idnits 2.17.1 draft-tarapore-mboned-multicast-cdni-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. (A line matching the expected section header was found, but with an unexpected indentation: ' 2. Overview of Inter-domain Multicast Application Transport' ) ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 5. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) (A line matching the expected section header was found, but with an unexpected indentation: ' 6. IANA Considerations' ) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 115 has weird spacing: '...Catalog all ...' == Line 238 has weird spacing: '...network envi...' == Line 251 has weird spacing: '... Users in A...' == Line 302 has weird spacing: '... o It is r...' == Line 305 has weird spacing: '... entire netwo...' == (16 more instances...) == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 27, 2014) is 3459 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'RFC4607' on line 1093 looks like a reference -- Missing reference section? 'RFC4604' on line 1088 looks like a reference -- Missing reference section? 'RFC2784' on line 1082 looks like a reference -- Missing reference section? 'IETF-ID-AMT' on line 1085 looks like a reference -- Missing reference section? 'RFC2236' on line 640 looks like a reference Summary: 3 errors (**), 0 flaws (~~), 8 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 MBONED Working Group Percy S. Tarapore 2 Internet Draft Robert Sayko 3 Intended status: BCP AT&T 4 Expires: April 27, 2015 Greg Shepherd 5 Toerless Eckert 6 Cisco 7 Ram Krishnan 8 Brocade 9 October 27, 2014 11 Multicasting Applications Across Inter-Domain Peering Points 12 draft-tarapore-mboned-multicast-cdni-07.txt 14 Status of this Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six 25 months and may be updated, replaced, or obsoleted by other documents 26 at any time. It is inappropriate to use Internet-Drafts as 27 reference material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on April 27, 2015. 31 Copyright Notice 33 Copyright (c) 2014 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with 41 respect to this document. Code Components extracted from this 42 document must include Simplified BSD License text as described in 43 Section 4.e of the Trust Legal Provisions and are provided without 44 warranty as described in the Simplified BSD License. 46 This document may contain material from IETF Documents or IETF 47 Contributions published or made publicly available before November 48 10, 2008. The person(s) controlling the copyright in some of this 49 material may not have granted the IETF Trust the right to allow 50 modifications of such material outside the IETF Standards Process. 51 Without obtaining an adequate license from the person(s) controlling 52 the copyright in such materials, this document may not be modified 53 outside the IETF Standards Process, and derivative works of it may 54 not be created outside the IETF Standards Process, except to format 55 it for publication as an RFC or to translate it into languages other 56 than English. 58 Abstract 60 This document examines the process of transporting applications via 61 multicast across inter-domain peering points. The objective is to 62 describe the setup process for multicast-based delivery across 63 administrative domains and document supporting functionality to 64 enable this process. 66 Table of Contents 68 1. Introduction...................................................3 69 2. Overview of Inter-domain Multicast Application Transport.......4 70 3. Inter-domain Peering Point Requirements for Multicast..........5 71 3.1. Native Multicast..........................................5 72 3.2. Peering Point Enabled with GRE Tunnel.....................7 73 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 74 Enabled........................................................8 75 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast 76 Enabled........................................................9 77 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through 78 AD-2..........................................................11 79 4. Supporting Functionality......................................13 80 4.1. Network Interconnection Transport and Security Guidelines14 81 4.2. Routing Aspects and Related Guidelines...................15 82 4.2.1 Native Multicast Routing Aspects..................15 83 4.2.2 GRE Tunnel over Interconnecting Peering Point.....16 84 4.2.3 Routing Aspects with AMT Tunnels.....................16 85 4.3. Back Office Functions - Billing and Logging Guidelines...19 86 4.3.1 Provisioning Guidelines...........................19 87 4.3.2 Application Accounting Billing Guidelines.........20 88 4.3.3 Log Management Guidelines.........................21 89 4.3.4 Settlement Guidelines.............................21 90 4.4. Operations - Service Performance and Monitoring Guidelines22 91 4.5. Client Reliability Models/Service Assurance Guidelines...24 93 5. Security Considerations.......................................25 94 6. IANA Considerations...........................................25 95 7. Conclusions...................................................25 96 8. References....................................................26 97 8.1. Normative References.....................................26 98 8.2. Informative References...................................26 99 9. Acknowledgments...............................................26 101 1. Introduction 103 Several types of applications (e.g., live video streaming, software 104 downloads) are well suited for delivery via multicast means. The use 105 of multicast for delivering such applications offers significant 106 savings for utilization of resources in any given administrative 107 domain. End user demand for such applications is growing. Often, 108 this requires transporting such applications across administrative 109 domains via inter-domain peering points. 111 The objective of this Best Current Practices document is twofold: 112 o Describe the process and establish guidelines for setting up 113 multicast-based delivery of applications across inter-domain 114 peering points, and 115 o Catalog all required information exchange between the 116 administrative domains to support multicast-based delivery. 