idnits 2.17.1 

draft-ietf-nsis-rmd-05.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 20.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 3096.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 3073.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 3080.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 3086.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 3 instances of lines with non-RFC6890-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be changed.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords -- however, there's a paragraph with
     a matching beginning. Boilerplate error?

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD',
     or 'RECOMMENDED' is not an accepted usage according to RFC 2119.  Please
     use uppercase 'NOT' together with RFC 2119 keywords (if that is what you
     mean).
     
     Found 'SHOULD not' in this paragraph:
     
     *  the SCOPING flag SHOULD not be set, meaning that a default
     scoping of the message is used.  Therefore, the QNE edges MUST be
     configured as boundary nodes and the QNE Interior nodes MUST be
     configured as Interior (intermediary) nodes;

  == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD',
     or 'RECOMMENDED' is not an accepted usage according to RFC 2119.  Please
     use uppercase 'NOT' together with RFC 2119 keywords (if that is what you
     mean).
     
     Found 'MUST not' in this paragraph:
     
     It is RECOMMENDED that the total number of additional DSCPs within
     a RMD domain, needed for severe congestion handling MUST not exceed the
     limit of 16. One possible solution for reducing the number of DSCP, for
     example, is to allocate one DSCP for severe congestion indication for
     each of the AF classes, independently from their dropping precedence.
     Assuming 4 AF classes and 1 EF class, and using one DSCP per traffic
     class then the number of DSCPs used in this situation for severe
     congestion is 5. If two additional DSCP's are used then the total number
     in this case is 10.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (January 17, 2006) is 6673 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'RMD-QSPEC' is mentioned on line 684, but not defined

  == Missing Reference: 'RFC 3175' is mentioned on line 1326, but not defined

  == Unused Reference: 'RFC2119' is defined on line 2997, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2205' is defined on line 3017, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC3175' is defined on line 3025, but no explicit
     reference was found in the text

  == Unused Reference: 'RMD4' is defined on line 3057, but no explicit
     reference was found in the text

  == Unused Reference: 'RSVP-DOI' is defined on line 3060, but no explicit
     reference was found in the text

  == Outdated reference: A later version (-18) exists of
     draft-ietf-nsis-qos-nslp-08

  ** Downref: Normative reference to an Experimental draft:
     draft-ietf-nsis-qos-nslp (ref. 'QoS-NSLP')

  -- No information found for draft-ietf-nsis-QSpec - is the name correct?

  -- Possible downref: Normative reference to a draft: ref. 'QSP-T' 

  == Outdated reference: A later version (-20) exists of
     draft-ietf-nsis-ntlp-05

  == Outdated reference: A later version (-01) exists of
     draft-tschofenig-rsvp-doi-00


     Summary: 4 errors (**), 0 flaws (~~), 16 warnings (==), 9 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	NSIS Working Group                                         Attila Bader
2	INTERNET-DRAFT                                            Lars Westberg
3	                                                               Ericsson
4	Expires: 17 June 2006                              Georgios Karagiannis
5	                                                   University of Twente
6	                                                       Cornelia Kappler
7	                                                                Siemens
8	                                                             Tom Phelan
9	                                                                  Sonus
10	                                                       January 17, 2006

12	       RMD-QOSM - The Resource Management in Diffserv QOS Model
13	                   <draft-ietf-nsis-rmd-05.txt>

15	Status of this Memo

17	   By submitting this Internet-Draft, each author represents that any
18	   applicable patent or other IPR claims of which he or she is aware
19	   have been or will be disclosed, and any of which he or she becomes
20	   aware will be disclosed, in accordance with Section 6 of BCP 79.

22	   Internet-Drafts are working documents of the Internet Engineering
23	   Task Force (IETF), its areas, and its working groups.  Note that
24	   other groups may also distribute working documents as Internet-
25	   Drafts.

27	   Internet-Drafts are draft documents valid for a maximum of six months
28	   and may be updated, replaced, or obsoleted by other documents at any
29	   time.  It is inappropriate to use Internet-Drafts as reference
30	   material or to cite them other than as "work in progress".

32	   The list of current Internet-Drafts can be accessed at
33	   http://www.ietf.org/ietf/1id-abstracts.txt.

35	   The list of Internet-Draft Shadow Directories can be accessed at
36	   http://www.ietf.org/shadow.html.

38	   This Internet-Draft will expire on June 17, 2006.

40	Copyright Notice

42	   Copyright (C) The Internet Society (2006).

44	Abstract

46	   This document describes an NSIS QoS Model for networks that use the
47	   Resource Management in Diffserv (RMD) concept.  RMD is a technique
48	   for adding admission control and preemption function to
49	   Differentiated Services (Diffserv) networks.  The RMD QoS Model
50	   allows devices external to the RMD network to signal reservation
51	   requests to edge nodes in the RMD network. The RMD Ingress edge nodes
52	   classify the incoming flows into traffic classes and signals resource
53	   requests for the corresponding traffic class along the data path to
54	   the Egress edge nodes for each flow.  Egress nodes reconstitute the
55	   original requests and continue forwarding them along the data path
56	   towards the final destination. In addition, RMD defines notification
57	   functions to indicate overload situations within the domain to the
58	   edge nodes.

60	Table of Contents

62	   1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
63	   2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . .4
64	   3. Overview of RMD and RMD-QOSM . . . . . . . . . . . . . .. . .4
65	      3.1 RMD . . . . . . . . . . . . . . . . . . . . . . . . . . .4
66	      3.2 Basic features of RMD-QOSM . . . . . . . . . . . . . . . 7
67	          3.2.1 Role of the QNEs . . . . . . . .. . . . . . . . . .7
68	          3.2.2 RMD-QOSM signaling . . . . . . . . . . . . . . . . 8
69	   4. RMD-QOSM, Detailed Description . . . . . . . . . . . .. . . .9
70	      4.1 RMD-QSpec Definition . . . . . . . . . . . . . . . . . . 9
71	          4.1.1 RMD-QOSM QoS Description . . . . . . . . .  . . . .9
72	          4.1.2 PHR RMD-QOSM control information . . . . . . . . .10
73	          4.1.3 PDR RMD-QOSM control information  . . . . . . . . 12
74	      4.2 Message format . . . . . . . . . . . . . . . . . . . . .14
75	      4.3 RMD node state management . . . . . . . . . . . . . . . 15
76	          4.3.1 Aggregated versus per flow reservations at the
77	                QNE edges . . . . . . . . . . . . . . . . . . . . 15
78	          4.3.2 Measurement-based method . . . . . . . . . . . . .16
79	          4.3.3 Reservation-based method . .. . . . . . . . . . . 16
80	      4.4 Transport of RMD-QOSM messages . . . . . . . . . . . . .17
81	      4.5 Edge discovery and addressing of messages . . . . . . . 18
82	      4.6 Operation and sequence of events . . . . . . . . . . . .18
83	          4.6.1 Basic unidirectional operation . . . . . . . . . .18
84	             4.6.1.1 Successful reservation. . . . . . . . . . . .19
85	             4.6.1.2 Unsuccessful reservation . . . . . . . . . . 25
86	             4.6.1.3 RMD refresh reservation. . . . . . . . . . . 28
87	             4.6.1.4 RMD modification of aggregated reservation . 31
88	             4.6.1.5 RMD release procedure. . . . . . . . . . . . 32
89	             4.6.1.6 Severe congestion handling  . . . . . . . . .39
90	             4.6.1.7 Admission control using congestion
91	                     notification based on probing . . . . . .  . 44
92	          4.6.2 Bidirectional operation . . . . . . . . . . . . . 46
93	             4.6.2.1 Successful and unsuccessful reservation . . .48
94	             4.6.2.2 Refresh reservation . . . . . . . . . . . . .53
95	             4.6.2.3 Modification of aggregated reservation . . . 54
96	             4.6.2.4 Release procedure . . . . . . . . . . . . . .54
97	             4.6.2.5 Severe congestion handling . . . . . . . . . 55
98	      4.7 Handling of additional errors . . . . . . . . . . . . . 58
99	   5. Security Consideration. . . . . . . . . . . . . . . . . . . 59
100	   6. IANA Considerations. . . . . . . . . . . . . . . . . . . . .62
101	   7. Open issues. . . . . . . . . . . . . . . . . . . . . . . . .62
102	   8. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . .62
103	   9. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . 63
104	   10. Normative References . . . . . . . . . . . . . . . . . . . 64
105	   11. Informative References . . . . . . . . . . . . . . . . . . 64
106	   12. Intellectual Property Rights . . . . . . . . . . . . . . . 65

108	1.  Introduction

110	   This document describes a Next Steps In Signaling (NSIS) QoS model
111	   for networks that use the Resource Management in Diffserv (RMD)
112	   framework ([RMD1], [RMD2], [RMD3]).  RMD adds admission control to
113	   Diffserv networks and allows nodes external to the networks to
114	   dynamically reserve resources within the Diffserv domains.

116	   The Quality of Service NSIS Signaling Layer Protocol (QoS-NSLP)
117	   [QoS-NSLP] specifies a generic model for carrying Quality of Service
118	   (QoS) signaling information end-to-end in an IP network.  Each
119	   network along the end-to-end path is expected to implement a
120	   specific QoS Model (QOSM) that interprets the requests and installs
121	   the necessary mechanisms, in a manner that is appropriate to the
122	   technology in use in the network, to ensure the delivery of the
123	   requested QoS.

125	   This document specifies an NSIS QoS Model for RMD networks (RMD-
126	   QOSM), and an RMD-specific QSpec (RMD-QSPec) for expressing
127	   reservations in a suitable form for simple processing by internal
128	   nodes.  They are used in combination with the QoS-NSLP to provide
129	   QoS signaling service in an RMD network.  Figure 1 shows an RMD
130	   network with the respective entities.

132	                          Stateless or reduced state        Egress
133	   Ingress                RMD nodes                         Node
134	   Node                   (Interior Nodes; I-Nodes)        (Stateful
135	   (Stateful              |          |            |         RMD QoS
136	   RMD QoS NLSP           |          |            |         NSLP Node)
137	   Node)                  V          V            V
138	   +-------+   Data +------+      +------+       +------+     +------+
139	   |-------|--------|------|------|------|-------|------|---->|------|
140	   |       |   Flow |      |      |      |       |      |     |      |
141	   |Ingress|        |I-Node|      |I-Node|       |I-Node|     |Egress|
142	   |       |        |      |      |      |       |      |     |      |
143	   +-------+        +------+      +------+       +------+     +------+
144	            =================================================>
145	            <=================================================
146	                                  Signaling Flow

148	FIGURE 1: Actors in the RMD QOSM

150	   Internally to the RMD network, RMD-QOSM defines a scalable QoS
151	   signaling model in which per-flow QoS-NSLP and NTLP states are not
152	   stored in Interior nodes but per-flow signaling is performed (see
153	   [QoS-NSLP]).

155	   In the RMD-QOSM, only routers at the edges of a Diffserv domain
156	   (Ingress and Egress nodes) support the QoS-NSLP stateful operation.
157	   Interior nodes support either the QoS-NSLP stateless operation, or a
158	   reduced-state operation with coarser granularity than the edge nodes.

160	   The remainder of this draft is structured following the suggestions
161	   in Appendix B of [QSP-T] for the description of QoS Signaling
162	   Policies.

164	   After the terminology in Section 2, we give an overview of RMD and
165	   the RMD-QOSM in Section 3.  In Section 4 we give a detailed
166	   description of the RMD-QOSM, including the role of QNEs, the
167	   definition of the QSpec, mapping of QSpec generic parameters onto
168	   RMD-QOSM parameters, state management in QNEs, and operation and
169	   sequence of events.  Section 5 discusses security issues.

171	2.  Terminology

173	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
174	   NOT", "SHOULD, "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
175	   in this document are to be interpreted as described in RFC 2119.

177	   The terminology defined by GIMPS [GIMPS] and QoS-NSLP [QoS-NSLP]
178	   applies to this draft.

180	   In addition, the following terms are used:

182	   Edge node: an (NSIS-capable) node on the boundary of some
183	   administrative domain.

185	   Ingress node: An edge node that handles the traffic as it enters the
186	   domain.

188	   Egress node: An edge node that handles the traffic as it leaves the
189	   domain.

191	   Interior nodes: the set of (NSIS-capable) nodes which form an
192	   administrative domain, excluding the edge nodes.

194	3.  Overview of RMD and RMD-QOSM

196	3.1.  RMD

198	   The Differentiated Services (Diffserv) architecture ([RFC2475],
199	   [RFC2638]) was introduced as a result of efforts to avoid the
200	   scalability and complexity problems of Intserv [RFC1633].
201	   Scalability is achieved by offering services on an aggregate
202	   rather than per-flow basis and by forcing as much of the per-flow
203	   state as possible to the edges of the network.  The service
204	   differentiation is achieved using the Differentiated Services (DS)
205	   field in the IP header and the Per-Hop Behavior (PHB) as the main
206	   building blocks.  Packets are handled at each node according to the
207	   PHB indicated by the DS field in the message header.

209	   The Diffserv architecture does not specify any way for devices
210	   outside the domain to dynamically reserve resources or receive
211	   indications of network resource availability.  In practice, service
212	   providers rely on subscription-time Service Level Agreements (SLAs)
213	   that statically define the parameters of the traffic that will be
214	   accepted from a customer.

216	   RMD was introduced as a method for dynamic reservation of resources
217	   within a Diffserv domain.  It describes a method that is able to
218	   provide admission control for flows entering the domain and a
219	   congestion handling algorithm that is able to terminate flows in
220	   case of congestion due to a sudden failure (e.g., link, router)
221	   within the domain.

223	   In RMD, scalability is achieved by separating a fine-grained
224	   reservation mechanism used in the edge nodes of a Diffserv domain
225	   from a much simpler reservation mechanism needed in the Interior
226	   nodes.  In particular, it is assumed that edge nodes support per-
227	   flow QoS states in order to provide QoS guarantees for each flow.
228	   Interior nodes use only one aggregated reservation state per traffic
229	   class or no states at all.  In this way it is possible to handle
230	   large numbers of flows in the Interior nodes. Furthermore, due to
231	   the limited functionality supported by the Interior nodes, this
232	   solution allows fast processing of signaling messages.

234	   In RMD two basic admission control modes are described: measurement-
235	   based and reservation-based admission control.

237	   The measurement-based algorithm continuously measures traffic levels
238	   and the actual available resources, and admits flows whose resource
239	   needs are within what is available at the time of the request. Once
240	   an admission decision is made, no record of the decision need be
241	   kept.  The advantage of measurement-based resource management
242	   protocols is that they do not require pre-reservation state or
243	   explicit release of the reservations.  Moreover, when the user
244	   traffic is variable, measurement based admission control could
245	   provide higher network utilization than, e.g., peak-rate
246	   reservation.  However, this can introduce an uncertainty in the
247	   availability of the resources.

249	   Two types of measurement based admission control schemes are
250	   possible:

252	   * The congestion notification function based on probing:
253	     can be used to implement a simple measurement-based admission
254	     control within a Diffserv domain. In this scenario the interior
255	     nodes are not necessarily NSIS aware nodes. In these interior nodes
256	     located along the data path, thresholds are set in the measurement
257	     based admission control function for the traffic belonging to
258	     different PHBs. In this scenario an end-to-end NSIS message, can be
259	     used as a probe packet, meaning that the DSCP field in the header
260	     of the IP packet that carries the NSIS message will be re-marked
261	     when the predefined congestion threshold is exceeded. In this way
262	     the edges can admit or reject flows that are requesting resources.

264	   * NSIS measurement-based admission control, where the measurement
265	     based admission control functionality is implemented in NSIS aware
266	     stateless routers. The main difference between this type of
267	     admission control and the congestion notification based on probing
268	     is related to the fact that this type of admission control is
269	     applied mainly on NSIS aware nodes, giving the possibility to apply
270	     measuring techniques, see e.g., [JaSh97], [GrTs03], that are using
271	     current and past information on NSIS sessions that requested
272	     resources from an NSIS aware interior node. The admission decision
273	     is positive if the currently carried traffic, as characterized by
274	     the measured statistics, plus the requested resources for the new
275	     flow do exceed the system capacity with a probability smaller than
276	     some ?. Otherwise, the admission decision is negative.

278	   In the reservation-based method, each Interior node maintains
279	   only one reservation state per traffic class.  The Ingress edge
280	   nodes aggregate individual flow requests into classes, and signal
281	   changes in the class reservations as necessary.  The reservation is
282	   quantified in terms of resource units.  These resources are
283	   requested dynamically per PHB and reserved on demand in all nodes in
284	   the communication path from an Ingress node to an Egress node.

286	   RMD describes the following procedures:

288	   * classification of individual resource reservation or resource
289	     query into Per Hop Behavior groups (PHB) at the Ingress node of
290	     the domain,

292	   * hop-by-hop admission control based on per PHB within the
293	     domain. There are two possible modes of operation for internal
294	     nodes to admit requests. One mode is the stateless or
295	     measurement-based mode, where the resources within the domain are
296	     queried. Another mode of operation is the reduced-state
297	     reservation or reservation based mode, where the resources within
298	     the domain are reserved.

300	   * a method to forward the original requests across the domain up to
301	     the Egress node and beyond.

303	   * a congestion control algorithm that notifies the egress edge nodes
304	     about congestion. It is able to terminate the appropriate number
305	     of flows in case a of congestion due to a sudden failure (e.g.,
306	     link or router failure) within the domain.

308	3.2. Basic features of RMD-QOSM

310	3.2.1 Role of the QNEs

312	   The protocol model of the RMD-QOSM is shown in Figure 2.  The figure
313	   shows QNI and QNR nodes, not part of the RMD network, that are the
314	   ultimate initiator and receiver of the QoS reservation requests.  It
315	   also shows QNE nodes that are the Ingress and Egress nodes in the
316	   RMD domain (QNE Ingress and QNE Egress), and QNE nodes that are
317	   Interior nodes (QNE Interior).

319	   All nodes of the RMD domain are mainly QoS-NSLP aware nodes.  Edge
320	   nodes store and maintain QoS-NSLP and NTLP states and therefore are
321	   stateful nodes.  The NSIS aware Interior nodes are NTLP stateless.
322	   Furthermore they are either QoS-NSLP stateless (for NSIS measurement-
323	   based operation), or are reduced state nodes storing per PHB
324	   aggregated QoS-NSLP states (for reservation-based operation).

326	     |------|   |-------|                           |------|   |------|
327	     | e2e  |<->| e2e   |<------------------------->| e2e  |<->| e2e  |
328	     | QoS  |   | QoS   |                           | QoS  |   | QoS  |
329	     |      |   |-------|                           |------|   |------|
330	     |      |   |-------|   |-------|   |-------|   |------|   |      |
331	     |      |   | local |<->| local |<->| local |<->| local|   |      |
332	     |      |   | QoS   |   |  QoS  |   |  QoS  |   |  QoS |   |      |
333	     |      |   |       |   |       |   |       |   |      |   |      |
334	     | NSLP |   | NSLP  |   | NSLP  |   | NSLP  |   | NSLP |   | NSLP |
335	     |st.ful|   |st.ful |   |st.less|   |st.less|   |st.ful|   |st.ful|
336	     |      |   |       |   |red.st.|   |red.st.|   |      |   |      |
337	     |      |   |-------|   |-------|   |-------|   |------|   |      |
338	     |------|   |-------|   |-------|   |-------|   |------|   |------|
339	     ------------------------------------------------------------------
340	     |------|   |-------|   |-------|   |-------|   |------|   |------|
341	     | NTLP |<->| NTLP  |<->| NTLP  |<->| NTLP  |<->| NTLP |<->|NTLP  |
342	     |st.ful|   |st.ful |   |st.less|   |st.less|   |st.ful|   |st.ful|
343	     |------|   |-------|   |-------|   |-------|   |------|   |------|
344	       QNI         QNE        QNE         QNE          QNE       QNR
345	     (End)     (Ingress)   (Interior)  (Interior)   (Egress)    (End)

347	         st.ful: stateful, st.less: stateless
348	         st.less red.st.: stateless or reduced state

350	   Figure 2: Protocol model of stateless/reduced state operation
351	   Note that the RMD-QOSM domain MAY contain Interior nodes that are
352	   not NSIS aware nodes (not shown in the figure).  These nodes are
353	   assumed to have sufficient capacity for flows that might be
354	   admitted.  Furthermore, some of these NSIS unaware nodes MAY be used
355	   for measuring the traffic congestion level on the data path. These
356	   measurements can be used by RMD-QOSM in the congestion control based
357	    on probing operation and/or severe congestion operation
358	   (see Section 4.6.1.6).

360	3.2.2 RMD-QOSM signaling

362	   The basic RMD-QOSM signaling is shown in Figure 3.  A RESERVE
363	   message is created by a QNI with an Initiator QSpec describing the
364	   reservation and forwarded along the path towards the QNR.  When the
365	   original RESERVE message arrives at the Ingress node, an RMD-QSpec
366	   is constructed based on the top-most QSPEC in the message (usually
367	   the Initiator QSPEC).  The RMD-QSpec is sent in a local, independent
368	   RESERVE message through the Interior nodes towards the QNR. This
369	   local RESERVE message uses the NTLP hop-by-hop datagram signaling
370	   mechanism.  Meanwhile, the original RESERVE message is sent to the
371	   Egress node on the path to the QNR using the reliable transport mode
372	   of NTLP.

374	              QNE             QNE             QNE            QNE
375	            Ingress         Interior        Interior        Egress
376	        NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
377	               |               |               |              |
378	       RESERVE |               |               |              |
379	      -------->| RESERVE       |               |              |
380	               +--------------------------------------------->|
381	               | RESERVE'      |               |              |
382	               +-------------->|               |              |
383	               |               | RESERVE'      |              |
384	               |               +-------------->|              |
385	               |               |               | RESERVE'     |
386	               |               |               +------------->|
387	               |               |               |              | RESERVE
388	               |               |               |              +------->
389	               |               |               |              |RESPONSE
390	               |               |               |              |<-------
391	               |               |               |     RESPONSE |
392	               |<---------------------------------------------+
393	       RESPONSE|               |               |              |
394	      <--------|               |               |              |

396	   Figure 3: Sender-initiated reservation with Reduced State Interior
397	             Nodes

399	   Each QoS-NSLP node on the data path processes the local RESERVE
400	   message and checks the availability of resources with either the
401	   reservation-based or the measurement-based method.  When the message
402	   reaches the Egress node, and the reservation is successful in each
403	   Interior nodes, the original RESERVE message is forwarded to the
404	   next domain.  When the Egress node receives a RESPONSE message from
405	   the downstream end, it is forwarded directly to the Ingress node.

407	   If an intermediate node cannot accommodate the new request, it
408	   indicates this by marking a single bit in the message, and continues
409	   forwarding the message until the Egress node is reached. From the
410	   Egress node a RESPONSE message is sent directly the Ingress node.

412	   As a consequence in the stateless/reduced state domain only sender-
413	   initiated reservation can be performed and functions requiring per
414	   flow NTLP or QoS-NSLP states, like summary refreshes, cannot be
415	   used. One of the basic features of RMD is that, if per flow
416	   identification, is needed, i.e. associating the flows IDs for the
417	   reserved resources, Edge nodes act on behalf of Interior nodes.

419	4.  RMD-QOSM, Detailed Description

421	   This section describes RMD-QOSM in more detail.  In particular,
422	   it defines the role of stateless and reduced-state QNEs, the
423	   RMD-QOSM QSpec Object, the format of RMD-QOSM QoS-NSLP messages
424	   and how QSpecs are processed and used in different protocol
425	   operations.

427	4.1.  RMD-QSpec Definition

429	   The RMD-QOSM QSpec object contains three fields, the "RMD-QOSM QoS
430	   Description", the Per Hop Reservation "PHR RMD-QOSM control
431	   information" container (PHR container) and the Per Domain Reservation
432	   "PDR RMD-QOSM control information" container (PDR container). The
433	   "RMD-QOSM QoS Description" field and the PHR container are used and
434	   processed by edge and Interior nodes.  The PDR container field is

436	   only processed by edge nodes.  The PHR container contains the QoS
437	   specific control information for intra-domain communication and
438	   reservation.  The PDR container contains additional information that
439	   is needed for edge-to-edge communication.

441	4.1.1.  RMD-QOSM QoS Description

443	   This section describes the parameters used by the "RMD-QOSM QoS
444	   Description" field.  The RMD-QOSM QoS Description only contains the
445	   QoS Desired object [QSP-T]. It does not contain the QoS Available,
446	   QoS Reserved or Minimum QoS objects.

448	   <RMD-QOSM QoS Description> = <QoS Desired>

450	   <QoS Desired> = <Bandwidth> <PHB Class Class>

452	   The bit format of the <Bandwidth> and <PHB Class> conform to the
453	   bit format specified in [QSP-T] and can be seen in Figure 4 and
454	   Figure 5, respectively.

456	     0                   1                   2                   3
457	     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
458	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
459	    |1|E|N|T|           3           |r|r|r|r|          1            ||
460	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
461	    |  Bandwidth       (32-bit IEEE floating point number)          |
462	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

464	             Figure 4: Bandwidth parameter

466	    0                   1                   2                   3
467	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
468	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
469	   |1|E|N|T|           7           |r|r|r|r|          1            |
470	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
471	   | DSCP      |0 0 0 0 0 0 0 0 0 0|            Reserved           |
472	   +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
473	             Figure 5: PHB_Class parameter

475	4.1.2.  PHR container

477	   This section describes the parameters used by the PHR container.

479	   <PHR RMD-QOSM control information> = <Overload %>, <S>,<M>,
480	   <Admitted Hops>, <B>, <Hop_U> <Time Lag>

482	   The bit format of the PHR container can be seen in Figure 6. Note
483	   that in Figure 6 <Hop U> is represented as <U>.

485	     0                   1                   2                   3
486	     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
487	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
488	    |0|E|N|T|       Container ID    |r|r|r|r|          1            |
489	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
490	    |S|M| Admitted  Hops|B|U| Time  Lag     |  Overload %  | Empty|
491	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

493	        Figure 6: PHR container

495	   Parameter/Container ID:
496	   8 bit field, indicating the PHR type: PHR_Resource_Request,
497	   PHR_Release_Request, PHR_Refresh_Update.  It is used to further
498	   specify QoS-NSLP RESERVE and RESPONSE messages.

500	   "PHR_Resource_Request" (Container ID = 1): initiate or
501	   update the traffic class reservation state on all nodes located on
502	   the communication path between the QNE(Ingress) and QNE(Egress)
503	   nodes.

505	   "PHR_Refresh_Update" (Container ID = 2): refresh the
506	   traffic class reservation soft state on all nodes located on the
507	   communication path between the QNE(Ingress) and QNE(Egress)
508	   nodes according to a resource reservation request that was
509	   successfully processed during a previous refresh period.

511	   "PHR_Release_Request" (Container ID = 3): explicitly
512	   release, by subtraction, the reserved resources for a particular flow
513	   from a traffic class reservation state.

515	   <S> (Severe Congestion):
516	   1 bit.  In case of a route change refreshing RESERVE messages
517	   follow the new data path, and hence resources are requested
518	   there.  If the resources are not sufficient to accommodate the new
519	   traffic sever congestion occurs.  Congested Interior nodes SHOULD
520	   notify edge QNEs about the congestion by setting the
521	   S bit.

523	   <Overload %>:
524	   8 bits In case of severe congestion the level of overload is
525	   indicated by the Overload %.  Overload % SHOULD be higher than 0 if
526	   S bit is set.  If overload in a node is greater than the overload
527	   in a previous node then Overload % SHOULD be updated.

529	   <M>:
530	   1 bit.  In case of unsuccessful resource reservation or resource
531	   query in an Interior QNE, this QNE sets the M bit in order to
532	   notify the Egress QNE.

534	   <Admitted Hops>:
535	   8 bit field.  The <Admitted Hops> counts the number of hops in the
536	   RMD domain where the reservation was successful.  The <Admitted
537	   Hops> is set to "0" when a RESERVE message enters a domain and it is
538	   increased by one at each Interior QNE.  However when a QNE that does
539	   not have sufficient resources to admit the reservation is reached,
540	   the M Bit is set, and the <Admitted Hops> value is frozen.

542	   <Hop_U> (NSLP_Hops unset):
543	   1-bit. The QNE(Ingress) node MUST set the <Hop_U> parameter to
544	   0.  This parameter SHOULD be set to "1" by a node when the node does
545	   not increase the <Admitted Hops> value. This is the case when an
546	   RMD-QOSM reservation-based node is not admitting the reservation
547	   request. When <Hop_U> is set "1" the <Admitted Hops> SHOULD NOT be
548	   changed.

550	   <B>: 1 bit.  Indicates bi-directional reservation.

552	   <Time Lag>: 8 bit field.  The time lag used in a sliding window
553	   over the refresh period.

555	4.1.3.  PDR container

557	   This section describes the parameters of the PDR container.

559	   The bit format of the PDR container can be seen in Figure 7.

561	   <PDR RMD-QOSM control information> = <Overload %>  <S> <M> <Max
562	   Admitted Hops> <B> [<PDR Reverse Requested Resources>]

564	   Note that in Figure 7 <Max Admitted Hops> is represented as
565	   <Max Adm Hops>.

567	       0                   1                   2                   3
568	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
569	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
570	      |0|E|N|T|   Container ID        |r|r|r|r|          2            |
571	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
572	      |S|M| Max Adm  Hops |B|  Overload %   |       Empty             |
573	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
574	      |PDR Reverse Requested Resources(32-bit IEEE floating p.number) |
575	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

577	        Figure 7: PDR container

579	   Parameter/Container ID:

581	   8-bit field identifying the type of PDR container field.

583	   "PDR_Reservation_Request" (Parameter/Container ID = 4): generated by
584	   the QNE(Ingress) node in order to initiate or update the QoS-NSLP
585	   per domain reservation state in the QNE(Egress) node

587	   "PDR_Refresh_Request" (Parameter/Container ID = 5): generated by the
588	   QNE(Ingress) node and sent to the QNE(Egress) node to refresh,
589	   in case needed, the QoS-NSLP per domain reservation states
590	   located in the QNE(Egress) node
591	   "PDR_Release_Request" (Parameter/Container ID = 6): generated and
592	   sent by the QNE(Ingress) node to the QNE(Egress) node to release
593	   the per domain reservation states explicitly

595	   "PDR_Reservation_Report" (Parameter/Container ID = 7): generated and
596	   sent by the QNE(Egress) node to the QNE(Ingress) node to
597	   report that a "PHR_Resource_Request" and a
598	   "PDR_Reservation_Request" control information fields have been
599	   received and that the request has been admitted or rejected

601	   "PDR_Refresh_Report" (Parameter/Container ID = 8) generated and sent
602	   by the QNE(Egress) node in case needed, to the QNE(Ingress) node
603	   to report that a "PHR_Refresh_Update" control information
604	   field has been received and has been processed

606	   "PDR_Release_Report" (Parameter/Container ID = 9) generated and sent
607	   by the QNE(Egress) node in case needed, to the QNE(Ingress) node
608	   to report that a "PHR_Release_Request" and a
609	   "PDR_Release_Request" control information fields have been
610	   received and have been processed.

612	   "PDR_Congestion_Report" (Parameter/Container ID = 10): generated and
613	   sent by the QNE(Egress) node to the QNE(Ingress) node and used for
614	   congestion notification

616	   <S> (PDR Severe Congestion):
617	   1-bit.  Specifies if a severe congestion situation occurred.
618	   It can also carry the <S> parameter of the
619	   "PHR_Resource_Request" or "PHR_Refresh_Update" fields.

621	   <Overload %>:
622	   8-bit.  It includes the Overload % of the
623	   "PHR_Resource_Request" or "PHR_Refresh_Update" control
624	   information fields, indicating the level of overload to the Ingress
625	   node.

627	   <M> (PDR Marked):
628	   1-bit.  Carries the <M> value of the "PHR_Resource_Request" or
629	   "PHR_Refresh_Update" control information fields.

631	   <B>: 1 bit Indicates bi-directional reservation.

633	   <Max Admitted Hops>:
634	   8-bit.  The <Admitted Hops> value that has been carried by the
635	   PHR container field used to identify the RMD reservation based node
636	   that admitted or process a "PHR_Resource_Request"
637	   <PDR Reverse Requested Resources>
638	   32 bits.  This field only applies when the "B" flag is set to
639	   "1".  It specifies the requested number of units of resources
640	   that have to be reserved by a node in the reverse direction
641	   when the intra-domain signaling procedures require a bi-
642	   directional reservation procedure.

644	4.2.  Message format

646	   The format of the messages used by the RMD-QOSM complies with the
647	   QoS-NSLP specification.  As specified in [QoS-NSLP], for each
648	   QoS-NSLP message type, there is a set of rules for the permissible
649	   choice of object types.  These rules are specified using Backus-Naur
650	   Form (BNF) augmented with square brackets surrounding optional
651	   sub-sequences.  The BNF implies an order for the objects in a
652	   message.  However, in many (but not all) cases, object order makes no
653	   logical difference.  An implementation SHOULD create messages with
654	   the objects in the order shown here, but accept the objects in any
655	   permissible order.

657	   The format of a local (intra-domain) RESERVE message used by the
658	   RMD-QOSM is:

660	   RESERVE = COMMON_HEADER
661	           RSN [ RII ] [ REFRESH_PERIOD ]
662	           [ 2*BOUND_SESSION_ID ] [ POLICY_DATA ]
663	           [ PACKET_CLASSIFIER ] [ RMD-QSPEC ]

665	   The format of a Query message used by the RMD-QOSM is as follows:

667	   QUERY = COMMON_HEADER
668	       [ RII ] [ 2*BOUND_SESSION_ID ] [ POLICY_DATA ]
669	       [ PACKET_CLASSIFIER ] [ RMD-QSPEC ]

671	   A QUERY message MUST contain an RII object to indicate a RESPONSE is
672	   desired, unless the QUERY is being used to initiate reverse-path
673	   state for a receiver-initiated reservation.

675	   The format of a local (intra-domain) RESPONSE message used by
676	   the RMD-QOSM is as follows:

678	   intra-domain RESPONSE = COMMON_HEADER
679	                 [ RII / RSN ] INFO_SPEC [ RMD-QSPEC ]

681	   The format of an end-to-end RESPONSE message that is used by the
682	   RMD-QOSM to carry an intra-domain RESPONSE message is as follows:

684	   RESPONSE = COMMON_HEADER [RII/RSN] INFO_SPEC [RMD-QSPEC] [*QSPEC]

686	   The format of a NOTIFY message used by the RMD-QOSM is as follows:

688	   NOTIFY = COMMON_HEADER INFO_SPEC [ RMD-QSPEC ]

690	   All objects, except RMD-QSPEC objects, are specified in [QoS-NSLP].

692	4.3.  RMD node state management

694	   The QoS-NSLP state creation and management is specified in
695	   [QoS-NSLP].  This section describes the state creation and
696	   management functions of the Resource Management Function (RMF) in
697	   the RMD nodes.

699	4.3.1 Aggregated versus per flow reservations at the QNE edges

701	   The QNE edges maintain for the RMD QoS model either per flow, or
702	   aggregated QoS-NSLP reservation states.  Each per flow or aggregated
703	   QoS-NSLP reservation state, associated with the RMD-QOS model, is
704	   identified by a NTLP SESSION_ID (see [GIMPS]).  In RMD, these states
705	   are denoted as PDR states.

707	   In the situation where the QNE edges maintain aggregated QoS-
708	   NSLP reservation states then these states have to maintain the
709	   SESSION_ID of the aggregated state, the IP addresses of the Ingress
710	   and Egress nodes, the PHB value and the size of the aggregated
711	   reservation, e.g., reserved bandwidth.

713	   The size of the aggregation is specified in Section 1.4.4 of
714	   [RFC 3175].  The size of the aggregated reservations needs to be
715	   greater or equal to the sum of bandwidth of the inter domain
716	   (end-to-end) reservations it aggregates.  Some policy can be used
717	   to maintain the amount of required bandwidth on a given aggregated
718	   reservation by taking into account the sum of the underlying inter
719	   domain (end-to-end) reservations, while endeavoring to change
720	   reservation less frequently.  This MAY require a trend analysis.
721	   If there is a significant probability that in the next interval of
722	   time the current aggregated reservation is exhausted, the Ingress
723	   router MUST predict the necessary bandwidth and request it.  If the
724	   Ingress router has a significant amount of bandwidth reserved but
725	   has very little probability of using it, the policy MAY predict the
726	   amount of bandwidth required and release the excess.  To increase or
727	   decrease the aggregate, the RMD modification procedures SHOULD be
728	   used (see Section 4.6.1.4).

730	4.3.2  Measurement-based method

732	   The measurement based method can be classified in two schemes:

734	   * Congestion notification based on probing:

736	   In this scheme the interior nodes are Diffserv aware but not NSIS
737	   aware nodes. Each interior node measures the bandwidth that is used
738	   by each PHB traffic class. This value is stored in an RMD_QOSM state.
739	   For each traffic belonging to a PHB traffic class a congestion
740	   threshold is set. The value of this threshold SHOULD be stored
741	   in another RMD_QOSM state. In this scenario end-to-end NSIS message
742	   is used as a probe packet.  In this case that the DSCP field of the
743	   GIST message is re-marked when the predefined congestion threshold is
744	   exceeded in an interior node.

746	   * NSIS measurement-based admission control:

748	   The measurement based admission control is implemented in NSIS aware
749	   stateless routers. In particular, the QNE Interior nodes operating in
750	   NSIS measurement-based mode are QoS-NSLP stateless nodes, i.e., they
751	   do not support any QoS-NSLP or NTLP/GIMPS states.  These measurement-
752	   based nodes store two RMD-QOSM states per PHR group.  These states
753	   reflect traffic conditions at the node and are not affected by any
754	   QoS-NSLP signaling. One state stores the measured user traffic load
755	   associated with the PHR group and another state stores the maximum
756	   traffic load that can be admitted per PHR group. When a measurement-
757	   based node receives a local RESERVE message, it compares the
758	   requested resources to the available resources (maximum allowed minus
759	   current load) for the requested PHR group.  If there are insufficient
760	   resources, it sets the <M> bit in the RMD-QSpec. No change to the
761	   RMD-QSpec is made when there are sufficient resources.

763	4.3.3  Reservation-based method

765	   QNE Interior nodes operating in reservation-based mode are QoS-NSLP
766	   reduced state nodes, i.e., they do not store NTLP/GIMPS states but
767	   they do store per PHB-aggregated QoS-NSLP states.

769	   The reservation-based PHR installs and maintains one reservation
770	   state per PHB, in all the nodes located in the
771	   communication path from the QNE Ingress node up to the QNE Egress
772	   node.  This state represents the number of currently reserved
773	   resource units.  Thus, the QNE Ingress node signals only the
774	   resource units requested by each flow.  These resource units, if
775	   admitted, are added to the currently reserved resources per PHB.

777	   For each PHB a threshold is maintained that specifies the maximum
778	   number of resource units that can be reserved.  This threshold
779	   could, for example, be statically configured.

781	   The per-PHB group reservation states are soft states, which are
782	   refreshed by sending periodic refresh local RESERVE messages. If a
783	   refresh message corresponding to a number of reserved resource units
784	   is not received, the aggregated reservation state is decreased in
785	   the next refresh period by the corresponding amount of resources
786	   that were not refreshed. The refresh period can be refined using a
787	   sliding window algorithm described in [RMD3].

789	   The reserved resources for a particular flow can also be
790	   explicitly released from a PHB reservation state by means of a PHR
791	   release message.  The usage of explicit release enables the
792	   instantaneous release of the resources regardless of the length of
793	   the refresh period.  This allows a longer refresh period, which also
794	   reduces the number of periodic refresh messages.

796	4.4.  Transport of RMD-QOSM messages

798	   The intra-domain (local) messages used by the RMD-QOSM MUST operate
799	   in the NTLP/GIMPS Datagram mode (see [GIMPS]).  Therefore, the NSLP
800	   functionality available in all QoS NSLP nodes that are able to
801	   support the RMD-QOSM MUST require the intra-domain GIMPS
802	   functionality available in these nodes to operate in the datagram
803	   mode, i.e., require GIMPS to:

805	   * operate in unreliable mode. This can be satisfied by passing this
806	     requirement from the QoS-NSLP layer to the GIMPS layer via the API
807	     transfer-attributes.

809	   * do not create a message association state. This requirement can be
810	     satisfied by a local policy, e.g., the QNE is configured to do not
811	     create a message association state

813	   * do not create any NTLP routing state. This can be satisfied by
814	     passing this requirement from the QoS-NSLP layer to the GIMPS layer
815	     via the API.

817	   All the intra-domain local messages are transported using the GIMPS
818	   data messages (see [GIMPS]). At the ingress the original
819	   (end-to-end) RESERVE message is forwarded but ignored by the
820	   stateless or reduced-state nodes, see Figure 3. The intermediate
821	   (interior) nodes are bypassed using multiple levels of the router
822	   alert option. In that case, interior routers are configured to handle
823	   only certain levels of router alert (RAO) values. This is
824	   accomplished by marking the end-to-end RESERVE message, i.e.,
825	   modifying the QoS-NSLP default NSLP-ID value to another NSLP-ID
826	   predefined value.

828	   The marking MUST be accomplished by the ingress by modifying the
829	   QoS_NSLP default NSLP-ID value to a NSLP-ID predefined value. In this
830	   way the egress MUST stop this marking process by reassigning the
831	   QoS-NSLP default NSLP-ID value to the original (end-to-end) RESERVE
832	   message. Note that the assignment of these NSLP-ID values is a QOS-
833	   NSLP issue, which should be accomplished via IANA.

835	4.5  Edge discovery and addressing of messages

837	   Mainly, the Egress node discovery can be performed either by using
838	   the GIMPS discovery mechanism [GIMPS], manual configuration or any
839	   other discovery technique.  The addressing of signaling messages
840	   depends on the used GIMPS transport mode.  The RMD QoS signaling
841	   messages that are processed only by the edge nodes use the peer-peer
842	   addressing of the GIMPS connection (C) mode.  RMD QoS signaling
843	   messages that are processed by all nodes of the Diffserv domain,
844	   i.e., edges and Interior nodes, use the end-end addressing of the

846	   GIMPS datagram (D) mode.  RMD QoS signaling messages that are
847	   addressed to the data path end nodes are intercepted by the Egress
848	   nodes.

850	4.6.  Operation and sequence of events

852	   This section describes the operation and the sequence of events in
853	   the RMD-QOSM.

855	4.6.1.  Basic unidirectional operation

857	   This section describes the basic unidirectional operation and
858	   sequence of events of the RMD-QOSM.  The following basic operation
859	   cases are distinguished:

861	   * Successful reservation (Section 4.6.1.1),
862	   * Unsuccessful reservation (Section 4.6.1.2),
863	   * RMD refresh reservation (Section 4.6.1.3),
864	   * RMD modification of aggregated reservation (4.6.1.4)
865	   * RMD release procedure (Section 4.6.1.5)
866	   * Severe congestion handling (Section 4.6.1.6)
867	   * Admission control using congestion notification based on probing
868	     (Section 4.6.1.7).

870	   The QNEs at the edges of the RMD domain support the RMD QoS Model and
871	   end-to-end QoS models, which process the RESERVE message differently.
872	   Note that the term end-to-end QoS model applies to any QoS model that
873	   is initiated and terminated outside the RMD-QOSM aware domain.
874	   However, there might be situations where a QoS model is initiated
875	   and/or terminated by the QNE edges and is considered to be an end-to-
876	   end QoS model. This can occur when the QNE edge can also operate as a
877	   QNI or as a QNR. Note that the described functionality applies to the
878	   RMD reservation-based and to the NSIS measurement-based admission
879	   control methods.  The QNE Edge nodes maintain either per flow QoS-
880	   NSLP reservation states or aggregated QoS-NSLP reservation states.
881	   When the QNE edges maintain aggregated QoS-NSLP reservation states,
882	   the RMD-QOSM functionality may accomplish a RMD modification
883	   procedure (see Section 4.6.1.4), instead of the reservation
884	   initiation procedure that is described in this subsection.

886	4.6.1.1.  Successful reservation

888	   This section describes the operation of the RMD-QOSM where a
889	   reservation is successfully accomplished.

891	   The QNI generates the initial RESERVE message, and it is forwarded
892	   by the NTLP as usual [GIMPS].

894	4.6.1.1.1. Operation in Ingress node

896	   When an end-to-end reservation request (RESERVE) arrives at the
897	   Ingress node (QNE), see Figure 8, it is processed based on the
898	   procedures defined by the end-to-end QoS model.  Subsequently, the
899	   RMD QoS Description: <Bandwidth> and <PHB Class> are derived from
900	   the QoS Description of the end-to-end QSpec.

902	   As described in Section 4.3.1, the QNE edges maintain for the RMD
903	   QoS model either per flow, or aggregated QoS-NSLP reservation
904	   states, which are identified by (local NTLP) SESSION_IDs (see
905	   [GIMPS]). Note that this NTLP SESSION ID is a different one than
906	   the SESSION_ID associated with the end-to-end RESERVE message.

908	   If the request was satisfied locally (see Section 4.3), the Ingress
909	   QNE node generates two RESERVE messages: one intra-domain and
910	   one end-to-end RESERVE messages.  These are bounded together
911	   including one BOUND_SESSION_ID object in the intra-domain RESERVE
912	   message.

914	   The intra-domain RESERVE message is associated with the (local NTLP)
915	   SESSION ID mentioned above. The selection of the IP source and IP
916	   destination address of this message depends on if and how the
917	   different inter domain (end-to-end) flows can be aggregated by the
918	   QNE Ingress node (see Section 4.3.1).

920	   If no QOS-NSLP aggregation
921	   procedure at the QNE edges is possible then the IP source and IP
922	   destination address of this message MUST be equal to the IP Source
923	   and IP destination addresses of the data flow.  The intra-domain
924	   RESERVE message must be sent using the NTLP datagram mode, see
925	   Section 4.4. In addition, the intra-domain RESERVE (RMD-QSPEC)
926	   message MUST include a PHR container (PHR_Resource_Request) and the
927	   "RMD QOS Description" field.

929	   The end-to-end RESERVE message includes the end-to-end QSpec and it
930	   is sent to the Egress QNE.  If the end-to-end QSpec does not carry
931	   an RII object, then the A (Acknowledgment) flag MUST be set ON.
932	   Otherwise the A flag MUST be set OFF.

934	   Note that after completing the initial discovery phase, the GIMPS
935	   connection mode can be used between the QNE Ingress and QNE Egress.
936	   The end-to-end RESERVE message is forwarded using the GIMPS
937	   forwarding procedure to bypass the Interior stateless or reduced-
938	   state QNE nodes, see Figure 8.  The bypassing procedure is
939	   described in Section 4.4. At the QNE Ingress the end-to-end RESERVE
940	   message is marked, i.e., modifying the QoS-NSLP default NSLP-ID value
941	   to another NSLP-ID predefined value, which corresponds to a RAO value
942	   that will be used by the GIST message carrying the end-to-end
943	   RESPONSE message to bypass the QNE Interior nodes. Note that the QNE
944	   Interior nodes, see [GIMPS], are configured to handle only certain
945	   levels of router alert (RAO) values.

947	   Furthermore, note that the initial discovery phase and the process of
948	   sending the end-to-end RESERVE message towards the QNE Egress MAY be
949	   accomplished simultaneously.

951	   The (initiating) intra-domain RESERVE message MUST be used and/or
952	   set by the QNE Ingress as follows:

954	   *  the value of the <RSN> object SHOULD be the same as the value
955	      of the RSN object of the end-to-end RESERVE message;

957	   *  the value of the <BOUND_SESSION_ID> object MUST be the session
958	      ID associated to the end-to-end RESERVE message. Furthermore, if
959	      the QNE Edge nodes maintain per flow QoS-NSLP reservation states
960	      then the value of Binding_Code = 0x01 (Tunnel and end-to-end
961	      sessions). If the QNE edge nodes maintain aggregated QoS-NSLP
962	      reservation states then the value of Binding_Code = 0x03
963	      (Aggregate sessions).

965	   *  the SCOPING flag SHOULD not be set, meaning that a default
966	      scoping of the message is used.  Therefore, the QNE edges MUST
967	      be configured as boundary nodes and the QNE Interior nodes
968	      MUST be configured as Interior (intermediary) nodes;

970	   *  The <RII> object is not included in this message;

972	   *  The flag REPLACE MUST be UNSET (set to FALSE = 0);

974	   *  the value of the <REFRESH_PERIOD> object MUST be calculated
975	      and set by the QNE Ingress node, see also Section 4.6.1.3;

977	*  the value of the <PACKET_CLASSIFIER> object SHOULD be associated
978	   with the path-coupled routing MRM. The flag that has to be set is
979	   the flag T (traffic class) meaning that the packet classification
980	   of packets is based on the DSCP value included in the IP header of
981	   the packets. Note that the DSCP value SHOULD be obtained from the
982	   MRI values obtained from GIST.

984	   *  the PHR resource units MUST be included into the <Bandwidth>
985	      parameter of the "RMD QoS Description" field;

987	   *  the value of the Parameter/Container ID field of the PHR container
988	      MUST be set to 1, (i.e., PHR_Resource_Request;)

990	   *  the value of the <Admitted Hops> parameter in the PHR container
991	      MUST be set to "1";

993	   *  the value of the <Hop_U> parameter in the PHR container MUST be
994	      set to "0";

996	   *  the flag "Acknowledge" (A) MUST be set "OFF";

998	   *  In a single-domain case the PDR container MAY not be included into
999	      the message.

1001	   When an end-to-end RESPONSE(PDR) message is received by the QNE
1002	   Ingress node, the RMD-QSPEC, see Section 4.6.1.1.3, has to be
1003	   identified, processed and removed from the end-to-end RESPONSE
1004	   message.  The QoS-NSLP state in the QNE Ingress stores and maintains
1005	   the binding between each end-to-end session and each intra-domain
1006	   session. In this way the QNE Ingress can match the PHR container that
1007	   has been carried by the intra-domain RESERVE with the received PDR
1008	   container that has been carried by the end-to-end RESPONSE message.
1009	   The RMD QoS model functionality is notified by reading the <M>
1010	   parameter of the "PDR RMD control information" container that the
1011	   reservation has been successful.

1013	   Furthermore, the INFO_SPEC object SHOULD be read by the QoS-NSLP
1014	   functionality. In case of successful reservation the INFO_SPEC object
1015	   SHOULD have the following values:

1017	   * Error Class: 0x02
1018	   * Error Code: 0x02 Reservation created: reservation installed on
1019	                  complete path
1020	   * Error Subcode: this value depends on the used end-to-end QoS model,
1021	                     but the default value is 0x00.

1023	   If the end-to-end RESPONSE message has to be forwarded to a
1024	   node outside the RMD-QOSM aware domain then the non-default values of
1025	   the objects contained in this message (i.e., <RII/RSN>, <INFO_SPEC>,
1026	   [ *QSPEC ]) MUST be used and set by the QOS-NSLP protocol functions
1027	   of the QNE.

1029	4.6.1.1.2 Operation in the Interior nodes

1031	   Each QNE Interior node MUST use the QoS-NSLP and RMD-QOSM parameters
1032	   of the intra-domain RESERVE (RMD-QSPEC) message as follows:

1034	   the values of the <RSN>, <RII>, <PACKET_CLASSIFIER>,
1035	      <REFRESH_PERIOD>, <BOUND_SESSION_ID>, <POLICY_DATA> objects are
1036	      not changed, i.e., equal to the values set by the QNE Ingress.
1037	      Note that these values are not used by the QNE Interiors.
1038	      The interior node is informed by the <PACKET_CLASSIFIER> object
1039	      that the packet classification should be done on the DSCP value.
1040	      The value of the DSCP value SHOULD be obtained via the MRI
1041	      parameters that the QoS-NSLP receives from GIST.

1043	   *  The flag REPLACE MUST be UNSET (set to FALSE = 0);

1045	   *  the flag "Acknowledge" (A) SHOULD be set "OFF";

1047	   *  the value of <Bandwidth> parameter of the "RMD QoS
1048	      Description" field is used by the QNE Interior node for
1049	      admission control, see Section 4.3.2 and Section 4.3.3;

1051	   *  in case of the RMD reservation-based procedure, and if these
1052	      resources are admitted are going to be added to the currently
1053	      reserved resources per PHB and therefore they will become a
1054	      part of the per RMD traffic class (PHB) reservation state.
1055	      Furthermore, the value of the <Admitted Hops> parameter in the
1056	      PHR container has to be increased by one;

1058	   *  in case of the RMD measurement based method, and if these
1059	      resources are admitted, using a MBAC algorithm, the number of
1060	      this resources will be used to update the MBAC algorithm.

1062	4.6.1.1.3 Operation in the Egress node

1064	   When the intra-domain RESERVE(RMD-QSPEC) is received by the QNE
1065	   Egress node of the session associated with the intra-domain
1066	   RESERVE(RMD-QSPEC) (the PHB session) with the session included in
1067	   its <BOUND_SESSION_ID> object MUST be bounded.  The session included
1068	   in the <BOUND_SESSION_ID> object is the session associated with the
1069	   end-to-end RESERVE message.
1070	   Note that if the QNE Edge nodes maintain per flow QoS-NSLP
1071	   reservation states then the value of Binding_Code = 0x01 (Tunnel and
1072	   end-to-end sessions). If the QNE edge nodes maintain aggregated QoS-
1073	   NSLP reservation states then the value of Binding_Code = 0x03
1074	   (Aggregate sessions).

1076	   The end-to-end RESERVE message is only forwarded further, towards
1077	   QNR, if the processing of the intra-domain RESERVE(RMD-QSPEC)
1078	   message was successful at all nodes in the RMD domain. Otherwise the
1079	   inter domain (end-to-end) reservation is considered as being failed.
1080	   In this case a RESPONSE message is sent towards the QNE ingress with
1081	   the following INFO_SPEC values:
1082	   Error Class: 0x04 Transient Failure
1083	   Error Code: 0x0c Mismatch synchronization between end-to-end RESERVE
1084	   and intra-domain RESERVE
1085	   Error Subcode: 0x00

1087	   If the (A) flag carried by the end-to-end RESERVE message was set to
1088	   ON, then a one hop (end-to-end) RESPONSE message MUST be generated
1089	   by the QNE Egress, see [QoS-NSLP].
1090	Otherwise, the QNE Egress MUST wait for the
1091	   end-to-end RESPONSE message that has the same SESSION ID as the
1092	   end-to-end RESERVE message forwarded towards QNR.

1094	   Furthermore, the QNE Egress MUST stop the marking process that was
1095	   used to bypass the QNE Interior nodes by reassigning the QoS-NSLP
1096	   default NSLP-ID value to the end-to-end RESERVE message, see
1097	   Section 4.4.

1099	   The non-default values of the objects contained in the end-to-end
1100	   RESPONSE(PDR) message MUST be used and/or set by the QNE Egress as
1101	   follows:

1103	* the values of the <RII/RSN>, <INFO_SPEC>,
1104	   [ *QSPEC ] objects are
1105	      set by the standard QoS-NSLP protocol.  The INFO_SPEC object
1106	      SHOULD be set by the QoS-NSLP functionality.
1107	      In case of successful reservation the INFO_SPEC object SHOULD have
1108	      the following values: Error Class: 0x02, Error Code: 0x02,
1109	      Reservation created: reservation installed on complete path, Error
1110	      Subcode: this value depends on the used end-to-end QoS model, but
1111	      the default value is 0x00.

1113	QNE (Ingress)     QNE (Interior)        QNE (Interior)    QNE (Egress)
1114	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1115	    |                    |                   |                    |
1116	RESERVE                  |                   |                    |
1117	--->|                    |                   |     RESERVE        |
1118	    |------------------------------------------------------------>|
1119	    |RESERVE(RMD-QSPEC)  |                   |                    |
1120	    |------------------->|                   |                    |
1121	    |                    |RESERVE(RMD-QSPEC) |                    |
1122	    |                    |------------------>|                    |
1123	    |                    |                   | RESERVE(RMD-QSPEC) |
1124	    |                    |                   |------------------->|
1125	    |                    |                   |                RESERVE
1126	    |                    |                   |                    |-->
1127	    |                    |                   |                RESPONSE
1128	    |                    |                   |                    |<--
1129	    |                    |RESPONSE(PDR)      |                    |
1130	    |<------------------------------------------------------------|
1131	RESPONSE                 |                   |                    |
1132	<---|                    |                   |                    |

1134	Figure 8: Basic operation of successful reservation procedure used by
1135	          the RMD-QOSM

1137	   In addition to the above, the QNE Egress MUST also generate a RMD-
1138	   QSPEC object that is carried by the end-to-end RESPONSE (PDR)
1139	   message, see Section 4.2.

1141	   The following parameters of the RMD-QSPEC object MUST be used and/or
1142	   set in the following way:

1144	   *  the value of the Parameter/Container ID field of the PDR container
1145	      MUST be set "7" (i.e., PDR_Reservation_Report);

1147	   *  the value of the <M> field of the PDR container MUST be equal to
1148	      the value of the <M> parameter of the PHR container that was
1149	      carried by its associated intra-domain RESERVE (RMD-QSPEC)
1150	      message.

1152	   The end-to-end RESPONSE(PDR) message is addressed and sent to its
1153	   upstream QoS-NSLP neighbor, i.e., QNE Ingress node. Note that for all
1154	   upstream messages the RAO is not set.  Therefore, all Interior nodes
1155	   ignore the end-to-end RESPONSE messages.

1157	4.6.1.2.  Unsuccessful reservation

1159	   This section describes the operation where a request for reservation
1160	   cannot be satisfied by the RMD-QOSM.

1162	   The QNE Ingress, the QNE Interior and QNE Egress nodes process and
1163	   forward the end-to-end RESERVE message and the intra-domain
1164	   RESERVE(RMD-QSPEC) message in the same way as specified in Section
1165	   4.6.1.1.  The main difference between the unsuccessful operation and
1166	   successful operation is that one of the QNE nodes does not admit the
1167	   request due to lack of resources.  This also means that the QNE edge
1168	   node MUST NOT forward the end-to-end RESERVE message towards the
1169	   QNR node.

1171	   Note that the described functionality applies to the
1172	   RMD reservation-based and to the NSIS measurement-based admission
1173	   control methods.  The
1174	   QNE Edge nodes maintain either per flow QoS-NSLP reservation states
1175	   or aggregated QoS-NSLP reservation states. When the QNE edges
1176	   maintain aggregated QoS-NSLP reservation states, the RMD-QOSM
1177	   functionality may accomplish a RMD modification procedure (see
1178	   Section 4.6.1.4), instead of the reservation initiation procedure
1179	   that is described in this subsection.

1181	4.6.1.2.1 Operation in the Ingress nodes

1183	   When an end-to-end RESERVE message arrives to the QNE Ingress and
1184	   if there are no resources available locally, the QNE Ingress MUST
1185	   reject this end-to-end RESERVE message and sends a RESPONSE message
1186	   back to the sender, using a standard QoS-NSLP procedure.

1188	   In case of the RMD reservation based scenario, and if the
1189	   intra-domain reservation request is not admitted by the QNE Interior
1190	   node then the <Hop_U> and <M> parameters of the PHR container MUST be
1191	   set to "1".  The <Admitted Hops> counter MUST NOT be increased.

1193	   In case of the RMD measurement based scenario, and if the
1194	   intra-domain reservation query (i.e., intra-domain
1195	   RESERVE(RMD-QSPEC) is not admitted by the MBAC algorithm then the
1196	   <M> parameter of the PHR container MUST be set to "1".

1198	   When an end-to-end RESPONSE(PDR) message is received by an Ingress
1199	   node, see Section 4.6.1.2.3, the following actions take place. The
1200	   non-default values of the objects contained in the end-to-end
1201	   RESPONSE (PDR) message MUST be used and/or set by the QNE Ingress
1202	   node as follows:

1204	   *  the values of the <RII/RSN>, [<INFO_SPEC> ],
1205	      [*QSPEC] objects are set by standard QoS-NSLP protocol functions.
1206	      Furthermore, the INFO_SPEC object SHOULD be read by the QoS-NSLP
1207	      functionality. In case of unsuccessful reservation the INFO_SPEC
1208	      object SHOULD have the following values: Error Class: 0x04,
1209	      (Transient Failure), Error Code: 0x01 Requested resources not
1210	      available, Error Subcode: this value depends on the used
1211	      end-to-end QoS model, but the default value is 0x00.

1213	   *  the RMD-QSPEC object, see Section 4.2, has to be processed
1214	      and removed.  The RMD Resource Management Function (RMF) is
1215	      notified by reading the <M> parameter of the PDR container that
1216	      the reservation has been unsuccessful. Note that when the QNE
1217	      edges maintain a per flow QoS-NSLP reservation state the RMD-QOSM
1218	      functionality, has to start an RMD release procedure (see Section
1219	      4.6.1.5). When the QNE edges maintain aggregated QoS-NSLP
1220	      reservation states the RMD-QOSM functionality may start a RMD
1221	      modification procedures (see Section 4.6.1.4).

1223	4.6.1.2.2 Operation in the Interior nodes

1225	   In general, if a QNE Interior node receives a PHR container, of type
1226	   "PHR_Resource_Request", with the <M> parameter set to "1" then this
1227	   PHR container and the "RMD QoS Description" field MUST NOT be
1228	   Processed.

1230	4.6.1.2.3 Operation in the Egress nodes

1232	   In the RMD reservation based and RMD measurement based scenario, when
1233	   the <M> marked intra-domain RESERVE(RMD-QSPEC) is received by the
1234	   QNE Egress node (see Figure 9) the session associated with the intra-
1235	   domain RESERVE(RMD-QSPEC) (the PHB session) and the session included
1236	   in its BOUND_SESSION_ID object MUST be bounded.  The session included
1237	   in the <BOUND_SESSION_ID> object is the session associated with the
1238	   end-to-end RESERVE.

1240	   The QNE Egress node MUST generate an end-to-end RESPONSE message
1241	   that will have to be sent to its previous stateful QoS-NSLP hop.

1243	   *  the values of the <RII/RSN>, <INFO_SPEC>, [*QSPEC] objects are set
1244	     by the standard QoS-NSLP protocol functions. In case of
1245	     unsuccessful reservation the INFO_SPEC object SHOULD have the
1246	     following values: Error Class: 0x04 (Transient Failure), Error
1247	     Code: 0x01 (Requested resources not available) Error Subcode: this
1248	     value depends on the used end-to-end QoS model, but the default
1249	     value is 0x00.

1251	QNE (Ingress)    QNE (Interior)       QNE (Interior)      QNE (Egress)
1252	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1253	    |                    |                   |                    |
1254	RESERVE                  |                   |                    |
1255	--->|                    |                   |     RESERVE        |
1256	    |------------------------------------------------------------>|
1257	    |RESERVE(RMD-QSPEC)  |                   |                    |
1258	    |------------------->|                   |                    |
1259	    |                    |RESERVE(RMD-QSPEC:M =1)                 |
1260	    |                    |------------------>|                    |
1261	    |                    |                   | RESERVE(RMD-QSPEC:M=1)
1262	    |                    |                   |------------------->|
1263	    |                    |RESPONSE(PDR)      |                    |
1264	    |<------------------------------------------------------------|
1265	RESPONSE                 |                   |                    |
1266	<---|                    |                   |                    |
1267	RESERVE(RMD-QSPEC: Tear=1, M=1, <Admitted Hops>=<Max_Admitted Hops>
1268	    |------------------->|                   |                    |

1270	Figure 9: Basic operation during unsuccessful reservation
1271	          initiation used by the RMD-QOSM

1273	   In addition to the above, similarly to the successful operation,
1274	   see Section 4.6.1.1.3, the QNE Egress MUST also generate an RMD-QSPEC
1275	   object that is carried by the end-to-end RESPONSE message.

1277	   The following fields of the RMD-QSPEC object MUST be used and/or set
1278	   in the following way:

1280	   *  the value of the <PDR Control Type> of the PDR container MUST be
1281	      set to "7" (PDR_Reservation_Report);

1283	   *  the value of the <Admitted Hops> parameter of the PHR container
1284	      included in the received <M> marked PDR container MUST be included
1285	      in the <Max_Admitted Hops> parameter of the PDR container;

1287	   *  the value of the <M> parameter of the PDR container MUST be set to
1288	      "1".

1290	4.6.1.3 RMD refresh reservation

1292	   In case of RMD measurement-based method, QoS-NSLP states in the RMD
1293	   domain are not maintained, therefore, the end-to-end RESERVE
1294	   (refresh) message is sent directly to the QNE Egress.

1296	   The refresh procedure in case of RMD reservation-based method
1297	   follows a similar scheme as the reservation process, shown in Figure
1298	   3. If the RESERVE messages arrive within the soft state time-out
1299	   period, the corresponding number of resource units are not removed.
1300	   However, the transmission of the intra-domain and end-to-end
1301	   (refresh) RESERVE message are not necessarily synchronized.
1302	   Furthermore, the generation of the end-to-end RESERVE message, by the
1303	   QNE edges, depends on the locally maintained refreshed interval (see
1304	   [QoS-NSLP]).

1306	4.6.1.3.1 Operation in the Ingress node

1308	   The Ingress node MUST be able to generate an intra-domain (refresh)
1309	   RESERVE(RMD-QSpec) at any time. Before generating this message, the
1310	   RMD QoS signaling model functionality is using the RMD traffic class
1311	   (PHR) resource units for refreshing the RMD traffic class state.

1313	   Note that the RMD traffic class refresh periods MUST be equal in
1314	   all QNE edge and QNE Interior nodes and SHOULD be smaller (default:
1315	   more than two times) than the refresh period at the QNE Ingress node
1316	   used by the end-to-end RESERVE message. The intra-domain RESERVE
1317	   (RMD-QSPEC) message MUST include a "RMD QoS Description" field and a
1318	   PHR container (i.e. PHR_Refresh_Update).

1320	   The selection of the IP source and destination address of this
1321	   message depends on if and how the different inter domain
1322	   (end-to-end) flows can be aggregated by the QNE Ingress node (see
1323	   Section 4.3.1).  Note that this QOS-NSLP aggregation procedure is
1324	   different than the RMD traffic class aggregation procedure.  One
1325	   example is the approach used by the RSVP aggregation scenario
1326	   ([RFC 3175]), where the IP source address of this message is the IP
1327	   address of the aggregator (i.e., QNE Ingress) and the IP destination
1328	   address of this message is the IP address of the De-aggregator
1329	   (i.e., QNE Egress).  Another example approach is the one used
1330	   in "RSVP Refresh Overhead Reduction Extensions" ([RFC2961]).  If no
1331	   QOS-NSLP aggregation procedure at the QNE edges is possible then the
1332	   IP source and IP destination address of this message MUST be equal to
1333	   the IP source and IP destination addresses of the data flow.

1335	   An example of this RMD specific refresh operation can be seen in
1336	   Figure 10.

1338	QNE (Ingress)    QNE (Interior)        QNE (Interior)    QNE (Egress)
1339	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1340	    |                    |                   |                    |
1341	    |RESERVE(RMD-QSPEC)  |                   |                    |
1342	    |------------------->|                   |                    |
1343	    |                    |RESERVE(RMD-QSPEC) |                    |
1344	    |                    |------------------>|                    |
1345	    |                    |                   | RESERVE(RMD-QSPEC) |
1346	    |                    |                   |------------------->|
1347	    |                    |                   |                    |
1348	    |                    |RESPONSE(RMD-QSPEC)|                    |
1349	    |<------------------------------------------------------------|
1350	    |                    |                   |                    |

1352	   Figure 10: Basic operation of RMD specific refresh procedure

1354	   Most of the non-default values of the objects contained in this
1355	   message MUST be used and/or set by the QNE Ingress in the same
1356	   way as described in Section 4.6.1.1.  The following objects are
1357	   used and/or set differently:

1359	   *  the flag "Acknowledge" (A) SHOULD be set "OFF"

1361	  *  The flag REPLACE MUST be UNSET (set to FALSE = 0);

1363	  *  the PHR resource units MUST be included into the <Bandwidth>
1364	     parameter. The value of the <Bandwidth> parameter depends on
1365	     how the different inter domain (end-to-end) flows are aggregated
1366	     by the QNE Ingress node (e.g., the sum of all the PHR requested
1367	     resources of the aggregated flows).  If no QOS-NSLP aggregation is
1368	     accomplished by the QNE Ingress node, the value of the <Bandwidth>
1369	     parameter SHOULD be equal to the <Bandwidth> parameter of its
1370	     associated new (initial) intra-domain RESERVE (RMD-QSPEC) message;

1372	   *  the value of the Parameter/Container field of the "PHR RMD-QOSM
1373	      control information" container MUST be set to "2",
1374	      i.e., "PHR_Refresh_Update";

1376	   *  In a single-domain case the PDR container field
1377	      MAY not be included into the message.

1379	   *  the value of the <RII> object MUST contain the Response
1380	      Identification Information value of the Ingress QNE, that is
1381	      unique within a session and different for each message (see
1382	      [QoS-NSLP]).

1384	   When the intra-domain RESPONSE (RMD-QSPEC) message, see Section
1385	   4.6.1.3.3., is received by the QNE Ingress node, then:

1387	   *  the values of the <RII/RSN>, <INFO_SPEC>, [*QSPEC] objects are
1388	      processed by the standard QoS-NSLP protocol functions (see Section
1389	      4.6.1.1);

1391	   *  the PDR has to be processed and removed by the RMD-QOSM
1392	      functionality in the QNE Ingress node.  The RMD-QOSM functionality
1393	      is notified by the <PDR M> parameter of the PDR container
1394	      that the refresh procedure has been successful or unsuccessful.
1395	      All session(s) (in case of the flow aggregation procedure there
1396	      will be more than one sessions) associated with this RMD specific
1397	      refresh session MUST be informed about the success or failure of
1398	      the refresh procedure.  In case of failure, the QNE Ingress node
1399	      has to generate (in a standard QoS-NSLP way) an error end-to-end
1400	      RESPONSE message that will be sent towards QNI.

1402	4.6.1.3.2 Operation in the Interior node

1404	   The intra-domain RESERVE (RMD-QSPEC) message is received and
1405	   processed by the QNE Interior nodes.  Any QNE edge or QNE Interior
1406	   node that receives a "PHR_Refresh_Update" control information field
1407	   MUST identify the traffic class state (PHB) (using the
1408	   <PHB Class> parameter).  Most of the parameters in this refresh
1409	   intra-domain RESERVE (RMD-QSPEC) message MUST be used and/or set by
1410	   a QNE Interior node in the same way as described in Section 4.6.1.1.

1412	   The following objects are used and/or set differently:

1414	   * the value of <Bandwidth> parameter of the "RMD QoS Description"
1415	     field is used by the QNE Interior node for refreshing the RMD
1416	     traffic class state. These resources (included in <Bandwidth>),
1417	     if reserved, are added to the currently reserved resources
1418	     per PHB and therefore they will become a part of the per traffic
1419	     class (per-PHB) reservation state.  If the refresh procedure
1420	     cannot be fulfilled then the <M> parameter of the PHR container
1421	     has to be set to "1".

1423	   Any PHR container of type "PHR_Refresh_Update", and its associated
1424	   "RMD QoS Description" field (i.e., <Bandwidth>), whether it is
1425	   marked or not, is always processed, but marked bits are not changed.

1427	4.6.1.3.3 Operation in the Egress node

1429	   The intra-domain RESERVE(RMD-QSPEC) message is received and
1430	   processed by the QNE Egress node.  A new intra-domain RESPONSE
1431	   (RMD-QSPEC) message is generated by the QNE Egress node.  This
1432	   message MUST include a PDR (type PDR_Refresh_Report).

1434	   The intra-domain RESPONSE (RMD-QSPEC) message MUST be sent to the
1435	   QNE Ingress node, i.e., previous stateful hop. The address of the QNE
1436	   Ingress node can be found using the existing messaging association
1437	   between the QNE Egress and QNE Ingress nodes. This state is
1438	   associated with the end-to-end session and identified by the SESSION
1439	   ID that is bound to the session of the intra-domain
1440	   RESPONSE(RMD-QSPEC) message.

1442	   The following objects MUST be used and/or set differently:

1444	   * the value of the <PDR Control Type> parameter of the PDR container
1445	     MUST be set "8" (i.e. PDR_Refresh_Report).

1447	4.6.1.4.  RMD modification of aggregated reservations

1449	   In the case when the QNE edges maintain QoS-NSLP aggregated
1450	   reservation states and the aggregated reservation has to be
1451	   modified (see Section 4.3.1) the following procedure is applied:

1453	   * When the modification request requires an increase of the reserved
1454	     resources, the QNE Ingress node MUST include the corresponding
1455	     value into the <Bandwidth> parameter of the "RMD QoS Description"
1456	     field, which is sent together with a "PHR_Resource_Request" control
1457	     information.  If a QNE edge or QNE Interior node is not able to
1458	     reserve the number of requested resources, the
1459	     "PHR_Resource_Request" control information that is associated with

1461	     the <Bandwidth> parameter MUST be marked.  In this situation the
1462	     RMD specific operation for unsuccessful reservation will be applied
1463	     (see Section 4.6.1.2).

1465	   * When the modification request requires a decrease of the
1466	     reserved resources, the QNE Ingress node MUST include this value
1467	     into the <Bandwidth> parameter of the "RMD QoS Description" field.
1468	     Subsequently an RMD release procedure SHOULD be accomplished (see
1469	     Section 4.6.1.5).

1471	4.6.1.5  RMD release procedure

1473	   If a refresh RESERVE message does not arrive at a QNE Interior node
1474	   within the refresh time-out period then the resources associated
1475	   with this message are removed.  This soft state behavior provides
1476	   certain robustness for the system ensuring that unused resources are
1477	   not reserved for long time.  Resources can be removed by explicit
1478	   release at any time.

1480	   When the RMD-RMF of a QNE edge or QNE Interior node processes a
1481	   "PHR_Release_Request" control information it MUST identify
1482	   the <PHB Class> parameter and estimate the time period that elapsed
1483	   after the previous refresh. This MAY be done by indicating the time
1484	   lag, say "T_lag", between the last sent "PHR_Refresh_Update" and
1485	   the "PHR_Release_Request" control information container by the QNE
1486	   Ingress node.  The value of "T_Lag" is first normalized to the
1487	   length of the refresh period, say "T_period".  The ratio between the
1488	   "T_Lag" and the length of the refresh period, "T_period", is
1489	   calculated.  This ratio is then introduced into the <Time Lag>
1490	   parameter of the "PHR_Release_Request" control information. When a
1491	   node (QNE edge or QNE Interior) receives the "PHR_Release_Request"
1492	   control information, it MUST store the arrival time.  Then it MUST
1493	   calculate the time difference, say "Tdiff", between the arrival time
1494	   and the start of the current refresh period, "T_period".
1495	   Furthermore, this node MUST derive the value of the "T_Lag", from the
1496	   <Time Lag> parameter.

1498	   This can be found by multiplying the value included in the <Time
1499	   Lag> parameter with the length of the refresh period, "T_period".
1500	   If the derived time lag, "T_lag", is smaller than the calculated
1501	   time difference, "T_diff", then this node MUST decrease the PHB
1502	   reservation state with the number of resource units indicated in the
1503	   <Bandwidth> parameter of the "RMD QoS Description" field that has
1504	   been sent together with the "PHR_Release_Request" control
1505	   information container, but not below zero.

1507	   An RMD specific release procedure can be triggered by an end-to-end
1508	   RESERVE with a TEAR flag set ON (see Section 4.6.1.5.1) or it can be
1509	   triggered by either an intra-domain RESPONSE, an end-to-end RESPONSE
1510	    or an end-to-end NOTIFY message that includes a marked (i.e., PDR
1511	   <M> and/or PDR <S> parameters are set ON) "PDR_Reservation_Report" or
1512	   "PDR_Congestion_Report" and/or an INFO_SPEC object that includes one
1513	   of the following error codes, see Section 4.7:
1514	   0x03 - Protocol error
1515	   0x04 - Transient Failure
1516	   0x05 - Permanent failure
1517	   0x06 - QoS model-specific error

1519	4.6.1.5.1.  Triggered by a RESERVE message

1521	   This RMD explicit release procedure can be triggered by a tear (TEAR
1522	   flag set ON) end-to-end RESERVE message.  When a tear (TEAR flag
1523	   set ON) end-to-end RESERVE message arrives to the QNE Ingress
1524	   then the QNE Ingress node SHOULD process the message in a standard
1525	   QoS-NSLP way (see [QoS-NSLP]).  In addition to this, the RMD RMF
1526	   MUST be notified.

