IPTEL Working Group J. Rosenberg, dynamicsoft Internet Draft H. Salama, Cisco Systems draft-ietf-iptel-trip-03.txt M. Squire, WindWire July 14, 2000 Expires January 2001 Telephony Routing over IP (TRIP) Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as æwork in progress.Æ The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document presents the Telephony Routing over IP (TRIP). TRIP is a policy driven inter-administrative domain protocol for advertising the reachability of telephony destinations between location servers, and for advertising attributes of the routes to those destinations. TRIPÆs operation is independent of any signaling protocol, hence TRIP can serve as the telephony routing protocol for any signaling protocol. The Border Gateway Protocol (BGP-4) is used to distribute routing information between administrative domains. TRIP is used to distribute telephony routing information between telephony administrative domains. The similarity between the two protocols is obvious, and hence TRIP is modeled after BGP-4. Table of Contents Status of this Memo 1 Abstract 1 Rosenberg, Salama, Squire 1 Internet Draft Telephony Routing over IP July 2000 Table of Contents 1 1. Terminology 5 2. Introduction 6 3. Summary of Operation 7 3.1Peering Session Establishment and Maintenance 7 3.2Database Exchanges 7 3.3Internal Versus External Synchronization 8 3.4Advertising TRIP Routes 8 3.5Telephony Routing Information Bases 9 4. Message Formats 10 4.1Message Header Format 10 4.2OPEN Message Format 11 4.2.1 Open Message Optional Parameters 13 4.2.1.1 Capability Information 13 4.2.1.1.1 Route Types Supported 14 4.2.1.1.2 Send Receive Capability 15 4.3UPDATE Message Format 16 4.3.1 Routing Attributes 16 4.3.2 Attribute Flags 17 4.3.2.1 Attribute Flags and Route Selection 18 4.3.2.2 Attribute Flags and Route Dissemination 19 4.3.2.3 Attribute Flags and Route Aggregation 19 4.3.2.4 Attribute Flags and Encapsulation 20 4.3.3 Mandatory Attributes 20 4.3.4 TRIP UPDATE Attributes 20 4.3.4.1 WithdrawnRoutes 20 4.3.4.2 ReachableRoutes 21 4.3.4.3 NextHopServer 21 4.3.4.4 AdvertisementPath 21 4.3.4.5 RoutedPath 21 4.3.4.6 AtomicAggregate 21 4.3.4.7 LocalPreference 22 4.3.4.8 Communities 22 4.3.4.9 MultiExitDisc 22 4.3.4.10 ITAD Topology 22 4.3.4.11 Authentication 22 4.4KEEPALIVE Message Format 22 4.5NOTIFICATION Message Format 23 5. TRIP Attributes 24 5.1WithdrawnRoutes 24 5.1.1 Syntax of WithdrawnRoutes 25 5.1.1.1 Generic TRIP Route Format 25 5.1.1.2 POTS Numbers 26 5.1.1.3 Routing Numbers 27 5.2ReachableRoutes 27 5.2.1 Syntax of ReachableRoutes 27 5.2.2 Route Origination and ReachableRoutes 27 5.2.3 Route Selection and ReachableRoutes 27 5.2.4 Aggregation and ReachableRoutes 28 5.2.5 Route Dissemination and ReachableRoutes 28 5.2.6 Aggregation Specifics for POTS Numbers and Routing Numbers 28 5.3NextHopServer 28 Rosenberg, Salama, Squire 2 Internet Draft Telephony Routing over IP July 2000 5.3.1 NextHopServer Syntax 28 5.3.2 Route Origination and NextHopServer 29 5.3.3 Route Selection and NextHopServer 29 5.3.4 Aggregation and NextHopServer 29 5.3.5 Route Dissemination and NextHopServer 30 5.4AdvertisementPath 30 5.4.1 AdvertisementPath Syntax 30 5.4.2 Route Origination and AdvertisementPath 31 5.4.3 Route Selection and AdvertisementPath 31 5.4.4 Aggregation and AdvertisementPath 31 5.4.4.1 Aggregating Routes with Identical Paths 31 5.4.4.2 Aggregating Routes with Different Paths 31 5.4.4.3 Example Path Aggregation Algorithm 32 5.4.5 Route Dissemination and AdvertisementPath 33 5.5RoutedPath 33 5.5.1 RoutedPath Syntax 34 5.5.2 Route Origination and RoutedPath 34 5.5.3 Route Selection and RoutedPath 34 5.5.4 Aggregation and RoutedPath 34 5.5.5 Route Dissemination and RoutedPath 34 5.6AtomicAggregate 35 5.6.1 AtomicAggregate Syntax 35 5.6.2 Route Origination and AtomicAggregate 35 5.6.3 Route Selection and AtomicAggregate 35 5.6.4 Aggregation and AtomicAggregate 35 5.6.5 Route Dissemination and AtomicAggregate 35 5.7LocalPreference 36 5.7.1 LocalPreference Syntax 36 5.7.2 Route Origination and LocalPreference 36 5.7.3 Route Selection and LocalPreference 36 5.7.4 Aggregation and LocalPreference 36 5.7.5 Route Dissemination and LocalPreference 36 5.8MultiExitDisc 37 5.8.1 MultiExitDisc Syntax 37 5.8.2 Route Origination and MultiExitDisc 37 5.8.3 Route Selection and MultiExitDisc 37 5.8.4 Aggregation and MultiExitDisc 37 5.8.5 Route Dissemination and MultiExitDisc 37 5.9Communities 38 5.9.1 Syntax of Communities 38 5.9.2 Route Origination and Communities 39 5.9.3 Route Selection and Communities 39 5.9.4 Aggregation and Communities 40 5.9.5 Route Dissemination and Communities 40 5.10 ITAD Topology 40 5.10.1 ITAD Topology Syntax 40 5.10.2 Route Origination and ITAD Topology 41 5.10.3 Route Selection and ITAD Topology 41 5.10.4 Aggregation and ITAD Topology 41 5.10.5 Route Dissemination and ITAD Topology 41 5.11 Authentication 41 5.11.1 Authentication Syntax 42 Rosenberg, Salama, Squire 3 Internet Draft Telephony Routing over IP July 2000 5.11.2 Route Origination and Authentication 42 5.11.3 Route Selection and Authentication 42 5.11.4 Aggregation and Authentication 43 5.11.5 Route Dissemination and Authentication 43 5.12 Considerations for Defining New TRIP Attributes 43 6. TRIP Error Detection and Handling 44 6.1Message Header Error Detection and Handling 44 6.2OPEN Message Error Detection and Handling 44 6.3UPDATE Message Error Detection and Handling 45 6.4NOTIFICATION Message Error Detection and Handling 47 6.5Hold Timer Expired Error Handling 47 6.6Finite State Machine Error Handling 47 6.7Cease 47 6.8Connection Collision Detection 47 7. TRIP Version Negotiation 48 8. TRIP Capability Negotiation 49 9. TRIP Finite State Machine 49 10.UPDATE Message Handling 54 10.1 Flooding Process 55 10.1.1 Database Information 55 10.1.2 Determining Newness 55 10.1.3 Flooding 55 10.1.4 Sequence Number Considerations 56 10.1.5 Purging a Route Within the ITAD 56 10.1.6 Receiving Self-Originated Routes 56 10.1.7 Removing Withdrawn Routes 57 10.2 Decision Process 57 10.2.1 Phase 1: Calculation of Degree of Preference 58 10.2.2 Phase 2: Route Selection 58 10.2.2.1 Breaking Ties (Phase 2) 59 10.2.3 Phase 3: Route Dissemination 60 10.2.4 Overlapping Routes 60 10.3 Update-Send Process 61 10.3.1 Internal Updates 61 10.3.1.1 Breaking Ties (Internal Updates) 62 10.3.2 External Updates 63 10.3.3 Controlling Routing Traffic Overhead 63 10.3.3.1 Frequency of Route Advertisement 63 10.3.3.2 Frequency of Route Origination 64 10.3.3.3 Jitter 64 10.3.4 Efficient Organization of Routing Information 64 10.3.4.1 Information Reduction 64 10.3.4.2 Aggregating Routing Information 65 10.4 Route Selection Criteria 65 10.5 Originating TRIP routes 66 11.TRIP Transport 66 12.IANA Considerations 66 12.1 TRIP Capabilities 66 12.2 Registration of TRIP Attributes 66 12.3 Destination Address Families 67 12.4 Registration of TRIP Application Protocols 67 12.5 ITAD Numbers 67 Rosenberg, Salama, Squire 4 Internet Draft Telephony Routing over IP July 2000 13.Security Considerations 67 13.1 Protection of TRIP Peer Sessions 67 13.2 Protection of TRIP Routes 68 14.Changes Since the Last Revision 68 15.Open Issues 69 Appendix 1. TRIP FSM State Transitions and Actions 69 Appendix 2. Implementation Recommendations 72 A.2.1. Multiple Networks Per Message 72 A.2.2. Processing Messages on a Stream Protocol 73 A.2.4. TRIP Timers 73 A.2.5. AP_SET Sorting 74 Acknowledgments 74 References 74 Authors' Addresses 75 1. Terminology A framework for a Telephony Routing over IP (TRIP) is described in [1]. We assume the reader is familiar with the framework and terminology of [1]. We define and use the following terms in addition to those defined in [1]. Telephony Routing Information Base (TRIB): The database of reachable telephony destinations built and maintained at an LS as a result of its participation in TRIP. IP Telephony Administrative Domain (ITAD): The set of resources (gateways, location servers, etc.) under the control of a single administrative authority. End users are customers of an ITAD. Less/More Specific Route: A route X is said to be less specific than a route Y if every destination in Y is also a destination in X, and X and Y are not equal. In this case, Y is also said to be more specific than X. Peers: Two LSs that share a logical association (a transport connection). If the LSs are in the same ITAD, they are internal peers. Otherwise, they are external peers. The logical association between two peer LSs is called a peering session. Telephony Routing Information Protocol (TRIP): The protocol defined in this specification. The function of TRIP is to advertise the reachability of telephony destinations, attributes associated with the destinations, as well as the attributes of the path towards those destinations. TRIP destination: TRIP can be used to manage routing tables for multiple protocols (SIP, H323, etc.). In TRIP, a destination is the combination of (a) a set of addresses (given by an address family Rosenberg, Salama, Squire 5 Internet Draft Telephony Routing over IP July 2000 and address prefix), and (b) an application protocol (SIP, H323, etc). 2. Introduction The gateway location and routing problem has been introduced in [1]. It is considered one of the more difficult problems in IP telephony. The selection of an egress gateway for a telephony call, traversing an IP network towards an ultimate destination in the PSTN, is driven in large part by the policies of the various parties along the path, and by the relationships established between these parties. As such, a global directory of egress gateways in which users look up destination phone numbers is not a feasible solution. Rather, information about the availability of egress gateways is exchanged between providers, and subject to policy, made available locally and then propagated to other providers in other ITADs, thus creating routes towards these egress gateways. This would allow each provider to create its own database of reachable phone numbers and the associated routes - such a database could be very different for each provider depending on policy. TRIP is an inter-domain (i.e., inter-ITAD) gateway location and routing protocol. The primary function of a TRIP speaker, called a location server (LS), is to exchange information with other LSs. This information includes the reachability of telephony destinations, the routes towards these destinations, and information about gateways towards those telephony destinations residing in the PSTN. The TRIP requirements are set forth in [1]. LSs exchange sufficient routing information to construct a graph of ITAD connectivity so that routing loops may be prevented. In addition, TRIP can be used to exchange attributes necessary to enforce policies and to select routes based on path or gateway characteristics. This specification defines TRIP's transport and synchronization mechanisms, its finite state machine, and the TRIP data. This specification defines the basic attributes of TRIP. The TRIP attribute set is extendible, so additional attributes may be defined in future drafts. TRIP is modeled after the Border Gateway Protocol 4 (BGP-4) [2] and enhanced with some link state features as in the Open Shortest Path First (OSPF) protocol [3], IS-IS [4], and the Server Cache Synchronization Protocol (SCSP) [5]. TRIP uses BGP's inter-domain transport mechanism, BGP's peer communication, BGP's finite state machine, and similar formats and attributes as BGP. Unlike BGP however, TRIP permits generic intra-domain LS topologies, which simplifies configuration and increases scalability in contrast to BGP's full mesh requirement of internal BGP speakers. TRIP uses an Rosenberg, Salama, Squire 6 Internet Draft Telephony Routing over IP July 2000 intra-domain flooding mechanism similar to that used in OSPF [3], IS-IS [4], and SCSP [5]. TRIP permits aggregation of routes as they are advertised through the network. TRIP does not define a specific route selection algorithm. TRIP runs over a reliable transport protocol. This eliminates the need to implement explicit fragmentation, retransmission, acknowledgment, and sequencing. The error notification mechanism used in TRIP assumes that the transport protocol supports a graceful close, i.e., that all outstanding data will be delivered before the connection is closed. TRIP's operation is independent of any particular telephony signaling protocol. Therefore, TRIP can be used as the routing protocol for any of these protocols, e.g., H.323 [6] and SIP [7]. The LS peering topology is independent of the physical topology of the network. In addition, the boundaries of ITAD are independent of the boundaries of the layer 3 routing autonomous systems. Neither internal nor external TRIP peers need be physically adjacent. 3. Summary of Operation This section summarizes the operation of TRIP. Details are provided in later sections. 3.1 Peering Session Establishment and Maintenance Two peer LSs form a transport protocol connection between one another. They exchange messages to open and confirm the connection parameters, and to negotiate the capabilities of each LS as well as the type of information to be advertised over this connection. KeepAlive messages are sent periodically to ensure adjacent peers are operational. Notification messages are sent in response to errors or special conditions. If a connection encounters an error condition, a Notification message is sent and the connection is closed. 3.2 Database Exchanges Once the peer connection has been established, the initial data flow is the LS's entire routing table. Incremental updates are sent as the TRIP routing tables change. TRIP does not require periodic Rosenberg, Salama, Squire 7 Internet Draft Telephony Routing over IP July 2000 refresh of the routes. Therefore, an LS must retain the current version of all routing entries. If a particular ITAD has multiple LSs and is providing transit service for other ITADs, then care must be taken to ensure a consistent view of routing within the ITAD. When synchronized the TRIP routing tables of all internal peers are identical. 3.3 Internal Versus External Synchronization As with BGP, TRIP distinguishes between internal and external peers. Within an ITAD, internal TRIP uses link-state mechanisms to flood database updates over an arbitrary topology. Externally, TRIP uses point-to-point peering relationships to exchange database information. To achieve internal synchronization, internal peer connections are configured between LSs of the same ITAD such that the resulting intra-domain LS topology is connected and sufficiently redundant. This is different from BGP's approach that requires all internal peers to be connected in a full mesh topology, which may result in scaling problems. When an update is received from an internal peer, the routes in the update are checked to determine if they are newer than the version already in the database. Newer routes are then flooded to all other peers in the same domain. 3.4 Advertising TRIP Routes In TRIP, a route is defined as the combination of (a) a set of destination addresses (given by an address family indicator and an address prefix), and (b) an application protocol (e.g. SIP, H323, etc.). Generally, there are additional attributes associated with each route (for example, the next-hop server). TRIP routes are advertised between a pair of LSs in UPDATE messages. The destination addresses are included in the ReachableRoutes attribute of the UPDATE, while other attributes describe things like the path or egress gateway. If an LS chooses to advertise the TRIP route, it may add to or modify the attributes of the route before advertising it to a peer. TRIP provides mechanisms by which an LS can inform its peer that a previously advertised route is no longer available for use. There are three methods by which a given LS can indicate that a route has been withdrawn from service: Include the route in the WithdrawnRoutes Attribute in an UPDATE message, thus marking the associated destinations as being no longer available for use. Rosenberg, Salama, Squire 8 Internet Draft Telephony Routing over IP July 2000 Advertise a replacement route with the same set of destinations in the ReachableRoutes Attribute. For external peers where flooding is not in use, the LS-to-LS peer connection can be closed, which implicitly removes from service all routes which the pair of speakers had advertised to each other. Note that terminating an internal peering session does not necessarily remove the information advertised by the peer LS as the same information may have been received from multiple internal peers. 3.5 Telephony Routing Information Bases A TRIP LS processes three types of routes: - External routes: An external route is a route received from an external peer LS. - Internal routes: An internal route is a route received from an internal LS in the same ITAD. - Local routes: A local route is a route locally injected into TRIP, e.g. by configuration or by route redistribution from another routing protocol. The Telephony Routing Information Base (TRIB) within an LS consists of three distinct parts: - Adj-TRIBs-In: The Adj-TRIBs-In store routing information that has been learned from inbound UPDATE messages. Their contents represent TRIP routes that are available as an input to the Decision Process. These are the æunprocessedÆ routes received. The routes from each external peer LS and each internal LS are maintained in this database independently, so that updates from one peer do not effect the routes received from another LS. Note that there is an Adj-TRIBs-In for every LS within the domain, even those with which the LS is not directly peering. - Ext-TRIB: There is only one Ext-TRIB database per LS. The LS runs the route selection algorithm on all external routes (stored in the Adj-TRIBs-In of the external peers) and local routes (may be stored in an Adj-TRIB-In representing the local LS) and selects the best route for a given destination and stores it in the Ext- TRIB. The use of Ext-TRIB will be explained further in Section 10.3.1. - Loc-TRIB: The Loc-TRIB contains the local TRIP routing information that the LS has selected by applying its local Rosenberg, Salama, Squire 9 Internet Draft Telephony Routing over IP July 2000 policies to the routing information contained in its Adj-TRIBs-In of internal LSs and the Ext-TRIB. - Adj-TRIBs-Out: The Adj-TRIBs-Out store the information that the local LS has selected for advertisement to its external peers. The routing information stored in the Adj-TRIBs-Out will be carried in the local LS's UPDATE messages and advertised to its peers. Figure 1 illustrates the relationship between the three parts of the routing information base. Loc-TRIB /\ | Decision Process /\ /\ | | | \/ Adj-TRIBs-In | Adj-TRIBs-Out (Internal LSs) | Ext-TRIB /\ /\ | | Adj-TRIB-In Local Routes (External Peers) Figure 1: TRIB Relationships Although the conceptual model distinguishes between Adj-TRIBs-In, Loc-TRIB, and Adj-TRIBs-Out, this neither implies nor requires that an implementation must maintain three separate copies of the routing information. The choice of implementation (for example, 3 copies of the information vs. 1 copy with pointers) is not constrained by the protocol. 