< draft-ietf-soc-load-control-event-package-03.txt   draft-ietf-soc-load-control-event-package-04.txt >
IETF SOC Working Group C. Shen IETF SOC Working Group C. Shen
Internet-Draft AT&T Internet-Draft H. Schulzrinne
Intended status: Standards Track H. Schulzrinne Intended status: Standards Track Columbia U.
Expires: September 3, 2012 Columbia U. Expires: January 31, 2013 A. Koike
A. Koike
NTT NTT
March 2, 2012 July 30, 2012
A Session Initiation Protocol (SIP) Load Control Event Package A Session Initiation Protocol (SIP) Load Control Event Package
draft-ietf-soc-load-control-event-package-03.txt draft-ietf-soc-load-control-event-package-04.txt
Abstract Abstract
We define a load control event package for the Session Initiation We define a load control event package for the Session Initiation
Protocol (SIP). It allows SIP servers to distribute load filters to Protocol (SIP). It allows SIP servers to distribute load filters to
other SIP servers in the network. The load filters contain rules to other SIP servers in the network. The load filters contain rules to
throttle calls based on their source or destination domain, telephone throttle calls based on their source or destination domain, telephone
number prefix or for a specific user. The mechanism helps to prevent number prefix or for a specific user. The mechanism helps to prevent
signaling overload and complements feedback-based SIP overload signaling overload and complements feedback-based SIP overload
control efforts. control efforts.
skipping to change at page 1, line 39 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 3, 2012. This Internet-Draft will expire on January 31, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 5 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 6
3. Design Requirements . . . . . . . . . . . . . . . . . . . . . 6 3. Design Requirements . . . . . . . . . . . . . . . . . . . . . 6
4. SIP Load Filtering Overview . . . . . . . . . . . . . . . . . 6 4. SIP Load Filtering Overview . . . . . . . . . . . . . . . . . 6
4.1. Filter Format . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Filter Format . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Filter Computation . . . . . . . . . . . . . . . . . . . . 6 4.2. Filter Computation . . . . . . . . . . . . . . . . . . . . 7
4.3. Filter Distribution . . . . . . . . . . . . . . . . . . . 7 4.3. Filter Distribution . . . . . . . . . . . . . . . . . . . 7
4.4. Applicability in Different Network Environments . . . . . 10 4.4. Applicability in Different Network Environments . . . . . 10
5. Load Control Event Package . . . . . . . . . . . . . . . . . . 11 5. Load Control Event Package . . . . . . . . . . . . . . . . . . 11
5.1. Event Package Name . . . . . . . . . . . . . . . . . . . . 11 5.1. Event Package Name . . . . . . . . . . . . . . . . . . . . 11
5.2. Event Package Parameters . . . . . . . . . . . . . . . . . 11 5.2. Event Package Parameters . . . . . . . . . . . . . . . . . 11
5.3. SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . . 11 5.3. SUBSCRIBE Bodies . . . . . . . . . . . . . . . . . . . . . 11
5.4. SUBSCRIBE Duration . . . . . . . . . . . . . . . . . . . . 11 5.4. SUBSCRIBE Duration . . . . . . . . . . . . . . . . . . . . 12
5.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 12 5.5. NOTIFY Bodies . . . . . . . . . . . . . . . . . . . . . . 12
5.6. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 12 5.6. Notifier Processing of SUBSCRIBE Requests . . . . . . . . 12
5.7. Notifier Generation of NOTIFY Requests . . . . . . . . . . 12 5.7. Notifier Generation of NOTIFY Requests . . . . . . . . . . 12
5.8. Subscriber Processing of NOTIFY Requests . . . . . . . . . 12 5.8. Subscriber Processing of NOTIFY Requests . . . . . . . . . 13
5.9. Handling of Forked Requests . . . . . . . . . . . . . . . 13 5.9. Handling of Forked Requests . . . . . . . . . . . . . . . 14
5.10. Rate of Notifications . . . . . . . . . . . . . . . . . . 13 5.10. Rate of Notifications . . . . . . . . . . . . . . . . . . 14
5.11. State Delta . . . . . . . . . . . . . . . . . . . . . . . 13 5.11. State Delta . . . . . . . . . . . . . . . . . . . . . . . 14
5.12. State Agents . . . . . . . . . . . . . . . . . . . . . . . 14 5.12. State Agents . . . . . . . . . . . . . . . . . . . . . . . 15
6. Load Control Document . . . . . . . . . . . . . . . . . . . . 14 6. Load Control Document . . . . . . . . . . . . . . . . . . . . 15
6.1. Format . . . . . . . . . . . . . . . . . . . . . . . . . . 14 6.1. Format . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.2. Namespace . . . . . . . . . . . . . . . . . . . . . . . . 15 6.2. Namespace . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3. Conditions . . . . . . . . . . . . . . . . . . . . . . . . 15 6.3. Conditions . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3.1. Call Identity . . . . . . . . . . . . . . . . . . . . 15 6.3.1. Call Identity . . . . . . . . . . . . . . . . . . . . 15
6.3.2. Validity . . . . . . . . . . . . . . . . . . . . . . . 18 6.3.2. Validity . . . . . . . . . . . . . . . . . . . . . . . 18
6.3.3. Method . . . . . . . . . . . . . . . . . . . . . . . . 18 6.3.3. Method . . . . . . . . . . . . . . . . . . . . . . . . 19
6.4. Actions . . . . . . . . . . . . . . . . . . . . . . . . . 18 6.4. Actions . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.5. Complete Examples . . . . . . . . . . . . . . . . . . . . 19 6.5. Complete Examples . . . . . . . . . . . . . . . . . . . . 20
7. XML Schema Definition for Load Control . . . . . . . . . . . . 21 7. XML Schema Definition for Load Control . . . . . . . . . . . . 22
8. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 23 8. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 24
8.1. Relationship with Load Filtering in PSTN . . . . . . . . . 23 8.1. Relationship with Load Filtering in PSTN . . . . . . . . . 24
8.2. Relationship with Other IETF SIP Load Control Efforts . . 24 8.2. Relationship with Other IETF SIP Load Control Efforts . . 25
9. Discussion of this specification meeting the requirements 9. Discussion of this specification meeting the requirements
of RFC5390 . . . . . . . . . . . . . . . . . . . . . . . . . . 25 of RFC5390 . . . . . . . . . . . . . . . . . . . . . . . . . . 26
10. Security Considerations . . . . . . . . . . . . . . . . . . . 30 10. Security Considerations . . . . . . . . . . . . . . . . . . . 31
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
11.1. Load Control Event Package Registration . . . . . . . . . 31 11.1. Load Control Event Package Registration . . . . . . . . . 31
11.2. application/load-control+xml MIME Registration . . . . . . 31 11.2. application/load-control+xml MIME Registration . . . . . . 32
11.3. Load Control Schema Registration . . . . . . . . . . . . . 32 11.3. Load Control Schema Registration . . . . . . . . . . . . . 33
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 32 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 33
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
13.1. Normative References . . . . . . . . . . . . . . . . . . . 33 13.1. Normative References . . . . . . . . . . . . . . . . . . . 33
13.2. Informative References . . . . . . . . . . . . . . . . . . 33 13.2. Informative References . . . . . . . . . . . . . . . . . . 34
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35
1. Introduction 1. Introduction
Proper functioning of Session Initiation Protocol (SIP) [RFC3265] Proper functioning of Session Initiation Protocol (SIP) [RFC3261]
signaling servers is critical in SIP-based communications networks. signaling servers is critical in SIP-based communications networks.
The performance of SIP servers can be severely degraded when the The performance of SIP servers can be severely degraded when the
server is overloaded with excessive number of signaling requests. server is overloaded with excessive number of signaling requests.
Both legitimate and malicious traffic can overload SIP servers, Both legitimate and malicious traffic can overload SIP servers,
despite appropriate capacity planning. despite appropriate capacity planning.
There are three common examples of legitimate short-term increases in There are three common examples of legitimate short-term increases in
call volumes. Viewer-voting TV shows or ticket giveaways may call volumes. Viewer-voting TV shows or ticket giveaways may
generate millions of calls within a few minutes. Call volume may generate millions of calls within a few minutes. Call volume may
also spike during special holidays such as New Year's Day and also spike during special holidays such as New Year's Day and
Mother's Day. Finally, callers may want to reach friends and family Mother's Day. Finally, callers may want to reach friends and family
in natural disaster areas such as those affected by earthquakes. in natural disaster areas such as those affected by hurricanes. When
When possible, only calls traversing overloaded servers should be possible, only calls traversing overloaded servers should be
throttled under those conditions. throttled under those conditions.
