idnits 2.17.1 

draft-ietf-nsis-rmd-16.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Sep 2009 rather than the newer Notice from 28 Dec 2009.  (See
     https://trustee.ietf.org/license-info/)


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == It seems as if not all pages are separated by form feeds - found 0 form
     feeds but 107 pages


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 7 instances of lines with non-RFC6890-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be changed.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document seems to contain a disclaimer for pre-RFC5378 work, and may
     have content which was first submitted before 10 November 2008.  The
     disclaimer is necessary when there are original authors that you have
     been unable to contact, or if some do not wish to grant the BCP78 rights
     to the IETF Trust.  If you are able to get all authors (current and
     original) to grant those rights, you can and should remove the
     disclaimer; otherwise, the disclaimer is needed and you can ignore this
     comment. (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (1 March 2010) is 5163 days in the past.  Is this
     intentional?


  Checking references for intended status: Experimental
  ----------------------------------------------------------------------------

  == Missing Reference: 'RFC2215' is mentioned on line 1452, but not defined

  == Missing Reference: 'RFC5226' is mentioned on line 4013, but not defined

  ** Obsolete undefined reference: RFC 5226 (Obsoleted by RFC 8126)

  == Missing Reference: 'I-D.ietf-nsis-qspec' is mentioned on line 4019, but
     not defined

  == Unused Reference: 'RFC 2215' is defined on line 4161, but no explicit
     reference was found in the text


     Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	NSIS Working Group                                         Attila Bader
2	INTERNET-DRAFT                                            Lars Westberg
3	Intended status: Experimental                                  Ericsson
4	Expires: 1 September 2010                           Georgios Karagiannis
5	                                                   University of Twente
6	                                                       Cornelia Kappler
7	                                                             DeZem GmbH
8	                                                             Tom Phelan
9	                                                                  Sonus

11	                                                            1 March 2010

13	       RMD-QOSM - The Resource Management in Diffserv QOS Model
14	                   <draft-ietf-nsis-rmd-16.txt>

16	Abstract

18	   This document describes an NSIS QoS Model for networks that use the
19	   Resource Management in Diffserv (RMD) concept.  RMD is a technique
20	   for adding admission control and pre-emption function to
21	   Differentiated Services (Diffserv) networks.  The RMD QoS Model
22	   allows devices external to the RMD network to signal reservation
23	   requests to edge nodes in the RMD network. The RMD Ingress edge nodes
24	   classify the incoming flows into traffic classes and signals resource
25	   requests for the corresponding traffic class along the data path to
26	   the Egress edge nodes for each flow.  Egress nodes reconstitute the
27	   original requests and continue forwarding them along the data path
28	   towards the final destination. In addition, RMD defines notification
29	   functions to indicate overload situations within the domain to the
30	   edge nodes.

32	Status of this Memo

34	   This Internet-Draft is submitted to IETF in full conformance with the
35	   provisions of BCP 78 and BCP 79.

37	   Internet-Drafts are working documents of the Internet Engineering
38	   Task Force (IETF), its areas, and its working groups.  Note that
39	   other groups may also distribute working documents as Internet-
40	   Drafts.

42	   Internet-Drafts are draft documents valid for a maximum of six months
43	   and may be updated, replaced, or obsoleted by other documents at any
44	   time.  It is inappropriate to use Internet-Drafts as reference
45	   material or to cite them other than as "work in progress."

47	   The list of current Internet-Drafts can be accessed at
48	   http://www.ietf.org/ietf/1id-abstracts.txt.

50	   The list of Internet-Draft Shadow Directories can be accessed at
51	   http://www.ietf.org/shadow.html.

53	   This Internet-Draft will expire on September 1, 2010.

55	Copyright Notice

57	   Copyright (c) 2010 IETF Trust and the persons identified as the
58	   document authors.  All rights reserved.

60	   This document is subject to BCP 78 and the IETF Trust's Legal
61	   Provisions Relating to IETF Documents
62	   (http://trustee.ietf.org/license-info) in effect on the date of
63	   publication of this document.  Please review these documents
64	   carefully, as they describe your rights and restrictions with respect
65	   to this document.  Code Components extracted from this document must
66	   include Simplified BSD License text as described in Section 4.e of
67	   the Trust Legal Provisions and are provided without warranty as
68	   described in the BSD License.

70	   This document may contain material from IETF Documents or IETF
71	   Contributions published or made publicly available before November
72	   10, 2008.  The person(s) controlling the copyright in some of this
73	   material may not have granted the IETF Trust the right to allow
74	   modifications of such material outside the IETF Standards Process.
75	   Without obtaining an adequate license from the person(s) controlling
76	   the copyright in such materials, this document may not be modified
77	   outside the IETF Standards Process, and derivative works of it may
78	   not be created outside the IETF Standards Process, except to format
79	   it for publication as an RFC or to translate it into languages other
80	   than English.

82	Table of Contents

84	   1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
85	   2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . .5
86	   3. Overview of RMD and RMD-QOSM . . . . . . . . . . . . . .. . .6
87	      3.1 RMD . . . . . . . . . . . . . . . . . . . . . . . . . . .6
88	      3.2 Basic features of RMD-QOSM . . . . . . . . . . . . . . . 9
89	          3.2.1 Role of the QNEs . . . . . . . .. . . . . . . . . .9
90	          3.2.2 RMD-QOSM/QoS-NSLP signaling . . . . . . . . . . . 10
91	          3.2.3 RMD-QOSM Applicability and considerations. . . . .11
92	   4. RMD-QOSM, Detailed Description . . . . . . . . . . . .. . . 14
93	      4.1 RMD-QSpec Definition . . . . . . . . . . . . . . . . . .14
94	          4.1.1 RMD-QOSM QoS Desired and QoS Available . . . . . .14
95	          4.1.2 PHR Container . . . . . . . . . . . . . . . . . . 15
96	          4.1.3 PDR Container  . . . . . . . . . . . . . . . . . .18
97	      4.2 Message format . . . . . . . . . . . . . . . . . . . . .20
98	      4.3 RMD node state management . . . . . . . . . . . . . . . 20
99	          4.3.1 Aggregated versus per flow reservations at the
100	                QNE edges . . . . . . . . . . . . . . . . . . . . 20
101	          4.3.2 Measurement-based method . . . . . . . . . . . . .22
102	          4.3.3 Reservation-based method . .. . . . . . . . . . . 24
103	      4.4 Transport of RMD-QOSM messages . . . . . . . . . . . . .25
104	      4.5 Edge discovery and addressing of messages . . . . . . . 27
105	      4.6 Operation and sequence of events . . . . . . . . . . . .28
106	          4.6.1 Basic unidirectional operation . . . . . . . . . .28
107	             4.6.1.1 Successful reservation. . . . . . . . . . . .30
108	             4.6.1.2 Unsuccessful reservation . . . . . . . . . . 41
109	             4.6.1.3 RMD refresh reservation. . . . . . . . . . . 44
110	             4.6.1.4 RMD modification of aggregated reservation . 47
111	             4.6.1.5 RMD release procedure. . . . . . . . . . . . 48
112	             4.6.1.6 Severe congestion handling  . . . . . . . . .56
113	             4.6.1.7 Admission control using congestion
114	                     notification based on probing . . . . . .  . 62
115	          4.6.2 Bidirectional operation . . . . . . . . . . . . . 65
116	             4.6.2.1 Successful and unsuccessful reservation . . .68
117	             4.6.2.2 Refresh reservation . . . . . . . . . . . . .72
118	             4.6.2.3 Modification of aggregated reservation . . . 72
119	             4.6.2.4 Release procedure . . . . . . . . . . . . . .73
120	             4.6.2.5 Severe congestion handling . . . . . . . . . 74
121	             4.6.2.6 Admission control using congestion
122	                     notification based on probing . . . . . . . .76
123	      4.7 Handling of additional errors . . . . . . . . . . . . . 78
124	   5. Security Consideration. . . . . . . . . . . . . . . . . . . 78
125	   6. IANA Considerations. . . . . . . . . . . . . . . . . . . . .82
126	   7. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . .83
127	   8. Authors` Addresses. . . . . . . . . . . . . . . . . . . . . 83
128	   9. Normative References . . . . . . . . . . . . . . . . . . . .84
129	   10. Informative References . . . . . . . . . . . . . . . . . . 84

131	1.  Introduction

133	   This document describes a Next Steps In Signaling (NSIS) QoS model
134	   for networks that use the Resource Management in Diffserv (RMD)
135	   framework ([RMD1], [RMD2], [RMD3], [RMD4]). RMD adds admission
136	   control to Diffserv networks and allows nodes external to the
137	   networks to dynamically reserve resources within the Diffserv
138	   domains.

140	   The Quality of Service NSIS Signaling Layer Protocol (QoS-NSLP)
141	   [QoS-NSLP] specifies a generic protocol for carrying Quality of
142	   Service(QoS) signaling information end-to-end in an IP network.
143	   Each network along the end-to-end path is expected to implement a
144	   specific QoS Model (QOSM) specified by the QSpec template [QSP-T]
145	   that interprets the requests and installs the necessary mechanisms,
146	   in a manner that is appropriate to the technology in use in the
147	   network, to ensure the delivery of the requested QoS.
148	   This document specifies an NSIS QoS Model for RMD networks (RMD-
149	   QOSM), and an RMD-specific QSpec (RMD-QSPec) for expressing
150	   reservations in a suitable form for simple processing by internal
151	   nodes.

153	   They are used in combination with the QoS-NSLP to provide
154	   QoS signaling service in an RMD network.  Figure 1 shows an RMD
155	   network with the respective entities.

157	                          Stateless or reduced state        Egress
158	   Ingress                RMD nodes                         Node
159	   Node                   (Interior Nodes; I-Nodes)        (Stateful
160	   (Stateful              |          |            |         RMD QoS
161	   RMD QoS NLSP           |          |            |         NSLP Node)
162	   Node)                  V          V            V
163	   +-------+   Data +------+      +------+       +------+     +------+
164	   |-------|--------|------|------|------|-------|------|---->|------|
165	   |       |   Flow |      |      |      |       |      |     |      |
166	   |Ingress|        |I-Node|      |I-Node|       |I-Node|     |Egress|
167	   |       |        |      |      |      |       |      |     |      |
168	   +-------+        +------+      +------+       +------+     +------+
169	            =================================================>
170	            <=================================================
171	                                  Signaling Flow

173	   Figure 1: Actors in the RMD-QOSM

175	   Many network scenarios, such as the "Wired Part of Wireless Network"
176	   scenario, which is described in section 8.4 of [RFC3726] require that
177	   the impact of the used QoS signaling protocol on the network
178	   performance should be minimised. In such network scenarios, the
179	   performance of each network node that is used in a communication path
180	   has an impact on the end-to-end performance. As such, the end-to-end
181	   performance of the communication path can be improved by optimizing
182	   the performance of the interior nodes. One of the factors that can
183	   contribute to this optimization is the minimization of the QoS
184	   signalling protocol processing load and the minimization of the
185	   number of states on each interior node.
186	   Another requirement that is imposed by such network scenarios is that
187	   whenever a severe congestion situation occurs in the network, the
188	   used QoS signaling protocol shoud be able to solve them. In case of a
189	   route change or link failure a severe congestion situation may occur
190	   in the network. Typically, routing algorithms are able to adapt and
191	   change their routing decisions to reflect changes in the topology and
192	   traffic volume. In such situations the re-routed traffic will have to
193	   follow a new path. Interior nodes located on this new path may become
194	   overloaded, since they suddenly might need to support more traffic
195	   than they have capacity for. These severe congestion situations will
196	   severely affect the overall performance of the traffic passing
197	   through such nodes.

199	   RMD-QoSM is an edge-to-edge (intra-domain) QoS Model that in
200	   combination with the QoS-NSLP and QSPEC specifications is designed to
201	   support the requirements mentioned above:

203	      o Minimal Impact on Interior Node Performance;
204	      o Increase of scalability;
205	      o Ability to deal with severe congestion

207	   Internally to the RMD network, RMD-QOSM together with QoS-NSLP
208	   [QoS-NSLP] defines a scalable QoS signaling model in which per-flow
209	   QoS-NSLP and NTLP states are not stored in Interior nodes but
210	   per-flow signaling is performed (see [QoS-NSLP]) at the edges.

212	   In the RMD-QOSM, only routers at the edges of a Diffserv domain
213	   (Ingress and Egress nodes) support the (QoS-NSLP) stateful
214	   operation, see Section 4.7 of [QoS-NSLP]. Interior nodes support
215	   either the(QoS-NSLP) stateless operation, or a reduced-state
216	   operation with coarser granularity than the edge nodes.

218	   After the terminology in Section 2, we give an overview of RMD and
219	   the RMD-QOSM in Section 3.  This document specifies several RMD-
220	   QOSM/QoS-NSLP signaling schemes. In particular, Section 3.2.3
221	   identifies which combination of sections are used for the
222	   specification of each RMD-QOSM/QoS-NSLP signaling scheme. In Section
223	   4 we give a detailed description of the RMD-QOSM, including the role
224	   of QNEs, the definition of the QSpec, mapping of QSpec generic
225	   parameters onto RMD-QOSM parameters, state management in QNEs, and
226	   operation and sequence of events. Section 5 discusses security
227	   issues.

229	2.  Terminology

231	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
232	   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
233	   this document are to be interpreted as described in [RFC2119].

235	   The terminology defined by GIST [GIST] and QoS-NSLP [QoS-NSLP]
236	   applies to this draft.

238	   In addition, the following terms are used:

240	   NSIS domain: a NSIS signalling capable domain.

242	   RMD domain: a NSIS domain that is capable of supporting the RMD-QOSM
243	   signalling and operations.

245	   Edge node: a QoS-NSLP node on the boundary of some
246	   administrative domain that connects one NSIS domain to a node
247	   either in another NSIS domain or in a non NSIS domain.

249	   NSIS aware node: a node that is aware of NSIS signalling and RMD-
250	   QOSM operations, such as severe congestion detection and DSCP
251	   marking.

253	   NSIS unaware: a node that is unware of NSIS signalling, but is
254	   aware of RMD-QOSM operations such as severe congestion detection
255	   and DSCP marking.

257	   Ingress node: An edge node in its role in handling the traffic
258	   as it enters the NSIS domain.

260	   Egress node: An edge node in its role in handling the traffic
261	   as it leaves the NSIS domain.
262	   Interior node: a node in a NSIS domain that is not an edge node.

264	   Congestion: is a temporal network state that occurs when the traffic
265	   (or when traffic associated with a particular PHB) passing through a
266	   link is slightly higher than the capacity allocated for the link (or
267	   allocated for the particular PHB). If no measures are taken than the
268	   traffic passing through this link may temporarily slightly degrade in
269	   QoS. This type of congestion is usually solved using admission
270	   control mechanisms.

272	   Severe congestion: is a congestion that occurs when a node or link
273	   fails and the traffic is rerouter through another node or link. If no
274	   measures are taken than the node or the link can become severely
275	   congested and all traffic passing through the node or link will
276	   severely degrade in QoS. This type of congestion cannot be solved
277	   using admission control mechanisms.

279	3.  Overview of RMD and RMD-QOSM

281	3.1.  RMD

283	   The Differentiated Services (Diffserv) architecture ([RFC2475],
284	   [RFC2638]) was introduced as a result of efforts to avoid the
285	   scalability and complexity problems of Intserv [RFC1633].
286	   Scalability is achieved by offering services on an aggregate
287	   rather than per-flow basis and by forcing as much of the per-flow
288	   state as possible to the edges of the network.  The service
289	   differentiation is achieved using the Differentiated Services (DS)
290	   field in the IP header and the Per-Hop Behavior (PHB) as the main
291	   building blocks.  Packets are handled at each node according to the
292	   PHB indicated by the DS field in the message header.

294	   The Diffserv architecture does not specify any means for devices
295	   outside the domain to dynamically reserve resources or receive
296	   indications of network resource availability.  In practice, service
297	   providers rely on short active time Service Level Agreements (SLAs)
298	   that statically define the parameters of the traffic that will be
299	   accepted from a customer.

301	   RMD was introduced as a method for dynamic reservation of resources
302	   within a Diffserv domain.  It describes a method that is able to
303	   provide admission control for flows entering the domain and a
304	   congestion handling algorithm that is able to terminate flows in
305	   case of congestion due to a sudden failure (e.g., link, router)
306	   within the domain.

308	   In RMD, scalability is achieved by separating a fine-grained
309	   reservation mechanism used in the edge nodes of a Diffserv domain
310	   from a much simpler reservation mechanism needed in the Interior
311	   nodes.  Typically it is assumed that edge nodes support per-
312	   flow QoS states in order to provide QoS guarantees for each flow.
313	   Interior nodes use only one aggregated reservation state per traffic
314	   class or no states at all.  In this way it is possible to handle
315	   large numbers of flows in the Interior nodes. Furthermore, due to
316	   the limited functionality supported by the Interior nodes, this
317	   solution allows fast processing of signaling messages.

319	   The possible RMD-QOSM applicabilities are described in Section
320	   3.2.3. Two main basic admission control modes are supported:
321	   reservation-based and measurement-based admission control that can
322	   be used in combination with a severe congestion handling solution.
323	   The severe congestion handling solution is used in the situation
324	   that a link/node becomes severely congested due to the fact that the
325	   traffic supported by a failed link/node is rerouted and has to be
326	   processed by this link/node. Furthermore, RMD-QOSM supports both
327	   uni-directional and bi-directional reservations.

329	   Another important feature of RMD-QOSM is that the intra-domain
330	   sessions supported by the edges can be either per flow sessions or
331	   per aggregate sessions. In case of the per flow intra-domain
332	   sessions, the maintained per flow intra-domain states have a one-to-
333	   one dependency to the per flow end-to-end states supported by the
334	   same edge. In case of the per-aggregate sessions the maintained per-
335	   aggregate states have a one-to-many relationship to the per flow
336	   end-to-end states supported by the same edge.

338	   In the reservation-based method, each Interior node maintains
339	   only one reservation state per traffic class.  The Ingress edge
340	   nodes aggregate individual flow requests into PHB traffic classes,
341	   and signal changes in the class reservations as necessary.  The
342	   reservation is quantified in terms of resource units (or bandwidth).
343	   These resources are requested dynamically per PHB and reserved on
344	   demand in all nodes in the communication path from an Ingress node
345	   to an Egress node.

347	   The measurement-based algorithm continuously measures traffic levels
348	   and the actual available resources, and admits flows whose resource
349	   needs are within what is available at the time of the request.

351	   Once an admission decision is made, no record of the decision need be
352	   kept at the interior nodes.  The advantage of measurement-based
353	   resource management protocols is that they do not require pre-
354	   reservation state nor explicit release of the reservations at the
355	   interior nodes. Moreover, when the user traffic is variable,
356	   measurement based admission control could provide higher network
357	   utilization than, e.g., peak-rate reservation.  However, this can
358	   introduce an uncertainty in the availability of the resources.

360	   Two types of measurement based admission control schemes are
361	   possible:

363	   * Congestion notification function based on probing:

365	   This method can be used to implement a simple measurement-based
366	   admission control within a Diffserv domain. In this scenario the
367	   interior nodes are not NSIS aware nodes. In these interior nodes
368	   thresholds are set for the traffic belonging to different PHBs in
369	   the measurement based admission control function. In this scenario
370	   an end-to-end NSIS message is used as a probe packet, meaning that
371	   the DSCP field in the header of the IP packet that carries the NSIS
372	   message is re-marked when the predefined congestion threshold is
373	   exceeded. Note that when the predefined congestion threshold is
374	   exceeded all packets are remarked by a node, including NSIS
375	   messages. In this way the edges can admit or reject flows that are
376	   requesting resources. The frequency and durations that the congestion
377	   level is above the threshold resulting in remarking, is tracked and
378	   used to influence the admission control decisions.

380	   * NSIS measurement-based admission control:

382	   In this case the measurement-based admission control functionality
383	   is implemented in NSIS aware stateless routers. The main difference
384	   between this type of admission control and the congestion
385	   notification based on probing is related to the fact that this type
386	   of admission control is applied mainly on NSIS aware nodes, giving
387	   the possibility to apply measuring techniques, see e.g., [JaSh97],
388	   [GrTs03], that are using current and past information on NSIS
389	   sessions that requested resources from an NSIS aware interior node.
390	   The admission decision is positive if the currently carried traffic,
391	   as characterized by the measured statistics, plus the requested
392	   resources for the new flow exceeds the system capacity with a
393	   probability smaller than some alpha. Otherwise, the admission
394	   decision is negative.

396	   RMD describes the following procedures:

398	   * Classification of an individual resource reservation or a resource
399	     query into Per Hop Behavior (PHB) groups at the Ingress node of
400	     the domain,

402	   * Hop-by-hop admission control based on a PHB within the
403	     domain. There are two possible modes of operation for internal
404	     nodes to admit requests. One mode is the stateless or
405	     measurement-based mode, where the resources within the domain are
406	     queried. Another mode of operation is the reduced-state
407	     reservation or reservation based mode, where the resources within
408	     the domain are reserved.

410	   * a method to forward the original requests across the domain up to
411	     the Egress node and beyond.

413	   * a congestion control algorithm that notifies the egress edge nodes
414	     about congestion. It is able to terminate the appropriate number
415	     of flows in case a of congestion due to a sudden failure (e.g.,
416	     link or router failure) within the domain.

418	3.2. Basic features of RMD-QOSM

420	3.2.1 Role of the QNEs

422	   The protocol model of the RMD-QOSM is shown in Figure 2.  The figure
423	   shows QNI and QNR nodes, not part of the RMD network, that are the
424	   ultimate initiator and receiver of the QoS reservation requests.  It
425	   also shows QNE nodes that are the Ingress and Egress nodes in the
426	   RMD domain (QNE Ingress and QNE Egress), and QNE nodes that are
427	   Interior nodes (QNE Interior).

429	   All nodes of the RMD domain are usually QoS-NSLP aware nodes.
430	   However, in the scenarios where the congestion notification function
431	   based on probing is used, then the interior nodes are not NSIS
432	   aware.  Edge nodes store and maintain QoS-NSLP and NTLP states and
433	   therefore are stateful nodes.  The NSIS aware Interior nodes are
434	   NTLP stateless. Furthermore they are either QoS-NSLP stateless (for
435	   NSIS measurement-based operation), or are reduced state nodes
436	   storing per PHB aggregated QoS-NSLP states (for reservation-based
437	   operation).

439	   Note that the RMD domain MAY contain Interior nodes that are
440	   not NSIS aware nodes (not shown in the figure).  These nodes are
441	   assumed to have sufficient capacity for flows that might be
442	   admitted.  Furthermore, some of these NSIS unaware nodes MAY be used
443	   for measuring the traffic congestion level on the data path. These
444	   measurements can be used by RMD-QOSM in the congestion control based
445	   on probing operation and/or severe congestion operation
446	   (see Section 4.6.1.6).

448	     |------|   |-------|                           |------|   |------|
449	     | e2e  |<->| e2e   |<------------------------->| e2e  |<->| e2e  |
450	     | QoS  |   | QoS   |                           | QoS  |   | QoS  |
451	     |      |   |-------|                           |------|   |------|
452	     |      |   |-------|   |-------|   |-------|   |------|   |      |
453	     |      |   | local |<->| local |<->| local |<->| local|   |      |
454	     |      |   | QoS   |   |  QoS  |   |  QoS  |   |  QoS |   |      |
455	     |      |   |       |   |       |   |       |   |      |   |      |
456	     | NSLP |   | NSLP  |   | NSLP  |   | NSLP  |   | NSLP |   | NSLP |
457	     |st.ful|   |st.ful |   |st.less/   |st.less/   |st.ful|   |st.ful|
458	     |      |   |       |   |red.st.|   |red.st.|   |      |   |      |
459	     |      |   |-------|   |-------|   |-------|   |------|   |      |
460	     |------|   |-------|   |-------|   |-------|   |------|   |------|
461	     ------------------------------------------------------------------
462	     |------|   |-------|   |-------|   |-------|   |------|   |------|
463	     | NTLP |<->| NTLP  |<->| NTLP  |<->| NTLP  |<->| NTLP |<->|NTLP  |
464	     |st.ful|   |st.ful |   |st.less|   |st.less|   |st.ful|   |st.ful|
465	     |------|   |-------|   |-------|   |-------|   |------|   |------|
466	       QNI         QNE        QNE         QNE          QNE       QNR
467	     (End)     (Ingress)   (Interior)  (Interior)   (Egress)    (End)

469	         st.ful: stateful, st.less: stateless
470	         st.less red.st.: stateless or reduced state

472	   Figure 2: Protocol model of stateless/reduced state operation

474	3.2.2 RMD-QOSM/QoS-NSLP Signaling

476	   The basic RMD-QOSM/QoS-NSLP signaling is shown in Figure 3. The
477	   signalling scenarios are accomplished using the QoS-NSLP processing
478	   rules defined in [QoS-NSLP], in combination with the RMF triggers
479	   sent via the QoS-NSLP-RMF API described in [QoS-NSLP]. A RESERVE
480	   message is created by a QNI with an Initiator QSpec describing the
481	   reservation and forwarded along the path towards the QNR.  When the
482	   original RESERVE message arrives at the Ingress node, an RMD-QSpec
483	   is constructed based on the initial QSpec in the message (usually
484	   the Initiator QSpec).  The RMD-QSpec is sent in a intra-domain,
485	   independent RESERVE message through the Interior nodes towards the
486	   QNR. This intra-domain RESERVE message uses the  GIST datagram
487	   signaling mechanism. Note that the RMD-QOSM cannot directly specify
488	   that the GIST datagram mode SHOULD be used. This can however be
489	   notified by using the GIST API Transfer-Attributes, such as
490	   unreliable, low level of security and use of local policy.
491	   Meanwhile, the original RESERVE message is sent to the Egress node
492	   on the path to the QNR using the reliable transport mode of NTLP.

494	   Each QoS-NSLP node on the data path processes the intra-domain
495	   RESERVE message and checks the availability of resources with either
496	   the reservation-based or the measurement-based method.

498	          QNE Ingress     QNE Interior     QNE Interior   QNE Egress
499	        NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
500	               |               |               |              |
501	       RESERVE |               |               |              |
502	      -------->| RESERVE       |               |              |
503	               +--------------------------------------------->|
504	               | RESERVE`      |               |              |
505	               +-------------->|               |              |
506	               |               | RESERVE`      |              |
507	               |               +-------------->|              |
508	               |               |               | RESERVE`     |
509	               |               |               +------------->|
510	               |               |               |     RESPONSE`|
511	               |<---------------------------------------------+
512	               |               |               |              | RESERVE
513	               |               |               |              +------->
514	               |               |               |              |RESPONSE
515	               |               |               |              |<-------
516	               |               |               |     RESPONSE |
517	               |<---------------------------------------------+
518	       RESPONSE|               |               |              |
519	      <--------|               |               |              |

521	   Figure 3: Sender-initiated reservation with Reduced State Interior
522	             Nodes

524	   When the message reaches the Egress node, and the reservation is
525	   successful in each Interior node, an intra-domain (local) RESPONSE`
526	   is sent towards the ingress node and the original (end-to-end)
527	   RESERVE message is forwarded to the next domain.  When the Egress
528	   node receives a RESPONSE message from the downstream end, it is
529	   forwarded directly to the Ingress node.

531	   If an intermediate node cannot accommodate the new request, it
532	   indicates this by marking a single bit in the message, and continues
533	   forwarding the message until the Egress node is reached. From the
534	   Egress node an intra-domain RESPONSE` and an original RESPONSE
535	   message are sent directly to the Ingress node.

537	   As a consequence in the stateless/reduced state domain only sender-
538	   initiated reservation can be performed and functions requiring per
539	   flow NTLP or QoS-NSLP states, like summary and reduced refreshes,
540	   cannot be used. If per flow identification, is needed, i.e.,
541	   associating the flow IDs for the reserved resources, Edge nodes act
542	   on behalf of Interior nodes.

544	3.2.3 RMD-QOSM Applicability and considerations

546	   The RMD-QOSM is a Diffserv-based bandwidth management methodology
547	   that is not able to provide a full Diffserv support.

549	   The reason of this is that the RMD-QOSM concept can only support the
550	   (Expedited Forwarding) EF-like functionality behavior, but is not
551	   able to support the full set of (Assured Forwarding) AF-like
552	   functionality. The bandwidth information REQUIRED by the EF-like
553	   functionality behaviour can be supported by RMD-QOSM carrying the
554	   bandwidth information in the <QoS Desired> parameter, see [QSP-T].
555	   The full set of (Assured Forwarding) AF-like functionality requires
556	   information that is specified in two token buckets. The RMD-QOSM is
557	   not supporting the use of two token buckets and therefore, it is not
558	   able to support the full set of AF-functionality. Note however,
559	   that RMD-QOSM could also support a single AF PHB, when the traffic
560	   or the upper limit of the traffic can be characterized by a single
561	   bandwidth parameter.

563	   The RMD domain MUST be engineered in such a way that each QNE Ingress
564	   maintains information about the smallest MTU that is supported on the
565	   links within the RMD domain.

567	   A very important consideration on using RMD-QOSM is that within one
568	   RMD domain only one of the following RMD-QOSM schemes can be used at
569	   a time. Thus a RMD router can never process and use two different
570	   RMD-QOSM signaling schemes at the same time. The operator of an RMD
571	   domain has to pre-configure all routers in the domain such that
572	   within one RMD domain only one of the below described RMD-QOSM
573	   schemes can be used at a time. Note however, that there is no single
574	   to implement scheme variant.

576	   The congestion situations, see Section 2, are solved using admission
577	   control mechanism, e.g., "per flow congestion notification based on
578	   probing", while the severe congestion situations, see Section 2, are
579	   solved using the severe congestion handling mechanisms, e.g., "Severe
580	   congestion handling by proportional data packet marking".

582	   The RMD domain MUST be engineered in such a way that RMD-QOSM
583	   messages could be transported using the GIST Query and
584	   Data messages in Q-mode, see [GIST]. This means that the Path MTU
585	   MUST be engineered in such a way that the RMD-QOSM message are
586	   transported without fragmentation. Furthermore, the RMD domain MUST
587	   be engineered in such a way to guarantee capacity for the GIST
588	   Query and Data messages in Q-mode, within the rate control limits
589	   imposed by GIST, see [GIST].

591	   The RMD domain has to be configured such that the GIST context-free
592	   flag (C-flag) MUST be set (C=1) for Query messages and Data
593	   messages sent in Q-mode, see [GIST].

595	   It is important to note that the concepts described in Sections
596	   4.6.1.6.2, 4.6.2.5.2, 4.6.1.6.2 and 4.6.2.5.2 contributed to
597	   the PCN WG standardisation.

599	   The available RMD-QOSM/QoS-NSLP signaling schemes are:

601	   * "per flow congestion notification based on probing" (see
602	     Sections 4.3.2, 4.6.1.7., 4.6.2.6.). Note that this scheme uses for
603	     severe congestion handling the "Severe congestion handling by
604	     proportional data packet marking", see Section 4.6.1.6.2,
605	     4.6.2.5.2). Furthermore, the interior nodes are considered to be
606	     Diffserv aware, but NSIS unaware nodes, see Section 4.3.2.

608	   * "per flow RMD NSIS measurement based admission control" (see
609	     Sections 4.3.2, 4.6.1, 4.6.2). Note that this scheme uses for
610	     severe congestion handling the "Severe congestion handling by
611	     proportional data packet marking", see Section 4.6.1.6.2,
612	     4.6.2.5.2). Furthermore, the interior nodes are considered to be
613	     NSIS aware nodes, see Section 4.3.2.

615	   * "per flow RMD reservation based" in combination with "severe
616	     congestion handling by the RMD-QOSM refresh procedure" (see
617	     Sections 4.3.3, 4.6.1, 4.6.1.6.1, 4.6.2.5.1). Note that this
618	     scheme uses for severe congestion handling the "Severe congestion
619	     handling by the RMD-QOSM refresh" procedure, see Section 4.6.1.6.1,
620	     4.6.2.5.1). Furthermore, the intra-domain sessions supported by the
621	     edge nodes are per flow sessions, see Section 4.3.3.

