Generic Autonomic Signaling Protocol Application Program Interface (GRASP API)

The assumption of this document is that any Autonomic Service Agent (ASA) needs to call a GRASP module that handles protocol details (security, sending and listening for GRASP messages, waiting, caching discovery results, negotiation looping, sending and receiving sychronization data, etc.) but understands nothing about individual objectives. The semantics of objectives are unknown to the GRASP module and are handled only by the ASAs. Thus, this is a high level abstract API for use by ASAs. Individual language bindings should be defined in separate documents. An assumption of this API is that ASAs may fall into various classes: ASAs that only use GRASP for discovery purposes. ASAs that use GRASP negotiation but only as an initiator (client). ASAs that use GRASP negotiation but only as a responder. ASAs that use GRASP negotiation as an initiator or responder. ASAs that use GRASP synchronization but only as an initiator (recipient). ASAs that use GRASP synchronization but only as a responder and/or flooder. ASAs that use GRASP synchronization as an initiator, responder and/or flooder. The API also assumes that one ASA may support multiple objectives. Nothing prevents an ASA from supporting some objectives for synchronization and others for negotiation. The API design assumes that the operating system and programming language provide a mechanism for simultaneous asynchronous operations. This is discussed in detail in . This is a preliminary version. A few gaps exist: Authorization of ASAs is out of scope. User-supplied explicit locators for an objective are not supported. The Rapid mode of GRASP is not supported.

GRASP includes asynchronous operations and wait states. Most ASAs will need to support several simultaneous operations; for example an ASA might need to negotiate one objective with a peer while discovering and synchronizing a different objective with a different peer. Alternatively, an ASA which acts as a resource manager might need to run simultaneous negotiations for a given objective with multiple different peers. Thus, both the GRASP core and most ASAs need to support asynchronous operations. Depending on both the operating system and the programming language in use, there are two main techniques for such parallel operations: multi-threading, or a polling or 'event loop' structure. In multi-threading, the operating system and language will provide the necessary support for asynchronous operations, including creation of new threads, context switching between threads, queues, locks, and implicit wait states. In this case, all API calls can be treated naturally as synchronous, even if they include wait states, blocking and queueing. In an event loop implementation, synchronous blocking calls are not acceptable. Therefore all calls must be non-blocking, and the main loop will support multiple GRASP sessions in parallel by repeatedly checking each one for a change of state. To facilitate this, the API implementation will provide non-blocking versions of all the functions that otherwise involve blocking and queueing. In these calls, a 'noReply' code will be returned by each call instead of blocking, until such time as the event for which it is waiting has occurred. Thus, for example, discover() would return "noReply" instead of waiting until discovery has succeeded or timed out. The discover() call would be repeated in every cycle of the main loop until it completes. A 'session_nonce' parameter (described below) is used to distinguish simultaneous GRASP sessions from each other, so that any number of sessions may proceed in parallel. The following calls involve waiting for a remote operation, so they could use this mechanism: discover() request_negotiate() negotiate_step() listen_negotiate() synchronize() In all these calls, the 'session_nonce' is a read/write parameter. On the first call, it is set to a null value, and the API returns the 'noReply' code and a non-null value. This value must be used in all subsequent calls. By this mechanism, multiple overlapping sessions can be distinguished, both in the ASA and in the GRASP core.

This section describes parameters and data structures uaed in multiple API calls.

All functions in the API have an unsigned 'errorcode' integer as their return value (the first returned value in languages that allow multiple returned parameters). An errorcode of zero indicates success. Any other value indicates failure of some kind. The first three errorcodes have special importance: Declined: used to indicate that the other end has sent a GRASP Negotiation End message (M_END) with a Decline option (O_DECLINE). No reply: used in non-blocking calls to indicate that the other end has sent no reply so far (see ). Unspecified error: used when no more specific error code applies. gives a full list of currently defined error codes, based on implementation experience.

Wherever a 'timeout' parameter appears, it is an integer expressed in milliseconds. If it is zero, the GRASP default timeout (GRASP_DEF_TIMEOUT, see ) will apply. If no response is received before the timeout expires, the call will fail unless otherwise noted.