4. Message Formats This section describes message formats used by TRIP. Messages are sent over a reliable transport protocol connection. A message MUST be processed only after it is entirely received. The maximum message size is 4096 octets. All implementations MUST support this maximum message size. The smallest message that MAY be sent consists of a TRIP header without a data portion, or 3 octets. 4.1 Message Header Format Each message has a fixed-size header. There may or may not be a data portion following the header depending on the message type. The layout of the header fields is shown in Figure 2. Rosenberg, Salama, Squire 10 Internet Draft Telephony Routing over IP July 2000 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +--------------+----------------+---------------+ | Length | Type | +--------------+----------------+---------------+ Figure 2: TRIP Header Length: This 2-octet unsigned integer indicates the total length of the message, including the header, in octets. Thus, it allows one to locate in the transport-level stream the beginning of the next message. The value of the Length field must always be at least 3 and no greater than 4096, and may be further constrained depending on the message type. No padding of extra data after the message is allowed, so the Length field must have the smallest value possible given the rest of the message. Type: This 1-octet unsigned integer indicates the type code of the message. The following type codes are defined 1 - OPEN 2 - UPDATE 3 - NOTIFICATION 4 û KEEPALIVE 4.2 OPEN Message Format After a transport protocol connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, UPDATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. The minimum length of the OPEN message is 14 octets (including message header). OPEN messages not meeting this minimum requirement are handled as defined in Section 6.2. In addition to the fixed-size TRIP header, the OPEN message contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Version | Reserved | My ITAD | +---------------+---------------+--------------+----------------+ Rosenberg, Salama, Squire 11 Internet Draft Telephony Routing over IP July 2000 | TRIP Identifier | +---------------+---------------+--------------+----------------+ | Hold Time | Optional Parameters Len | +---------------+---------------+--------------+----------------+ | Optional Parameters (variable) | +---------------+---------------+--------------+----------------+ Figure 3: TRIP OPEN Header Version: This 1-octet unsigned integer indicates the protocol version of the message. The current TRIP version number is 1. My ITAD: This 2-octet unsigned integer indicates the ITAD number of the sender. The ITAD number must be unique for this domain within this confederation of cooperating LSs. ITAD numbers are assigned by IANA as specified in Section 12. This document reserves ITAD numbers 0 and 65535. ITAD numbers from 64512 to 65534 are designated for private use. Hold Time: This 2-octet unsigned integer indicates the number of seconds that the sender proposes for the value of the Hold Timer. Upon receipt of an OPEN message, an LS MUST calculate the value of the Hold Timer by using the smaller of its configured Hold Time and the Hold Time received in the OPEN message. The Hold Time MUST be either zero or at least three seconds. An implementation MAY reject connections on the basis of the Hold Time. The calculated value indicates the maximum number of seconds that may elapse between the receipt of successive KEEPALIVE and/or UPDATE messages by the sender. TRIP Identifier: This 4-octet unsigned integer indicates the TRIP Identifier of the sender. The TRIP Identifier MUST uniquely identify this LS within its ITAD. A given LS MAY set the value of its TRIP Identifier to an IPv4 address assigned to that LS. The value of the TRIP Identifier is determined on startup and MAY be different for different external peer connections, but MUST be the same for all internal peer connections. When comparing two TRIP identifiers, the TRIP Identifier is interpreted as a numerical 4-octet unsigned integer. EditorÆs Note [BGP]. Is the sentence about the TRIP ID restrictions ok(ie can it be different to different external peers)? Is it useful? Optional Parameters Length: Rosenberg, Salama, Squire 12 Internet Draft Telephony Routing over IP July 2000 This 2-octet unsigned integer indicates the total length of the Optional Parameters field in octets. If the value of this field is zero, no Optional Parameters are present. Optional Parameters: This field may contain a list of optional parameters, where each parameter is encoded as a <Parameter Type, Parameter Length, Parameter Value> triplet. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Parameter Type | Parameter Length | +---------------+---------------+--------------+----------------+ | Parameter Value (variable)... +---------------+---------------+--------------+----------------+ Figure 4 Optional Parameter Encoding Parameter Type is a 2-octet field that unambiguously identifies individual parameters. Parameter Length is a 2-octet field that contains the length of the Parameter Value field in octets. Parameter Value is a variable length field that is interpreted according to the value of the Parameter Type field. 4.2.1 Open Message Optional Parameters This document defines the following Optional Parameters for the OPEN message. 4.2.1.1 Capability Information Capability Information uses Optional Parameter type 1. This is an optional parameter used by an LS to convey to its peer the list of capabilities supported by the LS. This permits an LS to learn of the capabilities of its peer LSs. Capability negotiation is defined in Section 8. The parameter contains one or more triples <Capability Code, Capability Length, Capability Value>, where each triple is encoded as shown below: 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Capability Code | Capability Length | +---------------+---------------+--------------+----------------+ Rosenberg, Salama, Squire 13 Internet Draft Telephony Routing over IP July 2000 | Capability Value (variable)... +---------------+---------------+--------------+----------------+ Figure 5 Capability Optional Parameter Capability Code: Capability Code is a 2-octet field that unambiguously identifies individual capabilities. Capability Length: Capability Length is a 2-octet field that contains the length of the Capability Value field in octets. Capability Value: Capability Value is a variable length field that is interpreted according to the value of the Capability Code field. Any particular capability, as identified by its Capability Code, may appear more than once within the Optional Parameter. This document reserves Capability Codes 32768-65536 for vendor- specific applications (these are the codes with the first bit of the code value equal to 1). This document reserves value 0. Capability Codes (other than those reserved for vendor specific use) are controlled by IANA. See Section 12 for IANA considerations. The following Capability Codes are defined by this specification: Code Capability 1 Route Types Supported 2 Send Receive Capability 4.2.1.1.1 Route Types Supported The Route Types Supported Capability Code lists the route types supported in this peering session by the transmitting LS. An LS MUST NOT use route types that are not supported by the peer LS in any particular peering session. If the route types supported by a peer are not satisfactory, an LS MAY terminate the peering session. The format for a Route Type is: 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Address Family | Application Protocol | +---------------+---------------+--------------+----------------+ Rosenberg, Salama, Squire 14 Internet Draft Telephony Routing over IP July 2000 Figure 6 Route Types Supported Capability The Address Family and Application Protocol are as defined in Section 5.1.1. Address Family gives the address family being routed (within the ReachableRoutes attribute). The application protocol lists the application for which the routes apply. As an example, a route type for TRIP could be <POTS, SIP>, indicating a set of POTS destinations for the SIP protocol. The Route Types Supported Capability MAY contain multiple route types in the capability. The number of route types within the capability is the maximum number that can fit given the capability length. The Capability Code is 1 and the length is variable. 4.2.1.1.2 Send Receive Capability This capability specifies the mode in which the LS will operate with this particular peer. The possible modes are: Send Only mode, Receive Only mode, or Send Receive mode. The default mode is Send Receive mode. In Send Only mode, an LS transmits UPDATE messages to its peer, but the peer MUST NOT transmit UPDATE messages to that LS. If an LS in Send Only mode receives an UPDATE message from its peer, it MUST discard that message, but no further action should be taken. The UPDATE messages sent by an LS in Send Only mode to its intra- domain peer MUST include the ITAD Topology attribute whenever the topology changes. A useful application of an LS in Send Only mode with an external peer is to enable gateway termination services. If a service provider terminates calls to a set of gateways it owns, but never initiates calls, it can set its LSs to operate in Send Only mode, since they only ever need to generate UPDATE messages, not receive them. If an LS in Send Receive mode has a peering session with a peer in Send Only mode, that LS MUST set its route dissemination policy such that it does not send any UPDATE messages to its peer. In Receive Only mode, the LS acts as a passive TRIP listener. It receives and processes UPDATE messages from its peer, but it MUST NOT transmit any UPDATE messages to its peer. This is useful for management stations that wish to collect topology information for display purposes. The behavior of an LS in Send Receive mode is the default TRIP operation specified throughout this document. The Send Receive capability is a 4-octet unsigned numeric value. It can only take one of the following three values: Rosenberg, Salama, Squire 15 Internet Draft Telephony Routing over IP July 2000 1 - Send Receive mode 2 - Send only mode 3 - Receive Only mode A peering session MUST NOT be established between two LSs, both of them in either Send Only mode or in Receive Only mode. If a peer LS detects such a capability mismatch when processing an OPEN message, it MUST respond with a NOTIFICATION message and close the peer session. Editor's Note: This is a minor knit. The NOTIFICATION error code we have is æUnsupported Capability.Æ We can either use it, or define a new error code for æCapability Mismatch.Æ An LS MUST be configured in the same Send Receive mode for all peers. 4.3 UPDATE Message Format UPDATE messages are used to transfer routing information between LSs. The information in the UPDATE packet can be used to construct a graph describing the relationships between the various ITADs. By applying rules to be discussed, routing information loops and some other anomalies can be prevented. An UPDATE message is used to both advertise and withdraw routes from service. An UPDATE message may simultaneously advertise and withdraw TRIP routes. In addition to the TRIP header, the TRIP UPDATE contains a list of routing attributes as shown in Figure 7. There is no padding between routing attributes. +------------------------------------------------+--... | First Route Attribute | Second Route Attribute | ... +------------------------------------------------+--... Figure 7: TRIP UPDATE Format The minimum length of an UPDATE message 11 octets (the TRIP header plus at least the WithdrawnRoutes and ReachableRoutes attributes). 4.3.1 Routing Attributes A variable length sequence of routing attributes is present in every UPDATE message. Each attribute is a triple <attribute type, attribute length, attribute value> of variable length. 0 1 2 3 Rosenberg, Salama, Squire 16 Internet Draft Telephony Routing over IP July 2000 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Attr. Flags |Attr. Type Code| Attr. Length | +---------------+---------------+--------------+----------------+ | Attribute Value (variable) | +---------------+---------------+--------------+----------------+ Figure 8: Routing Attribute Format Attribute Type is a two-octet field that consists of the Attribute Flags octet followed by the Attribute Type Code octet. The Attribute Type Code defines the type of attribute. The basic TRIP-defined Attribute Type Codes are discussed later in this section. Attributes MUST appear in the UPDATE message in numerical order of the Attribute Type Code. An attribute MUST NOT be included more than once in the same UPDATE message. Attribute Flags are used to control attribute processing when the attribute type is unknown. Attribute Flags are further defined in Section 4.3.2. This document reserves Attribute Type Codes 224-255 for vendor- specific applications (these are the codes with the first three bits of the code equal to 1). This document reserves value 0. Attribute Type Codes (other than those reserved for vendor specific use) are controlled by IANA. See Section 12 for IANA considerations. The third and the fourth octets of the route attribute contain the length of the attribute value field in octets. The remaining octets of the attribute represent the Attribute Value and are interpreted according to the Attribute Flags and the Attribute Type Code. The basic supported attribute types, their values, and their uses are defined in this specification. These are the attributes necessary for proper loop free operation of TRIP, both inter-domain and intra-domain. Additional attributes may be defined in a future documents. 4.3.2 Attribute Flags It is clear that the set of attributes for TRIP will evolve over time. Hence it is essential that mechanisms be provided to handle attributes with unrecognized types. The handling of unrecognized attributes is controlled via the flags field of the attribute. Recognized attributes should be processed according to their specific definition. The following are the attribute flags defined by this specification: Bit Flag 0 Optional Flag 1 Transitive Flag 2 Dependent Flag Rosenberg, Salama, Squire 17 Internet Draft Telephony Routing over IP July 2000 3 Partial Flag 4 Link-state Encapsulated Flag The high-order bit (bit 0) of the Attribute Flags octet is the Optional Bit. It defines whether the attribute is optional (if set to 1) or well-known (if set to 0). Implementations are not required support optional attributes, but MUST support well-known attributes. The second high-order bit (bit 1) of the Attribute Flags octet is the Transitive bit. It defines whether an optional attribute is transitive (if set to 1) or non-transitive (if set to 0). For well- known attributes, the Transitive bit MUST be zero on transmit and MUST be ignored on receipt. The third high-order bit (bit 2) of the Attribute Flags octet is the Dependent bit. It defines whether a transitive attribute is dependent (if set to 1) or independent (if set to 0). For well-known attributes and for non-transitive attributes, the Dependent bit is irrelevant, and MUST be set to zero on transmit and MUST be ignored on receipt. The fourth high-order bit (bit 3) of the Attribute Flags octet is the Partial bit. It defines whether the information contained in the optional transitive attribute is partial (if set to 1) or complete (if set to 0). For well-known attributes and for non-transitive attributes the Partial bit MUST be set to 0 on transmit and MUST be ignored on receipt. The fifth high-order bit (bit 4) of the Attribute Flags octet is the Link-state Encapsulation bit. This bit is only applicable to certain attributes (ReachableRoutes and WithdrawnRoutes) and determines the encapsulation of the routes within those attributes. If this bit is set, link-state encapsulation is used within the attribute. Otherwise, standard encapsulation is used within the attribute. The Link-state Encapsulation technique is described in Section 4.3.2.4. This flag is only valid on the ReachableRoutes and WithdrawnRoutes attributes. It MUST be cleared on transmit and MUST be ignored on receipt for all other attributes. The other bits of the Attribute Flags octet are unused. They MUST be zeroed on transmit and ignored on receipt. 4.3.2.1 Attribute Flags and Route Selection If an LS receives an UPDATE with a well-known attribute that has an unrecognized type, then the LS MUST ignore the ReachableRoutes within that message. If an LS receives an optional attribute with an unrecognized type, then it MUST process the attribute according to the Attribute Flags. Rosenberg, Salama, Squire 18 Internet Draft Telephony Routing over IP July 2000 If a mandatory attribute is received for which the flags are not properly set, then the Update message should be discarded. If a recognized non-mandatory attribute is received for which the flags are not properly set, that attribute should be ignored and not propagated. Any recognized attribute can be used as input to the route selection process, although the utility of some attributes in route selection is minimal. 4.3.2.2 Attribute Flags and Route Dissemination TRIP provides for two variations of transitivity due to the fact that intermediate LSs need not modify the NextHopServer when propagating routes. Attributes may be non-transitive, dependent transitive, or independent transitive. An attribute cannot be both dependent transitive and independent transitive. Unrecognized *independent* transitive attributes may be propagated by any intermediate LS. Unrecognized *dependent* transitive attributes MAY only be propagated if the LS is NOT changing the next-hop server. The transitivity variations permit some unrecognized attributes to be carried end-to-end (independent transitive), some to be carried between adjacent next-hop servers (dependent transitive), and other to be restricted to peer LSs (non- transitive). An LS that passes an unrecognized transitive attribute to a peer MUST set the Partial flag on that attribute. Any LS along a path MAY insert a transitive attribute into a route. If any LS except the originating LS inserts a new independent transitive attribute into a route, then it MUST set the Partial flag on that attribute. If any LS except an LS that modifies the NextHopServer inserts a new dependent transitive attribute into a route, then it MUST set the Partial flag on that attribute. The Partial flag indicates that not every LS along the relevant path has processed and understood the attribute. For independent transitive attributes, the ærelevant pathÆ is the path given in the AdvertisementPath attribute. For dependent transitive attributes, the relevant path consists only of those domains thru which this object has passed since the NextHopServer was last modified. The Partial flag in an independent transitive attribute MUST NOT be unset by any other LS along the path. The Partial flag in a dependent transitive attribute MUST be reset whenever the NextHopServer is changed, but MUST NOT be unset by any LS that is not changing the NextHopServer. The rules governing the addition of new non-transitive attributes are defined independently for each non-transitive attribute. Any attribute MAY be updated by an LS in the path. 4.3.2.3 Attribute Flags and Route Aggregation Rosenberg, Salama, Squire 19 Internet Draft Telephony Routing over IP July 2000 Each attribute defines how it is to be handled during route aggregation. The rules governing the handling of unknown attributes are guided by the Attribute Flags. Unrecognized transitive attributes are dropped during aggregation. There should be no unrecognized non-transitive attributes during aggregation because non-transitive attributes must be processed by the local LS in order to be propagated. 