idnits 2.17.1 draft-bertz-dime-predictunits-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 29, 2017) is 2485 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4006 (Obsoleted by RFC 8506) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Diameter Maintenance and Extensions L. Bertz 3 Internet-Draft Sprint 4 Intended status: Standards Track June 29, 2017 5 Expires: December 31, 2017 7 Diameter Predicted Units 8 draft-bertz-dime-predictunits-02 10 Abstract 12 This document specifies the conveyance of predicted usage information 13 for proper dimensioning of network services that use Diameter based 14 authorization. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on December 31, 2017. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 This document may contain material from IETF Documents or IETF 49 Contributions published or made publicly available before November 50 10, 2008. The person(s) controlling the copyright in some of this 51 material may not have granted the IETF Trust the right to allow 52 modifications of such material outside the IETF Standards Process. 53 Without obtaining an adequate license from the person(s) controlling 54 the copyright in such materials, this document may not be modified 55 outside the IETF Standards Process, and derivative works of it may 56 not be created outside the IETF Standards Process, except to format 57 it for publication as an RFC or to translate it into languages other 58 than English. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 3. Predicted Service AVPs . . . . . . . . . . . . . . . . . . . 3 65 3.1. Predicted-Service-Units . . . . . . . . . . . . . . . . . 3 66 3.2. Predicted-Service-Units-Series . . . . . . . . . . . . . 4 67 4. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 5 68 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 70 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 71 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 72 7.2. Informative References . . . . . . . . . . . . . . . . . 6 73 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 75 1. Introduction 77 When a User is authorized to use a service via Diameter applications 78 such as [RFC4006] or [RFC7155], the Client is not aware of the 79 average load placed upon it by the User. This can lead to overload 80 situations or Diameter Clients being too conservative and denying 81 services to valid Users even whose presence would not overload the 82 service. 84 Given virtualization and the use of many software based services the 85 service capacity varies on a service instance, i.e. Diameter Client, 86 basis. Even though the Diameter Client is the same softawre it will 87 vary in terms of the load it can accept. Thus, a Diameter Server 88 cannot depend upon consistent capacities of a Diameter Client. 90 This specification introduces the Predicted-Service-Units Attribute 91 Value Pair (AVP). This information conveys the predicted usage 92 introduced on the service by the authorized User. Such information 93 can be used by the Diameter Client to estimate future load and 94 proactively manage its resources. 96 Although this informaiton is conveyed from the Diameter Server to the 97 Client several system aspects are out of the scope of this document: 99 o How the Diameter Server acquired the information contained in the 100 Predicted-Service-Units AVP. 102 o How the values in the Predicted-Service-Units AVP were determined. 104 o The accuracy or validity of the values in the Predicted-Service- 105 Units AVP. 107 o Specific actions the Diameter Client should take when its service 108 functions are overloaded or are predicted to be overloaded based 109 upon the information provided by Predicted-Service-Units. 111 o Specific actions the Diameter Client takes to bring itself in/out 112 of service for new or existing Users. 114 When the value(s) or multiple types of Costs are provided they are 115 represented by the Time-Of-Day-Condition AVP defined in [RFC5777] and 116 contained in a Predicted-Service-Units-Series AVP. This AVP contains 117 one or more Predicted-Service-Units. Multiple Cost types, e.g. CC- 118 Total-Octets and CC-Time, may be represented in the same Predicted- 119 Service-Units entry and in the same Predicted-Service-Units-Series so 120 long as no overlapping times exist for the same Cost Type. 122 2. Terminology 124 In this document, the key words "MAY", "MUST", "MUST NOT", 125 "OPTIONAL", "RECOMMENDED", "SHOULD", and "SHOULD NOT", are to be 126 interpreted as described in [RFC2119]. 128 3. Predicted Service AVPs 130 3.1. Predicted-Service-Units 132 The Predicted-Service-Units AVP (AVP Code TBD1) is of type Grouped 133 and contains the amount of units that the Diameter Client can expect 134 to provide to the end user until the service must be released or the 135 new service authorizatoin request, e.g. Credit-Control-Request, must 136 be sent if a Granted-Service-Unit AVP [RFC4006] has been applied to 137 the user's service. A client is not required to implement all of the 138 unit types, and it MUST ignore unknown or unsupported unit types. 140 The Predicted-Service-Units AVP is defined as follows (per the 141 grouped- avp-def of [RFC6733]): 143 Predicted-Service-Units ::= < AVP Header: TBD1 > 144 [ CC-Time ] 145 [ CC-Money ] 146 [ CC-Total-Octets ] 147 [ CC-Input-Octets ] 148 [ CC-Output-Octets ] 149 [ CC-Service-Specific-Units ] 150 [ Time-Of-Day-Condition ] 151 *[ AVP ] 153 The Time-Of-Day-Condition AVP is defined in [RFC5777], all other AVPs 154 are defined in [RFC4006]. 