[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Nits]

Versions: 00 01                                                         
      COPS Usage for Differentiated Services                      August 1998



      Network Working Group                             Francis Reichmeyer
      Internet Draft                                    Kwok Chan
      Draft-ietf-RAP-COPS-DS-00.txt                     Bay Networks, Inc.
      Expiration Date: January 1999                     David Durham
                                                        Raj Yavatkar
                                                        Intel
                                                        Silvano Gai
                                                        Keith McCloghrie
                                                        Cisco Systems, Inc.
                                                        Shai Herzog
                                                        IPHighway
                                                        August 1998


                        COPS Usage for Differentiated Services



      Status of this Memo

        This document is an Internet-Draft. Internet-Drafts are working
        documents of the Internet Engineering Task Force (IETF), its areas,
        and its working groups. Note that other groups may also distribute
        working documents as Internet-Drafts.

        Internet-Drafts are draft documents valid for a maximum of six months
        and may be updated, replaced, or obsoleted by other documents at any
        time. It is inappropriate to use Internet-Drafts as reference
        material or to cite them other than as "work in progress."

        To learn the current status of any Internet-Draft, please check the
        "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
        Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
        munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or
        ftp.isi.edu (US West Coast).


      Abstract

        There is a clear need for relatively simple and coarse methods of
        providing differentiated classes of service for Internet traffic, to
        support various types of services, and specific business
        requirements. The IETF has chartered the Differentiated Service WG to
        define the differentiated services architecture and a common language
        for differentiated services.


        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        1]



      COPS Usage for Differentiated Services                      August 1998


        In parallel, the IETF RSVP Admission Policy (RAP) WG has defined the
        COPS (Common Open Policy Service) protocol [COPS].

        This document describes enhancements to the Common Open Policy
        Service (COPS) protocol to support policy services in a
        Differentiated Services (diff serv) environment. Further
        modifications to COPS for diff serv may be proposed in the future,
        but what is presented here is thought to be the minimum necessary
        additions.

      Table of contents

        1. Terminology ......................................................3
        2. Introduction ..........................Error! Bookmark not defined.
           2.1 Basic Model...................................................6
        3. The definition of the Policy Tree ................................7
           3.1 Description of the Policy Tree................................8
           3.2 Operations Supported On a PI..................................8
           3.3 An example of a PIB...........................................8
        4. COPS Diff Serv Client Data ......................................10
           4.1 Policy Identifier (PID)......................................11
           4.2 XDR Encoded Policy Instance Data (XPD).......................11
           4.3 Diff Serv Decision Data......................................12
           4.4 Diff Serv Request Data.......................................12
           4.5 Diff Serv Report Data........................................12
             4.5.1 Commit Data .............................................13
             4.5.2 No Commit Data ..........................................13
             4.5.3 Accounting Data .........................................13
        5. Message Content .................................................13
           5.1 Request (REQ)   PEP -> PDP...................................13
           5.2 Decision (DEC)   PDP -> PEP..................................14
           5.3 Report State (RPT)   PEP -> PDP..............................15
        6. Common Operation ................................................15
        7. Fault Tolerance .................................................17
        8. Security ........................................................17
        9. References ......................................................17
        10. Author Information .............................................18











        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        2]



      COPS Usage for Differentiated Services                      August 1998


      1. Terminology

        o  ACL: Access Control List.

        o  COPS (Common Open Policy Service): client/server model for
           supporting policy control [COPS];

        o  Instance Identifier: one or more of the PC attributes the values of
           which are used as part of the identification of a PI.

        o  Object: this term is used in the same sense as in COPS
           specification. An object is identified by its C-num and C-type.

        o  PC (Policy Class): a type of policy data item. In object oriented
           terminology this is equivalent to a class. It inherits from PC. A
           PC defines a vector of attributes. Each attribute has a syntax type
           that is either primitive or refined. It also overrides the READ and
           WRITE methods and defines new error sub-codes.