4.3.2.4 Attribute Flags and Encapsulation Normally attributes have the simple format as described in Section 4.3.1. If the Link-state Encapsulation Flag is set, then the two additional fields are added to the attribute header as shown in Figure 9. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Attr. Flags |Attr. Type Code| Attr. Length | +---------------+---------------+--------------+----------------+ | Originator TRIP Identifier | +---------------+---------------+--------------+----------------+ | Sequence Number | +---------------+---------------+--------------+----------------+ | Attribute Value (variable) | +---------------+---------------+--------------+----------------+ Figure 9: Link State Encapsulation The Originator TRIP ID and Sequence Number are used to control the flooding of routing updates within a collection of servers. These fields are used to detect duplicate and old routes so that they are not further propagated within the servers. The use of these fields is defined in Section 10.1. 4.3.3 Mandatory Attributes Certain attributes are mandatory; they must be in every UPDATE message. Mandatory attributes are identified in their definition. By definition, mandatory attributes are also well-known. UPDATE messages that do not include all mandatory attributes are discarded. 4.3.4 TRIP UPDATE Attributes This section summarizes the attributes that may be carried in an UPDATE message. Attributes MUST appear in the UPDATE message in increasing order of the Attribute Type Code. Additional details are provided in Section 5. 4.3.4.1 WithdrawnRoutes Rosenberg, Salama, Squire 20 Internet Draft Telephony Routing over IP July 2000 This attribute lists a set of routes that are being withdrawn from service. The transmitting LS has determined that these routes should no longer be advertised, and is propagating this information to its peers. 4.3.4.2 ReachableRoutes This attribute lists set of routes that are being added to service. These routes have the potential to be inserted into the Adj-TRIBs-In of the receiving LS. 4.3.4.3 NextHopServer This attribute gives the identity of the entity to which messages should be sent along this routed path. It specifies the identity of the next hop server as either a host domain name or an IP address. It MAY optionally specify the UDP/TCP port number for the next hop signaling server. If not specified, then the default port SHOULD be used. The NextHopServer is specific to the set of destinations and application protocol defined in the ReachableRoutes attribute. Note that this is NOT the address to which media (voice, video, etc.) should be transmitted, it is only for the application protocol as given in the ReachableRoutes attribute. 4.3.4.4 AdvertisementPath The AdvertisementPath is analogous to the AS_PATH in BGP4 [2]. The attribute records the sequence of domains through which this advertisement has passed. The attribute is used to detect when the routing advertisement is looping. This attribute does NOT reflect the path through which messages following this route would traverse. Since the next-hop need not be modified by each LS, the actual path to the destination might not have to traverse every domain in the AdvertisementPath. 4.3.4.5 RoutedPath The RoutedPath attribute is analogous to the AdvertisementPath attribute, except that it records the actual path (given by the list of domains) *to* the destinations. Unlike AdvertisementPath, which is modified each time the route is propagated, RoutedPath is only modified when the NextHopServer attribute changes. Thus, it records the subset of the AdvertisementPath over which messages following this particular route would traverse. 4.3.4.6 AtomicAggregate The AtomicAggregate attribute indicates that a route may actually include domains not listed in the RoutedPath. If an LS, when presented with a set of overlapping routes from a peer LS, selects a less specific route without selecting the more specific route, then Rosenberg, Salama, Squire 21 Internet Draft Telephony Routing over IP July 2000 the LS MUST include the AtomicAggregate attribute with the route. An LS receiving a route with an AtomicAggregate attribute MUST NOT make the set of destinations more specific when advertising it to other LSs. 4.3.4.7 LocalPreference The LocalPreference attribute is an intra-domain attribute used to inform other LSs of the local LSs preference for a given route. The preference of a route is calculated at the ingress to a domain and passed as an attribute with that route throughout the domain. Other LSs within the same ITAD use this attribute in their route selection process. This attribute has no significance between domains. 4.3.4.8 Communities The Communities attribute is optional attribute used to facilitate and simplify the control of routing information by grouping destinations into communities. 4.3.4.9 MultiExitDisc There may be more than one LS peering relationship between neighboring domains. The MultiExitDisc attribute is used by an LS to express a preference for one link between the domains over another link between the domains. The use of the MultiExitDisc attribute is controlled by local policy. 4.3.4.10 ITAD Topology The ITAD topology attribute is an intra-domain attribute that is used by LSs to indicate their intra-domain topology to other LSs in the domain. 4.3.4.11 Authentication TRIP allows the originator of a particular attribute to include a signature so that the receiver may validate the originator and contents of the attribute. The Authentication attribute includes a list of the signatures for all signed attributes in the UPDATE. 4.4 KEEPALIVE Message Format TRIP does not use any transport-based keep-alive mechanism to determine if peers are reachable. Instead, KEEPALIVE messages are exchanged between peers often enough as not to cause the Hold Timer to expire. A reasonable maximum time between KEEPALIVE messages would be one third of the Hold Time interval. KEEPALIVE messages MUST NOT be sent more than once per XX seconds. An implementation Rosenberg, Salama, Squire 22 Internet Draft Telephony Routing over IP July 2000 SHOULD adjust the rate at which it sends KEEPALIVE messages as a function of the negotiated Hold Time interval. EditorÆs Note: Need to examine timer values in TRIP context. Are the BGP defaults satisfactory? If the negotiated Hold Time interval is zero, then periodic KEEPALIVE messages MUST NOT be sent. KEEPALIVE message consists of only message header and has a length of 3 octets. 4.5 NOTIFICATION Message Format A NOTIFICATION message is sent when an error condition is detected. The TRIP transport connection is closed immediately after sending a NOTIFICATION message In addition to the fixed-size TRIP header, the NOTIFICATION message contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Error Code | Error Subcode | Data... (variable) +---------------+---------------+--------------+----------------+ Figure 10: TRIP NOTIFICATION Format Error Code: This 1-octet unsigned integer indicates the type of NOTIFICATION. The following Error Codes have been defined: Error Code Symbolic Name Reference 1 Message Header Error Section 6.1 2 OPEN Message Error Section 6.2 3 UPDATE Message Error Section 6.3 4 Hold Timer Expired Section 6.5 5 Finite State Machine Error Section 6.6 6 Cease Section 6.7 Error Subcode: This 1-octet unsigned integer provides more specific information about the nature of the reported error. Each Error Code may have one or more Error Subcodes associated with it. If no appropriate Error Subcode is defined, then a zero (Unspecific) value is used for the Error Subcode field. Rosenberg, Salama, Squire 23 Internet Draft Telephony Routing over IP July 2000 Message Header Error Subcodes: 1 - Bad Message Length. 2 - Bad Message Type. OPEN Message Error Subcodes: 1 - Unsupported Version Number. 2 - Bad Peer ITAD. 3 - Bad TRIP Identifier. 4 - Unsupported Optional Parameter. 5 û Unacceptable Hold Time. 6 û Unsupported Capability. UPDATE Message Error Subcodes: 1 - Malformed Attribute List. 2 - Unrecognized Well-known Attribute. 3 - Missing Well-known Mandatory Attribute. 4 - Attribute Flags Error. 5 - Attribute Length Error. 6 - Invalid Attribute. Data: This variable-length field is used to diagnose the reason for the NOTIFICATION. The contents of the Data field depend upon the Error Code and Error Subcode. Note that the length of the data can be determined from the message length field by the formula: Data Length = Message Length - 5 The minimum length of the NOTIFICATION message is 5 octets (including message header). 5. TRIP Attributes This section provides details on the syntax and semantics of each TRIP UPDATE attribute. 5.1 WithdrawnRoutes Mandatory: TRUE. Required Flags: Well-known. Potential Flags: Link-State Encapsulation (when flooding). Rosenberg, Salama, Squire 24 Internet Draft Telephony Routing over IP July 2000 Trip Type Code: 1 The WithdrawnRoutes attribute MUST be included in every UPDATE message. It specifies a set of routes that are to be removed from service by the receiving LS(s). The set of routes MAY be empty, indicated by a length field of zero. 5.1.1 Syntax of WithdrawnRoutes The WithdrawnRoutes Attribute encodes a sequence of routes in its value field. The format for individual routes is given in Section 5.1.1.1. The WithdrawnRoutes Attribute lists the individual routes sequentially with no padding as shown in Figure 11. Each route includes a length field so that the individual routes within the attribute can be delineated. +---------------------+---------------------+... | WithdrawnRoute1... | WithdrawnRoute2... |... +---------------------+---------------------+... Figure 11: WithdrawnRoutes Format 5.1.1.1 Generic TRIP Route Format The generic format for a TRIP route is given in Figure 12. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Address Family | Application Protocol | +---------------+---------------+--------------+----------------+ | Length | Address (variable) +---------------+---------------+--------------+----------------+ Figure 12: Generic TRIP Route Format Address Family: The address family field gives the type of address for the route. Two address families are defined in this Section: Code Address Family 1 POTS Numbers 2 Routing Numbers This document reserves address family code 0. Additional address families may be defined in the future. Assignment of address family codes is controlled by IANA. See Section 12 for IANA considerations. Application Protocol: Rosenberg, Salama, Squire 25 Internet Draft Telephony Routing over IP July 2000 The application protocol gives the protocol for which this routing table is maintained. The currently defined application protocols are: Code Protocol 1 SIP 2 H.323-Q.931 3 H.323-RAS 4 H.323-Annex-G This document reserves application protocol code 0. Additional application protocols may be defined in the future. Assignment of application protocol codes is controlled by IANA. See Section 12 for IANA considerations. Length: The length of the address field, in bytes. Address: This is an address (prefix) of the family type given by Address Family. The octet length of the address is variable and is determined by the length field of the route. 5.1.1.2 POTS Numbers The POTS Numbers address family is a super set of all E.164 numbers, national numbers, local numbers, and private numbers. A set of telephone numbers is specified by a POTS Number prefix. POTS Number prefixes are represented by a string of digits, each digit encoded by its ASCII character representation. This routing object covers all phone numbers starting with this prefix. The syntax for the POTS Number prefix is: pots-number = *pots-digit pots-digit = DIGIT DIGIT = '0'|'1'|'2'|'3'|'4'|'5'|'6'|'7'|'8'|'9' This POTS Number prefix is not bound in length. This format is similar to the format for a global telephone number as defined in SIP [7] without visual separators and without the '+' prefix for international numbers. This format facilitates efficient comparison when using TRIP to route SIP or H323, both of which use character based representations of phone numbers. The prefix length is determined from the length field of the route. The type of POTS number (private, local, national, or international) can be deduced from the first few digits of the POTS prefix. Rosenberg, Salama, Squire 26 Internet Draft Telephony Routing over IP July 2000 5.1.1.3 Routing Numbers This address family is used to represent Routing Numbers used in conjunction with Number Portability (NP). Unlike POTS Numbers, which are used to identify actual POTS destinations, Routing Numbers are used to identify switches and line cards in the switches. NP and routing Numbers are limited in scope to national boundaries. Different countries/regions define different routing number formats. The Routing Numbers address family defined herein is deemed sufficient to encompass all the different formats. Routing Number prefixes are represented by a string of digits, each digit encoded by its ASCII character representation. This routing object covers all routing numbers starting with this prefix. The syntax for the Routing Number prefix is: routing-number = *routing-digit routing-digit = ROUTING-DIGIT ROUTING-DIGIT = '0'|'1'|'2'|'3'|'4'|'5'|'6'|'7'|'8'|'9'| 'A'|'B'|'C'|'D'|'E'|'F' Note the difference in alphabets between POTS Numbers and Routing Numbers. A Routing Number prefix is not bound in length. 5.2 ReachableRoutes Mandatory: TRUE. Required Flags: Well-known. Potential Flags: Link-State Encapsulation (when flooding). Trip Type Code: 2 The ReachableRoutes attribute MUST be included in every UPDATE message. It specifies a set of routes that are to be added to service by the receiving LS(s). The set of routes MAY be empty, this is indicated by setting the length field to zero. 5.2.1 Syntax of ReachableRoutes The ReachableRoutes Attribute has the same syntax as the WithdrawnRoutes Attribute. See Section 5.1.1. 5.2.2 Route Origination and ReachableRoutes Routes are injected into TRIP by a method outside the scope of this specification. Possible methods include a front-end protocol, an intra-domain routing protocol, or static configuration. 5.2.3 Route Selection and ReachableRoutes The routes in ReachableRoutes are necessary for route selection. Rosenberg, Salama, Squire 27 Internet Draft Telephony Routing over IP July 2000 5.2.4 Aggregation and ReachableRoutes To aggregate multiple routes, the set of ReachableRoutes to be aggregated MUST combine to form a less specific set. There is no mechanism within TRIP to communicate that a particular address prefix is not used and thus that these addresses could be skipped during aggregation. LSs MAY use methods outside of TRIP to learn of invalid prefixes that may be ignored during aggregation. 5.2.5 Route Dissemination and ReachableRoutes The ReachableRoutes attribute is recomputed at each LS except where flooding is being used (e.g., within a domain). 5.2.6 Aggregation Specifics for POTS Numbers and Routing Numbers An LS that has routes to all valid numbers in a specific prefix SHOULD advertise that prefix as the ReachableRoutes, even if there are more specific prefixes that do not actually exist on the PSTN. Generally, it takes 10 POTS prefixes, or 16 Routing prefixes, of length n to aggregate into a prefix of length n-1. However, if an LS is aware that a prefix is an invalid POTS prefix, or Routing prefix, then the LS MAY aggregate by skipping this prefix. For example, if the POTS prefix 19191 is known not to exist, then an LS can aggregate to 1919 without 19191. A prefix representing an invalid set of PSTN destinations is sometimes referred to as a æblack-holeÆ. The method by which an LS is aware of black-holes is not within the scope of TRIP, but if an LS has such knowledge, it can use the knowledge when aggregating. 5.3 NextHopServer Mandatory: True. Required Flags: Well-known. Potential Flags: None. TRIP Type Code: 3. Given a route with application protocol A and destinations D, the NextHopServer indicates the next-hop that messages of protocol A destined for D should be sent. This may or may not represent the ultimate destination of those messages. 5.3.1 NextHopServer Syntax For generality, the address of the next-hop server may be of various types (domain name, IPv4, IPv6, etc). The NextHopServer attribute Rosenberg, Salama, Squire 28 Internet Draft Telephony Routing over IP July 2000 includes the ITAD number of next-hop server, a length field , and a next-hop name or address. The syntax for the NextHopServer is given in Figure 13. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Next Hop ITAD | Length | +---------------+---------------+--------------+----------------+ | Serverà (variable) +---------------+---------------+--------------+----------------+ Figure 13: NextHopServer Syntax The Next-Hop ITAD indicates the domain of the next-hop. Length field gives the number of octets in the Server field, and the Server field contains the name or address of the next-hop server. The server field is represented as a string of ASCII characters. It is defined as follows: Server = host [ ":" port ] host = <A legal Internet host domain name or IP address (in dotted-decimal form), as defined by Section 2.1 of RFC 1123 [8]> port = *DIGIT If the port is empty or not given, the default port is assumed (e.g., port 5060 if the application protocol is SIP). EditorÆs Note. RFC 1123 addresses host domain names and IPv4 formats. Is it sufficient to cover Ipv6 addresses also? Has it been updated for IPv6? 5.3.2 Route Origination and NextHopServer When an LS originates a routing object into TRIP, it MUST include a NextHopServer within its domain. The NextHopServer could be an address of the egress gateway or of a signaling proxy. 5.3.3 Route Selection and NextHopServer LS policy may prefer certain next-hops or next-hop domains over others. 5.3.4 Aggregation and NextHopServer When aggregating multiple routing objects into a single routing object, an LS MUST insert a new signaling server from within its Rosenberg, Salama, Squire 29 Internet Draft Telephony Routing over IP July 2000 domain as the new NextHopServer unless all of the routes being aggregated have the same next-hop. 5.3.5 Route Dissemination and NextHopServer When propagating routing objects to peers, an LS may choose to insert a signaling proxy within its domain as the new next-hop, or it may leave the next-hop unchanged. Inserting a new next-hop will cause the signaling messages to be sent to that address, and will provide finer control over the signaling path. Leaving the next-hop unchanged will yield a more efficient signaling path (fewer hops). It is a local policy decision of the LS to decide whether to propagate or change the NextHopServer. 