QoS
   5.5.9  Signaling must support quantitative, qualitative, and
   relative QoS specifications
   5.5.10  QoS conformance specification


   Hancock et al.    Informational - Expires August 2002            71                 Towards a Framework for QoS Signaling    February 2002


   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.5.1       | End-to-end parameters are transported unchanged end-to
               | -end, but domain specific parameters can also be
               | signaled (section 4.4)
   --------------------------------------------------------------------
   5.5.2       | Supported by either parameter 'stacking' or by
               | initiating separate signaling message (section 4.4)
   --------------------------------------------------------------------
   5.5.3       | Assumed to be a function of technology specific
               | convergence sublayer (inter provisioning) and is
               | dependent on the complexity of the QoS parameters (see
               | section 8)
   --------------------------------------------------------------------
   5.5.4       | Any NSIS Agent is capable of inserting aggregation
               | parameters into the NSIS Signaling messages (section
               | 4.4)
   --------------------------------------------------------------------
   5.5.5       | see 5.5.2
   --------------------------------------------------------------------
   5.5.5       | Will be supported as part of the QoS descriptor
               | activities, transport of which is supported by the
               | framework.
   --------------------------------------------------------------------
   5.5.7       | see 5.5.5
   --------------------------------------------------------------------
   5.5.8       | NSIS signaling messages can be generated at any time
               | to support service re-negotiation
   --------------------------------------------------------------------
   5.5.9       | see 5.5.5
   --------------------------------------------------------------------
   5.5.10      | see 5.5.5
   --------------------------------------------------------------------

   5.6  Performance

   5.6.1  Scalability in the number of messages received by a signaling
   communication partner (QoS initiator and controller)
   5.6.2  Scalability in number of hand-offs
   5.6.3  Scalability in the number of interactions for setting up a
   reservation
   5.6.4  Scalability in the number of state per entity (QoS initiators
   and QoS controllers)
   5.6.5  Scalability in CPU use (end terminal and intermediate nodes)
   5.6.6  Low latency
   5.6.7  Low bandwidth consumption

   Hancock et al.    Informational - Expires August 2002            72                 Towards a Framework for QoS Signaling    February 2002


   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.6.1       | Number of messages depends on some high level
               | framework decisions (section X)
   --------------------------------------------------------------------
   5.6.2       | This depends on the detailed protocol design. The
               | protocol design can be optimized for the environment
               | for which this type of scalability is needed.
   --------------------------------------------------------------------
   5.6.3       | see 5.6.2
   --------------------------------------------------------------------
   5.6.4       | Amount of state maintained depends on some high level
               | framework decisions (section X)
   --------------------------------------------------------------------
   5.6.5       | see 5.6.2
   --------------------------------------------------------------------
   5.6.6       | see 5.6.2
   --------------------------------------------------------------------
   5.6.7       | see 5.6.2
   --------------------------------------------------------------------

   5.7  Flexibility

   5.7.1  Aggregation capability, including the capability to select
   and change the level of aggregation.
   5.7.2  Flexibility in the placement of the QoS initiator
   5.7.3  Flexibility in the initiation of re-negotiation (QoS change
   requests)
   5.7.4  Uni / bi-directional reservation
   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.7.1       | Supported by aggregation parameters carried by
               | NSIS Signaling Protocol
   --------------------------------------------------------------------
   5.7.2       | Framework makes no assumption about the location of
               | NSIS Agents
   --------------------------------------------------------------------
   5.7.3       | Framework supports the asynchronous generation of
               | signaling messages to support re-negotiation
   --------------------------------------------------------------------
   5.7.4       | Both can be supported by the framework (section 3.4)
   --------------------------------------------------------------------

   5.8  Security

   5.8.1  The QoS protocol must provide strong authentication
   5.8.2  The QoS protocol must provide means to authorize resource
   requests
   5.8.3  The QoS signaling messages must provide integrity protection.
   5.8.4  The QoS signaling messages must be replay protected.

   Hancock et al.    Informational - Expires August 2002            73                 Towards a Framework for QoS Signaling    February 2002


   5.8.5  The QoS signaling protocol must allow for hop-by-hop
   security.
   5.8.6  The QoS protocol should allow identity confidentiality and
   location privacy.
   5.8.7  The QoS protocol must prevent denial-of-service attacks
   against signaling entities.
   5.8.8  The QoS protocol may support confidentiality of signaling
   messages.
   5.8.9  The QoS protocol should provide hooks to interact with
   protocols that allow the negotiation of authentication and key
   management protocols.
   5.8.10  The QoS protocol should provide means to interact with key
   management protocols

   All of these requirements are already allocation to either the
   protocol or signaling data components of the framework.  More
   detailed analysis of these requirements should therefore be carried
   out in the context of particular selected signaling protocols or
   concrete definitions of the signaling data format.

   5.10  Interworking with other protocols and techniques

   5.10.1  Interworking with IP tunneling
   5.10.2  The solution should not constrain either to IPv4 or IPv6
   5.10.3  Combination with Mobility management
   5.10.4  Independence from charging model
   5.10.5  The QoS protocol should provide hooks for AAA protocols
   --------------------------------------------------------------------
   Requirement | Supported by Framework
   --------------------------------------------------------------------
   5.10.1      | This is an issue concerning the NSIS Signaling
               | protocol choice
   --------------------------------------------------------------------
   5.10.2      | No assumption concerning the IP version is made.
               | Addressing issues of highlighted in section 5.6
   --------------------------------------------------------------------
   5.10.3      | Framework does not preclude in-band signaling or
               | other such optimizations (section 7.3)
   --------------------------------------------------------------------
   5.10.4      | NSIS supports charging and accounting functions by
               | allowing the exchange of pertinent information, but
               | does not assume any charging models (section 3.5)
   --------------------------------------------------------------------
   5.10.5      | This is an issue concerning the NSIS Signaling
               | protocol choice
   --------------------------------------------------------------------

   Hancock et al.    Informational - Expires August 2002            74