        o  PI (Policy Instance): an instance of a PC. Potentially there are
           multiple instances of the same PC. The value of a PI consist of a
           vector of values, one value for each attribute in the PC's vector
           of attributes.

        o  PDP (Policy Decision Point): a network entity where policy
           decisions are made

        o  PEP (Policy Enforcement Point): network device where policy
           decisions are enforced.

        o  PIB (Policy Information Base): policy objects are accessed via a
           virtual information store, termed the Policy Information Base or
           PIB.  Objects in the PIB are defined using Abstract Syntax Notation
           One (ASN.1) [ASN1].

        o  PID (Policy IDentifier): the name which identifies a particular PI
           or PC. It has a hierarchical structure of the form 1.3.4.2.7, where
           the first part identifies the PC (i.e., 1.3.4) and the last part is
           the value of the PII (Policy Instance Identifier), which identifies
           the instance (i.e. 2.7). The PII is null in the case of a PC.

        o  XPD: XDR Encoded Policy Instance Data.


      2. Introduction
         The Common Open Policy Service (COPS) protocol is a query response
         protocol used to exchange policy information between a network policy

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        3]



      COPS Usage for Differentiated Services                      August 1998


         server and a set of clients [COPS]. COPS is being developed within
         the RSVP Admission Policy Working Group (RAP WG) of the IETF,
         primarily for use as a mechanism for providing policy-based admission
         control over requests for network resources [RAP].

         The underlying assumption in the RAP framework is that applications
         or endsystems use the RSVP [RSVP] signaling protocol to communicate
         Integrated Services (int serv) reservation requests to the network
         nodes along the path of a flow. These reservation requests carry
         necessary flow specifications and  requests for a flow to receive one
         of the defined Integrated Services, Controlled Load or Guaranteed. In
         the int serv model, the RSVP messages themselves contain all the
         necessary information needed at the networking device to classify and
         service the flow [RSVP]. This information includes the session
         identifier (source and destination addresses, port numbers, and
         transmission protocol), flowspec token bucket parameters, and
         requested service.
         As shown I Figure 1, the network device contacts a policy decision
         point (PDP) to make the policy-based admission control decision.
         Then, the policy server (PDP) is simply required to return a
         Decision, such as "accept" and the network device acts as a policy
         enforcement point (PEP) and uses the session information and intserv
         srvice parameters to classify and service the packets belonging to
         the flow.

                 (router, switch)         policy server

         .
               _ ---------------- ________ --------______
                |                |        |        |        ______
         .
                |  Network Node  |        |        |
         .
                |    -----   ___ |        |        |
                |   |     |      |        |        |
         .
                |   | PEP |<-----|------->| PDP    |
         .
                |   |_____|      |        |_____   |
         .
                |    -----       |        |        |
         .
                |________________|        |        |
                 ----------------          --------

           Figure 1: Under the RAP framework, network elements such as a
         router or a switch contact the PDP for policy-based admission control

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        4]



      COPS Usage for Differentiated Services                      August 1998


         when a resource reservation request is received.


         Providing policy services in a diff serv environment requires some
         different assumptions about the admission control mechanisms used in
         the network. First, there may be no explicit signaling from sources
         of traffic requesting a particular service as in the case of an
         intserv network. Second, requests for allocation of resources to
         differentiated services may arrive at the policy server from entities
         other than a PEP. Examples of such sources include attached users
         requesting network services via a web interface into a central
         management application, or H.323 servers requesting resources on
         behalf of a user for a video conferencing application. Requests of
         this sort require some policy decision to be made to ensure the
         requesting user/application has permission to use the requested
         services and that the resources are available. Once the decision is
         made, the PDP must configure one or more PEPs to provision necessary
         resources for services requested. In addition, the PDP may also pass
         to the PEP provisioning decisions about resources related to flows of
         a more static nature, such as long-term SLAs established across
         boundaries of adjacent ISP networks.