SIP load control mechanisms are needed to prevent congestion collapse SIP load control mechanisms are needed to prevent congestion collapse
in these cases [RFC5390]. There are two types of load control in these cases [RFC5390]. There are two types of load control
approaches. In the first approach, feedback control, SIP servers approaches. In the first approach, feedback control, SIP servers
provide load limits to upstream servers, to reduce the incoming rate provide load limits to upstream servers, to reduce the incoming rate
of all SIP requests [I-D.ietf-soc-overload-control]. These upstream of all SIP requests [I-D.ietf-soc-overload-control]. These upstream
servers then drop or delay incoming SIP requests. Feedback control servers then drop or delay incoming SIP requests. Feedback control
is reactive and affects signaling messages that have already been is reactive and affects signaling messages that have already been
issued by user agent clients. They work well when SIP proxy servers issued by user agent clients. They work well when SIP proxy servers
skipping to change at page 4, line 50 skipping to change at page 4, line 50
are also overloaded, calls to other destinations will also be are also overloaded, calls to other destinations will also be
rejected or dropped. rejected or dropped.
Here, we propose an additional, complementary mechanism, called load Here, we propose an additional, complementary mechanism, called load
filtering. Network operators create load filters that indicate that filtering. Network operators create load filters that indicate that
calls to specific destinations or from specific sources should be calls to specific destinations or from specific sources should be
rate-limited or randomly dropped. These load filters are then rate-limited or randomly dropped. These load filters are then
distributed to SIP servers and possibly user agents likely to distributed to SIP servers and possibly user agents likely to
generate calls to the affected destinations or from the affected generate calls to the affected destinations or from the affected
sources. Load filtering works best if it prevents calls as close to sources. Load filtering works best if it prevents calls as close to
the user agent clients as possible. the originating user agent clients as possible.
The load filtering approach is most applicable for situations where a
traffic surge and its source/destination distribution can be
predicted in advance. For instance, it is appropriate for a mass-
phone-voting event, Mother's Day, New Years, and even a hurricane.
However, it is less likely to be effective for the initial phase of
unpredicted/unpredictable mass calling events, such as earthquakes or
terrorist attacks. In these latter cases, the local traffic load may
peak by more than an order of magnitude in minutes, if not seconds.
This does not allow time to either effectively identify the filters
needed, nor distribute them to the appropriate servers soon enough to
prevent server congestion. Once other, more immediate, techniques
(such as the loss-based or rate-based feedback control methods) have
prevented the initial congestion collapse, the load filtering
approach can be used to effectively control the continuing overload.
Performing SIP load filtering requires three components: load filter Performing SIP load filtering requires three components: load filter
format, load filter computation method, and load filter distribution format, load filter computation method, and load filter distribution
mechanism. This specification addresses two of these three mechanism. This specification addresses two of these three
components. The load filter format is defined in a SIP load control components. The load filter format is defined in a SIP load control
event package, while the load filter distribution mechanism is built event package, while the load filter distribution mechanism is built
upon the existing SIP event framework. The remaining component, load upon the existing SIP event framework. The remaining component, load
filter computation method, depends heavily on the actual network filter computation method, depends heavily on the actual network
topology and service provider policies. Therefore it is out of scope topology and service provider policies. Therefore it is out of scope
of this specification. of this specification.
skipping to change at page 5, line 25 skipping to change at page 5, line 40
mechanism is motivated by the overload control problem, which is why mechanism is motivated by the overload control problem, which is why
this specification refers extensively to other parallel SIP overload this specification refers extensively to other parallel SIP overload
control related efforts, the applicability of filtering extends control related efforts, the applicability of filtering extends
beyond the overload control purpose. For example, it can also be beyond the overload control purpose. For example, it can also be
used to implement quality of service or other service level agreement used to implement quality of service or other service level agreement
commitments. Therefore, we use the term SIP "load control event commitments. Therefore, we use the term SIP "load control event
package", instead of a narrower term "overload control event package", instead of a narrower term "overload control event
package". Secondly, since we are describing a specific control package". Secondly, since we are describing a specific control
mechanism based on filtering, the term "load control" in this mechanism based on filtering, the term "load control" in this
specification is used inter-changeably with the term "load filtering" specification is used inter-changeably with the term "load filtering"
unless when associated with other explicit context. This unless associated with other explicit context.
specification, however, does not preclude the load control document
defined here (Section 6) to be extended in the future for other forms
of control as appropriate.
The rest of this specification is structured as follows: we begin by The rest of this specification is structured as follows: we begin by
listing the design requirements for this work in Section 3. We then listing the design requirements for this work in Section 3. We then
give an overview of load filtering operation in Section 4. The load give an overview of load filtering operation in Section 4. The load
control event package for filter distribution is detailed in control event package for filter distribution is detailed in
Section 5. The load filter format is defined in the two sections Section 5. The load filter format is defined in the two sections
that follow, with Section 6 introducing the XML document for load that follow, with Section 6 introducing the XML document for load
control and Section 7 listing the associated schema. Section 8 control and Section 7 listing the associated schema. Section 8
relates this work to corresponding mechanisms in PSTN and other IETF relates this work to corresponding mechanisms in PSTN and other IETF
efforts addressing SIP load control. Section 9 evaluates whether efforts addressing SIP load control. Section 9 evaluates whether
skipping to change at page 6, line 18 skipping to change at page 6, line 29
load, rather than a generic application-layer mechanism. load, rather than a generic application-layer mechanism.
o The load filter needs to be distributed efficiently to possibly a o The load filter needs to be distributed efficiently to possibly a
large subset of all SIP elements. large subset of all SIP elements.
o The solution should re-use existing SIP protocol mechanisms to o The solution should re-use existing SIP protocol mechanisms to
reduce implementation and deployment complexity. reduce implementation and deployment complexity.
o For predictable overload situations, such as holidays and call-in o For predictable overload situations, such as holidays and call-in
events, the load filter should specify during what time period it events, the load filter should specify during what time period it
is to be applied, so that the information can be distributed ahead is to be applied, so that the information can be distributed ahead
of time. of time.
o For destination-specific overload situations, the load filter o For destination-specific overload situations, the load filter
needs to be able to describe the callee. should be able to describe the callee.
o To address accidental and intentional high-volume call generators, o To address accidental and intentional high-volume call generators,
the load filter should allow to specify the caller. the load filter should be able to specify the caller.
o Caller and callee need to be specified as both SIP URIs and 'Tel' o Caller and callee need to be specified as both SIP URIs and 'Tel'
URIs[RFC3966]. URIs[RFC3966].
o For telephone numbers, it should be possible to specify prefixes o It should be possible to specify particular information in the SIP
which allow control over limited regionally-focused overloads. headers (e.g., prefixes in telephone numbers) which allow control
over limited regionally-focused overloads.
o The solution should draw upon experiences from related PSTN o The solution should draw upon experiences from related PSTN
mechanisms where applicable. mechanisms where applicable.
o The solution should be extensible to meet future needs. o The solution should be extensible to meet future needs.
4. SIP Load Filtering Overview 4. SIP Load Filtering Overview
4.1. Filter Format 4.1. Filter Format
A load filter contains both conditions and actions. Filter A load filter contains both conditions and actions. Filter
conditions include the identities of the targets to be controlled. conditions include the identities of the targets to be controlled.
For example, there are two typical resource limits in a possible For example, there are two typical resource limits in a possible
overload situation, i.e., human destination limits (N number of call overload situation, i.e., human destination limits (N number of call
takers) and proxy capacity limits. The control targets in these two takers) and node capacity limits. The control targets in these two
cases can be the specific callee numbers or the destination domains cases can be the specific callee numbers or the destination domains
corresponding to the overload. Filter conditions also indicate the corresponding to the overload. Filter conditions also indicate the
period of time during which the control should be activated, and the period of time during which the control should be activated, and the
specific message type to be controlled, e.g., the INVITE message of a specific message type to be controlled, e.g., the INVITE message of a
SIP session. Filter actions describe the desired control functions SIP session. Filter actions describe the desired control functions
such as limiting the request rate below a certain level. Detailed such as limiting the request rate below a certain level. Detailed
formats of filter conditions and actions are defined in Section 6. formats of filter conditions and actions are defined in Section 6.