1528	   Similar to Section 4.6.1.1, a bypassing procedure has to be initiated
1529	   by the QNE Ingress node. The bypassing procedure is performed
1530	   according to the description given in Section 4.4. At the QNE Ingress
1531	   the end-to-end RESERVE message is marked, i.e., modifying the QoS-
1532	   NSLP default NSLP-ID value to another NSLP-ID predefined value, which
1533	   corresponds to a RAO value that will be used by the GIST message that
1534	   carries the end-to-end RESPONSE message to bypass the QNE Interior
1535	   nodes. It will generate an intra-domain RESERVE(RMD-QSPEC) message.
1536	   Before generating this message, the RMD RMF is using the RMD traffic
1537	   class (PHR) resources (specified in <Bandwidth>) and the PHB type
1538	   (specified in <PHB Class>) for a RMD release procedure.  This can be
1539	   achieved by subtracting the amount of the requested resources from
1540	   the total reserved amount of resources stored in the RMD traffic
1541	   class state.

1543	QNE (Ingress)     QNE (Interior)       QNE (Interior)    QNE (Egress)
1544	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1545	    |                    |                   |                    |
1546	RESERVE                  |                   |                    |
1547	--->|                    |                   |     RESERVE        |
1548	    |------------------------------------------------------------>|
1549	    |RESERVE(RMD-QSPEC:Tear=1)               |                    |
1550	    |------------------->|                   |                    |
1551	    |                    |RESERVE(RMD-QSPEC:Tear=1)               |
1552	    |                    |------------------->|                   |
1553	    |                    |                 RESERVE(RMD-QSPEC:Tear=1)
1554	    |                    |                   |------------------->|
1555	    |                    |                   |                RESERVE
1556	    |                    |                   |                    |-->
1557	    |                    |                   |

1559	   Figure 11: Explicit release triggered by RESERVE used by the RMD-QOSM

1561	   The intra-domain RESERVE (RMD-QSPEC) message MUST include a "RMD
1562	   QoS Description" field and a PHR container, (i.e.,
1563	   "PHR_Resource_Release") and it MAY include a PDR container, (i.e.,
1564	   PDR_Release_Request).  An example of this operation can be seen in
1565	   Figure 11.

1567	   Most of the non default values of the objects contained in the
1568	   tear intra-domain RESERVE message are set by the QNE Ingress node in
1569	   the same way as described in Section 4.6.1.1.  The following objects
1570	   are set differently:

1572	   *  the flag "Acknowledge" (A) SHOULD be set "OFF";

1574	   *  The flag REPLACE MUST be UNSET (set to FALSE = 0);

1576	   *  The <RII> object is not included in this message.  This is
1577	      because the QNE Ingress node does not need to receive a
1578	      response from the QNE Egress node;

1580	   *  the TEAR flag is set to ON;

1582	   *  the PHR resource units MUST be included into the <Bandwidth>
1583	      parameter of the "RMD QoS Description" field;

1585	   *  the value of the <Admitted Hops> parameter has to be set to "1";

1587	   *  the value of the <Time Lag> parameter of the PHR container is
1588	      calculated by the RMD-QOSM functionality (see 4.6.1.5)the value of
1589	      the <Control Type> parameter of PHR container is set to "3" (i.e.,
1590	      PHR_Resource_Release).

1592	   The intra-domain tear RESERVE (RMD-QSPEC) message is received and
1593	   processed by the QNE Interior nodes.  Most of the non-default
1594	   values of the objects contained in this refresh intra-domain RESERVE
1595	   (RMD-QSPEC) message are set by a QNE Interior node in the same way
1596	   as described in Section 4.6.1.1.  The following objects are set and
1597	   processed differently:

1599	   *  Any QNE Interior node that receives the combination of the "RMD
1600	   QoS Description" field and the "PHR_Resource_Release" control
1601	   information container, it MUST identify the traffic class (PHB)
1602	   and release the requested resources included in the <Bandwidth>
1603	   parameter.  This can be achieved by subtracting the amount of RMD
1604	   traffic class requested resources, included in the <Bandwidth>
1605	   parameter, from the total reserved amount of resources stored in the
1606	   RMD traffic class state.  The value of the <Time Lag> parameter of
1607	   the "PHR_Resource_Release" container is used during the release
1608	   procedure as explained in Section 4.6.1.5.

1610	   The intra-domain tear RESERVE (RMD-QSPEC) message is received and
1611	   processed by the QNE Egress node.  The "RMD QoS Description" and the
1612	   "PHR RMD-QOSM control " container (and if available the "PDR RMD-QOSM
1613	   control information" container) are read and processed by the RMD QoS
1614	   signaling model functionality.  The value of the <Bandwidth>
1615	   parameter of the "RMD QoS Description" field and the value of the
1616	   <Time Lag> field of the PHR container MUST be used by the RMD release
1617	   procedure.  This can be achieved by subtracting the amount of RMD
1618	   traffic class requested resources, included in the <Bandwidth>
1619	   parameter, from the total reserved amount of resources stored in the
1620	   RMD traffic class state.

1622	   The end-to-end RESERVE message is forwarded by the next hop (i.e.,
1623	   QNE Egress) only if the intra-domain tear RESERVE (RMD-QSPEC)
1624	   message arrives at the QNE Egress node. Furthermore, the QNE Egress
1625	   MUST stop the marking process that was used to bypass the QNE
1626	   Interior nodes by reassigning the QoS-NSLP default NSLP-ID value to
1627	   the end-to-end RESERVE message, see Section 4.4.
1628	   Note that the above described procedure applies to the situation that
1629	   the QNE edges maintain a per flow QoS-NSLP reservation state. When
1630	   the QNE edges maintain aggregated QoS-NSLP reservation states the
1631	   RMD-QOSM functionality may start a RMD modification procedures (see
1632	   Section 4.6.1.4) that uses the explicit release procedure described
1633	   in this Section.

1635	4.6.1.5.2   Triggered by a marked RESPONSE or NOTIFY message

1637	   This RMD explicit release procedure can be triggered by either an
1638	   end-to-end RESPONSE message with a <M> marked PDR container (see
1639	   Section 4.6.1.2) an intra-domain RESPONSE message with a <S> marked
1640	   PDR container (see Section 4.6.1.6.1) or an end to end NOTIFY
1641	   message (see Section 4.6.1.6) with an INFO_SPEC object with the
1642	   following values:
1643	   Error Class: 0x04 Transient Failure
1644	   Error Code: 0x04 Transient RMF-related error
1645	   Error Subcode: 0x01 Severe Congestion

1647	   The RMD specific release procedure that is triggered by an end-to-
1648	   end-to-end RESPONSE message with a <M> marked PDR container (see
1649	   Section 4.6.1.2)can be terminated at any QNE edge
1650	   or any QNE Interior node using the <Max_Admitted Hops> field.

1652	   The RMD specific explicit release procedure that is terminated at a
1653	   QNE Interior (or QNE edge) node is denoted as RMD partial release
1654	   procedure.  This explicit release procedure can be used, for example,
1655	   during a RMD specific operation for unsuccessful reservation (see
1656	   Section 4.6.1.2). When the RMD QoS signaling model functionality of a
1657	   QNE Ingress node receives a <M> or <S> marked PDR container of type
1658	   "PDR_Reservation_Report" or "PDR_Congestion_Report", it MUST start an
1659	   RMD partial release procedure.  The QNE Ingress node generates an
1660	   intra-domain RESERVE (RMD-QSPEC) message.  Before generating this
1661	   message, the RMD-QOSM functionality is using the RMD traffic class
1662	   (PHR) resource units for a RMD release procedure.  This can be
1663	   achieved by subtracting the amount of RMD traffic class requested
1664	   resources from the total reserved amount of resources stored in the
1665	   RMD traffic class state.

1667	   When the generation of the intra-domain RESERVE (RMD-QSPEC) message
1668	   is triggered by an end-to-end NOTIFY message, which do not carry a
1669	   PDR container, but it carries an INFO_SPEC object with the following
1670	   values, then the intra-domain RESERVE(RMD-QSPEC) message MUST include
1671	   an <RMD QoS Description> field and a PHR container, (i.e.,
1672	   PHR_Resource_Release) and it MAY include a PDR container, (i.e.,
1673	   PDR_Release_Request). Note that this procedure is accomplished during
1674	   the severe congestion handling by proportional data packet marking,
1675	   see Section 4.6.1.6.2.  The error code values carried by this NOTIFY
1676	   message are:
1677	      Error Class: 0x04 Transient Failure
1678	      Error Code: 0x04 Transient RMF-related error
1679	      Error Subcode: 0x01 Severe Congestion

1681	   Furthermore note that the tear intra-domain RESERVE message is
1682	   generated in the same manner as shown in Figure 12, when it is
1683	   triggered by either a NOTIFY message or RESPONSE message that do not
1684	   carry a PDR container, but the INFO_SPEC object includes one
1685	   of the following error codes, see Section 4.7:
1686	     0x03 - Protocol error
1687	     0x04 - Transient Failure
1688	     0x05 - Permanent failure
1689	     0x06 - QoS model-specific error

1691	   An example of this message exchange can be seen in Figure 12.

1693	QNE (Ingress)     QNE (Interior)         QNE (Interior)    QNE (Egress)
1694	NTLP stateful    NTLP stateless         NTLP stateless    NTLP stateful
1695	    |                  |                  |                  |
1696	    | NOTIFY           |                  |                  |
1697	    |<-------------------------------------------------------|
1698	    |RESERVE(RMD-QSPEC:Tear=1,M=1,S=SET)  |                  |
1699	    | ---------------->|RESERVE(RMD-QSPEC:Tear=1, M=1,S=SET) |
1700	    |                  |                  |                  |
1701	    |                  |----------------->|                  |
1702	    |                  |           RESERVE(RMD-QSPEC:Tear=1, M=1,S=SET)
1703	    |                  |                  |----------------->|

1705	   Figure 12: Basic operation during RMD explicit release procedure
1706	   triggered by NOTIFY used by the RMD-QOSM

1708	   When the generation of the intra-domain RESERVE(RMD-QSPEC) message
1709	   is triggered by an end-to-end RESPONSE(PDR) message then this
1710	   generated intra-domain RESERVE(RMD-QSPEC) message MUST include a
1711	   <RMD QoS Description> field and a PDR container, (i.e.,
1712	   PHR_Resource_Release) and it MAY include a PDR container, (i.e.,
1713	   PDR_Release_Request).  An example of this operation can be seen in
1714	   Figure 13.

1716	   Most of the non-default values of the objects contained in the
1717	   tear intra-domain RESERVE(RMD-QSPEC) message are set by the QNE
1718	   Ingress node in the same way as described in Section 4.6.1.1.

1720	   The following objects MUST be used and/or set differently:
1721	   *  the flag "Acknowledge" (A) SHOULD be set "OFF";

1723	   *  The flag REPLACE MUST be UNSET (set to FALSE = 0);

1725	   *  The value of the <M> parameter of the PHR container MUST be set
1726	      to "1".

1728	   *  When the tear intra-domain RESERVE message is triggered by a
1729	      NOTIFY message, then the value of the <S> parameter of the
1730	      PHR container MUST be set to "1".

1732	   *  The RESERVE message MAY include PDR container.

1734	   *  When the tear intra-domain RESERVE message is triggered by an
1735	      intra-domain RESPONSE(RMD-QSPEC) message, then the value of the
1736	      <Max Admitted Hops> parameter of the PDR container included in the
1737	      received <M> or <S>  marked intra-domain RESPONSE(PDR) message
1738	      MUST be included in the <Max Admitted Hops> parameter of the PDR
1739	      container of the RESERVE message. Note that this procedure is
1740	      applied for the severe congestion handling by the RMD-QOSM refresh
1741	      procedure (see Section 4.6.1.6.1). The tear intra-domain RESERVE
1742	      message propagates in this case until the QNE egress (similar to
1743	      Figure 12).

1745	QNE (Ingress)     QNE (Interior)        QNE (Interior)    QNE (Egress)
1746	                                     Node that marked
1747	                                    PHR_Resource_Request
1748	                                       <PHR> object
1749	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1750	    |                    |                   |                    |
1751	    |                    |                   |                    |
1752	    | RESPONSE (RMD-QSPEC: M=1)              |
1753	    |<------------------------------------------------------------|
1754	RESERVE(RMD-QSPEC: Tear=1, M=1, <Admitted Hops>=<Max_Admitted Hops>)
1755	    |------------------->|                   |                    |
1756	    |                    |                   |                    |

1758	   Figure 13: Basic operation during RMD explicit release procedure
1759	   Triggered by RESPONSE used by the RMD-QOSM

1761	   Any QNE edge or QNE Interior node that receives the
1762	   "RMD QoS Description" field and the PHR container MUST identify the
1763	   traffic class state (PHB), using the <PHB Class> parameter, and
1764	   release the requested resources included in the <Bandwidth> field.
1765	   This can be achieved by subtracting the amount of RMD traffic class
1766	   requested resources, included in the <Bandwidth> field, from the
1767	   total reserved amount of resources stored in the RMD traffic class
1768	   state.  The value of the <Time Lag> parameter of the PHR field
1769	   is used during the release procedure as explained in Section 4.6.1.5.

1771	   The <Admitted Hops> value included in the PHR container is increased
1772	   by one.  If the value of <M> parameter of the "PHR_Resource_Release"
1773	   control information container is "1" and if the value of the <S>
1774	   parameter is set to "0" then the <Max_Admitted Hops> value included
1775	   in the PDR container MUST be compared with the calculated <Admitted
1776	   Hops> value.  When these two values are equal then the intra-domain
1777	   RESERVE(RMD-QSPEC) has to be terminated and it will not be forwarded
1778	   downstream.  The reason of this is that the QNE node that is
1779	   currently processing this message was the last QNE node that
1780	   successfully processed the "RMD QoS Description" field and
1781	   PHR container of its associated initial reservation request (i.e.,
1782	   initial intra-domain RESERVE(RMD-QSPEC) message).  Its next QNE
1783	   downstream node was unable to successfully process the initial
1784	   reservation request, therefore, this QNE node marked the <M>
1785	   parameter of the "PHR_Resource_Request" control information.  When
1786	   the values of the <M> and <S> parameters are set to "0", then this
1787	   message will not be terminated by a QNE Interior node, but it will be
1788	   forwarded in the downstream direction.  The QNE Egress node will
1789	   receive and process the PHR_Resource_Release control information.
1790	   Afterwards, the QNE Egress node MUST terminate the intra-domain
1791	   RESERVE(RMD-QSPEC) message.

1793	   Note that the above described procedure applies to the situation that
1794	   the QNE edges maintain a per flow QoS-NSLP reservation state. When
1795	   the QNE edges maintain aggregated QoS-NSLP reservation states the
1796	   RMD-QOSM functionality may start a RMD modification procedures (see
1797	   Section 4.6.1.4) that uses the explicit release procedure described
1798	   in this Section.

1800	4.6.1.6. Severe congestion handling

1802	   This section describes the operation of the RMD-QOSM when a severe
1803	   congestion occurs within the Diffserv domain.

1805	   When a failure in a communication path, e.g. router or link
1806	   failure occurs, the routing algorithms will adapt to failures by
1807	   changing the routing decisions to reflect changes in the topology and
1808	   traffic volume.  As a result, the re-routed traffic will follow a new
1809	   path, which may result in overloaded nodes as they need to support
1810	   more traffic.  This may cause severe congestion in the communication
1811	   path.  In this situation the available resources, are not enough to
1812	   meet the required QoS for all the flows along the new path.
1813	   Therefore, one or more flows SHOULD be terminated, or forwarded in a
1814	   lower priority queue.

1816	   Interior nodes notify edge nodes by data marking or marking the
1817	   refresh messages.

1819	4.6.1.6.1 Severe congestion handling by the RMD-QOSM refresh procedure

1821	   The QoS-NSLP and RMD are able to cope with congested situations
1822	   using the refresh procedure, see Section 4.6.1.3. If the refresh is
1823	   not successful in an QNE Interior node, edge nodes are notified by
1824	   "S" marking the refresh messages and by including the percentage of
1825	   overload into the <Overload %> field in the "PHR_Refresh_Update"
1826	   container, carried by the intra-domain RESERVE message.
1827	   The intra-domain RESPONSE message that is sent by the QNE Egress
1828	   towards QNE Ingress will contain a PDR container with a
1829	   Parameter/Container ID = 10, i.e., "PDR_Congestion_Report". The
1830	   values of the <S> and <Overload %> fields of this container should
1831	   be set equal to the values of the <S> and <Overload %> fields,
1832	   respectively, carried by the "PHR_Refresh_Update" message.  Part of
1833	   the flows, corresponding to the <Overload %>, are terminated, or
1834	   forwarded in a lower priority queue.  The flows can be terminated by
1835	   the RMD release procedure described in Section 4.6.1.5.  Note that
1836	   the above described functionality applies to the RMD reservation-
1837	   based and to the NSIS measurement-based admission control schemes.
1838	   Furthermore, note that the above functionalities apply also for the
1839	   scenario where the QNE Edge nodes maintain either per flow QoS-NSLP
1840	   reservation states or aggregated QoS-NSLP reservation states.

1842	   In general, relying the soft state refresh mechanism solves the
1843	   congestion within the time frame of the refresh period. If this
1844	   mechanism is not fast enough additional functions SHOULD be used,
1845	   which are described in Section 4.6.1.6.2.

1847	4.6.1.6.2 Severe congestion handling by proportional data packet marking

1849	   This severe congestion handling method requires the following
1850	   functionalities.

1852	4.6.1.6.2.1 Operation in the Interior nodes

1854	   The Interior node detecting severe congestion remarks data packets
1855	   passing the node.  For this remarking, two additional DSCPs SHOULD be
1856	   allocated for each traffic class.  One MAY be used to indicate that
1857	   the packet passed a congested node.  The other DSCP MUST be used to
1858	   indicate the degree of congestion by marking the bytes proportionally
1859	   to the degree of congestion. The proportion of congestion, per
1860	   traffic class (PHB), can be calculated in the following way:

1862	   * count the number of bytes above a bandwidth threshold
1863	   * count the total number of bytes that are processed by the
1864	     severe congested interior node.
1865	   * the proportion of congestion can be calculated by dividing the
1866	     number bytes above the threshold to the total number of bytes
1867	     that are processed by the severe congested node.
1868	   * the number of bytes transmitted over the output link are
1869	     proportionally remarked according to the proportion of
1870	     congestion calculated above.

1872	   There are situations that more than one interior nodes, which are
1873	   located on the path towards the QNE egress, become severe
1874	   congested. A severe congested interior node that is located after
1875	   another severe congested node in the path towards a QNE egress node
1876	   SHOULD take into account the previously marked packets during its own
1877	   remarking process. In this case the proportion of congestion, per
1878	   PHB, can be calculated as follows:

1880	     * count the total number of remarked bytes received by the severe
1881	       congested node, denote this number as input_remarked_bytes.
1882	     * count the number of bytes (remarked and unmarked) above a
1883	       bandwidth threshold
1884	     * count the total number of bytes (remarked and unmarked) that
1885	       are processed by the severe congested interior node.
1886	     * the proportion of congestion can be calculated by dividing the
1887	       number bytes (re-marked and unmarked) above the threshold to the
1888	       total number of bytes (re-marked and unmarked) that are processed
1889	       by the severe congested node.

1891	         ** consider that the proportion of congestion is calculated as
1892	            above. Furthermore, consider that the total number of
1893	           (remarked and unmarked bytes) bytes that have to be
1894	            considered as remarked to satisfy this proportion of
1895	            congestion is denoted as total_remarked_bytes.
1896	         ** consider that the number of bytes that were received by this
1897	            severe congested node as remarked, are denoted as
1898	            input_remarked_bytes. Note that these remarked bytes will
1899	            have to be transmitted over the output link
1900	         ** consider that number of unmarked bytes that are remarked by
1901	            this severe congested node, can be denoted as
1902	            current_remarked_bytes
1903	           Then the current_remarked_bytes is calculated as follows:

1905	      IF (total_remarked_bytes > input_remarked_bytes)
1906	        THEN
1907	        current_remarked_bytes=total_remarked_bytes-input_remarked_bytes
1908	      ELSE
1909	        current_remarked_bytes = 0

1911	   Note that in the above algorithm it is considered that the router
1912	   does not drop received packets. If the router drops received
1913	   packets then the implementation of the algorithm SHOULD provide
1914	   compensations for this mismatch.

1916	   It is RECOMMENDED that the total number of additional DSCPs within a
1917	   RMD domain, needed for severe congestion handling MUST not exceed the
1918	   limit of 16. One possible solution for reducing the number of DSCP,
1919	   for example, is to allocate one DSCP for severe congestion indication
1920	   for each of the AF classes, independently from their dropping
1921	   precedence. Assuming 4 AF classes and 1 EF class, and using one DSCP
1922	   per traffic class then the number of DSCPs used in this situation for
1923	   severe congestion is 5. If two additional DSCP's are used then the
1924	   total number in this case is 10.

1926	   Another possible solution is to use only two additional DSCPs for
1927	   remarking of all traffic classes (i.e., all PHBs). Note that
1928	   these remarked DSCPs SHOULD receive an EF PHB behavior. However,
1929	   note that a severe congested interior node that is located after
1930	   a severe congested node in a path towards a QNE egress, might not
1931	   be able to accurately use the above described algorithm to calculate
1932	   the current_remarked_bytes parameter. This is because all the
1933	   received remarked packets associated with different PHB's
1934	   (different traffic classes) have been remarked by the previous
1935	   severe congested node in the path, with the same DSCP.
1936	   In this case, solutions SHOULD be provided on calculating the
1937	   number of the received remarked packets per each PHB.

1939	4.6.1.6.2.2 Operation in the Egress nodes

1941	   The QNE Egress node applies a predefined policy to solve the severe
1942	   congestion, by selecting a number of inter-domain (end-to-end)
1943	   flows that SHOULD be terminated, or forwarded in a lower priority
1944	   queue. Some flows, belonging to the same PHB traffic class might get
1945	   other priority than other flows belonging to the same PHB traffic
1946	   class. This difference in priority can be notified to the egress and
1947	   ingress nodes either by the RESEREVE message that carries the QSPEC
1948	   associated with the end to end QoS model, i.e.,
1949	   <Preemption Priority> & <Defending Priority> parameter, or by using
1950	   a local defined policy.

1952	   The terminated flows are selected from the flows having the same PHB
1953	   traffic class as the PHB of the marked packets.

1955	   For flows associated with the same PHB traffic class the priority of
1956	   the flow plays a significant role. An example of calculating the
1957	   number of flows associated with each priority class that have to be
1958	   terminated is explained using the below pseudocode.

1960	   First the total amount of remarked bandwidth associated with the PHB
1961	   traffic class is calculated, say total_congested_bandwidth. This
1962	   bandwidth represents the severe congested bandwidth that should be
1963	   terminated. The term denoted as terminated_bandwidth is a temporal
1964	   variable that represents the total bandwidth, belonging to the same
1965	   PHB traffic class that have to be terminated. The term
1966	   terminate_flow_bandwidth(priority_class) represents the total of
1967	   bandwidth associated with flows of priority class equal to
1968	   priority_class. The parameter priority_class is an integer fulfilling
1969	   0 < priority_class =< Maximum_priority.

1971	   For each priority class flows, belonging to the same PHB traffic
1972	   class the total number of flows of the same priority class that
1973	   include severe congested bandwidth and that have to be terminated
1974	   is calculated using a function denoted as
1975	   calculate_terminate_flows(priority_class). This function also
1976	   calculates the term sum_bandwidth_terminate(priority_class), which
1977	   is the sum of the bandwith associated with the flows that will be
1978	   terminated. The constraint of finding the total number of flows
1979	   that have to be terminated is that the sum of the bandwith
1980	   associated with the flows that will be terminated, i.e.,
1981	   sum_bandwidth_terminate(priority_class), should be smaller or
1982	   approximatelly equal to the variable
1983	   terminate_bandwidth(priority_class).

1985	     terminated_bandwidth = 0;
1986	     priority_class = 0;
1987	     while terminated_bandwidth < total_congested_bandwidth
1988	      {
1989	       terminate_bandwidth(priority_class) =
1990	       = total_congested_bandwidth - terminated_bandwidth
1991	       calculate_terminate_flows(priority_class);
1992	       terminated_bandwidth =
1993	       = sum_bandwidth_terminate(priority_class) + terminated_bandwidth;
1994	       priority_class = priority_class + 1;
1995	      }

1997	    For the flows (sessions) that have to be terminated the QNE Egress
1998	    node generates and sends a NOTIFY message to the QNE Ingress node
1999	    (its upstream stateful QoS-NSLP peer) to indicate the severe
2000	    congestion in the communication path.

2002	   The non-default values of the objects contained in the NOTIFY
2003	   message MUST be set by the QNE Egress node as follows:

2005	   *  the values of the <INFO_SPEC> object is set by the standard
2006	      QoS-NSLP protocol functions.

2008	   * the INFO_SPEC object SHOULD include information that notifies that
2009	     the end-to-end flow SHOULD be terminated. This information is as
2010	     follows:
2011	        Error Class: 0x04 Transient Failure
2012	        Error Code: 0x04 Transient RMF-related error
2013	        Error Subcode: 0x01 Severe Congestion

2015	   The selection and notification process of the end-to-end is identical
2016	   for the scenarios where the QNE Edges maintain per-flow or aggregated
2017	   QoS-NSLP reservation states.

2019	   Furthermore, note that QNE egress SHOULD restore the original DSCP
2020	   values of the remarked packets, otherwise multiple actions for the
2021	   same event might occur. However, this value it MAY not be restored if
2022	   there is an agreement between domains that a downstream domain
2023	   handles the remarking problem.

2025	   4.6.1.6.2.3 Operation in the Ingress nodes

2027	   Upon receiving the (end-to-end) NOTIFY message, the QNE Ingress node
2028	   resolves the severe congestion by a predefined policy, e.g., refusing
2029	   new incoming flows (sessions), terminating the affected and notified
2030	   flows (sessions), or shifting them to an alternative RMD traffic
2031	   class (PHB).

2033	   In this case and when the QNE Ingress node receives the end-to-end
2034	   NOTIFY message, it associates the NOTIFY message with the aggregated
2035	   QoS-NSLP state via the BOUND_SESSION_ID information included in the
2036	   end-to-end per-flow QoS-NSLP state. The QNE Ingress node SHOULD
2037	   reduce the bandwidth associated with the end-to-end flow from the
2038	   aggregated bandwidth associated with its bound aggregated QoS-NSLP
2039	   reservation state. This is accomplished by triggering the RMD
2040	   modification for aggregated reservations procedure described in
2041	   Section 4.6.1.4.

2043	 QNE (Ingress)    QNE (Interior)        QNE (Interior)    QNE (Egress)

2045	  user  |                  |                 |                  |
2046	  data  |  user data       |                 |                  |
2047	 ------>|----------------->|     user data   | user data        |
2048	        |                  |---------------->S(# marked bytes)  |
2049	        |                  |                 S----------------->|
2050	        |                  |                 S(# unmarked bytes)|
2051	        |                  |                 S----------------->|Term.
2052	        |                 NOTIFY                                |flow?
2053	        |<----------------|------------------|------------------|YES
2054	        |RESERVE(RMD-QSPEC:Tear=1,M=1,S=SET) |                  |
2055	        | --------------->|RESERVE(RMD-QSPEC:T=1, M=1,S=SET)    |
2056	        |                 |                  |                  |
2057	        |                 |----------------->|                  |
2058	        |                 |       RESERVE(RMD-QSPEC:Tear=1, M=1,S=SET)
2059	        |                 |                  |----------------->|

2061	   Figure: 14  RMD severe congestion handling

2063	   Note that the above functionalities apply to the RMD reservation-
2064	   based and to both measurement-based admission control methods (i.e.,
2065	   congestion notification based on probing and the NSIS measurement-
2066	   based admission control). The above functionalities apply also for
2067	   the scenario where the QNE Edge nodes maintain either per flow QoS-
2068	   NSLP reservation states or aggregated QoS-NSLP reservation states.

2070	4.6.1.7 Admission control using congestion notification based on probing

2072	   The congestion notification function based on probing can be used to
2073	   implement a simple measurement-based admission control within a
2074	   Diffserv domain.  In the interior nodes along the data path
2075	   thresholds are set in the measurement based admission control
2076	   function for the traffic belonging to different PHBs. These interior
2077	   nodes are not NSIS aware nodes.

2079	4.6.1.7.1 Operation in Ingress nodes

2081	   When an end-to-end reservation request (RESERVE) arrives at the
2082	   Ingress node (QNE), see Figure 15, it is processed based on the
2083	   procedures defined by the end-to-end QoS model.  The DSCP field of
2084	   the GIST datagram message that is used to transport this probe
2085	   RESERVE message, SHOULD be marked with the same value of DSCP as the
2086	   data path packets associated with the same session.

2088	   When (end-to-end) RESPONSE message is received by the Ingress node it
2089	   will be processed based on the procedures defined by the end-to-end
2090	   QoS model.

2092	4.6.1.7.2 Operation in Interior nodes

2094	   These Interior nodes are not needed to be NSIS aware nodes and they
2095	   do not need to process NSIS functionality of NSIS messages. Using
2096	   standard functionalties thresholds are set for the traffic belonging
2097	   to different PHBs.

2099	   The end-to-end RESERVE message, see Figure 15, is used as a probe
2100	   packet. The DSCP field of the GIST message carrying the RESERVE
2101	   message will be re-marked when the corresponding congestion threshold
2102	   is exceeded. Note also that in this situation also data packets are
2103	   re-marked. The re-marking procedure of the interior nodes is the same
2104	   as for the severe congestion operation.

2106	   To distinguish between congestion notification and severe congestion,
2107	   either different DSCP values (re-marked DSCP values) are used or a
2108	   policy is configured in the Egress edge node to differentiate between
2109	   the congestion and severe congestion situations.

2111	4.6.1.7.3 Operation in Egress nodes

2113	   Depending on the local policy used in the Egress node the arrival of
2114	   the re-marked data packets MAY either be ignored or these packets
2115	   MAY trigger a procedure to block new requests, even if the probe
2116	   RESERVE associated with such a request was not re-marked.

2118	   When the Egress receives the end-to-end (probe) RESERVE message it
2119	   SHOULD monitor and check the DSCP field of the GIST message that was
2120	   used to transport the RESERVE message.  If this DSCP value is a re-
2121	   marked value (i.e., not the same as the DSCP used by the data packets
2122	   associated with the same session) then the Egress node SHOULD
2123	   generate an (end-to-end) RESPONSE message to notify that the
2124	   reservation is unsuccesfull. In particular it will generate an
2125	   INFO_SPEC object of:
2126	      Class: 0x04 - Transient Failure
2127	      Error code: 0x02 - Insufficient bandwidth available

2129	   This RESPONSE message will be sent to the Ingress node and it will be
2130	   processed based on the end-to-end QoS model.

2132	   Note that QNE egress SHOULD restore the original DSCP values of the
2133	   remarked packets, otherwise multiple actions for the same event might
2134	   occur. However, this value it MAY not be restored if there is an
2135	   agreement between domains that a downstream domain handles the
2136	   remarking problem.

2138	QNE (Ingress)          Interior          Interior       QNE (Egress)
2139	                    (not NSIS aware) (not NSIS aware)
2140	  user  |                  |                 |                  |
2141	  data  |  user data       |                 |                  |
2142	 ------>|----------------->|     user data   |                  |
2143	        |                  |---------------->| user data        |
2144	        |                  |                 |----------------->|
2145	  user  |                  |                 |                  |
2146	  data  |  user data       |                 |                  |
2147	 ------>|----------------->|     user data   | user data        |
2148	        |                  |---------------->S(# marked bytes)  |
2149	        |                  |                 S----------------->|
2150	        |                  |                 S(# unmarked bytes)|
2151	        |                  |                 S----------------->|
2152	        |                  |                 S                  |
2153	RESERVE |                  |                 S                  |
2154	------->|                  |                 S                  |
2155	        |----------------------------------->S                  |
2156	        |                  |           RESERVE(re-marked DSCP in GIST)
2157	        |                  |                 S----------------->|
2158	        |                  |RESPONSE(unsuccessful INFO-SPEC)    |
2159	        |<------------------------------------------------------|
2160	 RESPONSE(unsuccessful INFO-SPEC)            |                  |
2161	 <------|                  |                 |                  |

2163	   Figure: 15  Using RMD congestion notification function for admission
2164	               control based on probing

2166	4.6.2  Bi-directional operation

2168	   RMD assumes asymmetric routing by default.  Combined sender-receiver
2169	   initiated reservation cannot be efficiently done in the RMD domain
2170	   because upstream NTLP states are not stored in Interior routers.
2171	   Therefore, the bi-directional operation SHOULD be performed by two
2172	   sender-initiated reservations (sender&sender).  We assume that the
2173	   QNE edge nodes are common for both upstream and downstream
2174	   directions, therefore, the two reservations/sessions can be bound at
2175	   the QNE edge nodes.

2177	   This bi-directional sender&sender procedure can then be applied
2178	   between the QNE edges (QNE Ingress and QNE Egress) nodes of the RMD
2179	   QoS signaling model.  In the situation that a security association
2180	   exists between the QNE Ingress and QNE Egress nodes (see Figure 15),
2181	   and the QNE Ingress node has the required <Bandwidth> parameters
2182	   for both directions, i.e., QNE Ingress towards QNE Egress and QNE
2183	   Egress towards QNE Ingress, then the QNE Ingress MAY include both
2184	   <Bandwidth> parameters (needed for both directions) into the
2185	   RMD-QSPEC within a RESERVE message.  In this way the QNE Egress node
2186	   is able to use the QoS parameters needed for the "Egress towards
2187	   Ingress" direction (QoS-2).  The QNE Egress is then able to create a
2188	   RESERVE with the right QoS parameters included in the QSPEC, i.e.,
2189	   RESERVE (QoS-2). Both directions of the flows are bound by inserting
2190	   the <BOUND_SESSION_ID> object at the QNE Ingress and QNE Egress.

2192	     |------ RESERVE (QoS-1, QoS-2)----|
2193	     |                                 V
2194	     |           Interior/stateless QNEs
2195	                 +---+     +---+
2196	        |------->|QNE|-----|QNE|------
2197	        |        +---+     +---+     |
2198	        |                            V
2199	      +---+                        +---+
2200	      |QNE|                        |QNE|
2201	      +---+                        +---+
2202	         ^                           |
2203	      |  |       +---+     +---+     V
2204	      |  |-------|QNE|-----|QNE|-----|
2205	      |          +---+     +---+
2206	   Ingress/                         Egress/
2207	   statefull QNE                    statefull QNE
2208	                                     |
2209	   <--------- RESERVE (QoS-2) -------|

2211	   Figure 16: The bi-directional reservation scenario in the RMD domain

2213	   A bidirectional reservation, within the RMD domain, is indicated by
2214	   the PHR <B> and PDR <B> flags, which are set in all messages.

2216	   In this case two BOUND_SESSION_ID objects SHOULD be used.
2217	   The first BOUND_SESSION_ID object SHOULD contain the SESSION_ID of
2218	   the bound end to end flows. The value of the Binding_Code depends on
2219	   the type of the reservation states that are maintained by the edges.
2220	   If the QNE Edge nodes maintain per flow QoS-NSLP reservation states
2221	   then the value of Binding_Code = 0x01 (Tunnel and end-to-end
2222	   sessions). If the QNE edge nodes maintain aggregated QoS-NSLP
2223	   reservation states then the value of Binding_Code = 0x03 (Aggregate
2224	   sessions).

2226	   The SESSION_ID field of the second BOUD_SESSION_ID object depends on
2227	   the direction of the message. An upstream RMD QoS-NSLP message SHOULD
2228	   contain the SESSION_ID of the bound downstream end-to-end flow. A
2229	   downstream RMD QoS-NSLP message SHOULD contain the SESSION_ID of the
2230	   bound upstream end-to-end flow. In both cases the value of the
2231	   Binding_Code associated with this BOUND_SESSION_ID object SHOULD be
2232	   equal to 0x02.

2234	   If no security association exists between the QNE Ingress and QNE
2235	   Egress nodes the bi-directional reservation for the sender&sender
2236	   scenario in the RMD domain SHOULD use the scenario specified in
2237	   [QoS-NSLP] as "Bi-directional reservation for sender&sender
2238	   scenario".

2240	   In the following sections it is considered that the QNE
2241	   edge nodes are common for both upstream and downstream directions
2242	   and therefore, the two reservations/sessions can be bounded at the
2243	   QNE edge nodes.  Furthermore, it is considered that a security
2244	   association exists between the QNE Ingress and QNE Egress nodes,
2245	   and the QNE Ingress node has the required <Bandwidth> parameters
2246	   for both directions, i.e., QNE Ingress towards QNE Egress and
2247	   QNE Egress towards QNE Ingress.

2249	4.6.2.1 Successful and unsuccessful reservations

2251	   This section describes the operation of the RMD-QOSM where a RMD
2252	   bi-directional reservation operation is either successfully or
2253	   unsuccessfully accomplished.

2255	   The bi-directional successful reservation is similar to a
2256	   combination of two unidirectional successful reservations that are
2257	   accomplished in opposite directions, see Figure 16. The main
2258	   differences of the bi-directional successful reservation procedure
2259	   with the combination of two unidirectional successful reservations
2260	   accomplished in opposite directions are as follows.  The intra-
2261	   domain RESERVE message sent by the QNE Ingress node towards the QNE
2262	   Egress node, is denoted in Figure 16 as RESERVE (RMD-QSPEC):
2263	   "forward".  The main differences between the RESERVE (RMD-QSPEC):
2264	   "forward" message used for the bi-directional successful reservation
2265	   procedure and a RESERVE (RMD-QSPEC) message used for the
2266	   unidirectional successful reservation are as follows:

2268	   *  two BOUND_SESSION_ID objects SHOULD be used.
2269	      The first BOUND_SESSION_ID object SHOULD contain the SESSION_ID of
2270	      the bound end to end flows. The value of the Binding_Code depends
2271	      on the type of the reservation states that are maintained by the
2272	      edges. If the QNE Edge nodes maintain per flow QoS-NSLP
2273	      reservation states then the value of Binding_Code = 0x01 (Tunnel
2274	      and end-to-end sessions). If the QNE edge nodes maintain
2275	      aggregated QoS-NSLP reservation states then the value of
2276	      Binding_Code = 0x03 (Aggregate sessions). The SESSION_ID field of
2277	      the second BOUND_SESSION_ID object SHOULD contain the SESSION_ID
2278	      of the bound "reverse" end-to-end flow. In both cases the value of
2279	      the Binding_Code associated with this BOUND_SESSION_ID object
2280	      SHOULD be equal to 0x02.