5.4 AdvertisementPath Mandatory: TRUE. Required Flags: Well-known. Potential Flags: Partial. TRIP Type Code: 4. This attribute identifies the ITADs through which routing information carried in an advertisement has passed. The AdvertisementPath attribute is analogous to the AS_PATH attribute in BGP. The attributes differ in that BGP's AS_PATH also reflects the path to the destination. In TRIP, not every domain need modify the next-hop, so the AdvertisementPath may include many more hops than the actual path to the destination. The RoutedPath attribute (Section 5.5) reflects the actual path to the destination. 5.4.1 AdvertisementPath Syntax AdvertisementPath is a variable length attribute that is composed of a sequence of ITAD path segments. Each ITAD path segment is represented by a type-length-value triple. The path segment type is a 1-octet long field with the following values defined: Value Segment Type 1 AP_SET: unordered set of ITADs a route in the advertisement message has traversed 2 AP_SEQUENCE: ordered set of ITADs a route in the advertisement message has traversed The path segment length is a 1-octet long field containing the number of ITADs in the path segment value field. The path segment value field contains one or more ITAD numbers, each encoded as a 2-octets long field. ITAD numbers uniquely identify an Rosenberg, Salama, Squire 30 Internet Draft Telephony Routing over IP July 2000 Internet Telephony Administrative Domain, and must be obtained from IANA. See Section 12 for procedures to obtain an ITAD number from IANA. 5.4.2 Route Origination and AdvertisementPath When an LS originates a route then: - The originating LS shall include its own ITAD number in the AdvertisementPath attribute of all advertisements sent to LSs located in neighboring ITADs. In this case, the ITAD number of the originating LS's ITAD will be the only entry in the AdvertisementPath attribute. - The originating LS shall include an empty AdvertisementPath attribute in all advertisements sent to LSs located in its own ITAD. An empty AdvertisementPath attribute is one whose length field contains the value zero. 5.4.3 Route Selection and AdvertisementPath The AdvertisementPath may be used for route selection. Possible criteria to be used are the number of hops on the path and the presence or absence of particular ITADs on the path. As discussed in Section 10, the AdvertisementPath is used to prevent routing information from looping. If an LS receives a route with its own ITAD already in the AdvertisementPath, the route MUST be discarded. 5.4.4 Aggregation and AdvertisementPath The rules for aggregating AdvertisementPath attributes are given in the following sections, where the term æpathÆ used in Section 5.4.4.1 and 5.4.4.2 is understood to mean AdvertisementPath. 5.4.4.1 Aggregating Routes with Identical Paths If all routes to be aggregated have identical path attributes, then the aggregated route has the same path attribute as the individual routes. 5.4.4.2 Aggregating Routes with Different Paths For the purpose of aggregating path attributes we model each ITAD within the path as a pair <type, value>, where ætypeÆ identifies a type of the path segment (AP_SEQUENCE or AP_SET), and ævalueÆ is the ITAD number. Two ITADs are said to be the same if their corresponding <type, value> are the same. Rosenberg, Salama, Squire 31 Internet Draft Telephony Routing over IP July 2000 If the routes to be aggregated have different path attributes, then the aggregated path attribute shall satisfy all of the following conditions: - All pairs of the type AP_SEQUENCE in the aggregated path MUST appear in all of the paths of routes to be aggregated. - All pairs of the type AP_SET in the aggregated path MUST appear in at least one of the paths of the initial set (they may appear as either AP_SET or AP_SEQUENCE types). - For any pair X of the type AP_SEQUENCE that precedes pair Y in the aggregated path, X precedes Y in each path of the initial set that contains Y, regardless of the type of Y. - No pair with the same value shall appear more than once in the aggregated path, regardless of the pairÆs type. An implementation may choose any algorithm that conforms to these rules. At a minimum a conformant implementation MUST be able to perform the following algorithm that meets all of the above conditions: - Determine the longest leading sequence of tuples (as defined above) common to all the paths of the routes to be aggregated. Make this sequence the leading sequence of the aggregated path. - Set the type of the rest of the tuples from the paths of the routes to be aggregated to AP_SET, and append them to the aggregated path. - If the aggregated path has more than one tuple with the same value (regardless of tuple's type), eliminate all, but one such tuple by deleting tuples of the type AP_SET from the aggregated path. An implementation that chooses to provide a path aggregation algorithm that retains significant amounts of path information may wish to use the procedure of Section 5.4.4.3. 5.4.4.3 Example Path Aggregation Algorithm An example algorithm to aggregate two paths works as follows: - Identify the ITADs (as defined in Section 5.4.1) within each path attribute that are in the same relative order within both path attributes. Two ITADs, X and Y, are said to be in the same order if either X precedes Y in both paths, or if Y precedes X in both paths. - The aggregated path consists of ITADs identified in (a) in exactly the same order as they appear in the paths to be aggregated. If two consecutive ITADs identified in (a) do not immediately follow each other in both of the paths to be aggregated, then the intervening ITADs (ITADs that are between the two consecutive ITADs that are the same) in both attributes are combined into an AP_SET path segment that consists of the intervening ITADs from Rosenberg, Salama, Squire 32 Internet Draft Telephony Routing over IP July 2000 both paths; this segment is then placed in between the two consecutive ITADs identified in (a) of the aggregated attribute. If two consecutive ITADs identified in (a) immediately follow each other in one attribute, but do not follow in another, then the intervening ITADs of the latter are combined into an AP_SET path segment; this segment is then placed in between the two consecutive ITADs identified in (a) of the aggregated path. If as a result of the above procedure a given ITAD number appears more than once within the aggregated path, all, but the last instance (rightmost occurrence) of that ITAD number should be removed from the aggregated path. 5.4.5 Route Dissemination and AdvertisementPath When an LS propagates a route which it has learned from another LS, it shall modify the route's AdvertisementPath attribute based on the location of the LS to which the route will be sent. - When a LS advertises a route to another LS located in its own ITAD, the advertising LS MUST NOT modify the AdvertisementPath attribute associated with the route. - When a LS advertises a route to an LS located in a neighboring ITAD, then the advertising LS MUST update the AdvertisementPath attribute as follows: - If the first path segment of the AdvertisementPath is of type AP_SEQUENCE, the local system shall prepend its own ITAD number as the last element of the sequence (put it in the leftmost position). - If the first path segment of the AdvertisementPath is of type AP_SET, the local system shall prepend a new path segment of type AP_SEQUENCE to the AdvertisementPath, including its own ITAD number in that segment. 5.5 RoutedPath Mandatory: True. Required Flags: Well-known. Potential Flags: Partial. TRIP Type Code: 5. Rosenberg, Salama, Squire 33 Internet Draft Telephony Routing over IP July 2000 This attribute identifies the ITADs through which messages sent using this route would pass. The ITADs in this path are a subset of those in the AdvertisementPath. 5.5.1 RoutedPath Syntax The syntax of the RoutedPath attribute is the same as that of the AdvertisementPath attribute. See Section 5.4.1. 5.5.2 Route Origination and RoutedPath When an LS originates a route it MUST include the RoutedPath attribute. - The originating LS shall include its own ITAD number in the RoutedPath attribute of all advertisements sent to LSs located in neighboring ITADs. In this case, the ITAD number of the originating LS's ITAD will be the only entry in the RoutedPath attribute. - The originating LS shall include an empty RoutedPath attribute in all advertisements sent to LSs located in its own ITAD. An empty RoutedPath attribute is one whose length field contains the value zero. 5.5.3 Route Selection and RoutedPath The RoutedPath MAY be used for route selection, and in most cases is preferred over the AdvertisementPath for this role. Some possible criteria to be used are the number of hops on the path and the presence or absence of particular ITADs on the path. 5.5.4 Aggregation and RoutedPath The rules for aggregating RoutedPath attributes are given in Section 5.4.4.1 and 5.4.4.2, where the term æpathÆ used in Section 5.4.4.1 and 5.4.4.2 is understood to mean RoutedPath. 5.5.5 Route Dissemination and RoutedPath When an LS propagates a route that it learned from another LS, it modifies the route's RoutedPath attribute based on the location of the LS to which the route is sent. - When a LS advertises a route to another LS located in its own ITAD, the advertising LS MUST NOT modify the RoutedPath attribute associated with the route. - If the LS has not changed the NextHopServer attribute, then the LS MUST NOT change the RoutedPath attribute. Rosenberg, Salama, Squire 34 Internet Draft Telephony Routing over IP July 2000 - Otherwise, the LS changed the NextHopServer and is advertising the route to an LS in another ITAD. The advertising LS MUST update the RoutedPath attribute as follows: - If the first path segment of the RoutedPath is of type AP_SEQUENCE, the local system shall prepend its own ITAD number as the last element of the sequence (put it in the leftmost position). - If the first path segment of the RoutedPath is of type AP_SET, the local system shall prepend a new path segment of type AP_SEQUENCE to the RoutedPath, including its own ITAD number in that segment. 5.6 AtomicAggregate Mandatory: False. Required Flags: Well-known. Potential Flags: None. TRIP Type Code: 6. The AtomicAggregate attribute indicates that a route may traverse domains not listed in the RoutedPath. If an LS, when presented with a set of overlapping routes from a peer LS, selects the less specific route without selecting the more specific route, then the LS includes the AtomicAggregate attribute with the routing object. 5.6.1 AtomicAggregate Syntax This attribute has length zero (0); the value field is empty. 5.6.2 Route Origination and AtomicAggregate Routes are never originated with the AtomicAggregate attribute. 5.6.3 Route Selection and AtomicAggregate The AtomicAggregate attribute may be used in route selection û it indicates that the RoutedPath may be incomplete. 5.6.4 Aggregation and AtomicAggregate If any of the routes to aggregate has the AtomicAggregate attribute, then so should the resultant aggregate. 5.6.5 Route Dissemination and AtomicAggregate If an LS, when presented with a set of overlapping routes from a peer LS, selects the less specific route (see Section 1) without selecting the more specific route, then the LS MUST include the Rosenberg, Salama, Squire 35 Internet Draft Telephony Routing over IP July 2000 AtomicAggregate attribute with the routing object (if it is not already present). An LS receiving a routing object with an AtomicAggregate attribute MUST NOT make the set of destinations more specific when advertising it to other LSs, and MUST NOT remove the attribute when propagating this object to a peer LS. 5.7 LocalPreference Mandatory: False. Required Flags: Well-known. Potential Flags: None. TRIP Type Code: 7. The LocalPreference attribute is only used intra-domain, it indicates the local LS's preference for the routing object to other LSs within the same domain. This attribute MUST NOT be included when communicating to an LS in another domain, and MUST be included over intra-domain links. 5.7.1 LocalPreference Syntax The LocalPreference attribute is a 4-octet unsigned numeric value. A higher value indicates a higher preference. 5.7.2 Route Origination and LocalPreference Routes MUST NOT be originated with the LocalPreference attribute to inter-domain peers. Routes to intra-domain peers MUST be originated with the LocalPreference attribute. 5.7.3 Route Selection and LocalPreference The LocalPreference attribute allows one LS in a domain to calculate a preference for a route, and to communicate this preference to other LSs within the domain. 5.7.4 Aggregation and LocalPreference The LocalPreference attribute is not affected by aggregation. 5.7.5 Route Dissemination and LocalPreference An LS MUST include the LocalPreference attribute when communicating with peer LSs within its own domain. An LS MUST NOT include the LocalPreference attribute when communicating with LSs in other domains. LocalPreference attributes received from inter-domain peers MUST be ignored. Rosenberg, Salama, Squire 36 Internet Draft Telephony Routing over IP July 2000 5.8 MultiExitDisc Mandatory: False. Required Flags: Well-known. Potential Flags: None. TRIP Type Code: 8. When two ITADs are connected by more than one set of peers, the MultiExitDisc attribute may be used to specify preferences for routes received over one of those links versus routes received over other links. The MultiExitDisc parameter is used only for route selection. 5.8.1 MultiExitDisc Syntax The MultiExitDisc attribute carries a 4-octet unsigned numeric value. A higher value represents a more preferred routing object. 5.8.2 Route Origination and MultiExitDisc Routes originated to intra-domain peers MUST NOT be originated with the MultiExitDisc attribute. When originating a route to an inter- domain peer, the MultiExitDisc attribute may be included. 5.8.3 Route Selection and MultiExitDisc The MultiExitDisc attribute is used to express a preference when there are multiple links between two domains. If all other factors are equal, then a route with a higher MultiExitDisc attribute is preferred over a route with a lower MultiExitDisc attribute. 5.8.4 Aggregation and MultiExitDisc Routes with differing MultiExitDisc parameters MUST NOT be aggregated. Routes with the same value in the MultiExitDisc attribute MAY be aggregated and the same MultiExitDisc attribute attached to the aggregated object. 5.8.5 Route Dissemination and MultiExitDisc If received from a peer LS in another domain, an LS MAY propagate the MultiExitDisc to other LSs within its domain. The MultiExitDisc attribute MUST NOT be propagated to LSs in other domains. An LS may add the MultiExitDisc attribute when propagating routing objects to an LS in another domain. The inclusion of the MultiExitDisc attribute is a matter of policy, as is the value of the attribute. Rosenberg, Salama, Squire 37 Internet Draft Telephony Routing over IP July 2000 5.9 Communities Mandatory: FALSE Required Flags: Optional, Independent Transitive Potential Flags: None TRIP Type Code: 9. A community is a group of destinations that share some common property. The Communities attribute is used to group destinations so that the routing decision can be based on the identity of the group. Using the Communities attribute should significantly simplify the distribution of routing information by providing an administratively defined aggregation unit. Each ITAD administrator may define the communities to which a particular route belongs. By default, all routes belong to the general Internet Telephony community. As an example, the Communities attribute could be used to define an alliance between a group of Internet Telephony service providers for a specific subset of routing information. In this case, members of that alliance would accept only routes for destinations in this group that are advertised by other members of the alliance. Other destinations would be more freely accepted. To achieve this, a member would tag each route with a designated Community attribute value before disseminating it. This relieves the members of such an alliance from the responsibility of keeping track of the identities of all other members of that alliance. It is recommend that the Community attribute be signed. The signature would be included in the Authentication attribute. Editor's Note: We could define a new capability in the OPEN message which an LS uses to indicate which an LS uses to indicate which communities it is a member of. The LS's peer may use this capability information to decide which route to forward to that LS and which ones not to forward to it. Another example use of the Communities attribute is with aggregation. It is often useful to advertise both the aggregate route and the component more-specific routes that were used to form the aggregate. These component information are only useful to the neighboring TRIP peer, and perhaps the ITAD of the neighboring TRIP peer, so it is desirable to filter out the component routes. This can be achieved by specifying a Community attribute value that the neighboring peers will match and filter on. That way it can be assured that the more specific routes will not propagate beyond their desired scope. 5.9.1 Syntax of Communities Rosenberg, Salama, Squire 38 Internet Draft Telephony Routing over IP July 2000 The Communities attribute is of variable length. It consists of set of four octet values, each of which specifies a community. A community is a 32 bit value. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Community Value 1 | +---------------+---------------+--------------+----------------+ | . . . . . . . . . +---------------+---------------+--------------+----------------+ Figure 14: Communities Syntax For administrative assignment, the following assumptions may be made: The Community attribute values ranging from 0x00000000 through 0x0000FFFF and 0xFFFF0000 through 0xFFFFFFFF are hereby reserved. Other community values MUST be encoded using an ITAD number in the two most significant octets. The semantics of the final two octets may be defined by the ITAD (e.g., ITAD 690 may define research, educational, and commercial community values that may be used for policy routing as defined by the operators of that ITAD using Community attribute values 0x02B20000 through 0x02B2FFFF). The following communities have global significance and their operation MUST be implemented in any Community attribute-aware TRIP LS. - NO_EXPORT (0xFFFFFF01). Any received route with a community attribute containing this value MUST NOT be advertised outside of the receiving TRIP ITAD. - NO_ADVERTISE (0xFFFFFF02). Any received route with a communities attribute containing this value MUST NOT be advertised to other TRIP peers. 5.9.2 Route Origination and Communities The Communities attribute is optional. If a route has a Communities attribute associated with it, the LS MUST include that attribute in advertisement it originates. 