idnits 2.17.1 draft-ietf-anima-grasp-api-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (8 May 2020) is 1449 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-30) exists of draft-ietf-anima-autonomic-control-plane-24 == Outdated reference: A later version (-45) exists of draft-ietf-anima-bootstrapping-keyinfra-41 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. E. Carpenter 3 Internet-Draft Univ. of Auckland 4 Intended status: Informational B. Liu, Ed. 5 Expires: 9 November 2020 Huawei Technologies 6 W. Wang 7 X. Gong 8 BUPT University 9 8 May 2020 11 Generic Autonomic Signaling Protocol Application Program Interface 12 (GRASP API) 13 draft-ietf-anima-grasp-api-05 15 Abstract 17 This document is a conceptual outline of an application programming 18 interface (API) for the Generic Autonomic Signaling Protocol (GRASP). 19 Such an API is needed for Autonomic Service Agents (ASA) calling the 20 GRASP protocol module to exchange autonomic network messages with 21 other ASAs. Since GRASP is designed to support asynchronous 22 operations, the API will need to be adapted to the support for 23 asynchronicity in various languages and operating systems. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at https://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on 9 November 2020. 42 Copyright Notice 44 Copyright (c) 2020 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 49 license-info) in effect on the date of publication of this document. 50 Please review these documents carefully, as they describe your rights 51 and restrictions with respect to this document. Code Components 52 extracted from this document must include Simplified BSD License text 53 as described in Section 4.e of the Trust Legal Provisions and are 54 provided without warranty as described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. GRASP API for ASA . . . . . . . . . . . . . . . . . . . . . . 4 60 2.1. Design Principles . . . . . . . . . . . . . . . . . . . . 4 61 2.2. Asynchronous Operations . . . . . . . . . . . . . . . . . 5 62 2.3. API definition . . . . . . . . . . . . . . . . . . . . . 7 63 2.3.1. Parameters and data structures . . . . . . . . . . . 7 64 2.3.2. Registration . . . . . . . . . . . . . . . . . . . . 11 65 2.3.3. Discovery . . . . . . . . . . . . . . . . . . . . . . 13 66 2.3.4. Negotiation . . . . . . . . . . . . . . . . . . . . . 14 67 2.3.5. Synchronization and Flooding . . . . . . . . . . . . 19 68 2.3.6. Invalid Message Function . . . . . . . . . . . . . . 23 69 3. Implementation Status [RFC Editor: please remove] . . . . . . 24 70 4. Security Considerations . . . . . . . . . . . . . . . . . . . 24 71 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 72 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 73 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 74 7.1. Normative References . . . . . . . . . . . . . . . . . . 24 75 7.2. Informative References . . . . . . . . . . . . . . . . . 25 76 Appendix A. Error Codes . . . . . . . . . . . . . . . . . . . . 25 77 Appendix B. Change log [RFC Editor: Please remove] . . . . . . . 26 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 80 1. Introduction 82 As defined in [I-D.ietf-anima-reference-model], the Autonomic Service 83 Agent (ASA) is the atomic entity of an autonomic function, and it is 84 instantiated on autonomic nodes. When ASAs communicate with each 85 other, they should use the Generic Autonomic Signaling Protocol 86 (GRASP) [I-D.ietf-anima-grasp]. 88 As the following figure shows, a GRASP implementation could contain 89 two major sub-layers. The bottom is the GRASP base protocol module, 90 which is only responsible for sending and receiving GRASP messages 91 and maintaining shared data structures. The upper layer contains 92 some extended functions based upon GRASP basic protocol. For 93 example, [I-D.liu-anima-grasp-distribution] describes a possible 94 extended function. 96 It is desirable that ASAs can be designed as portable user-space 97 programs using a portable API. In many operating systems, the GRASP 98 module will therefore be split into two layers. The top layer is a 99 library that provides the API. The lower layer is a daemon that 100 contains GRASP core functions that are independent of specific ASAs, 101 such as multicast handling and relaying, and common data structures 102 such as the discovery cache. The GRASP API library would need to 103 communicate with the GRASP core via an inter-process communication 104 (IPC) mechanism. The details of this are system-dependent. 106 +----+ +----+ 107 |ASAs| |ASAs| 108 +----+ +----+ 109 | | 110 | GRASP Function API | 111 | | 112 +------------------+ |GRASP API 113 | GRASP Extended | | 114 | Function Modules | | 115 +------------------+ | 116 +------------------------------------------+ 117 | GRASP API Library | 118 | GRASP Modules - - - - - - - - - - - - - | 119 | GRASP Core (Daemon) | 120 +------------------------------------------+ 122 Both the GRASP library and the extended function modules should be 123 available to the ASAs. Thus, there need to be two sub-sets of API. 124 However, since the extended functions are expected to be added in an 125 incremental manner, it is inappropriate to define all the function 126 APIs in a single document. This document only describes the basic 127 GRASP API. 129 Note that a very simple autonomic node might contain only a single 130 ASA in addition to the autonomic infrastructure components described 131 in [I-D.ietf-anima-bootstrapping-keyinfra] and 132 [I-D.ietf-anima-autonomic-control-plane]. Such a node might directly 133 integrate GRASP in its autonomic code and therefore not require this 134 API to be installed. 136 This document gives a conceptual outline of the API. It is not a 137 formal specification for any particular programming language or 138 operating system, and it is expected that details will be clarified 139 in individual implementations. 