2282	   *  the RII object is not included in the message. This is because no
2283	      RESPONSE message is expected to arrive.

2285	   *  the <B> bit of the PHR container
2286	      indicates a bi-directional reservation and is set to "1".

2288	   *  the PDR container is also included into the RESERVE(RMD-QSPEC):
2289	      "forward" message. The value of the Parameter/Container ID is
2290	     "4", i.e., "PDR_Reservation_Request".  Note that the response PDR
2291	      container sent by a QNE Egress to a QNE Ingress node is not
2292	      carried by an end-to-end RESPONSE message, but it is carried by an
2293	      intra-domain RESERVE message that is sent by the QNE Egress node
2294	      towards the QNE Ingress node (denoted in Figure 16 as
2295	      RESERVE(RMD-QSPEC):"reverse").

2297	   *  the <B> PDR bit indicates a bi-directional reservation and is set
2298	      to "1".

2300	   *  the <PDR Reverse Requested Resources> field specifies the
2301	      requested bandwidth that has to be used by the QNE Egress node to
2302	      initiate another intra-domain RESERVE message in the reverse
2303	      direction.

2305	   The RESERVE(RMD-QSPEC):"reverse" message is initiated by the QNE
2306	   Egress node at the moment that the RESERVE(RMD-QSPEC):"forward"
2307	   message is successfully processed by the QNE Egress node.
2308	   The main differences between the RESERVE(RMD-QSPEC):"reverse"
2309	   message used for the bi-directional successful reservation procedure
2310	   and a RESERVE(RMD-QSPEC) message used for the unidirectional
2311	   successful reservation are as follows:

2313	QNE (Ingress)   QNE (int.)    QNE (int.)    QNE (int.)   QNE (Egress)
2314	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
2315	    |                |               |               |              |
2316	    |                |               |               |              |
2317	    |RESERVE(RMD-QSPEC)              |               |              |
2318	    |"forward"       |               |               |              |
2319	    |                |    RESERVE(RMD-QSPEC):        |              |
2320	    |--------------->|    "forward"  |               |              |
2321	    |                |------------------------------>|              |
2322	    |                |               |               |------------->|
2323	    |                |               |               |              |
2324	    |                |               |RESERVE(RMD-QSPEC)            |
2325	    |      RESERVE(RMD-QSPEC)        | "reverse"     |<-------------|
2326	    |      "reverse"   |             |<--------------|              |
2327	    |<-------------------------------|               |              |

2329	      Figure 17: Intra-domain signaling operation for successful
2330	                 bi-directional reservation

2332	   *  two BOUND_SESSION_ID objects SHOULD be used.
2333	      The first BOUND_SESSION_ID object SHOULD contain the SESSION_ID of
2334	      the bound end to end flows. The value of the Binding_Code depends
2335	      on the type of the reservation states that are maintained by the
2336	      edges. If the QNE Edge nodes maintain per flow QoS-NSLP
2337	      reservation states then the value of Binding_Code = 0x01 (Tunnel
2338	      and end-to-end sessions). If the QNE edge nodes maintain
2339	      aggregated QoS-NSLP reservation states then the value of
2340	      Binding_Code = 0x03 (Aggregate sessions). The SESSION_ID field of
2341	      the second BOUND_SESSION_ID object SHOULD contain the SESSION_ID
2342	      of the bound "forward" end-to-end flow. The value of the
2343	      Binding_Code associated with this BOUND_SESSION_ID object SHOULD
2344	      be equal to 0x02.

2346	   *  the RII object is not included in the message. This is because no
2347	      RESPONSE message is expected to arrive;

2349	   *  the value of the <Bandwidth> parameter is set equal to the value
2350	      of the <PDR Reverse Requested Resources> field included in the
2351	      RESERVE(RMD-QSPEC):"forward" message that triggered the
2352	      generation of this RESERVE(RMD-QSPEC): "reverse" message;

2354	   *  the value of the [BOUND_SESSION_ID] object is set equal to
2355	      the SESSION_ID of the intra domain session associated with the
2356	      RESERVE(RMD-QSPEC):"forward" message that triggered the
2357	      generation of this RESERVE(RMD-QSPEC):"reverse" message;

2359	   *  the <B> bit of the PHR container indicates a bi-directional
2360	      reservation and is set to "1";

2362	   *  the PDR container is included into the
2363	      RESERVE(RMD-QSPEC):"reverse" message.  The value of the
2364	      Parameter/Container ID is "7", i.e., "PDR_Reservation_Report";

2366	   *  the <B> PDR bit indicates a bi-directional reservation and is
2367	      set to "1".

2369	   Figure 18 and Figure 19 show the flow diagrams used in case of a
2370	   unsuccessful bi-directional reservation.  In Figure 17 it
2371	   is considered that the QNE that is not able to support the
2372	   requested <Bandwidth> is located in the direction QNE Ingress
2373	   towards QNE Egress.  In Figure 19 it is considered that the
2374	   QNE that is not able to support the requested <Bandwidth> is
2375	   located in the direction QNE Egress towards QNE Ingress.

2377	   The main differences between the bi-directional unsuccessful
2378	   procedure shown in Figure 17 and the bi-directional successful
2379	   procedure are as follows:

2381	   *  the QNE node that is not able to reserve resources for a
2382	      certain request is located in the "forward" path, i.e., path
2383	      from QNE Ingress towards the QNE Egress.

2385	   *  the QNE node that is not able to support the requested
2386	      <Bandwidth> it MUST mark the <M> bit, i.e., set to value "1", of
2387	      the RESERVE(RMD-QSPEC): "forward".

2389	   The operation for this type of unsuccessful bi-directional
2390	   reservation is similar to the operation for unsuccessful uni-
2391	   directional reservation shown in Figure 9.  The main difference
2392	   is that the QNE Egress generates an intra-domain (local)
2393	   RESPONSE(PDR) message that is sent towards QNE Ingress node.

2395	QNE(Ingress)   QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
2396	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
2397	    |                |             |              |               |
2398	    |RESERVE(RMD-QSPEC):           |              |               |
2399	    |  "forward"     |  RESERVE(RMD-QSPEC):       |               |
2400	    |--------------->|  "forward"  |              M RESERVE(RMD-QSPEC):
2401	    |                |--------------------------->M  "forward-M marked"
2402	    |                |             |              M-------------->|
2403	    |                |           RESPONSE(PDR)    M               |
2404	    |                |        "forward - M marked"M               |
2405	    |<------------------------------------------------------------|
2406	    |RESERVE(RMD-QSPEC)            |              M               |
2407	    |"forward - T tear"            |              M               |
2408	    |---------------->             |              M               |

2410	Figure 18: Intra-domain signaling operation for unsuccessful
2411	           bi-directional reservation (rejection on path QNE(Ingress)
2412	           towards QNE(Egress))

2414	   The main differences between the bi-directional unsuccessful
2415	   procedure shown in Figure 18 and the in bi-directional successful
2416	   procedure are as follows:

2418	   *  the QNE node that is not able to reserve resources for a
2419	      certain request is located in the "reverse" path, i.e., path
2420	      from QNE Egress towards the QNE Ingress.

2422	   *  the QNE node that is not able to support the requested
2423	      <Bandwidth> it MUST mark the <M> bit, i.e., set to value "1",
2424	      the RESERVE(RMD-QSPEC):"reverse".

2426	   *  the QNE Ingress uses the information contained in the received
2427	      PHR and PDR containers of the RESERVE(RMD-QSPEC): "reverse" and
2428	      generates a tear intra-domain (local) RESERVE(RMD-QSPEC):
2429	      "forward - T tear" message.  This message carriers a
2430	      "PHR_Release_Request" and a "PDR_Release_Request" control
2431	      information.  This message is sent to QNE Egress node.
2432	      The QNE Egress node by using the information contained in the
2433	      "PHR_Release_Request" and the "PDR_Release_Request" control
2434	      info containers it generates a RESERVE(RMD-QSPEC):"reverse - T
2435	      tear" message that is sent towards the QNE Ingress node.

2437	QNE (Ingress)    QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
2438	NTLP stateful   NTLP st.less  NTLP st.less  NTLP st.less   NTLP stateful
2439	    |                |                |                |              |
2440	    |RESERVE(RMD-QSPEC)               |                |              |
2441	    |"forward"       |  RESERVE(RMD-QSPEC):            |              |
2442	    |--------------->|  "forward"     |           RESERVE(RMD-QSPEC): |
2443	    |                |-------------------------------->|"forward"     |
2444	    |                |   RESERVE(RMD-QSPEC):           |------------->|
2445	    |                |    "reverse"   |                |              |
2446	    |                |              RESERVE(RMD-QSPEC) |              |
2447	    |    RESERVE(RMD-QSPEC):          M      "reverse" |<-------------|
2448	    |   "reverse - M marked"          M<---------------|              |
2449	    |<--------------------------------M                |              |
2450	    |                |                M                |              |
2451	    |RESERVE(RMD-QSPEC):              M                |              |
2452	    |"forward - T tear"               M                |              |
2453	    |--------------->|  RESERVE(RMD-QSPEC):            |              |
2454	    |                |  "forward - T tear"             |              |
2455	    |                |-------------------------------->|              |
2456	    |                |                M                |------------->|
2457	    |                |                M             RESERVE(RMD-QSPEC):
2458	    |                |                M             reverse - T tear" |
2459	    |                |                M                |<-------------|

2461	   Figure 19: Intra-domain signaling normal operation for unsuccessful
2462	             bi-directional reservation (rejection on path QNE(Egress)
2463	             towards QNE(Ingress)

2465	4.6.2.2 Refresh reservations

2467	   This section describes the operation of the RMD-QOSM where a RMD
2468	   bi-directional refresh reservation operation is accomplished.

2470	   The refresh procedure in case of RMD reservation-based method
2471	   follows a similar scheme as the successful reservation procedure,
2472	   described in Section 4.6.2.1, and depicted in Figure 16 and the
2473	   way of how the refresh process of the reserved resources is
2474	   maintained, is similar to the refresh process used for the intra-
2475	   domain uni-directional reservations (see Section 4.6.1.3).

2477	   Note that the RMD traffic class refresh periods used by the bound bi-
2478	   directional sessions MUST be equal in all QNE edge and QNE Interior
2479	   nodes.

2481	   The main differences between the RESERVE(RMD-QSPEC):"forward"
2482	   message used for the bi-directional refresh procedure
2483	   and a RESERVE(RMD-QSPEC):"forward" message used for the bi-
2484	   directional successful reservation procedure are as follows:

2486	   *  the value of the Parameter/Container ID of the PHR container is
2487	      "2", i.e., "PHR_Refresh_Update".

2489	   *  the value of the Parameter/Container ID of the PDR container is
2490	      "5", i.e., "PDR_Refresh_Request".

2492	   The main differences between the RESERVE(RMD-QSPEC):"reverse"
2493	   message used for the bi-directional refresh procedure and the RESERVE
2494	   (RMD-QSPEC): "reverse" message used for the bi-directional successful
2495	   reservation procedure are as follows:

2497	   *  the value of the Parameter/Container ID of the PHR container is
2498	      "2", i.e., "PHR_Refresh_Update".

2500	   *  the value of the Parameter/Container ID of the PDR container is
2501	      "8", i.e., "PDR_Refresh_Report".

2503	4.6.2.3 Modification of aggregated reservations

2505	   This section describes the operation of the RMD-QOSM where a RMD

2507	   In the case when the QNE edges maintain, for the RMD QoS model,
2508	   QoS-NSLP aggregated reservation states and if such an aggregated
2509	   reservation has to be modified (see Section 4.3.1) then similar
2510	   procedures to Section 4.6.1.4 are applied. In particular:

2512	   * When the modification request requires an increase of the reserved
2513	   resources, the QNE Ingress node MUST include the corresponding value
2514	   into the <Bandwidth> parameter of the "RMD QoS Description" field,
2515	   which is sent together with a "PHR_Resource_Request" control
2516	   information.  If a QNE edge or QNE Interior node is not able to
2517	   reserve the number of requested resources, then the
2518	   "PHR_Resource_Request" control information associated with the
2519	   <Bandwidth> parameter MUST be marked.  In this situation the RMD
2520	   specific operation for unsuccessful reservation will be applied (see
2521	   Section 4.6.2.1).

2523	   * When the modification request requires a decrease of the
2524	   reserved resources, the QNE Ingress node MUST include this value
2525	   into the <Bandwidth> parameter of the "RMD QoS Description" field.
2526	   Subsequently an RMD release procedure SHOULD be accomplished (see
2527	   Section 4.6.2.4).

2529	4.6.2.4 Release procedure

2531	   This section describes the operation of the RMD-QOSM where a RMD
2532	   bi-directional reservation release operation is accomplished.
2533	   The message sequence diagram used in this procedure is similar to the
2534	   one used by the successful reservation procedures, described in
2535	   Section 4.6.2.1, and depicted in Figure 16. However, the way of how
2536	   the release of the reservation is accomplished, is similar to the RMD
2537	   release procedure used for the intra-domain uni-directional
2538	   reservations (see Section 4.6.1.5 and Figure 17 and Figure 18).

2540	   The main differences between the RESERVE (RMD-QSPEC):
2541	   "forward" message used for the bi-directional release procedure
2542	   and a RESERVE (RMD-QSPEC): "forward" message used for the bi-
2543	   directional successful reservation procedure are as follows:

2545	   *  the value of the Parameter/Container ID of the PHR container is
2546	      "3", i.e."PHR_Release_Request";

2548	   *  the value of the Parameter/Container ID of the PDR container is
2549	      "6", i.e., "PDR_Release_Request";

2551	   The main differences between the RESERVE (RMD-QSPEC): "reverse"
2552	   message used for the bi-directional release procedure and the RESERVE
2553	   (RMD-QSPEC): "reverse" message used for the bi-directional successful
2554	   reservation procedure are as follows:

2556	   *  the value of the Parameter/Container ID of the PHR container is
2557	      "3", i.e., "PHR_Release_Request";

2559	   *  the PDR container is not included in the RESERVE (RMD-QSPEC):
2560	      "reverse" message.

2562	4.6.2.5 Severe congestion handling

2564	   This section describes the severe congestion handling operation used
2565	   in combination with bi-directional reservation procedures.
2566	   This severe congestion handling operation is similar to the one
2567	   described in Section 4.6.1.6.

2569	4.6.2.5.1 Severe congestion handling by the RMD-QOSM bi-directional
2570	          refresh procedure

2572	   This procedure is similar to the severe congestion handling procedure
2573	   described in Section 4.6.1.6.1. The difference is related to how the
2574	   refresh procedure is accomplished, see Section 4.6.2.2 and to how the
2575	   flows are terminated, see Section 4.6.2.4.

2577	4.6.2.5.2 Severe congestion handling by proportional data packet marking

2579	   This section describes the severe congestion handling by proportional
2580	   data packet marking when this is combined with a bi-directional
2581	   reservation procedure.

2583	QNE(Ingress)   QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
2584	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
2585	user|                |             |              |               |
2586	data|    user        |             |              |               |
2587	--->|    data        | user data   |              |user data      |
2588	    |--------------->|             |              S               |
2589	    |                |--------------------------->S (#marked bytes)
2590	    |                |             |              S-------------->|
2591	    |                |             |              S(#unmarked bytes)
2592	    |                |             |              S-------------->|Term
2593	    |                |             |              S               |flow?
2594	    |                |          NOTIFY (PDR)      S               |YES
2595	    |<------------------------------------------------------------|
2596	    |RESERVE(RMD-QSPEC)            |              S               |
2597	    |"forward - T tear"            |              S               |
2598	    |--------------->|             |           RESERVE(RMD-QSPEC):|
2599	    |                |--------------------------->S"forward - T tear"
2600	    |                |             |              S-------------->|
2601	    |                |             |          RESERVE(RMD-QSPEC): |
2602	    |                |             |           "reverse - T tear" |
2603	    | RESERVE(RMD-QSPEC):          |              |<--------------|
2604	    |"reverse - T tear"            |<-------------S               |
2605	    |<-----------------------------|              S               |

2607	Figure 20: Intra-domain RMD severe congestion handling for
2608	           bi-directional reservation (congestion on path QNE(Ingress)
2609	           towards QNE(Egress))

2611	   This procedure is similar to the severe congestion handling procedure
2612	   described in Section 4.6.1.6.2. The main difference is related to the
2613	   location of the severe congested node, i.e., "forward" path (i.e.,
2614	   path between QNE Ingress towards QNE Egress) or "reverse" path (i.e.,
2615	   path between QNE Egress towards QNE Ingress).

2617	   Figure 20 shows the scenario where the severe congested node is
2618	   located in the "forward" path. This scenario is very similar to the
2619	   severe congestion handling scenario described in Section 4.6.1.6.2
2620	   and shown in Figure 14. The difference is related to the release
2621	   procedure, which is accomplished in the same way as described in
2622	   Section 4.6.2.4.

2624	QNE (Ingress)    QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
2625	NTLP stateful   NTLP st.less  NTLP st.less  NTLP st.less   NTLP stateful
2626	user|                |                |           |               |
2627	data|    user        |                |           |               |
2628	--->|    data        | user data      |           |user data      |
2629	    |--------------->|                |           |               |
2630	    |                |--------------------------->|user data      |user
2631	    |                |                |           |-------------->|data
2632	    |                |                |           |               |--->
2633	    |                |                |           |               |user
2634	    |                |                |           |               |data
2635	    |                |                |  user     |               |<---
2636	    |   user data    |                |  data     |<--------------|
2637	    | (#marked bytes)|                S<----------|               |
2638	    |<--------------------------------S           |               |
2639	    | (#unmarked bytes)               S           |               |
2640	Term|<--------------------------------S           |               |
2641	Flow?                |                S           |               |
2642	YES |RESERVE(RMD-QSPEC):              S           |               |
2643	    |"forward - T tear"               s           |               |
2644	    |--------------->|  RESERVE(RMD-QSPEC):       |               |
2645	    |                |  "forward - T tear"        |               |
2646	    |                |--------------------------->|               |
2647	    |                |                S           |-------------->|
2648	    |                |                S         RESERVE(RMD-QSPEC):
2649	    |                |                S       "reverse - T tear"  |
2650	    |      RESERVE(RMD-QSPEC)         S           |<--------------|
2651	    |      "reverse - T tear"         S<----------|               |
2652	    |<--------------------------------S           |               |

2654	   Figure 21: Intra-domain RMD severe congestion handling for
2655	           bi-directional reservation (congestion on path QNE(Egress)
2656	           towards QNE(Ingress))

2658	   Figure 21 shows the scenario where the severe congested node is
2659	   located in the "reverse" path. The main difference between this
2660	   scenario and the scenario shown in Figure 20 is that no intra-domain
2661	   NOTIFY(PDR) message has to be generated by the QNE Egress node. This
2662	   is because the (#marked and #unmarked) user data is arriving at the
2663	   QNE Ingress. The QNE Ingress node will be able to calculate the
2664	   number of flows that have to be terminated or forwarded in a lower
2665	   priority queue.

2667	   For the flows that have to be terminated a release procedure, see
2668	   Section 4.6.2.4, is initiated to release the reserved resources
2669	   on the "forward" and "reverse" paths.