An 'objective' parameter is a data structure with the following components: name (UTF-8 string) - the objective's name neg (Boolean flag) - True if objective supports negotiation (default False) synch (Boolean flag) - True if objective supports synchronization (default False) dry (Boolean flag) - True if objective supports dry-run negotiation (default False) Note 1: All objectives are assumed to support discovery, so there is no Boolean for that. Note 2: Only one of 'synch' or 'neg' may be True. Note 3: 'dry' must not be True unless 'neg' is also True. loop_count (integer) - Limit on negotiation steps etc. (default GRASP_DEF_LOOPCT, see ) value - a specific data structure expressing the value of the objective. The format is language dependent, with the constraint that it can be validly represented in CBOR (default integer = 0). An essential requirement for all language mappings and all implementations is that, regardless of what other options exist for a language-specific represenation of the value, there is always an option to use a CBOR byte string as the value. The API will then wrap this byte string in CBOR Tag 24 for transmission via GRASP, and unwrap it after reception. An example data structure definition for an objective in the C language is:

An example data structure definition for an objective in the Python language is:

An 'ASA_locator' parameter is a data structure with the following contents: locator - The actual locator, either an IP address or an ASCII string. ifi (integer) - The interface identifier index via which this was discovered - probably no use to a normal ASA expire (system dependent type) - The time on the local system clock when this locator will expire from the cache is_ipaddress (Boolean) - True if the locator is an IP address is_fqdn (Boolean) - True if the locator is an FQDN is_uri (Boolean) - True if the locator is a URI diverted (Boolean) - True if the locator was discovered via a Divert option protocol (integer) - Applicable transport protocol (IPPROTO_TCP or IPPROTO_UDP) port (integer) - Applicable port number

A 'tagged_objective' parameter is a data structure with the following contents: objective - An objective locator - The ASA_locator associated with the objective, or a null value.

In most calls, an 'asa_nonce' parameter is required. It is generated when an ASA registers with GRASP, and any call in which an invalid nonce is presented will fail. It is an up to 32-bit opaque value (for example represented as a uint32_t, depending on the language). It should be unpredictable; a possible implementation is to use the same mechanism that GRASP uses to generate Session IDs . Another possible implementation is to hash the name of the ASA with a locally defined secret key.

In some calls, a 'session_nonce' parameter is required. This is an opaque data structure as far as the ASA is concerned, used to identify calls to the API as belonging to a specific GRASP session (see ). In fully threaded implementations this parameter might not be needed, but it is included to act as a session handle if necessary. It will also allow GRASP to detect and ignore malicious calls or calls from timed-out sessions. A possible implementation is to form the nonce from the underlying GRASP Session ID and the source address of the session.

These functions are used to register an ASA and the objectives that it supports with the GRASP module. If an authorization model is added to GRASP, it would be added here. register_asa() Input parameter: name of the ASA (UTF-8 string) Return parameters: errorcode (integer) asa_nonce (integer) (if successful) This initialises state in the GRASP module for the calling entity (the ASA). In the case of success, an 'asa_nonce' is returned which the ASA must present in all subsequent calls. In the case of failure, the ASA has not been authorized and cannot operate. deregister_asa() Input parameters: asa_nonce (integer) name of the ASA (UTF-8 string) Return parameter: errorcode (integer) This removes all state in the GRASP module for the calling entity (the ASA), and deregisters any objectives it has registered. Note that these actions must also happen automatically if an ASA crashes. Note - the ASA name is strictly speaking redundant in this call, but is present for clarity. register_objective() Input parameters: asa_nonce (integer) objective (structure) ttl (integer - default GRASP_DEF_TIMEOUT) discoverable (Boolean - default False) overlap (Boolean - default False) local (Boolean - default False) Return parameter: errorcode (integer) This registers an objective that this ASA supports and may modify. The 'objective' becomes a candidate for discovery. However, discovery responses should not be enabled until the ASA calls listen_negotiate() or listen_synchronize(), showing that it is able to act as a responder. The ASA may negotiate the objective or send synchronization or flood data. Registration is not needed if the ASA only wants to receive synchronization or flood data for the objective concerned. The 'ttl' parameter is the valid lifetime (time to live) in milliseconds of any discovery response for this objective. The default value should be the GRASP default timeout (GRASP_DEF_TIMEOUT, see ). If the optional parameter 'discoverable' is True, the objective is immediately discoverable. This is intended for objectives that are only defined for GRASP discovery, and which do not support negotiation or synchronization. If the optional parameter 'overlap' is True, more than one ASA may register this objective in the same GRASP instance. If the optional parameter 'local' is True, discovery must return a link-local address. This feature is for objectives that must be restricted to the local link. This call may be repeated for multiple objectives. deregister_objective() Input parameters: asa_nonce (integer) objective (structure) Return parameter: errorcode (integer) The 'objective' must have been registered by the calling ASA; if not, this call fails. Otherwise, it removes all state in the GRASP module for the given objective.

