Generic Autonomic Signaling Protocol Application
Program Interface (GRASP API)
School of Computer Science
University of Auckland
PB 92019
Auckland
1142
New Zealand
brian.e.carpenter@gmail.com
Huawei Technologies
Q14, Huawei Campus
No.156 Beiqing Road
Hai-Dian District, Beijing
100095
P.R. China
leo.liubing@huawei.com
BUPT University
Beijing University of Posts & Telecom.
No.10 Xitucheng Road
Hai-Dian District, Beijing 100876
P.R. China
wdwang@bupt.edu.cn
BUPT University
Beijing University of Posts & Telecom.
No.10 Xitucheng Road
Hai-Dian District, Beijing 100876
P.R. China
xygong@bupt.edu.cn
This document is a conceptual outline of an application
programming interface (API) for the
Generic Autonomic Signaling Protocol (GRASP). Such an API is needed for
Autonomic Service Agents (ASA) calling the GRASP protocol module to
exchange autonomic network messages with other ASAs. Since GRASP is
designed to support asynchronous operations, the API will need to
be adapted to the support for asynchronicity in various languages
and operating systems.
Introduction
As defined in , the
Autonomic Service Agent (ASA)
is the atomic entity of an autonomic function, and it is instantiated
on autonomic nodes. When ASAs communicate with each other, they should
use the Generic Autonomic Signaling Protocol (GRASP) .
As the following figure shows, a GRASP implementation could contain two major
sub-layers. The bottom is the GRASP base protocol module, which is only
responsible for sending and receiving GRASP messages and maintaining
shared data structures. The upper layer contains
some extended functions based upon GRASP basic protocol. For example,
describes a possible extended
function.
It is desirable that ASAs can be designed as portable user-space programs
using a portable API. In many operating systems, the GRASP module will therefore
be split into two layers. The top layer is a library that provides the API.
The lower layer is a daemon that contains GRASP core functions that are
independent of specific ASAs, such as multicast handling and relaying, and
common data structures such as the discovery cache. The GRASP API
library would need to communicate with the GRASP core via an inter-process
communication (IPC) mechanism. The details of this are system-dependent.
Both the GRASP library and the extended function modules should
be available to the ASAs. Thus, there need to be two sub-sets of API.
However, since the extended functions are expected to be added in an incremental
manner, it is inappropriate to define all the function APIs in a single
document. This document only describes the basic GRASP API.
Note that a very simple autonomic node might contain only a single ASA in
addition to the autonomic infrastructure components described in
and . Such a node might
directly integrate GRASP in its autonomic code and therefore not
require this API to be installed.
This document gives a conceptual outline of the API. It is not a formal
specification for any particular programming language or operating system,
and it is expected that details will be clarified in individual implementations.
GRASP API for ASA
Design Principles
The assumption of this document is that any Autonomic Service Agent
(ASA) needs to call a GRASP module that handles protocol details
(security, sending and listening for GRASP messages, waiting, caching
discovery results, negotiation looping, sending and receiving
sychronization data, etc.) but understands nothing about individual
objectives. The semantics of objectives are unknown to the GRASP
module and are handled only by the ASAs. Thus, this is a high level
abstract API for use by ASAs. Individual
language bindings should be defined in separate documents.
An assumption of this API is that ASAs may fall into various classes:
- ASAs that only use GRASP for discovery purposes.
- ASAs that use GRASP negotiation but only as an initiator (client).
- ASAs that use GRASP negotiation but only as a responder.
- ASAs that use GRASP negotiation as an initiator or responder.
- ASAs that use GRASP synchronization but only as an initiator (recipient).
- ASAs that use GRASP synchronization but only as a responder and/or flooder.
- ASAs that use GRASP synchronization as an initiator, responder and/or flooder.
The API also assumes that one ASA may support multiple objectives. Nothing prevents
an ASA from supporting some objectives for synchronization and others for negotiation.
The API design assumes that the operating system and programming language
provide a mechanism for simultaneous asynchronous operations. This is discussed
in detail in .
The functions provided by the API do not map one-to-one onto GRASP messages. Rather,
they are intended to offer convenient support for message sequences (such as a discovery
request followed by responses from several peers,
or a negotiation request followed by various possible responses).