118 While there are sSeveral multicast protocols are available for use, 119 this BCP will focus the discussion to those that are applicable and 120 recommended for the peering requirements of today's service model, 121 including: 123 o Protocol Independent Multicast - Source Specific Multicast 124 (PIM-SSM) [RFC4607] 125 o Internet Group Management Protocol (IGMP) v3 [RFC4604] 126 o Multicast Listener Discovery (MLD) [RFC4604] 128 This BCP is independent of the choice of multicast protocol; it 129 focuses solely on the implications for the inter-domain peering 130 points. 132 This document therefore serves the purpose of a "Gap Analysis" 133 exercise for this process. The rectification of any gaps identified 134 - whether they involve protocol extension development or otherwise - 135 is beyond the scope of this document and is for further study. 137 2. Overview of Inter-domain Multicast Application Transport 139 A multicast-based application delivery scenario is as follows: 140 o Two independent administrative domains are interconnected via a 141 peering point. 142 o The peering point is either multicast enabled (end-to-end 143 native multicast across the two domains) or it is connected by 144 one of two possible tunnel types: 145 o A Generic Routing Encapsulation (GRE) Tunnel [RFC2784] 146 allowing multicast tunneling across the peering point, or 147 o An Automatic Multicast Tunnel (AMT) [IETF-ID-AMT]. 148 o The application stream originates at a source in Domain 1. 149 o An End User associated with Domain 2 requests the application. 150 It is assumed that the application is suitable for delivery via 151 multicast means (e.g., live steaming of major events, software 152 downloads to large numbers of end user devices, etc.) 153 o The request is communicated to the application source which 154 provides the relevant multicast delivery information to the EU 155 device via a "manifest file". At a minimum, this file contains 156 the {Source, Group} or (S,G) information relevant to the 157 multicast stream. 158 o The application client in the EU device then joins the 159 multicast stream distributed by the application source in 160 domain 1 utilizing the (S,G) information provided in the 161 manifest file. The manifest file may also contain additional 162 information that the application client can use to locate the 163 source and join the stream. 165 It should be noted that the second administrative domain - domain 2 166 - may be an independent network domain (e.g., Tier 1 network 167 operator domain) or it could also be an Enterprise network operated 168 by a single customer. The peering point architecture and 169 requirements may have some unique aspects associated with the 170 Enterprise case. 172 The Use Cases describing various architectural configurations for 173 the multicast distribution along with associated requirements is 174 described in section 3. Unique aspects related to the Enterprise 175 network possibility will be described in this section. A 176 comprehensive list of pertinent information that needs to be 177 exchanged between the two domains to support various functions 178 enabling the application transport is provided in section 4. 180 3. Inter-domain Peering Point Requirements for Multicast 182 The transport of applications using multicast requires that the 183 inter-domain peering point is enabled to support such a process. 184 There are three possible Use Cases for consideration. 186 3.1. Native Multicast 188 This Use Case involves end-to-end Native Multicast between the two 189 administrative domains and the peering point is also native 190 multicast enabled - Figure 1. 192 ------------------- ------------------- 193 / AD-1 \ / AD-2 \ 194 / (Multicast Enabled) \ / (Multicast Enabled) \ 195 / \ / \ 196 | +----+ | | | 197 | | | +------+ | | +------+ | +----+ 198 | | AS |------>| BR |-|---------|->| BR |-------------|-->| EU | 199 | | | +------+ | I1 | +------+ |I2 +----+ 200 \ +----+ / \ / 201 \ / \ / 202 \ / \ / 203 ------------------- ------------------- 205 AD = Administrative Domain (Independent Autonomous System) 206 AS = Application (e.g., Content) Multicast Source 207 BR = Border Router 208 I1 = AD-1 and AD-2 Multicast Interconnection (MBGP or BGMP) 209 I2 = AD-2 and EU Multicast Connection 211 Figure 1 - Content Distribution via End to End Native Multicast 213 Advantages of this configuration are: 215 o Most efficient use of bandwidth in both domains 217 o Fewer devices in the path traversed by the multicast stream 218 when compared to unicast transmissions. 220 From the perspective of AD-1, the one disadvantage associated with 221 native multicast into AD-2 instead of individual unicast to every EU 222 in AD-2 is that it does not have the ability to count the number of 223 End Users as well as the transmitted bytes delivered to them. This 224 information is relevant from the perspective of customer billing and 225 operational logs. It is assumed that such data will be collected by 226 the application layer. The application layer mechanisms for 227 generating this information need to be robust enough such that all 228 pertinent requirements for the source provider and the AD operator 229 are satisfactorily met. The specifics of these methods are beyond 230 the scope of this document. 232 Architectural guidelines for this configuration are as follows: 234 o Dual homing for peering points between domains is recommended 235 as a way to ensure reliability with full BGP table visibility. 237 o If the peering point between AD-1 and AD-2 is a controlled 238 network environment, then bandwidth can be allocated 239 accordingly by the two domains to permit the transit of non- 240 rate adaptive multicast traffic. If this is not the case, then 241 it is recommended that the multicast traffic should support 242 rate-adaption. 244 o The sending and receiving of multicast traffic between two 245 domains is typically determined by local policies associated 246 with each domain. For example, if AD-1 is a service provider 247 and AD-2 is an enterprise, then AD-1 may support local policies 248 for traffic delivery to, but not traffic reception from AD-2. 