Internet Engineering Task Force                                  Authors
INTERNET DRAFT                                     R. Rajan/J. C. Martin
                                                    IBM/Sun Microsystems
                                           S. Kamat/M. See/ R. Chaudhury
                                                      IBM/Xylan/ Telstra
                                        D. Verma/ G. Powers/ R. Yavatkar
                                                   IBM/ Packeteer/ Intel
                                                        23/ October/1998


 Schema for Differentiated Services and Integrated Services in Networks
                  draft-rajan-policy-qosschema-00.txt

   Status of Memo

      This document is an Internet-Draft.  Internet-Drafts are
      working documents of the Internet Engineering Task Force
      (IETF), its areas, and its working groups.  Note that
      other groups may also distribute working documents as
      Internet-Drafts.

      Internet-Drafts are draft documents valid for a maximum of
      six months and may be updated, replaced, or obsoleted by
      other documents at any time.  It is inappropriate to use
      Internet-Drafts as reference material or to cite them other
      than as ``work in progress.''

      To learn the current status of any Internet-Draft, please
      check the
      ``1id-abstracts.txt'' listing contained in the
      Internet-Drafts Shadow Directories on ftp.ietf.org (US
      East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West
      Coast), or munnari.oz.au (Pacific Rim).

   Abstract

      This document describes the structure of a directory schema
      to enable and support administration of differentiated
      services and/or integrated services within and among
      Internet domains, intranets, and extranets.  This draft
      replaces draft-ellesson-sla-schema-00.txt.













rajan, martin, kamat, see        Expires 23/ April/ 1999        [Page i]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


1. Overview

   Integrated services with RSVP [2] signaling approach seeks to
   provide per-flow QoS assurances with dynamic resource reservation.
   A flow is defined by the 5-tuple (source address, destination
   address, protocol, source port, destination port).  In this context,
   there is a need to provide policy control of individual flows, and
   regulate their ability to reserve network resources.  (See [8]
   for a discussion of policy based admission control framework and
   sample policies).  Differentiated services[6], on the other hand,
   are aimed at traffic aggregates that may not correspond to fine
   grained flows.  This approach may rely more on administrative control
   of bandwidth, delay or dropping preferences, rather than per-flow
   signaling protocols to communicate the service level information
   to network elements.  For such services we wish to enable flexible
   definition of class-based packet handling behaviors and class-based
   policy control.  (See [6] for a discussion of DiffServ framework and
   sample behavior/service descriptions).

   In either of these environments, network administrators need the
   ability to define and administer different types of services for
   customers.  Administrative policies tend to change infrequently, and
   can be conveniently stored in a directory based repository which may
   be distributed across multiple physical servers, but is administered
   as a single entity by the network administrator.  Furthermore,
   this information must be propagated to network elements such as
   hosts, proxies and routers, that actually implement the policies and
   preferences by classifying traffic to identify its level of service,
   and apportioning resources according to defined resource regulation
   policies.

   This document describes a common language for describing
   administrative policies for integrated services and differentiated
   services in terms of an LDAP schema.  Currently, LDAP [4] is a widely
   deployed industry standard for accessing directory information, and
   hence LDAP based administration of these customer service level
   preferences and the associated resource regulation policies seems a
   natural approach.  We envision that policies embodied as LDAP schema
   will be stored on directories and downloaded to devices such as
   hosts, routers, policy servers, proxies, etc., that implement the
   policies.  The use of LDAP assures a standard, widely deployed and
   simple protocol for directory access.

   The details of the architecture within which this schema will be
   deployed, is presented in a seperate draft (citation TBDs).  This
   architecture for network resource control involves a management tool,
   a policy repository, a policy decision point and a policy enforcement
   entity.  The network administrator uses the management tool to



rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page ii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


   populate the policy repository with a number of policy rules that
   regulate access/use of network resources.  These rules could specify
   for instance, the service category to be employed for a particular
   application, how much bandwidth is allocated to a particular flow or
   TOS category, the maximum number of flows to be supported between
   two subnets, etc.  In any case, the administrator-specified rules
   are stored in the policy repository in a well understood format
   or schema.  The decision entity downloads the policy rules.  The
   enforcement entity is the host or router which encounters (data
   or signaling) packet flowing across the network.  It queries the
   decision entity for specific actions that are to be applied in
   conditioning the packet stream.  The next section describes the scope
   of the schema, following which we discuss policy rule matching and
   present the detailed schema.  The draft concludes with a section on
   examples.  For an explanation of terminology employed to describe
   network policy and services in this document, please refer to [13].


1.1. Objectives and Scope

   This document aims to support QoS policies for differentiated and
   integrated services networks that fall within the following three
   scenarios:

    -  Integrated services secured through the use of RSVP signaling,
       within or across domains.  The use of policy in such an
       environment allows enterprises to be able to police QoS requests
       on a per-flow, per-user or per-application basis.  Directory
       schema are meant to be used in conjunction with the use of the
       policy elements in RSVP signaling messages, to enable routers to
       identify users and applications to which policy must be applied.

    -  Differentiated services secured through provisioning within a
       domain, and, in an inter-domain scenario, bilateral agreements
       across peer network boundaries.  In such cases, policies are used
       to map across the two domain specific semantics, and enforce
       access control restrictions, such as ensuring that the amount of
       in-profile traffic is within the specified contractual limits.

    -  Integrated services secured within a domain, being mapped onto
       differentiated services across domains.  In such cases, policies
       are needed at the domain boundary to translate between Integrated
       and Differentiated service semantics, to enforce traffic
       monitoring and to provide access control to network resources.

   Two important scenarios, not explicitly supported by the schema in
   this draft, but which may be covered by extensions to it are:




rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page iii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


    -  RSVP aggregation, i.e., the mapping of several RSVP flows into
       pre-configured RSVP tunnels,

    -  Support of differentiated services using RSVP tunnels.

   We have the following objectives in defining this schema.

    1. The directory provides a convenient repository of the resource
       regulation policies, which may be used by a wide variety
       of clients that actually enforce the resource regulation
       rules.  As illustrated before, there are at least three such
       potential clients for the near term:  1) an edge device that
       marks/drops/buffers/schedules certain packets to enforce a
       service differentiation policy, 2) an RSVP capable router that
       accepts/denies resource reservation requests based on allowed
       policies, and 3) hosts capable of packet marking and traffic
       conditioning.  We would like the schema definition to be generic
       enough to support a wide range of resource control environments
       including the clients mentioned above.

    2. When viewed in the context of resource control policies, the
       associated schema can be considered to provide a ``language''
       for defining these policies.  From this perspective, we desire
       that the schema should facilitate definition of a wide range
       of policies varying in their complexity.  Simple policies (the
       common case) should be easy to specify, and there should be
       sufficient hooks to define sophisticated policies within the
       schema.  Using the language analogy, an administrator's ability
       to define sophisticated resource regulation policies should not
       be limited by the structure of the schema, although it may be
       limited by the available implementation of the policy enforcement
       environment.

    3. The schema should facilitate simple addition and deletion
       of new rules, automated checks for rule ambiguities, and
       allow for diverse methods (varying in efficiency and ease of
       implementation) to be employed in the policy decision entity to
       search through rules.


2. Class Hierarchy

   In this section, we describe the inheritance hierarchy and the
   relationship between various classes.  We define a structural
   LDAP object class called Policy as the container for policy
   rules.  An object of this class will ``piece together'' several
   policy components relating to differentiated services, RSVP and
   IPSec based VPNs [10].  In this section we largely focus on the



rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page iv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


   PolicyRules object class itself and not on where it is placed in the
   organization's existing directory tree.  However, the Policy class
   described here is best understaod within the Common Information
   Model [11] of the Directory Management Task Force or the directory
   structure proposed by the Directory Enabled Networks specification
   [9].