         In summary, the interaction between the PDP and PEP is different in
         at least two respects from that in the case of the intserv
         environment. First, the resource provisioning requests may originate
         at places other than a PEP. Second, once the PDP makes a policy
         decision to allocate resources for a service class or a flow
         aggregate, it must pass on the sufficient information (such as packet
         classification filters, traffic shaper parameters) to the PEPs so
         that PEPs can implement policy decisions. This draft describes the
         usage of the COPS protocol for communicating this information between
         diff serv clients (PEPs) and the policy servers.
















        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        5]



      COPS Usage for Differentiated Services                      August 1998



      2.1 Basic Model

         Figure 2 shows a sample network configuration for a diffserv
         environment. Edge routers and boundary routers are located at the
         boundary of diffserv domains as described in [draft-nichols-diff-
         serv-arch-00.txt]. The BB is responsible for admission control
         functions and resource provisioning. In the COPS model, the PDP is
         part of the bandwidth broker that manages resources within a diffserv
         domain. Both edge routers and boundary routers act as PEPs and
         communicate with BBs using COPS for exchange of policy information.
         The internal organization of the BB and policy functionality may
         vary: the policy server and BB may be separate entities in which case
         the BB, upon receiving COPS messages from the PEP, consults the
         policy server to make its decision.

                   ----       ----
                  | BB |     | BB |
                  |    |     |    |
                  _----       ----
                     ^         ^
                    |         /
                    |        /
                    |        |

      .
                / Stub   \       /   Transit    \       /  Stub  \
      .
               / Network  \     /    Network     \     /  Network \
        |---| |        |---|   |---|          |---|   |---|        | |---|
        |Tx |-|        |ER1|---|BR1|          |BR2|---|ER2|        |-|Rx |
        |---| |        |-- |   |---|          |---|   |---|        | |---|
               \          /     \                /     \          /
                \        /       \              /       \        /

        Figure 2: A sample Network Configuration in which
        Edge Routers (ER) and Boundary routers (BR) in the stub and transit
        networks communicate with the corresponding bandwidth brokers in
        their domain.


        To allow for use of COPS for diff-serv specific communication and to
        distinuish diff-serv specific communication from other uses of COPS,
        we have added a new client type to COPS  (client type = DiffServ
        client). In an environment where a stub network uses intserv/RSVP
        signaling for admission control and uses diffserv-based policy server
        for managing resources to a transit network, use of two different

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        6]



      COPS Usage for Differentiated Services                      August 1998


        client types (RSVP vs diffserv) may require a method that correlates
        the two admission control decision. The issue of combining int serv
        and diff serv to provide an end-to-end QoS solution is currently
        being studied [E2E]. Also, the RSVP WG is currently planning on
        addressing the use of RSVP within the differentiated services QoS
        model.


      3. The definition of the Policy Tree

        This section defines data format for the diff serv client specific
        information carried in the Decision, Request ClientSI, and Report
        ClientSI objects. Diff serv client specific data may be defined for
        the other objects in the future.

        The policy tree is based on SMI and MIBs. COPS for RSVP does not need
        a policy tree, since the information exchanged has a simple format.
        However, the COPS protocol does not preclude the use of data,
        represented in such a way, with RSVP. COPS for DiffServ needs much
        more structure, since it needs to represent policies, mappings, ACLs,
        interfaces etc.

        The policy tree is structured in the following way:


        -------+-------+----------+---PC--+--PI
               |       |          |        +--PI
               |       |          +---PC-----PI
               |       +---PC--+--PI
               |       |        +--PI
               |       |        +--PI
               |       |        +--PI
               |       |        +--PI
               |       +---PC-----PI
               +---PC---PI


        Figure 1: Example of a Policy Tree


        PIs (Policy Instances) and   s
PC  (Policy Classes) have names (PIDs:
        Policy Identifiers). Names have a hierarchical structure of the form
        1.3.4.2.7, where the first part identifies the PC (e.g., 1.3.4) and
        the last part identifies the instance (e.g. 2.7).