141 2. GRASP API for ASA 143 2.1. Design Principles 145 The assumption of this document is that any Autonomic Service Agent 146 (ASA) needs to call a GRASP module that handles protocol details 147 (security, sending and listening for GRASP messages, waiting, caching 148 discovery results, negotiation looping, sending and receiving 149 sychronization data, etc.) but understands nothing about individual 150 objectives. The semantics of objectives are unknown to the GRASP 151 module and are handled only by the ASAs. Thus, this is a high level 152 abstract API for use by ASAs. Individual language bindings should be 153 defined in separate documents. 155 An assumption of this API is that ASAs may fall into various classes: 157 * ASAs that only use GRASP for discovery purposes. 159 * ASAs that use GRASP negotiation but only as an initiator (client). 161 * ASAs that use GRASP negotiation but only as a responder. 163 * ASAs that use GRASP negotiation as an initiator or responder. 165 * ASAs that use GRASP synchronization but only as an initiator 166 (recipient). 168 * ASAs that use GRASP synchronization but only as a responder and/or 169 flooder. 171 * ASAs that use GRASP synchronization as an initiator, responder 172 and/or flooder. 174 The API also assumes that one ASA may support multiple objectives. 175 Nothing prevents an ASA from supporting some objectives for 176 synchronization and others for negotiation. 178 The API design assumes that the operating system and programming 179 language provide a mechanism for simultaneous asynchronous 180 operations. This is discussed in detail in Section 2.2. 182 The functions provided by the API do not map one-to-one onto GRASP 183 messages. Rather, they are intended to offer convenient support for 184 message sequences (such as a discovery request followed by responses 185 from several peers, or a negotiation request followed by various 186 possible responses). 188 A few items are out of scope in this version, since practical 189 experience is required before including them: 191 * Authorization of ASAs is out of scope. 193 * User-supplied explicit locators for an objective are not 194 supported. 196 * The Rapid mode of GRASP is not supported. 198 2.2. Asynchronous Operations 200 GRASP includes asynchronous operations and wait states, and its 201 messages are not idempotent, i.e. they may cause incremental changes 202 of state in the recipient ASA. Most ASAs will need to support 203 several simultaneous operations; for example an ASA might need to 204 negotiate one objective with a peer while discovering and 205 synchronizing a different objective with a different peer. 206 Alternatively, an ASA which acts as a resource manager might need to 207 run simultaneous negotiations for a given objective with multiple 208 different peers. Such an ASA must support atomic access to its 209 internal data structures, for example using operating system locks. 211 Thus, both the GRASP core and most ASAs need to support asynchronous 212 operations. Depending on both the operating system and the 213 programming language in use, there are three main techniques for such 214 parallel operations: multi-threading, an event loop structure using 215 polling, and an event loop structure using callback functions. 217 1. In multi-threading, the operating system and language will 218 provide the necessary support for asynchronous operations, 219 including creation of new threads, context switching between 220 threads, queues, locks, and implicit wait states. In this case, 221 all API calls can be treated naturally as synchronous, even if 222 they include wait states, blocking and queueing. Simultaneous 223 operations will each run in their own threads. For example, the 224 discover() call may not return until discovery results have 225 arrived or a timeout has occurred. If the ASA has other work to 226 do, the discover() call must be in a thread of its own. 228 2. In an event loop implementation with polling, blocking calls are 229 not acceptable. Therefore all calls must be non-blocking, and 230 the main loop could support multiple GRASP sessions in parallel 231 by repeatedly polling each one for a change of state. To 232 facilitate this, the API implementation would provide non- 233 blocking versions of all the functions that otherwise involve 234 blocking and queueing. In these calls, a 'noReply' code will be 235 returned by each call instead of blocking, until such time as the 236 event for which it is waiting (or a failure) has occurred. Thus, 237 for example, discover() would return 'noReply' instead of waiting 238 until discovery has succeeded or timed out. The discover() call 239 would be repeated in every cycle of the main loop until it 240 completes. Effectively, it becomes a polling call. 242 3. In an event loop implementation with callbacks, the ASA 243 programmer would provide a callback function for each 244 asynchronous operation, e.g. discovery_received(). This would be 245 called asynchronously when a reply is received or a failure such 246 as a timeout occurs. 248 The following calls involve waiting for a remote operation, so they 249 could use a polling or callback mechanism. In a threaded mechanism, 250 they will usually require to be called in a separate thread: 252 discover() whose callback would be discovery_received(). 254 request_negotiate() whose callback would be 255 negotiate_step_received(). 257 negotiate_step() whose callback would be 258 negotiate_step_received(). 260 listen_negotiate() whose callback would be 261 negotiate_step_received(). 263 synchronize() whose callback would be synchronization_received(). 