5.9.3 Route Selection and Communities The Communities attribute may be used for route selection. A route that is a member of a certain community may be preferred over another route that is not a member of that community. Likewise, Rosenberg, Salama, Squire 39 Internet Draft Telephony Routing over IP July 2000 routes without a certain community value may be excluded from consideration. 5.9.4 Aggregation and Communities If a set of routes is to be aggregated and the resultant aggregate does not carry an Atomic_Aggregate attribute, then the resulting aggregate should have a Communities attribute that contains the union of the Community attributes of the aggregated routes. 5.9.5 Route Dissemination and Communities An LS may manipulate the Communities attribute before disseminating a route to a peer. Community attribute manipulation may include adding communities, removing communities, adding a Communities attribute (if none exists), deleting the Communities attribute, etc. 5.10 ITAD Topology Mandatory: False. Required Flags: Well-known, Link-State encapsulated. Potential Flags: None. TRIP Type Code: 10. Within an ITAD, each LS must know the status of other LSs so that LS failure can be detected. To do this, each LS advertises its internal topology to other LSs within the domain. When an LS detects that another LS is no longer active, the information sourced by that LS can be deleted (the Adj-TRIB-In for that peer may be cleared). The ITAD Topology attribute is used to communicate this information to other LSs within the domain. EditorÆs Note. Two methods for this function are possible. One method advertises the topology, requires LSs to update their topology only when their internal peer set changes, and requires LSs to calculate to which LSs are active within their domain via a connectivity algorithm on the topology. The second option would require an LS to periodically issue a ækeep-aliveÆ type advertisement that gets flooded within the domain. LSs would determine which LSs are active by the set of received keep- alives. We are suggesting the former method as it allows faster detection of failure. 5.10.1 ITAD Topology Syntax The ITAD Topology attribute indicates the LSs with which the LS is currently peering. The attribute consists of a list of the TRIP Identifiers with which the LS is currently peering, the format is given in Rosenberg, Salama, Squire 40 Internet Draft Telephony Routing over IP July 2000 Figure 15. This attribute MUST use the link-state encapsulation as defined in Section 4.3.2.4. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | TRIP Identifier 1 | +---------------+---------------+--------------+----------------+ | TRIP Identifier 2 ... | +---------------+---------------+--------------+----------------+ Figure 15: ITAD Topology Syntax 5.10.2 Route Origination and ITAD Topology The ITAD Topology attribute is independent of any routes in the UPDATE. Whenever the set of internal peers of a LS changes, it MUST originate an UPDATE with the ITAD Topology Attribute included listing the current set of internal peers. The LS MUST include this attribute in the first UPDATE it sends to a peer after the peering session is established. 5.10.3 Route Selection and ITAD Topology This attribute is independent of any routing information in the UPDATE. When an LS receives an UPDATE with an ITAD Topology attribute, it MUST compute the set of LSs currently active in the domain by performing a connectivity test on the ITAD topology as given by the set of originated ITAD Topology attributes. The LS MUST locally purge the Adj-TRIB-In for any LS that is no longer active in the domain. The LS MUST NOT propagate this purging information to other LSs as they will make a similar decision. 5.10.4 Aggregation and ITAD Topology This information is not aggregated. 5.10.5 Route Dissemination and ITAD Topology An LS MUST ignore the attribute if received from a peer in another domain. An LS MUST NOT send this attribute to an inter-domain peer. 5.11 Authentication Mandatory: False. Required Flags: Well-known. Potential Flags: None. TRIP Type Code: 11. Rosenberg, Salama, Squire 41 Internet Draft Telephony Routing over IP July 2000 In some situations, LSs may wish to verify the originator of an attribute and that the contents of that attribute have not been altered by other intermediate LSs. The Authentication attribute carries signatures so that a receiving LS may validate particular attributes. 5.11.1 Authentication Syntax The Authentication attribute contains a list of Attribute Signatures. Each attribute signature has the following format. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+--------------+----------------+ | Attribute Signature Length | Originating ITAD | +---------------+---------------+--------------+----------------+ | Originating TRIP Identifier | +---------------+---------------+--------------+----------------+ | Attr Code | Auth Mech | Authentication Dataà (variable) +---------------+---------------+--------------+----------------+ Figure 16: Attribute Signature Syntax The Attribute Signature Length is the length of the entire attribute signature, including the length field. The Originating ITAD and TRIP identifier indicate the LS that inserted the attribute. The Attribute code indicates the attribute this signature covers, and the Authentication Mechanism indicates the algorithm used to compute the Authentication Data. The valid Authentication Mechanisms are: EditorÆs Note. List authentication mechanisms. The Authentication Mechanism is performed over the following fields to compute the Authentication Data. The fields are considered in this order. 1 Value of the ReachableRoutes attribute. 2 Value of the attribute given by the Attribute Code. 5.11.2 Route Origination and Authentication An LS MAY include the signature attribute with routes that it originates, covering any subset of the attributes of the route. 5.11.3 Route Selection and Authentication An LS MAY be required (via configuration or some other means) to verify the authenticity of certain attributes. An LS MAY use Rosenberg, Salama, Squire 42 Internet Draft Telephony Routing over IP July 2000 attribute authentication when calculating the preference of a route. Possible uses of the Authentication attribute include: - Ignoring routes that do not contain authentication for a particular attribute. - Ignoring routes that for which attribute verification cannot be performed due to unsupported authentication mechanisms or invalid authentication data. Other uses are also possible. 5.11.4 Aggregation and Authentication Aggregation and Authentication are mutually exclusive. Since attribute signatures cover the routes in the ReachableRoutes field, aggregating routes together eliminates the validity of signatures. Authentication attributes MUST NOT be propagated on aggregated routes. The relative importance of authentication and aggregation is an administrative decision. 5.11.5 Route Dissemination and Authentication The Authentication attribute MUST be examined before propagating to other LSs. For any attributes that have been changed by the local LS, the LS should strip the Attribute Signature (if they exist) from the Authentication attribute. The LS MAY insert its own signatures into the Authentication attribute if it desires to do so. The LS MAY propagate Attribute Signatures for attributes that it does not alter. The decision to add or propagate attribute signatures is a local policy decision. 5.12 Considerations for Defining New TRIP Attributes Any proposal for defining new TRIP attributes should specify the following: - the use of this attribute, - the attribute's flags, - the attribute's syntax, - how the attribute works with route origination, - how the attribute works with route aggregation, and - how the attribute works with route dissemination and the attribute's scope (e.g., intra-domain only like LocalPreference) IANA will manage the assignment of TRIP attribute type codes to new attributes. Rosenberg, Salama, Squire 43 Internet Draft Telephony Routing over IP July 2000 6. TRIP Error Detection and Handling This section describes errors to be detected and the actions to be taken while processing TRIP messages. When any of the conditions described here are detected, a NOTIFICATION message with the indicated Error Code, Error Subcode, and Data fields MUST be sent, and the TRIP connection MUST be closed. If no Error Subcode is specified, then a zero Subcode MUST be used. The phrase æthe TRIP connection is closedÆ means that the transport protocol connection has been closed and that all resources for that TRIP connection have been de-allocated. If the connection was inter-domain, then routing table entries associated with the remote peer MUST be marked as invalid. Routing table entries MUST NOT be marked as invalid if an internal peering session is terminated. The fact that the routes have been marked as invalid is passed to other TRIP peers before the routes are deleted from the system. Unless specified explicitly, the Data field of the NOTIFICATION message that is sent to indicate an error MUST be empty. 6.1 Message Header Error Detection and Handling All errors detected while processing the Message Header are indicated by sending the NOTIFICATION message with Error Code Message Header Error. The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every message. If the Length field of the message header is less than 3 or greater than 4096, or if the Length field of an OPEN message is less than the minimum length of the OPEN message, or if the Length field of an UPDATE message is less than the minimum length of the UPDATE message, or if the Length field of a KEEPALIVE message is not equal to 3, or if the Length field of a NOTIFICATION message is less than the minimum length of the NOTIFICATION message, then the Error Subcode MUST be set to Bad Message Length. The Data field contains the erroneous Length field. If the Type field of the message header is not recognized, then the Error Subcode MUST be set to æBad Message Type.Æ The Data field contains the erroneous Type field. 6.2 OPEN Message Error Detection and Handling Rosenberg, Salama, Squire 44 Internet Draft Telephony Routing over IP July 2000 All errors detected while processing the OPEN message are indicated by sending the NOTIFICATION message with Error Code æOPEN Message Error.Æ The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every OPEN message. If the version number contained in the Version field of the received OPEN message is not supported, then the Error Subcode MUST be set to æUnsupported Version Number.Æ The Data field is a 1-octet unsigned integer, which indicates the largest locally supported version number less than the version the remote TRIP peer bid (as indicated in the received OPEN message). If the ITAD field of the OPEN message is unacceptable, then the Error Subcode MUST be set to æBad Peer ITAD.Æ The determination of acceptable ITAD numbers is outside the scope of this protocol. If the Hold Time field of the OPEN message is unacceptable, then the Error Subcode MUST be set to æUnacceptable Hold Time.Æ An implementation MUST reject Hold Time values of one or two seconds. An implementation MAY reject any proposed Hold Time. An implementation that accepts a Hold Time MUST use the negotiated value for the Hold Time. If the TRIP Identifier field of the OPEN message is not valid, then the Error Subcode MUST be set to æBad TRIP Identifier.Æ A TRIP identifier is 4-octets and can take any value. An LS considers the TRIP Identifier invalid if it has an already open connection with another peer LS that has the same ITAD and TRIP Identifier. Any two LSs within the same ITAD MUST NOT have equal TRIP Identifier values. This restriction does not apply to LSs in differrent ITADs since the purpose is to uniquely identify an LS using its TRIP Identifier and its ITAD number. If one of the Optional Parameters in the OPEN message is not recognized, then the Error Subcode MUST be set to æUnsupported Optional Parameters.Æ If the Optional Parameters of the OPEN message include Capability Information with an unsupported capability (unsupported in either capability type or value), then the Error Subcode MUST be set to æUnsupported Capability,Æ and the entirety of the unsupported capabilities are listed in the Data field of the NOTIFICATION message. 6.3 UPDATE Message Error Detection and Handling Rosenberg, Salama, Squire 45 Internet Draft Telephony Routing over IP July 2000 All errors detected while processing the UPDATE message are indicated by sending the NOTIFICATION message with Error Code æUPDATE Message Error.Æ The Error Subcode elaborates on the specific nature of the error. The error checks in this section MUST be performed by each LS on receipt of every UPDATE message. These error checks MUST occur before flooding procedures are invoked with internal peers. If any recognized attribute has Attribute Flags that conflict with the Attribute Type Code, then the Error Subcode MUST be set to æAttribute Flags Error.Æ The Data field contains the erroneous attribute (type, length and value). If any recognized attribute has Attribute Length that conflicts with the expected length (based on the attribute type code), then the Error Subcode MUST be set to æAttribute Length Error.Æ The Data field contains the erroneous attribute (type, length and value). If any of the mandatory well-known attributes are not present, then the Error Subcode MUST be set to æMissing Well-known Mandatory Attribute.Æ The Data field contains the Attribute Type Code of the missing well-known mandatory attributes. If any of the well-known attributes are not recognized, then the Error Subcode MUST be set to æUnrecognized Well-known Attribute.Æ The Data field contains the unrecognized attribute (type, length and value). If any attribute has a syntactically incorrect value, or an undefined value, then the Error Subcode is set to æInvalid Attribute.Æ The Data field contains the incorrect attribute (type, length and value). Such a NOTIFICATION message is sent, for example, when a NextHopServer attribute is received with an invalid address. The information carried by the AdvertisementPath attribute is checked for ITAD loops. ITAD loop detection is done by scanning the full AdvertisementPath, and checking that the ITAD number of the local ITAD does not appear in the AdvertisementPath. If the local ITAD number appears in the AdvertisementPath, then the route MAY be stored in the Adj-TRIB-In, but unless the LS is configured to accept routes with its own ITAD in the advertisement path, the route MUST not be passed to the TRIP Decision Process. The operation of an LS that is configured to accept routes with its own ITAD number in the advertisement path are outside the scope of this document. If the UPDATE message was received from an internal peer and either the WithdrawnRoutes, ReachableRoutes, or ITAD Topology attribute does not have the Link-State Encapsulation flag set, then the Error Subcode is set to æInvalid AttributeÆ and the data field contains the attribute. Likewise, the attribute is invalid if received from an external peer and the Link-State Flag is set. Rosenberg, Salama, Squire 46 Internet Draft Telephony Routing over IP July 2000 If any attribute appears more than once in the UPDATE message, then the Error Subcode is set to æMalformed Attribute List.Æ 6.4 NOTIFICATION Message Error Detection and Handling If a peer sends a NOTIFICATION message, and there is an error in that message, there is unfortunately no means of reporting this error via a subsequent NOTIFICATION message. Any such error, such as an unrecognized Error Code or Error Subcode, should be noticed, logged locally, and brought to the attention of the administration of the peer. The means to do this, however, are outside the scope of this document. 6.5 Hold Timer Expired Error Handling If a system does not receive successive messages within the period specified by the negotiated Hold Time, then a NOTIFICATION message with æHold Timer ExpiredÆ Error Code MUST be sent and the TRIP connection MUST be closed. 6.6 Finite State Machine Error Handling An error detected by the TRIP Finite State Machine (e.g., receipt of an unexpected event) MUST result in sending a NOTIFICATION message with Error Code æFinite State Machine ErrorÆ and the TRIP connection MUST be closed. 6.7 Cease In the absence of any fatal errors (that are indicated in this section), a TRIP peer MAY choose at any given time to close its TRIP connection by sending the NOTIFICATION message with Error Code æCease.Æ However, the Cease NOTIFICATION message MUST NOT be used when a fatal error indicated by this section exists. 6.8 Connection Collision Detection If a pair of LSs try simultaneously to establish a transport connection to each other, then two parallel connections between this pair of speakers might well be formed. We refer to this situation as connection collision. Clearly, one of these connections must be closed. Based on the value of the TRIP Identifier a convention is established for detecting which TRIP connection is to be preserved when a collision occurs. The convention is to compare the TRIP Rosenberg, Salama, Squire 47 Internet Draft Telephony Routing over IP July 2000 Identifiers of the peers involved in the collision and to retain only the connection initiated by the LS with the higher-valued TRIP Identifier. Upon receipt of an OPEN message, the local LS MUST examine all of its connections that are in the OpenConfirm state. An LS MAY also examine connections in an OpenSent state if it knows the TRIP Identifier of the peer by means outside of the protocol. If among these connections there is a connection to a remote LS whose TRIP Identifier equals the one in the OPEN message, then the local LS MUST perform the following collision resolution procedure: The TRIP Identifier and ITAD of the local LS is compared to the TRIP Identifier and ITAD of the remote LS (as specified in the OPEN message). TRIP Identifiers are treated as 4-octet unsigned integers for comparison. If the value of the local TRIP Identifier is less than the remote one, or if the two TRIP Identifiers are equal and the value of ITAD of the local LS is less than value of the ITAD of the remote LS, then the local LS MUST close the TRIP connection that already exists (the one that is already in the OpenConfirm state), and accepts the TRIP connection initiated by the remote LS: 1. Otherwise, the local LS closes newly created TRIP connection (the one associated with the newly received OPEN message), and continues to use the existing one (the one that is already in the OpenConfirm state). 2. If a connection collision occurs with an existing TRIP connection that is in the Established state, then the LS MUST unconditionally close of the newly created connection. Note that a connection collision cannot be detected with connections that are in Idle, Connect, or Active states. 3. To close the TRIP connection (that results from the collision resolution procedure), an LS MUST send a NOTIFICATION message with the Error Code æCeaseÆ and the TRIP connection MUST be closed. 