250 o Relevant information on multicast streams delivered to End 251 Users in AD-2 is assumed to be collected by available 252 capabilities in the application layer. The precise nature and 253 formats of the collected information will be determined by 254 directives from the source owner and the domain operators. 256 3.2. Peering Point Enabled with GRE Tunnel 258 The peering point is not native multicast enabled in this Use Case. 259 There is a Generic Routing Encapsulation Tunnel provisioned over the 260 peering point. In this case, the interconnection I1 between AD-1 and 261 AD-2 in Figure 1 is multicast enabled via a Generic Routing 262 Encapsulation Tunnel (GRE) [RFC2784] and encapsulating the multicast 263 protocols across the interface. The routing configuration is 264 basically unchanged: Instead of BGP (SAFI2) across the native IP 265 multicast link between AD-1 and AD-2, BGP (SAFI2) is now run across 266 the GRE tunnel. 268 Advantages of this configuration: 270 o Highly efficient use of bandwidth in both domains although not 271 as efficient as the fully native multicast Use Case. 273 o Fewer devices in the path traversed by the multicast stream 274 when compared to unicast transmissions. 276 o Ability to support only partial IP multicast deployments in AD- 277 1 and/or AD-2. 279 o GRE is an existing technology and is relatively simple to 280 implement. 282 Disadvantages of this configuration: 284 o Per Use Case 3.1, current router technology cannot count the 285 number of end users or the number bytes transmitted. 287 o GRE tunnel requires manual configuration. 289 o GRE must be in place prior to stream starting. 291 o GRE is often left pinned up 293 Architectural guidelines for this configuration include the 294 following: 296 Guidelines (a) through (d) are the same as those described in Use 297 Case 3.1. 299 o GRE tunnels are typically configured manually between peering 300 points to support multicast delivery between domains. 302 o It is recommended that the GRE tunnel (tunnel server) 303 configuration in the source network is such that it only 304 advertises the routes to the application sources and not to the 305 entire network. This practice will prevent unauthorized 306 delivery of applications through the tunnel (e.g., if 307 application - e.g., content - is not part of an agreed inter- 308 domain partnership). 310 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 311 Enabled 313 Both administrative domains in this Use Case are assumed to be 314 native multicast enabled here; however the peering point is not. The 315 peering point is enabled with an Automatic Multicast Tunnel. The 316 basic configuration is depicted in Figure 2. 318 ------------------- ------------------- 319 / AD-1 \ / AD-2 \ 320 / (Multicast Enabled) \ / (Multicast Enabled) \ 321 / \ / \ 322 | +----+ | | | 323 | | | +------+ | | +------+ | +----+ 324 | | AS |------>| AR |-|---------|->| AG |-------------|-->| EU | 325 | | | +------+ | I1 | +------+ |I2 +----+ 326 \ +----+ / \ / 327 \ / \ / 328 \ / \ / 329 ------------------- ------------------- 331 AR = AMT Relay 332 AG = AMT Gateway 333 I1 = AMT Interconnection between AD-1 and AD-2 334 I2 = AD-2 and EU Multicast Connection 336 Figure 2 - AMT Interconnection between AD-1 and AD-2 338 Advantages of this configuration: 340 o Highly efficient use of bandwidth in AD-1. 342 o AMT is an existing technology and is relatively simple to 343 implement. Attractive properties of AMT include the following: 345 o Dynamic interconnection between Gateway-Relay pair across 346 the peering point. 348 o Ability to serve clients and servers with differing 349 policies. 351 Disadvantages of this configuration: 353 o Per Use Case 3.1 (AD-2 is native multicast), current router 354 technology cannot count the number of end users or the number 355 bytes transmitted. 357 o Additional devices (AMT Gateway and Relay pairs) may be 358 introduced into the path if these services are not incorporated 359 in the existing routing nodes. 361 o Currently undefined mechanisms to select the AR from the AG 362 automatically. 364 Architectural guidelines for this configuration are as follows: 366 Guidelines (a) through (d) are the same as those described in Use 367 Case 3.1. 369 e. It is recommended that AMT Relay and Gateway pairs be 370 configured at the peering points to support multicast delivery 371 between domains. AMT tunnels will then configure dynamically 372 across the peering points once the Gateway in AD-2 receives the 373 (S, G) information from the EU. 375 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast Enabled 377 In this AMT Use Case, the second administrative domain AD-2 is not 378 multicast enabled. This implies that the interconnection between AD- 379 2 and the End User is also not multicast enabled as depicted in 380 Figure 3. 382 ------------------- ------------------- 383 / AD-1 \ / AD-2 \ 384 / (Multicast Enabled) \ / (Non-Multicast \ 385 / \ / Enabled) \ 386 | +----+ | | | 387 | | | +------+ | | | +----+ 388 | | AS |------>| AR |-|---------|-----------------------|-->|EU/G| 389 | | | +------+ | | |I2 +----+ 390 \ +----+ / \ / 391 \ / \ / 392 \ / \ / 393 ------------------- ------------------- 395 AS = Application Multicast Source 396 AR = AMT Relay 397 EU/G = Gateway client embedded in EU device 398 I2 = AMT Tunnel Connecting EU/G to AR in AD-1 through Non-Multicast 399 Enabled AD-2. 401 Figure 3 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 403 This Use Case is equivalent to having unicast distribution of the 404 application through AD-2. The total number of AMT tunnels would be 405 equal to the total number of End Users requesting the application. 406 The peering point thus needs to accommodate the total number of AMT 407 tunnels between the two domains. Each AMT tunnel can provide the 408 data usage associated with each End User. 410 Advantages of this configuration: 412 o Highly efficient use of bandwidth in AD-1. 414 o AMT is an existing technology and is relatively simple to 415 implement. Attractive properties of AMT include the following: 417 o Dynamic interconnection between Gateway-Relay pair across 418 the peering point. 