        The policy tree names all the policy data classes and instances and
        this creates a common view of the policy organization between the

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        7]



      COPS Usage for Differentiated Services                      August 1998


        client (PEP) and the server (PDP).  Therefore, when the PEP receives
        data from the PDP, the data itself specifies what a PEP is supposed
        to do with the data. The current granularity of access, i.e., the
        atomicity of replacement, is proposed as a vector of values.

        Note that the PCs/PIs in the above diagram are each a vector of
        values. This proposal is that the hierarchy of PCs/PIs is for benefit
        of human understanding, not for programmatic understanding, or
        inheritance.


      3.1 Description of the Policy Tree

        The Policy Tree is described using SMI and PIBs. SMI and PIBs are
        defined based on the ASN.1 data definition language [ASN1]. This does
        not imply that the representation of the policy information on the
        wire must follow ASN.1: on the contrary, the proposal it to follow
        COPS conventions and to define a new objects (XDR Encoded Policy
        Instance Data, see Section 4.2) which contains an XDR encoding. XDR
        is a standard [RFC1832] for the description and encoding of data.


      3.2 Operations Supported On a PI

        The following operations are supported on a PI:

        o  Install - creates a new instance of a PC, i.e. a new PI, or
           modifies an existing instance. The instance is automatically
           enabled. Parameters to this operation are a PID (see Section 4.1)
           and an "XPD (XDR encoded policy instance Data)" containing the
           value to assign to the new PI see (Section 4.2). The XPD specifies
           all the attributes of the new PI.

        o  Delete - This operation is used to delete an instance of a PC. The
           parameter is a PID (see Section 4.1).

        o  Enable. This operation is used to enable a PI.

        o  Disable. This operation is used to disable a PI.


      3.3 An example of a PIB

        This section contains a simple example of a PIB describing a simple
        set of filters for IP packets. Each filter is able to match either
        the source IP address, the destination IP address or both. This


        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        8]



      COPS Usage for Differentiated Services                      August 1998


        example is provided only for the benefit of understanding how a PIB
        is structured. It is not supposed to describe any actual policy data.

        policyFilterPIB OBJECT IDENTIFIER ::= { policyPIB 1 }

        ipHeaderFilterTable OBJECT-TYPE
            SYNTAX      SEQUENCE OF IpHeaderFilterEntry
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION "This table contains a simple ACL, i.e. one or
                         more IP filters."

        ::= {policyFilterPIB 1}


        ipHeaderFilterEntry OBJECT-TYPE
            SYNTAX      IpHeaderFilterEntry
            MAX-ACCESS  write-only
            STATUS      current
            DESCRIPTION "Each row of the table has four columns. The
            ipHeaderFilterIndex uniquely identifies a particular IP
            filter. The ipHeaderFilterMatchType specifies the type of
            match (source only, destination only, source and destination).
            The ipHeaderFilterSourceAddress and
            ipHeaderFilterDestinationAddress contain the source and
            destination IP addresses."

            INDEX {ipHeaderFilterIndex}

        ::= {ipHeaderFilterTable 1}


        IpHeaderFilterEntry ::= SEQUENCE {
            ipHeaderFilterIndex              INTEGER,
            ipHeaderFilterMatchType          BITS,
            ipHeaderFilterSourceAddress      IpAddress,
            ipHeaderFilterDestinationAddress IpAddress
        }


        ipHeaderFilterIndex OBJECT-TYPE
            SYNTAX      INTEGER
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION "The index of the table, used to identify each
            individual IP filter"


        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        9]



      COPS Usage for Differentiated Services                      August 1998


        ::= {ipHeaderFilterEntry 1}


        ipHeaderFilterMatchType OBJECT-TYPE
            SYNTAX      BITS {
                            matchSource (0),
                            matchDestination (1)
                        }
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION "This field indicates which one or more of the
            addresses are required to match the corresponding addresses
            of the IP packet."