623	   * "per flow RMD reservation based" in combination with "severe
624	     congestion handling by proportional data packet marking" procedure
625	     (see Sections 4.3.3, 4.6.1, 4.6.1.6.2, 4.6.2.5.2). Note that
626	     this scheme uses for severe congestion handling the "Severe
627	     congestion handling by proportional data packet marking" procedure,
628	     see Section 4.6.1.6.2, 4.6.2.5.2). Furthermore, the intra-domain
629	     sessions supported by the edge nodes are per flow sessions, see
630	     Section 4.3.3.

632	   * "per aggregate RMD reservation based" in combination with
633	     "severe congestion handling by the RMD-QOSM refresh procedure" (see
634	     Sections 4.3.1, 4.6.1, 4.6.1.6.1, 4.6.2.5.1). Note that this
635	     scheme uses for severe congestion handling the "Severe congestion
636	     handling by the RMD-QOSM refresh" procedure, see Section 4.6.1.6.1,
637	     4.6.2.5.1). Furthermore, the intra-domain sessions supported by the
638	     edge nodes are per aggregate sessions, see Section 4.3.1.

640	   * "per aggregate RMD reservation based" in combination with
641	     "severe congestion handling by proportional data packet marking"
642	     procedure (see Sections 4.3.1, 4.6.1, 4.6.1.6.2, 4.6.2.5.2).
643	     Note that this scheme uses for severe congestion handling the
644	     "Severe congestion handling by proportional data packet marking"
645	     procedure, see Section 4.6.1.6.2, 4.6.2.5.2). Furthermore, the
646	     intra-domain sessions supported by the edge nodes are per aggregate
647	     sessions, see Section 4.3.1.

649	4.  RMD-QOSM, Detailed Description

651	   This section describes the RMD-QOSM in more detail.  In particular,
652	   it defines the role of stateless and reduced-state QNEs, the
653	   RMD-QOSM QSpec Object, the format of the RMD-QOSM QoS-NSLP messages
654	   and how QSpecs are processed and used in different protocol
655	   operations.

657	4.1.  RMD-QSpec Definition

659	   The RMD-QOSM uses the QSpec format specified in [QSP-T].
660	   The Initiator/Local QSPEC bit, i.e., <I> is set to "Local" (i.e.,
661	   "1") and the <Qspec Proc> is set as follows:
662	   * Message Sequence = 0: Sender initiated
663	   * Object combination = 0: <QoS Desired> for RESERVE and
664	     <QoS Reserved> for RESPONSE

666	   The <QSPEC Version> used by RMD-QOSM is the default version, i.e.,
667	   "0", see [QSP-T]. The <QSPEC Type> value used by the RMD-QOSM is
668	   specified in [QSP-T] and is equal to: "2".
669	   The <Traffic Handling Directives> contains the following fields:

671	   <Traffic Handling Directives> = <PHR container> <PDR container>

673	   The Per Hop Reservation container (PHR container) and
674	   the Per Domain Reservation container (PDR container) are specified
675	   in Section 4.1.2 and 4.1.3, respectively. The <PHR container>
676	   contains the traffic handling directives for intra-domain
677	   communication and reservation.  The <PDR container> contains
678	   additional traffic handling directives that is needed for
679	   edge-to-edge communication. The parameter IDs used by the <PHR
680	   container> and <PDR container> are assigned by IANA, see Section 6.

682	   The RMD-QOSM <QoS Desired> and <QoS Reserved>, are specified in
683	   Section 4.1.1. The RMD-QOSM <QoS Desired> and <QoS Reserved> and the
684	   <PHR container> are used and processed by the Edge and Interior
685	   nodes. The <PDR container> field is only processed by Edge nodes.

687	4.1.1.  RMD-QOSM QoS Desired and QoS Reserved

689	   The RESERVE message contains only the QoS Desired object [QSP-T]. The
690	   QoS Reserved object is carried by the RESPONSE message.

692	   In RMD-QOSM the <QoS Desired> and <QoS Reserved> objects contain the
693	   following parameters:

695	   <QoS Desired> = <TMOD-1> <PHB Class> <Admission Priority>
696	   <QoS Reserved> = <TMOD-1> <PHB Class> <Admission Priority>
697	   The bit format of the <PHB Class> (see [QSP-T] and Figure 4 and
698	   Figure 5) and <Admission Priority> complies to the bit format
699	   specified in [QSP-T].

701	   Note that for the RMD-QOSM a reservation established without an
702	   <Admission Priority> parameter is equivalent to a reservation
703	   established with an <Admission Priority> whose value is 1.

705	            0                   1
706	            0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
707	           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
708	           | DSCP      |0 0 0 0 0 0 0 0 X 0|
709	           +---+---+---+---+---+---+---+---+

711	             Figure 4: DSCP parameter

713	            0                   1
714	            0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
715	           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
716	           |    PHB ID code        |0 0 X X|
717	           +---+---+---+---+---+---+---+---+

719	            Figure 5: PHB ID Code parameter

721	4.1.2.  PHR Container

723	   This section describes the parameters used by the PHR container,
724	   which are used by the RMD-QOSM functionality available at the
725	   Interior nodes.

727	   <PHR container> = <Overload %>, <K>, <S>,<M>,
728	   <Admitted Hops>, <B>, <Hop_U>, <Time Lag>, <Max Admitted Hops>

730	   The bit format of the PHR container can be seen in Figure 6. Note
731	   that in Figure 6 <Hop U> is represented as <U>. Furthermore, in
732	   Figure 6 <Max Admitted Hops> is represented as <Max Adm Hops>.

734	     0                   1                   2                   3
735	     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
736	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
737	    |M|E|N|r|       Container ID    |r|r|r|r|          2            |
738	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
739	    |S|M| Admitted  Hops|B|U| Time  Lag     |  Overload %   |K|     |
740	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
741	    | Max Adm  Hops |                                               |
742	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

744	        Figure 6: PHR container

746	   Container ID: 12 bit field, indicating the PHR type:
747	   PHR_Resource_Request, PHR_Release_Request, PHR_Refresh_Update.

749	   "PHR_Resource_Request" (Container ID = 17): initiate or update
750	   the traffic class reservation state on all nodes located on the
751	   communication path between the QNE(Ingress) and QNE(Egress) nodes.

753	   "PHR_Refresh_Update" (Container ID = 18): refresh the
754	   traffic class reservation soft state on all nodes located on the
755	   communication path between the QNE(Ingress) and QNE(Egress)
756	   nodes according to a resource reservation request that was
757	   successfully processed during a previous refresh period.

759	   "PHR_Release_Request" (Container ID = 19): explicitly release, by
760	   subtraction, the reserved resources for a particular flow
761	   from a traffic class reservation state.

763	   <S> (Severe Congestion):
764	   1 bit.  In case of a route change refreshing RESERVE messages
765	   follow the new data path, and hence resources are requested
766	   there.  If the resources are not sufficient to accommodate the new
767	   traffic severe congestion occurs.  Severe congested Interior nodes
768	   SHOULD notify Edge QNEs about the congestion by setting the S bit.

770	   <Overload %>:
771	   8 bits In case of severe congestion the level of overload is
772	   indicated by the Overload %. Overload % is the percentage of the
773	   measured PHB bit rate that is above the bit rate rate used to detect
774	   a severe congestion. Overload % SHOULD be higher than 0 if S bit is
775	   set. If overload in a node is greater than the overload in a previous
776	   node then Overload % SHOULD be updated. For more details see Section
777	   4.6.1.6.1. Note that this field represents a real parameter.

779	   <M>:
780	   1 bit.  In case of unsuccessful resource reservation or resource
781	   query in an Interior QNE, this QNE sets the M bit in order to
782	   notify the Egress QNE.

784	   <Admitted Hops>:
785	   8 bit field.  The <Admitted Hops> counts the number of hops in the
786	   RMD domain where the reservation was successful.  The <Admitted
787	   Hops> is set to "0" when a RESERVE message enters a domain and it
788	   MUST be incremented by each Interior QNE, provided that the Hop_U bit
789	   is not set.  However when a QNE that does
790	   not have sufficient resources to admit the reservation is reached,
791	   the M Bit is set, and the <Admitted Hops> value is frozen, by setting
792	   the Hop_U bit to "1". Note that the <Admitted Hops> parameter in
793	   combinations with the <Max Admitted Hops> and <K> parameters are used
794	   during the RMD partial release procedures, see Section 4.6.1.5.2.

796	   <Hop_U> (NSLP_Hops unset):
797	   1-bit. The QNE(Ingress) node MUST set the <Hop_U> parameter to
798	   0.  This parameter SHOULD be set to "1" by a node when the node does
799	   not increase the <Admitted Hops> value. This is the case when an
800	   RMD-QOSM reservation-based node is not admitting the reservation
801	   request. When <Hop_U> is set "1" the <Admitted Hops> SHOULD NOT be
802	   changed. Note that this flag in combination with the <Admitted Hops>
803	   flag are used to locate the last node that successfully processed a
804	   reservation request, see Section 4.6.1.2.

806	   <B>: 1 bit.  When set to "1" it indicates bi-directional reservation.

808	   <Time Lag>: It represents the ratio between the "T_Lag" parameter,
809	   which is the time difference between the departure time of
810	   the last sent "PHR_Refresh_Update" control information container and
811	   the departure time of the "PHR_Resource_Release" control information
812	   container,and the length of the refresh period, "T_period", see
813	   Section 4.6.1.5.

815	   <K>: 1 bit. When set to "1" it indicates that the resources/bandwidth
816	   carried by a tearing RESERVE MUST NOT be released and the
817	   resources/bandwidth carried by a non tearing RESERVE MUST NOT be
818	   reserved/refreshed.

820	   <Max Admitted Hops>:
821	   8-bit.  The <Admitted Hops> value that has been carried by the
822	   PHR container field used to identify the RMD reservation based node
823	   that admitted or process a "PHR_Resource_Request"

825	4.1.3.  PDR container

827	   This section describes the parameters of the PDR container, which are
828	   used by the RMD-QOSM functionality available at the
829	   Edge nodes.

831	   The bit format of the PDR container can be seen in Figure 7.

833	   <PDR container> = <Overload %>  <S> <M> <Max
834	   Admitted Hops> <B> [<PDR Bandwidth>]

836	   Note that in Figure 7 <Max Admitted Hops> is represented as
837	   <Max Adm Hops>.

839	       0                   1                   2                   3
840	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
841	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
842	      |M|E|N|r|   Container ID        |r|r|r|r|          2            |
843	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
844	      |S|M| Max Adm  Hops |B|  Overload %   |       Empty       |     |
845	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
846	      |PDR Bandwidth(32-bit IEEE floating point.number)               |
847	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

849	        Figure 7: PDR container

851	   Container ID: 12-bit field identifying the type of PDR container
852	   field.

854	   "PDR_Reservation_Request" (Container ID = 20):
855	   Generated by the QNE(Ingress) node in order to initiate or update
856	   the QoS-NSLP per domain reservation state in the QNE(Egress) node

858	   "PDR_Refresh_Request" (Container ID = 21): generated by
859	   the QNE(Ingress) node and sent to the QNE(Egress) node to refresh,
860	   in case needed, the QoS-NSLP per domain reservation states
861	   located in the QNE(Egress) node

863	   "PDR_Release_Request" (Container ID = 22): generated
864	   and sent by the QNE(Ingress) node to the QNE(Egress) node to release
865	   the per domain reservation states explicitly

867	   "PDR_Reservation_Report" (Container ID = 23): generated
868	   and sent by the QNE(Egress) node to the QNE(Ingress) node to
869	   report that a "PHR_Resource_Request" and a
870	   "PDR_Reservation_Request" traffic handling directive fields have been
871	   received and that the request has been admitted or rejected
872	   "PDR_Refresh_Report" (Container ID = 24) generated and
873	   sent by the QNE(Egress) node in case needed, to the QNE(Ingress)
874	   node to report that a "PHR_Refresh_Update" traffic handling directive
875	   field has been received and has been processed

877	   "PDR_Release_Report" (Container ID = 25) generated and
878	   sent by the QNE(Egress) node in case needed, to the QNE(Ingress)
879	   node to report that a "PHR_Release_Request" and a
880	   "PDR_Release_Request" traffic handling directive fields have been
881	   received and have been processed.

883	   "PDR_Congestion_Report" (Container ID = 26): generated
884	   and sent by the QNE(Egress) node to the QNE(Ingress) node and used
885	   for congestion notification

887	   <S> (PDR Severe Congestion):
888	   1-bit.  Specifies if a severe congestion situation occurred.
889	   It can also carry the <S> parameter of the
890	   "PHR_Resource_Request" or "PHR_Refresh_Update" fields.

892	   <Overload %>:
893	   8-bit.  It includes the Overload % of the
894	   "PHR_Resource_Request" or "PHR_Refresh_Update" control
895	   information fields, indicating the level of overload to the Ingress
896	   node.  For more details see Section 4.6.1.6.1.

898	   <M> (PDR Marked):
899	   1-bit.  Carries the <M> value of the "PHR_Resource_Request" or
900	   "PHR_Refresh_Update" traffic handling directive fields.

902	   <B>: 1 bit Indicates bi-directional reservation.

904	   <Max Admitted Hops>:
905	   8-bit.  The <Admitted Hops> value that has been carried by the
906	   PHR container field used to identify the RMD reservation based node
907	   that admitted or process a "PHR_Resource_Request"

909	   <PDR Bandwidth>:
910	   32 bits.  This field specifies the bandwidth that either applies
911	   when the "B" flag is set to "1" and when this parameter is carried
912	   by a RESPONSE message, or when a severe congestion occurs and the
913	   QNE edges maintain an aggregated intra-domain QoS-NSLP operational
914	   state and it is carried by a NOTIFY message.  In the situation that
915	   the "B" flag is set to "1" this parameter specifies the requested
916	   bandwidth that have to be reserved by a node in the reverse
917	   direction and when the intra-domain signaling procedures require a
918	   bi-directional reservation procedure.  In the severe congestion
919	   situation this parameter specifies the bandwidth that has to be
920	   released.

922	4.2.  Message Format

924	   The format of the messages used by the RMD-QOSM complies with the
925	   QoS-NSLP and QSpec template specifications.  The QSpec used by RMD-
926	   QOSM is denoted in this document as RMD-QSpec and is described in
927	   Section 4.1.

929	4.3.  RMD node state management

931	   The QoS-NSLP state creation and management is specified in
932	   [QoS-NSLP].  This section describes the state creation and
933	   management functions of the Resource Management Function (RMF) in
934	   the RMD nodes.

936	4.3.1 Aggregated operational and reservation states at the QNE Edges

938	   The QNE Edges maintain both the intra-domain QoS-NSLP operational
939	   and reservation states, while the QNE Interior nodes maintain only
940	   reservation states. The structure of the intra-domain QoS-NSLP
941	   operational state used by the QNE edges is specified in [QoS-NSLP].

943	   In this case the intra-domain sessions supported by the edges are per
944	   aggregate sessions that have a one-to-many relationship to the per
945	   flow end-to-end states supported by the same edge.

947	   Note that the method of selecting the end-to-end sessions that form
948	   an aggregate is not specified in this document. An example how this
949	   can be accomplished is by monitoring the GIST routing states used by
950	   the end-to-end sessions and group the ones that use the same <PHB
951	   class>, QNE Ingress and QNE Egress addresses and the value of the
952	   priority level. Note that this priority level should be deduced from
953	   the priority parameters carried by the initial QSpec object.

955	   The operational state of this aggregated intra-domain session MUST
956	   contain a list with BOUND_SESSION_IDs.

958	   The structure of the list depends on whether a unidirectional
959	   reservation or a bidirectional reservation is supported.

961	   When the operational state (at QNE ingress and QNE egress) supports
962	   unidirectional reservations then this state MUST contain a list with
963	   BOUND_SESSION_IDs maintaining the SESSION_ID values of its bound
964	   end-to-end sessions. The BINDING_CODE associated with this
965	   BOUND_SESSION_ID is set to code (Aggregated sessions).  Thus the
966	   operational state maintains a list of BOUND_SESSION_IDs entries.
967	   Each entry is created when an end-to-end session joins the
968	   aggregated intra-domain session and is removed when an end-to-end
969	   session leaves the aggregate.

971	   It is important to emphasize that in this case, the operational
972	   state (at QNE ingress and QNE egress) that is maintained by each
973	   end-to-end session bound to the aggregated intra-domain session it
974	   MUST contain in the BOUND_SESSION_ID, the SESSION_ID value of the
975	   bound tunnelled intra-domain (aggregate) session. The BINDING_CODE
976	   associated with this BOUND_SESSION_ID is set to code (Aggregated
977	   sessions).

979	   When the operational state (at QNE ingress and QNE egress) supports
980	   bidirectional reservations then the operational state MUST contain a
981	   list of BOUND_SESSION_ID sets. Each set contain two
982	   BOUND_SESSION_IDs.  One of the BOUND_SESSION_IDs maintains the
983	   SESSION_ID value of one of bound end-to-end session. The
984	   BINDING_CODE associated with this BOUND_SESSION_ID is set to code
985	   (Aggregated sessions). Another BOUND_SESSION_ID, within the same set
986	   entry, maintains the SESSION_ID of the bidirectional bound end-to-
987	   end session. The BINDING_CODE associated with this BOUND_SESSION_ID
988	   is set to code (Bi-directional sessions).

990	   Note that in each set, a one to one relation exists between each
991	   BOUND_SESSION_ID with BINDING_CODE set to (Aggregate sessions) and
992	   each BOUND_SESSION_ID with BINDING_CODE set to (Bi-directional
993	   sessions). Each set is created when an end-to-end session joins the
994	   aggregated operational state and is removed when an end-to-end
995	   session leaves the aggregated operational state.

997	   It is important to emphasize that in this case, the operational
998	   state (at QNE ingress and QNE egress) that is maintained by each
999	   end-to-end session bound to the aggregated intra-domain session it
1000	   MUST contain two types of BOUND_SESSION_IDs. One is the
1001	   BOUND_SESSION_ID that MUST contain the SESSION_ID value of the bound
1002	   tunelled aggregated intra-domain session that is using the
1003	   BINDING_CODE set to (Aggregated sessions). The other
1004	   BOUND_SESSION_ID maintains the SESSION_ID of the bound bidirectional
1005	   end-to-end session. The BINDING_CODE associated with this
1006	   BOUND_SESSION_ID is set to code (Bi-directional sessions).

1008	   When the QNE Edges use aggregated QoS-NSLP reservation states, then
1009	   the PHB class value and the size of the aggregated
1010	   reservation, e.g., reserved bandwidth have to be maintained.
1011	   Note that this type of aggregation is an edge to edge aggregation
1012	   and is similar to the aggregation type specified in [RFC3175].

1014	   The size of the aggregated reservations needs to be
1015	   greater or equal to the sum of bandwidth of the inter domain
1016	   (end-to-end) reservations/sessions it aggregates, see e.g., Section
1017	   1.4.4 of [RFC3175].

1019	   A policy can be used to maintain the amount of REQUIRED bandwidth on
1020	   a given aggregated reservation by taking into account the sum of the
1021	   underlying inter domain (end-to-end) reservations, while endeavouring
1022	   to change reservation less frequently.  This MAY require a trend
1023	   analysis. If there is a significant probability that in the next
1024	   interval of time the current aggregated reservation is exhausted, the
1025	   Ingress router MUST predict the necessary bandwidth and request it.
1026	   If the Ingress router has a significant amount of bandwidth reserved
1027	   but has very little probability of using it, the policy MAY predict
1028	   the amount of bandwidth REQUIRED and release the excess.  To increase
1029	   or decrease the aggregate, the RMD modification procedures SHOULD be
1030	   used (see Section 4.6.1.4).

1032	   The QNE interior node are reduced state nodes, i.e., they do not
1033	   store NTLP/GIST states but they do store per PHB-aggregated QoS-NSLP
1034	   reservation states. These reservation states are maintained and
1035	   refreshed in the same way as described in Section 4.3.3.

1037	4.3.2  Measurement-based method

1039	   The QNE Edges maintain per flow intra-domain QoS-NSLP operational
1040	   and reservation states that are containing similar data structures
1041	   as described in Section 4.3.1. The main difference is associated
1042	   with the different types of the used MRI and the bound end-to-end
1043	   sessions. The structure of the maintained BOUND_SESSION_IDs depends
1044	   on whether a unidirectional reservation or a bidirectional
1045	   reservation is supported.

1047	   When unidirectional reservations are supported then the operational
1048	   state associated with this per flow intra-domain session MUST
1049	   contain in the BOUND_SESSION_ID the SESSION_ID value of its bound
1050	   end-to-end session. The BINDING_CODE associated with this
1051	   BOUND_SESSION_ID is set to code (Tunnelled and end-to-end sessions).

1053	   When bidirectional reservations are supported then the operational
1054	   state (at QNE ingress and QNE egress) MUST contain two types of
1055	   BOUND_SESSION_IDs. One is the BOUND_SESSION_ID that maintains the
1056	   SESSION_ID value of the bound tunnelled per-flow intra-domain
1057	   session.  The BINDING_CODE associated with this BOUND_SESSION_ID is
1058	   set to code (Tunnelled and end-to-end sessions).
1059	   The other BOUND_SESSION_ID maintains the SESSION_ID of the bound
1060	   bidirectional end-to-end session. The BINDING_CODE associated with
1061	   this BOUND_SESSION_ID is set to code (Bi-directional sessions).

1063	   Furthermore, the QoS-NSLP reservation state maintains the PHB class
1064	   value, the value of the bandwidth requested by the end-to-end
1065	   session bound to the intra-domain session and the value of the
1066	   priority level.

1068	   The measurement-based method can be classified in two schemes:

1070	   * Congestion notification based on probing:

1072	   In this scheme the interior nodes are Diffserv aware but not NSIS
1073	   aware nodes. Each interior node counts the bandwidth that is used
1074	   by each PHB traffic class. This counter value is stored in an
1075	   RMD_QOSM state. For each PHB traffic class a predefined congestion
1076	   notification threshold is set. The predefined congestion
1077	   notification threshold is set according to, an engineered bandwidth
1078	   limitation based on e.g. agreed Service Level Agreement or a
1079	   capacity limitation of specific links. The threshold is usually less
1080	   than the capacity limit, i.e., admission threshold, in order to
1081	   avoid congestion due to the error of estimating the actual traffic
1082	   load. The value of this threshold SHOULD be stored in another
1083	   RMD_QOSM state.

1085	   In this scenario end-to-end NSIS message is used as a probe packet.
1086	   In this case the DSCP field of the GIST message is re-marked when the
1087	   predefined congestion notification threshold is exceeded in an
1088	   interior node. It is required that the remarking happens to all
1089	   packets that are belonging to the congested PHB traffic class so that
1090	   the probe can't pass the congested router without being remarked. In
1091	   this way it is ensured that the end-to-end NSIS message passed
1092	   through the node that it is congested. This feature is very useful
1093	   when flow-based ECMP (Equal Cost Multiple Path) routing is used to
1094	   detect only flows that are passing through the congested node.

1096	   * NSIS measurement-based admission control:
1097	   The measurement based admission control is implemented in NSIS aware
1098	   stateless routers. Thus the main difference between this type of the
1099	   measurement-based admission control and the congestion notification-
1100	   based admission control is the fact that the interior nodes are NSIS
1101	   aware nodes. In particular, the QNE Interior nodes operating
1102	   in NSIS measurement-based mode are QoS-NSLP stateless nodes, i.e.,
1103	   they do not support any QoS-NSLP or NTLP/GIST states.  These
1104	   measurement-based nodes store two RMD-QOSM states per PHR group.
1105	   These states reflect the traffic conditions at the node and are not
1106	   affected by QoS-NSLP signaling. One state stores the measured user
1107	   traffic load associated with the PHR group and another state stores
1108	   the maximum traffic load threshold that can be admitted per PHR
1109	   group. When a measurement-based node receives a intra-domain RESERVE
1110	   message, it compares the requested resources to the available
1111	   resources (maximum allowed minus current load) for the requested PHR
1112	   group.  If there are insufficient resources, it sets the <M> bit in
1113	   the RMD-QSpec.  No change to the RMD-QSpec is made when there are
1114	   sufficient resources.

1116	4.3.3  Reservation-based method

1118	   The QNE Edges maintain intra-domain QoS-NSLP operational and
1119	   reservation states that are containing similar data structures as
1120	   described in Section 4.3.1.

1122	   In this case the intra-domain sessions supported by the edges are per
1123	   flow sessions that have a one-to-one relationship to the per
1124	   flow end-to-end states supported by the same edge.
1125	   The QNE Interior nodes operating in reservation-based mode are QoS-
1126	   NSLP reduced state nodes, i.e., they do not store NTLP/GIST states
1127	   but they do store per PHB-aggregated QoS-NSLP states.

1129	   The reservation-based PHR installs and maintains one reservation
1130	   state per PHB, in all the nodes located in the communication path.
1131	   This state is identified by the PHB class value and it maintains the
1132	   number of currently reserved resource units (or bandwidth).  Thus,
1133	   the QNE Ingress node signals only the resource units requested by
1134	   each flow.  These resource units, if admitted, are added to the
1135	   currently reserved resources per PHB.

1137	   For each PHB a threshold is maintained that specifies the maximum
1138	   number of resource units that can be reserved. This threshold
1139	   could, for example, be statically configured.

1141	   An example of how the admission control and its maintenance process
1142	   occurs in the interior nodes is described in Section 3 of [CsTa05].
1143	   The simplified concept that is used by the per traffic class
1144	   admission control process in the interior nodes, is based on the
1145	   following equation:
1146	        last + p <= T,
1147	   where p: requested bandwidth rate, T: admission threshold, which
1148	   reflects the maximum traffic volume that can be admitted in the
1149	   traffic class, last: a counter that records the aggregated sum of
1150	   the signaled bandwidth rates of previous admitted flows.

1152	   The per-PHB group reservation states maintained in the interior
1153	   nodes are soft states, which are refreshed by sending periodic
1154	   refresh intra-domain RESERVE messages, which are initiated by the
1155	   Ingress QNEs. If a refresh message corresponding to a number of
1156	   reserved resource units (i.e., bandwidth) is not received, the
1157	   aggregated reservation state is decreased in the next refresh period
1158	   by the corresponding amount of resources that were not refreshed.
1159	   The refresh period can be refined using a sliding window algorithm
1160	   described in [RMD3].

1162	   The reserved resources for a particular flow can also be
1163	   explicitly released from a PHB reservation state by means of a
1164	   intra-domain RESERVE release/tear message, which is generated by the
1165	   Ingress QNEs.

1167	   The usage of explicit release enables the instantaneous release of
1168	   the resources regardless of the length of the refresh period.  This
1169	   allows a longer refresh period, which also reduces the number of
1170	   periodic refresh messages.

1172	   Note that both in case of measurement- and (per-flow and aggregated)
1173	   RMD reservation-based methods,the way of how the maximum bandwidth
1174	   thresholds are maintained is out of the specification of this
1175	   document. However, when admission priorities are supported, the
1176	   Maximum Allocation [RFC4125] or the Russian Dolls [RFC4127] bandwidth
1177	   allocation model MAY be used. In this case three types of priority
1178	   traffic classes within the same PHB, e.g., Expedited Forwarding, can
1179	   be differentiated. These three different priority traffic classes,
1180	   which are associated to the same PHB, are denoted in this document as
1181	   PHB_low_priority, PHB_normal_priority and PHB_high_priority, and are
1182	   identified by the PHB class value and the priority value, which is
1183	   carried in the <Admission Priority> RMD-QSpec parameter.

1185	4.4.  Transport of RMD-QOSM messages

1187	   As mentioned in Section 1, The RMD-QOSM aims to support a number of
1188	   additional requirements, e.g., Minimal Impact on Interior Node
1189	   Performance. Therefore, RMD-QOSM is designed be very lightweight
1190	   signaling with regard to the number of signaling message roundtrips
1191	   and the amount of state established at involved signaling nodes with
1192	   and without reduced state on QNEs. The actions allowed by a QNE
1193	   Interior node are minimal (i.e., only those specified by the RMD-
1194	   QOSM). For example, only the QNE Ingress and the QNE Egress nodes are
1195	   allowed to initiate certain signaling messages. QNE Interior nodes
1196	   are, for example, allowed to modify certain signaling message
1197	   payloads. Moroever, RMD signaling is targeted towards intra-domain
1198	   signaling only. Therefore, RMD-QOSM relies on the security and
1199	   reliability support that is provided by the bound end-to-end session,
1200	   which is running between the boundaries of the RMD domain (i.e., the
1201	   RMD-QOSM QNE edges). This implies the usage of the Datagram Mode."

1203	   Therefore, the intra-domain messages used by the RMD-QOSM are
1204	   intended to operate in the NTLP/GIST Datagram mode (see [GIST]). The
1205	   NSLP functionality available in all RMD-QOSM aware QoS NSLP nodes
1206	   requires from the intra-domain GIST, via the QoS-NSLP RMF API, see
1207	   [QoS-NSLP], to:

1209	   * operate in unreliable mode. This can be satisfied by passing this
1210	     requirement from the QoS-NSLP layer to the GIST layer via the API
1211	     Transfer-Attributes.

1213	   * do not create a message association state. This requirement can be
1214	     satisfied by a local policy, e.g., the QNE is configured to do not
1215	     create a message association state

1217	   * the interior nodes do not create any NTLP routing state.
1218	     This can be satisfied by passing this requirement from the QoS-NSLP
1219	     layer to the GIST layer via the API. However, between the QNE
1220	     Egress and QNE Ingress routing states that are associated with
1221	     intra-domain sessions SHOULD be created that can be used for the
1222	     communication of GIST Data messages sent by a QNE Egress directly
1223	     to a QNE Ingress. This type of routing state associated with an
1224	     intra-domain session can be generated and used in the following
1225	     way:

1227	   * When the QNE Ingress has to send an initial intra-domain RESERVE
1228	     message, the QoS-NSLP sends this message by including in the GIST
1229	     API SendMessage primitive, the Unreliable and No security
1230	     attributes. In order to optimise this procedure, the RMD domain
1231	     MUST be engineered in such a way that GIST will piggyback this NSLP
1232	     message on a GIST QUERY message. Furthermore, GIST sets the C-flag
1233	     (C=1), see [GIST] and uses the Q-mode. The GIST functionality
1234	     in each QNE Interior node will receive the GIST QUERY message and
1235	     by using the RecvMessage GIST API primitive it will pass the intra-
1236	     domain RESERVE message to the QoS-NSLP functionality. At the same
1237	     time the GIST functionality uses the Routing-State-Check boolean
1238	     to find out if the QoS-NSLP needs to create a routing state. The
1239	     QoS-NSLP sets this Boolean to inform GIST to not create a routing
1240	     state and to forward the GIST QUERY further downstream with the
1241	     modified QoS-NSLP payload, which will include the modified intra-
1242	     domain RESERVE message. The intra-domain RESERVE is sent in the
1243	     same way up to the QNE Egress. The QNE Egress needs to create a
1244	     routing state.

1246	     Therefore at the moment that the GIST functionality
1247	     passes the intra-domain RESERVE message, via the GIST RecvMessage
1248	     primitive, to the QoS-NSLP, then at the same time the QoS-NSLP
1249	     sets the Routing-State-Check boolean such that a routing state is
1250	     created. The GIST creates the routing state using normal GIST
1251	     procedures. After this phase the QNE Ingress and QNE Egress have,
1252	     for the particular session, routing states that can route traffic
1253	     directly from QNE Ingress to QNE Egress and from QNE Egress to
1254	     QNE Ingress. The routing state at the QNE Egress can be used by
1255	     the QoS-NSLP and GIST to send an intra-domain RESPONSE or intra-
1256	     domain NOTIFY directly to the QNE Ingress using GIST Data
1257	     messages. Note that this routing state is refreshed using normal
1258	     GIST procedures. Note that in the above description it is
1259	     considered that the QNE Ingress can piggyback the initial RESERVE
1260	     (NSLP) message on the GIST QUERY message. If the piggybacking of
1261	     this NSLP (initial RESERVE) message would not be possible on the
1262	     GIST QUERY message, then the GIST QUERY message sent by the QNE
1263	     Ingress node would not contain any NSLP data. This GIST QUERY
1264	     message would only be processed by the QNE Egress to generate a
1265	     routing state.

1267	     After the QNE Ingress is informed that the routing state at the QNE
1268	     Egress is initiated, it would have to send the initial RESERVE
1269	     message using similar procedures as for the situation that it would
1270	     send an intra-domain RESERVE message that is not an initial
1271	     RESERVE, see next bullet. This procedure is not efficient and
1272	     therefore it is RECOMMENDED that the RMD domain MUST be engineered
1273	     in such a way that the GIST protocol layer, which is processed on a
1274	     QNE Ingress, will piggyback an initial RESERVE (NSLP) message on a
1275	     GIST QUERY message that uses the Q-mode.

1277	   * When the QNE Ingress needs to send an intra-domain RESERVE
1278	     message that is not an initial RESERVE, then the QoS-NSLP sends
1279	     this message by including in the GIST API SendMessage primitive
1280	     the Unreliable and No security attributes. Furthermore the Local
1281	     policy attribute is set such that GIST sends the intra-domain
1282	     RESERVE message in a Q-mode even if there is a routing state at
1283	     the QNE Ingress. In this way the GIST functionality uses its local
1284	     policy to send the intra-domain RESERVE message by piggybacking it
1285	     on a GIST DATA message and sending it in Q-mode even if there is a
1286	     routing state for this session. The intra-domain RESERVE message
1287	     is piggybacked on the GIST DATA message that is forwarded and
1288	     processed by the QNE Interior nodes up to the QNE Egress.

1290	   The transport of the original (end-to-end) RESERVE message is
1291	   accomplished in the following way:
1292	   At the QNE ingress the original (end-to-end) RESERVE message is
1293	   forwarded but ignored by the stateless or reduced-state nodes, see
1294	   Figure 3. The intermediate (interior) nodes are bypassed using
1295	   multiple levels of NSLP-ID values (see [QoS-NSLP]). This is
1296	   accomplished by marking the end-to-end RESERVE message, i.e.,
1297	   modifying the QoS-NSLP default NSLP-ID value to another NSLP-ID
1298	   predefined value.

1300	   The marking MUST be accomplished by the ingress by modifying the
1301	   QoS_NSLP default NSLP-ID value to a NSLP-ID predefined value. In
1302	   This way the egress MUST stop this marking process by reassigning
1303	   the QoS-NSLP default NSLP-ID value to the original (end-to-end)
1304	   RESERVE message. Note that the assignment of these NSLP-ID values is
1305	   a QOS-NSLP issue, which SHOULD be accomplished via IANA [QoS-NSLP].

1307	4.5  Edge discovery and message addressing

1309	   Mainly, the Egress node discovery can be performed either by using
1310	   the GIST discovery mechanism [GIST], manual configuration or any
1311	   other discovery technique.  The addressing of signaling messages
1312	   depends on the used GIST transport mode.  The RMD-QOSM/QoS-NSLP
1313	   signaling messages that are processed only by the Edge nodes use the
1314	   peer-peer addressing of the GIST connection (C) mode.

1316	   RMD-QOSM/QoS-NSLP signaling messages that are processed by all nodes
1317	   of the Diffserv domain, i.e., Edges and Interior nodes, use the end-
1318	   end addressing of the GIST datagram (D) mode. Note that the RMD-QOSM
1319	   cannot directly specify that the GIST connection or the GIST datagram
1320	   mode SHOULD be used. This can only be specified by using, via the
1321	   QoS-NSLP-RMF API, the GIST API Transfer-Attributes, such as
1322	   reliable or unreliable, high or low level of security and by the use
1323	   of local policies. RMD QoS signaling messages that are addressed to
1324	   the data path end nodes are intercepted by the Egress nodes. In
1325	   particular, at the ingress and for downstream intra-domain messages,
1326	   the RMD-QOSM instructs the GIST functionality, via the GIST API to
1327	   use among others:

1329	   * unreliable and low level security Transfer-Attributes
1330	   * do not create a GIST routing state
1331	   * uses the D-mode MRI

1333	   The intra-domain RESERVE messages can then be transported by using
1334	   the Query D-mode, see Section 4.4..

1336	   At the QNE Egress and for upstream intra-domain messages, the RMD-
1337	   QOSM instructs the GIST functionality, via the GIST API to use among
1338	   others:

1340	   *  unreliable and low level of security Transfer-Attributes

1342	   *  The GIST functionality uses the routing state associated with the
1343	      intra-domain session to send an upstream intra-domain message
1344	      directly to the QNE Ingress, see Section 4.4.

1346	4.6.  Operation and sequence of events

1348	4.6.1.  Basic unidirectional operation

1350	   This section describes the basic unidirectional operation and
1351	   sequence of events/triggers of the RMD-QOSM.  The following basic
1352	   operation cases are distinguished:

1354	   * Successful reservation (Section 4.6.1.1),
1355	   * Unsuccessful reservation (Section 4.6.1.2),
1356	   * RMD refresh reservation (Section 4.6.1.3),
1357	   * RMD modification of aggregated reservation (4.6.1.4)
1358	   * RMD release procedure (Section 4.6.1.5.)
1359	   * Severe congestion handling (Section 4.6.1.6.)
1360	   * Admission control using congestion notification based on probing
1361	     (Section 4.6.1.7.).

1363	   The QNEs at the Edges of the RMD domain support the RMD QoS Model and
1364	   end-to-end QoS models, which process the RESERVE message differently.

1366	   Note that the term end-to-end QoS model applies to any QoS model that
1367	   is initiated and terminated outside the RMD-QOSM aware domain.
1368	   However, there might be situations where a QoS model is initiated
1369	   and/or terminated by the QNE Edges and is considered to be an end-to-
1370	   end QoS model. This can occur when the QNE Edges can also operate as
1371	   either QNI or as QNR and at the same time they can operate as either
1372	   sender or receiver of the data path.
1373	   It is important to emphasize that the content of this section is used
1374	   for the specification of the following RMD-QOSM/QoS-NSLP signaling
1375	   schemes, when basic unidirectional operation is assumed:

1377	    * "per flow congestion notification based on probing";

1379	    * "per flow RMD NSIS measurement based admission control",

1381	    * "per flow RMD reservation based" in combination with "severe
1382	      congestion handling by the RMD-QOSM refresh procedure"

1384	    * "per flow RMD reservation based" in combination with "severe
1385	      congestion handling by proportional data packet marking"

1387	    * "per aggregate RMD reservation based" in combination with
1388	      "severe congestion handling by the RMD-QOSM refresh procedure"

1390	    * "per aggregate RMD reservation based" in combination with
1391	      "severe congestion handling by proportional data packet marking"

1393	   For more details, please see Section 3.2.3.

1395	   In particular, the described functionality described in Sections
1396	   4.6.1.1, 4.6.1.2, 4.6.1.3, 4.6.1.5, 4.6.1.4 and 4.6.1.6 applies to
1397	   the RMD reservation-based and to the NSIS measurement-based admission
1398	   control methods. The described functionality in Section 4.6.1.7
1399	   applies to the admission control procedure that uses the congestion
1400	   notification based on probing. The QNE Edge nodes maintain either per
1401	   flow QoS-NSLP operational and reservation states or aggregated QoS-
1402	   NSLP operational and reservation states.

1404	   When the QNE Edges maintain aggregated QoS-NSLP operational and
1405	   reservation states, the RMD-QOSM functionality MAY accomplish a RMD
1406	   modification procedure (see Section 4.6.1.4), instead of the
1407	   reservation initiation procedure that is described in this
1408	   subsection. Note that it is RECOMMENDED that the QNE implementations
1409	   of RMD-QOSM process the QoS-NSLP signaling messages with a higher
1410	   priority than data packets. This can be accomplished as described in
1411	   Section 3.3.4 of [QoS-NSLP] and it can be requested via the QoS-NSLP-
1412	   RMF API described in [QoS-NSLP]. The signalling scenarios described
1413	   in this section are accomplished using the QoS-NSLP processing rules
1414	   defined in [QoS-NSLP], in combination with the RMF triggers sent via
1415	   the QoS-NSLP-RMF API described in [QoS-NSLP].

1417	4.6.1.1.  Successful reservation

1419	   This section describes the operation of the RMD-QOSM where a
1420	   reservation is successfully accomplished.

1422	   The QNI generates the initial RESERVE message, and it is forwarded
1423	   by the NTLP as usual [GIST].

1425	4.6.1.1.1. Operation in Ingress node

1427	   When an end-to-end reservation request (RESERVE) arrives at the
1428	   Ingress node (QNE), see Figure 8, it is processed based on the end-
1429	   to-end QoS model.   Subsequently, the combination:
1430	   <TMOD-1>, <PHB Class>, <Admission Priority> are derived from the
1431	   <QoS Desired> object of the initial QSpec.

1433	   The QNE Ingress MUST maintain information about the smallest MTU that
1434	   is supported on the links within the RMD domain.

1436	   The value of the "Maximum Packet Size-1 (MPS)" value included in the
1437	   end-to-end QoS Model <TMOD-1> parameter is compared with the smallest
1438	   MTU value that is supported by the links within the RMD domain. If
1439	   the "Maximum Packet Size-1 (MPS)" is larger than this smallest MTU
1440	   value within the RMD domain, then the end-to-end reservation request
1441	   is rejected, see Section 4.6.1.1.2. Otherwise, the admission process
1442	   continues.

1444	   The <TMOD-1> parameter contained in the original initiator QSPEC are
1445	   mapped into the equivalent RMD-Qspec <TMOD-1> parameter representing
1446	   only the peak bandwidth in the local RMD-QSpec. This can be
1447	   accomplished by setting the RMD-QSpec <TMOD-1> fields as follows:
1448	   token rate (r) = peak traffic rate (p), the bucket depth (b) = large,
1449	   and the minimum policed unit (m) = large.

1451	   Note that the bucket size, (b], is measured in bytes. Values of this
1452	   Parameter may range from 1 byte to 250 gigabytes, see [RFC2215]. Thus
1453	   the maximum value that (b) could get is in order of 250 gigabytes.
1454	   The minimum policed unit, [m], is an integer measured in bytes and
1455	   must be less than or equal to Maximum Packet Size (MPS). Thus the
1456	   maximum value that (m) can get is (MPS). [Part94] and [TaCh99]
1457	   describe a method of calculating the values of some Token Bucket
1458	   parameters, e.g., calculation of large values of (m) and (b), when
1459	   the token rate (r), peak rate (p) and MPS are known.

1461	   The "Peak Data Rate-1 (p)" value of the end-to-end QoS Model <TMOD-1>
1462	   parameter is copied into the Peak Data Rate-1 (p) value of the Peak
1463	   Data Rate-1 (p)" value of the local RMD-Qspec <TMOD-1>.

1465	   The MPS value of the end-to-end QoS Model <TMOD-1> parameter is
1466	   copied into the MPS value of the local RMD-Qspec <TMOD-1>.

1468	   If the initial QSpec does not contain the <PHB Class> parameter,
1469	   then the selection of the <PHB class> that is carried by the intra-
1470	   domain RMD-QSpec is defined by a local policy similar to the
1471	   procedures discussed in [RFC2998] and [RFC3175].
1472	   For example, in the situation that the initial QSpec is used by
1473	   the IntServ Controlled Load QOSM then the Expedited Forwarding (EF)
1474	   PHB is appropriate to set the <PHB class> parameter carried by the
1475	   intra-domain RMD-QSpec, see [RFC3175].

1477	   If the initial QSpec does not carry the <Admission Priority>
1478	   parameter then the <Admission Priority> parameter in the RMD-QSpec
1479	   will not be populated. If the initial QSpec does not carry the
1480	   <Admission Priority> parameter, but it carries other priority
1481	   parameters, then it is considered that edges as being stateful nodes,
1482	   are able to control the priority of the sessions that are
1483	   entering or leaving the RMD domain in accordance to the priority
1484	   parameters. Note that the RMF reservation states, see Section 4.3, in
1485	   the QNE edges store the value of the <Admission Priority> parameter
1486	   that is used within the RMD domain in case of pre-emption and severe
1487	   congestion situations, see Section 4.6.1.6.
1488	   If the RMD domain supports pre-emption during the admission control
1489	   process, then the QNE Ingress node can support the building
1490	   blocks specified in the [QoS-NSLP] and during the admission
1491	   control process use the example pre-emption handling algorithm
1492	   described in Appendix 4.
1493	   Note that in the above described case, the QNE egress uses, if
1494	   available, the tunnelled initial priority parameters, which can
1495	   be interpreted by the QNE egress.

1497	   If the initial QSpec carries the <Excess Treatment> parameter,
1498	   then the QNE ingress and QNE egress nodes MUST control the excess
1499	   traffic that is entering or leaving the RMD domain in accordance to
1500	   the <Excess Treatment> parameter. Note that the RMD-QSpec does not
1501	   carry the <Excess Treatment> parameter.

1503	   If the requested <TMOD-1> parameter carried by the initial QSpec,
1504	   cannot be satisfied, then an end to end RESPONSE message has to be
1505	   generated. However, in order to decide whether the end-to-end
1506	   reservation request was locally (at the QNE Ingress) satisfied, also
1507	   a local(at the QNE_Ingress) RMD-QoSM admission control procedure has
1508	   to be performed. In other words, the RMD-QOSM functionality has to
1509	   verify whether the value included in the "Peak Data Rate-1 (p)"
1510	   field of RMD-QOSM <TMOD-1> can be reserved and stored in the
1511	   RMD-QOSM reservation states, see Sections 4.6.1.1.2 and 4.3.

1513	   An initial QSpec object MUST be included in the end-to-end
1514	   RESPONSE message. The parameters included in the QSpec <QoS
1515	   Reserved> object are copied from the original <QoS Desired> values.

1517	   The "E" flag associated with the QSPEC <QoS Reserved> object and the
1518	   "E" flag associated with the local RMD-QSpec <TMOD-1> parameter are
1519	   set. In addition, the INFO-SPEC object is included in the end to end
1520	   RESPONSE message. The error code used by this INFO-SPEC is:

1522	   Error severity class: Transient Failure
1523	   Error code value: Reservation failure

1525	   Furthermore, all the other RESPONSE parameters are set according to
1526	   the end-to-end QoS model or according to [QoS-NSLP] and [QSP-T].

1528	   If the request was satisfied locally (see Section 4.3), the Ingress
1529	   QNE node generates two RESERVE messages: one intra-domain and
1530	   one end-to-end RESERVE message. Note however, that when the
1531	   aggregated QOS-NSLP operational and reservation states are used by
1532	   the QNE Ingress, then the generation of the intra-domain RESERVE
1533	   message depends on the availability of the aggregated QoS-NSLP
1534	   operational state. If this aggregated QoS-NSLP operational state is
1535	   available, then the RMD modification of aggregated reservations
1536	   described in section 4.6.1.4. is used.

1538	   It is important to note that when "per flow RMD reservation based"
1539	   scenario is used within the RMD domain, the retransmission within the
1540	   RMD domain SHOULD be disallowed. The reason of this is related to the
1541	   fact that the QNI Interior nodes are not able to differentiate
1542	   between a retransmitted RESERVE message associated with a certain
1543	   session and an initial RESERVE message belonging to another session.
1544	   However, the QNE Ingress have to report a failure situation upstream.
1545	   When the QNE Ingress transmits the (intra-domain or end-to-end)
1546	   RESERVE with RII object set, it waits for a RESPONSE from the QNE
1547	   Egress for a QOSNSLP_REQUEST_RETRY period.