   The class hierarchy in the schema is given below.


                   Top
                    |----Policy
                    |
                    |----PolicyCondition
                    |      |
                    |      |--IPPolicyCondition
                    |
                    |-----UserIDCondition
                    |
                    |----PolicyValidityPeriod
                    |
                    |----PolicyAction
                    |       |----RSVPAction
                    |       |----DiffServAction
                    |       |----TCPAction
                    |       |----ISAKMPAction
                    |       |----IPSecSecurityAction
                    |
                    |----DiffServResourceGroup
                    |----RSVPResourceGroup
                    |----IPSecProposal
                    |----ISAKMPProposal
                    |----IPSecTransform
                    |----IPSecPrivateDiffieHellmanGroup
                    |
                    |----PolicyContainmentAuxClass


   The schema described above closely follows the policy class hierarchy
   described in the document ``Information Model and Base Schema''
   version 3.0r5 released by the Directory Enabled Network AdHoc
   Group.  The schema described in this document expands on the DEN
   specification but differs in a few significant details.








rajan, martin, kamat, see        Expires 23/ April/ 1999        [Page v]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


3. Policy Rules

   The Policy object class is instantiated by LDAP entries, where each
   entry encodes a policy rule that specifies the resources and services
   that are allowed (or denied) to a stream of packets.  An entry is
   composed of several attributes.  Each attribute is of a certain type,
   and has one or more values.  The two principal components of a policy
   rule are objects of the type PolicyCondition and and PolicyAction.
   These two objects describe a rule through the relation

  if <PolicyCondition> then <PolicyAction>.

   A PolicyCondition object is defined by the values of a collection
   of certain attributes that are typically used to determine when a
   policy rule applies.  A typical condition is, for instance, a range
   of source addresses (or a source address and mask) to which the
   policy applies.  An action is defined by a collection of attributes
   that detail permissions or additional behaviours that the policy
   enforcement entity should perform for the given condition.  For
   instance, the value of attribute PolicyConditionRef could be the
   distinguished name of an object that places restrictions on the
   source address range of IP packets, while PolicyActionRef could
   be the distinguished name of a DiffServAction object that fully
   describes the treatment of a flow with respect to TOS marking and QoS
   requirements.

   Conditions and actions may each be of different types.  For instance,
   a PolicyCondition object may place restrictions on, or otherwise
   refer to information contained in IP header fields such as source
   addresses, or to information contained inside signalling packets
   as with RSVP PATH or RESV messages, or may refer to information
   regarding the layer 2 protocol such as restrictions on MAC addresses.
   In this draft we take a simple, first cut approach to such issues,
   covering the most common policy cases, but allowing for future
   extensions to this draft or to policy standards.  We allow the
   class PolicyCondition to be expanded through an auxillary class
   IPPolicyAuxCondition which allows for conditions based on IP
   header fields, or through the class UserIDPolicyAuxCondition which
   allows for conditions based on user IDs.  Similarly, the class
   PolicyAction is subclassed into a number of protocol or service
   specific actions -- DiffServAction, RSVPAction, IPSecSecurityAction
   and IPSecISAKMPAction.  Both the PolicyCondition class and the
   PolicyAction class may be easily extended in future.








rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page vi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


4. Ascertaining Applicability of Policy Rules

   Typically, the policy decision entity needs to ascertain which
   actions to apply to a particular (data or signalling) packet based on
   the rules that it has downloaded from the repository.  In doing so,
   it must combine logical information that has been organized through
   the schema structure where policy rules are made up of condition
   and action attributes, and these attributes may assume one or more
   values.  We now explain the process of ascertaining whether a packet
   meets a condition.

   Consider a PolicyCondition object composed of several attributes
   attribute1, attribute2, ..., each potentially assuming one or
   more values (value1-1, value1-2,...), (value2-1,value2-2,...),...,
   respectively.  The packet header has several fields (field1,
   field2,...).  We say that the packet meets the condition if field1
   belongs to any of the sets value1-1, value1-2 AND if field2 belongs
   to any of the sets value 2-1, value2-2, AND so on.  Thus, the check
   of if packet matches condition can be written as

if (((field1 belongs to value1-1) OR (field1 belongs to value1-2) OR ...)
                                AND
    ((field2 belongs to value2-1) OR (field2 belongs to value2-2) OR ...)
                                AND
                                ...
   )

   Most attributes are NOT multi-valued, and exceptions such as
   Interface (denoting the incoming and outgoing interfaces on which the
   rule is applicable) or TimeOfDay (denoting the time of day when the
   rule is applicable) have been introduced only where unavoidable.  As
   an example, consider a packet with source address 8.2.3.1, source
   port 50, destination address 7.2.3.1, destination port 51, protocol
   22 arriving at a router on the interface 3, departing on interface 5
   being matched against the following condition.

Attribute                           Values

SourceAddressRange           8.0.0.0 : 8.255.255.255
SourcePortRange                   50 : 51
DestinationAddressRange      7.2.0.0 : 7.2.255.255
DestinationPortRange              50 : 51
Protocol                           0 : 100000   (May be omitted)
Interface                          1 : 5        (format - incoming:outgoing)
                                   2 : 5
                                   3 : 5





rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page vii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


   It is easy to check that the packet meets the condition, but another
   packet destined to the address 9.2.19.250 would not.

   Now, the policy decision point successively evaluates multiple rules
   and in order to choose the one that matches.  Thus, it checks

RULE 1: if (packet meets condition1) then perform (action1-1, action1-2, ...)
RULE 2: if (packet meets condition2) then perform (action2-1, action2-1, ...)
etc.

   Here the logical operator that is used to combine the rules is an
   AND, i.e.,

RULE 1  AND RULE 2

   If the rules are mutually exclusive, i.e., no packet can ever
   meet both conditions, then the actions corresponding to the one
   that applies are performed.  What does the decision entity do if
   both conditions are applicable?  In some cases, action 1 could be
   compatible with action 2, i.e., it may be possible to perform both
   actions.  As an example, if action1 is a directive to encapsulate the
   packet, and action2 indicates the QoS stream the packet belongs to,
   then the packet is encapsulated and then given the right QoS. On the
   other hand, if the actions are incompatible, then the operation of
   the decision entity could be undefined.

   Rule consistency is desirable whenever possible.  However, for
   purposes of administrative convenience, it is often useful to
   introduce temporary rules that override others, without having to
   remove the overriden rule -- for example, special rules for New
   Year's day.  We allow for this by optionally attaching priorities
   to rules.  Potential ambiguities are thus resolved by assigning a
   higher priority to the overriding rule.  In the earlier example, for
   instance, if rule 2 has higher priority, then the decision point
   performs all the actions specified in rule 2, and all the compatible
   actions specified in rule 1.  Hence, the right interpretation of the
   rule set is:

if (packet meets condition2) then perform (action2-1, ...)
                         AND
if (packet meets condition1) then
     if (action1-1) is compatible then perform it
     if (action1-2) is compatible then perform it
                    ...

   It is very simple to check for compatibility.  Actions correspond a
   few basic scopes -- RSVP, DiffServ, IPSec, and so on.  We need to
   collect no more than one action of a particular scope.



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page viii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


5. The class Policy

   The Policy object class is the container class for the policy rules.
   It contains a number of entries, each entry encodes a policy rule
   that specifies the resources and services that are allowed (or
   denied) to a stream of packets.  An overview of the class Policy is
   presented below, followed by the detailed sytax and semantics of
   various attributes.

