idnits 2.17.1 draft-ietf-forces-applicability-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 324 looks like a reference -- Missing reference section? '5' on line 336 looks like a reference -- Missing reference section? '4' on line 334 looks like a reference -- Missing reference section? '7' on line 341 looks like a reference -- Missing reference section? '2' on line 327 looks like a reference -- Missing reference section? '3' on line 331 looks like a reference -- Missing reference section? '6' on line 338 looks like a reference Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force ForCES WG 2 INTERNET-DRAFT Alan Crouch/Intel 3 draft-ietf-forces-applicability-01.txt Mark Handley/ICIR 5 14 December 2002 6 Expires: June 2003 8 ForCES Applicability Statement 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with all 13 provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering Task 16 Force (IETF), its areas, and its working groups. Note that other groups 17 may also distribute working documents as Internet- Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference material 22 or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 Abstract 33 The ForCES protocol defines a standard framework and mechanism 34 for the interconnection between Control Elements and 35 Forwarding Engines in IP routers and similar devices. In this 36 document we describe the applicability of the ForCES model and 37 protocol. We provide example deployment scenarios and 38 functionality, as well as document applications that would be 39 inappropriate for ForCES. 41 1. Purpose 43 The purpose of the ForCES Applicability Statement is to capture the 44 intent of the ForCES protocol designers as to how the protocol should be 45 used. The Applicability Statement will evolve alongside the protocol, 46 and will go to RFC as informational around the same time the as the 47 protocol goes to RFC. 49 2. Overview 51 The ForCES protocol defines a standard framework and mechanism for the 52 exchange of information between the logically separate functionality of 53 the control and data forwarding planes of IP routers and similar 54 devices. It focuses on the communication necessary for separation of 55 control plane functionality such as routing protocols, signaling 56 protocols, and admission control from data forwarding plane per-packet 57 activities such as packet forwarding, queuing, and header editing. 59 This document defines the applicability of the ForCES mechanisms. It 60 describes types of configurations and settings where ForCES is most 61 appropriately applied. This document also describes scenarios and 62 configurations where ForCES would not be appropriate for use. 64 3. Terminology A set of terminology associated with ForCES is defined 65 in [1]. That terminology is reused here and the reader is directed to 66 [1] for the following definitions: 68 o CE: Control Element. 70 o FE: Forwarding Element. 72 o ForCES: ForCES protocol. 74 4. Applicability to IP Networks 76 The purpose of this section is to list the areas of ForCES applicability 77 in IP network devices. Relatively low performance devices may be 78 implemented on a simple processor which performs both control and packet 79 forwarding functionality. ForCES is not applicable for such devices. 80 Higher performance devices typically distribute work amongst interface 81 processors, and these devices (FEs) therefore need to communicate with 82 the control element(s) to perform their job. ForCES provides a standard 83 way to do this communication. 85 The remainder of this section lists the applicable services which ForCES 86 may support, applicable FE functionality, applicable CE-FE link 87 scenarios, and applicable topologies in which ForCES may be deployed. 89 4.1. Applicable Services 91 In this section we describe the applicability of ForCES for the 92 following control-forwarding plane services: 94 o Discovery, Capability Information Exchange 96 o Topology Information Exchange 98 o Configuration 100 o Routing Exchange 102 o QoS Exchange 104 o Security Exchange 106 o Filtering Exchange 108 o Encapsulation/Tunneling Exchange 110 o NAT and Application-level Gateways 112 o Measurement and Accounting 114 o Diagnostics 116 o CE Redundancy or CE Failover 117 4.1.1. Discovery, Capability Information Exchange 119 Discovery is the process by which CEs and FEs learn of each other's 120 existence. ForCES assumes that CEs and FEs already know sufficient 121 information to begin communication in a secure manner. 122 The ForCES protocol is only applicable after CEs and FEs have found 123 each other. ForCES makes no assumption about whether discovery was 124 performed using a dynamic protocol or merely static configuration. 126 During the discovery phase, CEs and FEs may exchange capability 127 information with each other. For example, the FEs may express the 128 number of interface ports they provide, as well as the static and 129 configurable attributes of each port. 131 In addition to initial configuration, the CEs and FEs may also exchange 132 dynamic configuration changes using ForCES. For example, FE's 133 asynchronously inform the CE of an increase/decrease in available 134 resources or capabilities on the FE. 136 4.1.2. Topology Information Exchange 138 In this context, topology information relates to how the FEs are 139 interconnected with each other with respect to packet forwarding. 140 Whilst topology discovery is outside the scope of the ForCES protocol, a 141 standard topology discovery protocol may be selected and used to "learn" 142 the topology, and then the ForCES protocol may be used to transmit the 143 resulting information to the CE. 145 4.1.3. Configuration 147 ForCES is used to perform FE configuration. For example, CEs set 148 configurable FE attributes such as IP addresses. 150 4.1.4. Routing Exchange 152 ForCES may be used to deliver packet forwarding information resulting 153 from CE routing calculations. For example, CEs may send forwarding 154 table updates to the FEs, so that they can make forwarding decisions. 155 FEs may inform the CE in the event of a forwarding table miss. 157 4.1.5. QoS Exchange 159 ForCES may be used to exchange QoS capabilities between CEs and FEs. 160 For example, an FE may express QoS capabilities to the CE. Such 161 capabilities might include metering, policing, shaping, and queuing 162 functions. The CE may use ForCES to configure these capabilities. 164 4.1.6. Security Exchange 166 ForCES may be used to exchange Security information between CEs and FEs. 167 For example, the FE may use ForCES to express the types of encryption 168 that it is capable of using in an IPsec tunnel. The CE may use ForCES 169 to configure such a tunnel. 171 4.1.7. Filtering Exchange and Firewalls 173 ForCES may be used to exchange filtering information. For example, FEs 174 may use ForCES to express the filtering functions such as classification 175 and action that they can perform, and the CE may configure these 176 capabilities. 178 4.1.8. Encapsulation, Tunneling Exchange 180 ForCES may be used to exchange encapsulation capabilities of an FE, such 181 as tunneling, and the configuration of such capabilities. 183 4.1.9. NAT and Application-level Gateways 185 ForCES may be used to exchange configuration information for Network 186 Address Translators. Whilst ForCES is not specifically designed for the 187 configuration of application-level gateway functionality, this may be in 188 scope for some types of application-level gateways. 190 4.1.10. Measurement and Accounting 192 ForCES may be used to exchange configuration information regarding 193 traffic measurement and accounting functionality. In this area, ForCES 194 may overlap somewhat with functionality provided by alternative network 195 management mechanisms such as SNMP. In some cases ForCES may be used to 196 convey information to the CE to be reported externally using SNMP. 197 However, in other cases it may make more sense for the FE to directly 198 speak SNMP. 200 4.1.11. Diagnostics 202 ForCES may be used for CE's and FE's to exchange diagnostic information. 203 For example, an FE can send self-test results to the CE. 205 4.1.12. CE Redundancy or CE Failover 207 ForCES is a master-slave protocol where FE's are slaves and CE's are 208 masters. Basic mechanisms for CE redundancy/failover are provided in 209 ForCES protocol. Broad concepts such as implementing CE Redundancy, CE 210 Failover, and CE-CE communication, while not precluded by the ForCES 211 architecture, are considered outside the scope of ForCES protocol. 212 ForCES protocol is designed to handle CE-FE communication, and is not 213 intended for CE-CE communication. 215 4.2. CE-FE Link Capacity 217 When using ForCES, the bandwidth of the CE-FE link is a consideration, 218 and cannot be ignored. For example, sending a full routing table of 219 110K routes is reasonable over a 100Mbit Ethernet interconnect, but 220 could be non-trivial over a lower-bandwidth link. ForCES should be 221 sufficiently future-proof to be applicable in scenarios where routing 222 tables grow to several orders of magnitude greater than their current 223 size (approximately 100K routes). However, we also note that not all IP 224 routers need full routing tables. 226 4.3. CE/FE Locality 228 We do not intend ForCES to be applicable in configurations where the CE 229 and FE are located arbitrarily in the network. In particular, ForCES is 230 intended for environments where one of the following applies: 232 o The control interconnect is some form of local bus, switch, or LAN, 233 where reliability is high, closely controlled, and not susceptible 234 to external disruption that does not also affect the CEs and/or 235 FEs. 237 o The control interconnect shares fate with the FE's forwarding 238 function. Typically this is because the control connection is also 239 the FE's primary packet forwarding connection, and so if that link 240 goes down, the FE cannot forward packets anyway. 