7. TRIP Version Negotiation Peer LSs may negotiate the version of the protocol by making multiple attempts to open a TRIP connection, starting with the highest version number each supports. If an open attempt fails with an Error Code æOPEN Message ErrorÆ and an Error Subcode æUnsupported Version Number,Æ then the LS has available the version number it tried, the version number its peer tried, the version number passed by its peer in the NOTIFICATION message, and the version numbers Rosenberg, Salama, Squire 48 Internet Draft Telephony Routing over IP July 2000 that it supports. If the two peers support one or more common versions, then this will allow them to rapidly determine the highest common version. In order to support TRIP version negotiation, future versions of TRIP must retain the format of the OPEN and NOTIFICATION messages. 8. TRIP Capability Negotiation An LS MAY include the Capabilities Option in its OPEN message to a peer to indicate the capabilities supported by the LS. An LS receiving an OPEN message MUST NOT use any capabilities that were not included in the OPEN message of the peer when communicating with that peer. 9. TRIP Finite State Machine This section specifies TRIP operation in terms of a Finite State Machine (FSM). Following is a brief summary and overview of TRIP operations by state as determined by this FSM. A condensed version of the TRIP FSM is found in Appendix 1. There is a TRIP FSM per peer and these FSMs operate independently. Idle state: Initially TRIP is in the Idle state for each peer. In this state, TRIP refuses all incoming connections. No resources are allocated to the peer. In response to the Start event (initiated by either the system or the operator), the local system initializes all TRIP resources, starts the ConnectRetry timer, initiates a transport connection to the peer, starts listening for a connection that may be initiated by the remote TRIP peer, and changes its state to Connect. The exact value of the ConnectRetry timer is a local matter, but should be sufficiently large to allow TCP initialization. If an LS detects an error, it closes the transport connection and changes its state to Idle. Transitioning from the Idle state requires generation of the Start event. If such an event is generated automatically, then persistent TRIP errors may result in persistent flapping of the LS. To avoid such a condition, Start events MUST NOT be generated immediately for a peer that was previously transitioned to Idle due to an error. For a peer that was previously transitioned to Idle due to an error, the time between consecutive Start events, if such events are generated automatically, MUST exponentially increase. The value of the initial timer SHOULD be 60 seconds, and the time SHOULD be at least doubled for each consecutive retry up to some maximum value. Rosenberg, Salama, Squire 49 Internet Draft Telephony Routing over IP July 2000 Any other event received in the Idle state is ignored. Connect state: In this state, an LS is waiting for a transport protocol connection to be completed to the peer, and is listening for inbound transport connections from the peer. If the transport protocol connection succeeds, the local LS clears the ConnectRetry timer, completes initialization, sends an OPEN message to its peer, sets its Hold Timer to a large value, and changes its state to OpenSent. A Hold Timer value of 4 minutes is suggested. If the transport protocol connect fails (e.g., retransmission timeout), the local system restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote LS, and changes its state to Active state. In response to the ConnectRetry timer expired event, the local LS cancels any outstanding transport connection to the peer, restarts the ConnectRetry timer, initiates a transport connection to the remote LS, continues to listen for a connection that may be initiated by the remote LS, and stays in the Connect state. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. If an inbound transport protocol connection succeeds, the local LS clears the ConnectRetry timer, completes initialization, sends an OPEN message to its peer, sets its Hold Timer to a large value, and changes its state to OpenSent. A Hold Timer value of 4 minutes is suggested. The Start event is ignored in the Connect state. In response to any other event (initiated by either the system or the operator), the local system releases all TRIP resources associated with this connection and changes its state to Idle. Active state: In this state, an LS is listening for an inbound connection from the peer, but is not in the process of initiating a connection to the peer. If an inbound transport protocol connection succeeds, the local LS clears the ConnectRetry timer, completes initialization, sends an OPEN message to its peer, sets its Hold Timer to a large value, and Rosenberg, Salama, Squire 50 Internet Draft Telephony Routing over IP July 2000 changes its state to OpenSent. A Hold Timer value of 4 minutes is suggested. In response to the ConnectRetry timer expired event, the local system restarts the ConnectRetry timer, initiates a transport connection to the TRIP peer, continues to listen for a connection that may be initiated by the remote TRIP peer, and changes its state to Connect. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. Start event is ignored in the Active state. In response to any other event (initiated by either the system or the operator), the local system releases all TRIP resources associated with this connection and changes its state to Idle. OpenSent state: In this state, an LS has sent an OPEN message to its peer and is waiting for an OPEN message from its peer. When an OPEN message is received, all fields are checked for correctness. If the TRIP message header checking or OPEN message checking detects an error (see Section 6.2) or a connection collision (see Section 6.8), the local system sends a NOTIFICATION message and changes its state to Idle. If there are no errors in the OPEN message, TRIP sends a KEEPALIVE message and sets a KeepAlive timer. The Hold Timer, which was originally set to a large value (see above), is replaced with the negotiated Hold Time value (see Section 4.2). If the negotiated Hold Time value is zero, then the Hold Time timer and KeepAlive timers are not started. If the value of the ITAD field is the same as the local ITAD number, then the connection is an æinternalÆ connection; otherwise, it is æexternalÆ (this will effect UPDATE processing). Finally, the state is changed to OpenConfirm. If the local LS detects that a remote peer is trying to establish a connection to it and the IP address of the peer is not an expected one, then the local LS rejects the attempted connection and continues to listen for a connection from its expected peers without changing state. If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. Rosenberg, Salama, Squire 51 Internet Draft Telephony Routing over IP July 2000 If the Hold Timer expires, the local LS sends NOTIFICATION message with Error Code æHold Timer ExpiredÆ and changes its state to Idle. In response to the Stop event (initiated by either system or operator) the local LS sends NOTIFICATION message with Error Code æCeaseÆ and changes its state to Idle. The Start event is ignored in the OpenSent state. In response to any other event the local LS sends NOTIFICATION message with Error Code æFinite State Machine ErrorÆ and changes its state to Idle. Whenever TRIP changes its state from OpenSent to Idle, it closes the transport connection and releases all resources associated with that connection. OpenConfirm state: In this state, an LS has sent an OPEN to its peer, received an OPEN from its peer, and sent a KEEPALIVE in response to the OPEN. The LS is now waiting for a KEEPALIVE or NOTIFICATION message in response to its OPEN. If the local LS receives a KEEPALIVE message, it changes its state to Established. If the Hold Timer expires before a KEEPALIVE message is received, the local LS sends NOTIFICATION message with Error Code æHold Timer ExpiredÆ and changes its state to Idle. If the local LS receives a NOTIFICATION message, it changes its state to Idle. If the KeepAlive timer expires, the local LS sends a KEEPALIVE message and restarts its KeepAlive timer. If a disconnect notification is received from the underlying transport protocol, the local LS closes the transport connection, restarts the ConnectRetry timer, continues to listen for a connection that may be initiated by the remote TRIP peer, and goes into the Active state. In response to the Stop event (initiated by either the system or the operator) the local LS sends NOTIFICATION message with Error Code æCeaseÆ and changes its state to Idle. Start event is ignored in the OpenConfirm state. Rosenberg, Salama, Squire 52 Internet Draft Telephony Routing over IP July 2000 In response to any other event the local LS sends NOTIFICATION message with Error Code æFinite State Machine ErrorÆ and changes its state to Idle. Whenever TRIP changes its state from OpenConfirm to Idle, it closes the transport connection and releases all resources associated with that connection. Established state: In the Established state, an LS can exchange UPDATE, NOTIFICATION, and KEEPALIVE messages with its peer. If the negotiated Hold Timer is zero, then no procedures are necessary for keeping a peering session alive. If the negotiated Hold Time value is non-zero, the procedures of this paragraph apply. If the Hold Timer expires, the local LS sends a NOTIFICATION message with Error Code æHold Timer ExpiredÆ and changes its state to Idle. If the KeepAlive Timer expires, then the local LS sends a KeepAlive message and restarts the KeepAlive Timer. If the local LS receives an UPDATE or KEEPALIVE message, then it restarts its Hold Timer. Each time the LS sends an UPDATE or KEEPALIVE message, it restarts its KeepAlive Timer. If the local LS receives a NOTIFICATION message, it changes its state to Idle. If the local LS receives an UPDATE message and the UPDATE message error handling procedure (see Section6.3) detects an error, the local LS sends a NOTIFICATION message and changes its state to Idle. If a disconnect notification is received from the underlying transport protocol, the local LS changes its state to Idle. In response to the Stop event (initiated by either the system or the operator), the local LS sends a NOTIFICATION message with Error Code æCeaseÆ and changes its state to Idle. The Start event is ignored in the Established state. In response to any other event, the local LS sends NOTIFICATION message with Error Code æFinite State Machine ErrorÆ and changes its state to Idle. Whenever TRIP changes its state from Established to Idle, it closes the transport) connection, releases all resources associated with that connection. Additionally, if the peer is an external peer, the LS deletes all routes derived from that connection. Rosenberg, Salama, Squire 53 Internet Draft Telephony Routing over IP July 2000 10. UPDATE Message Handling An UPDATE message may be received only in the Established state. When an UPDATE message is received, each field is checked for validity as specified in Section 6.3. The rest of this section presumes that the UPDATE message has passed the error-checking procedures of Section 6.3. If the UPDATE message was received from an internal peer, the flooding procedures of Section 10.1 MUST be applied. The flooding process synchronizes the databases of all LSs within the domain. Certain routes within the UPDATE may be marked as old or duplicates by the flooding process and are ignored during the rest of the UPDATE processing. If the UPDATE message contains withdrawn routes, then the corresponding previously advertised routes shall be removed from the Adj-TRIB-In. This LS MUST run its Decision Process since the previously advertised route is no longer available for use. If the UPDATE message contains a route, then the route MUST be placed in the appropriate Adj-TRIB-In, and the following additional actions MUST be taken: 1. If its destinations are identical to those of a route currently stored in the Adj-TRIB-In, then the new route MUST replace the older route in the Adj-TRIB-In, thus implicitly withdrawing the older route from service. The LS MUST run its Decision Process since the older route is no longer available for use. 2. If the new route is more specific than an earlier route contained in the Adj-TRIB-In and has identical attributes, then no further actions are necessary. 3. If the new route is more specific than an earlier route contained in the Adj-TRIB-In but does not have identical attributes, then the LS MUST run its Decision Process since the more specific route has implicitly made a portion of the less specific route unavailable for use. 4. If the new route has destinations that are not present in any of the routes currently stored in the Adj-TRIB-In, then the LS MUST run its Decision Process. 5. If the new route is less specific than an earlier route contained in the Adj-TRIB-In, the LS MUST run its Decision Process on the set of destinations that are described only by the less specific route. Rosenberg, Salama, Squire 54 Internet Draft Telephony Routing over IP July 2000 10.1 Flooding Process When an LS receives an UPDATE message from an internal peer, the LS floods the new information from that message to all of its other internal peers. Flooding is used to efficiently synchronize all of the LSs within a domain without putting any constraints on the domainÆs internal topology. The flooding mechanism is based on the techniques used in OSPF [3] and SCSP [5]. 10.1.1 Database Information The LS MUST maintain the sequence number and originating TRIP identifier for each link-state encapsulated attribute in an internal Adj-TRIB-In. These values are included with the route in the ReachableRoutes, WithdrawnRoutes, and ITAD Topology attributes. The originating TRIP identifier gives the internal LS that originated this route into the ITAD, the sequence number gives the version of this route at the originating LS. 10.1.2 Determining Newness For each route in the ReachableRoutes or WithdrawnRoutes field, the LS decides if the route is new or old. This is determined by comparing the Sequence Number of the route in the UPDATE with the Sequence Number of the route saved in the Adj-TRIB-In. The route is new if either the route does not exist in the Adj-TRIB-In for the originating LS, or if the route does exist in the Adj-TRIB-In but the Sequence Number in the UPDATE is greater than the Sequence Number saved in the Adj-TRIBs-In. Note that the newness test is independently applied to each link-state encapsulated attribute in the UPDATE (WithdrawnRoutes or ReachableRoutes). 10.1.3 Flooding Each route in the ReachableRoutes or WithdrawnRoutes field that is determined to be old is ignored in further processing. If the route is determined to be new then the following actions occur. If the route is being withdrawn, then the LS MUST flood the withdrawn route to all other internal peers, and MUST mark the route as withdrawn. An LS MUST maintain routes marked as withdrawn in its databases for MaxPurgeTime seconds. If the route is being updated, then the LS MUST update the route in the Adj-TRIB-In and MUST flood it to all other internal peers. If these procedures result in changes to the Adj-TRIB-In, then the route is also made available for local route processing as described early in Section 10. Rosenberg, Salama, Squire 55 Internet Draft Telephony Routing over IP July 2000 To implement flooding, the following is recommended. All routes received in a single UPDATE message that are determined to be new may be forwarded to all other internal peers in a single UPDATE message. Other variations on flooding are possible, but the local LS MUST ensure that each new route (and any associated attributes) received from an internal peer get forwarded to every other internal peer. 10.1.4 Sequence Number Considerations The Sequence Number is used to determine when one version of a route is newer than another version of a route. A larger Sequence Number indicates a newer version. The Sequence Number is assigned by the LS originating the route into the local ITAD. The Sequence Number is an unsigned 4-octet integer in the range of 1 thru 2^31-1 (MinSequenceNum thru MaxSequenceNum). The value 0 is reserved. When an LS first originates a route into its ITAD, it MUST originate it with a Sequence Number of MinSequenceNum. Each time the route is updated within the ITAD by the originator, the Sequence Number MUST be increased. If it is ever the case that the sequence number is MaxSequenceNum-1 and it needs to be increased, then the TRIP module of the LS MUST be disabled for a period of TripDisableTime so that all routes originated by this LS with high sequence numbers can be removed. 10.1.5 Purging a Route Within the ITAD To withdraw a route that it originated within the ITAD, an LS includes the route in the WithdrawnRoutes field of an UPDATE message. The Sequence Number MUST be greater than the last valid version of the route. The LS MAY choose to use a sequence number of MaxSequenceNum when withdrawing routes within its ITAD, but this is not required. After withdrawing a route, an LS MUST mark the route as æwithdrawnÆ in its database, and maintain the withdrawn route in its database for MaxPurgeTime seconds. If the LS needs to re-originate a route that had been purged but is still in its database, it can either re- originate the route immediately using a Sequence Number that is greater than that used in the withdraw, or the LS may wait until MaxPurgeTime seconds have expired since the route was withdrawn. 10.1.6 Receiving Self-Originated Routes It is common for an LS to receive UPDATES for routes that it originated within the ITAD via the flooding procedure. If the LS receives an UPDATE for a route that it originated that is newer (has a higher sequence number) than the LSs current version, then special actions must be taken. This should be a relatively rare occurrence Rosenberg, Salama, Squire 56 Internet Draft Telephony Routing over IP July 2000 and indicates that a route still exists within the ITAD since the LSs last restart/reboot. If an LS receives a self-originated route update that is newer than the current version of the route at the LS, then the following actions MUST be taken. If the LS still wishes to advertise the information in the route, then the LS MUST the increase the Sequence Number of the route to a value greater than that received in the UPDATE and re-originate the route. If the LS does not wish to continue to advertise the route, then it MUST purge the route as described in Section 10.1.5. 