420 o Ability to serve clients and servers with differing 421 policies. 423 o Each AMT tunnel serves as a count for each End User and is also 424 able to track data usage (bytes) delivered to the EU. 426 Disadvantages of this configuration: 428 o Additional devices (AMT Gateway and Relay pairs) are introduced 429 into the transport path. 431 o Assuming multiple peering points between the domains, the EU 432 Gateway needs to be able to find the "correct" AMT Relay in AD- 433 1. 435 Architectural guidelines for this configuration are as follows: 437 Guidelines (a) through (c) are the same as those described in Use 438 Case 3.1. 440 d. It is recommended that proper procedures are implemented such 441 that the AMT Gateway at the End User device is able to find the 442 correct AMT Relay in AD-1 across the peering points. The 443 application client in the EU device is expected to supply the (S, 444 G) information to the Gateway for this purpose. 446 e. The AMT tunnel capabilities are expected to be sufficient for 447 the purpose of collecting relevant information on the multicast 448 streams delivered to End Users in AD-2. 450 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through AD-2 452 This is a variation of Use Case 3.4 as follows: 454 ------------------- ------------------- 455 / AD-1 \ / AD-2 \ 456 / (Multicast Enabled) \ / (Non-Multicast \ 457 / \ / Enabled) \ 458 | +----+ | |+--+ +--+ | 459 | | | +------+ | ||AG| |AG| | +----+ 460 | | AS |------>| AR |-|-------->||AR|------------->|AR|-|-->|EU/G| 461 | | | +------+ | I1 ||1 | I2 |2 | |I3 +----+ 462 \ +----+ / \+--+ +--+ / 463 \ / \ / 464 \ / \ / 465 ------------------- ------------------- 467 (Note: Diff-marks for the figure have been removed to improve 468 viewing) 470 AS = Application Source 471 AR = AMT Relay in AD-1 472 AGAR1 = AMT Gateway/Relay node in AD-2 across Peering Point 473 I1 = AMT Tunnel Connecting AR in AD-1 to GW in AGAR1 in AD-2 474 AGAR2 = AMT Gateway/Relay node at AD-2 Network Edge 475 I2 = AMT Tunnel Connecting Relay in AGAR1 to GW in AGAR2 476 EU/G = Gateway client embedded in EU device 477 I3 = AMT Tunnel Connecting EU/G to AR in AGAR2 479 Figure 4 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 481 Use Case 3.4 results in several long AMT tunnels crossing the entire 482 network of AD-2 linking the EU device and the AMT Relay in AD-1 483 through the peering point. Depending on the number of End Users, 484 there is a likelihood of an unacceptably large number of AMT tunnels 485 - and unicast streams - through the peering point. This situation 486 can be alleviated as follows: 488 o Provisioning of strategically located AMT nodes at the edges of 489 AD-2. An AMT node comprises co-location of an AMT Gateway and 490 an AMT Relay. One such node is at the AD-2 side of the peering 491 point (node AGAR1 in Figure 4). 493 o Single AMT tunnel established across peering point linking AMT 494 Relay in AD-1 to the AMT Gateway in the AMT node AGAR1 in AD-2. 496 o AMT tunnels linking AMT node AGAR1 at peering point in AD-2 to 497 other AMT nodes located at the edges of AD-2: e.g., AMT tunnel 498 I2 linking AMT Relay in AGAR1 to AMT Gateway in AMT node AGAR2 499 in Figure 4. 501 o AMT tunnels linking EU device (via Gateway client embedded in 502 device) and AMT Relay in appropriate AMT node at edge of AD-2: 503 e.g., I3 linking EU Gateway in device to AMT Relay in AMT node 504 AGAR2. 506 The advantage for such a chained set of AMT tunnels is that the 507 total number of unicast streams across AD-2 is significantly reduced 508 thus freeing up bandwidth. Additionally, there will be a single 509 unicast stream across the peering point instead of possibly, an 510 unacceptably large number of such streams per Use Case 3.4. However, 511 this implies that several AMT tunnels will need to be dynamically 512 configured by the various AMT Gateways based solely on the (S,G) 513 information received from the application client at the EU device. A 514 suitable mechanism for such dynamic configurations is therefore 515 critical. 517 Architectural guidelines for this configuration are as follows: 519 Guidelines (a) through (c) are the same as those described in Use 520 Case 3.1. 522 d. It is recommended that proper procedures are implemented such 523 that the various AMT Gateways (at the End User devices and the AMT 524 nodes in AD-2) are able to find the correct AMT Relay in other AMT 525 nodes as appropriate. The application client in the EU device is 526 expected to supply the (S, G) information to the Gateway for this 527 purpose. 529 e. The AMT tunnel capabilities are expected to be sufficient for 530 the purpose of collecting relevant information on the multicast 531 streams delivered to End Users in AD-2. 533 4. Supporting Functionality 535 Supporting functions and related interfaces over the peering point 536 that enable the multicast transport of the application are listed in 537 this section. Critical information parameters that need to be 538 exchanged in support of these functions are enumerated along with 539 guidelines as appropriate. Specific interface functions for 540 consideration are as follows. 542 4.1. Network Interconnection Transport and Security Guidelines 544 The term "Network Interconnection Transport" refers to the 545 interconnection points between the two Administrative Domains. The 546 following is a representative set of attributes that will need to be 547 agreed to between the two administrative domains to support 548 multicast delivery. 550 o Number of Peering Points 552 o Peering Point Addresses and Locations 554 o Connection Type - Dedicated for Multicast delivery or shared 555 with other services 557 o Connection Mode - Direct connectivity between the two AD's or 558 via another ISP 560 o Peering Point Protocol Support - Multicast protocols that will 561 be used for multicast delivery will need to be supported at 562 these points. Examples of protocols include eBGP, BGMP, and 563 MBGP. 565 o Bandwidth Allocation - If shared with other services, then 566 there needs to be a determination of the share of bandwidth 567 reserved for multicast delivery. 