2671	4.6.2.5.3 Admission control using congestion notification based on
2672	          probing

2674	   This section describes the admission control scheme that uses the
2675	   congestion notification function based on probing when bi-directional
2676	   reservations are supported.

2678	   This procedure is similar to the congestion notification for
2679	   admission control procedure described in Section 4.6.1.7. The main
2680	   difference is related to the location of the severe congested node,
2681	   i.e., "forward" path (i.e., path between QNE Ingress towards QNE
2682	   Egress) or "reverse" path (i.e., path between QNE Egress towards
2683	   QNE Ingress).

2685	QNE(Ingress)    Interior    QNE (int.)      Interior      QNE (Egress)
2686	NTLP stateful not NSIS aware not NSIS aware not NSIS aware NTLP stateful
2687	user|                |             |              |               |
2688	data|                |             |              |               |
2689	--->|                | user data   |              |user data      |
2690	    |-------------------------------------------->S (#marked bytes)
2691	    |                |             |              S-------------->|
2692	    |                |             |              S(#unmarked bytes)
2693	    |                |             |              S-------------->|
2694	    |                |             |              S               |
2695	    |                |           RESERVE(re-marked DSCP in GIST)):|
2696	    |                |             |              S               |
2697	    |-------------------------------------------->S               |
2698	    |                |             |              S-------------->|
2699	    |                |             |              S               |
2700	    |                |          RESPONSE(unsuccessful INFO-SPEC)  |
2701	    |<------------------------------------------------------------|
2702	    |                |             |              S               |

2704	   Figure 22: Intra-domain RMD congestion notification based on probing
2705	              for bi-directional admission control (congestion on path
2706	              from QNE(Ingress) towards QNE(Egress))

2708	   Figure 22 shows the scenario where the severe congested node is
2709	   located in the "forward" path. The functionality of providing
2710	   admission control is very similar to the one described in Section
2711	   4.6.1.7, Figure 15.

2713	   Figure 23 shows the scenario where the congested node is located in
2714	   the "reverse" path. The probe RESERVE message sent in the "forward"
2715	   direction will not be affected by the severe congested node, while
2716	   the DSCP value in the IP header of the GIST message that carries the
2717	   probe RESERVE message sent in the "reverse" direction will be
2718	   remarked by the congested node. The QNE ingress is in this way
2719	   notified that a congestion occurred in the network and therefore it
2720	   is able to refuse the new initiation of the reservation.

2722	QNE (Ingress)    Interior    QNE (int.)     Interior       QNE (Egress)
2723	NTLP stateful not NSIS aware  NTLP st.less not NSIS aware NTLP stateful
2724	user|                |                |           |               |
2725	data|                |                |           |               |
2726	--->|                | user data      |           |               |
2727	    |-------------------------------------------->|user data      |user
2728	    |                |                |           |-------------->|data
2729	    |                |                |           |               |--->
2730	    |                |                |           |               |user
2731	    |                |                |           |               |data
2732	    |                |                |           |               |<---
2733	    |                S                | user data |               |
2734	    |                S  user data     |<--------------------------|
2735	    |   user data    S<---------------|           |               |
2736	    |<---------------S                |           |               |
2737	    |  user data     S                |           |               |
2738	    | (#marked bytes)S                |           |               |
2739	    |<---------------S                |           |               |
2740	    |                S           RESERVE(unmarked DSCP in GIST)):|
2741	    |                S             |              |               |
2742	    |----------------S------------------------------------------->|
2743	    |                S          RESERVE(re-marked DSCP in GIST)   |
2744	    |                S<-------------------------------------------|
2745	    |<---------------S             |              |               |

2747	   Figure 23: Intra-domain RMD congestion notification for
2748	           bi-directional admission control (congestion on path
2749	           QNE(Egress) towards QNE(Ingress))

2751	4.7 Handling of additional errors

2753	   During the QSpec processing, additional errors may occur. The way
2754	   of how these additional errors are handled and notified is specified
2755	   in [QSP-T] and [QoS-NSLP].

2757	5.  Security Considerations

2759	   A router implementing a QoS signaling protocol can, similar to a
2760	   router without QoS signaling, do a lot of harm to a system. A router
2761	   can delay, drop, inject, duplicate or modify packets. Additional
2762	   threats are, however, introduced with new protocols and they are
2763	   subject for a discussion below.

2765	   The RMD QOSM aims to be very lightweight signaling with regard to
2766	   the number of signaling message roundtrips and the amount of state
2767	   established at involved signaling nodes with and without reduced
2768	   state on QNEs. This implies the usage of the Datagram Mode which
2769	   does not allow channel security to be used. As such, RMD signaling is
2770	   targeted towards intra-domain signaling only.

2772	   In the context of RMD QOSM signaling a classification between
2773	   on-path adversaries and off-path adversaries needs to be made.
2774	   Furthermore, it might be necessary to differentiate between off-path
2775	   nodes that never participate in the RMD signaling exchange and nodes
2776	   that are only off-path with regard to a specific signaling session
2777	   whereby routing asymmetry might even mean that the downstream and the
2778	   upstream signaling direction matters for this classification.

2780	       QNE             QNE             QNE            QNE
2781	     Ingress         Interior        Interior        Egress
2782	 NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
2783	        |               |               |              |
2784	        |               |               |              |
2785	        | RESERVE (1)   |               |              |
2786	        +--------------------------------------------->|
2787	        | RESERVE' (2)  |               |              |
2788	        +-------------->|               |              |
2789	        |               | RESERVE'      |              |
2790	        |               +-------------->|              |
2791	        |               |               | RESERVE'     |
2792	        |               |               +------------->|
2793	        |               |               |              |
2794	        |               |               |              |
2795	        |               |               |              |
2796	        |               |               |              |
2797	        |               |               | RESPONSE (1) |
2798	        |<---------------------------------------------+
2799	        |               |               |              |
2800	        |               |               |              |
2801	                 Figure 24: RMD message exchange

2803	   Note that RMD always uses the message exchange shown in Figure 24
2804	   even if there is no end-to-end signaling session. If the RMD QoSM is
2805	   triggered based on an E2E signaling exchange then the RESERVE message
2806	   is created by a node outside the RMD domain and will subsequently
2807	   travel further on (e.g., to the data receiver). Such an exchange is
2808	   shown in Figure 3. As such, an evaluation of RMD's security must
2809	   always been seen as a combination of the two signaling sessions, (1)
2810	   and (2) of Figure 24.

2812	   The following security requirements are set as goals for the
2813	   intra-domain communication, namely:

2815	*  Nodes, which are never supposed to participate in the NSIS signaling
2816	   exchange, SHOULD NOT interfere with QNE Interior nodes. Off-path
2817	   nodes (off-path with regard to the path taken by a particular
2818	   signaling message exchange) SHOULD NOT be able to interfere with
2819	   other on-path signaling nodes.
2820	*  The actions allowed by a QNE Interior node SHOULD be minimal (i.e.,
2821	   only those specified by the RMD QoSM). For example, only the QNE
2822	   Ingress and the QNE Egress nodes are allowed to initiate certain
2823	   signaling messages. QNE Interior nodes are, for example, allowed to
2824	   modify certain signaling message payloads.

2826	   Note that the term 'interfere' refers to all sorts of security
2827	   threats, such as denial of service, spoofing, replay, signaling
2828	   message injection, etc.

2830	   If we assume that the RESERVE/RESPONSE is sent in C-Mode and
2831	   protected between the QNE Ingress and the QNE Egress node then we can
2832	   be sure that the payloads of these messages MUST be authenticated,
2833	   integrity, replay protected and encrypted. Encryption is necessary to
2834	   prevent an adversary that is located along the path of the RESERVE
2835	   message to learn information about the session that can later be used
2836	   to inject a valid RESERVE'. The following messages need to relate to
2837	   each other to make sure that the occurrence of one message is not
2838	   without the other one:

2840	   a) the RESERVE and the RESERVE' relate to each other at the QNE
2841	      Egress and

2843	   b) the RESPONSE and the RESERVE relate to each other at the QNE
2844	      Ingress and

2846	   c) the RESERVE' and the RESPONSE' (carried in the RESPONSE) relate to
2847	      each other

2849	   The RESERVE and the RESERVE' message are tied together using the
2850	   BOUND_SESSION_ID. Hence, there cannot be a RESERVE' without a
2851	   corresponding RESERVE. The SESSION_ID can fulfill this purpose quite
2852	   well if the aim is to provide protection against off-path adversaries
2853	   that do not see the SESSION_ID carried in the RESERVE and the
2854	   RESERVE' messages. If, however, the path changes (due to re-routing
2855	   or due to mobility) then an adversary could inject RESERVE' messages
2856	   (with a previously seen SESSION_ID) and could potentially cause harm.

2858	[Editor's Note: We will deal with this issue in the later version
2859	of the document.]

2861	   An off-path adversary can, of course, create RESERVE' messages that
2862	   cause intermediate nodes to create some state (and cause other
2863	   actions) but the message would finally hit the QNE Egress node. The
2864	   QNE Egress node would then be able to determine that there is
2865	   something going wrong.

2867	   The severe congestion handling can be triggered by intermediate nodes
2868	   (unlike other messages). In many cases, however, intermediate nodes
2869	   experiencing congestion use refresh messages modify the <S> and
2870	   <Overload %> parameters of the message. These messages are still
2871	   initiated by the QNE Ingress node and carry the SESSION_ID. The QNE
2872	   Egress node will use the SESSION_ID and subsequently the
2873	   BOUND_SESSION_ID to refer to a flow that might be terminated. The
2874	   aspect of intermediate nodes initiating messages for severe
2875	   congestion handling is for further study.

2877	       QNE             QNE             QNE            QNE
2878	     Ingress         Interior        Interior        Egress
2879	 NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
2880	        |               |               |              |
2881	        | REFRESH       |               |              |
2882	        | RESERVE'      |               |              |
2883	        +-------------->| REFRESH       |              |
2884	        | (+RII)        | RESERVE'      |              |
2885	        |               +-------------->| REFRESH      |
2886	        |               | (+RII)        | RESERVE'     |
2887	        |               |               +------------->|
2888	        |               |               | (+RII)       |
2889	        |               |               |              |
2890	        |               |               |              |
2891	        |               |               |     REFRESH  |
2892	        |               |               |     RESPONSE'|
2893	        |<---------------------------------------------+
2894	        |               |               |     (+RII)   |
2895	        |               |               |              |

2897	                 Figure 25: RMD REFRESH message exchange

2899	   During the refresh procedure a RESERVE' creates a RESPONSE', see
2900	   Figure 25. The RII is carried in the RESERVE' message and the
2901	   RESPONSE' message that is generated by the QNE Egress node contains
2902	   the same RII as the RESERVE'.

2904	   The RII can be used by the QNE Ingress to match the RESERVE' with the
2905	   RESPONSE'. The QNE Egress is able to determine whether the RESERVE'
2906	   (as a refresh) was created by the QNE Ingress node since the
2907	   BOUND_SESSION_ID is included in the RESERVE' message.

2909	   With the initial RESERVE'/RESERVE exchange there is a one-to-one
2910	   mapping between the RESERVE and the RESERVE' message based on the
2911	   SESSION_ID that is used in the two messages and the BOUND_SESSION_ID.
2912	   With the REFRESH' message this is not the case since they relate to
2913	   one RESERVE message exchange.

2915	   A further aspect is marking of data traffic. Data packets can be
2916	   modified by an intermediary without any relationship to a signaling
2917	   session (and a SESSION_ID). The problem appears if an off-path
2918	   adversary injects spoofed data packets. The adversary thereby needs
2919	   to spoof data packets that relate to the flow identifier of an
2920	   existing end-to-end reservation that should be terminated. Therefore
2921	   the question arises how an off-path adversary should create a data
2922	   packet that matches an existing flow identifier (if a 5-tuple is
2923	   used). Hence, this might not turn out to be simple for an adversary
2924	   unless we assume the previously mentioned mobility/re-routing case
2925	   where the path through the network changes and the set of nodes that
2926	   are along a path changes over time.

2928	6.  IANA Considerations

2930	   RMD-QOSM requires a new IANA registry.

2932	7.  Open issues

2934	   This section describes the open issues related to the RMD QoS
2935	   signaling model.

2937	8.  Acknowledgments

2939	   The authors express their acknowledgement to people who have worked
2940	   on the RMD concept: Z. Turanyi, R. Szabo, G.
2941	   Pongracz, A. Marquetant, O. Pop, V. Rexhepi, D. Partain, M.
2942	   Jacobsson, S. Oosthoek, P. Wallentin, P. Goering, A. Stienstra, M.
2943	   de Kogel,M. Zoumaro-Djayoon, M. Swanink, R. Klaver.

2945	9.  Authors' Addresses

2947	   Attila Bader
2948	   Ericsson Research
2949	   Ericsson Hungary Ltd.
2950	   Laborc 1, Budapest, Hungary, H-1037
2951	   EMail: Attila.Bader@ericsson.com

2953	   Lars Westberg
2954	   Ericsson Research
2955	   Torshamnsgatan 23
2956	   SE-164 80 Stockholm, Sweden
2957	   EMail: Lars.Westberg@ericsson.com

2959	   Georgios Karagiannis
2960	   University of Twente
2961	   P.O.  BOX 217
2962	   7500 AE Enschede, The Netherlands
2963	   EMail: g.karagiannis@ewi.utwente.nl

2965	   Cornelia Kappler
2966	   Siemens AG
2967	   Siemensdamm 62
2968	   Berlin 13627, Germany
2969	   Email: cornelia.kappler@siemens.com

2971	   Hannes Tschofenig
2972	   Siemens AG
2973	   Otto-Hahn-Ring 6
2974	   Munich  81739, Germany
2975	   EMail: Hannes.Tschofenig@siemens.com

2977	   Tom Phelan
2978	   Sonus Networks
2979	   250 Apollo Dr.
2980	   Chelmsford, MA USA 01824
2981	   EMail: tphelan@sonusnet.com

2983	   Attila Takacs
2984	   Ericsson Research
2985	   Ericsson Hungary Ltd.
2986	   Laborc 1, Budapest, Hungary, H-1037
2987	   EMail: Attila.Takacs@ericsson.com

2989	   Andras Csaszar
2990	   Ericsson Research
2991	   Ericsson Hungary Ltd.
2992	   Laborc 1, Budapest, Hungary, H-1037
2993	   EMail: Andras.Csaszar@ericsson.com

2995	10.  Normative References

2997	   [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
2998	   Requirement Levels", RFC 2119, March 1997.

3000	   [QoS-NSLP] Manner, J., Karagiannis, G.,McDonald, A., Van de Bosch,
3001	    S., "NSLP for Quality-of-Service signaling", draft-ietf-nsis-qos-
3002	    nslp-08 (work in progress), October 2005.

3004	   [QSP-T] Ash, J., Bader, A., Kappler C., "QoS-NSLP QSpec Template"
3005	   draft-ietf-nsis-QSpec-05 (work in progress), July 2005.

3007	11.  Informative References

3009	   [JaSh97]  Jamin, S., Shenker, S., Danzig, P., "Comparison of
3010	   Measurement-based Admission Control Algorithms for Controlled-Load
3011	   Service", Proceedings IEEE Infocom '97, Kobe, Japan, April 1997

3013	   [GrTs03]  Grossglauser, M., Tse, D.N.C, "A Time-Scale Decomposition
3014	   Approach to Measurement-Based Admission Control",  IEEE/ACM
3015	   Transactions on Networking, Vol. 11, No. 4, August 2003

3017	   [RFC2205]  Braden, R., Zhang, L., Berson, S., Herzog, A., Jamin, S.,
3018	   "Resource ReSerVation Protocol (RSVP)-- Version 1 Functional
3019	    Specification", IETF RFC 2205, 1997.

3021	   [RFC2961]   Berger, L., Gan, D., Swallow, G., Pan, P., Tommasi, F.
3022	   and S. Molendini, "RSVP Refresh Overhead Reduction Extensions",
3023	   RFC 2961, April 2001.

3025	   [RFC3175]  Baker, F., Iturralde, C. Le Faucher, F., Davie, B.,
3026	   "Aggregation of RSVP for IPv4 and IPv6 Reservations",
3027	   IETF RFC 3175, 2001.

3029	   [GIMPS]  Schulzrinne, H., Hancock, R., "GIST: General Internet
3030	   Messaging Protocol for Signaling", draft-ietf-nsis-ntlp-05
3031	   (work in progress), Oct 2004.

3033	   [RFC1633] Braden R., Clark D., Shenker S., "Integrated Services in
3034	   the Internet Architecture: an Overview", RFC 1633

3036	   [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.
3037	   and W.  Weiss, "An Architecture for Differentiated Services", RFC
3038	   2475, December 1998

3040	   [RFC2638] Nichols K., Jacobson V., Zhang L.  "A Two-bit
3041	   Differentiated Services Architecture for the Internet", RFC 2638,
3042	   July 1999

3044	   [RMD1]  Westberg, L., et al., "Resource Management in Diffserv
3045	   (RMD): A Functionality and Performance Behavior Overview", IFIP
3046	   PFHSN'02

3048	   [RMD2] G. Karagiannis, et al., "RMD - a lightweight application
3049	   of NSIS" Networks 2004, Vienna, Austria.

3051	   [RMD3] Marquetant A., Pop O., Szabo R., Dinnyes G., Turanyi Z.,
3052	   "Novel Enhancements to Load Control - A Soft-State, Lightweight
3053	   Admission Control Protocol", Proc. of the 2nd Int. Workshop on
3054	   Quality of Future Internet Services, Coimbra, Portugal,
3055	   Sept 24-26, 2001, pp. 82-96.

3057	   [RMD4] A. Csaszar et al., "Severe congestion handling with
3058	   resource management in diffserv on demand", Networking 2002

3060	   [RSVP-DOI] Tschofenig H., Schulzrinne H., "RSVP Domain of
3061	   Interpretation for ISAKMP ", draft-tschofenig-rsvp-doi-00.txt,
3062	   (work in progress), May 2003

3064	12.  Intellectual Property Statement

3066	   The IETF takes no position regarding the validity or scope of any
3067	   Intellectual Property Rights or other rights that might be claimed
3068	   to pertain to the implementation or use of the technology
3069	   described in this document or the extent to which any license
3070	   under such rights might or might not be available; nor does it
3071	   represent that it has made any independent effort to identify any
3072	   such rights.  Information on the procedures with respect to rights
3073	   in RFC documents can be found in BCP 78 and BCP 79.

3075	   Copies of IPR disclosures made to the IETF Secretariat and any
3076	   assurances of licenses to be made available, or the result of an
3077	   attempt made to obtain a general license or permission for the use
3078	   of such proprietary rights by implementers or users of this
3079	   specification can be obtained from the IETF on-line IPR repository
3080	   at http://www.ietf.org/ipr.

3082	   The IETF invites any interested party to bring to its attention
3083	   any copyrights, patents or patent applications, or other
3084	   proprietary rights that may cover technology that may be required
3085	   to implement this standard.  Please address the information to the
3086	   IETF at ietf-ipr@ietf.org.

3088	Disclaimer of Validity
3089	   This document and the information contained herein are provided
3090	   on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
3091	   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
3092	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
3093	   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
3094	   THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
3095	   ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
3096	   PARTICULAR PURPOSE.

3098	   Copyright (C) The Internet Society (2006).

3100	   This document is subject to the rights, licenses and restrictions
3101	   contained in BCP 78, and except as set forth therein, the authors
3102	   retain all their rights.