265 There is nothing in the design of GRASP to prevent the following 266 scenario. Consider an ASA "A" that acts as a resource allocator for 267 some objective. An ASA "B" launches a negotiation with "A" to obtain 268 or release a quantity of the resource. While this negotatition is 269 under way, "B" chooses to launch a second simultaneous negotiation 270 with "A" for a different quantity of the same resource. "A" must 271 therefore conduct two separate negotiation sessions at the same time 272 with the same peer, and must not mix them up. 274 Note that ASAs could be designed to avoid such a scenario, i.e. 275 restricted to exactly one negotiation session at a time for a given 276 objective, but this would be a voluntary restriction not required by 277 the GRASP protocol. In fact it is an assumption of GRASP that an ASA 278 managing a resource may need to conduct multiple parallel 279 negotiations, possibly with the same peer. Therefore, the API design 280 allows for such scenarios. 282 In the callback model, for the scenario just described, the ASAs "A" 283 and "B" will each provide two instances of negotiate_step_received(), 284 one for each session. For this reason, each ASA must be able to 285 distinguish the two sessions, and the peer's IP address is not 286 sufficient for this. It is also not safe to rely on transport port 287 numbers for this, since future variants of GRASP might use shared 288 ports rather than a separate port per session. This is why the GRASP 289 design includes a session identifier. Thus, when necessary, a 290 'session_nonce' parameter is used in the API to distinguish 291 simultaneous GRASP sessions from each other, so that any number of 292 sessions may proceed asynchronously in parallel. 294 In calls where it is used, the 'session_nonce' is an opaque read/ 295 write parameter. On the first call, it is set to a null value, and 296 the API returns a non-null 'session_nonce' value based on the GRASP 297 session identifier. This value must be used in all subsequent calls 298 for the same session, and will be provided as a parameter in the 299 callback functions. By this mechanism, multiple overlapping sessions 300 can be distinguished, both in the ASA and in the GRASP core. The 301 value of the 'session_nonce" is opaque to the ASA. 303 An additional mechanism that might increase efficiency for polling 304 implementations is to add a general call, say notify(), which would 305 check the status of all outstanding operations for the calling ASA 306 and return the session_nonce values for all sessions that have 307 changed state. This would eliminate the need for repeated calls to 308 the individual functions returning a 'noReply'. This call is not 309 described below as the details are likely to be implementation- 310 specific. 312 An implication of the above for all GRASP implementations is that the 313 GRASP core must keep state for each GRASP operation in progress, most 314 likely keyed by the GRASP Session ID and the GRASP source address of 315 the session initiator. Even in a threaded implementation, the GRASP 316 core will need such state internally. The session_nonce parameter 317 exposes this aspect of the implementation. 319 2.3. API definition 321 2.3.1. Parameters and data structures 323 This section describes parameters and data structures used in 324 multiple API calls. 326 2.3.1.1. Errorcode 328 All functions in the API have an unsigned 'errorcode' integer as 329 their return value (the first returned value in languages that allow 330 multiple returned parameters). An errorcode of zero indicates 331 success. Any other value indicates failure of some kind. The first 332 three errorcodes have special importance: 334 1. Declined: used to indicate that the other end has sent a GRASP 335 Negotiation End message (M_END) with a Decline option 336 (O_DECLINE). 338 2. No reply: used in non-blocking calls to indicate that the other 339 end has sent no reply so far (see Section 2.2). 341 3. Unspecified error: used when no more specific error code applies. 343 Appendix A gives a full list of currently suggested error codes, 344 based on implementation experience. While there is no absolute 345 requirement for all implementations to use the same error codes, this 346 is highly recommended for portability of applications. 348 2.3.1.2. Timeout 350 Wherever a 'timeout' parameter appears, it is an integer expressed in 351 milliseconds. If it is zero, the GRASP default timeout 352 (GRASP_DEF_TIMEOUT, see [I-D.ietf-anima-grasp]) will apply. If no 353 response is received before the timeout expires, the call will fail 354 unless otherwise noted. 356 2.3.1.3. Objective 358 An 'objective' parameter is a data structure with the following 359 components: 361 * name (UTF-8 string) - the objective's name 363 * neg (Boolean flag) - True if objective supports negotiation 364 (default False) 366 * synch (Boolean flag) - True if objective supports synchronization 367 (default False) 369 * dry (Boolean flag) - True if objective supports dry-run 370 negotiation (default False) 372 - Note 1: All objectives are assumed to support discovery, so 373 there is no Boolean for that. 375 - Note 2: Only one of 'synch' or 'neg' may be True. 377 - Note 3: 'dry' must not be True unless 'neg' is also True. 379 - Note 4: In a language such as C the preferred implementation 380 may be to represent the Boolean flags as bits in a single byte. 382 * loop_count (integer) - Limit on negotiation steps etc. (default 383 GRASP_DEF_LOOPCT, see [I-D.ietf-anima-grasp]) 385 * value - a specific data structure expressing the value of the 386 objective. The format is language dependent, with the constraint 387 that it can be validly represented in CBOR (default integer = 0). 389 An essential requirement for all language mappings and all 390 implementations is that, regardless of what other options exist 391 for a language-specific represenation of the value, there is 392 always an option to use a CBOR byte string as the value. The API 393 will then wrap this byte string in CBOR Tag 24 for transmission 394 via GRASP, and unwrap it after reception. 396 An example data structure definition for an objective in the C 397 language, assuming the use of a particular CBOR library, is: 399 typedef struct { 400 char *name; 401 uint8_t flags; // flag bits as defined by GRASP 402 int loop_count; 403 int value_size; // size of value in bytes 404 cbor_mutable_data cbor_value; 405 // CBOR bytestring (libcbor/cbor/data.h) 406 } objective; 408 An example data structure definition for an objective in the 409 Python language is: 411 class objective: 412 """A GRASP objective""" 413 def __init__(self, name): 414 self.name = name # Unique name (string) 415 self.negotiate = False # True if objective supports negotiation 416 self.dryrun = False # True if objective supports dry-run neg. 417 self.synch = False # True if objective supports synch 418 self.loop_count = GRASP_DEF_LOOPCT # Default starting value 419 self.value = 0 # Place holder; any valid Python object 421 2.3.1.4. ASA_locator 423 An 'ASA_locator' parameter is a data structure with the following 424 contents: 426 * locator - The actual locator, either an IP address or an ASCII 427 string. 429 * ifi (integer) - The interface identifier index via which this was 430 discovered - probably no use to a normal ASA 432 * expire (system dependent type) - The time on the local system 433 clock when this locator will expire from the cache 435 * is_ipaddress (Boolean) - True if the locator is an IP address 437 * is_fqdn (Boolean) - True if the locator is an FQDN 439 * is_uri (Boolean) - True if the locator is a URI 441 * diverted (Boolean) - True if the locator was discovered via a 442 Divert option 444 * protocol (integer) - Applicable transport protocol (IPPROTO_TCP or 445 IPPROTO_UDP) 447 * port (integer) - Applicable port number 449 2.3.1.5. Tagged_objective 451 A 'tagged_objective' parameter is a data structure with the following 452 contents: 454 * objective - An objective 456 * locator - The ASA_locator associated with the objective, or a null 457 value. 459 2.3.1.6. Asa_nonce 461 Although an authentication and authorization scheme for ASAs has not 462 been defined, the API provides a very simple hook for such a scheme. 463 When an ASA starts up, it registers itself with the GRASP core, which 464 provides it with an opaque nonce that, although not cryptographically 465 protected, would be difficult for a third party to predict. The ASA 466 must present this nonce in future calls. This mechanism will prevent 467 some elementary errors or trivial attacks such as an ASA manipulating 468 an objective it has not registered to use. 470 Thus, in most calls, an 'asa_nonce' parameter is required. It is 471 generated when an ASA first registers with GRASP, and the ASA must 472 then store the asa_nonce and use it in every subsequent GRASP call. 473 Any call in which an invalid nonce is presented will fail. It is an 474 up to 32-bit opaque value (for example represented as a uint32_t, 475 depending on the language). It should be unpredictable; a possible 476 implementation is to use the same mechanism that GRASP uses to 477 generate Session IDs [I-D.ietf-anima-grasp]. Another possible 478 implementation is to hash the name of the ASA with a locally defined 479 secret key. 481 2.3.1.7. Session_nonce 483 In some calls, a 'session_nonce' parameter is required. This is an 484 opaque data structure as far as the ASA is concerned, used to 485 identify calls to the API as belonging to a specific GRASP session 486 (see Section 2.2). In fully threaded implementations this parameter 487 might not be needed, but it is included to act as a session handle if 488 necessary. It will also allow GRASP to detect and ignore malicious 489 calls or calls from timed-out sessions. A possible implementation is 490 to form the nonce from the underlying GRASP Session ID and the source 491 address of the session. 493 2.3.2. Registration 495 These functions are used to register an ASA and the objectives that 496 it supports with the GRASP module. If an authorization model is 497 added to GRASP, it would also be added at this point in the API. 499 * register_asa() 501 - Input parameter: 503 name of the ASA (UTF-8 string) 505 - Return parameters: 507 errorcode (integer) 509 asa_nonce (integer) (if successful) 511 - This initialises state in the GRASP module for the calling 512 entity (the ASA). In the case of success, an 'asa_nonce' is 513 returned which the ASA must present in all subsequent calls. 514 In the case of failure, the ASA has not been authorized and 515 cannot operate. 517 * deregister_asa() 518 - Input parameters: 520 asa_nonce (integer) 522 name of the ASA (UTF-8 string) 524 - Return parameter: 526 errorcode (integer) 528 - This removes all state in the GRASP module for the calling 529 entity (the ASA), and deregisters any objectives it has 530 registered. Note that these actions must also happen 531 automatically if an ASA crashes. 533 - Note - the ASA name is strictly speaking redundant in this 534 call, but is present for clarity. 536 * register_objective() 538 - Input parameters: 540 asa_nonce (integer) 542 objective (structure) 544 ttl (integer - default GRASP_DEF_TIMEOUT) 546 discoverable (Boolean - default False) 548 overlap (Boolean - default False) 550 local (Boolean - default False) 552 - Return parameter: 554 errorcode (integer) 556 - This registers an objective that this ASA supports and may 557 modify. The 'objective' becomes a candidate for discovery. 558 However, discovery responses should not be enabled until the 559 ASA calls listen_negotiate() or listen_synchronize(), showing 560 that it is able to act as a responder. The ASA may negotiate 561 the objective or send synchronization or flood data. 562 Registration is not needed if the ASA only wants to receive 563 synchronization or flood data for the objective concerned. 565 - The 'ttl' parameter is the valid lifetime (time to live) in 566 milliseconds of any discovery response for this objective. The 567 default value should be the GRASP default timeout 568 (GRASP_DEF_TIMEOUT, see [I-D.ietf-anima-grasp]). 570 - If the parameter 'discoverable' is True, the objective is 571 immediately discoverable. This is intended for objectives that 572 are only defined for GRASP discovery, and which do not support 573 negotiation or synchronization. 575 - If the parameter 'overlap' is True, more than one ASA may 576 register this objective in the same GRASP instance. 578 - If the parameter 'local' is True, discovery must return a link- 579 local address. This feature is for objectives that must be 580 restricted to the local link. 582 - This call may be repeated for multiple objectives. 584 * deregister_objective() 586 - Input parameters: 588 asa_nonce (integer) 590 objective (structure) 592 - Return parameter: 594 errorcode (integer) 596 - The 'objective' must have been registered by the calling ASA; 597 if not, this call fails. Otherwise, it removes all state in 598 the GRASP module for the given objective. 600 2.3.3. Discovery 602 * discover() 604 - Input parameters: 606 asa_nonce (integer) 608 objective (structure) 610 timeout (integer) 612 age_limit (integer) 614 - Return parameters: 616 errorcode (integer) 618 locator_list (structure) 620 - This returns a list of discovered 'ASA_locator's for the given 621 objective. Note that this structure includes all the fields 622 described in Section 2.3.1.4. 624 - If the parameter 'age_limit' is greater than zero, any locally 625 cached locators for the objective whose remaining lifetime in 626 milliseconds is less than or equal to 'age_limit' are deleted 627 first. Thus 'age_limit' = 0 will flush all entries. 629 - If the parameter 'timeout' is zero, any remaining locally 630 cached locators for the objective are returned immediately and 631 no other action is taken. (Thus, a call with 'age_limit' and 632 'timeout' both equal to zero is pointless.) 634 - If the parameter 'timeout' is greater than zero, GRASP 635 discovery is performed, and all results obtained before the 636 timeout in milliseconds expires are returned. If no results 637 are obtained, an empty list is returned after the timeout. 638 That is not an error condition. 640 - Threaded implementation: This should be called in a separate 641 thread if asynchronous operation is required. 643 - Event loop implementation: An additional read/write 644 'session_nonce' parameter is used. A callback may be used in 645 the case of a non-zero tiemout. 647 2.3.4. Negotiation 649 * request_negotiate() 651 - Input parameters: 653 asa_nonce (integer) 655 objective (structure) 657 peer (ASA_locator) 659 timeout (integer) 661 - Return parameters: 663 errorcode (integer) 665 session_nonce (structure) (if successful) 667 proffered_objective (structure) (if successful) 669 reason (string) (if negotiation declined) 671 - This function opens a negotiation session. The 'objective' 672 parameter must include the requested value, and its loop count 673 should be set to a suitable value by the ASA. If not, the 674 GRASP default will apply. 676 - Note that a given negotiation session may or may not be a dry- 677 run negotiation; the two modes must not be mixed in a single 678 session. 680 - The 'peer' parameter is the target node; it must be an 681 'ASA_locator' as returned by discover(). If the peer is null, 682 GRASP discovery is performed first. 684 - If the 'errorcode' return parameter is 0, the negotiation has 685 successfully started. There are then two cases: 687 1. The 'session_nonce' parameter is null. In this case the 688 negotiation has succeeded (the peer has accepted the 689 request). The returned 'proffered_objective' contains the 690 value accepted by the peer. 692 2. The 'session_nonce' parameter is not null. In this case 693 negotiation must continue. The returned 694 'proffered_objective' contains the first value proffered by 695 the negotiation peer. Note that this instance of the 696 objective must be used in the subsequent negotiation call 697 because it also contains the current loop count. The 698 'session_nonce' must be presented in all subsequent 699 negotiation steps. 701 This function must be followed by calls to 'negotiate_step' 702 and/or 'negotiate_wait' and/or 'end_negotiate' until the 703 negotiation ends. 'request_negotiate' may then be called 704 again to start a new negotation. 706 - If the 'errorcode' parameter has the value 1 ('declined'), the 707 negotiation has been declined by the peer (M_END and O_DECLINE 708 features of GRASP). The 'reason' string is then available for 709 information and diagnostic use, but it may be a null string. 710 For this and any other error code, an exponential backoff is 711 recommended before any retry. 713 - Threaded implementation: This should be called in a separate 714 thread if asynchronous operation is required. 716 - Event loop implementation: The 'session_nonce' parameter is 717 used in read/write mode. 719 - Use of dry run mode: This must be consistent within a GRASP 720 session. The state of the 'dry' flag in the initial 721 request_negotiate() call must be the same in all subsequent 722 negotiation steps of the same session. The semantics of the 723 dry run mode are built into the ASA; GRASP merely carries the 724 flag bit. 726 - Special note for the ACP infrastructure ASA: It is likely that 727 this ASA will need to discover and negotiate with its peers in 728 each of its on-link neighbors. It will therefore need to know 729 not only the link-local IP address but also the physical 730 interface and transport port for connecting to each neighbor. 