VIPR M. Petit-Huguenin
Internet-Draft Stonyfish
Intended status: Standards Track J.R. Rosenberg
Expires: April 25, 2012
C. Jennings
October 23, 2011

Proportional Quota in REsource LOcation And Discovery (RELOAD)


This document defines an extension to RELOAD [I-D.ietf-p2psip-base] that limits the number of a specific kind element that can be stored by one RELOAD peer.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on April 25, 2012.

Copyright Notice

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

This document may not be modified, and derivative works of it may not be created, except to format it for publication as an RFC or to translate it into languages other than English.

Table of Contents

1. Introduction

The base specification of RELOAD defines two variables to set the storage quota. The first one is the maximum size of an element of a specific kind, the second one is the maximum number of elements of a specific kind that can be stored on a specific peer. The combination of the two variables permits to limit the quantity of data that a peer have to store.

For kinds that are used with an access control policy that does not restrict the Resource-IDs, a different algorithm is needed to force storing nodes to behave. This document describes a quota algorithm that limits the number of elements of a specific kind that a node can store in the overlay, independently of the Resource-ID used. Another way to look at this quota algorithm is that an entity must provide a number of peers that is proportional to the number of elements of a specific kind that this entity wants to store.

It is important to understand that this quota works only for an overlay comprising only peers, and so with a configuration file containing a <clients-permitted> element set to false.

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. Quota Algorithm

A peer responsible for storing kinds using the quota algorithm described in this document MUST maintain a count of the number of unique entries being stored per signer for each kind. This operation does not require to add a field containing the Node-ID as the Node-ID of the signer is always available indirectly from the signature field of each element stored.

For example if a peer is storing 5 Resource-IDs and at each of those 5 there are two entries, all signed by the same Node-ID, it means this node is currently storing 10 unique entries for that Node-ID.

When performing the quota checks for an entry, the peer starts by verifying that the size of the entry is consistent. If the entry if not for a replica, it then takes the <max-count> configuration parameter for this overlay, which measures the amount of entries of a specific kind a particular node can store when a <max-count-per>SIGNER</max-count-per> configuration parameter is also present. That value is divided by the fraction of the overlay owned by this peer. If the result is less than one, it is rounded up to two. This is the maximum number of unique entries that can be stored for this signer. If the peer is not yet storing this many entries for that Node-ID, the store is allowed.

Note that when evaluating a Store Request containing multiple entries per kind, the count of unique entries used for the evaluation is incremented after each successful check, but the count will be reset to its initial value if one of the check fails.

The algorithm does not apply to the replicas created by the topology plugin. If another level of replication is done at the application level, the <max-count> value must be adjusted accordingly.

Note that because of imperfect distribution of Resource-IDs across the ring, new entries can be rejected even if the total count is under the limit. It is the responsibility of the storing entity to calculate the maximum acceptable probability of rejection and to increase the number of peers accordingly.

[[Note: Add here the equation that can be used to calculate the probability of rejection, so applications using this quota mechanism can recommend a multiplier coefficient]]

4. Overlay Configuration Document Extension

This document extends the overlay configuration document by defining a new element in the "urn:ietf:params:xml:ns:p2p:quota" namespace.

The <max-count-per> element changes the meaning of the <max-count> variable. The value "PEER" forces the <max-count> to be interpreted as been per storing peer, which is the default quota algorithm when this extension is not used. The value "SIGNER" forces the <max-count> to be interpreted as been per signer, which is the algorithm defined by this document.

The Compact Relax NG Grammar for this element is:

namespace pqt = "urn:ietf:params:xml:ns:p2p:quota"

kind-parameter &= element pqt:max-count-per { max-count-per-type }
max-count-per-type |= "PEER"
max-count-per-type |= "SIGNER"
max-count-per-type |= xsd:string # extensions


5. Security Considerations


6. IANA Considerations

This document adds the following URN to the "XML Namespaces" class of the "IETF XML Registry":


7. Acknowledgements

Thanks to Hakim Mehmood and Mark Hendrickson for their explanations on the implementation of the quota algorithm.

This document was written with the xml2rfc tool described in [RFC2629].

8. References

8.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-p2psip-base] Jennings, C, Lowekamp, B, Rescorla, E, Baset, S and H Schulzrinne, "REsource LOcation And Discovery (RELOAD) Base Protocol", Internet-Draft draft-ietf-p2psip-base-18, August 2011.

8.2. Informative References

[RFC2629] Rose, M.T., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999.

Appendix A. Release notes

This section must be removed before publication as an RFC.

Appendix A.1. Modifications between draft-petithuguenin-vipr-proportional-quota-00 and draft-petithuguenin-p2psip-proportional-quota-01

  • The quota does not apply to replicas.
  • Draft moved to VIPR WG.
  • Nits.

Appendix A.2. Modifications between draft-petithuguenin-p2psip-proportional-quota-01 and draft-petithuguenin-p2psip-proportional-quota-00

  • Changed "storing peer" to "signer" as this works also for replica peers.
  • The default quota algorithm is per storing peer, not per Resource-ID.
  • Changed the constants in the XML extension accordingly.
  • Added running code considerations for reference implementation.

Appendix A.3. Modifications between draft-petithuguenin-p2psip-proportional-quota-00 and draft-petithuguenin-vipr-reload-usage-00

  • Instead of having a StorageQuota parameter that gives the maximum number of entries, reused the max-count parameter (that is mandatory anyway) and changes its meaning.
  • Removed the 3x multiplier to account for the application layer COPY, as it is application specific.
  • Removed the additional 3x multiplier to compensate for imperfect distribution, and moved the responsibility to the storing nodes.

Appendix A.4. Running Code Considerations

  • Reference Implementation (<>). Marc Petit-Huguenin. Implements version vipr-00.

Authors' Addresses

Marc Petit-Huguenin Stonyfish EMail:
Jonathan Rosenberg Monmouth, NJ US EMail: URI:
Cullen Jennings Cisco 170 West Tasman Drive San Jose, CA 95134 USA Phone: +1 408 421-9990 EMail: