idnits 2.17.1 draft-ietf-mboned-interdomain-peering-bcp-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 17, 2017) is 2474 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4609 -- Possible downref: Non-RFC (?) normative reference: ref. 'BCP38' -- Possible downref: Non-RFC (?) normative reference: ref. 'BCP41' == Outdated reference: A later version (-05) exists of draft-ietf-mboned-mdh-04 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 MBONED Working Group Percy S. Tarapore 2 Internet Draft Robert Sayko 3 Intended status: BCP AT&T 4 Expires: January 17, 2018 Greg Shepherd 5 Cisco 6 Toerless Eckert 7 Futurewei Technologies 8 Ram Krishnan 9 SupportVectors 10 July 17, 2017 12 Use of Multicast Across Inter-Domain Peering Points 13 draft-ietf-mboned-interdomain-peering-bcp-09.txt 15 Status of this Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at http://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six 26 months and may be updated, replaced, or obsoleted by other documents 27 at any time. It is inappropriate to use Internet-Drafts as 28 reference material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on January 17, 2018. 32 Copyright Notice 34 Copyright (c) 2017 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with 42 respect to this document. Code Components extracted from this 43 document must include Simplified BSD License text as described in 44 Section 4.e of the Trust Legal Provisions and are provided without 45 warranty as described in the Simplified BSD License. 47 This document may contain material from IETF Documents or IETF 48 Contributions published or made publicly available before November 49 10, 2008. The person(s) controlling the copyright in some of this 50 material may not have granted the IETF Trust the right to allow 51 modifications of such material outside the IETF Standards Process. 52 Without obtaining an adequate license from the person(s) controlling 53 the copyright in such materials, this document may not be modified 54 outside the IETF Standards Process, and derivative works of it may 55 not be created outside the IETF Standards Process, except to format 56 it for publication as an RFC or to translate it into languages other 57 than English. 59 Abstract 61 This document examines the use of Source Specific Multicast (SSM) 62 across inter-domain peering points for a specified set of deployment 63 scenarios. The objective is to describe the setup process for 64 multicast-based delivery across administrative domains for these 65 scenarios and document supporting functionality to enable this 66 process. 68 Table of Contents 70 1. Introduction .................................................. 3 71 2. Overview of Inter-domain Multicast Application Transport ...... 4 72 3. Inter-domain Peering Point Requirements for Multicast ......... 6 73 3.1. Native Multicast ......................................... 6 74 3.2. Peering Point Enabled with GRE Tunnel .................... 8 75 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 76 Enabled ....................................................... 9 77 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast 78 Enabled ...................................................... 10 79 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through 80 AD-2 ......................................................... 12 81 4. Supporting Functionality ..................................... 14 82 4.1. Network Interconnection Transport and Security Guidelines15 83 4.2. Routing Aspects and Related Guidelines .................. 15 84 4.2.1 Native Multicast Routing Aspects ................. 16 85 4.2.2 GRE Tunnel over Interconnecting Peering Point .... 17 86 4.2.3 Routing Aspects with AMT Tunnels .................... 17 87 4.3. Back Office Functions - Provisioning and Logging Guidelines 88 ............................................................. 20 89 4.3.1 Provisioning Guidelines .......................... 20 90 4.3.2 Application Accounting Guidelines ................ 21 91 4.3.3 Log Management Guidelines ........................ 22 92 4.4. Operations - Service Performance and Monitoring Guidelines22 93 4.5. Client Reliability Models/Service Assurance Guidelines .. 25 94 5. Troubleshooting and Diagnostics .............................. 25 95 6. Security Considerations ...................................... 26 96 7. IANA Considerations .......................................... 27 97 8. Conclusions .................................................. 27 98 9. References ................................................... 27 99 9.1. Normative References .................................... 27 100 9.2. Informative References .................................. 28 101 10. Acknowledgments ............................................. 28 103 1. Introduction 105 Content and data from several types of applications (e.g., live 106 video streaming, software downloads) are well suited for delivery 107 via multicast means. The use of multicast for delivering such 108 content/data offers significant savings for utilization of resources 109 in any given administrative domain. End user demand for such 110 content/data is growing. Often, this requires transporting the 111 content/data across administrative domains via inter-domain peering 112 points. 114 The objective of this Best Current Practices document is twofold: 115 o Describe the technical process and establish guidelines for 116 setting up multicast-based delivery of application content/data 117 across inter-domain peering points via a set of use cases. 118 o Catalog all required information exchange between the 119 administrative domains to support multicast-based delivery. 120 This enables operators to initiate necessary processes to 121 support inter-domain peering with multicast. 123 The scope and assumptions for this document are stated as follows: 125 o For the purpose of this document, the term "peering point" 126 refers to an interface between two networks/administrative 127 domains over which traffic is exchanged between them. A 128 Network-Network Interface (NNI) is an example of a peering 129 point. 130 o Administrative Domain 1 (AD-1) is enabled with native 131 multicast. A peering point exists between AD-1 and AD-2. 132 o It is understood that several protocols are available for this 133 purpose including PIM-SM [RFC4609], Protocol Independent 134 Multicast - Source Specific Multicast (PIM-SSM) [RFC7761], 135 Internet Group Management Protocol (IGMP) [RFC3376], and 136 Multicast Listener Discovery (MLD) [RFC3810]. 138 o As described in Section 2, the source IP address of the 139 multicast stream in the originating AD (AD-1) is known. Under 140 this condition, PIM-SSM use is beneficial as it allows the 141 receiver's upstream router to directly send a JOIN message to 142 the source without the need of invoking an intermediate 143 Rendezvous Point (RP). Use of SSM also presents an improved 144 threat mitigation profile against attack, as described in 145 [RFC4609]. Hence, in the case of inter-domain peering, it is 146 recommended to use only SSM protocols; the setup of inter- 147 domain peering for ASM (Any-Source Multicast) is not in scope 148 for this document. 149 o AD-1 and AD-2 are assumed to adopt compatible protocols. The 150 use of different protocols is beyond the scope of this 151 document. 152 o An Automatic Multicast Tunnel (AMT) [RFC7450] is setup at the 153 peering point if either the peering point or AD-2 is not 154 multicast enabled. It is assumed that an AMT Relay will be 155 available to a client for multicast delivery. The selection of 156 an optimal AMT relay by a client is out of scope for this 157 document. Note that AMT use is necessary only when native 158 multicast is unavailable in the peering point (Use Case 3.3) or 159 in the downstream administrative domain (Use Cases 3.4, and 160 3.5). 161 o The collection of billing data is assumed to be done at the 162 application level and is not considered to be a networking 163 issue. The settlements process for end user billing and/or 164 inter-provider billing is out of scope for this document. 165 o Inter-domain network connectivity troubleshooting is only 166 considered within the context of a cooperative process between 167 the two domains. 168 Thus, the primary purpose of this document is to describe a scenario 169 where two ADs interconnect via a direct connection to each other. 170 Security and operational aspects for exchanging traffic on a public 171 Internet Exchange Point (IXP) with a large shared broadcast domain 172 between many operators, is not in scope for this document. 174 This document also attempts to identify ways by which the peering 175 process can be improved. Development of new methods for improvement 176 is beyond the scope of this document. 178 2. Overview of Inter-domain Multicast Application Transport 180 A multicast-based application delivery scenario is as follows: 182 o Two independent administrative domains are interconnected via a 183 peering point. 184 o The peering point is either multicast enabled (end-to-end 185 native multicast across the two domains) or it is connected by 186 one of two possible tunnel types: 187 o A Generic Routing Encapsulation (GRE) Tunnel [RFC2784] 188 allowing multicast tunneling across the peering point, or 189 o An Automatic Multicast Tunnel (AMT) [RFC7450]. 190 o A service provider controls one or more application sources in 191 AD-1 which will send multicast IP packets for one or more 192 (S,G)s. It is assumed that the service being provided is 193 suitable for delivery via multicast (e.g. live video streaming 194 of popular events, software downloads to many devices, etc.), 195 and that the packet streams will be part of a suitable 196 multicast transport protocol. 197 o An End User (EU) controls a device connected to AD-2, which 198 runs an application client compatible with the service 199 provider's application source. 200 o The application client joins appropriate (S,G)s in order to 201 receive the data necessary to provide the service to the EU. 202 The mechanisms by which the application client learns the 203 appropriate (S,G)s are an implementation detail of the 204 application, and are out of scope for this document. 206 Note that domain 2 may be an independent network domain (e.g., Tier 207 1 network operator domain) or it could also be an Enterprise network 208 operated by a single customer. The peering point architecture and 209 requirements may have some unique aspects associated with the 210 Enterprise case. 212 The Use Cases describing various architectural configurations for 213 the multicast distribution along with associated requirements is 214 described in section 3. Unique aspects related to the Enterprise 215 network possibility will be described in this section. A 216 comprehensive list of pertinent information that needs to be 217 exchanged between the two domains to support various functions 218 enabling the application transport is provided in section 4. 220 3. Inter-domain Peering Point Requirements for Multicast 222 The transport of applications using multicast requires that the 223 inter-domain peering point is enabled to support such a process. 224 There are five Use Cases for consideration in this document. 226 3.1. Native Multicast 228 This Use Case involves end-to-end Native Multicast between the two 229 administrative domains and the peering point is also native 230 multicast enabled - Figure 1. 232 ------------------- ------------------- 233 / AD-1 \ / AD-2 \ 234 / (Multicast Enabled) \ / (Multicast Enabled) \ 235 / \ / \ 236 | +----+ | | | 237 | | | +------+ | | +------+ | +----+ 238 | | AS |------>| BR |-|---------|->| BR |-------------|-->| EU | 239 | | | +------+ | I1 | +------+ |I2 +----+ 240 \ +----+ / \ / 241 \ / \ / 242 \ / \ / 243 ------------------- ------------------- 245 AD = Administrative Domain (Independent Autonomous System) 246 AS = Application (e.g., Content) Multicast Source 247 BR = Border Router 248 I1 = AD-1 and AD-2 Multicast Interconnection (e.g., MBGP) 249 I2 = AD-2 and EU Multicast Connection 251 Figure 1 - Content Distribution via End to End Native Multicast 253 Advantages of this configuration are: 255 o Most efficient use of bandwidth in both domains. 257 o Fewer devices in the path traversed by the multicast stream when 258 compared to unicast transmissions. 260 From the perspective of AD-1, the one disadvantage associated with 261 native multicast into AD-2 instead of individual unicast to every EU 262 in AD-2 is that it does not have the ability to count the number of 263 End Users as well as the transmitted bytes delivered to them. This 264 information is relevant from the perspective of customer billing and 265 operational logs. It is assumed that such data will be collected by 266 the application layer. The application layer mechanisms for 267 generating this information need to be robust enough such that all 268 pertinent requirements for the source provider and the AD operator 269 are satisfactorily met. The specifics of these methods are beyond 270 the scope of this document. 272 Architectural guidelines for this configuration are as follows: 274 a. Dual homing for peering points between domains is recommended 275 as a way to ensure reliability with full BGP table visibility. 277 b. If the peering point between AD-1 and AD-2 is a controlled 278 network environment, then bandwidth can be allocated 279 accordingly by the two domains to permit the transit of non- 280 rate adaptive multicast traffic. If this is not the case, then 281 it is recommended that the multicast traffic should support 282 rate-adaption. 284 c. The sending and receiving of multicast traffic between two 285 domains is typically determined by local policies associated 286 with each domain. For example, if AD-1 is a service provider 287 and AD-2 is an enterprise, then AD-1 may support local policies 288 for traffic delivery to, but not traffic reception from AD-2. 289 Another example is the use of a policy by which AD-1 delivers 290 specified content to AD-2 only if such delivery has been 291 accepted by contract. 293 d. Relevant information on multicast streams delivered to End 294 Users in AD-2 is assumed to be collected by available 295 capabilities in the application layer. The precise nature and 296 formats of the collected information will be determined by 297 directives from the source owner and the domain operators. 299 e. The interconnection of AD-1 and AD-2 should minimally follow 300 guidelines for traffic filtering between autonomous systems 301 [BCP38]. Filtering guidelines specific to the multicast 302 control-plane and data-plane are described in section 6. 304 3.2. Peering Point Enabled with GRE Tunnel 306 The peering point is not native multicast enabled in this Use Case. 307 There is a Generic Routing Encapsulation Tunnel provisioned over the 308 peering point. In this case, the interconnection I1 between AD-1 and 309 AD-2 in Figure 1 is multicast enabled via a Generic Routing 310 Encapsulation Tunnel (GRE) [RFC2784] and encapsulating the multicast 311 protocols across the interface. The routing configuration is 312 basically unchanged: Instead of BGP (SAFI2) across the native IP 313 multicast link between AD-1 and AD-2, BGP (SAFI2) is now run across 314 the GRE tunnel. 316 Advantages of this configuration: 318 o Highly efficient use of bandwidth in both domains although not 319 as efficient as the fully native multicast Use Case. 321 o Fewer devices in the path traversed by the multicast stream 322 when compared to unicast transmissions. 324 o Ability to support only partial IP multicast deployments in AD- 325 1 and/or AD-2. 327 o GRE is an existing technology and is relatively simple to 328 implement. 330 Disadvantages of this configuration: 332 o Per Use Case 3.1, current router technology cannot count the 333 number of end users or the number bytes transmitted. 335 o GRE tunnel requires manual configuration. 337 o The GRE must be established prior to stream starting. 339 o The GRE tunnel is often left pinned up. 341 Architectural guidelines for this configuration include the 342 following: 344 Guidelines (a) through (d) are the same as those described in Use 345 Case 3.1. Two additional guidelines are as follows: 347 e. GRE tunnels are typically configured manually between peering 348 points to support multicast delivery between domains. 350 f. It is recommended that the GRE tunnel (tunnel server) 351 configuration in the source network is such that it only 352 advertises the routes to the application sources and not to the 353 entire network. This practice will prevent unauthorized delivery 354 of applications through the tunnel (e.g., if application - e.g., 355 content - is not part of an agreed inter-domain partnership). 357 3.3. Peering Point Enabled with an AMT - Both Domains Multicast 358 Enabled 360 Both administrative domains in this Use Case are assumed to be 361 native multicast enabled here; however the peering point is not. The 362 peering point is enabled with an Automatic Multicast Tunnel. The 363 basic configuration is depicted in Figure 2. 365 ------------------- ------------------- 366 / AD-1 \ / AD-2 \ 367 / (Multicast Enabled) \ / (Multicast Enabled) \ 368 / \ / \ 369 | +----+ | | | 370 | | | +------+ | | +------+ | +----+ 371 | | AS |------>| AR |-|---------|->| AG |-------------|-->| EU | 372 | | | +------+ | I1 | +------+ |I2 +----+ 373 \ +----+ / \ / 374 \ / \ / 375 \ / \ / 376 ------------------- ------------------- 378 AR = AMT Relay 379 AG = AMT Gateway 380 I1 = AMT Interconnection between AD-1 and AD-2 381 I2 = AD-2 and EU Multicast Connection 383 Figure 2 - AMT Interconnection between AD-1 and AD-2 385 Advantages of this configuration: 387 o Highly efficient use of bandwidth in AD-1. 389 o AMT is an existing technology and is relatively simple to 390 implement. Attractive properties of AMT include the following: 392 o Dynamic interconnection between Gateway-Relay pair across 393 the peering point. 395 o Ability to serve clients and servers with differing 396 policies. 398 Disadvantages of this configuration: 400 o Per Use Case 3.1 (AD-2 is native multicast), current router 401 technology cannot count the number of end users or the number 402 of bytes transmitted to all end users. 404 o Additional devices (AMT Gateway and Relay pairs) may be 405 introduced into the path if these services are not incorporated 406 in the existing routing nodes. 408 o Currently undefined mechanisms for the AG to automatically 409 select the optimal AR. 411 Architectural guidelines for this configuration are as follows: 413 Guidelines (a) through (d) are the same as those described in Use 414 Case 3.1. In addition, 416 e. It is recommended that AMT Relay and Gateway pairs be 417 configured at the peering points to support multicast delivery 418 between domains. AMT tunnels will then configure dynamically 419 across the peering points once the Gateway in AD-2 receives the 420 (S, G) information from the EU. 422 3.4. Peering Point Enabled with an AMT - AD-2 Not Multicast Enabled 424 In this AMT Use Case, the second administrative domain AD-2 is not 425 multicast enabled. This implies that the interconnection between AD- 426 2 and the End User is also not multicast enabled as depicted in 427 Figure 3. 429 ------------------- ------------------- 430 / AD-1 \ / AD-2 \ 431 / (Multicast Enabled) \ / (Non-Multicast \ 432 / \ / Enabled) \ 433 | +----+ | | | 434 | | | +------+ | | | +----+ 435 | | AS |------>| AR |-|---------|-----------------------|-->|EU/G| 436 | | | +------+ | | |I2 +----+ 437 \ +----+ / \ / 438 \ / \ / 439 \ / \ / 440 ------------------- ------------------- 442 AS = Application Multicast Source 443 AR = AMT Relay 444 EU/G = Gateway client embedded in EU device 445 I2 = AMT Tunnel Connecting EU/G to AR in AD-1 through Non-Multicast 446 Enabled AD-2. 448 Figure 3 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 450 This Use Case is equivalent to having unicast distribution of the 451 application through AD-2. The total number of AMT tunnels would be 452 equal to the total number of End Users requesting the application. 453 The peering point thus needs to accommodate the total number of AMT 454 tunnels between the two domains. Each AMT tunnel can provide the 455 data usage associated with each End User. 457 Advantages of this configuration: 459 o Highly efficient use of bandwidth in AD-1. 461 o AMT is an existing technology and is relatively simple to 462 implement. Attractive properties of AMT include the following: 464 o Dynamic interconnection between Gateway-Relay pair across 465 the peering point. 467 o Ability to serve clients and servers with differing 468 policies. 470 o Each AMT tunnel serves as a count for each End User and is also 471 able to track data usage (bytes) delivered to the EU. 473 Disadvantages of this configuration: 475 o Additional devices (AMT Gateway and Relay pairs) are introduced 476 into the transport path. 478 o Assuming multiple peering points between the domains, the EU 479 Gateway needs to be able to find the "correct" AMT Relay in AD- 480 1. 482 Architectural guidelines for this configuration are as follows: 484 Guidelines (a) through (c) are the same as those described in Use 485 Case 3.1. 487 d. It is recommended that proper procedures are implemented such 488 that the AMT Gateway at the End User device is able to find the 489 correct AMT Relay in AD-1 across the peering points. The 490 application client in the EU device is expected to supply the (S, 491 G) information to the Gateway for this purpose. 493 e. The AMT tunnel capabilities are expected to be sufficient for 494 the purpose of collecting relevant information on the multicast 495 streams delivered to End Users in AD-2. 497 3.5. AD-2 Not Multicast Enabled - Multiple AMT Tunnels Through AD-2 499 This is a variation of Use Case 3.4 as follows: 501 ------------------- ------------------- 502 / AD-1 \ / AD-2 \ 503 / (Multicast Enabled) \ / (Non-Multicast \ 504 / \ / Enabled) \ 505 | +----+ | |+--+ +--+ | 506 | | | +------+ | ||AG| |AG| | +----+ 507 | | AS |------>| AR |-|-------->||AR|------------->|AR|-|-->|EU/G| 508 | | | +------+ | I1 ||1 | I2 |2 | |I3 +----+ 509 \ +----+ / \+--+ +--+ / 510 \ / \ / 511 \ / \ / 512 ------------------- ------------------- 514 AS = Application Source 515 AR = AMT Relay in AD-1 516 AGAR1 = AMT Gateway/Relay node in AD-2 across Peering Point 517 I1 = AMT Tunnel Connecting AR in AD-1 to GW in AGAR1 in AD-2 518 AGAR2 = AMT Gateway/Relay node at AD-2 Network Edge 519 I2 = AMT Tunnel Connecting Relay in AGAR1 to GW in AGAR2 520 EU/G = Gateway client embedded in EU device 521 I3 = AMT Tunnel Connecting EU/G to AR in AGAR2 523 Figure 4 - AMT Tunnel Connecting AD-1 AMT Relay and EU Gateway 525 Use Case 3.4 results in several long AMT tunnels crossing the entire 526 network of AD-2 linking the EU device and the AMT Relay in AD-1 527 through the peering point. Depending on the number of End Users, 528 there is a likelihood of an unacceptably large number of AMT tunnels 529 - and unicast streams - through the peering point. This situation 530 can be alleviated as follows: 532 o Provisioning of strategically located AMT nodes at the edges of 533 AD-2. An AMT node comprises co-location of an AMT Gateway and 534 an AMT Relay. One such node is at the AD-2 side of the peering 535 point (node AGAR1 in Figure 4). 537 o Single AMT tunnel established across peering point linking AMT 538 Relay in AD-1 to the AMT Gateway in the AMT node AGAR1 in AD-2. 540 o AMT tunnels linking AMT node AGAR1 at peering point in AD-2 to 541 other AMT nodes located at the edges of AD-2: e.g., AMT tunnel 542 I2 linking AMT Relay in AGAR1 to AMT Gateway in AMT node AGAR2 543 in Figure 4. 545 o AMT tunnels linking EU device (via Gateway client embedded in 546 device) and AMT Relay in appropriate AMT node at edge of AD-2: 547 e.g., I3 linking EU Gateway in device to AMT Relay in AMT node 548 AGAR2. 550 The advantage for such a chained set of AMT tunnels is that the 551 total number of unicast streams across AD-2 is significantly reduced 552 thus freeing up bandwidth. Additionally, there will be a single 553 unicast stream across the peering point instead of possibly, an 554 unacceptably large number of such streams per Use Case 3.4. However, 555 this implies that several AMT tunnels will need to be dynamically 556 configured by the various AMT Gateways based solely on the (S,G) 557 information received from the application client at the EU device. A 558 suitable mechanism for such dynamic configurations is therefore 559 critical. 561 Architectural guidelines for this configuration are as follows: 563 Guidelines (a) through (c) are the same as those described in Use 564 Case 3.1. 566 d. It is recommended that proper procedures are implemented such 567 that the various AMT Gateways (at the End User devices and the AMT 568 nodes in AD-2) are able to find the correct AMT Relay in other AMT 569 nodes as appropriate. The application client in the EU device is 570 expected to supply the (S, G) information to the Gateway for this 571 purpose. 573 e. The AMT tunnel capabilities are expected to be sufficient for 574 the purpose of collecting relevant information on the multicast 575 streams delivered to End Users in AD-2. 577 4. Supporting Functionality 579 Supporting functions and related interfaces over the peering point 580 that enable the multicast transport of the application are listed in 581 this section. Critical information parameters that need to be 582 exchanged in support of these functions are enumerated along with 583 guidelines as appropriate. Specific interface functions for 584 consideration are as follows. 586 4.1. Network Interconnection Transport and Security Guidelines 588 The term "Network Interconnection Transport" refers to the 589 interconnection points between the two Administrative Domains. The 590 following is a representative set of attributes that will need to be 591 agreed to between the two administrative domains to support 592 multicast delivery. 594 o Number of Peering Points. 596 o Peering Point Addresses and Locations. 598 o Connection Type - Dedicated for Multicast delivery or shared 599 with other services. 601 o Connection Mode - Direct connectivity between the two AD's or 602 via another ISP. 604 o Peering Point Protocol Support - Multicast protocols that will 605 be used for multicast delivery will need to be supported at 606 these points. Examples of protocols include eBGP [RFC4271] and 607 MBGP [RFC4271]. 609 o Bandwidth Allocation - If shared with other services, then 610 there needs to be a determination of the share of bandwidth 611 reserved for multicast delivery. When determining the 612 appropriate bandwidth allocation, parties should consider that 613 design of a multicast protocol suitable for live video 614 streaming which is consistent with Congestion Control 615 Principles [BCP41], especially in the presence of potentially 616 malicious receivers, is still an open research problem. 618 o QoS Requirements - Delay/latency specifications that need to be 619 specified in an SLA. 621 o AD Roles and Responsibilities - the role played by each AD for 622 provisioning and maintaining the set of peering points to 623 support multicast delivery. 625 4.2. Routing Aspects and Related Guidelines 627 The main objective for multicast delivery routing is to ensure that 628 the End User receives the multicast stream from the "most optimal" 629 source [INF_ATIS_10] which typically: 631 o Maximizes the multicast portion of the transport and minimizes 632 any unicast portion of the delivery, and 634 o Minimizes the overall combined network(s) route distance. 636 This routing objective applies to both Native and AMT; the actual 637 methodology of the solution will be different for each. Regardless, 638 the routing solution is expected to be: 640 o Scalable, 642 o Avoid/minimize new protocol development or modifications, and 644 o Be robust enough to achieve high reliability and automatically 645 adjust to changes/problems in the multicast infrastructure. 647 For both Native and AMT environments, having a source as close as 648 possible to the EU network is most desirable; therefore, in some 649 cases, an AD may prefer to have multiple sources near different 650 peering points, but that is entirely an implementation issue. 652 4.2.1 Native Multicast Routing Aspects 654 Native multicast simply requires that the Administrative Domains 655 coordinate and advertise the correct source address(es) at their 656 network interconnection peering points(i.e., border routers). An 657 example of multicast delivery via a Native Multicast process across 658 two administrative Domains is as follows assuming that the 659 interconnecting peering points are also multicast enabled: 661 o Appropriate information is obtained by the EU client who is a 662 subscriber to AD-2 (see Use Case 3.1). This information is in 663 the form of metadata and it contains instructions directing the 664 EU client to launch an appropriate application if necessary, and 665 also additional information for the application about the source 666 location and the group (or stream) id in the form of the "S,G" 667 data. The "S" portion provides the name or IP address of the 668 source of the multicast stream. The metadata may also contain 669 alternate delivery information such as specifying the unicast 670 address of the stream. 672 o The client uses the join message with S,G to join the multicast 673 stream [RFC4604]. 675 To facilitate this process, the two AD's need to do the following: 677 o Advertise the source id(s) over the Peering Points. 679 o Exchange relevant Peering Point information such as Capacity 680 and Utilization. 682 o Implement compatible multicast protocols to ensure proper 683 multicast delivery across the peering points. 685 4.2.2 GRE Tunnel over Interconnecting Peering Point 687 If the interconnecting peering point is not multicast enabled and 688 both ADs are multicast enabled, then a simple solution is to 689 provision a GRE tunnel between the two ADs - see Use Case 3.2.2. 690 The termination points of the tunnel will usually be a network 691 engineering decision, but generally will be between the border 692 routers or even between the AD 2 border router and the AD 1 source 693 (or source access router). The GRE tunnel would allow end-to-end 694 native multicast or AMT multicast to traverse the interface. 695 Coordination and advertisement of the source IP is still required. 697 The two AD's need to follow the same process as described in 4.2.1 698 to facilitate multicast delivery across the Peering Points. 700 4.2.3 Routing Aspects with AMT Tunnels 702 Unlike Native (with or without GRE), an AMT Multicast environment is 703 more complex. It presents a dual layered problem because there are 704 two criteria that should be simultaneously met: 706 o Find the closest AMT relay to the end-user that also has 707 multicast connectivity to the content source, and 709 o Minimize the AMT unicast tunnel distance. 711 There are essentially two components to the AMT specification: 713 o AMT Relays: These serve the purpose of tunneling UDP multicast 714 traffic to the receivers (i.e., End Points). The AMT Relay will 715 receive the traffic natively from the multicast media source and 716 will replicate the stream on behalf of the downstream AMT 717 Gateways, encapsulating the multicast packets into unicast 718 packets and sending them over the tunnel toward the AMT Gateway. 719 In addition, the AMT Relay may perform various usage and 720 activity statistics collection. This results in moving the 721 replication point closer to the end user, and cuts down on 722 traffic across the network. Thus, the linear costs of adding 723 unicast subscribers can be avoided. However, unicast replication 724 is still required for each requesting endpoint within the 725 unicast-only network. 727 o AMT Gateway (GW): The Gateway will reside on an on End-Point - 728 this may be a Personal Computer (PC) or a Set Top Box (STB). The 729 AMT Gateway receives join and leave requests from the 730 Application via an Application Programming Interface (API). In 731 this manner, the Gateway allows the endpoint to conduct itself 732 as a true Multicast End-Point. The AMT Gateway will encapsulate 733 AMT messages into UDP packets and send them through a tunnel 734 (across the unicast-only infrastructure) to the AMT Relay. 736 The simplest AMT Use Case (section 3.3) involves peering points that 737 are not multicast enabled between two multicast enabled ADs. An AMT 738 tunnel is deployed between an AMT Relay on the AD 1 side of the 739 peering point and an AMT Gateway on the AD 2 side of the peering 740 point. One advantage to this arrangement is that the tunnel is 741 established on an as needed basis and need not be a provisioned 742 element. The two ADs can coordinate and advertise special AMT Relay 743 Anycast addresses with each other - though they may alternately 744 decide to simply provision Relay addresses, though this would not be 745 an optimal solution in terms of scalability. 747 Use Cases 3.4 and 3.5 describe more complicated AMT situations as 748 AD-2 is not multicast enabled. For these cases, the End User device 749 needs to be able to setup an AMT tunnel in the most optimal manner. 750 There are many methods by which relay selection can be done 751 including the use of DNS based queries and static lookup tables 752 [RFC7450]. The choice of the method is implementation dependent and 753 is up to the network operators. Comparison of various methods is out 754 of scope for this document; it is for further study. 756 An illustrative example of a relay selection based on DNS queries 757 and Anycast IP addresses process for Use Cases 3.4 and 3.5 is 758 described here. Using an Anycast IP address for AMT Relays allows 759 for all AMT Gateways to find the "closest" AMT Relay - the nearest 760 edge of the multicast topology of the source. Note that this is 761 strictly illustrative; the choice of the method is up to the network 762 operators. The basic process is as follows: 764 o Appropriate metadata is obtained by the EU client application. The 765 metadata contains instructions directing the EU client to an 766 ordered list of particular destinations to seek the requested 767 stream and, for multicast, specifies the source location and the 768 group (or stream) ID in the form of the "S,G" data. The "S" 769 portion provides the URI (name or IP address) of the source of the 770 multicast stream and the "G" identifies the particular stream 771 originated by that source. The metadata may also contain alternate 772 delivery information such as the address of the unicast form of 773 the content to be used, for example, if the multicast stream 774 becomes unavailable. 776 o Using the information from the metadata, and possibly information 777 provisioned directly in the EU client, a DNS query is initiated in 778 order to connect the EU client/AMT Gateway to an AMT Relay. 780 o Query results are obtained, and may return an Anycast address or a 781 specific unicast address of a relay. Multiple relays will 782 typically exist. The Anycast address is a routable "pseudo- 783 address" shared among the relays that can gain multicast access to 784 the source. 786 o If a specific IP address unique to a relay was not obtained, the 787 AMT Gateway then sends a message (e.g., the discovery message) to 788 the Anycast address such that the network is making the routing 789 choice of particular relay - e.g., closest relay to the EU. (Note 790 that in IPv6 there is a specific Anycast format and Anycast is 791 inherent in IPv6 routing, whereas in IPv4 Anycast is handled via 792 provisioning in the network. Details are out of scope for this 793 document.) 795 o The contacted AMT Relay then returns its specific unicast IP 796 address (after which the Anycast address is no longer required). 797 Variations may exist as well. 799 o The AMT Gateway uses that unicast IP address to initiate a three- 800 way handshake with the AMT Relay. 802 o AMT Gateway provides "S,G" to the AMT Relay (embedded in AMT 803 protocol messages). 805 o AMT Relay receives the "S,G" information and uses the S,G to join 806 the appropriate multicast stream, if it has not already subscribed 807 to that stream. 809 o AMT Relay encapsulates the multicast stream into the tunnel 810 between the Relay and the Gateway, providing the requested content 811 to the EU. 813 4.3. Back Office Functions - Provisioning and Logging Guidelines 815 Back Office refers to the following: 817 o Servers and Content Management systems that support the delivery 818 of applications via multicast and interactions between ADs. 819 o Functionality associated with logging, reporting, ordering, 820 provisioning, maintenance, service assurance, settlement, etc. 822 4.3.1 Provisioning Guidelines 824 Resources for basic connectivity between ADs Providers need to be 825 provisioned as follows: 827 o Sufficient capacity must be provisioned to support multicast-based 828 delivery across ADs. 829 o Sufficient capacity must be provisioned for connectivity between 830 all supporting back-offices of the ADs as appropriate. This 831 includes activating proper security treatment for these back- 832 office connections (gateways, firewalls, etc) as appropriate. 833 o Routing protocols as needed, e.g. configuring routers to support 834 these. 836 Provisioning aspects related to Multicast-Based inter-domain 837 delivery are as follows. 839 The ability to receive requested application via multicast is 840 triggered via receipt of the necessary metadata. Hence, this 841 metadata must be provided to the EU regarding multicast URL - and 842 unicast fallback if applicable. AD-2 must enable the delivery of 843 this metadata to the EU and provision appropriate resources for this 844 purpose. 846 Native multicast functionality is assumed to be available across 847 many ISP backbones, peering and access networks. If however, native 848 multicast is not an option (Use Cases 3.4 and 3.5), then: 850 o EU must have multicast client to use AMT multicast obtained either 851 from Application Source (per agreement with AD-1) or from AD-1 or 852 AD-2 (if delegated by the Application Source). 853 o If provided by AD-1/AD-2, then the EU could be redirected to a 854 client download site (note: this could be an Application Source 855 site). If provided by the Application Source, then this Source 856 would have to coordinate with AD-1 to ensure the proper client is 857 provided (assuming multiple possible clients). 858 o Where AMT Gateways support different application sets, all AD-2 859 AMT Relays need to be provisioned with all source & group 860 addresses for streams it is allowed to join. 861 o DNS across each AD must be provisioned to enable a client GW to 862 locate the optimal AMT Relay (i.e. longest multicast path and 863 shortest unicast tunnel) with connectivity to the content's 864 multicast source. 866 Provisioning Aspects Related to Operations and Customer Care are 867 stated as follows. 869 Each AD provider is assumed to provision operations and customer 870 care access to their own systems. 872 AD-1's operations and customer care functions must have visibility 873 to what is happening in AD-2's network or to the service provided by 874 AD-2, sufficient to verify their mutual goals and operations, e.g. 875 to know how the EU's are being served. This can be done in two ways: 877 o Automated interfaces are built between AD-1 and AD-2 such that 878 operations and customer care continue using their own systems. 879 This requires coordination between the two AD's with appropriate 880 provisioning of necessary resources. 881 o AD-1's operations and customer care personnel are provided access 882 directly to AD-2's system. In this scenario, additional 883 provisioning in these systems will be needed to provide necessary 884 access. Additional provisioning must be agreed to by the two AD-2s 885 to support this option. 887 4.3.2 Application Accounting Guidelines 889 All interactions between pairs of ADs can be discovered and/or be 890 associated with the account(s) utilized for delivered applications. 891 Supporting guidelines are as follows: 893 o A unique identifier is recommended to designate each master 894 account. 895 o AD-2 is expected to set up "accounts" (logical facility generally 896 protected by login/password/credentials) for use by AD-1. Multiple 897 accounts and multiple types/partitions of accounts can apply, e.g. 898 customer accounts, security accounts, etc. 900 4.3.3 Log Management Guidelines 902 Successful delivery of applications via multicast between pairs of 903 interconnecting ADs requires that appropriate logs will be exchanged 904 between them in support. Associated guidelines are as follows. 906 AD-2 needs to supply logs to AD-1 per existing contract(s). Examples 907 of log types include the following: 909 o Usage information logs at aggregate level. 910 o Usage failure instances at an aggregate level. 911 o Grouped or sequenced application access. 912 performance/behavior/failure at an aggregate level to support 913 potential Application Provider-driven strategies. Examples of 914 aggregate levels include grouped video clips, web pages, and sets 915 of software download. 916 o Security logs, aggregated or summarized according to agreement 917 (with additional detail potentially provided during security 918 events, by agreement). 919 o Access logs (EU), when needed for troubleshooting. 920 o Application logs (what is the application doing), when needed for 921 shared troubleshooting. 922 o Syslogs (network management), when needed for shared 923 troubleshooting. 925 The two ADs may supply additional security logs to each other as 926 agreed to by contract(s). Examples include the following: 928 o Information related to general security-relevant activity which 929 may be of use from a protective or response perspective, such as 930 types and counts of attacks detected, related source information, 931 related target information, etc. 932 o Aggregated or summarized logs according to agreement (with 933 additional detail potentially provided during security events, by 934 agreement). 936 4.4. Operations - Service Performance and Monitoring Guidelines 938 Service Performance refers to monitoring metrics related to 939 multicast delivery via probes. The focus is on the service provided 940 by AD-2 to AD-1 on behalf of all multicast application sources 941 (metrics may be specified for SLA use or otherwise). Associated 942 guidelines are as follows: 944 o Both AD's are expected to monitor, collect, and analyze service 945 performance metrics for multicast applications. AD-2 provides 946 relevant performance information to AD-1; this enables AD-1 to 947 create an end-to-end performance view on behalf of the 948 multicast application source. 950 o Both AD's are expected to agree on the type of probes to be 951 used to monitor multicast delivery performance. For example, 952 AD-2 may permit AD-1's probes to be utilized in the AD-2 953 multicast service footprint. Alternately, AD-2 may deploy its 954 own probes and relay performance information back to AD-1. 956 o In the event of performance degradation (SLA violation), AD-1 957 may have to compensate the multicast application source per SLA 958 agreement. As appropriate, AD-1 may seek compensation from AD-2 959 if the cause of the degradation is in AD-2's network. 961 Service Monitoring generally refers to a service (as a whole) 962 provided on behalf of a particular multicast application source 963 provider. It thus involves complaints from End Users when service 964 problems occur. EU's direct their complaints to the source provider; 965 in turn the source provider submits these complaints to AD-1. The 966 responsibility for service delivery lies with AD-1; as such AD-1 967 will need to determine where the service problem is occurring - its 968 own network or in AD-2. It is expected that each AD will have tools 969 to monitor multicast service status in its own network. 971 o Both AD's will determine how best to deploy multicast service 972 monitoring tools. Typically, each AD will deploy its own set of 973 monitoring tools; in which case, both AD's are expected to 974 inform each other when multicast delivery problems are 975 detected. 977 o AD-2 may experience some problems in its network. For example, 978 for the AMT Use Cases, one or more AMT Relays may be 979 experiencing difficulties. AD-2 may be able to fix the problem 980 by rerouting the multicast streams via alternate AMT Relays. If 981 the fix is not successful and multicast service delivery 982 degrades, then AD-2 needs to report the issue to AD-1. 984 o When problem notification is received from a multicast 985 application source, AD-1 determines whether the cause of the 986 problem is within its own network or within the AD-2 domain. If 987 the cause is within the AD-2 domain, then AD-1 supplies all 988 necessary information to AD-2. Examples of supporting 989 information include the following: 991 o Kind of problem(s). 993 o Starting point & duration of problem(s). 995 o Conditions in which problem(s) occur. 997 o IP address blocks of affected users. 999 o ISPs of affected users. 1001 o Type of access e.g., mobile versus desktop. 1003 o Locations of affected EUs. 1005 o Both AD's conduct some form of root cause analysis for 1006 multicast service delivery problems. Examples of various 1007 factors for consideration include: 1009 o Verification that the service configuration matches the 1010 product features. 1012 o Correlation and consolidation of the various customer 1013 problems and resource troubles into a single root service 1014 problem. 1016 o Prioritization of currently open service problems, giving 1017 consideration to problem impact, service level agreement, 1018 etc. 1020 o Conduction of service tests, including one time tests or a 1021 series of tests over a period of time. 1023 o Analysis of test results. 1025 o Analysis of relevant network fault or performance data. 1027 o Analysis of the problem information provided by the customer 1028 (CP). 1030 o Once the cause of the problem has been determined and the 1031 problem has been fixed, both AD's need to work jointly to 1032 verify and validate the success of the fix. 1034 o Faults in service could lead to SLA violation for which the 1035 multicast application source provider may have to be 1036 compensated by AD-1. Subsequently, AD-1 may have to be 1037 compensated by AD-2 based on the contract. 1039 4.5. Client Reliability Models/Service Assurance Guidelines 1041 There are multiple options for instituting reliability 1042 architectures, most are at the application level. Both AD's should 1043 work those out with their contract/agreement and with the multicast 1044 application source providers. 1046 Network reliability can also be enhanced by the two AD's by 1047 provisioning alternate delivery mechanisms via unicast means. 1049 5. Troubleshooting and Diagnostics 1051 Any service provider supporting multicast delivery of content should 1052 have the capability to collect diagnostics as part of multicast 1053 troubleshooting practices and resolve network issues accordingly. 1054 Issues may become apparent or identified either through network 1055 monitoring functions or by customer reported problems as described 1056 in section 4.4. 1058 It is expected that multicast diagnostics will be collected 1059 according to currently established practices [MDH-04]. However, 1060 given that inter-domain creates a significant interdependence of 1061 proper networking functionality between providers there does exist a 1062 need for providers to be able to signal/alert each other if there 1063 are any issues noted by either one. 1065 Service providers may also wish to allow limited read-only 1066 administrative access to their routers via a looking-glass style 1067 router proxy to facilitate the debugging of multicast control state 1068 and peering status. Software implementations for this purpose is 1069 readily available [Traceroute], [draft-MTraceroute] and can be 1070 easily extended to provide access to commonly-used multicast 1071 troubleshooting commands in a secure manner. 