569 o QoS Requirements - Delay/latency specifications that need to be 570 specified in an SLA. 572 o AD Roles and Responsibilities - the role played by each AD for 573 provisioning and maintaining the set of peering points to 574 support multicast delivery. 576 From a security perspective, it is expected that normal/typical 577 security procedures will be followed by each AD to facilitate 578 multicast delivery to registered and authenticated end users. Some 579 security aspects for consideration are: 581 o Encryption - Peering point links may be encrypted per agreement 582 if dedicated for multicast delivery. 584 o Security Breach Mitigation Plan - In the event of a security 585 breach, the two AD's are expected to have a mitigation plan for 586 shutting down the peering point and directing multicast traffic 587 over alternated peering points. It is also expected that 588 appropriate information will be shared for the purpose of 589 securing the identified breach. 591 4.2. Routing Aspects and Related Guidelines 593 The main objective for multicast delivery routing is to ensure that 594 the End User receives the multicast stream from the "most optimal" 595 source [INF_ATIS_10] which typically: 597 o Maximizes the multicast portion of the transport and minimizes 598 any unicast portion of the delivery, and 600 o Minimizes the overall combined network(s) route distance. 602 This routing objective applies to both Native and AMT; the actual 603 methodology of the solution will be different for each. Regardless, 604 the routing solution is expected to be: 606 o Scalable 608 o Avoid/minimize new protocol development or modifications, and 610 o Be robust enough to achieve high reliability and automatically 611 adjust to changes/problems in the multicast infrastructure. 613 For both Native and AMT environments, having a source as close as 614 possible to the EU network is most desirable; therefore, in some 615 cases, an AD may prefer to have multiple sources near different 616 peering points, but that is entirely an implementation issue. 618 4.2.1 Native Multicast Routing Aspects 620 Native multicast simply requires that the Administrative Domains 621 coordinate and advertise the correct source address(es) at their 622 network interconnection peering points(i.e., border routers). An 623 example of multicast delivery via a Native Multicast process across 624 two administrative Domains is as follows assuming that the 625 interconnecting peering points are also multicast enabled: 627 o Appropriate information is obtained by the EU client who is a 628 subscriber to AD-2 (see Use Case 3.1). This is usually done via 629 an appropriate file transfer - this file is typically known as 630 the manifest file. It contains instructions directing the EU 631 client to launch an appropriate application if necessary, and 632 also additional information for the application about the source 633 location and the group (or stream) id in the form of the "S,G" 634 data. The "S" portion provides the name or IP address of the 635 source of the multicast stream. The file may also contain 636 alternate delivery information such as specifying the unicast 637 address of the stream. 639 o The client uses the join message with S,G to join the multicast 640 stream [RFC2236]. 642 To facilitate this process, the two AD's need to do the following: 644 o Advertise the source id(s) over the Peering Points 646 o Exchange relevant Peering Point information such as Capacity 647 and Utilization (Other??) 649 4.2.2 GRE Tunnel over Interconnecting Peering Point 651 If the interconnecting peering point is not multicast enabled and 652 both ADs are multicast enabled, then a simple solution is to 653 provision a GRE tunnel between the two ADs - see Use Case 3.2.2. 654 The termination points of the tunnel will usually be a network 655 engineering decision, but generally will be between the border 656 routers or even between the AD 2 border router and the AD 1 source 657 (or source access router). The GRE tunnel would allow end-to-end 658 native multicast or AMT multicast to traverse the interface. 659 Coordination and advertisement of the source IP is still required. 661 The two AD's need to follow the same process as described in 4.2.1 662 to facilitate multicast delivery across the Peering Points. 664 4.2.3 Routing Aspects with AMT Tunnels 666 Unlike Native (with or without GRE), an AMT Multicast environment is 667 more complex. It presents a dual layered problem because there are 668 two criteria that should be simultaneously meet: 670 o Find the closest AMT relay to the end-user that also has 671 multicast connectivity to the content source and 673 o Minimize the AMT unicast tunnel distance. 675 There are essentially two components to the AMT specification: 677 o AMT Relays: These serve the purpose of tunneling UDP multicast 678 traffic to the receivers (i.e., End Points). The AMT Relay will 679 receive the traffic natively from the multicast media source and 680 will replicate the stream on behalf of the downstream AMT 681 Gateways, encapsulating the multicast packets into unicast 682 packets and sending them over the tunnel toward the AMT Gateway. 683 In addition, the AMT Relay may perform various usage and 684 activity statistics collection. This results in moving the 685 replication point closer to the end user, and cuts down on 686 traffic across the network. Thus, the linear costs of adding 687 unicast subscribers can be avoided. However, unicast replication 688 is still required for each requesting endpoint within the 689 unicast-only network. 691 o AMT Gateway (GW): The Gateway will reside on an on End-Point - 692 this may be a Personal Computer (PC) or a Set Top Box (STB). The 693 AMT Gateway receives join and leave requests from the 694 Application via an Application Programming Interface (API). In 695 this manner, the Gateway allows the endpoint to conduct itself 696 as a true Multicast End-Point. The AMT Gateway will encapsulate 697 AMT messages into UDP packets and send them through a tunnel 698 (across the unicast-only infrastructure) to the AMT Relay. 