idnits 2.17.1 draft-ietf-mboned-interdomain-peering-bcp-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. (A line matching the expected section header was found, but with an unexpected indentation: ' 2. Overview of Inter-domain Multicast Application Transport' ) ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 6. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) (A line matching the expected section header was found, but with an unexpected indentation: ' 7. IANA Considerations' ) ** There are 19 instances of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 113 has weird spacing: '...Catalog all ...' == Line 369 has weird spacing: '...Ability to s...' == Line 382 has weird spacing: '...tically selec...' == Line 441 has weird spacing: '...Ability to s...' == Line 604 has weird spacing: '... over alter...' == (4 more instances...) == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 21, 2016) is 2989 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'RFC4607' on line 1125 looks like a reference -- Missing reference section? 'RFC4604' on line 1120 looks like a reference -- Missing reference section? 'RFC3618' on line 1128 looks like a reference -- Missing reference section? 'RFC2784' on line 1114 looks like a reference -- Missing reference section? 'IETF-ID-AMT' on line 1117 looks like a reference -- Missing reference section? 'BCP38' on line 1131 looks like a reference -- Missing reference section? 'RFC2236' on line 657 looks like a reference -- Missing reference section? 'MDH-04' on line 1141 looks like a reference -- Missing reference section? 'Traceroute' on line 1144 looks like a reference Summary: 4 errors (**), 0 flaws (~~), 8 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 MBONED Working Group Percy S. Tarapore 2 Internet Draft Robert Sayko 3 Intended status: BCP AT&T 4 Expires: July 20, 2016 Greg Shepherd 5 Toerless Eckert 6 Cisco 7 Ram Krishnan 8 Brocade 9 January 21, 2016 11 Use of Multicast Across Inter-Domain Peering Points 12 draft-ietf-mboned-interdomain-peering-bcp-01.txt 14 Status of this Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six 25 months and may be updated, replaced, or obsoleted by other documents 26 at any time. It is inappropriate to use Internet-Drafts as 27 reference material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on July 21, 2016. 31 Copyright Notice 33 Copyright (c) 2016 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with 41 respect to this document. Code Components extracted from this 42 document must include Simplified BSD License text as described in 43 Section 4.e of the Trust Legal Provisions and are provided without 44 warranty as described in the Simplified BSD License. 46 This document may contain material from IETF Documents or IETF 47 Contributions published or made publicly available before November 48 10, 2008. The person(s) controlling the copyright in some of this 49 material may not have granted the IETF Trust the right to allow 50 modifications of such material outside the IETF Standards Process. 51 Without obtaining an adequate license from the person(s) controlling 52 the copyright in such materials, this document may not be modified 53 outside the IETF Standards Process, and derivative works of it may 54 not be created outside the IETF Standards Process, except to format 55 it for publication as an RFC or to translate it into languages other 56 than English. 58 Abstract 60 This document examines the use of multicast across inter-domain 61 peering points. The objective is to describe the setup process for 62 multicast-based delivery across administrative domains and document 63 supporting functionality to enable this process. 65 Table of Contents 67 1. Introduction...................................................3 68 2. Overview of Inter-domain Multicast Application Transport.......4 69 3. Inter-domain Peering Point Requirements for Multicast..........5 70 3.1. Native Multicast..........................................5 71 3.2. Peering Point Enabled with GRE Tunnel.....................7 72 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 73 Enabled........................................................8 74 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast 75 Enabled.......................................................10 76 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through 77 AD-2..........................................................12 78 4. Supporting Functionality......................................13 79 4.1. Network Interconnection Transport and Security Guidelines14 80 4.2. Routing Aspects and Related Guidelines...................15 81 4.2.1 Native Multicast Routing Aspects..................15 82 4.2.2 GRE Tunnel over Interconnecting Peering Point.....16 83 4.2.3 Routing Aspects with AMT Tunnels.....................16 84 4.3. Back Office Functions - Billing and Logging Guidelines...19 85 4.3.1 Provisioning Guidelines...........................19 86 4.3.2 Application Accounting Billing Guidelines.........21 87 4.3.3 Log Management Guidelines.........................21 88 4.4. Operations - Service Performance and Monitoring Guidelines22 89 4.5. Client Reliability Models/Service Assurance Guidelines...24 90 5. Troubleshooting and Diagnostics...............................24 91 6. Security Considerations.......................................25 92 7. IANA Considerations...........................................26 93 8. Conclusions...................................................26 94 9. References....................................................26 95 9.1. Normative References.....................................26 96 9.2. Informative References...................................27 97 10. Acknowledgments..............................................27 99 1. Introduction 101 Several types of applications (e.g., live video streaming, software 102 downloads) are well suited for delivery via multicast means. The use 103 of multicast for delivering such applications offers significant 104 savings for utilization of resources in any given administrative 105 domain. End user demand for such applications is growing. Often, 106 this requires transporting such applications across administrative 107 domains via inter-domain peering points. 109 The objective of this Best Current Practices document is twofold: 110 o Describe the technical process and establish guidelines for 111 setting up multicast-based delivery of applications across inter- 112 domain peering points via a set of use cases. 113 o Catalog all required information exchange between the 114 administrative domains to support multicast-based delivery. This 115 enables operators to initiate necessary processes to support 116 inter-domain peering with multicast. 118 The scope and assumptions for this document are stated as follows: 120 o It is understood that several protocols are available for this 121 purpose including Protocol Independent Multicast - Source 122 Specific Multicast (PIM-SSM) [RFC4607], Internet Group 123 Management Protocol (IGMP) [RFC4604], Multicast Listener 124 Discovery (MLD) [RFC4604], and Multicast Source Discovery 125 Protocol (MSDP) [RFC3618]. This BCP is independent of the 126 choice of multicast protocol; it focuses solely on the 127 implications for the inter-domain peering points. However, in 128 order to help explain use cases the figures will use the 129 general SSM flows and architectures. 130 o Network Administrative Domains involved in setting up 131 multicast peering points are assumed to adopt compatible 132 protocols. The use of different protocols is beyond the scope 133 of this document. 134 o It is assumed that an AMT Relay will be available to a client 135 for multicast delivery. The selection of an optimal AMT relay 136 by a client is out of scope for this document. Note that AMT 137 use is necessary only when native multicast is unavailable in 138 the peering point (Use Case 3.3) or in the downstream 139 administrative domain (Use Cases 3.4, and 3.5). 140 o The collection of billing data is assumed to be done at the 141 application level and is not considered to be a networking 142 issue. The settlements process for end user billing and/or 143 inter-provider billing is out of scope for this document. 144 o Inter-domain network connectivity troubleshooting is only 145 considered within the context of a cooperative process between 146 the two domains. 148 This document also attempts to identify ways by which the peering 149 process can be improved. Development of new methods for improvement 150 is beyond the scope of this document. 152 2. Overview of Inter-domain Multicast Application Transport 154 A multicast-based application delivery scenario is as follows: 155 o Two independent administrative domains are interconnected via a 156 peering point. 157 o The peering point is either multicast enabled (end-to-end 158 native multicast across the two domains) or it is connected by 159 one of two possible tunnel types: 160 o A Generic Routing Encapsulation (GRE) Tunnel [RFC2784] 161 allowing multicast tunneling across the peering point, or 162 o An Automatic Multicast Tunnel (AMT) [IETF-ID-AMT]. 163 o The application stream originates at a source in Domain 1. 164 o An End User associated with Domain 2 requests the application. 165 It is assumed that the application is suitable for delivery via 166 multicast means (e.g., live steaming of major events, software 167 downloads to large numbers of end user devices, etc.) 168 o The request is communicated to the application source which 169 provides the relevant multicast delivery information to the EU 170 device via a "manifest file". At a minimum, this file contains 171 the {Source, Group} or (S,G) information relevant to the 172 multicast stream. 174 o The application client in the EU device then joins the 175 multicast stream distributed by the application source in 176 domain 1 utilizing the (S,G) information provided in the 177 manifest file. The manifest file may also contain additional 178 information that the application client can use to locate the 179 source and join the stream. 181 It should be noted that the second administrative domain - domain 2 182 - may be an independent network domain (e.g., Tier 1 network 183 operator domain) or it could also be an Enterprise network operated 184 by a single customer. The peering point architecture and 185 requirements may have some unique aspects associated with the 186 Enterprise case. 188 The Use Cases describing various architectural configurations for 189 the multicast distribution along with associated requirements is 190 described in section 3. Unique aspects related to the Enterprise 191 network possibility will be described in this section. A 192 comprehensive list of pertinent information that needs to be 193 exchanged between the two domains to support various functions 194 enabling the application transport is provided in section 4. 196 3. Inter-domain Peering Point Requirements for Multicast 198 The transport of applications using multicast requires that the 199 inter-domain peering point is enabled to support such a process. 200 There are five possible Use Cases for consideration. 202 3.1. Native Multicast 204 This Use Case involves end-to-end Native Multicast between the two 205 administrative domains and the peering point is also native 206 multicast enabled - Figure 1. 208 ------------------- ------------------- 209 / AD-1 \ / AD-2 \ 210 / (Multicast Enabled) \ / (Multicast Enabled) \ 211 / \ / \ 212 | +----+ | | | 213 | | | +------+ | | +------+ | +----+ 214 | | AS |------>| BR |-|---------|->| BR |-------------|-->| EU | 215 | | | +------+ | I1 | +------+ |I2 +----+ 216 \ +----+ / \ / 217 \ / \ / 218 \ / \ / 219 ------------------- ------------------- 221 AD = Administrative Domain (Independent Autonomous System) 222 AS = Application (e.g., Content) Multicast Source 223 BR = Border Router 224 I1 = AD-1 and AD-2 Multicast Interconnection (MBGP or BGMP) 225 I2 = AD-2 and EU Multicast Connection 227 Figure 1 - Content Distribution via End to End Native Multicast 229 Advantages of this configuration are: 231 o Most efficient use of bandwidth in both domains 233 o Fewer devices in the path traversed by the multicast stream when 234 compared to unicast transmissions. 236 From the perspective of AD-1, the one disadvantage associated with 237 native multicast into AD-2 instead of individual unicast to every EU 238 in AD-2 is that it does not have the ability to count the number of 239 End Users as well as the transmitted bytes delivered to them. This 240 information is relevant from the perspective of customer billing and 241 operational logs. It is assumed that such data will be collected by 242 the application layer. The application layer mechanisms for 243 generating this information need to be robust enough such that all 244 pertinent requirements for the source provider and the AD operator 245 are satisfactorily met. The specifics of these methods are beyond 246 the scope of this document. 248 Architectural guidelines for this configuration are as follows: 250 a. Dual homing for peering points between domains is recommended as 251 a way to ensure reliability with full BGP table visibility. 253 b. If the peering point between AD-1 and AD-2 is a controlled network 254 environment, then bandwidth can be allocated accordingly by the 255 two domains to permit the transit of non-rate adaptive multicast 256 traffic. If this is not the case, then it is recommended that the 257 multicast traffic should support rate-adaption. 259 c. The sending and receiving of multicast traffic between two domains 260 is typically determined by local policies associated with each 261 domain. For example, if AD-1 is a service provider and AD-2 is an 262 enterprise, then AD-1 may support local policies for traffic 263 delivery to, but not traffic reception from AD-2. Another example 264 is the use of a policy by which AD-1 delivers specified content 265 to AD-2 only if such delivery has been accepted by contract. 267 d. Relevant information on multicast streams delivered to End Users 268 in AD-2 is assumed to be collected by available capabilities in 269 the application layer. The precise nature and formats of the 270 collected information will be determined by directives from the 271 source owner and the domain operators. 273 e. The interconnection of AD-1 and AD-2 should minimally follow 274 guidelines for traffic filtering between autonomous systems 275 [BCP38]. Filtering guidelines specific to the multicast control- 276 plane and data-plane are described in section 6. 278 3.2. Peering Point Enabled with GRE Tunnel 280 The peering point is not native multicast enabled in this Use Case. 281 There is a Generic Routing Encapsulation Tunnel provisioned over the 282 peering point. In this case, the interconnection I1 between AD-1 and 283 AD-2 in Figure 1 is multicast enabled via a Generic Routing 284 Encapsulation Tunnel (GRE) [RFC2784] and encapsulating the multicast 285 protocols across the interface. The routing configuration is 286 basically unchanged: Instead of BGP (SAFI2) across the native IP 287 multicast link between AD-1 and AD-2, BGP (SAFI2) is now run across 288 the GRE tunnel. 290 Advantages of this configuration: 292 o Highly efficient use of bandwidth in both domains although not as 293 efficient as the fully native multicast Use Case. 295 o Fewer devices in the path traversed by the multicast stream when 296 compared to unicast transmissions. 298 o Ability to support only partial IP multicast deployments in AD-1 299 and/or AD-2. 301 o GRE is an existing technology and is relatively simple to 302 implement. 304 Disadvantages of this configuration: 306 o Per Use Case 3.1, current router technology cannot count the 307 number of end users or the number bytes transmitted. 309 o GRE tunnel requires manual configuration. 311 o The GRE must be established prior to stream starting. 313 o The GRE tunnel is often left pinned up 315 Architectural guidelines for this configuration include the 316 following: 318 Guidelines (a) through (d) are the same as those described in Use 319 Case 3.1. Two additional guidelines are as follows: 321 e. GRE tunnels are typically configured manually between peering 322 points to support multicast delivery between domains 324 f. It is recommended that the GRE tunnel (tunnel server) 325 configuration in the source network is such that it only 326 advertises the routes to the application sources and not to the 327 entire network. This practice will prevent unauthorized delivery 328 of applications through the tunnel (e.g., if application - e.g., 329 content - is not part of an agreed inter-domain partnership). 331 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 332 Enabled 334 Both administrative domains in this Use Case are assumed to be 335 native multicast enabled here; however the peering point is not. The 336 peering point is enabled with an Automatic Multicast Tunnel. The 337 basic configuration is depicted in Figure 2. 339 ------------------- ------------------- 340 / AD-1 \ / AD-2 \ 341 / (Multicast Enabled) \ / (Multicast Enabled) \ 342 / \ / \ 343 | +----+ | | | 344 | | | +------+ | | +------+ | +----+ 345 | | AS |------>| AR |-|---------|->| AG |-------------|-->| EU | 346 | | | +------+ | I1 | +------+ |I2 +----+ 347 \ +----+ / \ / 348 \ / \ / 349 \ / \ / 350 ------------------- ------------------- 352 AR = AMT Relay 353 AG = AMT Gateway 354 I1 = AMT Interconnection between AD-1 and AD-2 355 I2 = AD-2 and EU Multicast Connection 357 Figure 2 - AMT Interconnection between AD-1 and AD-2 359 Advantages of this configuration: 361 o Highly efficient use of bandwidth in AD-1. 363 o AMT is an existing technology and is relatively simple to 364 implement. Attractive properties of AMT include the following: 366 o Dynamic interconnection between Gateway-Relay pair across 367 the peering point. 369 o Ability to serve clients and servers with differing 370 policies. 372 Disadvantages of this configuration: 374 o Per Use Case 3.1 (AD-2 is native multicast), current router 375 technology cannot count the number of end users or the number of 376 bytes transmitted to all end users. 378 o Additional devices (AMT Gateway and Relay pairs) may be introduced 379 into the path if these services are not incorporated in the 380 existing routing nodes. 382 o Currently undefined mechanisms for the AG to automatically select 383 the optimal AR. 385 Architectural guidelines for this configuration are as follows: 387 Guidelines (a) through (d) are the same as those described in Use 388 Case 3.1. In addition, 390 e. It is recommended that AMT Relay and Gateway pairs be 391 configured at the peering points to support multicast delivery 392 between domains. AMT tunnels will then configure dynamically 393 across the peering points once the Gateway in AD-2 receives the 394 (S, G) information from the EU. 396 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast Enabled 398 In this AMT Use Case, the second administrative domain AD-2 is not 399 multicast enabled. This implies that the interconnection between AD- 400 2 and the End User is also not multicast enabled as depicted in 401 Figure 3. 403 ------------------- ------------------- 404 / AD-1 \ / AD-2 \ 405 / (Multicast Enabled) \ / (Non-Multicast \ 406 / \ / Enabled) \ 407 | +----+ | | | 408 | | | +------+ | | | +----+ 409 | | AS |------>| AR |-|---------|-----------------------|-->|EU/G| 410 | | | +------+ | | |I2 +----+ 411 \ +----+ / \ / 412 \ / \ / 413 \ / \ / 414 ------------------- ------------------- 416 AS = Application Multicast Source 417 AR = AMT Relay 418 EU/G = Gateway client embedded in EU device 419 I2 = AMT Tunnel Connecting EU/G to AR in AD-1 through Non-Multicast 420 Enabled AD-2. 