NAME            Policy
TYPE            Structural
DERIVED FROM    Top
MUST
                CommonName,
                PolicyScope,
                PolicyConditionRef,
                PolicyActionRef,
                PolicyVersion
MAY
                PolicyRulePriority,
                PolicyKeyword,
                PolicyType,
                PolicyName,
                PolicyEnabled

   The syntax and semantics of the attributes of the class Policy are as
   follows:

NAME      CommonName
DESC      The common name for objects of this class. Used as relative
          distinguished name to identify object within a branch of
          directory tree.
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED

NAME      PolicyScope
DESC      Lists the services that are controlled through this policy
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
MULTI-VALUED
FORMAT    The currently defined values for this attribute are:
          DiffServ
          RSVP
          IPSec
          ISAKMP
SEMANTICS This attribute is used by the appropriate directory clients
          to fetch only those policy rules that are relevant for their



rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page ix]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


          functionality. The value  DiffServ' means the policy rule
          specifies DiffServ packet classification and traffic treatment.
          The value `RSVP' means specifes an RSVP policy
          decision point. The value `IPSec' means the policy refers
          to an IPSec action rule. The value `ISAKMP' means the policy
          refers to an ISAKMP action rule. Note that this is a multi-
          valued attribute, and the same rule may regulate multiple
          services for a packet stream.

NAME      PolicyConditionRef
DESC      Absolute Distinguished name of LDAP entry of the objectclass
          PolicyCondition, that identify the packets that the policy rule
          applies to.
SYNTAX    DN
EQUALITY  distinguishedNameMatch
SINGLE-VALUED

   The following reference attributes specify the treatment of packets
   that match the condition specified in the policy rule.  The value
   of a reference attribute is the distinguished name of an LDAP entry
   which is an object corresponding to a prespecified class.  For
   instance, if the value of the attribute PolicyActionRef is the
   distinguished name of an entry in the class RSVPAction, then the
   policy rule specifies the policy relating to the handling of RSVP
   signalling messages.

NAME      PolicyActionRef
DESC      Absolute Distinguished name(s) of LDAP entry, of the objectclass
          PolicyAction, that specifies permissions and restrictions
          that apply to the packets identified by the policy condition
SYNTAX    DN
EQUALITY  distinguishedNameMatch
MULTI-VALUED
SEMANTICS Multiple values are understood as logical AND; that is, all
          the actions must be performed


NAME      PolicyVersion
DESC      The version of the policy schema embodied by this policy.
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
FORMAT    The current draft specifies version ``1.0''
SINGLE-VALUED


NAME      PolicyKeyword
DESC      List of keywords that assist in locating this policy
SYNTAX    IA5String



rajan, martin, kamat, see        Expires 23/ April/ 1999        [Page x]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


EQUALITY  caseExactIA5Match
MULTI-VALUED
DEFAULT   No Keywords

NAME      PolicyType
DESC      Describes the types of a policy
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
MULTI-VALUED
FORMAT    The following values are allowed:
            ISAKMPPhase1
            ISAKMPPhase2
            IPSecDataLocal
            IPSecDataRemote
            RSVPSignalling
            RSVP-DiffServ
            DiffServ
SEMANTICS ISAKMPPhase1 denotes an ISAKMP Phase 1 policy
          ISAKMPPhase2 denotes an ISAKMP Phase 2 or Quick Mode policy
          IPSecDataLocal denotes a policy for securing locally
            originating data by IPSec. Local means either originating
            from the same host or from an host for which this host
            acts as a proxy
          IPSecDataRemote denotes a policy for securing remotely
            originating data by IPSec. Remote is the opposite of Local
            as defined before.
          RSVPSignalling denotes an RSVP signalling policy
          RSVP-DiffServ denotes a policy for mapping an RSVP traffic
            into a DiffServ pipe
          DiffServ denotes a DiffServ policy
DEFAULT   Unnamed Type

NAME      PolicyName
DESC      A user friendly name of this policy class
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
DEFAULT   No Name

   The following attribute defines relationships among multiple related
   rules within the policy repository.

NAME      PolicyRulePriority
DESC      Priority level for this rule. Used to resolve ambiguity in
          condition matching when the ranges specified in the Policy
          conditions overlap. Higher values of this attribute imply
          higher priority of the rule.
SYNTAX    INTEGER



rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page xi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


EQUALITY  integerMatch
SINGLE-VALUED
DEFAULT   The default value is 0 (lowest priority)
SEMANTICS Whenever a packet matches two rules of different priority,
          the rule with the higher value of PolicyRulePriority is
          applied.

NAME      PolicyEnabled
DESC      A flag describing whether the policy is currently enabled or
          disabled
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    The currently defined values for this attribute are:
               Enabled
               Disabled
DEFAULT   Enabled


5.1. PolicyContainmentAuxClass

   Policy rules may need to be grouped together for a number
   of different purposes -- organizational, security, ease of
   administration, or ease of retrieval by a policy decision point.  We
   reproduce the PolicyContainmentAuxClass from the DEN specification
   [9] that serves the useful purpose of grouping policies together.
   This auxillary class definition is as follows:

NAME                  PolicyContainmentAuxClass
TYPE                  Auxillary
DERIVED FROM          Top
AUXILIARY CLASS       None
POSSIBLE SUPERIORS    Organization, OrganizationalUnit, Group,
                      GroupOfDevices
MUST                  PoliciesContainedRef
MAY

   The syntax and semantics of its sole attribute are as follows:

NAME      PoliciesContainedRef
DESC      Absolute distinguished names of policies grouped together
          for some (context-dependent) purpose.
SYNTAX    DN
EQUALITY  distinguishedNameMatch
MULTI-VALUED






rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


6. Policy Conditions

   In this section we define the abstract class PolicyCondition, its
   subclass IPPolicyCondition, and the class UserIDCondition.  These
   classes list the conditions that must be statisfied by a stream of
   packets in order for the referring rule to apply to that packet
   stream.

   The reason for subclassing PolicyCondition is to allow extensibility
   to other networking protocols through sub-classes such as
   ATMPolicyCondition (for instance).

NAME                  PolicyCondition
TYPE                  Abstract
DERIVED FROM          Top
AUXILIARY CLASS       None
MUST                  CommonName
MAY                   PolicyConditionName
                      PolicyValidityPeriodRef

   The detailed syntax and semantics of the attributes is as below:

NAME      CommonName
DESC      The common name of the policy condition object. Unique within a
          limited scope and used to identify the object within the
          directory tree.
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED

NAME      PolicyConditionName
DESC      The user friendly name of this entry.The Name related attributes
          are only for ease of user administration.
EQUALITY  caseExactIA5Match
SYNTAX    IA5String
SINGLE-VALUED

   The next attribute is a reference to PolicyValdityPeriod object that
   identifies the entry that limits the temporal scope of the policy to
   specified periods of time.

NAME     PolicyValidityPeriodRef
DESC     Absolute distinguished name(s) of an PolicyValidityPeriod
         object that specifies the times that the policy is active.
SYNTAX   DN
EQUALITY distinguishedNameMatch
MULTI-VALUED
DEFAULT  Policy applies at all times



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xiii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


6.1. The class IPPolicyCondition

   The class PolicyCondition is now specialized to deal with IPv4 packet
   headers in the class IPPolicyCondition.

NAME                  IPPolicyCondition
TYPE                  Structural
DERIVED FROM          PolicyCondition
AUXILIARY CLASSES     none
MAY                   Interface,
                      SourceIPAddressRange,
                      DestinationIPAddressRange,
                      SourcePortRange,
                      DestinationPortRange,
                      IPProtocolNumberRange,
                      ReceivedTOSByteCheck
                      HostUserIDRef


   The first attribute limits the spatial scope of the policy rule by
   identifying specific router interfaces where the policy is to be
   applied.