10.1.7 Removing Withdrawn Routes An LS SHOULD ensure that routes marked as withdrawn are removed from the database in a timely fashion after the MaxPurgeTime has expired. This could be done, for example, by periodically sweeping the database, and deleting those entries that were withdrawn more than MaxPurgeTime seconds ago. 10.2 Decision Process The Decision Process selects routes for subsequent advertisement by applying the policies in the local Policy Information Base (PIB) to the routes stored in its Adj-TRIBs-In. The output of the Decision Process is the set of routes that will be advertised to all peers; the selected routes will be stored in the local LS's Adj-TRIBs-Out. The selection process is formalized by defining a function that takes the attributes of a given route as an argument and returns a non-negative integer denoting the degree of preference for the route. The function that calculates the degree of preference for a given route shall not use as its inputs any of the following: the existence of other routes, the non-existence of other routes, or the attributes of other routes. Route selection then consists of individual application of the degree of preference function to each feasible route, followed by the choice of the one with the highest degree of preference. The Decision Process operates on routes contained in each Adj-TRIBs- In, and is responsible for: - selection of routes to be advertised to internal peers - selection of routes to be advertised to external peers - route aggregation and route information reduction The Decision Process takes place in three distinct phases, each triggered by a different event: Rosenberg, Salama, Squire 57 Internet Draft Telephony Routing over IP July 2000 a) Phase 1 is responsible for calculating the degree of preference for each route received from an external peer, and for advertising to all the internal peers the routes from external peers that have the highest degree of preference for each distinct destination. b) Phase 2 is invoked on completion of phase 1. It is responsible for choosing the best route out of all those available for each distinct destination, and for installing each chosen route into the Loc-TRIB. c) Phase 3 is invoked after the Loc-TRIB has been modified. It is responsible for disseminating routes in the Loc-TRIB to each external peer, according to the policies contained in the PIB. Route aggregation and information reduction can optionally be performed within this phase. 10.2.1 Phase 1: Calculation of Degree of Preference The Phase 1 decision function shall be invoked whenever the local LS receives from a peer an UPDATE message that advertises a new route, a replacement route, or a withdrawn route. The Phase 1 decision function is a separate process that completes when it has no further work to do. The Phase 1 decision function shall lock an Adj-TRIB-In prior to operating on any route contained within it, and shall unlock it after operating on all new or replacement routes contained within it. The local LS MUST determine a degree of preference for each newly received or replacement route. If the route is learned from an internal peer, the value of the LocalPreference attribute MUST be taken as the degree of preference. If the route is learned from an external peer, then the degree of preference MUST be computed based on pre-configured policy information and used as the LocalPreference value in any intra-domain TRIP advertisement. The exact nature of this policy information and the computation involved is a local matter. The local LS MUST then run the internal update process of 10.3.1 to select and advertise the most preferable routes. The output of the degree of preference determination process is the local preference of a route. The local LS computes the local preference of routes learned from external peers or originated internally at that LS. The local preference of a route learned from an internal peer is included in the LocalPreference attribute associated with that route. 10.2.2 Phase 2: Route Selection Rosenberg, Salama, Squire 58 Internet Draft Telephony Routing over IP July 2000 The Phase 2 decision function shall be invoked on completion of Phase 1. The Phase 2 function is a separate process that completes when it has no further work to do. Phase 2 consists of two sub- phases: 2a and 2b. The same route selection function is applied in both sub-phases, but the inputs to each phase are different. The Phase 2a process MUST consider as inputs all external routes, that are present in the Adj-TRIBs-In of external peers, and all local routes. The output of Phase 2a is inserted into the Ext-TRIB. The Phase 2b process shall be invoked upon completion of Phase 2a and it MUST consider as inputs all routes in the Ext-TRIB and all internal, that are present in the Adj-TRIBs-In of internal LSs. The output of Phase 2b is stored in the Loc-TRIB. The Phase 2 decision function MUST be blocked from running while the Phase 3 decision function is in process. The Phase 2 function MUST lock all Adj-TRIBs-In and the Ext-TRIB prior to commencing its function, and MUST unlock them on completion. If the LS determines that the NextHopServer listed in a route is unreachable, then the route MAY be excluded from the Phase 2 decision function. The means by which such a determination is made is not mandated here. For each set of destinations for which one, or more than one, route exists, the local LSÆs route selection function MUST identify the route that has: a) the highest degree of preference, or b) is selected as a result of the tie breaking rules specified in 10.2.2.1. Withdrawn routes MUST be removed from the Loc-TRIB, Ext-TRIB, and the Adj-TRIBs-In. 10.2.2.1 Breaking Ties (Phase 2) Several routes to the same destination that have the same degree of preference may be input to the Phase 2 route selection function. The local LS can select only one of these routes for inclusion in the associated Ext-TRIB (Phase 2a) or Loc-TRIB (Phase 2b). The local LS considers all routes with the same degrees of preference. The following algorithm shall be used to break ties. a) If the local LS is configured to use the MultiExitDisc attribute to break ties, and candidate routes received from the same neighboring ITAD differ in the value of the MultiExitDisc attribute, then select the route that has the larger value of MultiExitDisc. Rosenberg, Salama, Squire 59 Internet Draft Telephony Routing over IP July 2000 b) If at least one of the routes was originated by an internal LS, select the route route that was advertised by the internal LS that has the lowest TRIP ID. c) Otherwise, select the route that was advertised by the neighbor domain that has the lowest ITAD number. 10.2.3 Phase 3: Route Dissemination The Phase 3 decision function MUST be invoked on completion of Phase 2, or when any of the following events occur: a) when locally generated routes learned by means outside of TRIP have changed, or b) when a new LS-to-LS peer connection has been established. The Phase 3 function is a separate process that completes when it has no further work to do. The Phase 3 routing decision function MUST be blocked from running while the Phase 2 decision function is in process. All routes in the Loc-TRIB shall be processed into a corresponding entry in the associated Adj-TRIBs-Out. Route aggregation and information reduction techniques (see 10.3.4) MAY optionally be applied. When the updating of the Adj-TRIBs-Out is complete, the local LS MUST run the external update process of 10.3.2. 10.2.4 Overlapping Routes When overlapping routes are present in the same Adj-TRIB-In, the more specific route shall take precedence, in order from more specific to least specific. The set of destinations described by the overlap represents a portion of the less specific route that is feasible, but is not currently in use. If a more specific route is later withdrawn, the set of destinations described by the overlap will still be reachable using the less specific route. If an LS receives overlapping routes, the Decision Process MUST take into account the semantics of the overlapping routes. In particular, if an LS accepts the less specific route while rejecting the more specific route from the same peer, then the destinations represented by the overlap may not forward along the domains listed in the AdvertisementPath attribute of that route. Therefore, an LS has the following choices: a) Install both the less and the more specific routes b) Install the more specific route only Rosenberg, Salama, Squire 60 Internet Draft Telephony Routing over IP July 2000 c) Install the non-overlapping part of the less specific route only (that implies de-aggregation) d) Aggregate the two routes and install the aggregated route e) Install the less specific route only f) Install neither route If an LS chooses e), then it SHOULD add AtomicAggregate attribute to the route. A route that carries AtomicAggregate attribute MUST NOT be de-aggregated. That is, the route cannot be made more specific. Forwarding along such a route does not guarantee that route traverses only domains listed in the AdvertisementPath of the route. If an LS chooses a), then it MUST NOT advertise the more general route without the more specific route. 10.3 Update-Send Process The Update-Send process is responsible for advertising UPDATE messages to all peers. For example, it distributes the routes chosen by the Decision Process to other LSs that may be located in either the same ITAD or a neighboring ITAD. Rules for information exchange between peer LSs located in different ITADs are given in 10.3.2; rules for information exchange between peer LSs located in the same ITAD are given in 10.3.1. Before forwarding routes to peers, an LS MUST determine which attributes should be forwarded along with that route. If an optional non-transitive attribute is unrecognized, it is quietly ignored. If an optional dependent-transitive attribute is unrecognized, and the NextHopServer attribute has been changed by the LS, the unrecognized attribute is quietly ignored. If an optional dependent-transitive attribute is unrecognized, and the NextHopServer attribute has not been modified by the LS, the Partial bit in the attribute flags octet is set to 1, and the attribute is retained for propagation to other TRIP speakers. Similarly, if an optional independent-transitive attribute is unrecognized, the Partial bit in the attribute flags octet is set to 1, and the attribute is retained for propagation to other TRIP speakers. If an optional attribute is recognized, and has a valid value, then, depending on the type of the optional attribute, it is updated, if necessary, for possible propagation to other TRIP speakers. 10.3.1 Internal Updates The Internal update process is concerned with the distribution of routing information to internal peers. When an LS receives an UPDATE message from another BGP speaker located in its own ITAD, it is flooded as described in Section 10.1. Rosenberg, Salama, Squire 61 Internet Draft Telephony Routing over IP July 2000 When an LS receives a new route from an LS in a neighboring ITAD, or if a local route is inserted injected into TRIP, the LS determines the preference of that route. If the new route has the highest degree of preference for all external routes and local routes to a given destination (or if the route was selected via a tie-breaking procedure as specified in 10.3.1.1), the LS MUST insert that new route into the Ext-TRIB database the LS MUST advertise that route to all other LSs in its ITAD by means of an UPDATE message û The LS will advertise itself as the Originator of that route within the ITAD. When an LS receives an UPDATE message with a non-empty WithdrawnRoutes attribute from an external peer, or if a local route is withdrawn from TRIP, the LS MUST remove from its Adj-TRIB-In all routes whose destinations were carried in this field. If the withdrawn route was previously selected into the Ext-TRIB, the LS MUST take the following additional steps: i) If a new route is selected for advertisement for those destinations, then the LS MUST insert the replacement route into Ext-TRIB to replace the withdrawn route and advertise it to all internal LSs. ii) If a replacement route is not available for advertisement, then the LS MUST include the destinations of the route in the WithdrawnRoutes attribute of an UPDATE message, and MUST send this message to each internal peer. The LS MUST also remove the withdrawn route from the Ext-TRIB. All routes that are advertised MUST be placed in the appropriate Adj-TRIBs-Out, and all routes that are withdrawn MUST be removed from the Adj-TRIBs-Out. 10.3.1.1 Breaking Ties (Internal Updates) If an LS has connections to several external peers, there will be multiple Adj-TRIBs-In associated with these peers. These databases might contain several equally preferable routes to the same destination, all of which were advertised by external peers. The local LS shall select one of these routes according to the following rules: a) If the LS is configured to use the MultiExitDisc attribute to break ties, and the candidate routes differ in the value of the MultiExitDisc attribute, then select the route that has the lowest value of MultiExitDisc, else b) Select the route that was advertised by the external LS that has the lowest TRIP Identifier. Rosenberg, Salama, Squire 62 Internet Draft Telephony Routing over IP July 2000 10.3.2 External Updates The external update process is concerned with the distribution of routing information to external peers. As part of Phase 3 route selection process, the LS has updated its Adj-TRIBs-Out. All newly installed routes and all newly unfeasible routes for which there is no replacement route MUST be advertised to external peers by means of UPDATE messages. Any routes in the Loc-TRIB marked as withdrawn MUST be removed. Changes to the reachable destinations within its own ITAD shall also be advertised in an UPDATE message. 10.3.3 Controlling Routing Traffic Overhead The TRIP protocol constrains the amount of routing traffic (that is, UPDATE messages) in order to limit both the link bandwidth needed to advertise UPDATE messages and the processing power needed by the Decision Process to digest the information contained in the UPDATE messages. 10.3.3.1 Frequency of Route Advertisement The parameter MinRouteAdvInterval determines the minimum amount of time that must elapse between advertisements of routes to a particular destination from a single LS. This rate limiting procedure applies on a per-destination basis, although the value of MinRouteAdvInterval is set on a per LS peer basis. Two UPDATE messages sent from a single LS that advertise feasible routes to some common set of destinations received from external peers must be separated by at least MinRouteAdvInterval. Clearly, this can only be achieved precisely by keeping a separate timer for each common set of destinations. This would be unwarranted overhead. Any technique which ensures that the interval between two UPDATE messages sent from a single LS that advertise feasible routes to some common set of destinations received from external peers will be at least MinRouteAdvInterval, and will also ensure a constant upper bound on the interval is acceptable. Since fast convergence is needed within an autonomous system, this procedure does not apply for routes received from other internal peers. To avoid long-lived black holes, the procedure does not apply to the explicit withdrawal of routes (that is, routes whose destinations explicitly withdrawn by UPDATE messages. This procedure does not limit the rate of route selection, but only the rate of route advertisement. If new routes are selected multiple times while awaiting the expiration of MinRouteAdvInterval, the last route selected shall be advertised at the end of MinRouteAdvInterval. Rosenberg, Salama, Squire 63 Internet Draft Telephony Routing over IP July 2000 10.3.3.2 Frequency of Route Origination The parameter MinITADOriginationInterval determines the minimum amount of time that must elapse between successive advertisements of UPDATE messages that report changes within the advertising LS's own ITAD. 10.3.3.3 Jitter To minimize the likelihood that the distribution of TRIP messages by a given LS will contain peaks, jitter should be applied to the timers associated with MinITADOriginationInterval, KeepAlive, and MinRouteAdvInterval. A given LS shall apply the same jitter to each of these quantities regardless of the destinations to which the updates are being sent; that is, jitter will not be applied on a æper peerÆ basis. The amount of jitter to be introduced shall be determined by multiplying the base value of the appropriate timer by a random factor that is uniformly distributed in the range from 0.75 to 1.0. 10.3.4 Efficient Organization of Routing Information Having selected the routing information that it will advertise, a TRIP speaker may use methods to organize this information in an efficient manner. These methods are discussed in the following sections. 10.3.4.1 Information Reduction Information reduction may imply a reduction in granularity of policy control - after information is collapsed, the same policies will apply to all destinations and paths in the equivalence class. The Decision Process may optionally reduce the amount of information that it will place in the Adj-TRIBs-Out by any of the following methods: a) ReachableRoutes: A set of destinations can be usually represented in compact form. For example, a set of E.164 phone numbers can be represented in more compact form using E.164 prefixes. b) AdvertisementPath: AdvertisementPath information can be represented as ordered AP_SEQUENCEs or unordered AP_SETs. AP_SETs are used in the route aggregation algorithm described in Section 5.4.4. They reduce the size of the AP_PATH information by listing each ITAD number only Rosenberg, Salama, Squire 64 Internet Draft Telephony Routing over IP July 2000 once, regardless of how many times it may have appeared in multiple advertisement paths that were aggregated. An AP_SET implies that the destinations advertised in the UPDATE message can be reached through paths that traverse at least some of the constituent ITADs. AP_SETs provide sufficient information to avoid route looping; however their use may prune potentially feasible paths, since such paths are no longer listed individually as in the form of AP_SEQUENCEs. In practice this is not likely to be a problem, since once an call arrives at the edge of a group of ITADs, the LS at that point is likely to have more detailed path information and can distinguish individual paths to destinations. 10.3.4.2 Aggregating Routing Information Aggregation is the process of combining the characteristics of several different routes in such a way that a single route can be advertised. Aggregation can occur as part of the decision process to reduce the amount of routing information that is placed in the Adj-TRIBs-Out. Aggregation reduces the amount of information an LS must store and exchange with other LSs. Routes can be aggregated by applying the following procedure separately to attributes of like type. Routes that have the following attributes shall not be aggregated unless the corresponding attributes of each route are identical: MultiExitDisc, NextHopServer. Attributes that have different type codes cannot be aggregated. Attributes of the same type code may be aggregated. The rules for aggregating each attribute MUST be provided together with attribute definition. For example, aggregation rules for TRIP's basic attributes, e.g., ReachableRoutes and AdvertisementPath, are given in 5. 