156 The presence of this information is provided as anticipated load 157 information to the Diameter Client and is not intended to be 158 prescriptive in any manner regarding the user's service. 160 When the Time-Of-Day-Condition AVP is not present, the value(s) are 161 assumed to apply for the duration of the authorized session until 162 this value is updated as part of the Diameter application, e.g. a 163 Diameter Re-Auth-Request/Answer (RAR/RAA) message [RFC6733]. 165 3.2. Predicted-Service-Units-Series 167 The Predicted-Service-Units-Series AVP (AVP Code TBD2) is of type 168 Grouped, and contains one or more Predicted-Service-Units with non- 169 overlapping times for each specific Cost type. 171 A client is not required to implement all of the unit types, and it 172 MUST ingore unknown or unsupported unit types. 174 It is defined as follows (per the grouped-avp-def of [RFC6733]): 176 Predicted-Service-Units-Series ::= < AVP Header: TBD2 > 177 1*{ Predicted-Service-Units } 179 For each specific type of Cost, e.g. CC-Time, any two Predicted- 180 Service-Units values in the series MUST NOT contain overlapping time 181 windows specified in their Time-Of-Day-Condition values. When an 182 entry has no Time-Of-Day-Condition present it is assumed to apply at 183 all times. 185 4. Usage Examples 187 When Predicted-Service-Units are returned as part of an authorization 188 per [RFC7155] or [RFC4006], the client MAY use this information as 189 guidance on projected load the new user will generate on the service. 191 If the client supports/understnds the information provided in the 192 Predicted-Service-Units AVP, it can update its projected load. Based 193 upon this information it MAY take one or more of the following 194 actions (this is not exhaustive): 196 o Redirect any new service requests at the service / protocol level. 198 o Begin enforcing mechanisms to reduce the amount of service load on 199 a subset of services already established. 201 o Remove itself from any system that directs new service requests to 202 it. 204 o Initiate administrative functions to increase its capacity or 205 start the process of creating new intances to service future 206 requests. 208 5. IANA Considerations 210 IANA allocated AVP codes in the IANA-controlled namespace registry 211 specified in Section 11.1.1 of [RFC6733] for the following AVPs that 212 are defined in this document. 214 +--------------------------------+-------+---------------+----------+ 215 | AVP | AVP | Section | Data | 216 | | Code | Defined | Type | 217 +--------------------------------+-------+---------------+----------+ 218 | Predicted-Service-Units | TBD1 | Section 3.1 | GROUPED | 219 | Predicted-Service-Units-Series | TBD2 | Section 3.2 | GROUPED | 220 +--------------------------------+-------+---------------+----------+ 222 6. Security Considerations 224 The Diameter base protocol [RFC6733] requires that each Diameter 225 implementation use underlying security; i.e., TLS/TCP, DTLS/SCTP or 226 IPsec. These mechanisms are believed to provide sufficient 227 protection under the normal Internet threat model; that is, assuming 228 that the authorized nodes engaging in the protocol have not been 229 compromised, but that the attacker has complete control over the 230 communication channels between them. This includes eavesdropping, 231 message modification, insertion, and man-in-the-middle and replay 232 attacks. Note also that this application includes a mechanism for 233 application layer replay protection by means of the Session-Id from 234 [RFC6733]. In these environments, the use of TLS/TCP, DTLS/SCTP or 235 IPsec is sufficient. The details of TLS/TCP, DTLS/SCTP or IPsec 236 related security considerations are discussed in the [RFC6733]. 238 Because this application conveys past usage information (directly or 239 indirectly), it increases the interest for various security attacks. 240 Therefore, all parties communicating with each other MUST be 241 authenticated, including, for instance, TLS client-side 242 authentication. In addition, authorization of the client SHOULD be 243 emphasized; e.g., that the client is allowed to perform credit- 244 control for a certain user. The specific means of authorization are 245 outside of the scope of this specification but can be, for instance, 246 manual configuration. 248 The attributes provided by this solution MUST be assumed to be 249 privacy sensitive by both the client and server. 251 7. References 253 7.1. Normative References 255 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 256 Requirement Levels", BCP 14, RFC 2119, 257 DOI 10.17487/RFC2119, March 1997, 258 . 260 [RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. 261 Loughney, "Diameter Credit-Control Application", RFC 4006, 262 DOI 10.17487/RFC4006, August 2005, 263 . 265 [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., 266 Ed., and A. Lior, "Traffic Classification and Quality of 267 Service (QoS) Attributes for Diameter", RFC 5777, 268 DOI 10.17487/RFC5777, February 2010, 269 . 271 [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, 272 Ed., "Diameter Base Protocol", RFC 6733, 273 DOI 10.17487/RFC6733, October 2012, 274 . 276 7.2. Informative References 278 [RFC7155] Zorn, G., Ed., "Diameter Network Access Server 279 Application", RFC 7155, DOI 10.17487/RFC7155, April 2014, 280 . 282 Author's Address 284 Lyle Bertz 285 Sprint 286 6220 Sprint Parkway 287 Overland Park, KS 66251 288 United States 290 Email: lylebe551144@gmail.com