discover() Input parameters: asa_nonce (integer) objective (structure) timeout (integer) flush (Boolean - default False) Return parameters: errorcode (integer) locator_list (structure) This returns a list of discovered 'ASA_locator's for the given objective. If the optional parameter 'flush' is True, any locally cached locators for the objective are deleted first. Otherwise, they are returned immediately. If not, GRASP discovery is performed, and all results obtained before the timeout expires are returned. If no results are obtained, an empty list is returned after the timeout. That is not an error condition. Threaded implementation: This should be called in a separate thread if asynchronous operation is required. Event loop implementation: An additional read/write 'session_nonce' parameter is used.

request_negotiate() Input parameters: asa_nonce (integer) objective (structure) peer (ASA_locator) timeout (integer) Return parameters: errorcode (integer) session_nonce (structure) (if successful) proffered_objective (structure) (if successful) reason (string) (if negotiation declined) This function opens a negotiation session. The 'objective' parameter must include the requested value, and its loop count should be set to a suitable value by the ASA. If not, the GRASP default will apply. Note that a given negotiation session may or may not be a dry-run negotiation; the two modes must not be mixed in a single session. The 'peer' parameter is the target node; it must be an 'ASA_locator' as returned by discover(). If the peer is null, GRASP discovery is performed first. If the 'errorcode' return parameter is 0, the negotiation has successfully started. There are then two cases: The 'session_nonce' parameter is null. In this case the negotiation has succeeded (the peer has accepted the request). The returned 'proffered_objective' contains the value accepted by the peer. The 'session_nonce' parameter is not null. In this case negotiation must continue. The returned 'proffered_objective' contains the first value proffered by the negotiation peer. Note that this instance of the objective must be used in the subsequent negotiation call because it also contains the current loop count. The 'session_nonce' must be presented in all subsequent negotiation steps. This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait' and/or 'end_negotiate' until the negotiation ends. 'request_negotiate' may then be called again to start a new negotation. If the 'errorcode' parameter has the value 1 ('declined'), the negotiation has been declined by the peer (M_END and O_DECLINE features of GRASP). The 'reason' string is then available for information and diagnostic use, but it may be a null string. For this and any other error code, an exponential backoff is recommended before any retry. Threaded implementation: This should be called in a separate thread if asynchronous operation is required. Event loop implementation: The 'session_nonce' parameter is used in read/write mode. Special note for the ACP infrastructure ASA: It is likely that this ASA will need to discover and negotiate with its peers in each of its on-link neighbors. It will therefore need to know not only the link-local IP address but also the physical interface and transport port for connecting to each neighbor. One implementation approach to this is to include these details in the 'session_nonce' data structure, which is opaque to normal ASAs. listen_negotiate() Input parameters: asa_nonce (integer) objective (structure) Return parameters: errorcode (integer) session_nonce (structure) (if successful) requested_objective (structure) (if successful) This function instructs GRASP to listen for negotiation requests for the given 'objective'. It also enables discovery responses for the objective. Threaded implementation: It will block waiting for an incoming request, so should be called in a separate thread if asynchronous operation is required. Event loop implementation: A read/write 'session_nonce' parameter is used. Unless there is an unexpected failure, this call only returns after an incoming negotiation request. When it does so, 'requested_objective' contains the first value requested by the negotiation peer. Note that this instance of the objective must be used in the subsequent negotiation call because it also contains the current loop count. The 'session_nonce' must be presented in all subsequent negotiation steps. This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait' and/or 'end_negotiate' until the negotiation ends. 'listen_negotiate' may then be called again to await a new negotation. If an ASA is capable of handling multiple negotiations simultaneously, it may call 'listen_negotiate' simultaneously from multiple threads. The API and GRASP implementation must support re-entrant use of the listening state and the negotiation calls. Simultaneous sessions will be distinguished by the threads themselves, the GRASP Session IDs, and the underlying unicast transport sockets. stop_listen_negotiate() Input parameters: asa_nonce (integer) objective (structure) Return parameter: errorcode (integer) Instructs GRASP to stop listening for negotiation requests for the given objective, i.e., cancels 'listen_negotiate'. Threaded implementation: Must be called from a different thread than 'listen_negotiate'. Event loop implementation: no special considerations. negotiate_step() Input parameters: asa_nonce (integer) session_nonce (structure) objective (structure) timeout (integer) Return parameters: Exactly as for 'request_negotiate' Executes the next negotation step with the peer. The 'objective' parameter contains the next value being proffered by the ASA in this step. Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate', with the same value of 'session_nonce'. Event loop implementation: Must use the same value of 'session_nonce' returned by the preceding 'request_negotiate' or 'listen_negotiate'. negotiate_wait() Input parameters: asa_nonce (integer) session_nonce (structure) timeout (integer) Return parameters: errorcode (integer) Delay negotiation session by 'timeout' milliseconds. Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate', with the same value of 'session_nonce'. Event loop implementation: Must use the same value of 'session_nonce' returned by the preceding 'request_negotiate' or 'listen_negotiate'. end_negotiate() Input parameters: asa_nonce (integer) session_nonce (structure) reply (Boolean) reason (UTF-8 string) Return parameters: errorcode (integer) End the negotiation session. 'reply' = True for accept (successful negotiation), False for decline (failed negotiation). 'reason' = optional string describing reason for decline. Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate', with the same value of 'session_nonce'. Event loop implementation: Must use the same value of 'session_nonce' returned by the preceding 'request_negotiate' or 'listen_negotiate'.