10.4 Route Selection Criteria Generally speaking, additional rules for comparing routes among several alternatives are outside the scope of this document. There are two exceptions: - If the local ITAD appears in the AdvertisementPath of the new route being considered, then that new route cannot be viewed as better than any other route. If such a route were ever used, a routing loop could result (see Section 6.3). - In order to achieve successful distributed operation, only routes with a likelihood of stability can be chosen. Thus, an ITAD must avoid using unstable routes, and it must not make rapid Rosenberg, Salama, Squire 65 Internet Draft Telephony Routing over IP July 2000 spontaneous changes to its choice of route. Quantifying the terms æunstableÆ and ærapidÆ in the previous sentence will require experience, but the principle is clear. 10.5 Originating TRIP routes An LS may originate local routes by injecting routing information acquired by some other means (e.g. via an intra-domain routing protocol or through manual configuration or some dynamic registration mechanism/protocol) into TRIP. An LS that originates TRIP routes shall assign the degree of preference to these routes by passing them through the Decision Process (see Section 10.2). To TRIP local routes are identical to external routes and are subjected to the same two phase route selection mechanism. A local route which is selected into the Ext-TRIB MUST be advertised to all internal LSs. The decision whether to distribute non-TRIP acquired routes within an ITAD via TRIP or not depends on the environment within the ITAD (e.g. type of intra-domain routing protocol) and should be controlled via configuration. 11. TRIP Transport This specification defines the use of TCP as the transport layer for TRIP. TRIP uses TCP port 6069. Running TRIP over other transport protocols is for further study. 12. IANA Considerations 12.1 TRIP Capabilities Requests to add TRIP capabilities other than those defined in Section 4.2.1.1 must be submitted to iana@iana.org. The request should include: - A description, or a reference to a description, of the capability, the possible values it may take, and what constitutes a capability mismatch. - Contact information (postal and email address). 12.2 Registration of TRIP Attributes When registering a new TRIP attribute with IANA, the following information must be provided: - A reference to the description of the proposed attribute, for example (in order of preference) an RFC, a published paper, a patent filing, a technical report, documented source code or a Rosenberg, Salama, Squire 66 Internet Draft Telephony Routing over IP July 2000 computer manual. The reference must provide all information required in Section 5.12 of this document. - Indication of who has change control over the attribute. - Contact information (postal and email address). Registration requests must be sent to iana@iana.org. IANA then assigns Attribute Type Code to the new attribute. 12.3 Destination Address Families Requests to add TRIP address families other than those defined in Section 5.1.1.1 must be submitted to iana@iana.org. The request should include a brief description of the address family, its alphabet, and special processing rules and guidelines, such as guidelines for aggregation, if any. 12.4 Registration of TRIP Application Protocols Requests to add TRIP application protocols other than those defined in Section 5.1.1.1 must be submitted to iana@iana.org. The request should include a brief background on the application protocol, and a description of how TRIP can be used to advertise routes for that protocol. 12.5 ITAD Numbers Requests for ITAD numbers must be submitted to iana@iana.org. The requests should include the following: - Information about the organization that administers the ITAD. - Contact information (postal and email address). 13. Security Considerations 13.1 Protection of TRIP Peer Sessions This section covers security between peer TRIP LSs when TRIP runs over TCP in an IP environment. A security mechanism is clearly needed to prevent unauthorized entities from using the protocol defined in this document for setting up unauthorized peer sessions with other TRIP LSs or interfering with authorized peer sessions. The security mechanism for the protocol when transported over TCP in an IP networks is IPsec [9]. IPsec uses two protocols to provide traffic security: Authentication Header (AH) [10] and Encapsulating Security Payload (ESP) [11]. Rosenberg, Salama, Squire 67 Internet Draft Telephony Routing over IP July 2000 The AH header affords data origin authentication, connectionless integrity and optional anti-replay protection of messages passed between the peer LSs. The ESP header provides origin authentication, connectionless integrity, anti-replay protection, and, in addition, confidentiality of messages. Implementations of the protocol defined in this document employing the ESP header SHALL comply with section 5 of [11], which defines a minimum set of algorithms for integrity checking and encryption. Similarly, implementations employing the AH header SHALL comply with section 5 of [10], which defines a minimum set of algorithms for integrity checking using manual keys. Implementations SHOULD use IKE [12] to permit more robust keying options. Implementations employing IKE SHOULD support authentication with RSA signatures and RSA public key encryption. A Security Association (SA) [9] is a simplex "connection" that affords security services to the traffic carried by it. Security services are afforded to an SA by the use of AH, or ESP, but not both. Two types of SAs are defined: transport mode and tunnel mode [9]. A transport mode SA is a security association between two hosts, and is appropriate for protecting the TRIP session between two peer LSs. 13.2 Protection of TRIP Routes In many situations, an LS receives a route, which has been originated by remote LS that is not a direct peer of the receiving LS. In addition, attributes may have been inserted or altered along the advertisement path. The receiving LSs may wish to authenticate the route by verifying the originator of an attribute and that the contents of that attribute have not been altered by other intermediate LSs. The Authentication attribute carries a list of signatures so that a receiving LS may validate particular attributes. The Authentication attribute has been discussed in Section 5.11. 14. Changes Since the Last Revision - Section 4.2: Reserved some ITAD numbers. - Sections 4.3.4.3 and 5.3.1: Changed the definition of the Next Hop Signaling Server address to use DNS names only. The new definition also permits specifying the port number. Section 4.2.1.1, the Route Types Supported Capability was also affected. - Section 4.3.1: Reserved attribute type codes 224 to 255 for vendor specific attributes. Rosenberg, Salama, Squire 68 Internet Draft Telephony Routing over IP July 2000 - Section 5: Added TRIP Attribute Code Types to all attributes. - Section 5.1.1.1: Defined new Application Protocols for RAS and Annex G. - Sections 5.1.1.1 and 5.1.1.2 and 5.1.1.3 replaced the E.164 address family with the POTS Numbers address family and the Routing Numbers address family. - Sections 5.8: Fixed the definition of MultiExitDisc to be consistent with Section 10.2.2.1. - Section 10.2.2.1: Changed the tie breaking rules to favor internal routes over external routes. - Added Section 12: IANA Considerations. - Added Section 13: Security Considerations. 15. Open Issues - UPDATE rate limiting. The suggestion from the Adelaide IETF is to follow the rules used in ISIS. - How to map from one application protocol to another. - Section 4.2: multiple TRIP ID per LS. - Section 4.2.1.1.2: is a æcapability mismatchÆ error code needed? - Section 4.4: need to examine timer values in TRIP context. Are the BGP defaults satisfactory? - Section 5.3.1: RFC 1123 addresses host domain names and IPv4 formats. Is it sufficient to cover Ipv6 addresses also? Has it been updated for IPv6? - Section 5.9: We could define a new capability in the OPEN message which an LS uses to indicate which an LS uses to indicate which communities it is a member of. The LS's peer may use this capability information to decide which route to forward to that LS and which ones not to forward to it. - Section 5.10: on the usage of ITAD Topology attribute. Two methods for this function are possible. One method advertises the topology, requires LSs to update their topology only when their internal peer set changes, and requires LSs to calculate to which LSs are active within their domain via a connectivity algorithm on the topology. The second option would require an LS to periodically issue a ækeep-aliveÆ type advertisement that gets flooded within the domain. LSs would determine which LSs are active by the set of received keep-alives. We are suggesting the former method as it allows faster detection of failure. - Section 5.11.1: List authentication mechanisms to be used with the Authentication attribute. Appendix 1. TRIP FSM State Transitions and Actions Rosenberg, Salama, Squire 69 Internet Draft Telephony Routing over IP July 2000 This Appendix discusses the transitions between states in the TRIP FSM in response to TRIP events. The following is the list of these states and events when the negotiated Hold Time value is non-zero. TRIP States: 1 - Idle 2 - Connect 3 - Active 4 - OpenSent 5 - OpenConfirm 6 - Established TRIP Events: 1 - TRIP Start 2 - TRIP Stop 3 - TRIP Transport connection open 4 - TRIP Transport connection closed 5 - TRIP Transport connection open failed 6 - TRIP Transport fatal error 7 - ConnectRetry timer expired 8 - Hold Timer expired 9 - KeepAlive timer expired 10 - Receive OPEN message 11 - Receive KEEPALIVE message 12 - Receive UPDATE messages 13 - Receive NOTIFICATION message The following table describes the state transitions of the TRIP FSM and the actions triggered by these transitions. Event Actions Message Sent Next State -------------------------------------------------------------------- Idle (1) 1 Initialize resources none 2 Start ConnectRetry timer Initiate a transport connection others none none 1 Connect(2) 1 none none 2 3 Complete initialization OPEN 4 Clear ConnectRetry timer 5 Restart ConnectRetry timer none 3 7 Restart ConnectRetry timer none 2 Initiate a transport connection others Release resources none 1 Active (3) 1 none none 3 3 Complete initialization OPEN 4 Rosenberg, Salama, Squire 70 Internet Draft Telephony Routing over IP July 2000 Clear ConnectRetry timer 5 Close connection 3 Restart ConnectRetry timer 7 Restart ConnectRetry timer none 2 Initiate a transport connection others Release resources none 1 OpenSent(4) 1 none none 4 4 Close transport connection none 3 Restart ConnectRetry timer 6 Release resources none 1 10 Process OPEN is OK KEEPALIVE 5 Process OPEN failed NOTIFICATION 1 others Close transport connection NOTIFICATION 1 Release resources OpenConfirm (5) 1 none none 5 4 Release resources none 1 6 Release resources none 1 9 Restart KeepAlive timer KEEPALIVE 5 11 Complete initialization none 6 Restart Hold Timer 13 Close transport connection 1 Release resources others Close transport connection NOTIFICATION 1 Release resources Established (6) 1 none none 6 4 Release resources none 1 6 Release resources none 1 9 Restart KeepAlive timer KEEPALIVE 6 11 Restart Hold Timer KEEPALIVE 6 12 Process UPDATE is OK UPDATE 6 Process UPDATE failed NOTIFICATION 1 13 Close transport connection 1 Release resources others Close transport connection NOTIFICATION 1 Release resources ----------------------------------------------------------------- The following is a condensed version of the above state transition table. Events| Idle | Connect | Active | OpenSent | OpenConfirm | Estab | (1) | (2) | (3) | (4) | (5) | (6) |------------------------------------------------------------- 1 | 2 | 2 | 3 | 4 | 5 | 6 | | | | | | 2 | 1 | 1 | 1 | 1 | 1 | 1 Rosenberg, Salama, Squire 71 Internet Draft Telephony Routing over IP July 2000 | | | | | | 3 | 1 | 4 | 4 | 1 | 1 | 1 | | | | | | 4 | 1 | 1 | 1 | 3 | 1 | 1 | | | | | | 5 | 1 | 3 | 3 | 1 | 1 | 1 | | | | | | 6 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | 7 | 1 | 2 | 2 | 1 | 1 | 1 | | | | | | 8 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | 9 | 1 | 1 | 1 | 1 | 5 | 6 | | | | | | 10 | 1 | 1 | 1 | 1 or 5 | 1 | 1 | | | | | | 11 | 1 | 1 | 1 | 1 | 6 | 6 | | | | | | 12 | 1 | 1 | 1 | 1 | 1 | 1 or 6 | | | | | | 13 | 1 | 1 | 1 | 1 | 1 | 1 | | | | | | -------------------------------------------------------------- Appendix 2. Implementation Recommendations This section presents some implementation recommendations. A.2.1. Multiple Networks Per Message The TRIP protocol allows for multiple address prefixes with the same advertisement path and next-hop server to be specified in one message. Making use of this capability is highly recommended. With one address prefix per message there is a substantial increase in overhead in the receiver. Not only does the system overhead increase due to the reception of multiple messages, but the overhead of scanning the routing table for updates to TRIP peers is incurred multiple times as well. One method of building messages containing many address prefixes per advertisement path and next hop from a routing table that is not organized per advertisement path is to build many messages as the routing table is scanned. As each address prefix is processed, a message for the associated advertisement path and next hop is allocated, if it does not exist, and the new address prefix is added to it. If such a message exists, the new address prefix is just appended to it. If the message lacks the space to hold the new address prefix, it is transmitted, a new message is allocated, and the new address prefix is inserted into the new Rosenberg, Salama, Squire 72 Internet Draft Telephony Routing over IP July 2000 message. When the entire routing table has been scanned, all allocated messages are sent and their resources released. Maximum compression is achieved when all the destinations covered by the address prefixes share a next hop server and common attributes, making it possible to send many address prefixes in one 4096-byte message. When peering with a TRIP implementation that does not compress multiple address prefixes into one message, it may be necessary to take steps to reduce the overhead from the flood of data received when a peer is acquired or a significant network topology change occurs. One method of doing this is to limit the rate of updates. This will eliminate the redundant scanning of the routing table to provide flash updates for TRIP peers. A disadvantage of this approach is that it increases the propagation latency of routing information. By choosing a minimum flash update interval that is not much greater than the time it takes to process the multiple messages this latency should be minimized. A better method would be to read all received messages before sending updates. A.2.2. Processing Messages on a Stream Protocol TRIP uses TCP as a transport mechanism. Due to the stream nature of TCP, all the data for received messages does not necessarily arrive at the same time. This can make it difficult to process the data as messages, especially on systems where it is not possible to determine how much data has been received but not yet processed. One method that can be used in this situation is to first try to read just the message header. For the KEEPALIVE message type, this is a complete message; for other message types, the header should first be verified, in particular the total length. If all checks are successful, the specified length, minus the size of the message header is the amount of data left to read. An implementation that would æhangÆ the routing information process while trying to read from a peer could set up a message buffer (4096 bytes) per peer and fill it with data as available until a complete message has been received. A.2.3. Reducing Route Flapping To avoid excessive route flapping a n LS which needs to withdraw a destination and send an update about a more specific or less specific route SHOULD combine them into the same UPDATE message. A.2.4. TRIP Timers Rosenberg, Salama, Squire 73 Internet Draft Telephony Routing over IP July 2000 TRIP employs five timers: ConnectRetry, Hold Time, KeepAlive, MinITADOriginationInterval, and MinRouteAdvertisementInterval The suggested value for the ConnectRetry timer is 120 seconds. The suggested value for the Hold Time is 90 seconds. The suggested value for the KeepAlive timer is 30 seconds. The suggested value for the MinITADOriginationInterval is 15 seconds. The suggested value for the MinRouteAdvertisementInterval is 30 seconds. An implementation of TRIP MUST allow these timers to be configurable. A.2.5. AP_SET Sorting Another useful optimization that can be done to simplify this situation is to sort the ITAD numbers found in an AP_SET. This optimization is entirely optional. Acknowledgments We wish to thank Dave Oran for his insightful comments and suggestions. References Internet Draft TRIP Transport August 1999 Rosenberg, Salama, Squire 74 Rosenberg, Salama, Squire 74 [1] J. Rosenberg and H. Schulzrinne, 'A Framework for a Gateway Location Protocol,' IETF RFC 2871, June 2000. Rosenberg, Salama, Squire 74 Internet Draft Telephony Routing over IP July 2000 [2] Y. Rekhter and T. Li, 'Border Gateway Protocol 4 (BGP-4),' IETF RFC 1771, March 1995. [3] J. Moy, 'Open Shortest Path First Version 2,' IETF RFC 2328, April, 1998. [4] 'Intermediate System to Intermediate System Intra-Domain Routing Exchange Protocol for use in Conjunction with the Protocol for Providing the Connectionless-mode Network Service (ISO 8473),' ISO DP 10589, February 1990. [5] J. Luciani, et al, 'Server Cache Synchronization Protocol (SCSP),' IETF RFC 2334, April, 1998. [6] International Telecommunication Union, 'Visual Telephone Systems and Equipment for Local Area Networks which Provide a Non-Guaranteed Quality of Service,' Recommendation H.323, Telecommunication Standardization Sector of ITU, Geneva, Switzerland, May 1996. [7] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, 'SIP: Session Initiation Protocol,' IETF Internet Draft, draft- ietf-mmusic-sip-12.txt, Work in Progress, January 1999. [8] R. Braden, 'Requirements for Internet Hosts -- Application and Support,' IETF RFC 1123, October 1989. [9] S. Kent and R. Atkinson, 'Security Architecture for the Internet Protocol,' IETF RFC 2401, November 1998. [10] S. Kent and R. Atkinson, 'IP Authentication Header,' IETF RFC 2402, November 1998. [11] S. Kent and R. Atkinson, 'IP Encapsulating Security Payload (ESP),' IETF RFC 2406, November 1998. [12] D. Harkins and D. Carrel, 'The Internet Key Exchange (IKE),' IETF RFC 2409, November 1998. Authors' Addresses Jonathan Rosenberg dynamicsoft 72 Eagle Rock Avenue First Floor East Hanover, NJ 07936 732-741-7244 email: jdrosen@dynamicsoft.com Rosenberg, Salama, Squire 75 Internet Draft Telephony Routing over IP January 2000 Hussein F. Salama Cisco Systems Mail Stop SJ-6/3 170 W. Tasman Drive San Jose, CA 95134 408-527-7147 email: hsalama@cisco.com Matt Squire WindWire 4825 Creekstone Drive Durham, NC 27703 919-247-0820 email: msquire@windwire.com Rosenberg, Salama, Squire 76
Datatracker
Report a datatracker bug
draft-ietf-iptel-trip-03
Internet-Draft
| Document | Document type |
This is an older version of an Internet-Draft that was ultimately published as RFC 3219.
Expired & archived
|
|
|---|---|---|---|
| Select version | |||
| Compare versions | |||
| Author | |||
| RFC stream |
|
||
| Other formats | |||
| Additional resources | Mailing list discussion |