TE Working Group Andreas Kirstaedter Internet Draft Siemens Expiration Date: January 2001 Achim Autenrieth Munich University of Technology July 2000 An Extended QoS Architecture Supporting Differentiated Resilience Requirements of IP Services Status of this memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document proposes an extension of the Quality of Service (QoS) architecture to support differentiated resilience requirements of IP services. Several architectures offering Quality of Service in IP-based networks are defined by the IETF community. The two most important of them are the Integrated Services (IntServ) model with the Resource Reservation Protocol (RSVP) as the recommended signaling protocol and the Differentiated Services (DiffServ) model. Recently, Multiprotocol Label Switching (MPLS) emerged introducing extended traffic engineering methods into IP and therefore also may support QoS. Due to the growing commercial importance of the Internet and the transport of mission-critical services, survivability became a main service requirement in addition to the traditional QoS. July 2000 The current QoS architectures, however, don't include the concept of network survivability so far. The extension presented in this document proposes an integrated approach to provide end-to-end QoS and resilience. Table of Contents 1.0 Introduction...................................................3 1.1 Overview .....................................................3 1.2 Motivation and Background ....................................3 2.0 Quality of Service and Network Survivability...................4 2.1 Quality of Service ...........................................5 2.2 Network Survivability ........................................5 3.0 Services and Applications......................................6 3.1 QoS and Resilience Requirements of IP Services ...............6 3.2 Service Examples .............................................6 3.2.1 High traditional QoS and high resilience .................7 3.2.2 High traditional QoS and low resilience ..................7 3.2.3 Low traditional QoS and high resilience ..................7 3.2.3 Low traditional QoS and low resilience ...................8 3.3 Extended QoS Definition ......................................8 4.0 Resilience Differentiated QoS Architecture.....................8 4.1 Basic concept ................................................8 4.2 Service classification .......................................9 4.3 Resource and Bandwidth Management ...........................10 4.4 Signaling ...................................................10 4.5 Packet Classification .......................................10 4.6 Packet Marking ..............................................10 4.7 Traffic conditioning ........................................11 4.8 Router Requirements .........................................11 5.0 Application to QoS Models.....................................11 5.1 Application to Integrated Services / RSVP ...................11 5.1.1 Extension to the Signaling Protocol .....................11 5.1.2 Setup of Flow ...........................................12 5.2 Differentiated Services .....................................12 5.2.1 Signaling of Resilience Requirements ....................12 5.2.2 DSCPs for Resilience PHB ................................12 5.2.3 Traffic Conditioning ....................................14 5.3 Provisioning of RD-QoS over multiple domains ................14 6.0 MPLS Support of RD-QoS........................................14 7.0 Conclusion....................................................15 8.0 Security Considerations.......................................15 9.0 References....................................................15 10.0 Authors' Addresses...........................................17 Kirstaedter, Autenrieth Expires: Jan. 2001 2 July 2000 1.0 Introduction 1.1 Overview This document presents an extension of the existing QoS architectures to support differentiated resilience requirements of IP services. After the motivation and the objective of this approach we postulate the generic requirements for survivable QoS services and present the basic concepts of the extended QoS architecture. Next, we discuss how the survivability requirements may be mapped to the IntServ and DiffServ architectures. Finally, the combination of the extended QoS architecture with MPLS is addressed. 1.2 Motivation and Background With the explosive growth of the Internet it became the most important international information infrastructure with a growing commercial importance. Mission-critical and high-priority traffic as well as real-time, connection-oriented services are now transported over the Internet. With QoS architectures firmly established, network survivability is becoming a key research issue in the Internet community. This resulted in several Internet drafts covering the resilience aspects of traffic engineering (e.g., [TE-FRMWRK], [TE-NW-SURV]) or proposing recovery strategies using MPLS (e.g. [MPLS-RCVRY-FRMWRK]). In [TE-FRMWRK] the network survivability is identified as a key requirement of traffic engineered networks. Several survivability options are defined and guidelines are given to support these requirements in MPLS-based networks. Recovery at the IP layer generally allows to differentiate between users / applications requiring services with a high level of survivability and those requiring only low-priority best-effort services that could tolerate an extended period of degraded quality of service. A resilience differentiated approach could protect only that traffic requiring a high level of service availability, which allows more cost-effective network design and traffic engineering. Moreover, intermediate L2 technologies like ATM or SONET will gradually disappear as the protocol layer stack is simplified to avoid having the same functionality present in multiple layers. From current discussions it seems most likely that the future physical transport network will be based on DWDM with a lightweight layer 2 protocol (like GbE/10GbE or Packet-over-SONET (POS)). However, it must be considered that these `lean' transport technologies often don't offer survivability mechanisms. Even if such mechanisms are present (e.g. DWDM ring protection), ISPs often may use unprotected links only (e.g., dark fiber) for economical reasons. Therefore it is reasonable for an ISP to provide the required network survivability using only resilience mechanisms in the IP layer. That way, also the network operation and management Kirstaedter, Autenrieth Expires: Jan. 2001 3 July 2000 complexity could be reduced, since all traffic engineering aspects (including resilience) are managed in the IP layer only. ISPs can offer unprotected and protected services (the latter at higher cost) with a single administrative platform, including user authentication and billing. This is a major advantage since it reduces the operational cost of the network and increases service flexibility. Depending on the amount of money a customer is willing to pay he receives a customized level of resilience. Customers who accept lower network resilience may be offered low-cost network services. Customers demanding high network resilience have to charge therefor. An open issue is, however, how to identify services with high resilience requirements involving fast recovery mechanisms. This leads to the problem how to establish a service with high end-to-end survivability. Existing QoS architectures so far don't allow the signaling of resilience requirements. In this document an extension of the currently discussed QoS architectures is proposed, which allows an integrated handling of QoS and resilience requirements. The objective of the proposed architecture is to extend the existing QoS architectures and QoS models to include the signaling of resilience requirements of IP services. 2.0 Quality of Service and Network Survivability The Internet was developed as a robust network with a good reachability of individual hosts and reliable services even with unreliable network elements (like routers or links). The only service quality offered was best effort. With the tremendous growth of the Internet, additional services with new requirements were developed. Real-time services like video- conferencing or IP telephony have a connection-oriented character and require high Quality of Service (QoS) with hard delay, delay jitter and bandwidth constraints. The Internet became an e-commerce platform with a fast growing commercial importance. Many companies use e-commerce for their business-to-business trade, others offer their services to the customers via Internet. A new kind of online companies emerged, which sell their products exclusively via the Internet. For these commercial customers the availability of the Internet access and the connectivity to the customers is critical for their business. Network outages result in direct loss of revenue and, moreover, loss of reputation. According to Forrester Research, the annual loss of a large e-commerce site in case of a best-effort availability of only 99% can be estimated to 3.7 million dollar [PASSMORE99]. Such e- commerce companies require a _non-stop_ Internet availability of up to 99.999%. Kirstaedter, Autenrieth Expires: Jan. 2001 4 July 2000 The following subsections briefly introduce the efforts of the IETF related to the provisioning of Quality of Service and Network Survivability. 2.1 Quality of Service To support the Quality of Service requirements of real-time, connection-oriented services, two QoS models were defined by the IETF: the Integrated Services (IntServ) architecture with RSVP as a reservation protocol, and the Differentiated Services (DiffServ) architecture. * In the IntServ model, the QoS requirements of the services are signaled on a per-flow basis through the network and the required network resources are reserved using RSVP. * The DiffServ model provides QoS to aggregated traffic on a per-hop basis. At the QoS domain boundary the traffic is classified into service classes, and the service classes are then conditioned at each router according to their negotiated service level requirements. Even though the reliability of a service is an important attribute of the service quality, no resilience attribute is currently defined for the QoS architectures. Network survivability is treated independently of the QoS architectures. 2.2 Network Survivability Network survivability refers to the ability of a network to maintain a determined level of service in the event of an expected set of failures such as link failures (e.g. fiber or cable cut) or node failures (e.g. line card failure, router power loss). Network resilience refers to the resources, protocols and processes present in the network to improve network survivability. In practice, both terms are often used with the same meaning. Several frameworks and proposals related to IP resilience are currently discussed in the IETF, mainly in the Traffic Engineering Working Group and the MPLS Working Group. It is generally possible to reach the survivability requirements of IP services with resilience mechanisms present at different protocol layers, e.g. SONET/SDH, ATM, WDM and MPLS [TE-NW-SURV]. Moreover, these resilience mechanisms may even be in operation in multiple layers at the same time. The key requirements of network survivability beside others are the time scale of the recovery operation, the resource efficiency, the recovery granularity and the QoS granularity [TE-NW-SURV]. While recovery at lower layers has advantages in the time scale of the recovery operation, recovery at higher layers generally allows a Kirstaedter, Autenrieth Expires: Jan. 2001 5 July 2000 better resource efficiency, recovery granularity and QoS granularity. For a detailed description of the generic network survivability objectives and resilience parameters see [TE-NW-SURV]. 3.0 Services and Applications 3.1 QoS and Resilience Requirements of IP Services A first approach to IP resilience could be to provide survivability mechanisms for services which require high QoS. However, some IP applications require high service availability but low traditional QoS. On the other hand, some QoS services may well tolerate low network resilience. The provisioning of an alternative and disjoint path for a certain service with resilience requirements results in additional management entries and/or an increased virtual load in the network if bandwidth has to be statically reserved on the alternative path. Thus resilience should only be provided if needed by the application. This requires a signaling method between the application and the network. At a closer look, it becomes obvious that resilience requirements of single applications are orthogonal to their _classical_ quality-of- service requirements (bandwidth, delay, delay jitter). In the following subsections the resilience and QoS requirements of some service examples are discussed. 3.2 Service Examples The following table illustrates the resilience and traditional QoS requirements of different services: +-----------------------------------------------+ | Service requires resilience | +-----------------------+-----------------------+ | yes | no | +-----------+-----+-----------------------+-----------------------+ | | | | | | | | mission-critical VoIP | standard VoIP and | | Service | yes | and multimedia | multimedia services | | requires | | services | | |traditional+-----+-----------------------+-----------------------+ | QoS | | database transactions,| | | | | mission-critical | e-mail, FTP, | | | no | control terminals, | standard WWW | | | |e-commerce applications| | +-----------+-----+-----------------------+-----------------------+ Kirstaedter, Autenrieth Expires: Jan. 2001 6 July 2000 The QoS and resilience requirements of selected services are discussed below. 3.2.1 High traditional QoS and high resilience * Mission critical voice-over-IP Sessions covering financial matters and discussions between business executives don't go along well with interruptions. They require both quality-of-service and resilience. Therefore, business customers won't base their voice communication infrastructure on IP networks without a service level agreement assuring a high service availability. * Mission critical multimedia communication Real-time multimedia services, e.g. a business video conference are severely affected even by short network outages. These application require both QoS and resilience. 3.2.2 High traditional QoS and low resilience * Standard VoIP and multimedia-over-IP applications Quality-of-service may be required depending on the user preferences but resilience might not be necessary as far as it goes along with additional cost and network failures are expected to have very low probabilities. The services can be defined as low-priority QoS traffic 3.2.3 Low traditional QoS and high resilience * Remote database transactions Delay jitter and bandwidth fluctuations are less critical for remote database transactions but the database is commonly locked during a transaction in order to avoid consistency problems. If due to a link or node failure the current transaction is interrupted other transactions will stay locked-out until a time-out occurs. Thus the number of possible transactions per time interval is reduced as will be the turnover in a commercial application. It has to be mentioned that any failure along the complete path between the database and the current customer