        ::= {ipHeaderFilterEntry 2}


        ipHeaderFilterSourceAddress OBJECT-TYPE
            SYNTAX      IpAddress
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION "IP source address to be matched against the
            packet in the event the ipHeaderFilterMatchType has the
            corresponding bit set.

        ::= {ipHeaderFilterEntry 3}


        ipHeaderFilterDestinationAddress OBJECT-TYPE
            SYNTAX      IpAddress
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION "IP destination address to be matched against the
            packet in the event the ipHeaderFilterMatchType has the
            corresponding bit set.

        ::= {ipHeaderFilterEntry 4}


      4. COPS Diff Serv Client Data

        The COPS-DS extensions define a new client type:

           Client Type = 2; Diff Serv Client

        Diff serv specific information is sent in a COPS message containing a
        Common Header with the Diff Serv Client type specified:

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        10]



      COPS Usage for Differentiated Services                      August 1998



                      0                    1                      2
        3
        +----------------+----------------+----------------+----------------+
        | Version| ////  |     Op Code    |      Client Type = 0x02         |
        +----------------+----------------+----------------+----------------+
        |                          Message Length                           |
        +----------------+----------------+----------------+----------------+

        The COPS protocol specification defines several objects which may
        carry client specific information between PDP and PEP:
           Context Object (Context)
           Reason Object (Reason)
           Decision Object (Decision)
           Error Object (Error)
           Client Specific Information Object (ClientSI) which includes:
                Request ClientSI
                Report ClientSI
                Client-Open ClientSI


      4.1 Policy Identifier (PID)

        This object is used to carry the PID of the Policy Data Instance to
        be installed or deleted.

                0                1               2                 3
        +----------------+----------------+----------------+----------------+
        |              Length             |          Type = PID             |
        +----------------+----------------+----------------+----------------+
        |                       Policy Identifier                           |
        +----------------+----------------+----------------+----------------+



      4.2 XDR Encoded Policy Instance Data (XPD)

        This object is used to carry the value of a Policy Data Instance to
        be installed, It contains an XDR coding of the Policy Data Instance
        [RFC1832].

                0                1               2                 3
        +----------------+----------------+----------------+----------------+
        |              Length             |          Type = "XDR type"      |
        +----------------+----------------+----------------+----------------+
        |                       XDR Encoded PI Value                       |
        +----------------+----------------+----------------+----------------+

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        11]



      COPS Usage for Differentiated Services                      August 1998




      4.3 Diff Serv Decision Data

        The diff serv Client Specific Decision Data is composed of one or
        more bindings. Each binding associates a PID object and an XPD
        object. The XPD object contains the value to be assigned to the PI
        that is created or updated.

        The diff serv specific decision data has the following format:

        C-Num  = 7
        C-Type = 4

             <Client Specific Decision Data> ::= <Install> |
                                                 <Delete> |
                                                 <Enable> |
                                                 <Disable>

             <Install>    :: = <Binding(s)>

             <Binding(s)> ::= <Binding> <Binding(s)> |
                              <Binding>

             <Binding>    ::= <PID> <XPD>

             <Delete>     ::= <PI(s)>
             <Enable>     ::= <PI(s)>
             <Disable>    ::= <PI(s)>

             <PI(s)>     ::= <PI> <PI(s)> |
                              <PI>


      4.4 Diff Serv Request Data

        The diff serv request ClientSI data has the following format:


        <diff serv request datat> ::= <Binding(s)>


      4.5 Diff Serv Report Data

        Diff serv specific report data is used in the RPT message. The format
        of the report data is dependant on the value of the accompanying COPS
        Report Type object.

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        12]



      COPS Usage for Differentiated Services                      August 1998




      4.5.1 Commit Data
        When used with the "commit" report type, the diff serv specific
        report data has the following format:

        <diff serv report data> ::=  [<PID(s)>]


      4.5.2 No Commit Data
        When used with the "no commit" report type, the diff serv specific
        report data has the following format:

        <diff serv report data> ::= <Binding(s)>


      4.5.3 Accounting Data
        TBD


      5. Message Content

        This section describes the COPS messages exchanged between a PEP and
        PDP for use with diff serv policy services.