422 Figure 3 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 424 This Use Case is equivalent to having unicast distribution of the 425 application through AD-2. The total number of AMT tunnels would be 426 equal to the total number of End Users requesting the application. 427 The peering point thus needs to accommodate the total number of AMT 428 tunnels between the two domains. Each AMT tunnel can provide the 429 data usage associated with each End User. 431 Advantages of this configuration: 433 o Highly efficient use of bandwidth in AD-1. 435 o AMT is an existing technology and is relatively simple to 436 implement. Attractive properties of AMT include the following: 438 o Dynamic interconnection between Gateway-Relay pair across 439 the peering point. 441 o Ability to serve clients and servers with differing 442 policies. 444 o Each AMT tunnel serves as a count for each End User and is also 445 able to track data usage (bytes) delivered to the EU. 447 Disadvantages of this configuration: 449 o Additional devices (AMT Gateway and Relay pairs) are introduced 450 into the transport path. 452 o Assuming multiple peering points between the domains, the EU 453 Gateway needs to be able to find the "correct" AMT Relay in AD- 454 1. 456 Architectural guidelines for this configuration are as follows: 458 Guidelines (a) through (c) are the same as those described in Use 459 Case 3.1. 461 d. It is recommended that proper procedures are implemented such 462 that the AMT Gateway at the End User device is able to find the 463 correct AMT Relay in AD-1 across the peering points. The 464 application client in the EU device is expected to supply the (S, 465 G) information to the Gateway for this purpose. 467 e. The AMT tunnel capabilities are expected to be sufficient for 468 the purpose of collecting relevant information on the multicast 469 streams delivered to End Users in AD-2. 471 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through AD-2 473 This is a variation of Use Case 3.4 as follows: 475 ------------------- ------------------- 476 / AD-1 \ / AD-2 \ 477 / (Multicast Enabled) \ / (Non-Multicast \ 478 / \ / Enabled) \ 479 | +----+ | |+--+ +--+ | 480 | | | +------+ | ||AG| |AG| | +----+ 481 | | AS |------>| AR |-|-------->||AR|------------->|AR|-|-->|EU/G| 482 | | | +------+ | I1 ||1 | I2 |2 | |I3 +----+ 483 \ +----+ / \+--+ +--+ / 484 \ / \ / 485 \ / \ / 486 ------------------- ------------------- 488 AS = Application Source 489 AR = AMT Relay in AD-1 490 AGAR1 = AMT Gateway/Relay node in AD-2 across Peering Point 491 I1 = AMT Tunnel Connecting AR in AD-1 to GW in AGAR1 in AD-2 492 AGAR2 = AMT Gateway/Relay node at AD-2 Network Edge 493 I2 = AMT Tunnel Connecting Relay in AGAR1 to GW in AGAR2 494 EU/G = Gateway client embedded in EU device 495 I3 = AMT Tunnel Connecting EU/G to AR in AGAR2 497 Figure 4 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 499 Use Case 3.4 results in several long AMT tunnels crossing the entire 500 network of AD-2 linking the EU device and the AMT Relay in AD-1 501 through the peering point. Depending on the number of End Users, 502 there is a likelihood of an unacceptably large number of AMT tunnels 503 - and unicast streams - through the peering point. This situation 504 can be alleviated as follows: 506 o Provisioning of strategically located AMT nodes at the edges of 507 AD-2. An AMT node comprises co-location of an AMT Gateway and an 508 AMT Relay. One such node is at the AD-2 side of the peering point 509 (node AGAR1 in Figure 4). 511 o Single AMT tunnel established across peering point linking AMT 512 Relay in AD-1 to the AMT Gateway in the AMT node AGAR1 in AD-2. 514 o AMT tunnels linking AMT node AGAR1 at peering point in AD-2 to 515 other AMT nodes located at the edges of AD-2: e.g., AMT tunnel I2 516 linking AMT Relay in AGAR1 to AMT Gateway in AMT node AGAR2 in 517 Figure 4. 519 o AMT tunnels linking EU device (via Gateway client embedded in 520 device) and AMT Relay in appropriate AMT node at edge of AD-2: 521 e.g., I3 linking EU Gateway in device to AMT Relay in AMT node 522 AGAR2. 524 The advantage for such a chained set of AMT tunnels is that the 525 total number of unicast streams across AD-2 is significantly reduced 526 thus freeing up bandwidth. Additionally, there will be a single 527 unicast stream across the peering point instead of possibly, an 528 unacceptably large number of such streams per Use Case 3.4. However, 529 this implies that several AMT tunnels will need to be dynamically 530 configured by the various AMT Gateways based solely on the (S,G) 531 information received from the application client at the EU device. A 532 suitable mechanism for such dynamic configurations is therefore 533 critical. 535 Architectural guidelines for this configuration are as follows: 537 Guidelines (a) through (c) are the same as those described in Use 538 Case 3.1. 540 d. It is recommended that proper procedures are implemented such 541 that the various AMT Gateways (at the End User devices and the AMT 542 nodes in AD-2) are able to find the correct AMT Relay in other AMT 543 nodes as appropriate. The application client in the EU device is 544 expected to supply the (S, G) information to the Gateway for this 545 purpose. 547 e. The AMT tunnel capabilities are expected to be sufficient for 548 the purpose of collecting relevant information on the multicast 549 streams delivered to End Users in AD-2. 551 4. Supporting Functionality 553 Supporting functions and related interfaces over the peering point 554 that enable the multicast transport of the application are listed in 555 this section. Critical information parameters that need to be 556 exchanged in support of these functions are enumerated along with 557 guidelines as appropriate. Specific interface functions for 558 consideration are as follows. 560 4.1. Network Interconnection Transport and Security Guidelines 562 The term "Network Interconnection Transport" refers to the 563 interconnection points between the two Administrative Domains. The 564 following is a representative set of attributes that will need to be 565 agreed to between the two administrative domains to support 566 multicast delivery. 568 o Number of Peering Points 570 o Peering Point Addresses and Locations 572 o Connection Type - Dedicated for Multicast delivery or shared with 573 other services 575 o Connection Mode - Direct connectivity between the two AD's or via 576 another ISP 578 o Peering Point Protocol Support - Multicast protocols that will be 579 used for multicast delivery will need to be supported at these 580 points. Examples of protocols include eBGP, BGMP, and MBGP. 582 o Bandwidth Allocation - If shared with other services, then there 583 needs to be a determination of the share of bandwidth reserved 584 for multicast delivery. 