A few items are out of scope in this version, since practical experience is required before including them:
- Authorization of ASAs is out of scope.
- User-supplied explicit locators for an objective are not supported.
- The Rapid mode of GRASP is not supported.
Asynchronous Operations
GRASP includes asynchronous operations and wait states, and its messages
are not idempotent, i.e. they may cause incremental changes of state
in the recipient ASA. Most ASAs will
need to support several simultaneous operations; for example an ASA might need
to negotiate one objective with a peer while discovering and synchronizing
a different objective with a different peer. Alternatively, an ASA which
acts as a resource manager might need to run simultaneous negotiations
for a given objective with multiple different peers. Such an ASA must support
atomic access to its internal data structures, for example using operating
system locks.
Thus, both the GRASP
core and most ASAs need to support asynchronous operations. Depending on both the
operating system and the programming language in use, there are three main
techniques for such parallel operations: multi-threading, an
event loop structure using polling, and an event loop structure using
callback functions.
- In multi-threading, the operating system and language will provide
the necessary support for asynchronous operations, including creation
of new threads, context switching between threads, queues, locks,
and implicit wait states. In this case,
all API calls can be treated naturally as synchronous, even if they include
wait states, blocking and queueing. Simultaneous operations will each run
in their own threads. For example, the discover() call may not return
until discovery results have arrived or a timeout has occurred. If the ASA
has other work to do, the discover() call must be in a thread of its own.
- In an event loop implementation with polling, blocking calls
are not acceptable. Therefore all calls must be non-blocking, and
the main loop could support multiple GRASP sessions in parallel
by repeatedly polling each one for a change of state. To facilitate this, the
API implementation would provide non-blocking versions of all the functions that
otherwise involve blocking and queueing. In these calls, a 'noReply' code
will be returned by each call instead of blocking, until such time as the event
for which it is waiting (or a failure) has occurred. Thus, for example, discover()
would return 'noReply' instead of waiting until discovery has succeeded
or timed out. The discover() call would be repeated in every cycle of the
main loop until it completes. Effectively, it becomes a polling call.
- In an event loop implementation with callbacks, the ASA programmer would
provide a callback function for each asynchronous operation, e.g. discovery_received().
This would be called asynchronously when a reply is received or a failure such as a
timeout occurs.
The following calls involve waiting for a remote operation, so they could
use a polling or callback mechanism. In a threaded mechanism, they will usually
require to be called in a separate thread:
- discover()
whose callback would be discovery_received().
- request_negotiate()
whose callback would be negotiate_step_received().
- negotiate_step()
whose callback would be negotiate_step_received().
- listen_negotiate()
whose callback would be negotiate_step_received().
- synchronize()
whose callback would be synchronization_received().
There is nothing in the design of GRASP to prevent the following scenario. Consider
an ASA "A" that acts as a resource allocator for some objective. An ASA "B" launches
a negotiation with "A" to obtain or release a quantity of the resource. While this negotatition
is under way, "B" chooses to launch a second simultaneous negotiation with "A" for a different
quantity of the same resource. "A" must therefore conduct two separate negotiation sessions
at the same time with the same peer, and must not mix them up.
Note that ASAs could be designed to avoid such a scenario, i.e. restricted to exactly one
negotiation session at a time for a given objective, but this would be a voluntary
restriction not required by the GRASP protocol. In fact it is an assumption of GRASP
that an ASA managing a resource may need to conduct multiple parallel negotiations,
possibly with the same peer. Therefore, the API design allows for such scenarios.
In the callback model, for the scenario just described,
the ASAs "A" and "B" will each provide two instances of negotiate_step_received(), one for
each session. For this reason, each ASA must be
able to distinguish the two sessions, and the peer's IP address is not sufficient for this.
It is also not safe to rely on transport port numbers for this, since future variants of GRASP
might use shared ports rather than a separate port per session. This is why the GRASP design
includes a session identifier. Thus, when necessary, a 'session_nonce' parameter is
used in the API to distinguish simultaneous GRASP sessions from each other, so that any
number of sessions may proceed asynchronously in parallel.
In calls where it is used, the 'session_nonce' is an opaque read/write parameter. On
the first call, it is set to a null value, and the API returns a non-null 'session_nonce'
value based on the GRASP session identifier. This value must be used in all subsequent
calls for the same session, and will be provided as a parameter in the callback functions. By this
mechanism, multiple overlapping sessions can be distinguished, both in the ASA
and in the GRASP core. The value of the 'session_nonce" is opaque to the ASA.