      5.1 Request (REQ)   PEP -> PDP

        The REQ message is used by COPS diff serv clients for issuing a
        config request from the to the PDP, as described in the COPS
        protocol. The Client Handle is associated with request state
        originated by the PEP and the PEP is responsible for notifying the
        PDP when the Handle is no longer in use and can be deleted.

        The diff serv request data, defined above, may be included in the
        config request form PEP to PDP. Currently, the request data is
        defined for carrying configuration/feature negotiation information
        from the PEP. This provides the server with information on the types
        of policy that the interface can enforce and the types of policy data
        the PEP can install.

        The config request message serves as a request from the PEP to the
        PDP for any diff serv configuration data which the PDP may have pre-
        defined for the PEP device, such as access control lists, etc., and
        any future access data or updates. The pre-configured and any
        asynchronous diff serv configuration data can then be sent to the PEP
        over time via responses, as decided by the PDP. The configuration

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        13]



      COPS Usage for Differentiated Services                      August 1998


        information supplied by the PDP is of the consistent client specific
        format defined above. The PDP responds to the config request with a
        DEC message containing any available configuration information.

           <Request> ::= <Common Header>
                         <Client Handle>
                         <Context = config request>
                         <interface>
                         <diff serv request data>


      5.2 Decision (DEC)   PDP -> PEP

        The DEC message is sent from the PDP to a diff serv client  in
        response to a config REQ  received from the PEP. The Client Handle
        must be the same Handle that was received in the REQ message. The
        Client Specific Decision Data for diff serv clients, to be used in
        the DEC message, is defined above.

        The DEC message is sent as an immediate response to a config request,
        used to carry pre-defined configuration information set in the PDP,
        to the PEP. Subsequent DECs may also be sent at any time after the
        original DEC message to continue supplying the PEP with
        additional/updated policy information. The state carried in the DEC
        message is referred to in the PDP and PEP by the Client Handle and
        the PID information.
        The PEP performs the operation specified in the Decision Flags object
        on the decision data. If no configuration state is available when the
        config REQ is processed by the PDP, a DEC is sent with the "No
        Configuration Data" decision flag set.

        The "Install", "Delete", "Enable", and "Disable" decision flags are
        used by the PEP and PDP to manage the policy data transactions. In
        response to a DEC message, the diff serv client sends a RPT back to
        the PDP to inform the PDP of the actual action taken. For example, in
        response to a DEC with the "Install" flag (only) set, the PEP informs
        the PDP if the decision data can be installed, based on the other
        policy data on the device (are there conflicts, etc.). Then when the
        PDP determines the policy should be enabled, based on the transaction
        associated with the policy data, a subsequent DEC message may be sent
        with the "Enable" flag set.

            <Decision> ::=   <Common Header>
                     <Client Handle>
                     <Decision Flags>
                     [< diff serv Specific Decision Data>]


        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        14]



      COPS Usage for Differentiated Services                      August 1998



      5.3 Report State (RPT)   PEP -> PDP

        The RPT message is sent from the diff serv client to the PDP to
        report accounting information from PEP to PDP on request state
        installed at the PEP. It is also used as a mechanism to inform the
        PDP about the action taken at the PEP, in response to a DEC message.
        The diff serv report data format, as defined above, depends on the
        Report Type included in the RPT message.

           <Report State> ::= <Common Header>
                        <Client Handle>
                        <Report Type>
                        [<diff serv report data>]


      6. Common Operation

        This section describes, in general, typical exchanges between a PDP
        and diff serv COPS client.