586 o QoS Requirements - Delay/latency specifications that need to be 587 specified in an SLA. 589 o AD Roles and Responsibilities - the role played by each AD for 590 provisioning and maintaining the set of peering points to support 591 multicast delivery. 593 From a security perspective, it is expected that normal/typical 594 security procedures will be followed by each AD to facilitate 595 multicast delivery to registered and authenticated end users. Some 596 security aspects for consideration are: 598 o Encryption - Peering point links may be encrypted per agreement 599 if dedicated for multicast delivery. 601 o Security Breach Mitigation Plan - In the event of a security 602 breach, the two AD's are expected to have a mitigation plan for 603 shutting down the peering point and directing multicast traffic 604 over alternated peering points. It is also expected that 605 appropriate information will be shared for the purpose of securing 606 the identified breach. 608 4.2. Routing Aspects and Related Guidelines 610 The main objective for multicast delivery routing is to ensure that 611 the End User receives the multicast stream from the "most optimal" 612 source [INF_ATIS_10] which typically: 614 o Maximizes the multicast portion of the transport and minimizes 615 any unicast portion of the delivery, and 617 o Minimizes the overall combined network(s) route distance. 619 This routing objective applies to both Native and AMT; the actual 620 methodology of the solution will be different for each. Regardless, 621 the routing solution is expected to be: 623 o Scalable 625 o Avoid/minimize new protocol development or modifications, and 627 o Be robust enough to achieve high reliability and automatically 628 adjust to changes/problems in the multicast infrastructure. 630 For both Native and AMT environments, having a source as close as 631 possible to the EU network is most desirable; therefore, in some 632 cases, an AD may prefer to have multiple sources near different 633 peering points, but that is entirely an implementation issue. 635 4.2.1 Native Multicast Routing Aspects 637 Native multicast simply requires that the Administrative Domains 638 coordinate and advertise the correct source address(es) at their 639 network interconnection peering points(i.e., border routers). An 640 example of multicast delivery via a Native Multicast process across 641 two administrative Domains is as follows assuming that the 642 interconnecting peering points are also multicast enabled: 644 o Appropriate information is obtained by the EU client who is a 645 subscriber to AD-2 (see Use Case 3.1). This is usually done via 646 an appropriate file transfer - this file is typically known as 647 the manifest file. It contains instructions directing the EU 648 client to launch an appropriate application if necessary, and 649 also additional information for the application about the source 650 location and the group (or stream) id in the form of the "S,G" 651 data. The "S" portion provides the name or IP address of the 652 source of the multicast stream. The file may also contain 653 alternate delivery information such as specifying the unicast 654 address of the stream. 656 o The client uses the join message with S,G to join the multicast 657 stream [RFC2236]. 659 To facilitate this process, the two AD's need to do the following: 661 o Advertise the source id(s) over the Peering Points 663 o Exchange relevant Peering Point information such as Capacity and 664 Utilization (Other??) 666 o Implement compatible multicast protocols to ensure proper 667 multicast delivery across the peering points. 669 4.2.2 GRE Tunnel over Interconnecting Peering Point 671 If the interconnecting peering point is not multicast enabled and 672 both ADs are multicast enabled, then a simple solution is to 673 provision a GRE tunnel between the two ADs - see Use Case 3.2.2. 674 The termination points of the tunnel will usually be a network 675 engineering decision, but generally will be between the border 676 routers or even between the AD 2 border router and the AD 1 source 677 (or source access router). The GRE tunnel would allow end-to-end 678 native multicast or AMT multicast to traverse the interface. 679 Coordination and advertisement of the source IP is still required. 681 The two AD's need to follow the same process as described in 4.2.1 682 to facilitate multicast delivery across the Peering Points. 684 4.2.3 Routing Aspects with AMT Tunnels 686 Unlike Native (with or without GRE), an AMT Multicast environment is 687 more complex. It presents a dual layered problem because there are 688 two criteria that should be simultaneously met: 690 o Find the closest AMT relay to the end-user that also has 691 multicast connectivity to the content source and 693 o Minimize the AMT unicast tunnel distance. 695 There are essentially two components to the AMT specification: 697 o AMT Relays: These serve the purpose of tunneling UDP multicast 698 traffic to the receivers (i.e., End Points). The AMT Relay will 699 receive the traffic natively from the multicast media source and 700 will replicate the stream on behalf of the downstream AMT 701 Gateways, encapsulating the multicast packets into unicast 702 packets and sending them over the tunnel toward the AMT Gateway. 703 In addition, the AMT Relay may perform various usage and 704 activity statistics collection. This results in moving the 705 replication point closer to the end user, and cuts down on 706 traffic across the network. Thus, the linear costs of adding 707 unicast subscribers can be avoided. However, unicast replication 708 is still required for each requesting endpoint within the 709 unicast-only network. 711 o AMT Gateway (GW): The Gateway will reside on an on End-Point - 712 this may be a Personal Computer (PC) or a Set Top Box (STB). The 713 AMT Gateway receives join and leave requests from the 714 Application via an Application Programming Interface (API). In 715 this manner, the Gateway allows the endpoint to conduct itself 716 as a true Multicast End-Point. The AMT Gateway will encapsulate 717 AMT messages into UDP packets and send them through a tunnel 718 (across the unicast-only infrastructure) to the AMT Relay. 