731 One implementation approach to this is to include these details 732 in the 'session_nonce' data structure, which is opaque to 733 normal ASAs. 735 * listen_negotiate() 737 - Input parameters: 739 asa_nonce (integer) 741 objective (structure) 743 - Return parameters: 745 errorcode (integer) 747 session_nonce (structure) (if successful) 749 requested_objective (structure) (if successful) 751 - This function instructs GRASP to listen for negotiation 752 requests for the given 'objective'. It also enables discovery 753 responses for the objective. 755 - Threaded implementation: It will block waiting for an incoming 756 request, so should be called in a separate thread if 757 asynchronous operation is required. If the ASA supports 758 multiple simultaneous transactions, a new thread must be 759 spawned for each new session. 761 - Event loop implementation: A read/write 'session_nonce' 762 parameter is used. If the ASA supports multiple simultaneous 763 transactions, a new event must be inserted in the event loop 764 for each new session. 766 - Unless there is an unexpected failure, this call only returns 767 after an incoming negotiation request. When it does so, 768 'requested_objective' contains the first value requested by the 769 negotiation peer. Note that this instance of the objective 770 must be used in the subsequent negotiation call because it also 771 contains the current loop count. The 'session_nonce' must be 772 presented in all subsequent negotiation steps. 774 - This function must be followed by calls to 'negotiate_step' 775 and/or 'negotiate_wait' and/or 'end_negotiate' until the 776 negotiation ends. 'listen_negotiate' may then be called again 777 to await a new negotation. 779 - If an ASA is capable of handling multiple negotiations 780 simultaneously, it may call 'listen_negotiate' simultaneously 781 from multiple threads. The API and GRASP implementation must 782 support re-entrant use of the listening state and the 783 negotiation calls. Simultaneous sessions will be distinguished 784 by the threads themselves, the GRASP Session IDs, and the 785 underlying unicast transport sockets. 787 * stop_listen_negotiate() 789 - Input parameters: 791 asa_nonce (integer) 793 objective (structure) 795 - Return parameter: 797 errorcode (integer) 799 - Instructs GRASP to stop listening for negotiation requests for 800 the given objective, i.e., cancels 'listen_negotiate'. 802 - Threaded implementation: Must be called from a different thread 803 than 'listen_negotiate'. 805 - Event loop implementation: no special considerations. 807 * negotiate_step() 809 - Input parameters: 811 asa_nonce (integer) 813 session_nonce (structure) 815 objective (structure) 817 timeout (integer) 819 - Return parameters: 821 Exactly as for 'request_negotiate' 823 - Executes the next negotation step with the peer. The 824 'objective' parameter contains the next value being proffered 825 by the ASA in this step. 827 - Threaded implementation: Called in the same thread as the 828 preceding 'request_negotiate' or 'listen_negotiate', with the 829 same value of 'session_nonce'. 831 - Event loop implementation: Must use the same value of 832 'session_nonce' returned by the preceding 'request_negotiate' 833 or 'listen_negotiate'. 835 * negotiate_wait() 837 - Input parameters: 839 asa_nonce (integer) 841 session_nonce (structure) 843 timeout (integer) 845 - Return parameters: 847 errorcode (integer) 849 - Delay negotiation session by 'timeout' milliseconds, thereby 850 extending the original timeout. This function simply triggers 851 a GRASP Confirm Waiting message. 853 - Threaded implementation: Called in the same thread as the 854 preceding 'request_negotiate' or 'listen_negotiate', with the 855 same value of 'session_nonce'. 857 - Event loop implementation: Must use the same value of 858 'session_nonce' returned by the preceding 'request_negotiate' 859 or 'listen_negotiate'. 861 * end_negotiate() 863 - Input parameters: 865 asa_nonce (integer) 867 session_nonce (structure) 869 reply (Boolean) 871 reason (UTF-8 string) 873 - Return parameters: 875 errorcode (integer) 877 - End the negotiation session. 879 'reply' = True for accept (successful negotiation), False for 880 decline (failed negotiation). 882 'reason' = optional string describing reason for decline. 884 - Threaded implementation: Called in the same thread as the 885 preceding 'request_negotiate' or 'listen_negotiate', with the 886 same value of 'session_nonce'. 888 - Event loop implementation: Must use the same value of 889 'session_nonce' returned by the preceding 'request_negotiate' 890 or 'listen_negotiate'. 892 2.3.5. Synchronization and Flooding 894 * synchronize() 896 - Input parameters: 898 asa_nonce (integer) 900 objective (structure) 902 peer (ASA_locator) 904 timeout (integer) 906 - Return parameters: 908 errorcode (integer) 910 objective (structure) (if successful) 912 - This call requests the synchronized value of the given 913 'objective'. 915 - Since this is essentially a read operation, any ASA can do it. 916 Therefore the API checks that the ASA is registered but the 917 objective doesn't need to be registered by the calling ASA. 919 - If the objective was already flooded, the flooded value is 920 returned immediately in the 'result' parameter. In this case, 921 the 'source' and 'timeout' are ignored. 923 - Otherwise, synchronization with a discovered ASA is performed. 924 The 'peer' parameter is an 'ASA_locator' as returned by 925 discover(). If 'peer' is null, GRASP discovery is performed 926 first. 928 - This call should be repeated whenever the latest value is 929 needed. 931 - Threaded implementation: Call in a separate thread if 932 asynchronous operation is required. 934 - Event loop implementation: An additional read/write 935 'session_nonce' parameter is used. 937 - Since this is essentially a read operation, any ASA can use it. 938 Therefore GRASP checks that the calling ASA is registered but 939 the objective doesn't need to be registered by the calling ASA. 941 - In the case of failure, an exponential backoff is recommended 942 before retrying. 944 * listen_synchronize() 945 - Input parameters: 947 asa_nonce (integer) 949 objective (structure) 951 - Return parameters: 953 errorcode (integer) 955 - This instructs GRASP to listen for synchronization requests for 956 the given objective, and to respond with the value given in the 957 'objective' parameter. It also enables discovery responses for 958 the objective. 960 - This call is non-blocking and may be repeated whenever the 961 value changes. 963 * stop_listen_synchronize() 965 - Input parameters: 967 asa_nonce (integer) 969 objective (structure) 971 - Return parameters: 973 errorcode (integer) 975 - This call instructs GRASP to stop listening for synchronization 976 requests for the given 'objective', i.e. it cancels a previous 977 listen_synchronize. 979 * flood() 981 - Input parameters: 983 asa_nonce (integer) 985 ttl (integer) 987 tagged_objective_list (structure) 989 - Return parameters: 991 errorcode (integer) 993 - This call instructs GRASP to flood the given synchronization 994 objective(s) and their value(s) and associated locator(s) to 995 all GRASP nodes. 997 - The 'ttl' parameter is the valid lifetime (time to live) of the 998 flooded data in milliseconds (0 = infinity) 1000 - The 'tagged_objective_list' parameter is a list of one or more 1001 'tagged_objective' couplets. The 'locator' parameter that tags 1002 each objective is normally null but may be a valid 1003 'ASA_locator'. Infrastructure ASAs needing to flood an 1004 {address, protocol, port} 3-tuple with an objective create an 1005 ASA_locator object to do so. If the IP address in that locator 1006 is the unspecified address ('::') it is replaced by the link- 1007 local address of the sending node in each copy of the flood 1008 multicast, which will be forced to have a loop count of 1. 1009 This feature is for objectives that must be restricted to the 1010 local link. 1012 - The function checks that the ASA registered each objective. 1014 - This call may be repeated whenever any value changes. 1016 * get_flood() 1018 - Input parameters: 1020 asa_nonce (integer) 1022 objective (structure) 1024 - Return parameters: 1026 errorcode (integer) 1028 tagged_objective_list (structure) (if successful) 1030 - This call instructs GRASP to return the given synchronization 1031 objective if it has been flooded and its lifetime has not 1032 expired. 1034 - Since this is essentially a read operation, any ASA can do it. 1035 Therefore the API checks that the ASA is registered but the 1036 objective doesn't need to be registered by the calling ASA. 1038 - The 'tagged_objective_list' parameter is a list of 1039 'tagged_objective' couplets, each one being a copy of the 1040 flooded objective and a coresponding locator. Thus if the same 1041 objective has been flooded by multiple ASAs, the recipient can 1042 distinguish the copies. 1044 - Note that this call is for advanced ASAs. In a simple case, an 1045 ASA can simply call synchronize() in order to get a valid 1046 flooded objective. 1048 * expire_flood() 1050 - Input parameters: 1052 asa_nonce (integer) 1054 tagged_objective (structure) 1056 - Return parameters: 1058 errorcode (integer) 1060 - This is a call that can only be used after a preceding call to 1061 get_flood() by an ASA that is capable of deciding that the 1062 flooded value is stale or invalid. Use with care. 1064 - The 'tagged_objective' parameter is the one to be expired. 1066 2.3.6. Invalid Message Function 1068 * send_invalid() 1070 - Input parameters: 1072 asa_nonce (integer) 1074 session_nonce (structure) 1076 info (bytes) 1078 - Return parameters: 1080 errorcode (integer) 1082 - Sends a GRASP Invalid Message (M_INVALID) message, as described 1083 in [I-D.ietf-anima-grasp]. Should not be used if 1084 end_negotiate() would be sufficient. Note that this message 1085 may be used in response to any unicast GRASP message that the 1086 receiver cannot interpret correctly. In most cases this 1087 message will be generated internally by a GRASP implementation. 1089 'info' = optional diagnostic data. May be raw bytes from the 1090 invalid message. 1092 3. Implementation Status [RFC Editor: please remove] 1094 A prototype open source Python implementation of GRASP, including an 1095 API similar to this document, has been used to verify the concepts 1096 for the threaded model. It may be found at 1097 https://github.com/becarpenter/graspy with associated documentation 1098 and demonstration ASAs. 1100 4. Security Considerations 1102 Security issues for the GRASP protocol are discussed in 1103 [I-D.ietf-anima-grasp]. Authorization of ASAs is a subject for 1104 future study. 1106 The 'asa_nonce' parameter is used in the API as a first line of 1107 defence against a malware process attempting to imitate a 1108 legitimately registered ASA. The 'session_nonce' parameter is used 1109 in the API as a first line of defence against a malware process 1110 attempting to hijack a GRASP session. 1112 5. IANA Considerations 1114 This document makes no request of the IANA. 1116 6. Acknowledgements 1118 Excellent suggestions were made by Ignas Bagdonas, Toerless Eckert, 1119 Guangpeng Li, Michael Richardson, and other participants in the ANIMA 1120 WG. 1122 7. References 1124 7.1. Normative References 1126 [I-D.ietf-anima-grasp] 1127 Bormann, C., Carpenter, B., and B. Liu, "A Generic 1128 Autonomic Signaling Protocol (GRASP)", Work in Progress, 1129 Internet-Draft, draft-ietf-anima-grasp-15, 13 July 2017, 1130 . 1132 7.2. Informative References 1134 [I-D.ietf-anima-autonomic-control-plane] 1135 Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic 1136 Control Plane (ACP)", Work in Progress, Internet-Draft, 1137 draft-ietf-anima-autonomic-control-plane-24, 9 March 2020, 1138 . 1141 [I-D.ietf-anima-bootstrapping-keyinfra] 1142 Pritikin, M., Richardson, M., Eckert, T., Behringer, M., 1143 and K. Watsen, "Bootstrapping Remote Secure Key 1144 Infrastructures (BRSKI)", Work in Progress, Internet- 1145 Draft, draft-ietf-anima-bootstrapping-keyinfra-41, 8 April 1146 2020, . 1149 [I-D.ietf-anima-reference-model] 1150 Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., 1151 and J. Nobre, "A Reference Model for Autonomic 1152 Networking", Work in Progress, Internet-Draft, draft-ietf- 1153 anima-reference-model-10, 22 November 2018, 1154 . 1157 [I-D.liu-anima-grasp-distribution] 1158 Liu, B., Xiao, X., Hecker, A., Jiang, S., and Z. 1159 Despotovic, "Information Distribution in Autonomic 1160 Networking", Work in Progress, Internet-Draft, draft-liu- 1161 anima-grasp-distribution-13, 12 December 2019, 1162 . 1165 Appendix A. Error Codes 1167 This Appendix lists the error codes defined so far, with suggested 1168 symbolic names and corresponding descriptive strings in English. It 1169 is expected that complete API implementations will provide for 1170 localisation of these descriptive strings, and that additional error 1171 codes will be needed according to implementation details. 1173 ok 0 "OK" 1174 declined 1 "Declined" 1175 noReply 2 "No reply" 1176 unspec 3 "Unspecified error" 1177 ASAfull 4 "ASA registry full" 1178 dupASA 5 "Duplicate ASA name" 1179 noASA 6 "ASA not registered" 1180 notYourASA 7 "ASA registered but not by you" 1181 notBoth 8 "Objective cannot support both negotiation 1182 and synchronization" 1183 notDry 9 "Dry-run allowed only with negotiation" 1184 notOverlap 10 "Overlap not supported by this implementation" 1185 objFull 11 "Objective registry full" 1186 objReg 12 "Objective already registered" 1187 notYourObj 13 "Objective not registered by this ASA" 1188 notObj 14 "Objective not found" 1189 notNeg 15 "Objective not negotiable" 1190 noSecurity 16 "No security" 1191 noDiscReply 17 "No reply to discovery" 1192 sockErrNegRq 18 "Socket error sending negotiation request" 1193 noSession 19 "No session" 1194 noSocket 20 "No socket" 1195 loopExhausted 21 "Loop count exhausted" 1196 sockErrNegStep 22 "Socket error sending negotiation step" 1197 noPeer 23 "No negotiation peer" 1198 CBORfail 24 "CBOR decode failure" 1199 invalidNeg 25 "Invalid Negotiate message" 1200 invalidEnd 26 "Invalid end message" 1201 noNegReply 27 "No reply to negotiation step" 1202 noValidStep 28 "No valid reply to negotiation step" 1203 sockErrWait 29 "Socket error sending wait message" 1204 sockErrEnd 30 "Socket error sending end message" 1205 IDclash 31 "Incoming request Session ID clash" 1206 notSynch 32 "Not a synchronization objective" 1207 notFloodDisc 33 "Not flooded and no reply to discovery" 1208 sockErrSynRq 34 "Socket error sending synch request" 1209 noListener 35 "No synch listener" 1210 noSynchReply 36 "No reply to synchronization request" 1211 noValidSynch 37 "No valid reply to synchronization request" 1212 invalidLoc 38 "Invalid locator" 1214 Appendix B. Change log [RFC Editor: Please remove] 1216 draft-ietf-anima-grasp-api-05, 2020-05-08: 1218 * Converted to xml2rfc v3 1220 * Editorial fixes. 1222 draft-ietf-anima-grasp-api-04, 2019-10-07: 1224 * Improved discussion of layering, mentioned daemon. 1226 * Added callbacks and improved description of asynchronous 1227 operations. 1229 * Described use case for 'session_nonce'. 1231 * More explanation of 'asa_nonce'. 1233 * Change 'discover' to use 'age_limit' instead of 'flush'. 1235 * Clarified use of 'dry run'. 1237 * Editorial improvements. 1239 draft-ietf-anima-grasp-api-03, 2019-01-21: 1241 * Replaced empty "logic flows" section by "implementation status". 1243 * Minor clarifications. 1245 * Editorial improvements. 1247 draft-ietf-anima-grasp-api-02, 2018-06-30: 1249 * Additional suggestion for event-loop API. 1251 * Discussion of error code values. 1253 draft-ietf-anima-grasp-api-01, 2018-03-03: 1255 * Editorial updates 1257 draft-ietf-anima-grasp-api-00, 2017-12-23: 1259 * WG adoption 1261 * Editorial improvements. 1263 draft-liu-anima-grasp-api-06, 2017-11-24: 1265 * Improved description of event-loop model. 1267 * Changed intended status to Informational. 1269 * Editorial improvements. 1271 draft-liu-anima-grasp-api-05, 2017-10-02: 1273 * Added send_invalid() 1275 draft-liu-anima-grasp-api-04, 2017-06-30: 1277 * Noted that simple nodes might not include the API. 1279 * Minor clarifications. 1281 draft-liu-anima-grasp-api-03, 2017-02-13: 1283 * Changed error return to integers. 1285 * Required all implementations to accept objective values in CBOR. 1287 * Added non-blocking alternatives. 1289 draft-liu-anima-grasp-api-02, 2016-12-17: 1291 * Updated for draft-ietf-anima-grasp-09 1293 draft-liu-anima-grasp-api-02, 2016-09-30: 1295 * Added items for draft-ietf-anima-grasp-07 1297 * Editorial corrections 1299 draft-liu-anima-grasp-api-01, 2016-06-24: 1301 * Updated for draft-ietf-anima-grasp-05 1303 * Editorial corrections 1305 draft-liu-anima-grasp-api-00, 2016-04-04: 1307 * Initial version 1309 Authors' Addresses 1311 Brian Carpenter 1312 School of Computer Science 1313 University of Auckland 1314 PB 92019 1315 Auckland 1142 1316 New Zealand 1318 Email: brian.e.carpenter@gmail.com 1319 Bing Liu (editor) 1320 Huawei Technologies 1321 Q14, Huawei Campus 1322 No.156 Beiqing Road 1323 Hai-Dian District, Beijing 1324 100095 1325 P.R. China 1327 Email: leo.liubing@huawei.com 1329 Wendong Wang 1330 BUPT University 1331 Beijing University of Posts & Telecom. 1332 No.10 Xitucheng Road 1333 Hai-Dian District, Beijing 100876 1334 P.R. China 1336 Email: wdwang@bupt.edu.cn 1338 Xiangyang Gong 1339 BUPT University 1340 Beijing University of Posts & Telecom. 1341 No.10 Xitucheng Road 1342 Hai-Dian District, Beijing 100876 1343 P.R. China 1345 Email: xygong@bupt.edu.cn