An additional mechanism that might increase efficiency for polling
implementations is to add a general call, say notify(), which would check the
status of all outstanding operations for the calling ASA and return the session_nonce values
for all sessions that have changed state. This would eliminate the need for repeated calls
to the individual functions returning a 'noReply'. This call is not described below
as the details are likely to be implementation-specific.
An implication of the above for all GRASP implementations is that the GRASP core
must keep state for each GRASP operation in progress, most likely keyed by the GRASP
Session ID and the GRASP source address of the session initiator. Even in a threaded
implementation, the GRASP core will need such state internally. The session_nonce
parameter exposes this aspect of the implementation.
API definition
Parameters and data structures
This section describes parameters and data structures used in multiple API calls.
Errorcode
All functions in the API have an unsigned 'errorcode' integer as their return value (the first returned value
in languages that allow multiple returned parameters). An errorcode of zero indicates success.
Any other value indicates failure of some kind. The first three errorcodes have special importance:
- Declined: used to indicate that the other end has sent a GRASP Negotiation End message (M_END) with a Decline option (O_DECLINE).
- No reply: used in non-blocking calls to indicate that the other end has sent no reply so far (see ).
- Unspecified error: used when no more specific error code applies.
gives a full list of currently suggested error codes, based on
implementation experience. While there is no absolute requirement for all implementations
to use the same error codes, this is highly recommended for portability of applications.
Timeout
Wherever a 'timeout' parameter appears, it is an integer expressed
in milliseconds. If it is zero, the GRASP default timeout (GRASP_DEF_TIMEOUT,
see ) will apply. If no response
is received before the timeout expires, the call will fail unless otherwise noted.
Objective
An 'objective' parameter is a data structure with the following components:
- name (UTF-8 string) - the objective's name
- neg (Boolean flag) - True if objective supports negotiation (default False)
- synch (Boolean flag) - True if objective supports synchronization (default False)
-
dry (Boolean flag) - True if objective supports dry-run negotiation (default False)
- Note 1: All objectives are assumed to support discovery, so there is no Boolean for that.
- Note 2: Only one of 'synch' or 'neg' may be True.
- Note 3: 'dry' must not be True unless 'neg' is also True.
- Note 4: In a language such as C the preferred implementation may be to represent the Boolean flags as bits in a single byte.
- loop_count (integer) - Limit on negotiation steps etc. (default GRASP_DEF_LOOPCT,
see )
-
value - a specific data structure expressing the value of the objective. The format is
language dependent, with the constraint that it can be validly represented in CBOR (default integer = 0).
An essential requirement for all language mappings and all implementations is that, regardless
of what other options exist for a language-specific represenation of the value, there is
always an option to use a CBOR byte string as the value. The API will then wrap this
byte string in CBOR Tag 24 for transmission via GRASP, and unwrap it after reception.
An example data structure definition for an objective in the C language,
assuming the use of a particular CBOR library, is:
An example data structure definition for an objective in the Python language is:
ASA_locator
An 'ASA_locator' parameter is a data structure with the following contents:
- locator - The actual locator, either an IP address or an ASCII string.
- ifi (integer) - The interface identifier index via which this was discovered - probably no use to a normal ASA
- expire (system dependent type) - The time on the local system clock when this locator will expire from the cache
- is_ipaddress (Boolean) - True if the locator is an IP address
- is_fqdn (Boolean) - True if the locator is an FQDN
- is_uri (Boolean) - True if the locator is a URI
- diverted (Boolean) - True if the locator was discovered via a Divert option
- protocol (integer) - Applicable transport protocol (IPPROTO_TCP or IPPROTO_UDP)
- port (integer) - Applicable port number
Tagged_objective
A 'tagged_objective' parameter is a data structure with the following contents:
- objective - An objective
- locator - The ASA_locator associated with the objective, or a null value.
Asa_nonce
Although an authentication and authorization scheme for ASAs has not been defined, the API
provides a very simple hook for such a scheme. When an ASA starts up, it registers itself
with the GRASP core, which provides it with an opaque nonce that, although not cryptographically
protected, would be difficult for a third party to predict. The ASA must present this nonce
in future calls. This mechanism will prevent some elementary errors or trivial attacks
such as an ASA manipulating an objective it has not registered to use.