1549	   If the QNE Ingress transmitted an intra-domain or end-to-end RESERVE
1550	   message with the RII object set and it fails to receive the
1551	   associated intra-domain or end-to-end RESPONSE, respectively, after
1552	   the QOSNSLP_REQUEST_RETRY period expires, it considers that the
1553	   reservation failed. In this case the QNE Ingress SHOULD generate an
1554	   end-to-end RESPONSE message that will include among others an
1555	   INFO-SPEC object. The error code used by this INFO-SPEC is:
1556	      Error severity class: Transient Failure
1557	      Error code value: Reservation failure

1559	   Furthermore, all the other RESPONSE parameters are set according to
1560	   the end-to-end QoS model or according to [QoS-NSLP] and [QSP-T].

1562	   Note however, that if the retransmission within the RMD domain is not
1563	   disallowed then the procedure described in Appendix
1564	   A.5 SHOULD be used on QNE Interior nodes, see also [Chan07]. In this
1565	   case the stateful QNE Ingress uses the retransmission procedure
1566	   described in [QoS-NSLP].

1568	   If a rerouting takes place then the stateful QNE
1569	   ingress is following the procedures specified in [QoS-NSLP].

1571	   At this point the intra-domain and end-to-end operational states MUST
1572	   be initiated or modified according to the REQUIRED binding
1573	   procedures.

1575	   The way of how the BOUND_SESSION_IDs are initiated and maintained in
1576	   the intra-domain and end-to-end QoS-NSLP operational states is
1577	   described in Section 4.3.1 and 4.3.2.

1579	   These two messages are bound together in the following way. The end-
1580	   to-end RESERVE SHOULD contain in the BOUND_SESSION_ID the SESSION_ID
1581	   of its bound intra-domain session.

1583	   Furthermore, if the QNE Edge nodes maintain intra-domain per flow
1584	   QoS-NSLP reservation states then the value of Binding_Code MUST be
1585	   set to code "Tunnel and end-to-end sessions", see Section 4.3.2.

1587	   In addition to this then the intra-domain and end-to-end RESERVE
1588	   messages are bound using the Message binding procedure described
1589	   in [QoS-NSLP]. In particular the <MSG_ID> object is included
1590	   in the intra-domain RESERVE message and its bound <BOUND_MSG_ID>
1591	   object is carried by the end-to-end RESERVE message. Furthermore, the
1592	   Message_Binding_Type flag is SET (value is 1), such that the message
1593	   dependency is bi-directional.

1595	   If the QOS-NSLP edges maintain aggregated intra-domain QoS-NSLP
1596	   operational states then the value of Binding_Code MUST be set to code
1597	   "Aggregated sessions".

1599	   Furthermore, in this case the retransmission within the RMD domain
1600	   is allowed and the procedures described in Appendix A.5 SHOULD be
1601	   used on QNE Interior nodes. This is necessary due to the fact that
1602	   when retransmissions are disallowed then the associated with (micro)
1603	   flows belonging to the aggregate will loose their reservations. Note
1604	   that in this case the stateful QNE Ingress uses the retransmission
1605	   procedure described in [QoS-NSLP].

1607	   The intra-domain RESERVE message is associated with the (local NTLP)
1608	   SESSION_ID mentioned above. The selection of the IP source and IP
1609	   destination address of this message depends on how the different
1610	   inter-domain (end-to-end) flows are aggregated by the QNE Ingress
1611	   node (see Section 4.3.1). As described in Section 4.3.1, the QNE
1612	   Edges maintain either per flow, or aggregated QoS-NSLP reservation
1613	   states for the RMD QoS model, which are identified by (local NTLP)
1614	   SESSION_IDs (see [GIST]). Note that this NTLP SESSION ID is a
1615	   different one than the SESSION_ID associated with the end-to-end
1616	   RESERVE message.

1618	   If no QOS-NSLP aggregation procedure at the QNE Edges is supported
1619	   then the IP source and IP destination address of this message MUST be
1620	   equal to the IP Source and IP destination addresses of the data flow.
1621	   The intra-domain RESERVE message is sent using the NTLP datagram
1622	   mode (see Sections 4.4, 4.5). Note that the GIST datagram mode can be
1623	   selected using the unreliable GIST API Transfer-Attributes. In
1624	   addition, the intra-domain RESERVE (RMD-QSpec) message MUST include a
1625	   PHR container (PHR_Resource_Request) and the RMD QOSM <QoS Desired>
1626	   object.

1628	   The end-to-end RESERVE message includes the initial QSpec and it
1629	   is sent towards the Egress QNE.

1631	   Note that after completing the initial discovery phase, the GIST
1632	   connection mode can be used between the QNE Ingress and QNE Egress.
1633	   Note that the GIST connection mode can be selected using the reliable
1634	   GIST API Transfer-Attributes.

1636	   The end-to-end RESERVE message is forwarded using the GIST
1637	   forwarding procedure to bypass the Interior stateless or reduced-
1638	   state QNE nodes, see Figure 8.  The bypassing procedure is
1639	   described in Section 4.4. At the QNE Ingress the end-to-end RESERVE
1640	   message is marked, i.e., modifying the QoS-NSLP default NSLP-ID value
1641	   to another NSLP-ID predefined value that will be used by the GIST
1642	   message carrying the end-to-end RESPONSE message to bypass the QNE
1643	   Interior nodes. Note that the QNE Interior nodes, see [GIST], are
1644	   configured to handle only certain NSLP-Ids, see [QoS-NSLP].

1646	   Furthermore, note that the initial discovery phase and the process of
1647	   sending the end-to-end RESERVE message towards the QNE Egress MAY be
1648	   done simultaneously. This can be accomplished only if the GIST
1649	   implementation is configured to perform that, via e.g., a local
1650	   policy. However, the selection of the discovery procedure cannot be
1651	   selected by the RMD-QOSM.

1653	   The (initial) intra-domain RESERVE message MUST be sent by the QNE
1654	   Ingress and it MUST contain the following values (see QoS-NSLP-RMF
1655	   API described in [QoS-NSLP]):
1656	   *  the value of the <RSN> object is generated and processed as
1657	      described in [QoS-NSLP];

1659	   *  the SCOPING flag MUST NOT be set, meaning that a default
1660	      scoping of the message is used.  Therefore, the QNE Edges MUST
1661	      be configured as RMD boundary nodes and the QNE Interior nodes
1662	      MUST be configured as Interior (intermediary) nodes;

1664	   *  the <RII> MUST be included in this message, see [QoS-NSLP].

1666	   *  The flag REPLACE MUST be set to FALSE = 0;

1668	*  The value of the Message ID value carried by the <MSG_ID> object
1669	   is set according to [QoS-NSLP]. The value of the
1670	   Message_binding_Type is set to "1".

1672	*  the value of the <REFRESH_PERIOD> object MUST be calculated
1673	   and set by the QNE Ingress node as described in Section 4.6.1.3;

1675	*  the value of the <PACKET_CLASSIFIER> object is associated with
1676	   the path-coupled routing MRM, since RMD-QOSM is used with the
1677	   path-coupled MRM. The flag that has to be set is the flag T (traffic
1678	   class) meaning that the packet classification of packets is based on
1679	   the DSCP value included in the IP header of the packets. Note that
1680	   the DSCP value used in the MRI can be derived by the value of <PHB
1681	   class> parameter, which MUST be carried by the intra-domain RESERVE
1682	   message. Note that the QNE Ingress being a QNI for the intra-domain
1683	   session it can pass this value to GIST, via the GIST API.

1685	*  the PHR resource units MUST be included into the
1686	   "Peak Data Rate-1 (p)" field of the local RMD-QSpec <TMOD-1>
1687	   parameter of the "<QoS Desired> object. When the QNE edges use per
1688	   flow intra-domain QoS-NSLP states, then the "Peak Data Rate-1 (p)"
1689	   value included in the initial QSpec <TMOD-1> parameter is copied into
1690	   the "Peak Data Rate-1 (p)" value of the <Bandwdith> parameter.
1691	   When the QNE edges use aggregated intra-domain QoS-NSLP operational
1692	   states, then the "Peak Data Rate-1 (p)" value of the <Bandwdith>
1693	   parameter can be obtained by using the bandwidth aggregation method
1694	   described in Section 4.3.1;

1696	*  the value of the <PHB class> parameter can be defined by using the
1697	   method of copying the <PHB Class> parameter carried by
1698	   the initial QSpec into the <PHB class> carried by the RMD-QSpec,
1699	   which is described above in this subsection.

1701	*  the value of the Container ID field of the PHR container
1702	   MUST be set to 17, (i.e., PHR_Resource_Request;)

1704	*  the value of the <Admitted Hops> parameter in the PHR container
1705	   MUST be set to "1". Note that during a successful reservation each
1706	   time a RMD-QOSM aware node processes the RMD-QSpec, the <Admitted
1707	   Hops> parameter is increased by one.

1709	*  the value of the <Hop_U> parameter in the PHR container MUST be
1710	   set to "0";

1712	*  the value of the <Max Admitted Hops> is set to "0".

1714	*  If the initial QSpec carried an <Admission Priority>
1715	   parameter, then this parameter SHOULD be copied into the RMD-QSpec
1716	   and carried by the (initiating) intra-domain RESERVE.

1718	   Note that for the RMD-QOSM a reservation established without an
1719	   <Admission Priority> parameter is equivalent to a reservation with
1720	   <Admission Priority> value 1.
1721	   Note that in this case each admission priority is associated with
1722	   a priority traffic class. The three priority traffic classes
1723	   (PHB_low_priority, PHB_normal_priority, PHB_high_priority) MAY be
1724	   associated with the same PHB, see Section 4.3.3.

1726	*  In a single RMD domain case the PDR container MAY not be included
1727	   into the message.

1729	   Note that the intra-domain RESERVE message does not carry the
1730	   BOUND_SESSION_ID object. The reason of this is that the end-to-end
1731	   RESERVE carries in the BOUND_SESSION_ID object the SESSION_ID value
1732	   of the intra-domain session.

1734	   When an end-to-end RESPONSE message is received by the QNE
1735	   Ingress node, which was sent by a QNE Egress node see Section
1736	   4.6.1.1.3, then it is processed according to [QoS-NSLP]
1737	   and end-to-end QoS model rules.

1739	   When an intra-domain RESPONSE message is received by the QNE Ingress
1740	   node, which was sent by a QNE Egress see Section 4.6.1.1.3, it uses
1741	   the QoS-NSLP procedures to match it to the earlier sent intra-domain
1742	   RESERVE message. After this phase, the RMD-QSpec has to be identified
1743	   and processed.

1745	   The RMD QoSM reservation has been successful if the <M> bit carried
1746	   by the "PDR Container" is equal to "0" (i.e., not set).

1748	   Furthermore, the INFO_SPEC object is processed as defined in the
1749	   QoS-NSLP specification. In case of successful reservation the
1750	   INFO_SPEC object MUST have the following values:

1752	   * Error Severity Class: Success
1753	   * Error Code value: Reservation successful

1755	   If the end-to-end RESPONSE message has to be forwarded to a
1756	   node outside the RMD-QOSM aware domain then the values of
1757	   the objects contained in this message (i.e., <RII/RSN>, <INFO_SPEC>,
1758	   [QSPEC ]) MUST be set by the QOS-NSLP protocol functions of the QNE.
1759	   If an end-to-end QUERY is received by the QNE Ingress then the same
1760	   bypassing procedure has to be used as the one applied for an end-to-
1761	   end RESERVE message. In particular, it is forwarded using the GIST
1762	   forwarding procedure to bypass the Interior stateless or reduced-
1763	   state QNE nodes.

1765	4.6.1.1.2 Operation in the Interior nodes

1767	   Each QNE Interior node MUST use the QoS-NSLP and RMD-QOSM parameters
1768	   of the intra-domain RESERVE (RMD-QSpec) message as follows (see
1769	   QoS-NSLP-RMF API described in [QoS-NSLP]):

1771	  *   the values of the <RSN>, <RII>, <PACKET_CLASSIFIER>,
1772	      <REFRESH_PERIOD>, objects MUST NOT be changed.
1773	      The interior node is informed by the <PACKET_CLASSIFIER> object
1774	      that the packet classification SHOULD be done on the DSCP value.
1775	      The flag that has to be set in this case is the flag T (traffic
1776	      class). The value of the DSCP value MUST be obtained via the MRI
1777	      parameters that the QoS-NSLP receives from GIST. A QNE Interior
1778	      MUST be able to associate the value carried by the RMD-QSpec <PHB
1779	      class> parameter and the DSCP value obtained via GIST. This is
1780	      REQUIRED, because there are situations that the <PHB class>
1781	      parameter is not carrying a DSCP value, but a "PHB ID code", see
1782	      Section 4.1.1.

1784	   *  The flag REPLACE MUST be set to FALSE = 0;

1786	   *  when the RMD reservation based methods described in Section 4.3.1
1787	      and 4.3.3 are used, the "Peak Data Rate-1 (p)" value of the
1788	      local RMD-QSpec <TMOD-1> parameter is used by the QNE Interior
1789	      node for admission control. Furthermore, if the
1790	      <Admission Priority> parameter is carried by the RMD-QOSM
1791	      <QoS Desired> object, then this parameter is processed as
1792	      described in the following bullets.

1794	   *  in case of the RMD reservation-based procedure, and if these
1795	      resources are admitted (see Section 4.3.1, 4.3.3), they are added
1796	      to the currently reserved resources. Furthermore, the value of the
1797	      <Admitted Hops> parameter in the PHR container has to be increased
1798	      by one.

1800	   *  If the bandwidth allocated for the PHB_high_priority traffic is
1801	      fully utilized, and a high priority request arrives, other
1802	      policies on allocating bandwidth can be used, which are beyond the
1803	      scope of this document.

1805	   *  If the RMD domain supports pre-emption during the admission
1806	      control process, then the QNE Interior node can support the
1807	      building blocks specified in the [QoS-NSLP] and during the
1808	      admission control process use the pre-emption handling algorithm
1809	      specified in Appendix 4.

1811	   *  in case of the RMD measurement based method (see Section 4.3.2),
1812	      and if the requested into the "Peak Data Rate-1 (p)" value of the
1813	      local RMD-QSpec <TMOD-1> parameter is admitted, using a MBAC
1814	      algorithm, then the number of this resources will be used to
1815	      update the MBAC algorithm according to the operation described in
1816	      Section 4.3.2.

1818	4.6.1.1.3 Operation in the Egress node

1820	   When the end-to-end RESERVE message is received by the egress node,
1821	   it is only forwarded further, towards QNR, if the processing of the
1822	   intra-domain RESERVE(RMD-QSpec) message was successful at all nodes
1823	   in the RMD domain. In this case, the QNE Egress MUST stop the marking
1824	   process that was used to bypass the QNE Interior nodes by reassigning
1825	   the QoS-NSLP default NSLP-ID value to the end-to-end RESERVE message,
1826	   see Section 4.4. Furthermore, the carried BOUND_SESSION_ID object
1827	   associated with the intra-domain session MUST be removed after
1828	   processing. Note that the received end to end RESERVE was tunneled
1829	   within the RMD domain. Therefore, the tunnelled initial QSpec
1830	   carried by the end-to-end RESERVE message has to be processed/set
1831	   according to the [QSP-T] specification.

1833	   If a rerouting takes place, then the stateful QNE egress is following
1834	   the procedures specified in [QoS-NSLP].
1835	   At this point the intra-domain and end-to-end operational states MUST
1836	   be initiated or modified according to the REQUIRED binding
1837	   procedures.

1839	   The way of how the BOUND_SESSION_IDs are initiated and maintained in
1840	   the intra-domain and end-to-end QoS-NSLP operational states is
1841	   described in Section 4.3.1 and 4.3.2.

