Internet Engineering Task Force Mike Pierce
Internet Draft Artel
draft-pierce-ieprep-assured-service-req-02.txt Don Choi
January 2004 DISA
Expires July 2004
Requirements for Assured Service Capabilities in Voice over IP
draft-pierce-ieprep-assured-service-req-02.txt
Status of this memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html.
Copyright
Copyright (C) Internet Society 2004. All rights reserved.
Reproduction or translation of the complete document, but not of
extracts, including this notice, is freely permitted.
Abstract
Assured Service refers to the set of capabilities used to ensure
that critical communications are established and remain connected.
This memo describes the requirements for such capabilities in
support of real-time communications for voice using specific
networks such as those used by government agencies, but they could
also be applied in commercial environments.
Mike Pierce Expires July 2004 [Page 1]
Internet Draft Requirements for Assured Service January 2004
Table of Contents
1. Introduction.......................................................2
1.1. Changes........................................................3
2. Background.........................................................4
3. High Level Requirements............................................5
4. Functional Requirements............................................6
4.1. Precedence Level Marking.......................................6
4.2. Authentication/Authorization...................................7
4.3. Preferential Treatments........................................7
4.3.1. Call/Session Treatment.......... ...........................7
4.3.2. Packet Transfer Treatment........ ..........................8
4.3.3. Procedural Requirements........... .........................8
4.4. Diversion if Not Answered......................................9
4.5. Notifications..................................................9
4.6. Acknowledge by Preempted Party................................10
4.7. Protection of Signaling/Routing Information from Disclosure...10
4.8. Accounting....................................................10
4.9. Call Control Signaling Precedence.............................11
4.10. Interworking..................................................11
5. Security Considerations...........................................11
5.1. Authentication/authorization of User Access...................11
5.2. Security of Signaling Information.............................12
5.3. Security of Routing Data......................................12
5.4. Security of User Data.........................................12
6. IANA Considerations...............................................13
7. References........................................................13
8. Acknowledgements..................................................14
9. Authors' Addresses................................................14
1. Introduction
Throughout many decades of evolution of the telephony network and
its supporting protocols, there has been a need to provide
preferential services and functionality to a limited subset of the
users and calls within a network or domain in order to ensure
completion of important calls that transit congested
interconnections. Examples of this need have been in support of
emergency traffic for natural disasters, network restoration
traffic, and high priority traffic in a private networks. Provision
of the required capabilities in the signaling protocols and within
the switching systems has been defined in a number of national and
international standards, most notably a service referred to as
Multi-Level Precedence and Preemption (MLPP) as defined in an
American National Standard [T1.619] in the US and in corresponding
ITU-T Recommendations [I.255.3, Q.735.3, and Q.955.3]. In addition,
a service called High Probability of Completion (HPC) was defined in
the US [T1.631] and, most recently, two ITU-T Recommendations define
the requirements for the International Emergency Preference Scheme
Mike Pierce Expires July 2004 [Page 2]
Internet Draft Requirements for Assured Service January 2004
(IEPS) [E.106] and the International Preference Scheme for
Multimedia Service in Support of Disaster Relief Operations [draft
F.706].
Other drafts submitted to the IETF have addressed aspects of IEPS.
Among these are the Framework for ETS for Telephony over IP [ETS].
MLPP was the solution for providing Assured Service capabilities
within the circuit switched environment. It is essential that
equivalent Assured Service capabilities are defined and implemented
for the packet-based, connectionless environment of IP, and
specifically SIP. Without these capabilities, SIP can not be used
for those applications which require these capabilities.
This memo builds on these references and identifies the specific
requirements for Assured Service capabilities for Voice applications
in support of these specific types of environments. Although this
memo covers only Voice, there will be similar requirements for
"Assured Service" capabilities for all other forms of communication.