Thus, in most calls, an 'asa_nonce' parameter is required. It is generated when an ASA
first registers with GRASP, and the ASA must then store the asa_nonce
and use it in every subsequent GRASP call. Any call in which an invalid nonce is presented will fail.
It is an up to 32-bit opaque value (for example represented as a uint32_t, depending on the language).
It should be unpredictable; a possible implementation is to use the same mechanism that GRASP
uses to generate Session IDs . Another possible
implementation is to hash the name of the ASA with a locally defined secret key.
Session_nonce
In some calls, a 'session_nonce' parameter is required. This is an opaque data
structure as far as the ASA is concerned,
used to identify calls to the API as belonging to a specific GRASP session (see ).
In fully threaded implementations this parameter might not be needed, but it is included to
act as a session handle if necessary. It will also allow GRASP to detect and ignore
malicious calls or calls from timed-out sessions. A possible implementation is to form the
nonce from the underlying GRASP Session ID and the source address of the session.
Registration
These functions are used to register an ASA and the objectives that it supports with
the GRASP module. If an authorization model is added to GRASP, it would also be added
at this point in the API.
-
register_asa()
-
Input parameter:
- name of the ASA (UTF-8 string)
-
Return parameters:
- errorcode (integer)
- asa_nonce (integer) (if successful)
- This initialises state in the GRASP module for the calling entity (the ASA).
In the case of success, an 'asa_nonce' is returned which the ASA must present in
all subsequent calls.
In the case of failure, the ASA has not been authorized and cannot operate.
-
deregister_asa()
-
Input parameters:
- asa_nonce (integer)
- name of the ASA (UTF-8 string)
-
Return parameter:
- errorcode (integer)
- This removes all state in the GRASP module for the calling entity (the ASA),
and deregisters any objectives it has registered. Note that these actions must
also happen automatically if an ASA crashes.
- Note - the ASA name is strictly speaking redundant in this call, but is present for clarity.
-
register_objective()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
- ttl (integer - default GRASP_DEF_TIMEOUT)
- discoverable (Boolean - default False)
- overlap (Boolean - default False)
- local (Boolean - default False)
-
Return parameter:
- errorcode (integer)
- This registers an objective that this ASA supports and may modify.
The 'objective' becomes a candidate for discovery. However, discovery
responses should not be enabled until the ASA calls listen_negotiate() or
listen_synchronize(), showing that it is able to act as a responder.
The ASA may negotiate the objective or send synchronization or flood data.
Registration is not needed if the ASA only wants to receive synchronization
or flood data for the objective concerned.
- The 'ttl' parameter is the valid lifetime (time to live) in milliseconds of any
discovery response for this objective. The default value should be the GRASP
default timeout (GRASP_DEF_TIMEOUT, see ).
- If the parameter 'discoverable' is True, the objective
is immediately discoverable. This is
intended for objectives that are only defined for GRASP discovery,
and which do not support negotiation or synchronization.
- If the parameter 'overlap' is True, more than one ASA may register this objective
in the same GRASP instance.
- If the parameter 'local' is True, discovery must return a link-local address.
This feature is for objectives that must be restricted to the local link.
- This call may be repeated for multiple objectives.
-
deregister_objective()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameter:
- errorcode (integer)
- The 'objective' must have been registered by the calling ASA; if not, this call fails.
Otherwise, it removes all state in the GRASP module for the given objective.
Discovery
-
discover()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
- timeout (integer)
- age_limit (integer)
-
Return parameters:
- errorcode (integer)
- locator_list (structure)
- This returns a list of discovered 'ASA_locator's for the given objective.
Note that this structure includes all the fields described in .
- If the parameter 'age_limit' is greater than zero, any locally cached locators for the
objective whose remaining lifetime in milliseconds is less than or equal to 'age_limit'
are deleted first. Thus 'age_limit' = 0 will flush all entries.
- If the parameter 'timeout' is zero, any remaining locally cached locators for the
objective are returned immediately and no other action is taken. (Thus,
a call with 'age_limit' and 'timeout' both equal to zero is pointless.)
- If the parameter 'timeout' is greater than zero,
GRASP discovery is performed, and all results obtained before the timeout in milliseconds
expires are returned. If no results are obtained, an empty list is returned after the timeout.
That is not an error condition.
- Threaded implementation: This should be called in a separate thread if asynchronous operation is required.
- Event loop implementation: An additional read/write 'session_nonce' parameter is used.
A callback may be used in the case of a non-zero tiemout.
Negotiation
-
request_negotiate()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
- peer (ASA_locator)
- timeout (integer)
-
Return parameters:
- errorcode (integer)
- session_nonce (structure) (if successful)
- proffered_objective (structure) (if successful)
- reason (string) (if negotiation declined)
- This function opens a negotiation session. The 'objective' parameter must
include the requested value, and its loop count should be set to a
suitable value by the ASA. If not, the GRASP default will apply.
- Note that a given negotiation session may or may not be a dry-run negotiation;
the two modes must not be mixed in a single session.
- The 'peer' parameter is the target node; it must be an 'ASA_locator' as returned
by discover(). If the peer is null, GRASP discovery is performed first.
-
If the 'errorcode' return parameter is 0, the negotiation has successfully
started. There are then two cases:
- The 'session_nonce' parameter is null. In this case the negotiation
has succeeded (the peer has accepted the request). The returned
'proffered_objective' contains the value accepted by the peer.
-
The 'session_nonce' parameter is not null. In this case negotiation
must continue. The returned 'proffered_objective' contains the first value
proffered by the negotiation peer. Note that this instance of the objective
must be used in the subsequent negotiation call because
it also contains the current loop count. The 'session_nonce' must be
presented in all subsequent negotiation steps.
This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait'
and/or 'end_negotiate' until the negotiation ends. 'request_negotiate' may then be called
again to start a new negotation.
- If the 'errorcode' parameter has the value 1 ('declined'), the negotiation has been declined
by the peer (M_END and O_DECLINE features of GRASP). The 'reason' string is then available for
information and diagnostic use, but it may be a null string. For this and any other error code,
an exponential backoff is recommended before any retry.
- Threaded implementation: This should be called in a separate thread if asynchronous operation is required.
- Event loop implementation: The 'session_nonce' parameter is used in read/write mode.
- Use of dry run mode: This must be consistent within a GRASP session. The state of the 'dry'
flag in the initial request_negotiate() call must be the same in all subsequent negotiation
steps of the same session. The semantics of the dry run mode are built into the ASA; GRASP
merely carries the flag bit.
- Special note for the ACP infrastructure ASA: It is likely that this ASA will need to
discover and negotiate with its peers in each of its on-link neighbors. It will therefore need to
know not only the link-local IP address but also the physical interface and transport port for
connecting to each neighbor. One implementation approach to this is to include these
details in the 'session_nonce' data structure, which is opaque to normal ASAs.
-
listen_negotiate()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameters:
- errorcode (integer)
- session_nonce (structure) (if successful)
- requested_objective (structure) (if successful)
- This function instructs GRASP to listen for negotiation
requests for the given 'objective'. It also enables discovery responses for the objective.
- Threaded implementation: It will block waiting for an incoming request, so
should be called in a separate thread if asynchronous operation is required.
If the ASA supports multiple simultaneous transactions, a new thread must
be spawned for each new session.
- Event loop implementation: A read/write 'session_nonce' parameter is used.
If the ASA supports multiple simultaneous transactions, a new event must be inserted
in the event loop for each new session.
- Unless there is an unexpected failure, this call only returns after an
incoming negotiation request. When it does so,
'requested_objective' contains the first value requested by
the negotiation peer. Note that this instance of the objective
must be used in the subsequent negotiation call because
it also contains the current loop count. The 'session_nonce' must be
presented in all subsequent negotiation steps.
- This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait'
and/or 'end_negotiate' until the negotiation ends. 'listen_negotiate' may then be called
again to await a new negotation.
- If an ASA is capable of handling multiple negotiations simultaneously, it may
call 'listen_negotiate' simultaneously from multiple threads. The API and GRASP implementation
must support re-entrant use of the listening state and the negotiation calls. Simultaneous
sessions will be distinguished by the threads themselves, the GRASP Session IDs, and the underlying unicast
transport sockets.