synchronize() Input parameters: asa_nonce (integer) objective (structure) peer (ASA_locator) timeout (integer) Return parameters: errorcode (integer) objective (structure) (if successful) This call requests the synchronized value of the given 'objective'. Since this is essentially a read operation, any ASA can do it. Therefore the API checks that the ASA is registered but the objective doesn't need to be registered by the calling ASA. If the objective was already flooded, the flooded value is returned immediately in the 'result' parameter. In this case, the 'source' and 'timeout' are ignored. Otherwise, synchronization with a discovered ASA is performed. The 'peer' parameter is an 'ASA_locator' as returned by discover(). If 'peer' is null, GRASP discovery is performed first. This call should be repeated whenever the latest value is needed. Threaded implementation: Call in a separate thread if asynchronous operation is required. Event loop implementation: An additional read/write 'session_nonce' parameter is used. Since this is essentially a read operation, any ASA can use it. Therefore GRASP checks that the calling ASA is registered but the objective doesn't need to be registered by the calling ASA. In the case of failure, an exponential backoff is recommended before retrying. listen_synchronize() Input parameters: asa_nonce (integer) objective (structure) Return parameters: errorcode (integer) This instructs GRASP to listen for synchronization requests for the given objective, and to respond with the value given in the 'objective' parameter. It also enables discovery responses for the objective. This call is non-blocking and may be repeated whenever the value changes. stop_listen_synchronize() Input parameters: asa_nonce (integer) objective (structure) Return parameters: errorcode (integer) This call instructs GRASP to stop listening for synchronization requests for the given 'objective', i.e. it cancels a previous listen_synchronize. flood() Input parameters: asa_nonce (integer) ttl (integer) tagged_objective_list (structure) Return parameters: errorcode (integer) This call instructs GRASP to flood the given synchronization objective(s) and their value(s) and associated locator(s) to all GRASP nodes. The 'ttl' parameter is the valid lifetime (time to live) of the flooded data in milliseconds (0 = infinity) The 'tagged_objective_list' parameter is a list of one or more 'tagged_objective' couplets. The 'locator' parameter that tags each objective is normally null but may be a valid 'ASA_locator'. Infrastructure ASAs needing to flood an {address, protocol, port} 3-tuple with an objective create an ASA_locator object to do so. If the IP address in that locator is the unspecified address ('::') it is replaced by the link-local address of the sending node in each copy of the flood multicast, which will be forced to have a loop count of 1. This feature is for objectives that must be restricted to the local link. The function checks that the ASA registered each objective. This call may be repeated whenever any value changes. get_flood() Input parameters: asa_nonce (integer) objective (structure) Return parameters: errorcode (integer) tagged_objective_list (structure) (if successful) This call instructs GRASP to return the given synchronization objective if it has been flooded and its lifetime has not expired. Since this is essentially a read operation, any ASA can do it. Therefore the API checks that the ASA is registered but the objective doesn't need to be registered by the calling ASA. The 'tagged_objective_list' parameter is a list of 'tagged_objective' couplets, each one being a copy of the flooded objective and a coresponding locator. Thus if the same objective has been flooded by multiple ASAs, the recipient can distinguish the copies. Note that this call is for advanced ASAs. In a simple case, an ASA can simply call synchronize() in order to get a valid flooded objective. expire_flood() Input parameters: asa_nonce (integer) tagged_objective (structure) Return parameters: errorcode (integer) This is a call that can only be used after a preceding call to get_flood() by an ASA that is capable of deciding that the flooded value is stale or invalid. Use with care. The 'tagged_objective' parameter is the one to be expired.

send_invalid() Input parameters: asa_nonce (integer) session_nonce (structure) info (bytes) Return parameters: errorcode (integer) Sends a GRASP Invalid Message (M_INVALID) message, as described in . Should not be used if end_negotiate() would be sufficient. Note that this message may be used in response to any unicast GRASP message that the receiver cannot interpret correctly. In most cases this message will be generated internally by a GRASP implementation. 'info' = optional diagnostic data. May be raw bytes from the invalid message.