720 The simplest AMT Use Case (section 3.3) involves peering points that 721 are not multicast enabled between two multicast enabled ADs. An AMT 722 tunnel is deployed between an AMT Relay on the AD 1 side of the 723 peering point and an AMT Gateway on the AD 2 side of the peering 724 point. One advantage to this arrangement is that the tunnel is 725 established on an as needed basis and need not be a provisioned 726 element. The two ADs can coordinate and advertise special AMT Relay 727 Anycast addresses with each other - though they may alternately 728 decide to simply provision Relay addresses, though this would not be 729 an optimal solution in terms of scalability. 731 Use Cases 3.4 and 3.5 describe more complicated AMT situations as 732 AD-2 is not multicast enabled. For these cases, the End User device 733 needs to be able to setup an AMT tunnel in the most optimal manner. 734 Using an Anycast IP address for AMT Relays allows for all AMT 735 Gateways to find the "closest" AMT Relay - the nearest edge of the 736 multicast topology of the source. An example of a basic delivery 737 via an AMT Multicast process for these two Use Cases is as follows: 739 o The manifest file is obtained by the EU client application. This 740 file contains instructions directing the EU client to an ordered 741 list of particular destinations to seek the requested stream and, 742 for multicast, specifies the source location and the group (or 743 stream) ID in the form of the "S,G" data. The "S" portion provides 744 the URI (name or IP address) of the source of the multicast stream 745 and the "G" identifies the particular stream originated by that 746 source. The manifest file may also contain alternate delivery 747 information such as the address of the unicast form of the content 748 to be used, for example, if the multicast stream becomes 749 unavailable. 751 o Using the information in the manifest file, and possibly 752 information provisioned directly in the EU client, a DNS query is 753 initiated in order to connect the EU client/AMT Gateway to an AMT 754 Relay. 756 o Query results are obtained, and may return an Anycast address or a 757 specific unicast address of a relay. Multiple relays will 758 typically exist. The Anycast address is a routable "pseudo- 759 address" shared among the relays that can gain multicast access to 760 the source. 762 o If a specific IP address unique to a relay was not obtained, the 763 AMT Gateway then sends a message (e.g., the discovery message) to 764 the Anycast address such that the network is making the routing 765 choice of particular relay - e.g., closest relay to the EU. (Note 766 that in IPv6 there is a specific Anycast format and Anycast is 767 inherent in IPv6 routing, whereas in IPv4 Anycast is handled via 768 provisioning in the network. Details are out of scope for this 769 document.) 771 o The contacted AMT Relay then returns its specific unicast IP 772 address (after which the Anycast address is no longer required). 773 Variations may exist as well. 775 o The AMT Gateway uses that unicast IP address to initiate a three- 776 way handshake with the AMT Relay. 778 o AMT Gateway provides "S,G" to the AMT Relay (embedded in AMT 779 protocol messages). 781 o AMT Relay receives the "S,G" information and uses the S,G to join 782 the appropriate multicast stream, if it has not already subscribed 783 to that stream. 785 o AMT Relay encapsulates the multicast stream into the tunnel 786 between the Relay and the Gateway, providing the requested content 787 to the EU. 789 Note: Further routing discussion on optimal method to find "best AMT 790 Relay/GW combination" and information exchange between AD's to be 791 provided. 793 4.3. Back Office Functions - Provisioning and Logging Guidelines 795 Back Office refers to the following: 797 o Servers and Content Management systems that support the delivery 798 of applications via multicast and interactions between ADs. 799 o Functionality associated with logging, reporting, ordering, 800 provisioning, maintenance, service assurance, settlement, etc. 802 4.3.1 Provisioning Guidelines 804 Resources for basic connectivity between ADs Providers need to be 805 provisioned as follows: 807 o Sufficient capacity must be provisioned to support multicast-based 808 delivery across ADs. 809 o Sufficient capacity must be provisioned for connectivity between 810 all supporting back-offices of the ADs as appropriate. This 811 includes activating proper security treatment for these back- 812 office connections (gateways, firewalls, etc) as appropriate. 813 o Routing protocols as needed, e.g. configuring routers to support 814 these. 816 Provisioning aspects related to Multicast-Based inter-domain 817 delivery are as follows. 819 The ability to receive requested application via multicast is 820 triggered via the manifest file. Hence, this file must be provided 821 to the EU regarding multicast URL - and unicast fallback if 822 applicable. AD-2 must build manifest and provision capability to 823 provide the file to the EU. 825 Native multicast functionality is assumed to be available in across 826 many ISP backbones, peering and access networks. If however, native 827 multicast is not an option (Use Cases 3.4 and 3.5), then: 829 o EU must have multicast client to use AMT multicast obtained either 830 from Application Source (per agreement with AD-1) or from AD-1 or 831 AD-2 (if delegated by the Application Source). 832 o If provided by AD-1/AD-2, then the EU could be redirected to a 833 client download site (note: this could be an Application Source 834 site). If provided by the Application Source, then this Source 835 would have to coordinate with AD-1 to ensure the proper client is 836 provided (assuming multiple possible clients). 837 o Where AMT Gateways support different application sets, all AD-2 838 AMT Relays need to be provisioned with all source & group 839 addresses for streams it is allowed to join. 840 o DNS across each AD must be provisioned to enable a client GW to 841 locate the optimal AMT Relay (i.e. longest multicast path and 842 shortest unicast tunnel) with connectivity to the content's 843 multicast source. 845 Provisioning Aspects Related to Operations and Customer Care are 846 stated as follows. 848 Each AD provider is assumed to provision operations and customer 849 care access to their own systems. 851 AD-1's operations and customer care functions must have visibility 852 to what is happening in AD-2's network or to the service provided by 853 AD-2, sufficient to verify their mutual goals and operations, e.g. 854 to know how the EU's are being served. This can be done in two ways: 856 o Automated interfaces are built between AD-1 and AD-2 such that 857 operations and customer care continue using their own systems. This 858 requires coordination between the two AD's with appropriate 859 provisioning of necessary resources. 