The term "Assured Service" is used to refer to the required
capabilities, rather than the previous term of "MLPP" or the related
but different terms of IEPS or ETS, since the envisioned set of
capabilities and protocols to achieve them are not expected to be
exactly the same as those other services. For example, IEPS/ETS may
not have a requirement for preemption at any point in the SIP
session, whereas Assured Service may at both the session endpoint
and in networks between endpoints.
Although these requirements are derived from previous government
applications, many of the same requirements and capabilities may be
applied for non-government networks, for example, in support of
commercial network restoration efforts. A presentation in the TEWG
during the August 2001 meeting demonstrated real-life situations
from the past in which total network failures required extensive
efforts, presumably including communication via other unaffected
networks, to bring the affected network back on line. If one
considered a situation in which the very network which had failed
was needed to carry the network management traffic required to get
it back on line, it would be hard to imagine how it could ever be
brought back up in the face of overwhelming customer attempts.
Capabilities would be required to give priority to the network
management traffic, even to the extent of blocking all non-emergency
traffic for a period of time.
1.1. Changes
Note: This section will be deleted before progressing as an RFC.
This document has evolved through 2 different working groups:
SIPPING and IEPREP. This draft was originally submitted under
SIPPING with 2 revisions. It is now in the IEPREP WG in order to
Mike Pierce Expires July 2004 [Page 3]
Internet Draft Requirements for Assured Service January 2004
ensure that the Assured Service requirements are considered along
with those of the related IEPS discussions
(SIPPING) -00 Original draft
(SIPPING) -01 Indicated informative material which would not be a
part of final. Moved some to Annex.
(SIPPING) -02 Removed material to draft-pierce-sipping-pref-treat-
examples-00 and draft-pierce-sipping-assured-service-arch-00.
Added requirement to maintain records of use of service.
(IEPREP) -00
. Updated references.
. Added additional requirements related to preferential treatment in
4.3.
. Added requirement in 4.8 for accounting records.
. Added requirement in 4.9 that preferential treatment must be
applied to call control signaling as well as to voice packets.
. Added requirement in 4.10 for interworking between Assured Service
and other priority schemes (e.g., IEPS)
(IEPREP) -01
- Updated references
- Moved informative material to Annex
- Clarified requirement statements
(IEPREP) -02
- clarified some text
- made individual requirements into bulleted, named items instead
of freeform text
- moved additional informational material to a separate draft
2. Background
In the circuit switched environment, specific circuits or channels
are used for each call. These are typically 64 kbps channels which
were normally part of a Time Division Multiplexed (TDM) transmission
structure. These transmission channels are almost always
interconnected and switched by Time Division Switching technology
(often referred to as "TDM switching").
More recent developments use packet/cell based transport instead of
dedicated 64 kbps channels, often coupled with packet/cell-based
switching, however, the effect is the same. There is still a
dedicated transport capacity assigned for each call.
Assured Service in the circuit switched environment may be provided
by one or more of the following techniques.
Mike Pierce Expires July 2004 [Page 4]
Internet Draft Requirements for Assured Service January 2004
. Giving priority to return of dial tone (IEPS - note)
. Marking of signaling messages for better handling, for example,
being last to be dropped in case of congestion in the signaling
network (HPC)
. Extra routing possibilities for higher priority calls (IEPS -
note)
- Queuing for network resources (HPC)
. Exemption from restrictive management controls such as hard-to-
reach codes and code gapping (IEPS - note)
. Reservation of specific facilities (trunks) for higher priority
traffic (IEPS - note)
. Higher priority calls may preempt existing lower priority calls,
causing the network to release the lower priority call to free
up resources for immediate reuse by the higher priority call
(MLPP)
(Note: Capabilities included within IEPS [E.106] are listed here for
reference only but are not dealt with further in this document.)
Identification of traffic authorized to use one or more of these
techniques may be via the following or similar methods:
. Calls placed from physical lines or devices authorized for
signaling a higher priority for a call
. Calls placed to specific telephone numbers or blocks of numbers
. Entry of a special ID code and PIN from any telephone device to
identify that this call should receive special service.