1843	   If the processing of the intra-domain RESERVE(RMD-QSpec) was not
1844	   successful at all nodes in the RMD domain then the inter-domain (end-
1845	   to-end) reservation is considered as being failed. Furthermore, note
1846	   that when the QNE Egress uses per flow intra-domain QoS-NSLP
1847	   operational states, see Sections 4.3.2 and 4.3.3, the QNE Egress
1848	   SHOULD support the message binding procedure described in [QoS-NSLP],
1849	   which can be used to synchronize the arrival of the end to end
1850	   RESERVE and the intra-domain RESERVE (RMD-QSpec) messages, see
1851	   Section 5.7 and QoS-NSLP-RMF API described in [QoS-NSLP]. Note that
1852	   the intra-domain RESERVE message carries the <MSG_ID> object and its
1853	   bound end-to-end RESERVE message carries the <BOUND_MSG_ID> object.
1854	   Both these objects carry the Message_Binding_Type flag set to the
1855	   value of 1. If these two messages do not arrive during the time
1856	   defined by the MsgIDWait timer, then the reservation is considered as
1857	   being failed. Note that the timer has to be pre-configured and it has
1858	   to have the same value in the RMD domain. In this case an end-to-end
1859	   RESPONSE message, see QoS-NSLP-RMF API described in [QoS-NSLP], is
1860	   sent towards the QNE ingress with the following INFO_SPEC values:

1862	   Error Class: Transient Failure
1863	   Error Code: Mismatch synchronization between end-to-end RESERVE
1864	   and intra-domain RESERVE
1865	   When the intra-domain RESERVE(RMD-QSpec) is received by the QNE
1866	   Egress node of the session associated with the intra-domain
1867	   RESERVE(RMD-QSpec) (the PHB session) with the session included in
1868	   its <BOUND_SESSION_ID> object MUST be bound according to the
1869	   specification given in [QoS-NSLP].  The SESSION_ID included
1870	   in the BOUND_SESSION_ID parameter stored in the intra-domain QoS-NSLP
1871	   operational state object is the SESSION_ID of the session associated
1872	   with the end-to-end RESERVE message(s). Note that if the QNE Edge
1873	   nodes maintain per flow intra-domain QoS NSLP operational states then
1874	   the value of Binding_Code = (Tunnel and end-to-end sessions) is used
1875	   If the QNE Edge nodes maintain per aggregated QoS-NSLP intra-domain
1876	   reservation states then the value of Binding_Code = (Aggregated
1877	   sessions), see Sections 4.3.1, 4.3.2.

1879	   If the RMD domain supports pre-emption during the admission control
1880	   process, then the QNE Egress node can support the building
1881	   blocks specified in the [QoS-NSLP] and during the admission
1882	   control process use the example pre-emption handling algorithm
1883	   described in Appendix 4.
1884	   The end-to-end RESERVE message is generated/forwarded further
1885	   upstream according to the [QoS-NSLP] and [QSP-T] specifications.
1886	   Furthermore, the "B" (BREAK) QoS-NSLP flag in the end to end
1887	   RESERVE message MUST NOT be set, see QoS-NSLP-RMF API described in
1888	   QoS-NSLP.

1890	QNE (Ingress)     QNE (Interior)        QNE (Interior)    QNE (Egress)
1891	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
1892	    |                    |                   |                    |
1893	RESERVE                  |                   |                    |
1894	--->|                    |                   |     RESERVE        |
1895	    |------------------------------------------------------------>|
1896	    |RESERVE(RMD-QSpec)  |                   |                    |
1897	    |------------------->|                   |                    |
1898	    |                    |RESERVE(RMD-QSpec) |                    |
1899	    |                    |------------------>|                    |
1900	    |                    |                   | RESERVE(RMD-QSpec) |
1901	    |                    |                   |------------------->|
1902	    |                    |RESPONSE(RMD-QSpec)|                    |
1903	    |<------------------------------------------------------------|
1904	    |                    |                   |                RESERVE
1905	    |                    |                   |                    |-->
1906	    |                    |                   |                RESPONSE
1907	    |                    |                   |                    |<--
1908	    |                    |RESPONSE           |                    |
1909	    |<------------------------------------------------------------|
1910	RESPONSE                 |                   |                    |
1911	<---|                    |                   |                    |

1913	Figure 8: Basic operation of successful reservation procedure used by
1914	          the RMD-QOSM

1916	   The QNE Egress MUST generate an intra-domain RESPONSE (RMD-Qspec)
1917	   message. The intra-domain RESPONSE (RMD-QSpec) message MUST
1918	   be sent to the QNE Ingress node, i.e., the previous stateful hop by
1919	   using the procedures described in Sections 4.4 and 4.5.
1920	   The values of the RMD-QSpec that is carried by the intra-domain
1921	   RESPONSE message MUST be used and/or set in the following way
1922	   (see QoS-NSLP-RMF API described in [QoS-NSLP]):

1924	   *  the RII object carried by the intra-domain RESERVE message, see
1925	      Section 4.6.1.1.1, has to be copied and carried by the
1926	      intra-domain RESPONSE message.

1928	   *  the value of the Container ID field of the PDR container
1929	      MUST be set "23" (i.e., PDR_Reservation_Report);

1931	   *  the value of the <M> field of the PDR container MUST be equal to
1932	      the value of the <M> parameter of the PHR container that was
1933	      carried by its associated intra-domain RESERVE(RMD-QSpec)
1934	      message. This is REQUIRED since the value of the <M> parameter is
1935	      used to indicate the status if the RMD reservation request to the
1936	      Ingress edge.

1938	   If the binding between the intra-domain session and the end-to-end
1939	   session uses a Binding_Code is (Aggregated sessions), and there is no
1940	   aggregated QoS-NSLP operational state associated with the intra-
1941	   domain session available, then the RMD
1942	   modification of aggregated reservation procedure described in Section
1943	   4.6.1.4. can be used.

1945	   If the QNE Egress receives an end-to-end RESPONSE message, it is
1946	   processed and forwarded towards the QNE Ingress. In particular, the
1947	   non-default values of the objects contained in the end-to-end
1948	   RESPONSE message MUST be used and/or set by the QNE Egress as
1949	   follows (see QoS-NSLP-RMF API described in [QoS-NSLP]):

1951	   * the values of the <RII/RSN>, <INFO_SPEC>, [ QSPEC ] objects are
1952	     set according to [QoS-NSLP] and/or [QSP-T]. The INFO_SPEC object
1953	     SHOULD be set by the QoS-NSLP functionality. In case of successful
1954	     reservation the INFO_SPEC object SHOULD have the following values:
1955	     Error Severity Class: Success,
1956	     Error Code value: Reservation successful,

1958	   * Furthermore, an initial QSpec object MUST be included in the
1959	     end-to-end RESPONSE message. The parameters included in the QSPEC
1960	    <QoS Reserved> object are copied from the original <QoS Desired>
1961	     values.

1963	   The end-to-end RESPONSE message are delivered as normal, i.e.,
1964	   is addressed and sent to its upstream QoS-NSLP neighbor, i.e., QNE
1965	   Ingress node.

1967	   Note that if a QNE Egress receives an end-to-end QUERY that was
1968	   bypassed through the RMD domain, it MUST stop the marking
1969	   process that was used to bypass the QNE Interior nodes. This can be
1970	   done by reassigning the QoS-NSLP default NSLP-ID value to the end-to-
1971	   end QUERY message, see Section 4.4.

1973	4.6.1.2.  Unsuccessful reservation

1975	   This section describes the operation where a request for reservation
1976	   cannot be satisfied by the RMD-QOSM.

1978	   The QNE Ingress, the QNE Interior and QNE Egress nodes process and
1979	   forward the end-to-end RESERVE message and the intra-domain
1980	   RESERVE(RMD-QSpec) message in a similar way as specified in Section
1981	   4.6.1.1.  The main difference between the unsuccessful operation and
1982	   successful operation is that one of the QNE nodes does not admit the
1983	   request due to e.g., lack of resources.  This also means that the QNE
1984	   edge node MUST NOT forward the end-to-end RESERVE message towards the
1985	   QNR node.

1987	   Note that the described functionality applies to the RMD reservation-
1988	   based methods, see Sections 4.3.1, 4.3.2, and to the NSIS
1989	   measurement-based admission control method, see Section 4.3.2.
1990	   The QNE Edge nodes maintain either per flow QoS-NSLP reservation
1991	   states or aggregated QoS-NSLP reservation states. When the QNE edges
1992	   maintain aggregated QoS-NSLP reservation states, the RMD-QOSM
1993	   functionality MAY accomplish a RMD modification procedure (see
1994	   Section 4.6.1.4.), instead of the reservation initiation procedure
1995	   that is described in this subsection.

1997	4.6.1.2.1 Operation in the Ingress nodes

1999	   When an end-to-end RESERVE message arrives at the QNE Ingress and
2000	   if: (1) the "Maximum Packet Size-1 (MPS)" included in the end-to-end
2001	   QoS Model <TMOD-1> is larger than this smallest MTU value within the
2002	   RMD domain, or (2) there are no resources available, the QNE Ingress
2003	   MUST reject this end-to-end RESERVE message and send an end-to-end
2004	   RESPONSE message back to the sender, as described in the QoS-NSLP
2005	   specification, see [QoS-NSLP] and [QSP-T].

2007	   When an end-to-end RESPONSE message is received by an Ingress
2008	   node, see Section 4.6.1.2.3, the values of the <RII/RSN>,
2009	   [<INFO_SPEC> ], [<QSPEC>] objects are processed according to the QoS-
2010	   NSLP procedures.

2012	   If the end-to-end RESPONSE message has to be forwarded upstream to a
2013	   node outside the RMD-QOSM aware domain then the values of
2014	   the objects contained in this message (i.e., <RII/RSN>, <INFO_SPEC>,
2015	   [ QSPEC ]) MUST be set by the QOS-NSLP protocol functions of the QNE.

2017	   When an intra-domain RESPONSE message is received by the QNE Ingress
2018	   node, which was sent by a QNE Egress, see Section 4.6.1.2.3, it uses
2019	   the QoS-NSLP procedures to match it to the earlier sent intra-domain
2020	   RESERVE message. After this phase, the RMD-QSpec has to be identified
2021	   and processed. Note that in this case the RMD Resource Management
2022	   Function (RMF) is notified that the reservation has been
2023	   unsuccessful, by reading the <M> parameter of the PDR container.
2024	   Note that when the QNE edges maintain a per flow QoS-NSLP reservation
2025	   state the RMD-QOSM functionality, has to start an RMD release
2026	   procedure (see Section 4.6.1.5). When the QNE edges maintain
2027	   aggregated QoS-NSLP reservation states the RMD-QOSM functionality MAY
2028	   start a RMD modification procedures (see Section 4.6.1.4.).

2030	4.6.1.2.2 Operation in the Interior nodes

2032	   In case of the RMD reservation based scenario, and if the
2033	   intra-domain reservation request is not admitted by the QNE Interior
2034	   node then the <Hop_U> and <M> parameters of the PHR container MUST be
2035	   set to "1".  The <Admitted Hops> counter MUST NOT be increased.
2036	   Moreover, the value of the <Max Admitted Hops> MUST be set equal to
2037	   the <Admitted Hops> value.
2038	   Furthermore, the "E" flag associated with the QSpec <QoS Desired>
2039	   object and the "E" flag associated with the local RMD-QSpec <TMOD-1>
2040	   parameter SHOULD be set. In case of the RMD measurement based
2041	   scenario, the <M> parameter of the PHR container MUST be set to "1".
2042	   Furthermore, the "E" flag associated with the QSpec <QoS Desired>
2043	   object and the "E" flag associated with the local RMD-QSpec <TMOD-1>
2044	   parameter SHOULD be set. Note that the <M> flag seems to be set in a
2045	   similar way as the "E" flag used by the local RMD-QSpec <TMOD-1>
2046	   parameter. However, the ways of how the two flags are processed by a
2047	   QNE are different.

2049	   In general, if a QNE Interior node receives a RMD-QSpec <TMOD-1>
2050	   parameter with the "E" flag set and a PHR container type
2051	   "PHR_Resource_Request", with the <M> parameter set to "1" , then this
2052	   "PHR Container" and the RMD-QOSM <QoS Desired> object) MUST NOT be
2053	   processed. Furthermore, when the <K> parameter that is included in
2054	   the "PHR Container" and carried by a RESERVE message is set to "1",
2055	   then this "PHR Container" and the RMD-QOSM <QoS Desired> object) MUST
2056	   NOT be processed.

2058	4.6.1.2.3 Operation in the Egress nodes

2060	   In the RMD reservation based, see Sections 4.3.3, and the RMD NSIS
2061	   measurement based scenario, see Section 4.3.2, when the <M> marked
2062	   intra-domain RESERVE(RMD-QSpec) is received by the QNE Egress node
2063	   (see Figure 9) the session associated with the intra-domain
2064	   RESERVE(RMD-QSpec) (the PHB session) and the end-to-end session MUST
2065	   be bound.

2067	   When the QNE Egress uses per flow intra-domain QoS-NSLP operational
2068	   states, see Section 4.3.2 and 4.3.3, then the QNE Egress node MUST
2069	   generate an end-to-end RESPONSE message that has to be sent to its
2070	   previous stateful QoS-NSLP hop (see QoS-NSLP-RMF API described in
2071	   [QoS-NSLP]).

2073	   *  the values of the <RII/RSN>, <INFO_SPEC> objects are set
2074	      by the standard QoS-NSLP protocol functions. In case of the
2075	      unsuccessful reservation the INFO_SPEC object SHOULD have the
2076	      following values:
2077	      Error Severity Class: Transient Failure
2078	      Error Code value: Reservation failure

2080	   The QSpec that was carried by the end to end RESERVE belonging to the
2081	   same session as this end-to-end RESPONSE is included in this message.

2083	   In particular, the parameters included in the QSpec <QoS Reserved>
2084	   object of the end-to-end RESPONSE message are copied
2085	   from the initial <QoS Desired> values included in its associated
2086	   end-to-end RESERVE message. The "E" flag associated with
2087	   the QSpec <QoS Reserved> object and the "E" flag associated with the
2088	   <TMOD-1> parameter included in the end-to-end RESPONSE are set.

2090	QNE (Ingress)    QNE (Interior)       QNE (Interior)      QNE (Egress)
2091	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
2092	    |                    |                   |                    |
2093	RESERVE                  |                   |                    |
2094	--->|                    |                   |     RESERVE        |
2095	    |------------------------------------------------------------>|
2096	    |RESERVE(RMD-QSpec:M=0)                  |                    |
2097	    |------------------->|                   |                    |
2098	    |                    |RESERVE(RMD-QSpec:M =1)                 |
2099	    |                    |------------------>|                    |
2100	    |                    |                   | RESERVE(RMD-QSpec:M=1)
2101	    |                    |                   |------------------->|
2102	    |                    |RESPONSE(RMD-QOSM) |                    |
2103	    |<------------------------------------------------------------|
2104	    |                    |RESPONSE           |                    |
2105	    |<------------------------------------------------------------|
2106	RESPONSE                 |                   |                    |
2107	<---|                    |                   |                    |
2108	RESERVE(RMD-QSpec: Tear=1, M=1, <Admitted Hops>=<Max Admitted Hops>
2109	    |------------------->|                   |                    |
2110	                         |RESERVE(RMD-QSpec: Tear=1, M=1, K=1)    |
2111	    |                    |------------------>|                    |
2112	                         |    RESERVE(RMD-QSpec: Tear=1, M=1, K=1)|
2113	    |                    |                   |------------------->|

2115	Figure 9: Basic operation during unsuccessful reservation
2116	          initiation used by the RMD-QOSM

2118	   In addition to the above, similarly to the successful operation,
2119	   see Section 4.6.1.1.3, the QNE Egress MUST generate an intra-domain
2120	   RESPONSE message that has to be sent to its previous stateful QoS-
2121	   NSLP hop. The values of the <RII/RSN>, <INFO_SPEC> objects are set by
2122	   the standard QoS-NSLP protocol functions. In case of the unsuccessful
2123	   reservation the INFO_SPEC object SHOULD have the following values
2124	   (see QoS-NSLP-RMF API described in [QoS-NSLP]):

2126	      Error Severity Class: Transient Failure
2127	      Error Code value: Reservation failure

2129	   The values of the RMD-QSpec MUST be used and/or set
2130	   in the following way (see QoS-NSLP-RMF API described in [QoS-NSLP]):

2132	   *  the value of the <PDR Control Type> of the PDR container MUST be
2133	      set to "23" (PDR_Reservation_Report);

2135	   *  the value of the <Max Admitted Hops> parameter of the PHR
2136	       container included in the received <M> marked intra-domain
2137	      RESERVE (RMD-QSpec)  MUST be included
2138	      in the <Max Admitted Hops> parameter of the PDR container;

2140	   *  the value of the <M> parameter of the PDR container MUST be "1".