NAME     Interface
DESC     An attribute that limits the scope of the policy to packets on
         specified  interface(s) and the direction(s) of traffic on these.
SYNTAX   IA5String
EQUALITY caseExactIA5Match
MULTI-VALUED
FORMAT   Three colon seperated strings. The left-most string is a numeral
         denoting the type of the specification, followed by the incoming
         and outgoing interface identifiers. Currently defined type/value
         formats are
         1:<IPv4Address>:<IPv4Address>
         2:<InterfaceID>:<InterfaceID>
         The IP addresses are in dotted decimal notation. The interface
         IDs are integers unique to the host device.
         The first address string specifies a restriction of the rule
         to traffic inbound on the interface, and the rightmost string
         specifies a corresponding restriction of the rule to traffic
         outbound from that interface.  An unspecified interface(s)
         defaults to all interfaces on the device that this rule
         applies to.
DEFAULTS Defaults to traffic inbound on all interfaces, outbound on
         all interfaces.

EXAMPLE  1:9.3.1.52:9.2.1.54 (Applies to traffic inbound on 9.3.1.52
                              and outbound on 9.3.1.54)



rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xiv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


         1:9.3.1.32: (Applies to traffic inbound on 9.3.1.52
                      outgoing from any interface)
         2::3        (Applies to traffic outbound on interface 3
                       arriving on any interface)

NAME      SourceIPAddressRange
DESC      Source IP addresses to which the policy applies
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    SourceIPAddressRange is of the following form: three colon (':')
          separated strings denoting a range of IP addresses. The formats
          currently defined are:

         1:<IPv4Address>:<CIDRPrefixLength>
                The IP v4 address is in dotted decimal format. The
                CIDRPrefixLength is the number of unmasked leading bits.
                A packet matches the condition if the unmasked
                bits on the packet are identical to the unmasked bits on the
                condition.

         2:<IPv4Address>:<IPv4Address>
                IP addresses in dotted decimal format. The second
                address must be no smaller than the first. The first
                denotes the start of the range, and the second denotes
                the end of the range. A packet matches the condition
                if its source address is no smaller than the first
                IP address in the condition, and no larger than the
                second.

         3
                Indicates policy applies to locally generated packets.
DEFAULT   Defaults to the entire address range, i.e., every packet
          matches the source address range condition.

EXAMPLE   1:83.23.23.1:24
              A packet with source address 83.23.23.5 matches.
              A packet with source address 83.23.24.1 does not.
          2:83.23.23.0:83.28.28.0
              A packet with source address 83.23.23.5 matches.
              A packet with source address 83.29.24.1 does not.

NAME      DestinationIPAddressRange
DESC      Destination IP addresses to which policy applies
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    Identical to that of SourceIPAddressRange above.



rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page xv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


          The value of ``3''indicates a locally destined packet.
DEFAULT   Defaults to the entire address range, i.e., every packet
          matches the destination address range condition.


NAME      SourcePortRange
DESC      Source Ports to which policy applies
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    String consisting of two colon separated positive
          integers, the second no smaller than the first, or one
          positive integer.
DEFAULT   Defaults to the entire port range 0 to 65535, i.e., every
          packet matches the destination address range condition.
EXAMPLE   8000:8080 (ports 8000 to 8080),
          8000 (only port 8000)


NAME      DestinationPortRange
DESC      Destination Ports to which policy applies
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    String consisting of two colon separated positive
          integers, the second no smaller than the first, or one
          positive integer.
DEFAULT   Defaults to the entire port range 0 to 65535, i.e., every
          packet matches the source address range condition.

NAME      IPProtocolNumberRange
DESC      Protocol numbers to which policy applies
SYNTAX    INTEGER
EQUALITY  integerMatch
SINGLE-VALUED
FORMAT    String consisting of two colon separated positive
          integers, the second no smaller than the first, or one
          positive integer.
DEFAULT   Defaults to the entire protocol range 0 to 255, i.e., every
          packet matches the ip protocol range condition.
EXAMPLE   50:51 (protocol 50 to 51),
          50 (only protocol 50)

NAME      ReceivedTOSByteCheck
DESC      A condition attribute used to select traffic based on the
          contents of the TOS byte of the received packet's IP header
SYNTAX    IA5String
EQUALITY  caseExactIA5Match



rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xvi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


SINGLE-VALUED
FORMAT    String of the form xxxxxxxx:xxxxxxxx, where each of the
          x's is either 0 or 1.
SEMANTICS Each of the substrings is treated as specifying an 8-bit
          field. The left substring is termed Mask and the right
          substring Match. The TOS byte of the received packet's IP
          header is ANDed with Mask and the result is compared against
          Match. The combination of Mask and Match allows definition of
          TOS byte based conditions where certain bits in the TOS byte
          may be ignored for the purpose of comparison.

EXAMPLE   An incoming packet with TOS byte 11001010 matches the
          condition specified by a value of 00111100:00001000 for
          ReceivedTOSByte.


NAME      UserIDConditionRef
DESC      Absolute Distinguished name(s) of LDAP entry or entries, of
          an UserIDCondition object that identify the user or
          host whose packets that the policy rule applies to.
SYNTAX    DN
EQUALITY  distinguishedNameMatch
MULTI-VALUED


6.2. The Class UserIDCondition

   In many scenarios, for instance an end host IPSec, policy needs to
   be specified for a user or a host ID instead of an IP address.  A
   standard example is a corporate worker connecting from home via an
   ISP. The policy would be specified by Host FQDN, UserFQDN, X500 DN
   etc.  To accomodate this source and destination ids are required.

NAME                  HostUserID
TYPE                  Structural
DERIVED FROM          Top
AUXILIARY CLASS       None
MUST                  CommonName
MAY                   SourceID,
                      DestinationID,


NAME      SourceID
DESC      Source Host Identifier
SYNTAX    IA5String
EQUALITY  caseExact1A5Match
MULTI-VALUED
FORMAT    Two strings , colon (`:') seperated, the first describing the



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xvii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


          ID type and the second the ID value. The valid IdTypes and
          their corresponding values are defined in [Piper98]. These
          include:
             Host-FQDN:<ID>
             User-FQDN:<ID>
             X500-DN:<ID>
             X500-GN:<ID>
             Key-Id:<ID>
DEFAULT   Any ID is considered valid.

NAME      DestinationID
DESC      Destination Host Identifier
SYNTAX    IA5String
EQUALITY  caseExact1A5Match
MULTI-VALUED
DEFAULT   Any ID is considered valid.
FORMAT    Same as Source ID.


7. The class PolicyValidityPeriod

   Objects of this class describe conditions that restrict the validity
   period of the policy rule.  The class definition is as follows:

NAME  PolicyValidityPeriod
TYPE  Structural
DERIVED FROM  Top
AUXILIARY CLASSES  NONE
MUST  CommonName
MAY   PolicyValidityPeriodName,
      PolicyValidityTime,
      PolicyValidityMonthMask,
      PolicyValidityDayOfWeekMask,
      PolicyValidityTimeOfDayRange

   The syntax and semantics of various attributes are as given below

NAME      PolicyValidityPeriodName
DESC      The user friendly name of this entry.
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED

NAME      PolicyValidityTime
DESC      When this policy is valid
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
MULTI-VALUED



rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xviii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


FORMAT    String(s) of the form yyyymmddhhmmss:yyyymmddhhmmss:<TZ>
SEMANTICS The first two substrings must be valid times,
          (year-month-date-hour-minute- second) the second larger
          than the first. The last substring is optional and
          describes the time zone.
DEFAULT   If the time zone is omitted then the time is local time at
          the policy decision point. If the attribute itself is absent
          then the policy is always valid.
EXAMPLE   19980121060000:19991231133000:GMT
          (meaning Policy in effect from 6:00 AM on January 21, 1998
          to 1:30 PM on December 31, 1999, Greenwich Mean Time).