-
stop_listen_negotiate()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameter:
- errorcode (integer)
- Instructs GRASP to stop listening for negotiation
requests for the given objective, i.e., cancels 'listen_negotiate'.
- Threaded implementation: Must be called
from a different thread than 'listen_negotiate'.
- Event loop implementation: no special considerations.
-
negotiate_step()
-
Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- objective (structure)
- timeout (integer)
-
Return parameters:
- Exactly as for 'request_negotiate'
- Executes the next negotation step with the peer. The 'objective' parameter
contains the next value being proffered by the ASA in this step.
- Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.
- Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.
-
negotiate_wait()
-
Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- timeout (integer)
-
Return parameters:
- errorcode (integer)
- Delay negotiation session by 'timeout' milliseconds, thereby extending the original timeout. This
function simply triggers a GRASP Confirm Waiting message.
- Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.
- Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.
-
end_negotiate()
-
Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- reply (Boolean)
- reason (UTF-8 string)
-
Return parameters:
- errorcode (integer)
-
End the negotiation session.
'reply' = True for accept (successful negotiation), False for decline (failed negotiation).
'reason' = optional string describing reason for decline.
- Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.
- Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.
Synchronization and Flooding
-
synchronize()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
- peer (ASA_locator)
- timeout (integer)
-
Return parameters:
- errorcode (integer)
- objective (structure) (if successful)
- This call requests the synchronized value of the given 'objective'.
- Since this is essentially a read operation, any ASA can do it. Therefore
the API checks that the ASA is registered but the objective doesn't need to
be registered by the calling ASA.
- If the objective was already flooded, the flooded value is
returned immediately in the 'result' parameter. In this case, the 'source'
and 'timeout' are ignored.
- Otherwise, synchronization with a discovered ASA is performed.
The 'peer' parameter is an 'ASA_locator' as returned by discover().
If 'peer' is null, GRASP discovery is performed first.
- This call should be repeated whenever the latest value is needed.
- Threaded implementation: Call in a separate thread if asynchronous operation is required.
- Event loop implementation: An additional read/write 'session_nonce' parameter is used.
- Since this is essentially a read operation, any ASA can use
it. Therefore GRASP checks that the calling ASA is registered but the
objective doesn't need to be registered by the calling ASA.
- In the case of failure, an exponential backoff is recommended before retrying.
-
listen_synchronize()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameters:
- errorcode (integer)
- This instructs GRASP to listen for synchronization
requests for the given objective, and to
respond with the value given in the 'objective' parameter.
It also enables discovery responses for the objective.
- This call is non-blocking and may be repeated whenever the value changes.
-
stop_listen_synchronize()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameters:
- errorcode (integer)
- This call instructs GRASP to stop listening for synchronization
requests for the given 'objective', i.e. it cancels a previous listen_synchronize.
-
flood()
-
Input parameters:
- asa_nonce (integer)
- ttl (integer)
- tagged_objective_list (structure)
-
Return parameters:
- errorcode (integer)
- This call instructs GRASP to flood the given synchronization
objective(s) and their value(s) and associated locator(s) to all GRASP nodes.
- The 'ttl' parameter is the valid lifetime (time to live) of
the flooded data in milliseconds (0 = infinity)
- The 'tagged_objective_list' parameter is a list of one or more 'tagged_objective'
couplets.
The 'locator' parameter that tags each objective is normally null but may
be a valid 'ASA_locator'.
Infrastructure ASAs needing to flood an {address, protocol, port} 3-tuple
with an objective create an ASA_locator object to do so. If the IP address
in that locator is the unspecified address
('::') it is replaced by the link-local address of the sending node in each
copy of the flood multicast, which will be forced to have a loop count of 1.
This feature is for objectives that must be restricted to the local link.
- The function checks that the ASA registered each objective.
- This call may be repeated whenever any value changes.
-
get_flood()
-
Input parameters:
- asa_nonce (integer)
- objective (structure)
-
Return parameters:
- errorcode (integer)
- tagged_objective_list (structure) (if successful)
- This call instructs GRASP to return the given synchronization
objective if it has been flooded and its lifetime has not expired.
- Since this is essentially a read operation, any ASA can do
it. Therefore the API checks that the ASA is registered but the
objective doesn't need to be registered by the calling ASA.