242 The key guideline is that the reliability of the device should not be 243 significantly reduced by the separation of control and forwarding 244 functionality. 246 ForCES is applicable in localities consisting of control and forwarding 247 elements which are either components in the same physical box, or are 248 separated at most by one local network hop (historically referred to as 249 "Very Close" localities). 251 Example: a network element with a single control blade, and one or more 252 forwarding blades, all present in the same chassis and sharing an 253 interconnect such as Ethernet or PCI. In this locality, the majority of 254 the data traffic being forwarded typically does not traverse the same 255 links as the ForCES control traffic. 257 5. Limitations and Out-of-Scope Items 259 ForCES was designed to enable logical separation of control and 260 forwarding planes in IP network devices. However, ForCES is not 261 intended to be applicable to all services or to all possible CE/FE 262 localities. 264 The purpose of this section is to list limitations and out-of-scope 265 items for ForCES. 267 5.1. Out of Scope Services 269 The following control-forwarding plane services are explicitly not 270 addressed by ForCES: 272 o Label Switching 274 o Multimedia Gateway Control (MEGACO). 276 5.1.1. Label Switching 278 Label Switching is the purview of the GSMP Working Group in the Sub- IP 279 Area of the IETF. GSMP is a general purpose protocol to control a label 280 switch. GSMP defines mechanisms to separate the label switch data plane 281 from the control plane label protocols such as LDP [5]. For more 282 information on GSMP, see [4]. 284 5.1.2. Separation of Control and Forwarding in Multimedia Gateways" 286 MEGACO defines a protocol used between elements of a physically 287 decomposed multimedia gateway. Separation of call control channels from 288 bearer channels is the purview of MEGACO. For more information on 289 MEGACO, see [7]. 291 5.2. Localities 293 ForCES protocol was intended to work within the localities described in 294 the last section. Outside these boundaries, care must be taken or the 295 protocol may not work right. Examples of localities where ForCES was 296 not originally intended to be used: 298 o Localities where there are multiple hops between CE and FE. 300 o Localities where hops between the CE and FE are dynamically routing 301 using IP routing protocols. 303 o Localities where the loss of the CE-FE link is of non-negligible 304 probability. 306 o Localities where two or more FEs controlled by the same CE cannot 307 communicate, either directly, or indirectly via other FEs 308 controlled by the same CE. 310 6. Security Considerations 312 The security of ForCES protocol will be addressed in the Protocol 313 Specification [2]. For security requirements, see architecture 314 requirement #5 and protocol requirement #2 in the Requirements Draft 315 [1]. The ForCES protocol assumes that the CE and FE are in the same 316 administration, and have shared secrets as a means of administration. 317 Whilst it might be technically feasible to have the CE and FE 318 administered independently, we strongly discourage such uses, because 319 they would require a significantly different trust model from that 320 ForCES assumes. 322 7. Normative 324 [1] Anderson, T et. al., "Requirements for Separation of IP Control and 325 Forwarding", draft-ietf-forces-requirements-07.txt, October 2002 327 [2] ForCES Protocol Specification (to-be-written) 329 8. Informative 331 [3] Salim, J e. al., "Netlink as an IP Services Protocol", draft-ietf- 332 forces-netlink-03.txt, June 2002 334 [4] Doria, A, Sundell, K, Hellstrand, F, Worster, T, "General Switch 335 Management Protocol (GSMP) V3" RFC 3292, June 2002 336 [5] Andersson et al., "LDP Specification" RFC 3036, January 2001 338 [6] Bradner, S, "Key words for use in RFCs to Indicate Requirement 339 Levels", RFC 2119, Harvard University, March 1997 341 [7] F. Cuervo et al., "Megaco Protocol Version 1.0" RFC 3015, November 342 2000 344 9. Acknowledgments 346 The authors wish to thank Jamal Hadi, Hormuzd Khosravi, Vip Sharma, and 347 many others for their invaluable contributions. 349 10. Author's Addresses 351 Alan Crouch 352 Intel 353 2111 NE 25th Avenue 354 Hillsboro, OR 97124 USA 355 Phone: +1 503 264 2196 356 Email: alan.crouch@intel.com 358 Mark Handley 359 ICIR 360 1947 Center Street, Suite 600 361 Berkeley, CA 94708, USA 362 Email: mjh@icsi.berkeley.edu