        First, a connection is established between the PEP and PDP and the
        PEP sends a Client-Open message with the Client-Type = 2, Diff Serv
        client. If the PDP supports the Diff Serv client, the PDP responds
        with a Client-Accept (CAT) message. If the client type is not
        supported, a Client-Close (CC) message is returned by the PDP to the
        PEP, possibly identifying an alternate server that is known
        (believed?) to support the policy for the diff serv client.

        Once the CAT message is accepted, the client can send requests to the
        server. The first request a COPS Diff Serv client sends to the server
        is for configuration information, that is a REQ with "Configuration
        Request" set in the context object that identifies a specific
        interface/module and any relevant client specific information. The
        config request message serves two purposes in COPS-DS. First, it is a
        request from the PEP to the PDP for any diff serv configuration data
        which the PDP may have pre-defined for the PEP device, such as acces
        control lists, etc. Also, the config request is a request to the PDP
        to send asynchronous diff serv configuration data to the PEP, as it
        is received by the PDP. This asynchronous data may be new policy data
        or an update to policy data sent previously.

        If the PDP has diff serv QoS policy configuration information for the
        client, that information is returned to the client in a DEC message
        containing the Diff Serv client policy data within the COPS Decision
        object. If no filters are defined, the DEC message will simply
        specify that there are no filters using the "No Configuration"

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        15]



      COPS Usage for Differentiated Services                      August 1998


        Decision Flags object. The handle associated with the request state
        is the Client Handle sent in the original configuration REQ from the
        PEP. This is to prevent the PEP from timing out the REQ and deleting
        the Client Handle.

        The PDP can then add new policy data or update existing state by
        sending subsequent DEC message(s) to the PEP, with the same Client
        Handle. The PEP is responsible for removing the Client handle when it
        is no longer needed, for example when the interface goes down, and
        informing the PDP that the handle is to be deleted.

        For diff serv purposes, access state, and access requests to the
        policy server can be initiated by other sources besides the PEP.
        Examples of other sources include attached users requesting network
        services via a web interface into a central management application,
        or H.323 servers requesting resources on behalf of a user for a video
        conferencing application. When such a request is accepted, the edge
        device affected by the decision (the point where the flow is to enter
        the network) must be informed of the decision. Since the PEP in the
        edge device did not initiate the request, the specifics of the
        request, e.g. flowspec, packet filter, and PHB to apply, must be
        communicated to the PEP by the PDP. This information is sent to the
        PEP using the Decision message containing Diff Serv client specific
        data objects in the COPS Decision object as specified. Any updates to
        the state information, for example in the case of a policy change or
        call tear down, is communicated to the PEP by subsequent DEC messages
        containing the same Client Handle and the updated diff serv request
        state. Updates can be specify to delete, install, enable or disable
        existing policy data.

        The PEP acknowledges the DEC message and action taken by sending a
        RPT message with a "Commit" Report-Type object. This serves as an
        indication to the PDP that the requestor (e.g. H.323 server) can be
        notified that the request has been accepted by the network. If the
        PEP needs to reject the DEC operation for any reason, a RPT message
        is sent with a Report-Type of value "No Commit" and optionally a
        Client Specific Information object specifying the policy data that
        was rejected. The PDP can then respond to the requestor accordingly.

        The PEP can report to the PDP the local status of any installed
        request state when appropriate. This information is sent in a Report-
        State (RPT) message with the "Accounting" flag set. The state being
        reported on is referenced by the Client Handle associated with the
        request state and the client specific data identifier.
        Finally, Client-Close (CC) messages are used to cancel the
        corresponding Client-Open message. The CC message informs the other
        side that the client type specified is no longer supported.

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        16]



      COPS Usage for Differentiated Services                      August 1998




      7. Fault Tolerance

        When communication is lost between PEP and PDP, the PEP attempts to
        re-establish the TCP connection with the PDP it was last connected
        to. If that server cannot be reached, then the PEP attempts to
        connect to a secondary PDP, assumed at this time to be manually
        configured at the PEP.