4.2. Filter Computation 4.2. Filter Computation
Load filter computation needs to take into consideration information Load filter computation needs to take into consideration information
such as the overload time, scope and network topology, as well as such as the overload time, scope and network topology, as well as
service policies. It is also important to make sure that there is no service policies. It is also important to make sure that there is no
resource allocation loop, and that loads are allocated in a way which resource allocation loop, and that loads are allocated in a way which
both prevents overload and minimizes the likelihood of network both prevents overload and maximizes effective throughput(aka
resource under-utilization. In some cases, in order to better goodput). In some cases, in order to better utilize system
utilize system resources, it may be preferable to employ a dynamic resources, it may be preferable to employ a dynamic load computation
load computation algorithm which adapts to current network status, algorithm which adapts to current network status, rather than using a
rather than using a purely static mechanism. The load filter purely static mechanism. The load filter computation algorithm is
computation algorithm is out of scope of this specification. out of scope of this specification.
4.3. Filter Distribution 4.3. Filter Distribution
For load filter distribution, this specification defines the SIP For load filter distribution, this specification defines the SIP
event package for load control, which is an "instantiation" of the event package for load control, which is an "instantiation" of the
generic SIP events framework [RFC3265]. The SIP events framework generic SIP events framework [RFC6665]. The SIP events framework
provides an existing method for SIP entities to subscribe to and provides an existing method for SIP entities to subscribe to and
receive notifications when certain events have occurred. Such a receive notifications when certain events have occurred. Such a
framework forms a scalable event distribution architecture that suits framework forms a scalable event distribution architecture that suits
our needs. This specification also defines the XML schema of a load our needs. This specification also defines the XML schema of a load
control document (Section 6), which is used to encode load filtering control document (Section 6), which is used to encode load filtering
rules. rules.
In order for load filters to be properly distributed, each SIP proxy In order for load filters to be properly distributed, each SIP node
server in the network is required to subscribe to the load control in the network SHOULD subscribe to the load control event package
event package from all its outgoing signaling neighbors, known as from all its outgoing signaling neighbors, known as notifiers
notifiers (Section 5.6). Subscription is initiated and maintained (Section 5.6). Subscription is initiated and maintained during
during normal server operation. Signaling neighbors are defined by normal server operation. Signaling neighbors are defined by sending
sending signaling messages. For instance, if A sends signaling signaling messages. For instance, if A sends signaling requests to
requests to B, B is an outgoing signaling neighbor of A. A needs to B, B is an outgoing signaling neighbor of A. A needs to subscribe to
subscribe to the load control event package of B in case B wants to the load control event package of B in case B wants to curb requests
curb requests from A. On the other hand, if B also sends signaling from A. On the other hand, if B also sends signaling requests to A,
requests to A, then B also subscribes to A. Subscription of then B also subscribes to A. Subscription of neighboring SIP entities
neighboring SIP entities needs to be persistent so that they are in needs to be persistent so that they are in place independently of any
place independently of any specific load filtering events. Key to specific load filtering events. Key to this is the fact that
this is the fact that notification following initial subscription notification following initial subscription includes an empty message
includes an empty message body if no events are configured body if no events are configured (Section 5.7), and that the
(Section 5.7), and that the subscription needs to be refreshed subscription needs to be refreshed periodically to make it
periodically to make it persistent, as described in Section 3.1.6 and persistent, as described in Section 4.1 and Section 4.2 of [RFC6665].
Section 3.1.4.2 of [RFC3265]. The notifier will send a notification The notifier will send a notification with its current control policy
with its current control policy to its subscribers each time a new to its subscribers each time a new subscription or a subscription
subscription or a subscription refreshing is accepted (Section 5.7). refreshing is accepted (Section 5.7). The same subscription dialog
The same subscription dialog can also be used to convey policies for can also be used to convey policies for multiple different load
multiple different load filtering events in a set of rules filtering events in a set of rules (Section 6.1).
(Section 6.1).
We use the example architecture shown in Figure 1 to illustrate load We use the example architecture shown in Figure 1 to illustrate load
filter distribution based on the SIP load control event package. filter distribution based on the SIP load control event package.
This scenario consists of two networks belonging to Service Provider This scenario consists of two networks belonging to Service Provider
A and Service Provider B, respectively. Each provider's network is A and Service Provider B, respectively. Each provider's network is
made up of two SIP core proxy servers and four SIP edge proxy made up of two SIP core proxy servers and four SIP edge proxy
servers. The core proxy servers and edge proxy servers of Service servers. The core proxy servers and edge proxy servers of Service
Provider A are denoted as CPa1 to CPa2 and EPa1 to EPa4; the core Provider A are denoted as CPa1 to CPa2 and EPa1 to EPa4; the core
proxy servers and edge proxy servers of Service Provider B are proxy servers and edge proxy servers of Service Provider B are
denoted as CPb1 to CPb2 and EPb1 to EPb4. denoted as CPb1 to CPb2 and EPb1 to EPb4.
skipping to change at page 9, line 7 skipping to change at page 9, line 19
| | | | | | | | | | | | | | | |
+-----------+ +-----------+ +-----------+ +-----------+ +-----------+ +-----------+ +-----------+ +-----------+
Figure 1: Example Network Scenario Using SIP Load Control Event Figure 1: Example Network Scenario Using SIP Load Control Event
Package Mechanism Package Mechanism
At the initialization stage, the proxy servers first identify all At the initialization stage, the proxy servers first identify all
their outgoing signaling neighbors and subscribe to them. The their outgoing signaling neighbors and subscribe to them. The
neighbor identification process can be performed by service providers neighbor identification process can be performed by service providers
through direct provisioning, or by the proxy servers themselves via through direct provisioning, or by the proxy servers themselves via
progressively learning from the singling messages sent and received. progressively learning from the signaling messages sent and received.
Assuming all signaling relationship in Figure 1 is bi-directional, Assuming all signaling relationships in Figure 1 are bi-directional,
after this initialization stage, each proxy server will be subscribed after this initialization stage, each proxy server will be subscribed
to all its neighbors. That is, EPa1 subscribes to CPa1; CPa1 to all its neighbors. That is, EPa1 subscribes to CPa1; CPa1
subscribes to EPa1, EPa2, CPa2 and CPb1, so on and so forth. The subscribes to EPa1, EPa2, CPa2 and CPb1, so on and so forth. The
following cases then show two examples of how load filter following cases then show two examples of how load filter
distribution in this network works. distribution in this network works.
Case I: EPa1 serves a TV program hotline and decides to limit the Case I: EPa1 serves a TV program hotline and decides to limit the
total number of incoming calls to the hotline to prevent an overload. total number of incoming calls to the hotline to prevent an overload.
To do so, EPa1 sends a notification to CPa1 with the specific hotline To do so, EPa1 sends a notification to CPa1 with the specific hotline
number, time of activation and total acceptable call rate. Depending number, time of activation and total acceptable call rate. Depending
on the filter computation algorithm, CPa1 may allocate the received on the filter computation algorithm, CPa1 may allocate the received
total acceptable rate among its neighbors, namely, EPa2, CPa2, and total acceptable rate among its neighbors, namely, EPa2, CPa2, and
CPb1, and notify them about the resulting allocation along with the CPb1, and notify them about the resulting allocation along with the
hotline number and the activation time. CPa2 and CPb1 may perform hotline number and the activation time. CPa2 and CPb1 may perform
further allocation among their own neighbors and notify the further allocation among their own neighbors and notify the
corresponding proxy servers. This process continues until all edge corresponding proxy servers. This process continues until all edge
proxy servers in the network have been informed about the event and proxy servers in the network have been informed about the event and
have proper load filter configured. have proper load filter configured.
Case II: an earthquake affects the region covered by CPb2, EPb3 and In the above case, the network entity where load filtering policy is
first introduced is the SIP server providing access to the resource
that creates the overload condition. In other cases, the network
entry point of load filtering policy could also be an entity that
hosts this resource. For example, an operator may host an
application server that performs 800 number translation services.
The application server may itself be a SIP proxy or a SIP Back-to-
Back User Agent (B2BUA). If one of the 800 numbers hosted at the
application server creates the overload condition, the load filtering
policies can be introduced from the application server and then
propogated to other SIP proxy servers in the network.
Case II: a hurricane affects the region covered by CPb2, EPb3 and
EPb4. All the three proxy servers are overloaded. The rescue team EPb4. All the three proxy servers are overloaded. The rescue team
determines that outbound calls are more valuable than inbound calls determines that outbound calls are more valuable than inbound calls
in this specific situation. Therefore, EPb3 and EPb4 are configured in this specific situation. Therefore, EPb3 and EPb4 are configured
with filters to accept more outbound calls than inbound calls. CPb2 with filters to accept more outbound calls than inbound calls. CPb2
may be configured the same way or receive dynamically computed may be configured the same way or receive dynamically computed
filters from EPb3 and EPb4. Depending on the filter computation filters from EPb3 and EPb4. Depending on the filter computation
algorithm, CPb2 may also send out notifications to its outside algorithm, CPb2 may also send out notifications to its outside
neighbors, namely CPb1 and CPa2, specifying a limit on the acceptable neighbors, namely CPb1 and CPa2, specifying a limit on the acceptable
rate of inbound calls to CPb2's responsible domain. CPb1 and CPa2 rate of inbound calls to CPb2's responsible domain. CPb1 and CPa2
may subsequently notify their neighbors about limiting the calls to may subsequently notify their neighbors about limiting the calls to
CPb2's area. The same process could continue until all edge proxy CPb2's area. The same process could continue until all edge proxy
servers are notified and have filters configured. servers are notified and have filters configured.
In the above two cases, the network entity where load filtering
policy is first introduced is the SIP server to be protected. In
other cases, the network entry point of load filtering policy could
also be an entity that the protected SIP server is connected to. For
example, an operator may host an application server that performs 800
number translation services. The application server may itself be a
SIP proxy or a SIP Back-to-Back User Agent (B2BUA). If one of the
800 numbers hosted at the application server creates the overload
condition, the load filtering policies can be introduced from the
application server and then propogated to other SIP proxy servers in
the network.
Note that this specification does not define the provisioning Note that this specification does not define the provisioning
interface between the party who determines the load control policy interface between the party who determines the load control policy
and the network entry point where the policy is introduced. One of and the network entry point where the policy is introduced. One of
the options for the provisioning interface is the Extensible Markup the options for the provisioning interface is the Extensible Markup
Language (XML) Configuration Access Protocol (XCAP) [RFC4825]. Language (XML) Configuration Access Protocol (XCAP) [RFC4825].
4.4. Applicability in Different Network Environments 4.4. Applicability in Different Network Environments
SIP load filtering is more effective when the filters can be pushed SIP load filtering is more effective when the filters can be pushed
to the proximity of signaling sources. But even if only part of the to the proximity of signaling sources. But even if only part of the
skipping to change at page 10, line 46 skipping to change at page 11, line 10
the SIP server that initiates the filter needs to take counter- the SIP server that initiates the filter needs to take counter-
measures towards any non-conforming neighbors. A simple policy is to measures towards any non-conforming neighbors. A simple policy is to
reject excessive requests with 500 responses as if they were obeying reject excessive requests with 500 responses as if they were obeying
the rate. Considering the rejection costs, a more complicated but the rate. Considering the rejection costs, a more complicated but
fairer policy would be to allocate at the overloaded server the same fairer policy would be to allocate at the overloaded server the same
amount of processing to the combination of both normal processing and amount of processing to the combination of both normal processing and
rejection as the overloaded server would devote to processing rejection as the overloaded server would devote to processing
requests for a conforming upstream SIP server. These approaches work requests for a conforming upstream SIP server. These approaches work
as long as the total rejection cost does not overwhelm the entire as long as the total rejection cost does not overwhelm the entire
server resources. In addition, whatever the actual policy is, SIP server resources. In addition, whatever the actual policy is, SIP
servers SHOULD honor the Resource-Priority Header (RPH) [RFC4412] servers SHOULD honor the local policy for prioritizing SIP requests
when processing messages. The RPH contents may indicate high such as policies based on the contents of the Resource-Priority
priority requests that should be preserved as much as possible, or Header (RPH) [RFC4412]. The RPH contents may indicate high priority
low priority requests that could be dropped during overload. SIP requests that should be preserved as much as possible, or low
request rejection and message prioritization at an overloaded server priority requests that could be dropped during overload. Other
are also discussed in Section 5.1 of [I-D.ietf-soc-overload-control] indicators, such as the SOS Uniform Resource Name (URN) [RFC5031]
and Section 12 of [RFC6357]. indicating an emergency request, may also be used for prioritization.
SIP request rejection and message prioritization at an overloaded
server are also discussed in Section 5.10 of
[I-D.ietf-soc-overload-control] and Section 12 of [RFC6357].
5. Load Control Event Package 5. Load Control Event Package
The SIP load filtering mechanism uses the SIP event package for load The SIP load filtering mechanism uses the SIP event package for load
control. This section defines details of the SIP event package for control. This section defines details of the SIP event package for
load control according to [RFC3265]. load control according to [RFC6665].
5.1. Event Package Name 5.1. Event Package Name
The name of this event package is "load-control". This name is The name of this event package is "load-control". This name is
carried in the Event and Allow-Events header, as specified in carried in the Event and Allow-Events header, as specified in
[RFC3265]. [RFC6665].
5.2. Event Package Parameters 5.2. Event Package Parameters
No package specific event header field parameters are defined for No package specific event header field parameters are defined for
this event package. this event package.
5.3. SUBSCRIBE Bodies 5.3. SUBSCRIBE Bodies
The effectiveness of SIP load filtering relies on the scope of The effectiveness of SIP load filtering relies on the scope of
distribution and installation of the control policies in the network. distribution and installation of the control policies in the network.
Since wide distribution of control policies is desirable, subscribers Since wide distribution of control policies is desirable, subscribers
SHOULD try to subscribe to all those notifiers with which they have SHOULD try to subscribe to all those notifiers with which they have
regular signaling exchanges, although not all such notifiers may regular signaling exchanges, although not all such notifiers may
permit such a subscription. permit such a subscription.
A SUBSCRIBE request for the SIP load control event package MAY A SUBSCRIBE request for the SIP load control event package MAY
contain a body to filter the requested load control event contain a body to filter the requested load control event
notification. For example, a subscriber may be interested in some notification. The details of the subscription filter specification
specific types of load control policy only. The details of the are not yet defined.
subscription filter specification are not yet defined.
A SUBSCRIBE request sent without a body implies the default A SUBSCRIBE request sent without a body implies the default
subscription behavior as specified in Section 5.7. subscription behavior as specified in Section 5.7.
5.4. SUBSCRIBE Duration 5.4. SUBSCRIBE Duration
The default expiration time for a subscription to load control policy The default expiration time for a subscription to load control policy
is one hour. Since the desired expiration time may vary is one hour. Since the desired expiration time may vary
significantly for subscriptions among SIP entities with different significantly for subscriptions among SIP entities with different
signaling relationships, the subscribers and notifiers are signaling relationships, the subscribers and notifiers are
RECOMMENDED to explicitly negotiate appropriate subscription RECOMMENDED to explicitly negotiate appropriate subscription
durations when knowledge about the mutual signaling relationship is durations when knowledge about the mutual signaling relationship is
available. available.
5.5. NOTIFY Bodies 5.5. NOTIFY Bodies
The body of a NOTIFY request in this event package contains load The body of a NOTIFY request in this event package contains load
control policy. As specified in [RFC3265], the format of the NOTIFY control policy. As specified in [RFC6665], the format of the NOTIFY
body MUST be in one of the formats defined in the Accept header field body MUST be in one of the formats defined in the Accept header field
of the SUBSCRIBE request or be the default format. The default data of the SUBSCRIBE request or be the default format. The default data
format for the NOTIFY body of this event package is "application/ format for the NOTIFY body of this event package is "application/
load-control+xml" (defined in Section 6). This means that if no load-control+xml" (defined in Section 6). This means that if no
Accept header field is specified to a SUBSCRIBE request, the NOTIFY Accept header field is specified to a SUBSCRIBE request, the NOTIFY
request will contain a body in the "application/load-control+xml" request will contain a body in the "application/load-control+xml"
format. If the Accept header field is present, it MUST include format. If the Accept header field is present, it MUST include
"application/load-control+xml" and MAY include any other types. "application/load-control+xml" and MAY include any other types.
5.6. Notifier Processing of SUBSCRIBE Requests 5.6. Notifier Processing of SUBSCRIBE Requests
Notifier accepts a new subscription or updates an existing Notifier accepts a new subscription or updates an existing
subscription upon receiving a valid SUBSCRIBE request. subscription upon receiving a valid SUBSCRIBE request.
If the identity of the subscriber sending the SUBSCRIBE request is If the identity of the subscriber sending the SUBSCRIBE request is
not allowed to receive load control policy, the notifier MUST return not allowed to receive load control policy, the notifier MUST return
a 403 "Forbidden" response. a 403 "Forbidden" response.
If none of MIME types specified in the Accept header of the SUBSCRIBE If none of MIME types specified in the Accept header of the SUBSCRIBE
is supported, the Notifier SHOULD return 406 "Not Acceptable" request is supported, the Notifier SHOULD return 406 "Not Acceptable"
response. response.
5.7. Notifier Generation of NOTIFY Requests 5.7. Notifier Generation of NOTIFY Requests
Following [RFC3265] specification, a notifier MUST send a NOTIFY with Following [RFC6665] specification, a notifier MUST send a NOTIFY with
its current load control policy to the subscriber upon successfully its current load control policy to the subscriber upon successfully
accepting or refreshing a subscription. If no applicable restriction accepting or refreshing a subscription. If no applicable restriction
is active when the subscription request is received, an empty message is active when the subscription request is received, an empty message
body is attached to the NOTIFY request. This is often the case when body is attached to the NOTIFY request. This is often the case when
a subscription is initiated for the first time, e.g., when a SIP a subscription is initiated for the first time, e.g., when a SIP
entity is just introduced, because there may be no planned events entity is just introduced, because there may be no planned events
configured at that time. A notifier SHOULD generate NOTIFY requests configured at that time. A notifier SHOULD generate NOTIFY requests
each time the load control policy changes, with the maximum each time the load control policy changes, with the maximum
notification rate not exceeding values defined in Section 5.10. notification rate not exceeding values defined in Section 5.10.
skipping to change at page 13, line 14 skipping to change at page 13, line 27
In the case when load control rules specify a future validity time, In the case when load control rules specify a future validity time,
it is possible that when the validity time comes, the subscription to it is possible that when the validity time comes, the subscription to
the specific notifier that conveyed the rules has expired. In this the specific notifier that conveyed the rules has expired. In this
case, it is RECOMMENDED that the subscriber re-activate its case, it is RECOMMENDED that the subscriber re-activate its
subscription with the corresponding notifier. Regardless of whether subscription with the corresponding notifier. Regardless of whether
this re-activation of subscription is successful or not, when the this re-activation of subscription is successful or not, when the
validity time is reached, the subscriber SHOULD enforce the validity time is reached, the subscriber SHOULD enforce the
corresponding rules. corresponding rules.
When enforcing actions on requests matching the filters, subscribers
SHOULD honor the local policy for prioritizing SIP requests such as
policies based on the content of the Resource-Priority header (RPH,
[RFC4412]). Specific (namespace.value) RPH contents may indicate
high priority requests that should be preserved as much as possible
during overload. The RPH contents can also indicate a low-priority
request that is eligible to be dropped during times of overload.
Other indicators, such as the SOS URN [RFC5031] indicating an
emergency request, may also be used for prioritization.
Upon receipt of a NOTIFY request with a Subscription-State header Upon receipt of a NOTIFY request with a Subscription-State header
field containing the value "terminated", the subscription status with field containing the value "terminated", the subscription status with
the particular notifier will be terminated. However, subscribers the particular notifier will be terminated. However, subscribers
SHOULD NOT change previously received load control policies from that SHOULD NOT change previously received load control policies from that
notifier because of this change in subscription status, unless it has notifier because of this change in subscription status, unless it has
other specific reasons to do so. Modifications of existing load other specific reasons to do so. Modifications of existing load
control policies at the subscriber is performed after directly control policies at the subscriber are performed after directly
receiving notifications containing updated load control policies. receiving notifications containing updated load control policies.
The subscriber SHALL discard unknown bodies. If the NOTIFY request The subscriber SHALL discard unknown bodies. If the NOTIFY request
contains several bodies, none of them being supported, it SHOULD contains several bodies, none of them being supported, it SHOULD
unsubscribe. A NOTIFY request that does not contain a body MUST be unsubscribe. A NOTIFY request that does not contain a body MUST be
ignored. ignored.
5.9. Handling of Forked Requests 5.9. Handling of Forked Requests
Forking is not applicable when the load control event package is used Forking is not applicable when the load control event package is used
within a single-hop distance between neighboring SIP entities. If within a single-hop distance between neighboring SIP entities. If
the communication scope of the load control event package is among the communication scope of the load control event package is among
multiple hops, forking is not expected to happen either because the multiple hops, forking is not expected to happen either because the
subscription request is addressed to a clearly defined SIP entity. subscription request is addressed to a clearly defined SIP entity.
However, in the unlikely case when forking does happen, the load However, in the unlikely case when forking does happen, the load
control event package only allows the first potential dialog- control event package only allows the first potential dialog-
establishing message to create a dialog, as specified in Section establishing message to create a dialog, as specified in Section 5.9
4.4.9 of [RFC3265]. of [RFC6665].
5.10. Rate of Notifications 5.10. Rate of Notifications
Rate of notifications is likely not a concern for this event package Rate of notifications is likely not a concern for this event package
when it is used in a non-real-time mode for relatively static load when it is used in a non-real-time mode for relatively static load
control policies. Nevertheless, if situation does arise that a control policies. Nevertheless, if situation does arise that a
rather frequent load control policy update is needed, it is rather frequent load control policy update is needed, it is
RECOMMENDED that the notifier does not generate notifications at a RECOMMENDED that the notifier does not generate notifications at a
rate higher than once per-second in all cases, in order to avoid the rate higher than once per-second in all cases, in order to avoid the
NOTIFY request itself overloading the system. NOTIFY request itself overloading the system.
skipping to change at page 14, line 11 skipping to change at page 14, line 34
5.11. State Delta 5.11. State Delta
It is likely that updates to specific load control events are made by It is likely that updates to specific load control events are made by
changing the control restriction parameter information only (e.g. changing the control restriction parameter information only (e.g.
rate, percent), but not other rule elements, such as call-identity. rate, percent), but not other rule elements, such as call-identity.
This will typically be because the utilisation of a resource subject This will typically be because the utilisation of a resource subject
to overload depends upon dynamic unknowns such as holding time and to overload depends upon dynamic unknowns such as holding time and
the relative distribution of offered loads over subscribing SIP the relative distribution of offered loads over subscribing SIP
entities. The updates could originate manually or be determined entities. The updates could originate manually or be determined
automatically by a dynamic filter computation algorithm automatically by a dynamic filter computation algorithm
(Section 4.2). Another factor usually not known precisely or is (Section 4.2). Another factor that is usually not known precisely or
computed automatically is the validity duration of the load control needs to be computed automatically is the validity duration of the
event. Therefore it would also be common for the validity to change load control event. Therefore it would also be common for the
frequently. validity to change frequently.
This event package allows the use of state delta to accommodate This event package allows the use of state delta to accommodate
frequent updates of partial rule parameters. As in [RFC3265], a frequent updates of partial rule parameters. As in [RFC6665], a
version number that increases by exactly one is included in the version number that increases by exactly one is included in the
NOTIFY body for each NOTIFY transaction in a subscription. When the NOTIFY body for each NOTIFY transaction in a subscription. When the
subscriber receives a state delta, it associates the partial updates subscriber receives a state delta, it associates the partial updates
to the particular rules by matching the appropriate rule id to the particular rules by matching the appropriate rule id
(Section 6.5). If the subscriber receives a NOTIFY that has a (Section 6.5). If the subscriber receives a NOTIFY that has a
version number that is increased by more than one, it knows that it version number that is increased by more than one, it knows that it
has missed a state delta. The subscriber then keeps the version has missed a state delta. The subscriber then keeps the version
number, ignores the NOTIFY request containing the state delta, and number, ignores the NOTIFY request containing the state delta, and
re-sends a SUBSCRIBE to force a NOTIFY containing a complete state re-sends a SUBSCRIBE to force a NOTIFY containing a complete state
snapshot. snapshot.
skipping to change at page 16, line 32 skipping to change at page 17, line 9
<one id="sip:alice@hotline.example.com"/> <one id="sip:alice@hotline.example.com"/>
<one id="tel:+1-212-555-1234"/> <one id="tel:+1-212-555-1234"/>
</to> </to>
</sip> </sip>
</call-identity> </call-identity>
This example matches call requests whose To header field contains the This example matches call requests whose To header field contains the
SIP URI "sip:alice@hotline.example.com", or the 'tel' URI SIP URI "sip:alice@hotline.example.com", or the 'tel' URI
"tel:+1-212-555-1234". "tel:+1-212-555-1234".
Before evaluating call-identity conditions, the subscriber shall
convert URIs received in SIP header fields in canonical form as per
[RFC3261], except that the phone-context parameter shall not be
removed, if present.
The [RFC4745] <many> and <except> elements may take a "domain" The [RFC4745] <many> and <except> elements may take a "domain"
attribute. The "domain" attribute specifies a domain name to be attribute. The "domain" attribute specifies a domain name to be
matched by the domain part of the candidate identity. Thus, it matched by the domain part of the candidate identity. Thus, it
allows matching a large and possibly unknown number of entities allows matching a large and possibly unknown number of entities
within a domain. The "domain" attribute works well for SIP URIs. within a domain. The "domain" attribute works well for SIP URIs.
A URI identifying a SIP user, however, can also be a 'tel' URI. We A URI identifying a SIP user, however, can also be a 'tel' URI. We
therefore need a similar way to match a group of 'tel' URIs. therefore need a similar way to match a group of 'tel' URIs.
According to [RFC3966], there are two forms of 'tel' URIs for global According to [RFC3966], there are two forms of 'tel' URIs for global
numbers and local numbers, respectively. All phone numbers must be numbers and local numbers, respectively. All phone numbers must be
skipping to change at page 17, line 31 skipping to change at page 18, line 10
of grouping attribute values. In particular, when the "domain" of grouping attribute values. In particular, when the "domain"
attribute value starts with "+", it denotes a number prefix, attribute value starts with "+", it denotes a number prefix,
otherwise, the value denotes a domain name. Note that the tradeoff otherwise, the value denotes a domain name. Note that the tradeoff
of this simpler approach is the overlap in matching different types of this simpler approach is the overlap in matching different types
of URIs. Specifically, a domain name in the "domain" attribute could of URIs. Specifically, a domain name in the "domain" attribute could
be matched by both a SIP URI with that domain name and a local number be matched by both a SIP URI with that domain name and a local number
'tel' URI containing the same domain name in the "phone-context". On 'tel' URI containing the same domain name in the "phone-context". On
the other hand, a number prefix in the "domain" attribute could be the other hand, a number prefix in the "domain" attribute could be
matched by both global number 'tel' URIs starting with those leading matched by both global number 'tel' URIs starting with those leading
digits, and local number 'tel' URIs having the same prefix in the digits, and local number 'tel' URIs having the same prefix in the
"phone-context" parameter. These overlap situations would not be a "phone-context" parameter. However, when the "phone-context"
big problem because of two reasons. First, when the "phone-context" coincides with the SIP domain name or the global number prefix, in
coincides with the SIP domain name or the global number prefix, it is many cases the related phone numbers indeed belong to the same domain
usually the case that the related phone numbers indeed belong to the or the same area, which means the overlap is not inappropriate. It
same domain or the same area, which means the overlap is not should be noted that the method of grouping local numbers as defined
inappropriate. Second, use of the local number 'tel' URI in practice in this document does not support all cases. For example, if the
is expected to be rare. As a result, the chance of such overlap phone-context for short service numbers in a country is the country
happening is very small. code, this solution does not permit to define a filter that excludes
all E.164 numbers in that country but retain all short service
numbers. A complete solution for local number grouping requires a
separate method outside the scope of this document.
The following example shows the use of the re-interpreted "domain" The following example shows the use of the re-interpreted "domain"
attribute. attribute.
<call-identity> <call-identity>
<sip> <sip>
<from> <from>
<many> <many>
<except domain="+1-212"/> <except domain="+1-212"/>
<except domain="manhattan.example.com"/> <except domain="manhattan.example.com"/>
skipping to change at page 18, line 37 skipping to change at page 19, line 19
<from>2008-05-31T12:00:00-05:00</from> <from>2008-05-31T12:00:00-05:00</from>
<until>2008-05-31T15:00:00-05:00</until> <until>2008-05-31T15:00:00-05:00</until>
</validity> </validity>
6.3.3. Method 6.3.3. Method
The load created on a SIP server depends on the type of an initial The load created on a SIP server depends on the type of an initial
SIP request for a dialog or standalone transaction. The <method> SIP request for a dialog or standalone transaction. The <method>
element specifies the SIP method to which a particular action element specifies the SIP method to which a particular action
applies. When this element is not included, the rule actions are applies. When this element is not included, the rule actions are
applicable to all initial methods. applicable to all initial methods. But SUBSCRIBE requests are not
filtered if the event-type header field indicates the event package
defined in this document.
The following example shows the use of the <method> element. The following example shows the use of the <method> element.
<method>INVITE</method> <method>INVITE</method>
6.4. Actions 6.4. Actions
As [RFC4745] specified, conditions form the 'if'-part of rules, while As [RFC4745] specified, conditions form the 'if'-part of rules, while
actions and transformations form the 'then'-part. Transformations actions and transformations form the 'then'-part. Transformations
are not used in the load control document. The actions for load are not used in the load control document. The actions for load
skipping to change at page 19, line 40 skipping to change at page 20, line 23
<actions> <actions>
<accept alt-action="forward" alt-target= <accept alt-action="forward" alt-target=
"sip:answer-machine@example.com"> "sip:answer-machine@example.com">
<rate>100</rate> <rate>100</rate>
</accept> </accept>
</actions> </actions>
6.5. Complete Examples 6.5. Complete Examples
This section presents two complete examples of load control documents This section presents two complete examples of load control documents
vliad with respect to the XML schema defined in Section 7. valid with respect to the XML schema defined in Section 7.
The first example assumes that a set of hotlines are set up at The first example assumes that a set of hotlines are set up at
"sip:alice@hotline.example.com" and "tel:+1-212-555-1234". The "sip:alice@hotline.example.com" and "tel:+1-212-555-1234". The
hotlines are activated from 12:00 to 15:00 US Eastern Standard Time hotlines are activated from 12:00 to 15:00 US Eastern Standard Time
on 2008-05-31. The goal is to limit the incoming calls to the on 2008-05-31. The goal is to limit the incoming calls to the
hotlines to 100 requests per second. Calls that exceed the rate hotlines to 100 requests per second. Calls that exceed the rate
limit are explicitly rejected. limit are explicitly rejected.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy" <ruleset xmlns="urn:ietf:params:xml:ns:common-policy"
skipping to change at page 20, line 31 skipping to change at page 21, line 14
<actions> <actions>
<lc:accept alt-action="reject"> <lc:accept alt-action="reject">
<lc:rate>100</lc:rate> <lc:rate>100</lc:rate>
</lc:accept> </lc:accept>
</actions> </actions>
</rule> </rule>
</ruleset> </ruleset>
The second example considers optimizing server resource usage of a The second example considers optimizing server resource usage of a
three-day period during the aftermath of an earthquake. Incoming three-day period during the aftermath of a hurricane. Incoming calls
calls to the earthquake domain "pompeii.example.com" will be limited to the hurricane domain "pompeii.example.com" will be limited to a
to a rate of 100 requests per second, except for those calls rate of 100 requests per second, except for those calls originating
originating from a particular rescue team domain from a particular rescue team domain "rescue.example.com". Outgoing
"rescue.example.com". Outgoing calls from the earthquake domain or calls from the hurricane domain or calls within the local domain are
calls within the local domain are never limited. All calls that are never limited. All calls that are throttled due to the rate limit
throttled due to the rate limit will be forwarded to an answering will be forwarded to an answering machine with updated hurricane
machine with updated earthquake rescue information. rescue information.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy" <ruleset xmlns="urn:ietf:params:xml:ns:common-policy"
xmlns:lc="urn:ietf:params:xml:ns:load-control" xmlns:lc="urn:ietf:params:xml:ns:load-control"
version="1" state="full"> version="1" state="full">
<rule id="f3g44k2"> <rule id="f3g44k2">
<conditions> <conditions>
<lc:call-identity> <lc:call-identity>
<lc:sip> <lc:sip>
skipping to change at page 21, line 21 skipping to change at page 21, line 50
</lc:from> </lc:from>
</lc:sip> </lc:sip>
</lc:call-identity> </lc:call-identity>
<validity> <validity>
<from>79-08-24T09:00:00+01:00</from> <from>79-08-24T09:00:00+01:00</from>
<until>79-08-27T09:00:00+01:00</until> <until>79-08-27T09:00:00+01:00</until>
</validity> </validity>
</conditions> </conditions>
<actions> <actions>
<lc:accept alt-action="forward" alt-target= <lc:accept alt-action="forward" alt-target=
"sip:earthquake@update.example.com"> "sip:hurricane@update.example.com">
<lc:rate>100</lc:rate> <lc:rate>100</lc:rate>
</lc:accept> </lc:accept>
</actions> </actions>
</rule> </rule>
<ruleset> <ruleset>
7. XML Schema Definition for Load Control 7. XML Schema Definition for Load Control
This section defines the XML schema for the load control document. This section defines the XML schema for the load control document.
skipping to change at page 22, line 34 skipping to change at page 23, line 17
<xs:enumeration value="partial"/> <xs:enumeration value="partial"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
</xs:attribute> </xs:attribute>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<!-- CONDITIONS --> <!-- CONDITIONS -->
<!-- CALL IDENTITY --> <!-- CALL IDENTITY -->
<xs:element name="call-identity" type="lc:call-type"/> <xs:element name="call-identity" type="lc:call-identity-type"/>
<xs:element name="method" type="lc:method-type"/> <xs:element name="method" type="lc:method-type"/>
<!-- CALL TYPE --> <!-- CALL IDENTITY TYPE -->
<xs:complexType name="call-type"> <xs:complexType name="call-identity-type">
<xs:choice> <xs:choice>
<xs:element name="sip" type="lc:sip-id-type"/> <xs:element name="sip" type="lc:sip-id-type"/>
<any namespace="##other" processContents="lax" minOccurs="0" <any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
</xs:choice> </xs:choice>
<anyAtrribute namespace="##other" processContents="lax"/> <anyAtrribute namespace="##other" processContents="lax"/>
</xs:complexType> </xs:complexType>
<!-- SIP ID TYPE --> <!-- SIP ID TYPE -->
<xs:complexType name="sip-id-type"> <xs:complexType name="sip-id-type">
skipping to change at page 23, line 47 skipping to change at page 24, line 31
</xs:element> </xs:element>
</xs:schema> </xs:schema>
8. Related Work 8. Related Work
8.1. Relationship with Load Filtering in PSTN 8.1. Relationship with Load Filtering in PSTN
It is known that the existing PSTN network also uses a load filtering It is known that the existing PSTN network also uses a load filtering
mechanism to prevent overload and the filter configuration is done mechanism to prevent overload and the filter configuration is done
manually. This specification defines a SIP events framework based manually except in specific cases when the Intelligent Network
distribution mechanism which allows automated filter distribution in architecture is used [AINGR]. This specification defines a SIP
suitable environments. events framework based distribution mechanism which allows automated
filter distribution in suitable environments.
There are control messages associated with PSTN overload control There are control messages associated with PSTN overload control
which would specify an outgoing control list, call gap duration and which would specify an outgoing control list, call gap duration and
control duration [AINGR]. These items could be roughly correlated to control duration [AINGR]. These items could be roughly correlated to
the identity, action and time fields of the SIP load filter defined the identity, action and time fields of the SIP load filter defined
in this specification. However, the filter defined in this in this specification. However, the filter defined in this
specification is much more generic and flexible as opposed to its specification is much more generic and flexible as opposed to its
PSTN counterpart. PSTN counterpart.
Firstly, PSTN load filtering only applies to telephone numbers, and Firstly, PSTN load filtering only applies to telephone numbers. The
the number of prefix to be matched for a group of telephone numbers SIP filter identity allows both SIP URI and telephone numbers
is usually a fixed set. The SIP filter identity allows both SIP URI (through Tel URI) to be specified. The identities can be arbitrarily
and telephone numbers (through Tel URI) to be specified. The grouped by SIP domains or any number of leading prefix of the
identities can be arbitrarily grouped by SIP domains or any number of telephone numbers.
leading prefix of the telephone numbers.
Secondly, the PSTN filtering action is usually limited to call Secondly, the PSTN filtering action is usually limited to call
gapping with a fixed set of allowed gapping intervals. The action gapping. The action field in the SIP load filter allows more
field in the SIP load filter allows more flexible rate throttle and flexible rate throttle and other possibilities.
other possibilities.
Thirdly, the duration field in PSTN filtering specifies a value in Thirdly, the duration field in PSTN filtering specifies a value in
seconds for the control duration only, and the allowed values are seconds for the control duration only, and the allowed values are
mapped into a value set. The time field in the SIP load filter may mapped into a value set. The time field in the SIP load filter may
specify not only a duration, but also a future activation time which specify not only a duration, but also a future activation time which
could be especially useful for automating load control for could be especially useful for automating load control for
predictable overloads. predictable overloads.
PSTN filtering can be performed in both edge switches and transit PSTN filtering can be performed in both edge switches and transit
switches; SIP filtering can also be applied in both edge proxy switches; SIP filtering can also be applied in both edge proxy
skipping to change at page 29, line 14 skipping to change at page 29, line 48
these cases. these cases.
P/A. Because the filters are provisioned in advance, they are not P/A. Because the filters are provisioned in advance, they are not
affected by the overload or failure of other nodes. But, on the affected by the overload or failure of other nodes. But, on the
other hand, they may not, in those cases, be able to protect the other hand, they may not, in those cases, be able to protect the
overloaded node (see Req 1). overloaded node (see Req 1).
REQ 16: The mechanism should attempt to minimize the overhead of REQ 16: The mechanism should attempt to minimize the overhead of
the overload control messaging. the overload control messaging.
Yes. The standardized SIP event package mechanism RFC3265 [RFC3265] Yes. The standardized SIP event package mechanism [RFC6665] is used.
is used.
REQ 17: The overload mechanism must not provide an avenue for REQ 17: The overload mechanism must not provide an avenue for
malicious attack, including DoS and DDoS attacks. malicious attack, including DoS and DDoS attacks.
P/A. This mechanism does provide a potential avenue for malicious P/A. This mechanism does provide a potential avenue for malicious
attacks. Therefore the security mechanisms for SIP event packages in attacks. Therefore the security mechanisms for SIP event packages in
general [RFC3265] and of section 10 of this specification should be general [RFC6665] and of section 10 of this specification should be
used. used.
REQ 18: The overload mechanism should be unambiguous about whether REQ 18: The overload mechanism should be unambiguous about whether
a load indication applies to a specific IP address, host, or URI, a load indication applies to a specific IP address, host, or URI,
so that an upstream element can determine the load of the entity so that an upstream element can determine the load of the entity
to which a request is to be sent. to which a request is to be sent.
Yes. The identity of load indication is covered in the filter format Yes. The identity of load indication is covered in the filter format
definition in Section 4.1. definition in Section 4.1.
skipping to change at page 30, line 37 skipping to change at page 31, line 21
Yes. The load control event package does not preclude its use in a Yes. The load control event package does not preclude its use in a
scenario with server farms. scenario with server farms.
10. Security Considerations 10. Security Considerations
Two aspects of security considerations arise from this specification. Two aspects of security considerations arise from this specification.
One is the SIP event framework based filter distribution mechanism, One is the SIP event framework based filter distribution mechanism,
the other is the filter enforcement mechanism. the other is the filter enforcement mechanism.
Security considerations for SIP event framework based mechanisms are Security considerations for SIP event framework based mechanisms are
covered in Section 5 of [RFC3265]. A particularly relevant security covered in Section 6 of [RFC6665]. A particularly relevant security
concern for this event package is that if the notifiers can be concern for this event package is that if the notifiers can be
spoofed, attackers can send fake notifications asking subscribers to spoofed, attackers can send fake notifications asking subscribers to
throttle all traffic, leading to Denial-of-Service attacks. throttle all traffic, leading to Denial-of-Service attacks.
