COPS Usage for Differentiated Services August 1998 Network Working Group Francis Reichmeyer Internet Draft Kwok Chan Draft-ietf-RAP-COPS-DS-00.txt Bay Networks, Inc. Expiration Date: January 1999 David Durham Raj Yavatkar Intel Silvano Gai Keith McCloghrie Cisco Systems, Inc. Shai Herzog IPHighway August 1998 COPS Usage for Differentiated Services Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract There is a clear need for relatively simple and coarse methods of providing differentiated classes of service for Internet traffic, to support various types of services, and specific business requirements. The IETF has chartered the Differentiated Service WG to define the differentiated services architecture and a common language for differentiated services. Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 1] COPS Usage for Differentiated Services August 1998 In parallel, the IETF RSVP Admission Policy (RAP) WG has defined the COPS (Common Open Policy Service) protocol [COPS]. This document describes enhancements to the Common Open Policy Service (COPS) protocol to support policy services in a Differentiated Services (diff serv) environment. Further modifications to COPS for diff serv may be proposed in the future, but what is presented here is thought to be the minimum necessary additions. Table of contents 1. Terminology ......................................................3 2. Introduction ..........................Error! Bookmark not defined. 2.1 Basic Model...................................................6 3. The definition of the Policy Tree ................................7 3.1 Description of the Policy Tree................................8 3.2 Operations Supported On a PI..................................8 3.3 An example of a PIB...........................................8 4. COPS Diff Serv Client Data ......................................10 4.1 Policy Identifier (PID)......................................11 4.2 XDR Encoded Policy Instance Data (XPD).......................11 4.3 Diff Serv Decision Data......................................12 4.4 Diff Serv Request Data.......................................12 4.5 Diff Serv Report Data........................................12 4.5.1 Commit Data .............................................13 4.5.2 No Commit Data ..........................................13 4.5.3 Accounting Data .........................................13 5. Message Content .................................................13 5.1 Request (REQ) PEP -> PDP...................................13 5.2 Decision (DEC) PDP -> PEP..................................14 5.3 Report State (RPT) PEP -> PDP..............................15 6. Common Operation ................................................15 7. Fault Tolerance .................................................17 8. Security ........................................................17 9. References ......................................................17 10. Author Information .............................................18 Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 2] COPS Usage for Differentiated Services August 1998 1. Terminology o ACL: Access Control List. o COPS (Common Open Policy Service): client/server model for supporting policy control [COPS]; o Instance Identifier: one or more of the PC attributes the values of which are used as part of the identification of a PI. o Object: this term is used in the same sense as in COPS specification. An object is identified by its C-num and C-type. o PC (Policy Class): a type of policy data item. In object oriented terminology this is equivalent to a class. It inherits from PC. A PC defines a vector of attributes. Each attribute has a syntax type that is either primitive or refined. It also overrides the READ and WRITE methods and defines new error sub-codes. o PI (Policy Instance): an instance of a PC. Potentially there are multiple instances of the same PC. The value of a PI consist of a vector of values, one value for each attribute in the PC's vector of attributes. o PDP (Policy Decision Point): a network entity where policy decisions are made o PEP (Policy Enforcement Point): network device where policy decisions are enforced. o PIB (Policy Information Base): policy objects are accessed via a virtual information store, termed the Policy Information Base or PIB. Objects in the PIB are defined using Abstract Syntax Notation One (ASN.1) [ASN1]. o PID (Policy IDentifier): the name which identifies a particular PI or PC. It has a hierarchical structure of the form 1.3.4.2.7, where the first part identifies the PC (i.e., 1.3.4) and the last part is the value of the PII (Policy Instance Identifier), which identifies the instance (i.e. 2.7). The PII is null in the case of a PC. o XPD: XDR Encoded Policy Instance Data. 2. Introduction The Common Open Policy Service (COPS) protocol is a query response protocol used to exchange policy information between a network policy Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 3] COPS Usage for Differentiated Services August 1998 server and a set of clients [COPS]. COPS is being developed within the RSVP Admission Policy Working Group (RAP WG) of the IETF, primarily for use as a mechanism for providing policy-based admission control over requests for network resources [RAP]. The underlying assumption in the RAP framework is that applications or endsystems use the RSVP [RSVP] signaling protocol to communicate Integrated Services (int serv) reservation requests to the network nodes along the path of a flow. These reservation requests carry necessary flow specifications and requests for a flow to receive one of the defined Integrated Services, Controlled Load or Guaranteed. In the int serv model, the RSVP messages themselves contain all the necessary information needed at the networking device to classify and service the flow [RSVP]. This information includes the session identifier (source and destination addresses, port numbers, and transmission protocol), flowspec token bucket parameters, and requested service. As shown I Figure 1, the network device contacts a policy decision point (PDP) to make the policy-based admission control decision. Then, the policy server (PDP) is simply required to return a Decision, such as "accept" and the network device acts as a policy enforcement point (PEP) and uses the session information and intserv srvice parameters to classify and service the packets belonging to the flow. (router, switch) policy server . _ ---------------- ________ --------______ | | | | ______ . | Network Node | | | . | ----- ___ | | | | | | | | | . | | PEP |<-----|------->| PDP | . | |_____| | |_____ | . | ----- | | | . |________________| | | ---------------- -------- Figure 1: Under the RAP framework, network elements such as a router or a switch contact the PDP for policy-based admission control Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 4] COPS Usage for Differentiated Services August 1998 when a resource reservation request is received. Providing policy services in a diff serv environment requires some different assumptions about the admission control mechanisms used in the network. First, there may be no explicit signaling from sources of traffic requesting a particular service as in the case of an intserv network. Second, requests for allocation of resources to differentiated services may arrive at the policy server from entities other than a PEP. Examples of such sources include attached users requesting network services via a web interface into a central management application, or H.323 servers requesting resources on behalf of a user for a video conferencing application. Requests of this sort require some policy decision to be made to ensure the requesting user/application has permission to use the requested services and that the resources are available. Once the decision is made, the PDP must configure one or more PEPs to provision necessary resources for services requested. In addition, the PDP may also pass to the PEP provisioning decisions about resources related to flows of a more static nature, such as long-term SLAs established across boundaries of adjacent ISP networks. In summary, the interaction between the PDP and PEP is different in at least two respects from that in the case of the intserv environment. First, the resource provisioning requests may originate at places other than a PEP. Second, once the PDP makes a policy decision to allocate resources for a service class or a flow aggregate, it must pass on the sufficient information (such as packet classification filters, traffic shaper parameters) to the PEPs so that PEPs can implement policy decisions. This draft describes the usage of the COPS protocol for communicating this information between diff serv clients (PEPs) and the policy servers. Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 5] COPS Usage for Differentiated Services August 1998 2.1 Basic Model Figure 2 shows a sample network configuration for a diffserv environment. Edge routers and boundary routers are located at the boundary of diffserv domains as described in [draft-nichols-diff- serv-arch-00.txt]. The BB is responsible for admission control functions and resource provisioning. In the COPS model, the PDP is part of the bandwidth broker that manages resources within a diffserv domain. Both edge routers and boundary routers act as PEPs and communicate with BBs using COPS for exchange of policy information. The internal organization of the BB and policy functionality may vary: the policy server and BB may be separate entities in which case the BB, upon receiving COPS messages from the PEP, consults the policy server to make its decision. ---- ---- | BB | | BB | | | | | _---- ---- ^ ^ | / | / | | . / Stub \ / Transit \ / Stub \ . / Network \ / Network \ / Network \ |---| | |---| |---| |---| |---| | |---| |Tx |-| |ER1|---|BR1| |BR2|---|ER2| |-|Rx | |---| | |-- | |---| |---| |---| | |---| \ / \ / \ / \ / \ / \ / Figure 2: A sample Network Configuration in which Edge Routers (ER) and Boundary routers (BR) in the stub and transit networks communicate with the corresponding bandwidth brokers in their domain. To allow for use of COPS for diff-serv specific communication and to distinuish diff-serv specific communication from other uses of COPS, we have added a new client type to COPS (client type = DiffServ client). In an environment where a stub network uses intserv/RSVP signaling for admission control and uses diffserv-based policy server for managing resources to a transit network, use of two different Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 6] COPS Usage for Differentiated Services August 1998 client types (RSVP vs diffserv) may require a method that correlates the two admission control decision. The issue of combining int serv and diff serv to provide an end-to-end QoS solution is currently being studied [E2E]. Also, the RSVP WG is currently planning on addressing the use of RSVP within the differentiated services QoS model. 3. The definition of the Policy Tree This section defines data format for the diff serv client specific information carried in the Decision, Request ClientSI, and Report ClientSI objects. Diff serv client specific data may be defined for the other objects in the future. The policy tree is based on SMI and MIBs. COPS for RSVP does not need a policy tree, since the information exchanged has a simple format. However, the COPS protocol does not preclude the use of data, represented in such a way, with RSVP. COPS for DiffServ needs much more structure, since it needs to represent policies, mappings, ACLs, interfaces etc. The policy tree is structured in the following way: -------+-------+----------+---PC--+--PI | | | +--PI | | +---PC-----PI | +---PC--+--PI | | +--PI | | +--PI | | +--PI | | +--PI | +---PC-----PI +---PC---PI Figure 1: Example of a Policy Tree PIs (Policy Instances) and s PC (Policy Classes) have names (PIDs: Policy Identifiers). Names have a hierarchical structure of the form 1.3.4.2.7, where the first part identifies the PC (e.g., 1.3.4) and the last part identifies the instance (e.g. 2.7). The policy tree names all the policy data classes and instances and this creates a common view of the policy organization between the Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 7] COPS Usage for Differentiated Services August 1998 client (PEP) and the server (PDP). Therefore, when the PEP receives data from the PDP, the data itself specifies what a PEP is supposed to do with the data. The current granularity of access, i.e., the atomicity of replacement, is proposed as a vector of values. Note that the PCs/PIs in the above diagram are each a vector of values. This proposal is that the hierarchy of PCs/PIs is for benefit of human understanding, not for programmatic understanding, or inheritance. 3.1 Description of the Policy Tree The Policy Tree is described using SMI and PIBs. SMI and PIBs are defined based on the ASN.1 data definition language [ASN1]. This does not imply that the representation of the policy information on the wire must follow ASN.1: on the contrary, the proposal it to follow COPS conventions and to define a new objects (XDR Encoded Policy Instance Data, see Section 4.2) which contains an XDR encoding. XDR is a standard [RFC1832] for the description and encoding of data. 3.2 Operations Supported On a PI The following operations are supported on a PI: o Install - creates a new instance of a PC, i.e. a new PI, or modifies an existing instance. The instance is automatically enabled. Parameters to this operation are a PID (see Section 4.1) and an "XPD (XDR encoded policy instance Data)" containing the value to assign to the new PI see (Section 4.2). The XPD specifies all the attributes of the new PI. o Delete - This operation is used to delete an instance of a PC. The parameter is a PID (see Section 4.1). o Enable. This operation is used to enable a PI. o Disable. This operation is used to disable a PI. 3.3 An example of a PIB This section contains a simple example of a PIB describing a simple set of filters for IP packets. Each filter is able to match either the source IP address, the destination IP address or both. This Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 8] COPS Usage for Differentiated Services August 1998 example is provided only for the benefit of understanding how a PIB is structured. It is not supposed to describe any actual policy data. policyFilterPIB OBJECT IDENTIFIER ::= { policyPIB 1 } ipHeaderFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IpHeaderFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a simple ACL, i.e. one or more IP filters." ::= {policyFilterPIB 1} ipHeaderFilterEntry OBJECT-TYPE SYNTAX IpHeaderFilterEntry MAX-ACCESS write-only STATUS current DESCRIPTION "Each row of the table has four columns. The ipHeaderFilterIndex uniquely identifies a particular IP filter. The ipHeaderFilterMatchType specifies the type of match (source only, destination only, source and destination). The ipHeaderFilterSourceAddress and ipHeaderFilterDestinationAddress contain the source and destination IP addresses." INDEX {ipHeaderFilterIndex} ::= {ipHeaderFilterTable 1} IpHeaderFilterEntry ::= SEQUENCE { ipHeaderFilterIndex INTEGER, ipHeaderFilterMatchType BITS, ipHeaderFilterSourceAddress IpAddress, ipHeaderFilterDestinationAddress IpAddress } ipHeaderFilterIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the table, used to identify each individual IP filter" Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 9] COPS Usage for Differentiated Services August 1998 ::= {ipHeaderFilterEntry 1} ipHeaderFilterMatchType OBJECT-TYPE SYNTAX BITS { matchSource (0), matchDestination (1) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This field indicates which one or more of the addresses are required to match the corresponding addresses of the IP packet." ::= {ipHeaderFilterEntry 2} ipHeaderFilterSourceAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP source address to be matched against the packet in the event the ipHeaderFilterMatchType has the corresponding bit set. ::= {ipHeaderFilterEntry 3} ipHeaderFilterDestinationAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP destination address to be matched against the packet in the event the ipHeaderFilterMatchType has the corresponding bit set. ::= {ipHeaderFilterEntry 4} 4. COPS Diff Serv Client Data The COPS-DS extensions define a new client type: Client Type = 2; Diff Serv Client Diff serv specific information is sent in a COPS message containing a Common Header with the Diff Serv Client type specified: Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 10] COPS Usage for Differentiated Services August 1998 0 1 2 3 +----------------+----------------+----------------+----------------+ | Version| //// | Op Code | Client Type = 0x02 | +----------------+----------------+----------------+----------------+ | Message Length | +----------------+----------------+----------------+----------------+ The COPS protocol specification defines several objects which may carry client specific information between PDP and PEP: Context Object (Context) Reason Object (Reason) Decision Object (Decision) Error Object (Error) Client Specific Information Object (ClientSI) which includes: Request ClientSI Report ClientSI Client-Open ClientSI 4.1 Policy Identifier (PID) This object is used to carry the PID of the Policy Data Instance to be installed or deleted. 0 1 2 3 +----------------+----------------+----------------+----------------+ | Length | Type = PID | +----------------+----------------+----------------+----------------+ | Policy Identifier | +----------------+----------------+----------------+----------------+ 4.2 XDR Encoded Policy Instance Data (XPD) This object is used to carry the value of a Policy Data Instance to be installed, It contains an XDR coding of the Policy Data Instance [RFC1832]. 0 1 2 3 +----------------+----------------+----------------+----------------+ | Length | Type = "XDR type" | +----------------+----------------+----------------+----------------+ | XDR Encoded PI Value | +----------------+----------------+----------------+----------------+ Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 11] COPS Usage for Differentiated Services August 1998 4.3 Diff Serv Decision Data The diff serv Client Specific Decision Data is composed of one or more bindings. Each binding associates a PID object and an XPD object. The XPD object contains the value to be assigned to the PI that is created or updated. The diff serv specific decision data has the following format: C-Num = 7 C-Type = 4 ::= | | | :: = ::= | ::= ::= ::= ::= ::= | 4.4 Diff Serv Request Data The diff serv request ClientSI data has the following format: ::= 4.5 Diff Serv Report Data Diff serv specific report data is used in the RPT message. The format of the report data is dependant on the value of the accompanying COPS Report Type object. Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 12] COPS Usage for Differentiated Services August 1998 4.5.1 Commit Data When used with the "commit" report type, the diff serv specific report data has the following format: ::= [] 4.5.2 No Commit Data When used with the "no commit" report type, the diff serv specific report data has the following format: ::= 4.5.3 Accounting Data TBD 5. Message Content This section describes the COPS messages exchanged between a PEP and PDP for use with diff serv policy services. 5.1 Request (REQ) PEP -> PDP The REQ message is used by COPS diff serv clients for issuing a config request from the to the PDP, as described in the COPS protocol. The Client Handle is associated with request state originated by the PEP and the PEP is responsible for notifying the PDP when the Handle is no longer in use and can be deleted. The diff serv request data, defined above, may be included in the config request form PEP to PDP. Currently, the request data is defined for carrying configuration/feature negotiation information from the PEP. This provides the server with information on the types of policy that the interface can enforce and the types of policy data the PEP can install. The config request message serves as a request from the PEP to the PDP for any diff serv configuration data which the PDP may have pre- defined for the PEP device, such as access control lists, etc., and any future access data or updates. The pre-configured and any asynchronous diff serv configuration data can then be sent to the PEP over time via responses, as decided by the PDP. The configuration Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 13] COPS Usage for Differentiated Services August 1998 information supplied by the PDP is of the consistent client specific format defined above. The PDP responds to the config request with a DEC message containing any available configuration information. ::= 5.2 Decision (DEC) PDP -> PEP The DEC message is sent from the PDP to a diff serv client in response to a config REQ received from the PEP. The Client Handle must be the same Handle that was received in the REQ message. The Client Specific Decision Data for diff serv clients, to be used in the DEC message, is defined above. The DEC message is sent as an immediate response to a config request, used to carry pre-defined configuration information set in the PDP, to the PEP. Subsequent DECs may also be sent at any time after the original DEC message to continue supplying the PEP with additional/updated policy information. The state carried in the DEC message is referred to in the PDP and PEP by the Client Handle and the PID information. The PEP performs the operation specified in the Decision Flags object on the decision data. If no configuration state is available when the config REQ is processed by the PDP, a DEC is sent with the "No Configuration Data" decision flag set. The "Install", "Delete", "Enable", and "Disable" decision flags are used by the PEP and PDP to manage the policy data transactions. In response to a DEC message, the diff serv client sends a RPT back to the PDP to inform the PDP of the actual action taken. For example, in response to a DEC with the "Install" flag (only) set, the PEP informs the PDP if the decision data can be installed, based on the other policy data on the device (are there conflicts, etc.). Then when the PDP determines the policy should be enabled, based on the transaction associated with the policy data, a subsequent DEC message may be sent with the "Enable" flag set. ::= [< diff serv Specific Decision Data>] Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 14] COPS Usage for Differentiated Services August 1998 5.3 Report State (RPT) PEP -> PDP The RPT message is sent from the diff serv client to the PDP to report accounting information from PEP to PDP on request state installed at the PEP. It is also used as a mechanism to inform the PDP about the action taken at the PEP, in response to a DEC message. The diff serv report data format, as defined above, depends on the Report Type included in the RPT message. ::= [] 6. Common Operation This section describes, in general, typical exchanges between a PDP and diff serv COPS client. First, a connection is established between the PEP and PDP and the PEP sends a Client-Open message with the Client-Type = 2, Diff Serv client. If the PDP supports the Diff Serv client, the PDP responds with a Client-Accept (CAT) message. If the client type is not supported, a Client-Close (CC) message is returned by the PDP to the PEP, possibly identifying an alternate server that is known (believed?) to support the policy for the diff serv client. Once the CAT message is accepted, the client can send requests to the server. The first request a COPS Diff Serv client sends to the server is for configuration information, that is a REQ with "Configuration Request" set in the context object that identifies a specific interface/module and any relevant client specific information. The config request message serves two purposes in COPS-DS. First, it is a request from the PEP to the PDP for any diff serv configuration data which the PDP may have pre-defined for the PEP device, such as acces control lists, etc. Also, the config request is a request to the PDP to send asynchronous diff serv configuration data to the PEP, as it is received by the PDP. This asynchronous data may be new policy data or an update to policy data sent previously. If the PDP has diff serv QoS policy configuration information for the client, that information is returned to the client in a DEC message containing the Diff Serv client policy data within the COPS Decision object. If no filters are defined, the DEC message will simply specify that there are no filters using the "No Configuration" Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 15] COPS Usage for Differentiated Services August 1998 Decision Flags object. The handle associated with the request state is the Client Handle sent in the original configuration REQ from the PEP. This is to prevent the PEP from timing out the REQ and deleting the Client Handle. The PDP can then add new policy data or update existing state by sending subsequent DEC message(s) to the PEP, with the same Client Handle. The PEP is responsible for removing the Client handle when it is no longer needed, for example when the interface goes down, and informing the PDP that the handle is to be deleted. For diff serv purposes, access state, and access requests to the policy server can be initiated by other sources besides the PEP. Examples of other sources include attached users requesting network services via a web interface into a central management application, or H.323 servers requesting resources on behalf of a user for a video conferencing application. When such a request is accepted, the edge device affected by the decision (the point where the flow is to enter the network) must be informed of the decision. Since the PEP in the edge device did not initiate the request, the specifics of the request, e.g. flowspec, packet filter, and PHB to apply, must be communicated to the PEP by the PDP. This information is sent to the PEP using the Decision message containing Diff Serv client specific data objects in the COPS Decision object as specified. Any updates to the state information, for example in the case of a policy change or call tear down, is communicated to the PEP by subsequent DEC messages containing the same Client Handle and the updated diff serv request state. Updates can be specify to delete, install, enable or disable existing policy data. The PEP acknowledges the DEC message and action taken by sending a RPT message with a "Commit" Report-Type object. This serves as an indication to the PDP that the requestor (e.g. H.323 server) can be notified that the request has been accepted by the network. If the PEP needs to reject the DEC operation for any reason, a RPT message is sent with a Report-Type of value "No Commit" and optionally a Client Specific Information object specifying the policy data that was rejected. The PDP can then respond to the requestor accordingly. The PEP can report to the PDP the local status of any installed request state when appropriate. This information is sent in a Report- State (RPT) message with the "Accounting" flag set. The state being reported on is referenced by the Client Handle associated with the request state and the client specific data identifier. Finally, Client-Close (CC) messages are used to cancel the corresponding Client-Open message. The CC message informs the other side that the client type specified is no longer supported. Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 16] COPS Usage for Differentiated Services August 1998 7. Fault Tolerance When communication is lost between PEP and PDP, the PEP attempts to re-establish the TCP connection with the PDP it was last connected to. If that server cannot be reached, then the PEP attempts to connect to a secondary PDP, assumed at this time to be manually configured at the PEP. When a connection is finally re-established, either with the primary PDP or a secondary PDP, the PDP may request the PEP to re-synch its current state information (SSQ message). If after re-connecting, the PDP does not request the synchronization, the client can assume the server recognizes it and the current state at the PEP is correct. Any changes state changes which occurred at the PEP while connection was lost must be reported to the PDP in a RPT message. While the PEP is disconnected from the PDP, the request state at the PEP is to be used for policy decisions. If the PEP cannot re-connect in some pre-specified period of time (some multiple of the keep-alive time? - TBD), the request state is to be deleted and the associated Handles removed. The same holds true for the PDP; upon detecting a failed TCP connection, the time-out timer is started for the request state associated with the PEP and the state is removed after the specified period without a connection. 8. Security The use of COPS for diff serv introduce no new security issues over the base COPS protocol. The use of IPSEC between PDP and PEP, as described in [COPS] is sufficient. 9. References [COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Raja,n R., Sastry, A., "The COPS (Common Open Policy Service) Protocol", IETF , March 1998. [RAP] Yavatkar, R., et al., "A Framework for Policy Based Admission Control",IETF , November, 1997. [E2E] Bernet, Y., Yavatka,r R., Ford, P., Bake,r F., Nichols, K., Speer, M., "A Framework for End-to-End QoS Combining Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 17] COPS Usage for Differentiated Services August 1998 RSVP/Intserv and Differentiated Services", IETF , March 1998. [RSVP] Braden, R., Zhang, L., Berson, S., Herzog, S., and Jamin, S., "Resource Reservation Protocol (RSVP) Version 1 Functional Specification", IETF RFC 2205, Proposed Standard, September 1997. [ASN1] Information processing systems - Open Systems Interconnection, "Specification of Abstract Syntax Notation One (ASN.1)", International Organization for Standardization, International Standard 8824, December 1987. [RFC1832] R. Srinivasan, "XDR: External Data Representation Standard.", RFC 1832, August 1995. 10. Author Information Francis Reichmeyer Bay Networks, Inc. 3 Federal Street Billerica, MA 01821 Phone: (978) 916-3352 Email: freichmeyer@BayNetworks.COM Kwok Ho Chan Bay Networks, Inc. 600 Technology Park Billerica, MA 01821 Phone: (978) 916-8175 Email: khchan@BayNetworks.COM David Durham Intel 2111 NE 25th Avenue Hillsboro, OR 97124 Phone: (503) 264-6232 Email: david.durham@intel.com Raj Yavatkar Intel 2111 NE 25th Avenue Hillsboro OR 97124 Phone: (503) 264-9077 Email: yavatkar@ibeam.intel.com Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 18] COPS Usage for Differentiated Services August 1998 Silvano Gai Cisco Systems, Inc. 170 Tasman Dr. San Jose, CA 95134-1706 Phone: (408) 527-2690 email: sgai@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 Tasman Dr. San Jose, CA 95134-1706 Phone: (408) 526-5260 email: kzm@cisco.com Shai Herzog IPHighway 2055 Gateway Place, Suite 400 San Jose, CA 95110 Phone: (408) 451-3923 Email: herzog@iphighway.com ........... Reichmeyer, Ho Chan, Durham, Gai, McCloghrie [Page 19]