will lead to this problem; it is not limited to failures on the access link to the network of the database host. * Critical control terminals Remote control terminals of mission critical processes are often connected to the controlled system over an IP network. The transported data has often low QoS requirements, but a service outage over an extended period of time may result in a breakdown of the process and possible safety problems. * E-commerce applications often require only the exchange of a few data packets with no QoS requirements at all. Service outages however directly result in loss of revenue and loss of reputation. E-commerce customers will therefore request network and service Kirstaedter, Autenrieth Expires: Jan. 2001 7 July 2000 availability guarantees from ISPs. This is especially true to a Web- based stock exchange access of private users. * Application Service Provisioning (ASPs) is an example for a business concept which relies on the flexible provisioning of services with high resilience and low traditional QoS 3.2.3 Low traditional QoS and low resilience The classical best-effort services like e-mail, FTP or WWW have no QoS or resilience requirements and tolerate service degradation. In case of failures such services may even be discarded to maintain the QoS and availability requirements of high-priority services. It must be noted that such low-priority traffic may be discarded even if it is not directly affected by the network failure, since the resources previously used for the low-priority traffic may be needed for the backup route of the high-priority. 3.3 Extended QoS Definition The observation of orthogonality of QoS and resilience brings us to the concept of postulating an extended quality-of-service: the combination of the commonly discussed quality-of-service in terms of bandwidth and delay together with the resilience requirements of the application. Thus the correct way for signaling the resilience requirements is to include the corresponding signaling into the quality-of-service signaling between the application and the network. Corresponding to the different quality-of-service approaches (IntServ, DiffServ) this could either be done on a per flow or on a per packet basis. This document proposes an architecture to support resilience requirements and QoS requirements of IP services in an integrated way. The extended QoS architecture that can differentiate the resilience requirements of IP services will be referred to as `Resilience Differentiated QoS' (RD-QoS) Architecture 4.0 Resilience Differentiated QoS Architecture In order to support the RD-QoS Architecture, the network must handle several key requirements and provide necessary functional components. In this section we first present the basic concept and then discuss the key requirements and components of the RD-QoS architecture in general. In the next section these functional components are mapped to the IntServ and DiffServ architectures. 4.1 Basic concept The RD-QoS architecture extends the existing QoS architectures to support differentiated resilience requirements of IP services. The Kirstaedter, Autenrieth Expires: Jan. 2001 8 July 2000 resilience requirements are included in the quality-of-service signaling between the application and the network. Packets belonging to a certain resilience class are accordingly marked at the network boundary. Additionally, the network must take care that the required QoS level can be maintained in case of a network failure with a minimum of service outage time. This requires a careful bandwidth and resource management which reserves enough spare resources to allow a service continuity for a given set of expected failures. The bandwidth management may either reserve dedicated resources on two physically disjoint paths through the network, or keep a shared pool of spare resources, which can be shared by multiple services in the event of failures. Under normal conditions (i.e. without any network failure present), traffic is handled by the QoS architecture according to the negotiated service level agreement without the RD-QoS extension. In the event of a failure however, the traffic conditioning takes the resilience requirement of the service class into consideration. Packets of low-priority services with no resilience requirements may be discarded while services with negotiated resilience requirements may be remarked and their queuing and dropping preferences modified. 4.2 Service classification The packets are classified according to their resilience requirements in addition to the common QoS parameters. Depending of the level of resilience required, several resilience classes are possible. A possible set of resilience classes is given below. o High resilience requirements Resources should be exclusively reserved on an alternative path. For a 1+1 protection, packets are forwarded on both the working and the alternative path simultaneously. In case of a failure on the working path, the downstream side simply selects packets from the alternative path. In case of 1:1 protection the packets are forwarded on the alternative path only in case of a failure. This requires a recovery signaling to handle uni-directional failures. o Medium resilience requirements Spare resources may be shared between multiple flows. The bandwidth management has to assure that enough spare resources are available for a given set of expected failures. In case of a network failure , packets are forwarded after a rerouting and reservation of spare resources. o Low resilience requirement No resources are reserved in advance (neither exclusively nor shared). In case of a failure, packets may be forwarded after a rerouting and reservation phase, if enough resources are available. Kirstaedter, Autenrieth Expires: Jan. 2001 9 July 2000 o No resilience requirements In case of a network failure in the administrative domain, packets may be discarded/dropped (even if the traffic is not directly affected by the network failure but rather by a re-routing of other traffic having high resilience requirements). 4.3 Resource and Bandwidth Management To support QoS, the available resources of the nodes of a QoS domain are allocated to certain flows or traffic aggregates. For the RD-QoS architecture a second set of resource allocation metrics must be provided. This second set reassigns the available resources according to the negotiated resilience requirements of the services in addition to their classical QoS metrics. If a new service is established (by a Service Level Agreement) or a new flow is set up (by the Admission Control), the Resource Management must assure that enough spare resources are available in the network to maintain the negotiated QoS level in case of a network failure. One possible solution is to reserve the required resources on two physically disjoint paths. A second possibility is to calculate the overall required network resources for all failure scenarios in an expected set of failures. If the resource requirements can be met by the network, the new service can be established. 4.4 Signaling Depending on the QoS architecture used, the signaling may be along a full end-to-end route or from the application to the network boundary. In either case the signaling includes a resilience attribute identifying the resilience requirements of the service. 4.5 Packet Classification To be able to enforce a specific QoS policy, packets must be classified into a specific flow or service class. The packets classification in the RD-QoS architectures is only extended in the way that additional services with resilience requirements are to be identified. 4.6 Packet Marking Packets belonging to a specific resilience flow or service class will be marked accordingly. Depending on the QoS architecture the marking may be done using the flow label or the IP TOS-byte. Kirstaedter, Autenrieth Expires: Jan. 2001 10 July 2000 In the event of a network failure, packets belonging to a specific resilience class may be remarked to assure correct forwarding by routers which didn't detect the network failure or which don't support RD-QoS. 4.7 Traffic conditioning In the event of a failure, the traffic conditioning takes the resilience requirement of the service class into consideration. Packets with no resilience requirements may be dropped to free network resources for services with resilience requirements. This includes also packets of services which were not directly affected by the network failure. Depending on the negotiated level or resilience, packets may be remarked, and their scheduling and drop precedence redefined. 4.8 Router Requirements An additional requirement for a router supporting the RD-QoS architecture is the ability to detect network failures such as link and node failures. The failure detection should be fast and reliable. Different options for the failure detection are possible (e.g. [FLIP]), but are out of scope of this document. 5.0 Application to QoS Models The proposed way for signaling the resilience requirements of IP services is to include the corresponding signaling into the quality- of-service signaling between the application and the network. Corresponding to the different quality-of-service approaches (IntServ, DiffServ) this could either be done on a per flow or on a per packet basis. 5.1 Application to Integrated Services / RSVP In the IntServ architecture [RFC1633] resources are reserved by the RSVP [RFC2205] for every QoS flow on every router along a path from sender to receiver. In the RD-QoS architecture, the signaling is extended to reserve spare resources in the network to provide survivability against network failures. 5.1.1 Extension to the Signaling Protocol The RSVP message formats are extended in the sense that the end user's terminal is able to signal a resilience requirement to the network in addition to the bandwidth requirement. The proposed way to do this is to include the resilience requirement in the Rspec [RFC2210] of RSVP. The three IntServ classes _ Guaranteed, Controlled Load and Best-Effort _ are combined with resilience classes. Kirstaedter, Autenrieth Expires: Jan. 2001 11 July 2000 5.1.2 Setup of Flow When a RD-QoS flow is set up, the network (additionally) reserves an alternative and disjoint explicit route for the flow with resilience requirements. In case of a link or node failure, the network switches the flow to the alternative route. Note: If no purely QoS-oriented RSVP path had been identified in advance the network has to consider the path the packets would take under non-failure circumstances before the disjoint path can be identified. This could be achieved by observing the flow of RSVP messages. 5.2 Differentiated Services The Differentiated Services (DS) architecture [RFC2475] realizes IP QoS by the prioritization of different services on a hop-by-hop basis. Packets are classified and conditioned at the network boundary and assigned to a behavior aggregate. The behavior aggregate is identified by bit-patterns in the DS field, so called DS codepoints (DSCP). The DS-Field is located in the IPv4 TOS octet or IPpv6 Traffic Class octet. A specific DSCP selects a corresponding Per-Hop-Behavior (PHB) for the packet. An Expedited Forwarding (EF) PHB [RFC2598] as well as a group of Assured Forwarding (AF) PHBs [RFC2597] are already defined in RFCs with corresponding codepoints. The possible DSCPs are defined in [RFC2474]. In the following subsections only those aspects of the DiffServ architecture are discussed, which are affected by the RD-QoS Architecture. 5.2.1 Signaling of Resilience Requirements The Network Management or a special resource control establishes a set of pre-defined routes in advance using QoS routing. In addition, the corresponding bandwidth is reserved according to the estimated or negotiated (by service level agreements) amount of traffic having resilience requirements. The packets with resilience requirements then are marked either by the application or the edge device when they enter the DiffServ network. In the case of a failure of either a link or a network element the network then only switches those packets to an alternative path that have the resilience bit combination set in their headers. 5.2.2 DSCPs for Resilience PHB The marking of the packets is done using DSCP values. Several different options are possible for the definition of the DSCP: * Use of DSCP-Bit 5 as a Resilience Identifier Kirstaedter, Autenrieth Expires: Jan. 2001 12 July 2000 The DSCP-Bit 5 distinguishes, whether a codepoint belongs to Pool 1 (Standards Actions) or to either Pool 2 or 3 (experimental or local use) [RFC2474]. The DSCP Bit 5 could be used as a resilience marker to distinguish between services with negotiated resilience guarantees and services without. Codepoint Space Traffic Conditioning --------------- ------------------------------ xxxxx0 without resilience constraints xxxxx1 with resilience constraints The advantage of this option is that no specific bit-patterns are used to define resilience requirements. A single bit distinguishes between services requiring resilience and those without resilience requirements. Additionally, DSCPs for resilience are only located within experimental or local use pool. This allows a correct traffic conditioning of the service classes in domains not supporting resilience differentiation. This is the recommended method to define Resilience PHB. * Resilience PHB for existing behavior aggregate definitions A second option is to define resilience DSCP and resilience PHBs for already defined behavior aggregates. So far, 14 PHBs are defined: the EF PHB, the AF PHB with 4 traffic priority classes with 3 drop preferences each, and a Default PHB. For these 14 defined PHBs, resilience PHBs could be defined with specific codepoints. These codepoints could be taken from the pool of recommended codepoints or from experimental and local use codepoints. The Resilience PHBs have the same traffic conditioning characteristics as their corresponding standardized PHBs, but define additionally the traffic conditioning characteristics in case of network failures. * Special PHBs for resilience behavior aggregates It is also possible to define specific PHBs for behavior aggregates (BA) requiring resilience. These BAs are independent from and parallel to other behavior aggregates. Such resilience PHBs may be defined locally in DiffServ domains. Therefore, the DSCP for these BA should be taken from the pool 2 or pool 3. This approach allows the highest flexibility, since no resilience PHBs must be standardized. It allows individual ISP to offer resilience guarantees to their customers independent of neighboring domains. The drawback of this approach is that end-to-end resilience over multiple domains is very difficult to achieve. For this objective, universally defined resilience PHBs are preferable. Kirstaedter, Autenrieth Expires: Jan. 2001 13 July 2000 5.2.3 Traffic Conditioning In case of link or node failures, the traffic conditioner considers flows for which no resilience requirements were signaled to be out- of-profile. These flows are either directly dropped at the boundary router, or they are assigned a very low drop precedence. For flows with resilience requirements the required spare resources were reserved in advance. This maintains the same level of service quality in the presence network failures. Depending on the required level of resilience, the packets may be remarked and the traffic profile modified. This influence the way the traffic is shaped and when packets are dropped. 5.3 Provisioning of RD-QoS over multiple domains One objective of the RD-QoS architecture is the end-to-end provisioning of resilient services over multiple domains. For this aim, a mapping between resilience classes of different domains is needed. If both domains use the same underlying QoS architecture (e.g., DiffServ), the mapping is simple for standard resilience classes with well defined characteristics. If both domains use different resilience classes and / or different QoS architectures, the mapping of resilience classes requires careful planning. A detailed investigation of the provisioning of RD-QoS over multiple administrative domains is currently under investigation. 6.0 MPLS Support of RD-QoS With Multi-Protocol Label Switching (MPLS) [MPLS-ARCH] a Label Switched Path (LSP) is established be edge routers using MPLS signaling protocols. Since MPLS is path-oriented and allows a explicit route definition, various recovery mechanisms are possible increasing the network survivability [MPLS-RCVRY-FRMWRK]. The combination of MPLS and DiffServ [MPLS-DIFF] or RSVP [RSVP-MPLS-TE] with the RD-QoS extension allows the provisioning of end-to-end QoS and resilience over multiple administrative domains. The extended quality-of-service definition including resilience attributes allows the mapping of RD-QoS classes to MPLS LSPs with different protection levels according to the resilience requirements. In case of RD-QoS with DiffServ for example, the BA of services with resilience requirements can be assigned to a LSP with a defined protection path. A detailed mapping of RD-QoS classes to MPLS recovery schemes is currently under investigation. Kirstaedter, Autenrieth Expires: Jan. 2001 14 July 2000 7.0 Conclusion This document proposed the extension of the Quality of Service definition to include survivability options. It presented the motivations for this extension and defined its objectives. The basic concept and functional components were defined. The application of the extended QoS definition to IntServ/RSVP, DiffServ and MPLS was described. 8.0 Security Considerations This document does not introduce new security issues. 9.0 References [TE-FRMWRK] Daniel Awduche, Angela Chiu, Anwar Elwalid, Indra Widjaja, Xipeng Xiao, "A Framework for Internet Traffic Engineering", Work in Progress, Internet Draft, , May 2000. [TE-NW-SURV] K. Owens, M. Oommen, "Network Survivability Considerations for Traffic Engineered IP Networks", Work in Progress, Internet Draft, , March 2000. [MPLS-RCVRY-FRMWRK] V. Makam, V. Sharma, K. Owens, C. Huang, et al, "A Framework for MPLS-based Recovery", Work in Progress, Internet Draft, , March 2000. [RFC1633] R. Braden, D. Clark and S. Shenker, "Integrated Services in the Internet Architecture: an Overview", RFC 1633, June 1994. [RFC2205] R. Braden (Ed.), L. Zhang, S. Berson, S. Herzog, S. Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 FunctionalSpecification", RFC 2205, September 1997. [RFC2210] J. Wroclawski, "The Use of RSVP with Integrated Services", RFC 2210, September 1997. [RFC2474] K. Nichols, S. Blake, F. Baker, D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, December 1998. Kirstaedter, Autenrieth Expires: Jan. 2001 15 July 2000 [RFC2475] D. Black, S. Blake, M. Carlson, E. Davies, Z. Wang, W. Weiss, "An Architecture for Differentiated Services", RFC 2475, December 1998. [RFC2597] Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski, "Assured Forwarding PHB Group", RFC 2597, June 1999. [RFC2598] V. Jacobson, K. Nichols, and K. Poduri, "An Expedited Forwarding PHB", RFC 2598, June 1999. [LABOVITZ99] C. Labovitz, A. Ahuja, F. Jahanian, "Experimental Study of Internet Stability and Wided-Area Backbone Failures", Proceedings of the Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing, June 1999 [PASSMORE99] David Passmore, "Scaling Large E-Commerce Infrastructures ", Packet Magazine Archives, Cisco Systems, 3rd Quarter 1999. (http://www.cisco.com/warp/public/784/packet/july99/1.html) [RFC2702] D. Awduche, J. Malcolm, J. Agogbua, M. O'Dell, J. McManus, "Requirements for Traffic Engineering Over MPLS", RFC 2702, September 1999 [MPLS-ARCH] Rosen, E., Viswanathan, A., and Callon, R., "Multiprotocol Label Switching Architecture", Work in Progress, Internet Draft, , August 1999. [MPLS-DIFF] F. Le Faucheur, L. Wu, B. Davie, S. Davari, P. Vaananen, R. Krishnan, P. Cheval, J. Heinanen, "MPLS Support of Differentiated Services", Work in Progress, Internet Draft, , July 2000. [RSVP-MPLS-TE] D. Awduche, L. Berger, D. Gan, T. Li, V. Srinivasan, G. Swallow, "RSVP-TE: Extensions to RSVP for LSP Tunnels", Work in Progress, Internet Draft, , July 2000 [FLIP] H.Sandick, M.Squire, B.Cain, I. Duncan, B.Haberman, "Fast LIveness Protocol (FLIP)", Work in Progress, Internet Draft, , February 2000 Kirstaedter, Autenrieth Expires: Jan. 2001 16 July 2000 10.0 Authors' Addresses Andreas Kirstaedter Siemens AG Otto-Hahn-Ring 6 81730 Munich, Germany Phone: +49 89 636 47484 Email: andreas.kirstaedter@mchp.siemens.de Achim Autenrieth Munich University of Technology Arcisstr. 21 80290 Munich, Germany Phone: +49 89 289 23504 Email: autenrieth@ei.tum.de Kirstaedter, Autenrieth Expires: Jan. 2001 17