Therefore, all load control notification MUST be authenticated and Therefore, all load control notification MUST be authenticated and
authorized before being accepted. Standard authentication and authorized before being accepted. Standard authentication and
authorization mechanisms recommended in [RFC3261] such as TLS authorization mechanisms recommended in [RFC3261] such as TLS
[RFC5246] and IPSec [RFC4301] may serve this purpose. On the other [RFC5246] and IPSec [RFC4301] may serve this purpose. On the other
hand, if a legitimate notifier is itself compromised, additional hand, if a legitimate notifier is itself compromised, additional
mechanisms will be needed to detect the attack. mechanisms will be needed to detect the attack.
skipping to change at page 31, line 19 skipping to change at page 31, line 50
optional. optional.
11. IANA Considerations 11. IANA Considerations
This specification registers a SIP event package, a new MIME type, a This specification registers a SIP event package, a new MIME type, a
new XML namespace, and a new XML schema. new XML namespace, and a new XML schema.
11.1. Load Control Event Package Registration 11.1. Load Control Event Package Registration
This section registers an event package based on the registration This section registers an event package based on the registration
procedures defined in [RFC3265]. procedures defined in [RFC6665].
Package name: load-control Package name: load-control
Type: package Type: package
Published specification: This specification Published specification: This specification
Person to contact: Charles Shen, charles@cs.columbia.edu Person to contact: Charles Shen, charles@cs.columbia.edu
11.2. application/load-control+xml MIME Registration 11.2. application/load-control+xml MIME Registration
skipping to change at page 32, line 46 skipping to change at page 33, line 28
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
and its last line is and its last line is
</xs:schema> </xs:schema>
12. Acknowledgements 12. Acknowledgements
The authors would like to thank Bruno Chatras, Martin Dolly, Keith The authors would like to thank Bruno Chatras, Martin Dolly, Keith
Drage, Ashutosh Dutta, Janet Gunn, Vijay Gurbani, Volker Hilt, Geoff Drage, Ashutosh Dutta, Janet Gunn, Vijay Gurbani, Volker Hilt, Geoff
Hunt, Hadriel Kaplan, Paul Kyzivat, Salvatore Loreto, Timothy Moran, Hunt, Carolyn Johnson, Hadriel Kaplan, Paul Kyzivat, Salvatore
Eric Noel, Parthasarathi R, Shida Schubert, Robert Sparks, Phil Loreto, Timothy Moran, Eric Noel, Parthasarathi R, Shida Schubert,
Williams and other members of the SOC and SIPPING working group for Robert Sparks, Phil Williams and other members of the SOC and SIPPING
many helpful comments. In addition, Bruno Chatras proposed the working group for many helpful comments. In particular, Bruno
<method> condition element. Janet Gunn provided detailed text Chatras proposed the <method> condition element along with many other
suggestions for Section 9. Shida made many suggestions about text improvements. Janet Gunn provided detailed text suggestions for
Section 9. Eric Noel suggested clarification on filter distribution
initialization process. Shida Schubert made many suggestions about
terminology usage. Phil Williams suggested adding support for delta terminology usage. Phil Williams suggested adding support for delta
updates. Ashutosh Dutta gave pointers to PSTN references. updates. Ashutosh Dutta gave pointers to PSTN references.
13. References 13. References
13.1. Normative References 13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997. [RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media
Types", RFC 3023, January 2001. Types", RFC 3023, January 2001.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC3265] Roach, A., "Session Initiation Protocol (SIP)-Specific
Event Notification", RFC 3265, June 2002.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004. January 2004.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers",
RFC 3966, December 2004. RFC 3966, December 2004.
[RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and
Registration Procedures", BCP 13, RFC 4288, December 2005. Registration Procedures", BCP 13, RFC 4288, December 2005.
[RFC4745] Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., [RFC4745] Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J.,
Polk, J., and J. Rosenberg, "Common Policy: A Document Polk, J., and J. Rosenberg, "Common Policy: A Document
Format for Expressing Privacy Preferences", RFC 4745, Format for Expressing Privacy Preferences", RFC 4745,
February 2007. February 2007.
[RFC6665] Roach, A., "SIP-Specific Event Notification", RFC 6665,
July 2012.
13.2. Informative References 13.2. Informative References
[AINGR] Bell Communications Research, "AINGR: Service Control [AINGR] Bell Communications Research, "AINGR: Service Control
Point (SCP) Network Traffic Management", GR-2938-CORE , Point (SCP) Network Traffic Management", GR-2938-CORE ,
December 1996. December 1996.
[I-D.ietf-soc-overload-control] [I-D.ietf-soc-overload-control]
Gurbani, V., Hilt, V., and H. Schulzrinne, "Session Gurbani, V., Hilt, V., and H. Schulzrinne, "Session
Initiation Protocol (SIP) Overload Control", Initiation Protocol (SIP) Overload Control",
draft-ietf-soc-overload-control-07 (work in progress), draft-ietf-soc-overload-control-09 (work in progress),
January 2012. July 2012.
[RFC2648] Moats, R., "A URN Namespace for IETF Documents", RFC 2648, [RFC2648] Moats, R., "A URN Namespace for IETF Documents", RFC 2648,
August 1999. August 1999.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
[RFC4412] Schulzrinne, H. and J. Polk, "Communications Resource [RFC4412] Schulzrinne, H. and J. Polk, "Communications Resource
Priority for the Session Initiation Protocol (SIP)", Priority for the Session Initiation Protocol (SIP)",
RFC 4412, February 2006. RFC 4412, February 2006.
[RFC4825] Rosenberg, J., "The Extensible Markup Language (XML) [RFC4825] Rosenberg, J., "The Extensible Markup Language (XML)
Configuration Access Protocol (XCAP)", RFC 4825, May 2007. Configuration Access Protocol (XCAP)", RFC 4825, May 2007.
[RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for
Emergency and Other Well-Known Services", RFC 5031,
January 2008.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5390] Rosenberg, J., "Requirements for Management of Overload in [RFC5390] Rosenberg, J., "Requirements for Management of Overload in
the Session Initiation Protocol", RFC 5390, December 2008. the Session Initiation Protocol", RFC 5390, December 2008.
[RFC6357] Hilt, V., Noel, E., Shen, C., and A. Abdelal, "Design [RFC6357] Hilt, V., Noel, E., Shen, C., and A. Abdelal, "Design
Considerations for Session Initiation Protocol (SIP) Considerations for Session Initiation Protocol (SIP)
Overload Control", RFC 6357, August 2011. Overload Control", RFC 6357, August 2011.
Authors' Addresses Authors' Addresses
Charles Shen Charles Shen
AT&T Security Research Center Columbia University
33 Thomas Street Department of Computer Science
New York, NY 10007 1214 Amsterdam Avenue, MC 0401
New York, NY 10027
USA USA
Phone: +1 212 513 2081 Phone: +1 212 854 3109
Email: shen@att.com Email: charles@cs.columbia.edu
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
1214 Amsterdam Avenue, MC 0401 1214 Amsterdam Avenue, MC 0401
New York, NY 10027 New York, NY 10027
USA USA
Phone: +1 212 939 7004 Phone: +1 212 939 7004
Email: schulzrinne@cs.columbia.edu Email: schulzrinne@cs.columbia.edu
skipping to change at page 35, line 4 skipping to change at page 35, line 38
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
1214 Amsterdam Avenue, MC 0401 1214 Amsterdam Avenue, MC 0401
New York, NY 10027 New York, NY 10027
USA USA
Phone: +1 212 939 7004 Phone: +1 212 939 7004
Email: schulzrinne@cs.columbia.edu Email: schulzrinne@cs.columbia.edu
Arata Koike Arata Koike
NTT Service Integration Labs & NTT Service Integration Labs
3-9-11 Midori-cho Musashino-shi 3-9-11 Midori-cho Musashino-shi
Tokyo, 184-0013 Tokyo, 184-0013
Japan Japan
Phone: +81 422 59 6099 Phone: +81 422 59 6099
Email: koike.arata@lab.ntt.co.jp Email: koike.arata@lab.ntt.co.jp
 End of changes. 63 change blocks. 
168 lines changed or deleted 207 lines changed or added

This html diff was produced by rfcdiff 1.39p1. The latest version is available from http://tools.ietf.org/tools/rfcdiff/