- The 'tagged_objective_list' parameter is a list of 'tagged_objective'
couplets, each one being a copy of the flooded objective and a coresponding locator.
Thus if the same objective has been flooded by multiple ASAs, the recipient can distinguish
the copies.
- Note that this call is for advanced ASAs. In a simple case, an ASA can simply call
synchronize() in order to get a valid flooded objective.
-
expire_flood()
-
Input parameters:
- asa_nonce (integer)
- tagged_objective (structure)
-
Return parameters:
- errorcode (integer)
- This is a call that can only be used after a preceding
call to get_flood() by an ASA that is capable of deciding
that the flooded value is stale or invalid. Use with care.
- The 'tagged_objective' parameter is the one to be expired.
Invalid Message Function
-
send_invalid()
-
Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- info (bytes)
-
Return parameters:
- errorcode (integer)
-
Sends a GRASP Invalid Message (M_INVALID) message, as described in
. Should not be used if end_negotiate() would be sufficient.
Note that this message may be used in response to any unicast GRASP message that the receiver
cannot interpret correctly. In most cases this message will be generated internally by a
GRASP implementation.
'info' = optional diagnostic data. May be raw bytes from the invalid message.
Implementation Status [RFC Editor: please remove]
A prototype open source Python implementation of GRASP, including
an API similar to this document, has been used
to verify the concepts for the threaded model. It may be found at
with associated documentation and demonstration ASAs.
Security Considerations
Security issues for the GRASP protocol are discussed in .
Authorization of ASAs is a subject for future study.
The 'asa_nonce' parameter is used in the API as a first line of defence against a malware process attempting
to imitate a legitimately registered ASA. The 'session_nonce' parameter is used in the API as a first line
of defence against a malware process attempting to hijack a GRASP session.
IANA Considerations
This document makes no request of the IANA.
Acknowledgements
Excellent suggestions were made by
Ignas Bagdonas,
Toerless Eckert,
Guangpeng Li,
Michael Richardson,
and other participants in the ANIMA WG.
References
Normative References
Informative References
Error Codes
This Appendix lists the error codes defined so far, with suggested symbolic names
and corresponding descriptive strings in English. It is expected that complete API
implementations will provide for localisation of these descriptive strings,
and that additional error codes will be needed according to implementation details.
Change log [RFC Editor: Please remove]
draft-ietf-anima-grasp-api-05, 2020-05-08:
- Converted to xml2rfc v3
- Editorial fixes.
draft-ietf-anima-grasp-api-04, 2019-10-07:
- Improved discussion of layering, mentioned daemon.
- Added callbacks and improved description of asynchronous operations.
- Described use case for 'session_nonce'.
- More explanation of 'asa_nonce'.
- Change 'discover' to use 'age_limit' instead of 'flush'.
- Clarified use of 'dry run'.
- Editorial improvements.
draft-ietf-anima-grasp-api-03, 2019-01-21:
- Replaced empty "logic flows" section by "implementation status".
- Minor clarifications.
- Editorial improvements.
draft-ietf-anima-grasp-api-02, 2018-06-30:
- Additional suggestion for event-loop API.
- Discussion of error code values.
draft-ietf-anima-grasp-api-01, 2018-03-03:
draft-ietf-anima-grasp-api-00, 2017-12-23:
- WG adoption
- Editorial improvements.
draft-liu-anima-grasp-api-06, 2017-11-24:
- Improved description of event-loop model.
- Changed intended status to Informational.
- Editorial improvements.
draft-liu-anima-grasp-api-05, 2017-10-02:
draft-liu-anima-grasp-api-04, 2017-06-30:
- Noted that simple nodes might not include the API.
- Minor clarifications.
draft-liu-anima-grasp-api-03, 2017-02-13:
- Changed error return to integers.
- Required all implementations to accept objective values in CBOR.
- Added non-blocking alternatives.
draft-liu-anima-grasp-api-02, 2016-12-17:
- Updated for draft-ietf-anima-grasp-09
draft-liu-anima-grasp-api-02, 2016-09-30:
- Added items for draft-ietf-anima-grasp-07
- Editorial corrections
draft-liu-anima-grasp-api-01, 2016-06-24:
- Updated for draft-ietf-anima-grasp-05
- Editorial corrections
draft-liu-anima-grasp-api-00, 2016-04-04: