idnits 2.17.1 draft-aoun-midcom-network-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of lines with control characters in the document. ** The abstract seems to contain references ([NAT-COMP], [RFC2663], [RFC2775]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: It MUST not be seen as a protocol description document or an overall framework architecture document. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 2001) is 8168 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'NAT-COMP' is mentioned on line 41, but not defined == Missing Reference: 'MDCMFRWK' is mentioned on line 351, but not defined Summary: 10 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MIDCOM Working Group C.Aoun 3 Internet Draft Nortel Networks 4 Category: Informational June 2001 6 Expires on December 2001 8 Network topology considerations in 9 the MIDCOM Architectural framework 10 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance 14 with all provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that 17 other groups may also distribute working documents as Internet- 18 Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six 20 months and may be updated, replaced, or obsoleted by other documents 21 at any time. It is inappropriate to use Internet-Drafts as 22 reference material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt 27 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html 31 Abstract 33 In the present Internet architecture, packet transparency is lost 34 due to the introduction of Middle Boxes that either modifies the 35 contents of the IP packet, or drops it (Ref [RFC2775]). 36 This draft presents in the context of the MIDCOM workgroup framework 37 several Middle Boxes network deployment scenarios that needs 38 to be considered. 40 This draft assumes that the reader has sufficient knowledge on NAT 41 (Ref [RFC2663]) and it's consequences (Ref [NAT-COMP]). 43 This draft provides a list of topologies that needs to be considered 44 (and their related implications) when deploying multimedia services 45 over the Internet. 47 It MUST not be seen as a protocol description document or an overall 48 framework architecture document. 50 in the MIDCOM Framework Architecture 52 Table of Contents 53 Status of this Memo................................................1 54 Abstract...........................................................1 55 1 Introduction.....................................................2 56 2 Conventions used in this document................................3 57 3 Network deployment scenarios.....................................3 58 3.1 Particular customer network configurations.....................4 59 3.2 The customer's ISP is the Content Service Provider.............5 60 3.3 The customer's ISP and the CSP are different legal entities....7 61 3.4 The Teleworker or small remote customer sites case.............7 62 4 Summary..........................................................8 63 5 References.......................................................8 64 6 Acknowledgments..................................................9 65 7 Author's Address.................................................9 66 8 Intellectual Property Statement..................................9 67 9 Full Copyright Statement.........................................9 69 1 Introduction 71 The Middle Box (MB)terminology is aligned with the MIDCOM workgroup 72 definition, i.e. a device that has router functionality and alters 73 the content of either the IP header or it's content; or drops or 74 forwards the packet depending on the filtering rule that is applied 75 based on IP header/protocol type/transport port and this on packets 76 coming from a certain group of users or interfaces. 77 The MB terminology will probably evolve in time, the draft will be 78 updated to take into account the new taxonomy. 79 In order for the middle boxes to scale and have high performance, it 80 is essential that the Middle boxes have no application awareness, 81 which would require MBs to have at least a subset of the 82 application's state machines. 83 This approach requires that all traversed MBs have the required 84 application awareness; this represents a major stopper to 85 development of applications. 86 Having the MB have application awareness is what is called having an 87 Application Layer Gateway on the MB (Ref [RFC2663]). 89 Application awareness is provided by devices already implicated in 90 the application (case of In path agents), this device communicates 91 with the MB to provide it the necessary information to allow the 92 application to work. 93 The MIDCOM protocol is the protocol used between the previous 94 entities. 95 The instance communicating with the Middle Box is the MIDCOM Agent 96 (MA), the peer on that interface is the MIDCOM Interface on the 97 Middle Box. 99 in the MIDCOM Framework Architecture 100 The main reason for issuing this draft is to complement the current 101 topologies taken into account within the MIDCOM framework (ref 102 [MDCMFRWK]. 104 Here is the main issue that this draft tries to get the MIDCOM WG to 105 be concerned of: 107 -How does the MIDCOM Agent know that the application's packets 108 (either control stream or bearer stream) traverses MBs? 109 Although this was decided to be out of scope of the MIDCOM WG, it is 110 still a big piece of the puzzle. Manual provisioning of the 111 encountered MBs and their applied functions on the MA will require a 112 lot of effort (and probably won't scale). 113 This issue should be tackled in the MIDCOM WG or elsewhere. 115 This could prevent certain network topologies from being deployed. 117 In the following, the 'Customer' network is a network containing a 118 group of network elements (hosts, routers, servers, etc _)that is 119 not in the Internet Service Provider network neither in the Content 120 Service Provider network. 121 2 Conventions used in this document 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 125 this document are to be interpreted as described in RFC-2119. 127 3 Network deployment scenarios 128 This section handles several main network types: 129 -The Content Service Provider (CSP)is the customer's Internet 130 Service Provider (ISP). 131 -The CSP is a separate provider from the customer's ISP. 132 -The customer is in a remote site and is connected to it's 133 enterprise VPN via a defined ISP. 135 In all cases the customer network could be connected via an Access 136 Network Provider which is separate from the ISP, this could happen 137 for cable access and xDSL access. 138 In the context of this document this is irrelevant considering that 139 we are looking at the MB interaction problem. 141 The traversed ISPs could have border MBs at their edges, or it could 142 be assumed that no MBs will be encountered. 144 The previous models are reflexive (i.e. the called parties have one 145 of the previous network models), for clarity reasons the application 146 pair (peers or Controlled) parties (i.e. calling and called parties, 147 IP phone/Media Gateway _) are not shown. 149 in the MIDCOM Framework Architecture 150 The CSP also has MBs that protect all the Content Service (voice per 151 example) application devices (device controllers (i.e.MGCs), SIP 152 Proxies, Element Management Systems (i.e. SNMP manager 153 implementations), Media Gateways etc_) from the CSP internal 154 network, the ISP network, the customers and the Internet. 156 The following subsection provides a view on network topologies where 157 several consecutive MBs are deployed to provide all the required MB 158 services in the customer premise. 160 3.1 Particular customer network configurations 162 The current market status shows that it is quite often to find 163 several MBs in the customer network in the path of flows. 165 These MBs could apply complementary MB functions to the packet flows 166 that might traverse them. 167 The figure below shows an example of a network topology where within 168 a customer network 3 MBs are used : 169 -MB1 provide secured access from the Internet and certain categories 170 of users in the customer network; a packet filtering function is 171 applied to the flow 172 -MB2 applies packet filtering and NAT to the flow 173 -MB3 applies QoS gating on per application's session basis 174 -In the customer's ISP side MB4 applies QoS gating and packet 175 diversion (in case law enforcement authorities require it) on per 176 session basis. 177 The QoS gating function allows reserving appropriate bandwidth for 178 the application session. The reservation could also be accompanied 179 with pre-emption on other existing flows of the same application 180 (i.e. priority not defined on layer 2 or layer 3 priorities, but 181 within the application). 183 It is obvious that the order in which the Middle Box functions are 184 applied is critical (especially for Nat and packet filtering)in this 185 network type. 187 ++++++++++++++++++++++++ 188 +Appl Users+MB1+MB2+MB3+ 189 ++++++++++++++++++++++++ 190 + 191 + 192 +++++++++++ 193 + +MB4+ + 194 + ++++ + 195 + ISP1 + 196 +++++++++++ 198 Currently it is not a lot frequent to find the likes of MB3 and MB4 199 in the network; but since the access interfaces (Customer <-> ISP 200 in the MIDCOM Framework Architecture 201 network) will still be bandwidth limited for a while, QoS gates will 202 be required on this interface to meet the applications' QoS 203 requirements. 205 This topology could be found in a lot of customer networks. 207 The end to end network types follows in the next sections. 209 3.2 The customer's ISP is the Content Service Provider 211 This type of network deployment is quite often in the context of 212 delivering bundled data and voice services. 213 There are 2 variants to this scenario: 215 (1) The Middle Boxes (1 or many MBs) are managed by the customer 216 network. 217 (2) The MBs are managed by the service provider. 218 In this model the MBs could be considered as trusted devices and 219 are provided policy rules by a common policy server. This is 220 what could be considered as complete carrier managed services. 221 Type 1:This scenario could be subdivided into 2, case where the 222 customer has 1 MB, whereas in the other case the customer 223 have more than one MB. 225 Typically several MBs are deployed in a customer's network when the 226 customer has a VPN with widely spread sites, and the ISP provides 227 several POIs to interconnect to the Internet. 228 The case where several MBs could be traversed is quite interesting 229 since it is almost impossible to know in advance which MB will be 230 traversed (the traversal is based on the routing infrastructure and 231 the destination application endpoint). 233 +--------------+ +--------------+ 234 +Customer A + +ISP & CSP + 235 + +---+ + + + 236 + +MB1+ + +--------------+ 237 + +---+ + / + 238 + + / + 239 + +---+ + / + 240 + +MBn+-----+-- + 241 + +---+ + +-----------------+ 242 +--------------+ +The Internet + 243 +-----------------+ 245 in the MIDCOM Framework Architecture 246 Type 2: Again this network model could be subdivided into several 247 Models: 248 -The customer has one Edge Router (ER) and only one MB is 249 used in the ISP/CSP 250 -The customer has n Edge Routers, and the ISP/CSP has only 251 one interface on MB used for customer A 252 -The customer has n ERs and the ISP/CSP has k MBs or k 253 interfaces on the MBs dedicated for customer A 255 Again there are issues on determining in advance which MBs will be 256 traversed when several MBs are deployed. 258 +--------------+ +--------------+ 259 +Customer A + +ISP & CSP + 260 + + + +---+ + 261 + +---+ + + +MB1+ + 262 + +ER1+ + + +---+ + 263 + +---+ + /+ + 264 + +---+ + / + +---+ + 265 + +ERn+-----+-- + +MBk+ + 266 + +---+ + + +---+ + 267 +--------------+ + + 268 +--------------+ 269 + 270 + 271 +-----------------+ 272 +The Internet + 273 +-----------------+ 275 in the MIDCOM Framework Architecture 277 3.3 The customer's ISP and the CSP are different legal entities 279 In these network types, the customer purchases the application 280 services from a service provider different from its ISP. 282 We shall assume that the customer's ISP is not directly connected to 283 the application service provider, in case it is the model still 284 applies. 286 +--------------+ +-----------+ 287 +Customer A + + ISP + 288 + + + +---+ + 289 + +---+ + + +MB1+ + +-----------------+ 290 + +ER1+ + /+ +---+ + + CSP+----+ + 291 + +---+ + / + + + +MB1x+ + 292 + +---+ + / + +---+ + + +----+ + 293 + +ERn+-----+/ + +MBk+ + + +----+ + 294 + +---+ + + +---+ + /+ +MBmx+ + 295 +--------------+ + + / + +----+ + 296 +-----------+ / +-----------------+ 297 + / 298 + / 299 +-----------------+ 300 +The Internet + 301 +-----------------+ 303 In this network model, the MBs could also be in the Customers 304 premise, i.e. both type 1 and type 2 network types apply to these 305 networks. 307 3.4 The Teleworker or small remote customer sites case 309 +--------------+ +-----------+ 310 +Customer A + + ISP + 311 + + + +---+ + 312 + +---+ + + +MB1+ + +--------------+ 313 + +ER1+-----+ + +---+ + + CSP+----+ + 314 + +---+ + + + + +MB1x+ + 315 + + + + + +----+ + 316 + +---+ + + +----+ + + + 317 + +ERn+-----+--- + +MBk + + + +----+ + 318 + +---+ + + +----+ + / + +MBmx+ + 319 +--------------+ + + / + +----+ + 320 +-----------+ / +--------------+ 321 + / +-----------+ 322 + / +Teleworker/+ 323 + / +remote site+ 324 +-----------------+ / + +----+ + 325 +The Internet +--/--------+ +MB1h+ + 326 +-----------------+ + +----+ + 327 +-----------+ 329 in the MIDCOM Framework Architecture 330 This network model has several variants that could be inherited from 331 2.1 and 2.2. 332 This model is not completely different from the previous ones, from 333 a VoIP perspective since the application (VoIP) is provided through 334 the customer's VPN. Hence the Teleworker/remote site, establishes a 335 tunnel (IPSEC ESP per example, other IP tunneling protocols could be 336 used as well)for all the traffic related to the customer A VPN. 337 All the tunneled information will not be altered, therefore there is 338 no different constraints/interaction with the MBs (from a VoIP 339 perspective) from 2.1 and 2.2. 341 4 Summary 343 The network topologies in the previous sections show new deployment 344 considerations, where the MA will need to negotiate network 345 parameters with : 347 - Various Middle Boxes with different MB functions 348 - Different Middle Boxes for the application signaling protocol than 349 for the media packets 351 [MDCMFRWK] does not take into account topologies where the bearer 352 path is traversing either a different interface then the application 353 protocol messages or even a different MB. 355 The ideal is to define a model that meets carrier managed network 356 type (i.e. Type 2 networks, with the service provider providing the 357 Middle Box services) as well as type 1 networks (where the Middle 358 Boxes are managed by the customer, and most likely this customer has 359 few, probably 1 MB). 361 Initiatives need to be actively started within the IETF either in 362 the MIDCOM WG or in another WG, to start looking at MBs discovery. 364 There are two approaches to this, either build a mechanism around MB 365 discovery specifically or around "special" network elements 366 discovery to take into account various "special type" network nodes. 367 Obviously the later approach should never be handled in the MIDCOM 368 WG. 370 5 References 372 [RFC2663] P.Srisuresh, M. Holdrege, "IP Network Address 373 Translator(NAT)Terminology and Considerations", RFC 2663 374 August 1999. 376 [NAT-COMP]P.Srisuresh, M. Holdrege, " Protocol Complications with 377 the IP Network Address Translator", RFC 3027 Jan 2001 379 [MDCMFRWK]P.Srisuresh,J.Kuthan, J.Rosenberg," MIDCOM Architecture 380 & Framework", 381 Internet draft, draft-ietf-midcom-framework-01.txt 382 in the MIDCOM Framework Architecture 384 [RFC2775] B. Carpenter, Internet Transparency 386 6 Acknowledgments 387 The author would like to thank the following people for their useful 388 comments and suggestions related to this draft: Patrick Bradd, Matt 389 Broda, Louis-Nicolas Hamer, Mick O'Doherty, Reynaldo Penno, Abdallah 390 Rayhan, Massimo Strazzeri and many others in Nortel Networks. 392 7 Author's Address 394 Cedric Aoun 395 Nortel Networks 396 33 Quai Paul Doumer 397 92415 Courbevoie Cedex 398 FRANCE 400 Email: cedric.aoun@nortelnetworks.com 402 8 Intellectual Property Statement 404 The IETF takes no position regarding the validity or scope of any 405 intellectual property or other rights that might be claimed to 406 pertain to the implementation or use of the technology described in 407 this document or the extent to which any license under such rights 408 might or might not be available; neither does it represent that it 409 has made any effort to identify any such rights. Information on the 410 IETF's procedures with respect to rights in standards-track and 411 standards-related documentation can be found in BCP-11. Copies of 412 claims of rights made available for publication and any assurances 413 of licenses to be made available, or the result of an attempt made 414 to obtain a general license or permission for the use of such 415 proprietary rights by implementors or users of this specification 416 can be obtained from the IETF Secretariat. 418 The IETF invites any interested party to bring to its attention any 419 copyrights, patents or patent applications, or other proprietary 420 rights which may cover technology that may be required to practice 421 this standard. Please address the information to the IETF Executive 422 Director. 424 9 Full Copyright Statement 426 Copyright (C) The Internet Society (2000). All Rights Reserved. 428 This document and translations of it may be copied and furnished to 429 others, and derivative works that comment on or otherwise explain it 430 or assist in its implementation may be prepared, copied, published 431 in the MIDCOM Framework Architecture 432 and distributed, in whole or in part, without restriction of any 433 kind, provided that the above copyright notice and this paragraph 434 are included on all such copies and derivative works. However, this 435 document itself may not be modified in any way, such as by removing 436 the copyright notice or references to the Internet Society or other 437 Internet organizations, except as needed for the purpose of 438 developing Internet standards in which case the procedures for 439 copyrights defined in the Internet Standards process must be 440 followed, or as required to translate it into languages other than 441 English. The limited permissions granted above are perpetual and 442 will not be revoked by the Internet Society or its successors or 443 assigns. This document and the information contained 444 herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND 445 THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, 446 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT 447 THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR 448 ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 449 PARTICULAR PURPOSE."