. Use of a "smartcard"
3. High Level Requirements
While the existing requirements and capabilities have been developed
with the circuit switched environment in mind, many are directly
applicable to the packet environment and specifically the Voice over
IP application being defined using SIP. Some of the capabilities
need to be adapted or modified for application in the packet mode
environment. In addition, there will likely be new techniques which
can be defined specifically for the SIP case.
Mike Pierce Expires July 2004 [Page 5]
Internet Draft Requirements for Assured Service January 2004
At a high level, the Assured Service requirements can be stated as
the need to ensure that mission critical voice-mode calls get set up
and remain connected.
As a result of this, calls designated as being at a lower precedence
level are presumed to be less important and may be adversely
affected by various techniques used to provide the preferential
treatment to the important, mission-critical calls. For example, the
lower precedence calls may temporarily experience reduced quality as
their packets are discarded.
This memo does not address issues related to incorrect assignment of
the authority to use precedence levels or the incorrect use of
levels, for example, if the user can not or does not specify a high
enough precedence level for the nature of the call.
(While this memo focuses on Voice over IP, there should be a
consideration of the impact/solutions for other media flows which
carry mission critical communication, for example, file transfers,
video, and instant messaging. Most of the functional requirements
can be equally applied to these other media.)
4. Functional Requirements
While the functional requirements for Assured Service detailed here
are specifically those needed to support the US government
requirements for the Defense Switched Network (DSN), it is believed
that at least a subset of those requirements are applicable to other
government networks as well as some commercial (non-government)
networks. This memo concentrates on those portions mentioned in
Section 2 which are derived from the requirements for MLPP as
defined in the American National Standard [T1.619].
The basic requirements are defined as follows;
4.1. Precedence Level Marking
Each call or session within an Assured Service network is labeled
with a precedence level as determined by the calling party at the
beginning of the call. If not chosen by the caller, the default is
to the lowest precedence level. The called party does not have any
control over the precedence level for a call or session.
To meet this general functional requirement, the following specific
requirements apply:
Prec-1 It MUST be possible to assign each user the highest
precedence level they are entitled to use.
Prec-2 It MUST be possible for the originator of a call to select
Mike Pierce Expires July 2004 [Page 6]
Internet Draft Requirements for Assured Service January 2004
and signal one of the multiple precedence levels for the
call, with the call defaulting to the lowest level if none is
specified. The precedence of each call is independent, that
is, it is selected for each call.
Note: One current network for which this is intended uses
five levels, but other numbers of levels are possible. In no
case is it necessary to support more than 15 levels.
Prec-3 It MUST be possible to carry this call associated precedence
level unchanged though the IP network as a part of the Call
Control Signaling (for example, in SIP).
Prec-4 It MUST be possible to deliver the originally signaled
precedence level to the called party.
4.2. Authentication/Authorization
Not all users are allowed to signal higher precedence levels.
Therefore, a means is necessary to determine and allow only the
authorized users the ability to signal these higher precedence
levels. The following specific requirements apply:
A&A-1 It MUST be possible to verify that the calling party is
authorized to use the Assured Service and the requested
precedence level value if higher than the lowest.
A&A-2 It MUST be possible to take the appropriate action if the
calling party attempts to use a level which is higher than
authorized. The preferred action is to reject the call, and
send an indication of the reason to the caller.
4.3. Preferential Treatments
Since it is expected that congestion may occur in various parts of a
network, it is required that one or more preferential treatments can
be applied to any call or session which is signaled with a higher
precedence level relative to already existing calls or sessions if
that call would cause congestion. This is required to manage the
effects of congestion, for example, delay, delay variation, and
loss, at key points. The actual measures applied depend on the
situation, but support for the following are required:
4.3.1. Call/Session Treatment
Pref-1 It MUST be possible to block setup of a new call if that call
would cause congestion. This is called Call Admission Control
(CAC).
Pref-2 It MUST be possible to apply different limits for CAC for
various call precedences, that is, in some cases, a higher
Mike Pierce Expires July 2004 [Page 7]
Internet Draft Requirements for Assured Service January 2004
precedence call may be allowed to be established while a
lower precedence would not.
Pref-3 It MUST be possible for an endpoint to release an existing
(lower precedence) session in favor of completing a new
session signaled to it (at a higher precedence).
Pref-4 It MUST be possible for a network node to release an existing
network resource reservation in favor of a higher precedence
session. This might involve releasing one or more
reservations in the process of providing enough bandwidth for
the new packet flow.
Pref-5 Preferential treatment SHOULD NOT be provided through any
scheme of dedicated or pre-reserved bandwidth or resources.
Pref-6 In those cases in which such dedication or reservation of
bandwidth or resources is used, when such dedicated or pre-
reserved bandwidth or resources have been consumed by the
high precedence traffic, further traffic of that same high
precedence MUST NOT be provided worse treatment than any of
the lower precedence levels.
4.3.2. Packet Transfer Treatment
Pref-7 It MUST be possible at any point of congestion to determine
which packets require preferential treatment over other
packets, including for voice media packets.
Pref-8 It MUST be known by the device experiencing congestion what
to do with two or more competing packets.
Pref-9 It MUST be possible for a network node to discard packets for
lower precedence calls in favor of those for higher
precedence calls.
Pref-10 Media packets MUST NOT starve all potential bandwidth of a
node interface, thus not allowing signaling packets through
that same interface. (Note that this requirement is not
unique to Assured Service.)
4.3.3. Procedural Requirements
Pref-10 It MUST be possible to detect various congestion conditions
which might require preferential treatments to be applied.
Pref-11 Preferential treatment measures used to manage congestion
MUST be automatic and MUST NOT have to be manually "turned
on" in reaction to a congestion event of any kind.
Pref-12 The application of preferential treatment MUST not require a
Mike Pierce Expires July 2004 [Page 8]
Internet Draft Requirements for Assured Service January 2004
significant delay to activate (such that it is noticeable to
the party originating a precedence call).
Possible methods of providing Preferential Treatment using the
provisions of this memo, as well as other existing IETF protocols,
are described in [Pierce1].
4.4. Diversion if Not Answered
In situations is which the called party is busy and can not be
preempted or in which the called party does not answer, it is
required to provide a diversion service to a predetermined address
for any call signaled with a precedence level above the lowest. The
following apply:
Div-1 If a precedence call (one higher than the lowest level) is
blocked by the called party being busy with a call of equal
or higher precedence, the call MUST be diverted to a
predetermined alternate party.
Div-2 If a precedence call is not answered within a designated
time, the call MUST be diverted to a predetermined alternate
party.
While the actual requirement previously was for a single "diverted-
to" address for an entire "switch", this is not feasible in the IP
case, so the specification of the "diverted-to" address is assumed
to be per called user. In general, it is expected that this
diversion capability will operate similar to a normal "Call
Forwarding on No Answer" service.
4.5. Notifications
It is required that a user who is currently on a call/session and is
preempted either at the remote end or in between be notified of this
event. Generally a distinct tone is provided, after which the
call/session is released.
Noti-1 All preempted parties MUST be provided with a distinct
notification informing them that their call has been
preempted.
Specific notifications are required to inform the calling party of
reasons for a precedence call not being successful. They are the
following:
Noti-2 When a user attempts to use a precedence level to which they
are not authorized, the caller MUST be notified of this fact.
The notification MUST NOT provide an indication of what level
is authorized.
Mike Pierce Expires July 2004 [Page 9]
Internet Draft Requirements for Assured Service January 2004
Noti-3 When a precedence call can not be established due to the
called party being busy at an equal or higher precedence with
no alternate party diversion possible or due to no
preemptable resources in the network, the caller MUST be
notified of this fact. The caller MUST NOT be notified what
precedence level would be necessary to successfully complete
the call.
4.6. Acknowledge by Preempted Party
When a user is involved in a call/session and that call/session is
preempted in favor of establishing a higher precedence call/session
with that same user, the user is required to actively accept this
new call before the media is connected. This is no different from
normal calls.
Ack-1 When an existing call has been preempted for delivery of a
higher precedence call to the same party, the party MUST
acknowledge the preemption before the new call is connected.
That is, there MUST be a positive acknowledgement before any
audio information is transferred in either direction.
4.7. Protection of Signaling/Routing Information from Disclosure
Although protection is not actually an integral part of the Assured
Service functionality, it is specifically identified here since this
capability is generally required in those networks which are assumed
to be the primary users of Assured Service.
Prot-1 Sensitive information MUST NOT be made available to non-
secure portions of the network or to any non-secure network
through which the traffic passes.
Prot-2 Sensitive information MUST NOT be accessible by users
connected to the network.
Prot-3 Precedence information regarding each call (as well as the
other information such as calling/called party identity)
SHOULD be protected from disclosure.
This non-disclosure requirement especially applies to information
which is used to control link state routing protocols based on
knowledge of the current traffic load at each precedence level on
each route or through each router.
4.8. Accounting
Proper administration of the Assured Service capability requires
that use of the service can be reviewed after the fact for potential
abuse.
Mike Pierce Expires July 2004 [Page 10]
Internet Draft Requirements for Assured Service January 2004
Acct-1 It MUST be possible for the appropriate records to be kept of
calls made, including the calling and called parties'
identities, time of the call, duration, and the precedence
level used. This is similar to the requirements for Call
Detail Recording (CDR) for billing purposes for other
services in a commercial environment.
4.9. Call Control Signaling Precedence
Since it competes for the same transport resources as the voice
packets, it is essential that preferential treatments can be applied
to the call control signaling. Specifically the following apply:
CC-1 The call control signaling MUST NOT adversely affect the
voice (e.g., by introducing excessive packet delay variation
due to extremely long messages).
CC-2 The voice traffic MUST NOT significantly delay important call
control signaling (e.g., by preventing release messages from
getting through).
4.10. Interworking
Although Assured Service will likely be the only priority scheme
within many network using it, it still needs to interwork with other
schemes.
Int-1 Assured Service calls MUST interwork with other priority
schemes which are being provided within the same network,
such as the one defined for [ETS]. This includes the
following two cases:
a. both types of traffic may exist in a single network, for
example, an IEPS call may be originated from within a network
which also supports "Assured Service" calls. Procedures to
determine the relative priority and the resulting
preferential treatment are required.
b. a network which provides "Assured Service" needs to
support interworking of calls to and from a network which
provides another scheme such as IEPS as well as another
network which provides "Assured Service". Mapping between the
precedence levels of the two networks must be supported.
5. Security Considerations
5.1. Authentication/authorization of User Access
There is a need within SIP to authenticate/authorize all access to
capabilities, since virtually any function could be misused,
resulting in harm to the network or to other users. Because Assured
Mike Pierce Expires July 2004 [Page 11]
Internet Draft Requirements for Assured Service January 2004
Service is intended to provide an authorized user with better
service than other users, including the potential of actually
preempting resources, it is even more important to
authenticate/authorize the user's access to the Assured Service
capabilities. However, the requirement already exists for all cases,
not just Assured Service, therefore the solution is not unique to
Assured Service.
5.2. Security of Signaling Information
The need to protect signaling information from disclosure is
independent from the provision of Assured Service. Many networks
have long been built on the premise that such information needs to
be protected. Bulk encryption of signaling links (as well as the
user data channels) between secure switches provided much of this
protection. In addition, the Signal Transfer Points of the SS#7
network could be physically secured against unauthorized access. It
should be noted that commercial networks have recognized the need
for the same level of protection previously only applied to various
government networks.
In the IP environment, the signaling packets traverse many routers
and could be accessed by unauthorized persons at any one of them.
While the contents of the individual signaling messages could be
hidden by encryption of the request and response for end-to-end
protection of information, the IP header must be visible to
intermediate routers. It is preferable to not require decryption/
encryption at each router. The approach has been to encrypt the
contents of the IP packets (the signaling message) but not the IP
headers which are needed by the routers. However, the IP headers
themselves may contain sensitive information such as precedence
level and ways to identify the called party, or least the location
of the called party.
5.3. Security of Routing Data
In IP today, there is no Routing Data to secure. When enhancements
are made to provide for route selection, especially to route around
congestion, procedures must be developed to prevent unauthorized
access to that data. It is presumed that procedures will also be
required to prevent unauthorized modifications.
5.4. Security of User Data
While there may typically be a greater need to protect the user data
(voice packets) of a call which utilizes priority, since such a call
may often be more sensitive than calls for which no priority is
specified, this requirement is not unique to the Assured Service,
and therefore no specific requirements are given here. The same
requirements exist for non-Assured Service traffic.
Mike Pierce Expires July 2004 [Page 12]
Internet Draft Requirements for Assured Service January 2004
6. IANA Considerations
There is no IANA involvement in support of Assured Service beyond
what is described for the Resource Priority Header [Resource].
7. References
[T1.523] ANSI T1.523-2001, "Telecommunications Glossary".
[T1.619] ANSI T1.619-1992 (R1999) and ANSI T1.619a-1994 (R1999),
"Multi-Level Precedence and Preemption (MLPP) Service, ISDN
Supplementary Service Description".
[T1.631] ANSI T1.631-1993 (R1999), "Telecommunications - Signalling
System No. 7 (SS7) - High Probability of Completion (HPC) Network
Capability".
[E.106] ITU-T Recommendation E.106 (2003), "International Emergency
Preference Scheme for Telecommunications for Disaster Relief
Operations(IEPS)".
[F.706] ITU-T Recommendation F.706 (draft), "International
Preference Scheme for Multimedia Service in Support of Disaster
Relief Operations and Mitigation".
[I.255.3] ITU-T Recommendation I.255.3 (1990), "Multilevel
precedence and preemption service (MLPP)".
[Q.735.3] ITU-T Recommendation Q.735.3 (1993), "Description for
community of interest supplementary services using SS No. 7 -
Multilevel precedence and preemption (MLPP)".
[Q.955.3] ITU-T Recommendation Q.955.3 (1993), "Description for
community of interest supplementary services using DSS1 - Multilevel
precedence and preemption (MLPP)".
[RFC3261] "SIP: Session Initiation Protocol", J. Rosenberg, et al,
June 2002.
[ETS] draft-ietf-ieprep-framework-06, "Framework for Supporting ETS
in IP Telephony", Ken Carlberg, et al, Oct 2003.
[Pierce1] draft-pierce-ieprep-pref-treat-examples-02, "Examples for
Provision of Preferential Treatment in Voice over IP", Mike Pierce,
et al, January 2004.
[Resource] draft-ietf-sip-resource-priority-01, "SIP Communications
Resource Priority Header", Henning Schulzrinne and James Polk, July
2003.
Mike Pierce Expires July 2004 [Page 13]
Internet Draft Requirements for Assured Service January 2004
8. Acknowledgements
The authors would like to thank James Polk and Fred Baker for the
many suggestions made to improve this document throughout its
development.
9. Authors' Addresses
Michael Pierce
Artel
1893 Preston White Drive
Reston, VA 20191
Phone: +1 410.817.4795
Email: pierce1m@ncr.disa.mil
Don Choi
DISA
5600 Columbia Pike
Falls Church, VA 22041-2717
Phone: +1 703.681.2312
Email: choid@ncr.disa.mil
Full Copyright Statement
Copyright (c) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Mike Pierce Expires July 2004 [Page 14]