NAME      PolicyValidityMonthMask
DESC      Months during which policy is valid
SYNTAX    IA5String
EQUALITY  caseExactIA5Match
SINGLE-VALUED
FORMAT    String denoting a mask of 12 0s and 1s.
SEMANTICS 1's corresponding to months in the January to December
          range when the policy is valid.
EXAMPLE   000111111100  (Valid from April until October)
DEFAULT   111111111111, i.e., valid always

NAME     PolicyValidityDayOfWeekMask
DESC     days during which policy is valid
SYNTAX   IA5String
EQUALITY caseExactIA5Match
SINGLE-VALUED
FORMAT   String representing a mask of 7 0s and 1s.
SEMANTICS  1's correspond to days in the Monday to Sunday range
           when the policy is valid.
EXAMPLE  1111100       (Valid weekdays)
DEFAULT  1111111, i.e., valid always

NAME     PolicyValidityTimeOfDayRange
DESC     Time(s) of day during which policy is valid
SYNTAX   IA5String
EQUALITY caseExactIA5Match
MULTI-VALUED
FORMAT   String(s) of the form  hhmmss:hhmmss
SEMANTICS  Substrings on either side of the colon must be be valid
           time of day values. If the second string is not larger
           than the first, then a wrap around midnight is assumed.
DEFAULT  000000:235959

EXAMPLE  090000:170000       (Policy valid from 9 AM to 5 PM)





rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xix]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


7.1. The class DiffServAction

   Each object of type DiffServAction describes a component per-hop
   behaviour (PHB) in force at a network device.  The DiffServAction
   class does not seek to describe in detail resource reservations,
   packet treatment and configuration of every possible network device.
   Instead, it provides a high-level description of QoS services
   through a simple model that uses the following three descriptors --
   traffic descriptors, packet marking descriptors and resource group
   descriptors.

   The traffic descriptor assumes a leaky bucket model with three
   attributes -- a mean rate, a peak rate and a bucket size -- to
   specify the characteristics of what is to be considered in-profile
   traffic, with the understanding that the rest is out-of-profile
   or excess traffic.  The traffic descriptor makes sense only with
   the assumption that a policing device is present at the policy
   enforcement point; if not the attributes may be omitted or will be
   ignored.

   The packet marking descriptor provides an edge device with the
   ability to mark the DS byte for simple QoS classification at
   downstream network devices.  We allow for differential marking of
   in and out of profile traffic (which makes sense if policing is
   present); as well as for the enforcement point to mask certain bits
   while modifying others.

   The resource group descriptor describes the treatment expected by
   packets within a common service group.  It is not a description of
   how the service is to be provided, but simply a high-level view of
   the service to be accorded to the in-profile traffic, its delay and
   loss requirements, for instance, as well as the treatment of excess
   traffic, whether this is to be tolerated, reshaped or dropped.

   It is important to note that TrafficDescriptor and ResourceGroupDescriptor
   objects refer to states created in the network device.  To understand
   this better, consider two policy rules, as follows.

Rule1:    If PolicyCondition1 then PolicyDSAction1

Rule2:    If PolicyCondition2  then PolicyDSAction1

PolicyDSAction1:  TrafficDescriptor1
                  PacketMarkingDescriptor1
                  ResourceGroupDescriptor1






rajan, martin, kamat, see       Expires 23/ April/ 1999        [Page xx]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


   Now, all packets described either by PolicyCondition1 or by
   PolicyCondition2 will be policed together, and share the same rate
   resource reservations.  This is different from the case where we have

Rule1: If PolicyCondition1 then PolicyDSAction1

Rule2: If PolicyCondition2  then PolicyDSAction2

PolicyDSAction1:  TrafficDescriptor1
                  PacketMarkingDescriptor1
                  ResourceGroupDescriptor1

PolicyDSAction2:  TrafficDescriptor2
                  PacketMarkingDescriptor2
                  ResourceGroupDescriptor2

   Even if the two traffic descriptors are identical, the two streams
   will not be policed together by the same policer -- they will be
   policed by identical policers.  Similarly, they will not share
   the same buffer or bandwidth resources.  In fact, the resource
   requirements for the second example will be twice those of the first
   (ignoring multiplexing gains).

   The class description of DiffServAction is as follows:

NAME  DiffServAction
TYPE  Structural
DERIVED FROM  PolicyAction
AUXILIARY CLASSES  NONE
MUST
      CommonName
      DiffServPermission
MAY
      DiffServInProfileRate,
      DiffServInProfilePeakRate,
      DiffServInProfileTokenBucket,
      DiffServInProfileTransmittedTOSByte
      DiffServOutProfileTransmittedTOSByte
      DiffServResourceGroupRef
      DiffServActionName

   The first three MAY attributes describe the traffic, the next two
   specify the marking, and next is a reference to the resource group.

   The following set of attributes are currently defined for the
   DiffServ Policy Directory Clients, namely hosts, edge devices, and
   routers that do traffic conditioning (packet marking, dropping,
   shaping, etc).



rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xxi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


NAME     DiffServPermission
DESC     Allow/drop data packets matching the profile
EQUALITY caseExactIA5Match
SYNTAX   IA5String
SINGLE-VALUED
FORMAT   The currently defined values for this attribute are:
            Accept
            Deny

   With the permission attribute set to ``Accept'', and no other
   attribute present, the packets matching the PolicyCondition are given
   the ``Best Effort'' service.

NAME     DiffServActionName
DESC     The user friendly name of this entry.
EQUALITY caseExactIA5Match
SYNTAX   IA5String
SINGLE-VALUED
DEFAULT  No name

NAME     DiffServInProfileRate
DESC     Specifies the token rate for the in-profile traffic descriptor
         in kbps
EQUALITY integerMatch
SYNTAX   INTEGER
SINGLE-VALUED
SEMANTICS  All packets in the behavior aggregate are measured against
           a leaky bucket with this token rate. Traffic that passes the leaky
           bucket check is considered in-profile.
DEFAULT  All packets considered in-profile, i.e., infinity


NAME     DiffServInProfilePeakRate
DESC     Specifies the peak rate for the in-profile traffic descriptor in kbps
EQUALITY integerMatch
SYNTAX   INTEGER
SINGLE-VALUED
SEMANTICS  All packets in the behaviour aggregate are measured
           against a leaky bucket with this peak rate.
DEFAULT  Same value as DiffServInProfileRate


NAME      DiffServInProfileTokenBucket
DESC      Specifies the token bucket size for in-profile traffic
          descriptor kilobits
EQUALITY  integerMatch
SYNTAX    INTEGER
SINGLE-VALUED



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


SEMANTICS All packets in the behaviour aggregate are measured
          against a leaky bucket with this  token bucket size.
DEFAULT   Defaults to the maximum IP packet size.

NAME      DiffServInProfileTransmittedTOSByte
DESC      Specifies the outgoing TOS byte for in profile packet
          marking descriptor
EQUALITY  caseExactIA5Match
SYNTAX    IA5String
FORMAT    String(s) of the form xxxxxxxx:xxxxxxxx, where each of the `x's
          is either 0 or 1.
SINGLE-VALUED
SEMANTICS Each of the two substrings is treated as specifying an 8-bit
          field. The left substring is termed Mask and the right
          substring Modify. 0's in the Mask specify the bit locations
          in the TOS byte that must not be changed and 1's specify
          those that must be changed to match the corresponding ones
          in the Modify field.  The operation involved is: newTOSByte
          = (Mask' & oldTOSbyte) | (Mask & Modify), where Mask' is the
          bitwise complement of Mask and '&' and '|' denote the
          bit-wise AND and OR operations respectively.
EXAMPLE   Consider a policy rule that specifies 11100000:11001010 as
          the value for this attribute. The Mask of 11100000 means
          that when this rule is applied, the 5 least significant bits
          in the TOS byte must be left unchanged but the 3 most
          significant bits must be changed to make them identical to
          the corresponding ones in the Modify field. Thus, if this
          rule were to be applicable to a packet whose TOS byte is
          10101010, then the TOS byte will be changed to 11001010
          before transmission.
DEFAULT   Dont modify any bit, i.e.,
          Mask   00000000
          Modify 00000000


NAME      DiffServOutProfileTransmittedTOSByte
DESC      Specifies the outgoing TOS byte for out-of-profile packet
          marking descriptor
EQUALITY  caseExactIA5Match
SYNTAX    IA5String
FORMAT    same as `DiffServInProfileTransmittedTOSByte' attribute
SINGLE-VALUED
SEMANTICS same as `DiffServInProfileTransmittedTOSByte' attribute
DEFAULT   same as `DiffServInProfileTransmittedTOSByte' attribute

NAME      DiffServResourceGroupRef
DESC      Absolute distinguished name of LDAP entry, from the objectclass
          DiffServResourceGroup, that identifies the service category and



rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xxiii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


          resource group descriptors that apply to the traffic.
EQUALITY  distinguishedNameMatch
SINGLE-VALUED
SYNTAX    DN
DEFAULT   Best Effort Service


7.1.1. The class DiffServResourceGroup

   Objects of this class fully specify the treatment accorded to
   in-profile and out-of-profile traffic, in terms of their access to
   QoS resources.


NAME                  DiffServResourceGroup
TYPE                  Structural
DERIVED FROM          Top
AUXILIARY CLASSES     NONE
MUST                  CommonName
MAY
                      DiffServLossParameter,
                      DiffServDelayParameter,
                      DiffServBandwidthShare,
                      DiffServExcessTrafficTreatment
                      DiffServAutoStart
                      DiffServResourceGroupName

NAME      DiffServResourceGroupName
DESC      The user friendly name of this entry.
EQUALITY  caseExactIA5Match
SYNTAX    IA5String
SINGLE-VALUED
DEFAULT   No name

NAME        DiffServLossParameter
DESC        Packet loss paremeters  for in-profile traffic for this
            class of service
EQUALITY    caseExactIA5Match
SYNTAX      IA5String
FORMAT      Colon seperate numeric strings, A:B, where at most A packets
            may be dropped for every B packets received.
SINGLE-VALUED
EXAMPLE     2:1000 implies a maximum loss rate of .002.
DEFAULT     Best Effort

NAME        DiffServDelayParameters
DESC        Packet delay paremeters  for out-of-profile traffic for this
            class of service



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxiv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


EQUALITY    caseExactIA5Match
SYNTAX      IA5String
FORMAT      Colon seperated integer:string pair. Currently defined
            1:<absolute delay>  where the absolute delay is expressed in msec
            2:<relative delay > where the relative delay is expressed as
              a priority (1 means best effort)
SINGLE-VALUED
DEFAULT     Best Effort

NAME        DiffServBandwidthShare
DESC        Bandwidth share for this class of service
EQUALITY    caseExactIA5Match
SYNTAX      IA5String
FORMAT      Colon seperated integer:string pair. Currently defined
            1:<absolute bandwidth>  where the absolute bw is expressed
              in kilobits/sec
            2:<bandwidth percent> where the bandwidth percent is a number
              between 0 and 100 expressing the share of the bandwidth
              allowed to this class
SINGLE-VALUED
SEMANTICS   The bandwidth weight is converted into a bandwidth share at
            the enforcement entity by adding the weights of all
            DiffServ classes and then taking the appropriate
            ratios. The second case is provided for instances where
            the policy rule is unaware of the link capacity at the
            enforcement entity.
EXAMPLES    1:200  -- This class is allocated a 200kbps
            2:40   -- This class is allocated 40% of the link bandwidth
DEFAULT     0, i.e., No reserved share

NAME        DiffServExcessTrafficTreatment
DESC        Describes how excess traffic is to be treated.
EQUALITY    caseExactIA5Match
SYNTAX      IA5String
FORMAT      The following values are defined
                `Drop'  -- Allow no excess traffic
                `Best Effort' -- Treat excess traffic as best effort
                `Reshape'--Reshape excess traffic
SINGLE-VALUED
SEMANTICS: This field specifes the actions that must be taken if an
           incoming packet cannot be placed within the reserved buffer
           allocation of the stream.
DEFAULT    Best Effort

NAME       DiffServAutoStart
DESC       Indicates if the resource allocation for this service should be
           done at time of enforcement entity startup, or should be packet
           driven. This attribute is for guidance only, and its



rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xxv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


           interpretation is implementation specific.
EQUALITY   caseExactIA5Match
SYNTAX     IA5String
FORMAT     The following strings are defined
              `AutoStart' --- Allocate resources at device startup
              `NoAutoStart' --- Allocate resources when packets for
                              flow are seen.
SINGLE-VALUED
DEFAULT    Autostart


7.2. The Class RSVPAction

   The class RSVPAction contains policies to be applied to RSVP
   signalling packets, i.e., PATH messages and RESV messages, satisfying
   the conditions specified in the policy conditions.  In this draft of
   the schema we allow for simple forms of policy based control, where
   administrative restrictions may be placed on the amount of resources
   that a single RSVP flow, or group of flows, may consume.  We also
   allow for an RSVP reservation to be supported through a mapping into
   a DiffServ service category.  As RSVP policy evolves to support the
   signalling of richer classes of policy information such as user
   ids, we may extend schema to provide for restrictions based on this
   information as well.

   Currently, there are two kinds of restrictions that we may place on
   resource usage by RSVP flows -- individual restrictions and group
   restrictions.


NAME   RSVPAction
TYPE   Structural
DERIVED FROM  PolicyAction
AUXILIARY CLASSES  NONE
MUST   CommonName
       RSVPFlowServiceType,
       RSVPPermission
MAY    RSVPActionName
       RSVPMaxRatePerFlow,
       RSVPMaxTokenBucketPerFlow,
       RSVPMinDelay,
       RSVPMaxFlowDuration,
       RSVPResourceGroupRef,
       DiffServActionRef


   The syntax and semantics of the attributes of an `RSVPAction' entry
   are described below.



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxvi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998




NAME    RSVPFlowServiceType
DESC    IntServ service type that a flow can request
EQUALITY caseExactIA5Match
SYNTAX  IA5String
FORMAT: String with allowed values
           ControlledLoad
           GuaranteedService
MULTI-VALUED

Name    RSVPPermission
DESC    Allow/Dissallow RSVP flows
EQUALITY caseExactIA5Match
SYNTAX  IA5String
FORMAT: String with allowed values
          Accept
          Deny
SEMANTICS Accept or deny RSVP sessions of the specified Service Type(s).
           The remaining attributes make sense only in the case of `Accept'
SINGLE-VALUED

NAME  RSVPActionName
DESC  The user friendly name of this entry.
EQUALITY caseExactIA5Match
SYNTAX  IA5String
SINGLE-VALUED
DEFAULT  No Name

NAME RSVPMaxRatePerFlow
DESC The maximum token rate for any individual flow in kilobits per second
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
SEMANTICS  Reservation requests for higher per-flow bandwidth are denied.
DEFAULT    No limit

NAME  RSVPMaxPeakRatePerFlow
DESC  The maximum peak rate for any individual flow in kilobits per second
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
SEMANTICS  Reservation requests for higher per-flow peak rate are denied.
DEFAULT    Assigned the same value as RSVPMaxRatePerFlow.

NAME RSVPMaxTokenBucketPerFlow
DESC The maximum token bucket size for any individual flow in kilobits
EQUALITY  integerMatch



rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xxvii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


SYNTAX  INTEGER
SINGLE-VALUED
SEMANTICS: Reservation requests for higher per-flow token bucket size
           are denied.
DEFAULT  Implementation Specific.