700 The simplest AMT Use Case (section 3.3) involves peering points that 701 are not multicast enabled between two multicast enabled ADs. An AMT 702 tunnel is deployed between an AMT Relay on the AD 1 side of the 703 peering point and an AMT Gateway on the AD 2 side of the peering 704 point. One advantage to this arrangement is that the tunnel is 705 established on an as needed basis and need not be a provisioned 706 element. The two ADs can coordinate and advertise special AMT Relay 707 Anycast addresses with each other - though they may alternately 708 decide to simply provision Relay addresses, though this would not be 709 a optimal solution in terms of scalability. 711 Use Cases 3.4 and 3.5 describe more complicated AMT situations as 712 AD-2 is not multicast enabled. For these cases, the End User device 713 needs to be able to setup an AMT tunnel in the most optimal manner. 714 Using an Anycast IP address for AMT Relays allows for all AMT 715 Gateways to find the "closest" AMT Relay - the nearest edge of the 716 multicast topology of the source. An example of a basic delivery 717 via an AMT Multicast process for these two Use Cases is as follows: 719 o The manifest file is obtained by the EU client application. This 720 file contains instructions directing the EU client to an ordered 721 list of particular destinations to seek the requested stream and, 722 for multicast, specifies the source location and the group (or 723 stream) ID in the form of the "S,G" data. The "S" portion provides 724 the URI (name or IP address) of the source of the multicast stream 725 and the "G" identifies the particular stream originated by that 726 source. The manifest file may also contain alternate delivery 727 information such as the address of the unicast form of the content 728 to be used, for example, if the multicast stream becomes 729 unavailable. 731 o Using the information in the manifest file, and possibly 732 information provisioned directly in the EU client, a DNS query is 733 initiated in order to connect the EU client/AMT Gateway to an AMT 734 Relay. 736 o Query results are obtained, and may return an Anycast address or a 737 specific unicast address of a relay. Multiple relays will 738 typically exist. The Anycast address is a routable "pseudo- 739 address" shared among the relays that can gain multicast access to 740 the source. 742 o If a specific IP address unique to a relay was not obtained, the 743 AMT Gateway then sends a message (e.g., the discovery message) to 744 the Anycast address such that the network is making the routing 745 choice of particular relay - e.g., closest relay to the EU. (Note 746 that in IPv6 there is a specific Anycast format and Anycast is 747 inherent in IPv6 routing, whereas in IPv4 Anycast is handled via 748 provisioning in the network. Details are out of scope for this 749 document.) 751 o The contacted AMT Relay then returns its specific unicast IP 752 address (after which the Anycast address is no longer required). 753 Variations may exist as well. 755 o The AMT Gateway uses that unicast IP address to initiate a three- 756 way handshake with the AMT Relay. 758 o AMT Gateway provides "S,G" to the AMT Relay (embedded in AMT 759 protocol messages). 761 o AMT Relay receives the "S,G" information and uses the S,G to join 762 the appropriate multicast stream, if it has not already subscribed 763 to that stream. 765 o AMT Relay encapsulates the multicast stream into the tunnel 766 between the Relay and the Gateway, providing the requested content 767 to the EU. 769 Note: Further routing discussion on optimal method to find "best AMT 770 Relay/GW combination" and information exchange between AD's to be 771 provided. 773 4.3. Back Office Functions - Billing and Logging Guidelines 775 Back Office refers to the following: 777 o Servers and Content Management systems that support the delivery 778 of applications via multicast and interactions between ADs. 779 o Functionality associated with logging, reporting, ordering, 780 provisioning, maintenance, service assurance, settlement, etc. 782 4.3.1 Provisioning Guidelines 784 Resources for basic connectivity between ADs Providers need to be 785 provisioned as follows: 787 o Sufficient capacity must be provisioned to support multicast-based 788 delivery across ADs. 789 o Sufficient capacity must be provisioned for connectivity between 790 all supporting back-offices of the ADs as appropriate. This 791 includes activating proper security treatment for these back- 792 office connections (gateways, firewalls, etc) as appropriate. 793 o Routing protocols as needed, e.g. configuring routers to support 794 these. 796 Provisioning aspects related to Multicast-Based inter-domain 797 delivery are as follows. 799 The ability to receive requested application via multicast is 800 triggered via the manifest file. Hence, this file must be provided 801 to the EU regarding multicast URL - and unicast fallback if 802 applicable. AD-2 must build manifest and provision capability to 803 provide the file to the EU. 805 Native multicast functionality is assumed to be available in across 806 many ISP backbones, peering and access networks. If however, native 807 multicast is not an option (Use Cases 3.4 and 3.5), then: 809 o EU must have multicast client to use AMT multicast obtained either 810 from Application Source (per agreement with AD-1) or from AD-1 or 811 AD-2 (if delegated by the Application Source). 813 o If provided by AD-1/AD-2, then the EU could be redirected to a 814 client download site (note: this could be an Application Source 815 site). If provided by the Application Source, then this Source 816 would have to coordinate with AD-1 to ensure the proper client is 817 provided (assuming multiple possible clients). 818 o Where AMT Gateways support different application sets, all AD-2 819 AMT Relays need to be provisioned with all source & group 820 addresses for streams it is allowed to join. 821 o DNS across each AD must be provisioned to enable a client GW to 822 locate the optimal AMT Relay (i.e. longest multicast path and 823 shortest unicast tunnel) with connectivity to the content's 824 multicast source. 826 Provisioning Aspects Related to Operations and Customer Care are 827 stated as follows. 829 Each AD provider is assumed to provision operations and customer 830 care access to their own systems. 