        When a connection is finally re-established, either with the primary
        PDP or a secondary PDP, the PDP may request the PEP to re-synch its
        current state information (SSQ message). If after re-connecting, the
        PDP does not request the synchronization, the client can assume the
        server recognizes it and the current state at the PEP is correct. Any
        changes state changes which occurred at the PEP while connection was
        lost must be reported to the PDP in a RPT message.

        While the PEP is disconnected from the PDP, the request state at the
        PEP is to be used for policy decisions. If the PEP cannot re-connect
        in some pre-specified period of time (some multiple of the keep-alive
        time? - TBD), the request state is to be deleted and the associated
        Handles removed. The same holds true for the PDP; upon detecting a
        failed TCP connection, the time-out timer is started for the request
        state associated with the PEP and the state is removed after the
        specified period without a connection.


      8. Security

        The use of COPS for diff serv introduce no new security issues over
        the base COPS protocol. The use of IPSEC between PDP and PEP, as
        described in [COPS] is sufficient.


      9. References

        [COPS]    Boyle, J., Cohen, R., Durham, D., Herzog, S., Raja,n R.,
                  Sastry, A., "The COPS (Common Open Policy Service)
                  Protocol", IETF <draft-ietf-rap-cops-02.txt>, March 1998.

        [RAP]     Yavatkar, R., et al., "A Framework for Policy Based
                  Admission Control",IETF <draft-ietf-rap-framework-00.txt>,
                  November, 1997.

        [E2E]     Bernet, Y., Yavatka,r R., Ford, P., Bake,r F., Nichols, K.,
                  Speer, M., "A Framework for End-to-End QoS Combining

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        17]



      COPS Usage for Differentiated Services                      August 1998


                  RSVP/Intserv and Differentiated Services", IETF <draft-
                  ietf-diffserv-rsvp-00.txt>, March 1998.

        [RSVP]    Braden, R., Zhang, L., Berson, S., Herzog, S., and Jamin,
                  S., "Resource Reservation Protocol (RSVP) Version 1
                  Functional Specification", IETF RFC 2205, Proposed
                  Standard, September 1997.

        [ASN1]    Information processing systems - Open Systems
                  Interconnection, "Specification of Abstract Syntax Notation
                  One (ASN.1)", International Organization for
                  Standardization, International Standard 8824, December
                  1987.

        [RFC1832] R. Srinivasan, "XDR: External Data Representation
                  Standard.", RFC 1832, August 1995.


      10. Author Information

        Francis Reichmeyer
        Bay Networks, Inc.
        3 Federal Street
        Billerica, MA 01821
        Phone: (978) 916-3352
        Email: freichmeyer@BayNetworks.COM

        Kwok Ho Chan
        Bay Networks, Inc.
        600 Technology Park
        Billerica, MA 01821
        Phone: (978) 916-8175
        Email: khchan@BayNetworks.COM

        David Durham
        Intel
        2111 NE 25th Avenue
        Hillsboro, OR 97124
        Phone: (503) 264-6232
        Email: david.durham@intel.com

        Raj Yavatkar
        Intel
        2111 NE 25th Avenue
        Hillsboro OR 97124
        Phone: (503) 264-9077
        Email: yavatkar@ibeam.intel.com

        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        18]



      COPS Usage for Differentiated Services                      August 1998



        Silvano Gai
        Cisco Systems, Inc.
        170 Tasman Dr.
        San Jose, CA 95134-1706
        Phone: (408) 527-2690
        email: sgai@cisco.com

        Keith McCloghrie
        Cisco Systems, Inc.
        170 Tasman Dr.
        San Jose, CA 95134-1706
        Phone: (408) 526-5260
        email: kzm@cisco.com

        Shai Herzog
        IPHighway
        2055 Gateway Place, Suite 400
        San Jose, CA 95110
        Phone: (408) 451-3923
        Email: herzog@iphighway.com


        ...........
























        Reichmeyer, Ho Chan, Durham, Gai, McCloghrie                  [Page
        19]