NAME RSVPMinDelay
DESC The minimum delay value an individual flow may request in millisec
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
DEFAULT  No limit


NAME  RSVPMaxFlowDuration
DESC  Maximum time (in seconds) an RSVP flow matching the profile may last
SYNTAX  INTEGER
EQUALITY  integerMatch
SINGLE-VALUED
DEFAULT No limit


NAME RSVPUserAuthPolicy
DESC Manner of authentication to be performed to authenticate user
EQUALITY caseExactIA5Match
SYNTAX IA5String
SINGLE-VALUED
FORMAT: String, currently defined values are
         Plain       (Plain text password)
         Kerberos    (Kerberos ticket authentication)
         Public-Key  (Public Key authentication)
         None        (for no authentication)
Default None

   All the policy attributes hitherto described for RSVPAction refer
   to an individual flow for which a reservation is sought to be made.
   Often an adminstrator might wish to place group restrictions on
   flows described as an aggregation of multiple policy condition
   objects.  For instance, the administrator might wish to restrict the
   total number of active RSVP reservations.  To facilitate such group
   restrictions, we allow the reference attribute RSVPResourceGroupRef.
   The reason for making this a reference is not difficult to see.
   The group that the adminstrator wishes to control may not be
   describable through a single profile, or a single profile might
   belong to different groups in terms of resource control.  In such
   cases, multiple policy rules ``point'' to the same group.  Note that
   policies described through group rules require that the enforcement



rajan, martin, kamat, see     Expires 23/ April/ 1999      [Page xxviii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


   entity maintain some state; in the example suggested above, the
   enforcement entity would have to track the number of active flows in
   order to enforce the policy.

NAME    RSVPResourceGroupRef
DESC    Absolute distinguished name(s) of LDAP entry, from the objectclass
        RSVPResourceGroup, which specifies constraints on a group of
        RSVP flows.
EQUALITY distinguishedNameMatch
MULTI-VALUED
SYNTAX  DN
DEFAULT No Resource Group

   The next attribute allows the enforcement entity to map RSVP flows
   onto DiffServ resource groups.

NAME    DiffServActionRef
DESC    Absolute distinguished name of an LDAP entry, from the objectclass
        DiffServAction, which specifies the class of service that the
        RSVP flow must be mapped into.
EQUALITY distinguishedNameMatch
SINGLE-VALUED
SYNTAX  DN
DEFAULT No RSVP to DiffServ Translation



7.2.1. The Class RSVPResourceGroup

NAME   RSVPResourceGroup
TYPE   Structural
DERIVED FROM   Top
AUXILIARY CLASSES   NONE
MUST   CommonName
MAY    RSVPMaxFlows
       RSVPMaxAggregateRate
       RSVPMaxAggregateTokenBucket
       RSVPResourceGroupName

NAME    RSVPResourceGroupName
DESC    The user friendly name of this entry.
EQUALITY caseExactIA5Match
SYNTAX  IA5String
SINGLE-VALUED
DEFAULT No Name

NAME RSVPMaxFlows
DESC The maximum allowed number of reserved flows belonging to the



rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxix]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


      group
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
DEFAULT  No limit

NAME RSVPMaxAggregateRate
DESC The aggregate maximum token rate for all flows in the group
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
SEMANTICS: Reservation requests that result in a higher aggregate
           bandwidth reservation are denied.
Default  No limit

NAME RSVPMaxAggregateTokenBucket
DESC The maximum token bucket size for the aggregate traffic matching
      the profile in kilobits
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUED
DEFAULT No limit


7.3. The class TCPAction

   End hosts and firewalls often control the number and nature of active
   TCP connections.  Each object of type TCPaction describes policies
   used to control TCP behaviour.

   The class description of TCPAction is as follows:

NAME  TCPAction
TYPE  Structural
DERIVED FROM  PolicyAction
AUXILIARY CLASSES  NONE
MUST
      CommonName,
      TCPPermission
MAY
      TCPFlag,
      MaxTCPSessions,
      MaxRatePerTCPSession

NAME     TCPPermission
DESC     Allow/drop data packets matching the profile
EQUALITY caseExactIA5Match
SYNTAX   IA5String



rajan, martin, kamat, see       Expires 23/ April/ 1999       [Page xxx]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


SINGLE-VALUED
FORMAT   The currently defined values for this attribute are:
            Accept
            Deny

NAME     TCPFlag
DESC     The types of TCP packets to which the policy action applies.
EQUALITY caseExactIA5Match
SYNTAX   IA5String
MULTI-VALUED
FORMAT    The following strings are recognized:
         ``SYN''
         ``ACK''
         ``FIN''
         ``All''
DEFAULT  ``All''

NAME     TCPActionName
DESC     The user friendly name of this entry.
EQUALITY caseExactIA5Match
SYNTAX   IA5String
SINGLE-VALUED
DEFAULT  No name

NAME    MaxTCPSessions
DESC    The maximum number of simultaneously open TCP sessions.
EQUALITY integerMatch
SYNTAX   integer
SINGLE-VALUED
DEFAULT  No limit

NAME    MaxRatePerTCPSession
DESC    The maximum rate in kilobits/sec that is allowed.
EQUALITY integerMatch
SYNTAX   integer
SINGLE-VALUED
DEFAULT  No limit



8. QoS Schema Usage Examples

   In this section we describe some usage scenarios for QoS using LDIF
   notation.







rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxxi]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


8.1. DiffServ PHB

   The requirements are:

    -  All web traffic originating from two server clusters S1
       (1.1.1.0 mask 255.255.255.0) and S2 (2.2.2.0 mask 255.255.255.0)
       traversing a router must be assigned a low delay, low loss
       service with a shared reservation of 40Mbps.

    -  This traffic must be marked with the TOS bits set to 10100000.

   The following rules achieves the above objective

    dn: cn=S1-Web-Rule, o=XYZ, c=US
    Objectclass: Policy
    PolicyScope: DiffServ
    PolicyType:  DiffServ
    PolicyConditionRef: cn=S1-Web-Condition,o=XYZ, c=US,
    PolicyActionRef: cn=DSGoldService, o=XYZ, c=US

    dn: cn=S2-Web-Rule, o=XYZ, c=US
    Objectclass: Policy
    PolicyScope: DiffServ
    PolicyType:  DiffServ
    PolicyConditionRef: cn=S2-Web-Condition,o=XYZ, c=US,
    PolicyActionRef: cn=DSGoldService, o=XYZ, c=US

   The conditions and actions referred to in the above rules are:


    dn: cn=S1-Web-Condition, o=XYZ, c=US
    Objectclass: IPPolicyCondition
    SourceAddressRange: 1:1.1.0:24
    SourcePortRange: 8000:8080
    IPProtocolRange: 4                               (TCP)

    dn: cn=S2-Web-Condition, o=XYZ, c=US
    Objectclass: IPPolicyCondition
    SourceAddressRange: 1:2.2.2.0:24
    SourcePortRange: 8000:8080
    IPProtocolRange: 4                               (TCP)

    dn: cn=DSGoldService, o=XYZ, c=US
    Objectclass: DiffServAction
    DiffServPermission: Permit
    DiffServInProfileTransmittedTOSByte: 11111111:1010000
    DiffServResourceGroupRef: cn=S1-S2-WebDSResourceGroup, o=XYZ, c=US




rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xxxii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


    dn: cn=S1-S2-WebDSResourceGroup, o=XYZ, c=US
    ObjectClass: DiffServResourceGroup
    DiffServQueuePriority: 1                   (implementation specific)
    DiffServLossParameter: 1:1000000
    DiffServDelayParameter: 1:1
    DiffServBandwidthShare: 40000              (kbps)
    DiffServAutoStart: AutoStart