832 AD-1's operations and customer care functions must have visibility 833 to what is happening in AD-2's network or to the service provided by 834 AD-2, sufficient to verify their mutual goals and operations, e.g. 835 to know how the EU's are being served. This can be done in two ways: 837 o Automated interfaces are built between AD-1 and AD-2 such that 838 operations and customer care continue using their own systems. 839 This requires coordination between the two AD's with appropriate 840 provisioning of necessary resources. 841 o AD-1's operations and customer care personnel are provided access 842 directly to AD-2's system. In this scenario, additional 843 provisioning in these systems will be needed to provide necessary 844 access. Additional provisioning must be agreed to by the two AD-2s 845 to support this option. 847 4.3.2 Application Accounting Billing Guidelines 849 All interactions between pairs of ADs can be discovered and/or be 850 associated with the account(s) utilized for delivered applications. 851 Supporting guidelines are as follows: 853 o A unique identifier is recommended to designate each master 854 account. 855 o AD-2 is expected to set up "accounts" (logical facility generally 856 protected by login/password/credentials) for use by AD-1. Multiple 857 accounts and multiple types/partitions of accounts can apply, e.g. 858 customer accounts, security accounts, etc. 860 4.3.3 Log Management Guidelines 862 Successful delivery of applications via multicast between pairs of 863 interconnecting ADs requires that appropriate logs will be exchanged 864 between them in support. Associated guidelines are as follows. 866 AD-2 needs to supply logs to AD-1 per existing contract(s). Examples 867 of log types include the following: 869 o Usage information logs at aggregate level. 870 o Usage failure instances at an aggregate level. 871 o Grouped or sequenced application access 872 performance/behavior/failure at an aggregate level to support 873 potential Application Provider-driven strategies. Examples of 874 aggregate levels include grouped video clips, web pages, and sets 875 of software download. 876 o Security logs, aggregated or summarized according to agreement 877 (with additional detail potentially provided during security 878 events, by agreement). 879 o Access logs (EU), when needed for troubleshooting. 880 o Application logs (what is the application doing), when needed for 881 shared troubleshooting. 882 o Syslogs (network management), when needed for shared 883 troubleshooting. 885 The two ADs may supply additional security logs to each other as 886 agreed to by contract(s). Examples include the following: 888 o Information related to general security-relevant activity which 889 may be of use from a protective or response perspective, such as 890 types and counts of attacks detected, related source information, 891 related target information, etc. 892 o Aggregated or summarized logs according to agreement (with 893 additional detail potentially provided during security events, by 894 agreement) 896 4.3.4 Settlement Guidelines 898 Settlements between the ADs relate to (1) billing and reimbursement 899 aspects for delivery of applications, and (2) aggregation, 900 transport, and collection of data in preparation for the billing and 901 reimbursement aspects for delivery of applications for the 902 Application Provider. At a high level: 904 o AD-2 collects "usage" data for AD-1 related to application 905 delivery to End Users, and submits invoices to AD-1 based on this 906 usage data. The data may include information related to the type 907 of content delivered, total bandwidth utilized, storage utilized, 908 features supported, etc. 909 o AD-1 collects all available data from partner AD-2 and creates 910 aggregate reports pertaining to responsible Application Providers, 911 and submits subsequent reports to these Providers for 912 reimbursements. 913 o AD-1 may convey charging values or charging rules to the AD-2, 914 proactively or in response to a query, especially in cases where 915 these may change. 916 o AD-2 may convey prices/rates to AD-1, proactively or in response 917 to a query, especially in cases where these may change. 918 o Usage data may be collected per end user or on an aggregated 919 basis; the method of collection will depend on the application 920 delivered and/or the agreements with the source provider. In all 921 cases, usage volume is expected to be in terms of delivered packet 922 bits or bytes. 924 4.4. Operations - Service Performance and Monitoring Guidelines 926 Service Performance refers to monitoring metrics related to 927 multicast delivery via probes. The focus is on the service provided 928 by AD-2 to AD-1 on behalf of all multicast application sources 929 (metrics may be specified for SLA use or otherwise). Associated 930 guidelines are as follows: 932 o Both AD's are expected to monitor, collect, and analyze service 933 performance metrics for multicast applications. AD-2 provides 934 relevant performance information to AD-1; this enables AD-1 to 935 create an end-to-end performance view on behalf of the 936 multicast application source. 938 o Both AD's are expected to agree on the type of probes to be 939 used to monitor multicast delivery performance. For example, 940 AD-2 may permit AD-1's probes to be utilized in the AD-2 941 multicast service footprint. Alternately, AD-2 may deploy its 942 own probes and relay performance information back to AD-1. 944 o In the event of performance degradation (SLA violation), AD-1 945 may have to compensate the multicast application source per SLA 946 agreement. As appropriate, AD-1 may seek compensation from AD-2 947 if the cause of the degradation is in AD-2's network. 949 Service Monitoring generally refers to a service (as a whole) 950 provided on behalf of a particular multicast application source 951 provider. It thus involves complaints from End Users when service 952 problems occur. EU's direct their complaints to the source provider; 953 in turn the source provider submits these complaints to AD-1. The 954 responsibility for service delivery lies with AD-1; as such AD-1 955 will need to determine where the service problem is occurring - its 956 own network or in AD-2. It is expected that each AD will have tools 957 to monitor multicast service status in its own network. 