1073 The specifics of the notification and alerts are beyond the scope of 1074 this document, but general guidelines are similar to those described 1075 in section 4.4 (Service Performance and Monitoring). Some general 1076 communications issues are stated as follows. 1078 o Appropriate communications channels will be established between 1079 the customer service and operations groups from both AD's to 1080 facilitate information sharing related to diagnostic 1081 troubleshooting. 1083 o A default resolution period may be considered to resolve open 1084 issues. Alternately, mutually acceptable resolution periods 1085 could be established depending on the severity of the 1086 identified trouble. 1088 6. Security Considerations 1090 From a security perspective, normal security procedures are expected 1091 to be followed by each AD to facilitate multicast delivery to 1092 registered and authenticated end users. Additionally: 1094 o Encryption - Peering point links may be encrypted per agreement 1095 if dedicated for multicast delivery. 1097 o Security Breach Mitigation Plan - In the event of a security 1098 breach, the two AD's are expected to have a mitigation plan for 1099 shutting down the peering point and directing multicast traffic 1100 over alternated peering points. It is also expected that 1101 appropriate information will be shared for the purpose of 1102 securing the identified breach. 1104 DRM and Application Accounting, Authorization and Authentication 1105 should be the responsibility of the multicast application source 1106 provider and/or AD-1. AD-1 needs to work out the appropriate 1107 agreements with the source provider. 1109 Network has no DRM responsibilities, but might have authentication 1110 and authorization obligations. These though are consistent with 1111 normal operations of a CDN to insure end user reliability, security 1112 and network security. 1114 AD-1 and AD-2 should have mechanisms in place to ensure proper 1115 accounting for the volume of bytes delivered through the peering 1116 point and separately the number of bytes delivered to EUs. For 1117 example, [BCP38] style filtering could be deployed by both AD's to 1118 ensure that only legitimately sourced multicast content is exchanged 1119 between them. 1121 Authentication and authorization of EU to receive multicast content 1122 is done at the application layer between the client application and 1123 the source. This may involve some kind of token authentication and 1124 is done at the application layer independently of the two AD's. If 1125 there are problems related to failure of token authentication when 1126 end-users are supported by AD-2, then some means of validating 1127 proper working of the token authentication process (e.g., back-end 1128 servers querying the multicast application source provider's token 1129 authentication server are communicating properly) should be 1130 considered. Implementation details are beyond the scope of this 1131 document. 1133 7. IANA Considerations 1135 No considerations identified in this document 1137 8. Conclusions 1139 This Best Current Practice document provides detailed Use Case 1140 scenarios for the transmission of applications via multicast across 1141 peering points between two Administrative Domains. A detailed set of 1142 guidelines supporting the delivery is provided for all Use Cases. 1144 For Use Cases involving AMT tunnels (cases 3.4 and 3.5), it is 1145 recommended that proper procedures are implemented such that the 1146 various AMT Gateways (at the End User devices and the AMT nodes in 1147 AD-2) are able to find the correct AMT Relay in other AMT nodes as 1148 appropriate. Section 4.3 provides an overview of one method that 1149 finds the optimal Relay-Gateway combination via the use of an 1150 Anycast IP address for AMT Relays. 1152 9. References 1154 9.1. Normative References 1156 [RFC2784] D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, 1157 "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000 1159 [RFC3376] B. Cain, et al, "Internet Group Management Protocol, 1160 Version 3", RFC 3376, October 2002 1162 [RFC3810] R. Vida and L. Costa, "Multicast Listener Discovery 1163 Version 2 (MLDv2) for IPv6", RFC 3810, June 2004 1165 [RFC4271] Y. Rekhter, et al, "A Border Gateway Protocol 4 (BGP-4)", 1166 RFC 4271, January 2006 1168 [RFC4604] H. Holbrook, et al, "Using Internet Group Management 1169 Protocol Version 3 (IGMPv3) and Multicast Listener Discovery 1170 Protocol Version 2 (MLDv2) for Source Specific Multicast", RFC 4604, 1171 August 2006 1173 [RFC4609] P. Savola, et al, "Protocol Independent Multicast - Sparse 1174 Mode (PIM-SM) Multicast Routing Security Issues and Enhancements", 1175 RFC 4609, August 2006 1177 [RFC7450] G. Bumgardner, "Automatic Multicast Tunneling", RFC 7450, 1178 February 2015 1180 [RFC7761] B. Fenner, et al, "Protocol Independent Multicast - Sparse 1181 Mode (PIM-SM): Protocol Specification (Revised), RFC 7761, March 1182 2016 1184 [BCP38] P. Ferguson, et al, "Network Ingress Filtering: Defeating 1185 Denial of Service Attacks which employ IP Source Address Spoofing", 1186 BCP: 38, May 2000 1188 [BCP41] S. Floyd, "Congestion Control Principles", BCP 41, September 1189 2000 1191 9.2. Informative References 1193 [INF_ATIS_10] "CDN Interconnection Use Cases and Requirements in a 1194 Multi-Party Federation Environment", ATIS Standard A-0200010, 1195 December 2012 1197 [MDH-04] D. Thaler, et al, "Multicast Debugging Handbook", IETF I-D 1198 draft-ietf-mboned-mdh-04.txt, May 2000 1200 [Traceroute] http://traceroute.org/#source%20code 1202 [draft-MTraceroute] H. Asaeda, K, Meyer, and W. Lee, "Mtrace Version 1203 2: Traceroute Facility for IP Multicast", draft-ietf-mboned-mtrace- 1204 v2-16, October 2016, work in progress 1206 10. Acknowledgments 1208 The authors would like to thank the following individuals for their 1209 suggestions, comments, and corrections: 1211 Mikael Abrahamsson 1212 Hitoshi Asaeda 1214 Dale Carder 1216 Tim Chown 1218 Leonard Giuliano 1220 Jake Holland 1222 Joel Jaeggli 1224 Albert Manfredi 1226 Stig Venaas 1227 Authors' Addresses 1229 Percy S. Tarapore 1230 AT&T 1231 Phone: 1-732-420-4172 1232 Email: tarapore@att.com 1234 Robert Sayko 1235 AT&T 1236 Phone: 1-732-420-3292 1237 Email: rs1983@att.com 1239 Greg Shepherd 1240 Cisco 1241 Phone: 1242 Email: shep@cisco.com 1244 Toerless Eckert 1245 Futurewei Technologies Inc. 1246 Phone: 1247 Email: tte@cs.fau.de 1249 Ram Krishnan 1250 SupportVectors 1251 Phone: 1252 Email: ramkri123@gmail.com