8.2. DiffServ Policing

   Now, consider a policy rule that allows for no more than an aggregate
   of 5000 kilobits/second of best effort traffic from sources in subnet
   S3 (range 139.24.2.12 to 139.24.2.255.)

    dn: cn=S3-Policing-Rule, o=XYZ, c=US
    Objectclass: Policy
    PolicyScope: DiffServ
    PolicyType:  DiffServ
    PolicyConditionRef: cn=S3-Condition,o=XYZ, c=US,
    PolicyActionRef: cn=S3-DS-Action, o=XYZ, c=US


    dn: cn=S3-Condition,o=XYZ, c=US,
    Objectclass: PolicyCondition
    SourceAddressRange:   2:139.24.2.12:139.24.2.255

    dn: cn=S3-DS-Action, o=XYZ, c=US
    Objectclass: PolicyAction
    DiffServInProfileRate: 5000
    DiffServInProfileTokenBucket: 1024
    DiffServResourceGroupRef: cn=BestEffortPolicing, o=XYZ, c=US

    dn: cn=BestEffortPolicing, o=XYZ, c=US
    DiffServQueuePriority: 1
    DiffServExcessTrafficTreatment: drop
    DiffServAutoStart: NoAutoStart

   Here, we have allocated a nominal token bucket to take care of the
   maximum packet size.


8.3. Forbidding RSVP Sessions

   Suppose that non-RSVP datatraffic from a subnet S1 is to be denied
   access to the network during the working day (9 am to 5 pm).  We have
   the following entry to express this policy.




rajan, martin, kamat, see     Expires 23/ April/ 1999      [Page xxxiii]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


    dn: cn=S1-RSVP-Rule, o=XYZ, c=US
    Objectclass: Policy
    PolicyScope: RSVP
    PolicyType:  RSVP
    PolicyConditionRef: cn=S1-RSVP-Condition,o=XYZ, c=US,
    PolicyActionRef: cn=S1-RSVP-Action, o=XYZ, c=US

    dn: cn=S1-RSVP-Condition,o=XYZ, c=US
    Objectclass: IPPolicyCondition
    SourceAddressRange: 1:1.1.0:4
    PolicyValidityPeriodRef: cn=workinghrs, o=XYZ, c=US

    dn: cn=workinghrs, o=XYZ, c=US
    Objectclass: PolicyValidityPeriod
    PolicyValidityTimeOfDayRange: 090000:170000

    dn: cn=S1-RSVP-Action, o=XYZ, c=US
    Objectclass: RSVPAction
    RSVPFlowServiceType: ControlledLoad
    RSVPFlowServiceType: GuaranteedService             (multi-valued)
    RSVPPermission: Deny


8.4. Controlling RSVP Reservations

   Consider a policy that specifies that during after hours (5 pm to
   9am) each RSVP controlled load reservation for outgoing traffic from
   subnet S1 have a token rate of no more than 1 Mbps, that there be
   no more than 100 such reservations active at any time, and that the
   aggregate reservable amount from that subnet total to no more than 10
   Mbps.

    dn: cn=S1-CL-nw-Rule, o=XYZ, c=US
    Objectclass: Policy
    PolicyScope: RSVP
    PolicyType:  RSVP
    PolicyConditionRef: cn=S1-CL-nw-Condition,o=XYZ, c=US,
    PolicyActionRef: cn=S1-CL-nw-Action, o=XYZ, c=US

    dn: cn=S1-CL-Condition,o=XYZ, c=US
    Objectclass: IPPolicyCondition
    SourceAddressRange: 1:1.1.0:4
    PolicyValidityPeriodRef: cn=non-workinghrs, o=XYZ, c=US

    dn: cn=non-workinghrs, o=XYZ, c=US
    Objectclass: PolicyValidityPeriod
    PolicyValidityTimeOfDayRange: 170000: 090000




rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xxxiv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


    dn: cn=S1-RSVP-Action, o=XYZ, c=US
    Objectclass: RSVPAction
    RSVPFlowServiceType: ControlledLoad
    RSVPPermission: Permit
    RSVPMaxRatePerFlow: 1000
    RSVPResourceGroupReference: cn=S1-RSVPGroup, o=XYZ, c=US

    dn: cn=S1-RSVPGroup, o=XYZ, c=US
    RSVPMaxFlows: 100
    RSVPMaxAggregateRate: 10000


9. Security Considerations

   There are two potential security considerations, both of which may
   be addressed through standards compliant mechanisms.  The first is
   the unauthorized access to read or change policy rules and related
   objects in the directory repository.  The schema in this document
   SHOULD be used in conjunction with an LDAP access control mechanisms,
   see for instance [12].  The second exposure for violation of security
   lies in the communication between policy decision point and the
   directory repository.  Such communication SHOULD be secured, with
   both ends mutually authenticated using SSL/TLS or IPSec.


Acknowledgments

   Thanks to Partha Bhattacharya, Ed Ellesson, Tim Moore, Roch Guerin,
   Dimitrios Pendarakis and Ellen Stokes for useful discussion and
   suggestions in this problem space.  In addition, we also thank
   numerous others who have read and commented on this draft in various
   forms.


References

    [1] L. Wells and R. Bartky, Data Link Switching, Switch to Switch
        Protocol:  AIW DLSW RIG, AIW Closed Pages, DLSW Standard 1.0,
        RFC1795, April 1995.

    [2] R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin,
        Resource ReSerVation Protocol (RSVP) Version 1 Functional
        Specification. RFC2205, Sept. 1997.

    [3] S. Herzog, A. Sastry, R. Rajan, R. Cohen, J. Boyle, and
        D. Durham, The COPS (Common Open Policy Service) Protocol
        Internet-Draft, draft-ietf-rap-cops-00.txt, Jan. 1998.




rajan, martin, kamat, see      Expires 23/ April/ 1999       [Page xxxv]


Internet Draft    draft-rajan-policy-qosschema-00.txt   23/ October/1998


    [4] W. Yeong, T. Howes and S. Kille, Lightweight Directory Access
        Protocol, RFC1777, Mar. 1995.

    [5] R. Droms, Dynamic Host Configuration Protocol, RFC1541, Oct.
        1993.

    [6] K. Nichols and S. Blake, Differentiated Services
        Operational Model and Definitions, Internet-Draft,
        draft-nichols-dsopdef-00.txt, Feb. 1998.

    [7] M. Wahl, A. Coulbeck, T. Howes and S. Kille, Lightweight
        Directory Access Protocol (v3):  Attribute Syntax Definitions
        Internet Draft draft-ietf-asid-ldapv3-attributes-07.txt, August
        1997.

    [8] R. Yavatkar, R. Guerin and D. Pendarakis, A Framework
        for Policy-based Admission Control Internet Draft,
        draft-ietf-rap-framework-00.txt, Nov. 1997.

    [9] S. Judd and J. Strassner, Directory Enabled Networks -
        Information Model and Base Schema - Draft v3.0c5 DEN
        Specifications, Sep. 1998.

   [10] P. Bhattacharya et. al., An LDAP Schema for Configuration and
        Administration of IPSec-based Virtual Private Networks, Internet
        Draft, draft-ietf-ipsec-policy-ldapschema-00.txt, Oct. 1998.

   [11] Desktop Management Task Force, Common Information Model (CIM)
        Specification, Version 2.0, Mar. 1998.

   [12] E. Stokes, D. Byrne, B. Blakeley and P. Behera, Access Control
        Requirements for LDAP, Internet Draft, Sep. 1998.

   [13] J. Strassner and E. Ellesson, Terminology for describing network
        policy and services Internet draft, draft-strassner-policy-terms-00.txt,
        Aug. 1998.















rajan, martin, kamat, see      Expires 23/ April/ 1999      [Page xxxvi]