860 o AD-1's operations and customer care personnel are provided access 861 directly to AD-2's system. In this scenario, additional provisioning 862 in these systems will be needed to provide necessary access. 863 Additional provisioning must be agreed to by the two AD-2s to support 864 this option. 866 4.3.2 Application Accounting Guidelines 868 All interactions between pairs of ADs can be discovered and/or be 869 associated with the account(s) utilized for delivered applications. 870 Supporting guidelines are as follows: 872 o A unique identifier is recommended to designate each master 873 account. 874 o AD-2 is expected to set up "accounts" (logical facility generally 875 protected by login/password/credentials) for use by AD-1. Multiple 876 accounts and multiple types/partitions of accounts can apply, e.g. 877 customer accounts, security accounts, etc. 879 4.3.3 Log Management Guidelines 881 Successful delivery of applications via multicast between pairs of 882 interconnecting ADs requires that appropriate logs will be exchanged 883 between them in support. Associated guidelines are as follows. 885 AD-2 needs to supply logs to AD-1 per existing contract(s). Examples 886 of log types include the following: 888 o Usage information logs at aggregate level. 889 o Usage failure instances at an aggregate level. 890 o Grouped or sequenced application access 891 performance/behavior/failure at an aggregate level to support 892 potential Application Provider-driven strategies. Examples of 893 aggregate levels include grouped video clips, web pages, and sets 894 of software download. 895 o Security logs, aggregated or summarized according to agreement 896 (with additional detail potentially provided during security 897 events, by agreement). 898 o Access logs (EU), when needed for troubleshooting. 899 o Application logs (what is the application doing), when needed for 900 shared troubleshooting. 901 o Syslogs (network management), when needed for shared 902 troubleshooting. 904 The two ADs may supply additional security logs to each other as 905 agreed to by contract(s). Examples include the following: 907 o Information related to general security-relevant activity which 908 may be of use from a protective or response perspective, such as 909 types and counts of attacks detected, related source information, 910 related target information, etc. 911 o Aggregated or summarized logs according to agreement (with 912 additional detail potentially provided during security events, by 913 agreement) 915 4.4. Operations - Service Performance and Monitoring Guidelines 917 Service Performance refers to monitoring metrics related to 918 multicast delivery via probes. The focus is on the service provided 919 by AD-2 to AD-1 on behalf of all multicast application sources 920 (metrics may be specified for SLA use or otherwise). Associated 921 guidelines are as follows: 923 o Both AD's are expected to monitor, collect, and analyze service 924 performance metrics for multicast applications. AD-2 provides 925 relevant performance information to AD-1; this enables AD-1 to 926 create an end-to-end performance view on behalf of the multicast 927 application source. 929 o Both AD's are expected to agree on the type of probes to be used 930 to monitor multicast delivery performance. For example, AD-2 may 931 permit AD-1's probes to be utilized in the AD-2 multicast service 932 footprint. Alternately, AD-2 may deploy its own probes and relay 933 performance information back to AD-1. 935 o In the event of performance degradation (SLA violation), AD-1 may 936 have to compensate the multicast application source per SLA 937 agreement. As appropriate, AD-1 may seek compensation from AD-2 938 if the cause of the degradation is in AD-2's network. 940 Service Monitoring generally refers to a service (as a whole) 941 provided on behalf of a particular multicast application source 942 provider. It thus involves complaints from End Users when service 943 problems occur. EU's direct their complaints to the source provider; 944 in turn the source provider submits these complaints to AD-1. The 945 responsibility for service delivery lies with AD-1; as such AD-1 946 will need to determine where the service problem is occurring - its 947 own network or in AD-2. It is expected that each AD will have tools 948 to monitor multicast service status in its own network. 950 o Both AD's will determine how best to deploy multicast service 951 monitoring tools. Typically, each AD will deploy its own set of 952 monitoring tools; in which case, both AD's are expected to inform 953 each other when multicast delivery problems are detected. 955 o AD-2 may experience some problems in its network. For example, 956 for the AMT Use Cases, one or more AMT Relays may be experiencing 957 difficulties. AD-2 may be able to fix the problem by rerouting 958 the multicast streams via alternate AMT Relays. If the fix is not 959 successful and multicast service delivery degrades, then AD-2 960 needs to report the issue to AD-1. 962 o When problem notification is received from a multicast 963 application source, AD-1 determines whether the cause of the 964 problem is within its own network or within the AD-2 domain. If 965 the cause is within the AD-2 domain, then AD-1 supplies all 966 necessary information to AD-2. Examples of supporting information 967 include the following: 969 o Kind of problem(s) 971 o Starting point & duration of problem(s). 973 o Conditions in which problem(s) occur. 975 o IP address blocks of affected users. 977 o ISPs of affected users. 979 o Type of access e.g., mobile versus desktop. 981 o Locations of affected EUs. 983 o Both AD's conduct some form of root cause analysis for multicast 984 service delivery problems. Examples of various factors for 985 consideration include: 987 o Verification that the service configuration matches the 988 product features. 990 o Correlation and consolidation of the various customer 991 problems and resource troubles into a single root service 992 problem. 994 o Prioritization of currently open service problems, giving 995 consideration to problem impact, service level agreement, 996 etc. 998 o Conduction of service tests, including one time tests or a 999 series of tests over a period of time. 1001 o Analysis of test results. 1003 o Analysis of relevant network fault or performance data. 1005 o Analysis of the problem information provided by the customer 1006 (CP). 