959 o Both AD's will determine how best to deploy multicast service 960 monitoring tools. Typically, each AD will deploy its own set of 961 monitoring tools; in which case, both AD's are expected to 962 inform each other when multicast delivery problems are 963 detected. 965 o AD-2 may experience some problems in its network. For example, 966 for the AMT Use Cases, one or more AMT Relays may be 967 experiencing difficulties. AD-2 may be able to fix the problem 968 by rerouting the multicast streams via alternate AMT Relays. If 969 the fix is not successful and multicast service delivery 970 degrades, then AD-2 needs to report the issue to AD-1. 972 o When problem notification is received from a multicast 973 application source, AD-1 determines whether the cause of the 974 problem is within its own network or within the AD-2 domain. If 975 the cause is within the AD-2 domain, then AD-1 supplies all 976 necessary information to AD-2. Examples of supporting 977 information include the following: 979 o Kind of problem(s) 981 o Starting point & duration of problem(s). 983 o Conditions in which problem(s) occur. 985 o IP address blocks of affected users. 987 o ISPs of affected users. 989 o Type of access e.g., mobile versus desktop. 991 o Locations of affected EUs. 993 o Both AD's conduct some form of root cause analysis for 994 multicast service delivery problems. Examples of various 995 factors for consideration include: 997 o Verification that the service configuration matches the 998 product features. 1000 o Correlation and consolidation of the various customer 1001 problems and resource troubles into a single root service 1002 problem. 1004 o Prioritization of currently open service problems, giving 1005 consideration to problem impact, service level agreement, 1006 etc. 1008 o Conduction of service tests, including one time tests or a 1009 series of tests over a period of time. 1011 o Analysis of test results. 1013 o Analysis of relevant network fault or performance data. 1015 o Analysis of the problem information provided by the customer 1016 (CP). 1018 o Once the cause of the problem has been determined and the 1019 problem has been fixed, both AD's need to work jointly to 1020 verify and validate the success of the fix. 1022 o Faults in service could lead to SLA violation for which the 1023 multicast application source provider may have to be 1024 compensated by AD-1. Subsequently, AD-1 may have to be 1025 compensated by AD-2 based on the contract. 1027 4.5. Client Reliability Models/Service Assurance Guidelines 1029 There are multiple options for instituting reliability 1030 architectures, most are at the application level. Both AD's should 1031 work those out with their contract/agreement and with the multicast 1032 application source providers. 1034 Network reliability can also be enhanced by the two AD's by 1035 provisioning alternate delivery mechanisms via unicast means. 1037 5. Security Considerations 1039 DRM and Application Accounting, Authorization and Authentication 1040 should be the responsibility of the multicast application source 1041 provider and/or AD-1. AD-1 needs to work out the appropriate 1042 agreements with the source provider. 1044 Network has no DRM responsibilities, but might have authentication 1045 and authorization obligations. These though are consistent with 1046 normal operations of a CDN to insure end user reliability, security 1047 and network security 1049 AD-1 and AD-2 should have mechanisms in place to ensure proper 1050 accounting for the volume of bytes delivered through the peering 1051 point and separately the number of bytes delivered to EUs. 1053 If there are problems related to failure of token authentication 1054 when end-users are supported by AD-2, then some means of validating 1055 proper working of the token authentication process (e.g., back-end 1056 servers querying the multicast application source provider's token 1057 authentication server are communicating properly) should be 1058 considered. Details will have to be worked out during implementation 1059 (e.g., test tokens or trace token exchange process). 1061 6. IANA Considerations 1063 7. Conclusions 1065 This Best Current Practice document provides detailed Use Case 1066 scenarios for the transmission of applications via multicast across 1067 peering points between two Administrative Domains. A detailed set of 1068 guidelines supporting the delivery is provided for all Use Cases. 1070 For Use Cases involving AMT tunnels (cases 3.4 and 3.5), it is 1071 recommended that proper procedures are implemented such that the 1072 various AMT Gateways (at the End User devices and the AMT nodes in 1073 AD-2) are able to find the correct AMT Relay in other AMT nodes as 1074 appropriate. Section 4.3 provides an overview of one method that 1075 finds the optimal Relay-Gateway combination via the use of an 1076 Anycast IP address for AMT Relays. 1078 8. References 1080 8.1. Normative References 1082 [RFC2784] D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, 1083 "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000 1085 [IETF-ID-AMT] G. Bumgardner, "Automatic Multicast Tunneling", draft- 1086 ietf-mboned-auto-multicast-13, April 2012, Work in progress 1088 [RFC4604] H. Holbrook, et al, "Using Internet Group Management 1089 Protocol Version 3 (IGMPv3) and Multicast Listener Discovery 1090 Protocol Version 2 (MLDv2) for Source Specific Multicast", RFC 4604, 1091 August 2006 1093 [RFC4607] H. Holbrook, et al, "Source Specific Multicast", RFC 4607, 1094 August 2006 1096 8.2. Informative References 1098 [INF_ATIS_10] "CDN Interconnection Use Cases and Requirements in a 1099 Multi-Party Federation Environment", ATIS Standard A-0200010, 1100 December 2012 1102 9. Acknowledgments 1103 Authors' Addresses 1105 Percy S. Tarapore 1106 AT&T 1107 Phone: 1-732-420-4172 1108 Email: tarapore@att.com 1110 Robert Sayko 1111 AT&T 1112 Phone: 1-732-420-3292 1113 Email: rs1983@att.com 1115 Greg Shepherd 1116 Cisco 1117 Phone: 1118 Email: shep@cisco.com 1120 Toerless Eckert 1121 Cisco 1122 Phone: 1123 Email: eckert@cisco.com 1125 Ram Krishnan 1126 Brocade 1127 Phone: 1128 Email: ramk@brocade.com