1008 o Once the cause of the problem has been determined and the problem 1009 has been fixed, both AD's need to work jointly to verify and 1010 validate the success of the fix. 1012 o Faults in service could lead to SLA violation for which the 1013 multicast application source provider may have to be compensated 1014 by AD-1. Subsequently, AD-1 may have to be compensated by AD-2 1015 based on the contract. 1017 4.5. Client Reliability Models/Service Assurance Guidelines 1019 There are multiple options for instituting reliability 1020 architectures, most are at the application level. Both AD's should 1021 work those out with their contract/agreement and with the multicast 1022 application source providers. 1024 Network reliability can also be enhanced by the two AD's by 1025 provisioning alternate delivery mechanisms via unicast means. 1027 5. Troubleshooting and Diagnostics 1029 Any service provider supporting multicast delivery of content should 1030 have the capability to collect diagnostics as part of multicast 1031 troubleshooting practices and resolve network issues accordingly. 1032 Issues may become apparent or identified either through network 1033 monitoring functions or by customer reported problems as described 1034 in section 4.4. 1036 It is expected that multicast diagnostics will be collected 1037 according to currently established practices [MDH-04]. However, 1038 given that inter-domain creates a significant interdependence of 1039 proper networking functionality between providers there does exist a 1040 need for providers to be able to signal/alert each other if there 1041 are any issues noted by either one. 1043 Service providers may also wish to allow limited read-only 1044 administrative access to their routers via a looking-glass style 1045 router proxy to facilitate the debugging of multicast control state 1046 and peering status. Software implementations for this purpose is 1047 readily available [Traceroute] and can be easily extended to provide 1048 access to commonly-used multicast troubleshooting commands in a 1049 secure manner. 1051 The specifics of the notification and alerts are beyond the scope of 1052 this document, but general guidelines are similar to those described 1053 in section 4.4 (Service Performance and Monitoring). Some general 1054 communications issues are stated as follows. 1056 o Appropriate communications channels will be established between 1057 the customer service and operations groups from both AD's to 1058 facilitate information sharing related to diagnostic 1059 troubleshooting. 1061 o A default resolution period may be considered to resolve open 1062 issues. Alternately, mutually acceptable resolution periods 1063 could be established depending on the severity of the 1064 identified trouble. 1066 6. Security Considerations 1068 DRM and Application Accounting, Authorization and Authentication 1069 should be the responsibility of the multicast application source 1070 provider and/or AD-1. AD-1 needs to work out the appropriate 1071 agreements with the source provider. 1073 Network has no DRM responsibilities, but might have authentication 1074 and authorization obligations. These though are consistent with 1075 normal operations of a CDN to insure end user reliability, security 1076 and network security. 1078 AD-1 and AD-2 should have mechanisms in place to ensure proper 1079 accounting for the volume of bytes delivered through the peering 1080 point and separately the number of bytes delivered to EUs. For 1081 example, [BCP38] style filtering could be deployed by both AD's to 1082 ensure that only legitimately sourced multicast content is exchanged 1083 between them. 1085 If there are problems related to failure of token authentication 1086 when end-users are supported by AD-2, then some means of validating 1087 proper working of the token authentication process (e.g., back-end 1088 servers querying the multicast application source provider's token 1089 authentication server are communicating properly) should be 1090 considered. Details will have to be worked out during implementation 1091 (e.g., test tokens or trace token exchange process). 1093 7. IANA Considerations 1095 8. Conclusions 1097 This Best Current Practice document provides detailed Use Case 1098 scenarios for the transmission of applications via multicast across 1099 peering points between two Administrative Domains. A detailed set of 1100 guidelines supporting the delivery is provided for all Use Cases. 1102 For Use Cases involving AMT tunnels (cases 3.4 and 3.5), it is 1103 recommended that proper procedures are implemented such that the 1104 various AMT Gateways (at the End User devices and the AMT nodes in 1105 AD-2) are able to find the correct AMT Relay in other AMT nodes as 1106 appropriate. Section 4.3 provides an overview of one method that 1107 finds the optimal Relay-Gateway combination via the use of an 1108 Anycast IP address for AMT Relays. 1110 9. References 1112 9.1. Normative References 1114 [RFC2784] D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, 1115 "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000 1117 [IETF-ID-AMT] G. Bumgardner, "Automatic Multicast Tunneling", draft- 1118 ietf-mboned-auto-multicast-13, April 2012, Work in progress 1120 [RFC4604] H. Holbrook, et al, "Using Internet Group Management 1121 Protocol Version 3 (IGMPv3) and Multicast Listener Discovery 1122 Protocol Version 2 (MLDv2) for Source Specific Multicast", RFC 4604, 1123 August 2006 1125 [RFC4607] H. Holbrook, et al, "Source Specific Multicast", RFC 4607, 1126 August 2006 1128 [RFC3618] B. Fenner, et al, "Multicast Source Discovery Protocol", 1129 RFC 3618, October 2003 1131 [BCP38] P. Ferguson, et al, "Network Ingress Filtering: Defeating 1132 Denial of Service Attacks which employ IP Source Address Spoofing", 1133 BCP: 38, May 2000 1135 9.2. Informative References 1137 [INF_ATIS_10] "CDN Interconnection Use Cases and Requirements in a 1138 Multi-Party Federation Environment", ATIS Standard A-0200010, 1139 December 2012 1141 [MDH-04] D. Thaler, et al, "Multicast Debugging Handbook", IETF I-D 1142 draft-ietf-mboned-mdh-04.txt, May 2000 1144 [Traceroute] http://traceroute.org/#source%20code 1146 10. Acknowledgments 1147 Authors' Addresses 1149 Percy S. Tarapore 1150 AT&T 1151 Phone: 1-732-420-4172 1152 Email: tarapore@att.com 1154 Robert Sayko 1155 AT&T 1156 Phone: 1-732-420-3292 1157 Email: rs1983@att.com 1159 Greg Shepherd 1160 Cisco 1161 Phone: 1162 Email: shep@cisco.com 1164 Toerless Eckert 1165 Cisco 1166 Phone: 1167 Email: eckert@cisco.com 1169 Ram Krishnan 1170 Brocade 1171 Phone: 1172 Email: ramk@brocade.com