2142	4.6.1.3 RMD refresh reservation

2144	   In case of RMD measurement-based method, see Section 4.3.2, QoS-NSLP
2145	   reservation states in the RMD domain are typically not maintained,
2146	   therefore, this method typically does not use an intra-domain refresh
2147	   procedure. However, there are measurement based optimization schemes,
2148	   see [GrTs03], which MAY use the refresh procedures described in
2149	   Sections 4.6.1.3.1, and 4.6.1.3.3. However, this measurement based
2150	   optimization schemes can only be applied in the RMD domain if the QNE
2151	   edges are configured to perform intra-domain refresh procedures and
2152	   if all the QNE interior nodes are configured to perform the
2153	   measurement based optimization schemes. In the description given in
2154	   this subsection it is assumed that the RMD measurement based scheme
2155	   does not use the refresh procedures.

2157	   When the QNE edges maintain aggregated or per flow QoS-NSLP
2158	   operational and reservation states, see Sections 4.3.1 and 4.3.3,
2159	   then the refresh procedures are very similar. If the RESERVE messages
2160	   arrive within the soft state time-out period, the corresponding
2161	   number of resource units are not removed. However, the transmission
2162	   of the intra-domain and end-to-end (refresh) RESERVE message are not
2163	   necessarily synchronized. Furthermore, the generation of the end-to-
2164	   end RESERVE message, by the QNE edges, depends on the locally
2165	   maintained refreshed interval (see [QoS-NSLP]).

2167	4.6.1.3.1 Operation in the Ingress node

2169	   The Ingress node MUST be able to generate an intra-domain (refresh)
2170	   RESERVE(RMD-QSpec) at any time defined by the refresh period/timer.
2171	   Before generating this message, the RMD QoS signaling model
2172	   functionality is using the RMD traffic class (PHR) resource units for
2173	   refreshing the RMD traffic class state.

2175	   Note that the RMD traffic class refresh periods MUST be equal in
2176	   all QNE edge and QNE Interior nodes and SHOULD be smaller (default:
2177	   more than two times smaller) than the refresh period at the QNE
2178	   Ingress node used by the end-to-end RESERVE message. The intra-domain
2179	   RESERVE (RMD-QSpec) message MUST include a RMD-QOSM <QoS Desired> and
2180	   a PHR container (i.e., PHR_Refresh_Update).

2182	   An example of this refresh operation can be seen in Figure 10.

2184	QNE (Ingress)    QNE (Interior)        QNE (Interior)    QNE (Egress)
2185	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
2186	    |                    |                   |                    |
2187	    |RESERVE(RMD-QSpec)  |                   |                    |
2188	    |------------------->|                   |                    |
2189	    |                    |RESERVE(RMD-QSpec) |                    |
2190	    |                    |------------------>|                    |
2191	    |                    |                   | RESERVE(RMD-QSpec) |
2192	    |                    |                   |------------------->|
2193	    |                    |                   |                    |
2194	    |                    |RESPONSE(RMD-QSpec)|                    |
2195	    |<------------------------------------------------------------|
2196	    |                    |                   |                    |

2198	   Figure 10: Basic operation of RMD specific refresh procedure

2200	   Most of the non-default values of the objects contained in this
2201	   message MUST be used and set by the QNE Ingress in the same
2202	   way as described in Section 4.6.1.1.  The following objects are
2203	   used and/or set differently:

2205	  *  the PHR resource units MUST be included into the
2206	     "Peak Data Rate-1 (p)" field of the local RMD-QSpec <TMOD-1>
2207	     parameter. The "Peak Data Rate-1 (p)" field value of the local RMD-
2208	     QSpec <TMOD-1>  parameter depends on how the different inter domain
2209	     (end-to-end) flows are aggregated by the QNE Ingress node (e.g.,
2210	     the sum of all the PHR requested resources of the aggregated
2211	     flows), see Section 4.3.1. If no QOS-NSLP aggregation is
2212	     accomplished by the QNE Ingress node, the "Peak Data Rate-1 (p)"
2213	     value of the local RMD-QSpec <TMOD-1> parameter SHOULD be equal to
2214	     the "Peak Data Rate-1 (p)" value of the local RMD-QSpec <TMOD-1>
2215	     parameter of its associated new (initial) intra-domain RESERVE
2216	     (RMD-QSpec) message, see Section 4.3.3.;

2218	   *  the value of the Container field of the "PHR Container"
2219	       MUST be set to "18", i.e., "PHR_Refresh_Update";

2221	   When the intra-domain RESPONSE (RMD-QSpec) message, see Section
2222	   4.6.1.3.3., is received by the QNE Ingress node, then:

2224	   *  the values of the <RII/RSN>, <INFO_SPEC>, [QSP-T] objects are
2225	      processed by the standard QoS-NSLP protocol functions (see Section
2226	      4.6.1.1.);

2228	   *  the "PDR Container" has to be processed by the RMD-QOSM
2229	      functionality in the QNE Ingress node.  The RMD-QOSM functionality
2230	      is notified by the <PDR M> parameter of the PDR container
2231	      that the refresh procedure has been successful or unsuccessful.
2232	      All session(s) (when aggregated QoS-NSLP operational and
2233	      reservation states are used, see Section 4.3.1, there will be more
2234	      than one sessions) associated with this RMD specific refresh
2235	      session MUST be informed about the success or failure of the
2236	      refresh procedure.  In case of failure, the QNE Ingress node has
2237	      to generate (in a standard QoS-NSLP way) an error end-to-end
2238	      RESPONSE message that will be sent towards QNI.

2240	4.6.1.3.2 Operation in the Interior node

2242	   The intra-domain RESERVE (RMD-QSpec) message is received and
2243	   processed by the QNE Interior nodes.  Any QNE edge or QNE Interior
2244	   node that receives a "PHR_Refresh_Update" field
2245	   MUST identify the traffic class state (PHB) (using the
2246	   <PHB Class> parameter).  Most of the parameters in this refresh
2247	   intra-domain RESERVE (RMD-QSpec) message MUST be used and/or set by
2248	   a QNE Interior node in the same way as described in Section 4.6.1.1.

2250	   The following objects are used and/or set differently:

2252	   * the "Peak Data Rate-1 (p)" value of the local RMD-QSpec <TMOD-1>
2253	     parameter of the RMD-QOSM <QoS Desired> is used by the QNE Interior
2254	     node for refreshing the RMD traffic class state. These resources
2255	     (included in the "Peak Data Rate-1 (p)" value of local RMD-QSpec
2256	     <TMOD-1>), if reserved, are added to the currently reserved
2257	     resources per PHB and therefore they will become a part of the per
2258	     traffic class (per-PHB) reservation state, see Sections 4.3.1 and
2259	     4.3.3. If the refresh procedure cannot be fulfilled then the <M>
2260	     and <S> fields carried by the PHR container MUST be set to "1".

2262	   * Furthermore, the "E" flag associated with <QoS Desired> object and
2263	     the "E" flag associated with the local RMD-QSpec <TMOD-1>
2264	     parameter SHOULD be set.

2266	   Any PHR container of type "PHR_Refresh_Update", and its associated
2267	   local RMD-QSpec <TMOD-1>, whether it is marked or not and independent
2268	   of the "E" flag value of the local RMD-QSpec <TMOD-1> parameter, is
2269	   always processed, but marked bits are not changed.

2271	4.6.1.3.3 Operation in the Egress node

2273	   The intra-domain RESERVE(RMD-QSpec) message is received and
2274	   processed by the QNE Egress node.  A new intra-domain RESPONSE
2275	   (RMD-QSpec) message is generated by the QNE Egress node and MUST
2276	   include a PDR (type PDR_Refresh_Report).

2278	   The (refresh) intra-domain RESPONSE (RMD-QSpec) message MUST be sent
2279	   to the QNE Ingress node, i.e., the previous stateful hop. The
2280	   (refresh) intra-domain RESPONSE (RMD-QSpec) message MUST be
2281	   explicitly routed to the QNE Ingress node, i.e., the previous
2282	   stateful hop, using the procedures described in Section 4.5.

2284	   *  the values of the <RII/RSN>, <INFO_SPEC> objects are set
2285	     by the standard QoS-NSLP protocol functions, see [QoS-NSLP].

2287	   * The value of the <PDR Control Type> parameter of the PDR container
2288	     MUST be set "24" (i.e. PDR_Refresh_Report).
2289	     In case of successful reservation the INFO_SPEC object SHOULD
2290	     have the following values:
2291	     Error Severity Class: Success
2292	     Error Code value: Reservation successful

2294	   * In case of unsuccessful reservation the INFO_SPEC object SHOULD
2295	     have the following values:
2296	     Error Severity Class: Transient Failure
2297	     Error Code value: Reservation failure

2299	   The RMD-QSpec that was carried by the intra-domain RESERVE
2300	   belonging to the same session as this intra-domain RESPONSE is
2301	   included in the intra-domain RESPONSE message. The parameters
2302	   included in the QSPec <QoS Reserved> object are copied from the
2303	   original <QoS Desired> values. If the reservation is unsuccessful
2304	   then "E" flag associated with the QSpec <QoS Reserved> object and the
2305	   "E" flag associated with the local RMD-QSpec <TMOD-1> parameter are
2306	   set. Furthermore, the <M> and <S> PDR Container bits are set to "1".

2308	4.6.1.4.  RMD modification of aggregated reservations

2310	   In the case when the QNE edges maintain QoS-NSLP aggregated
2311	   operational and reservation states and the aggregated reservation has
2312	   to be modified (see Section 4.3.1) the following procedure is
2313	   applied:

2315	   * When the modification request requires an increase of the reserved
2316	     resources, the QNE Ingress node MUST include the corresponding
2317	     value into the "Peak Data Rate-1 (p)" value of the local RMD-QSpec
2318	     <TMOD-1> parameter of the RMD-QOSM <QoS Desired> which is sent
2319	     together with a "PHR_Resource_Request" control information.  If a
2320	     QNE edge or QNE Interior node is not able to reserve the number of
2321	     requested resources, the "PHR_Resource_Request" that is associated
2322	     with the local RMD-QSpec <TMOD-1> parameter MUST be <M> marked,
2323	     i.e., the <M> bit is set to the value of "1".  In this situation
2324	     the RMD specific operation for unsuccessful reservation will be
2325	     applied (see Section 4.6.1.2).

2327	   * When the modification request requires a decrease of the
2328	     reserved resources, the QNE Ingress node MUST include this value
2329	     into the "Peak Data Rate-1 (p)" value of the local RMD-QSpec
2330	     <TMOD-1>  parameter of the RMD-QOSM <QoS Desired>. Subsequently an
2331	     RMD release procedure SHOULD be accomplished (see Section 4.6.1.5).
2332	     Note that if the complete bandwidth associated with the aggregated
2333	     reservation maintained at the QNE ingress does not have to be
2334	     released then the TEAR flag MUST be set to OFF. This is because the
2335	     NSLP operational states associated with the aggregated reservation
2336	     states at the edge QNEs MUST NOT be turned off. However, if the
2337	     complete bandwidth associated with the aggregated reservation
2338	     maintained at the QNE ingress has to be released, then the TEAR
2339	     flag MUST be set to ON.

2341	4.6.1.5  RMD release procedure

2343	   This procedure is applied to all RMD mechanisms that maintain
2344	   reservation states. If a refresh RESERVE message does not arrive at a
2345	   QNE Interior node within the refresh time-out period then the
2346	   bandwidth requested by this refresh RESERVE message is not updated.
2347	   This will mean that the reserved bandwidth associated with the
2348	   reduced state is decreased in the next refresh period by the amount
2349	   of the corresponding bandwidth that has not been refreshed, see
2350	   section 4.3.3. This soft state
2351	   behavior provides certain robustness for the system ensuring that
2352	   unused resources are not reserved for long time.  Resources can be
2353	   removed by an explicit release at any time. However, in the situation
2354	   that an end-to-end (tear) RESERVE is retransmitted, see Section 5.2.4
2355	   in [QoS-NSLP], then this message MUST NOT initiate an intra-domain
2356	   (tear) RESERVE message. This is because the amount bandwidth within
2357	    the RMD domain associated with the (tear) end-to-end RESERVE has
2358	    already been released and therefore, this amount of bandwidth within
2359	    the RMD domain MUST NOT once again be released.

2361	   When the RMD-RMF of a QNE edge or QNE Interior node processes a
2362	   "PHR_Release_Request"  PHR container it MUST identify the
2363	   <PHB Class> parameter and estimate the time period that elapsed
2364	   after the previous refresh, see also Section 3 of [CsTa05].

2366	   This MAY be done by indicating the time lag, say "T_lag", between the
2367	   last sent "PHR_Refresh_Update" and the "PHR_Release_Request" control
2368	   information container by the QNE Ingress node, see [RMD1] and
2369	   [CsTa05] for more details.  The value of "T_Lag"
2370	   is first normalized to the length of the refresh period, say
2371	   "T_period".  The ratio between the "T_Lag" and the length of the
2372	   refresh period, "T_period", is calculated.  This ratio is then
2373	   introduced into the <Time Lag> field of the "PHR_Release_Request".

2375	   When a node (QNE Egress or QNE Interior) receives the
2376	   "PHR_Release_Request" PHR container, it MUST store the arrival
2377	   time.  Then it MUST calculate the time difference, "Tdiff", between
2378	   the arrival time and the start of the current refresh period,
2379	   "T_period".  Furthermore, this node MUST derive the value of the
2380	   "T_Lag", from the <Time Lag> parameter. "T_Lag" can be found by
2381	   multiplying the value included in the <Time Lag> parameter with the
2382	   length of the refresh period, "T_period". If the derived time lag,
2383	   "T_lag", is smaller than the calculated time difference, "T_diff",
2384	   then this node MUST decrease the PHB reservation state with the
2385	   number of resource units indicated in the "Peak Data Rate-1 (p)"
2386	   field of the local RMD-QSpec <TMOD-1> parameter of the RMD-QOSM <QoS
2387	   Desired> that has been sent together with the "PHR_Release_Request"
2388	   "PHR Container", but not below zero.

2390	   An RMD specific release procedure can be triggered by an end-to-end
2391	   RESERVE with a TEAR flag set ON (see Section 4.6.1.5.1) or it can be
2392	   triggered by either an intra-domain RESPONSE, an end-to-end RESPONSE
2393	    or an end-to-end NOTIFY message that includes a marked (i.e., PDR
2394	   <M> and/or PDR <S> parameters are set ON) "PDR_Reservation_Report" or
2395	   "PDR_Congestion_Report" and/or an INFO_SPEC object.

2397	4.6.1.5.1.  Triggered by a RESERVE message

2399	   This RMD explicit release procedure can be triggered by a tear (TEAR
2400	   flag set ON) end-to-end RESERVE message. When a tear (TEAR flag
2401	   set ON) end-to-end RESERVE message arrives to the QNE Ingress
2402	   then the QNE Ingress node SHOULD process the message in a standard
2403	   QoS-NSLP way (see [QoS-NSLP]). In addition to this, the RMD RMF
2404	   is notified, as specified in [QoS-NSLP].

2406	   Same as for the scenario described in Section 4.6.1.1., a bypassing
2407	   procedure has to be initiated by the QNE Ingress node. The bypassing
2408	   procedure is performed according to the description given in Section
2409	   4.4. At the QNE Ingress the end-to-end RESERVE message is marked,
2410	   i.e., modifying the QoS-NSLP default NSLP-ID value to another NSLP-ID
2411	   predefined value that will be used by the GIST message that carries
2412	   the end-to-end RESERVE message to bypass the QNE Interior nodes.

2414	   Before generating an intra-domain tear RESERVE, the RMD-QOSM has to
2415	   release the requested RMD-QOSM bandwidth from the RMD traffic class
2416	   state maintained at the QNE Ingress.

2418	   This can be achieved by identifying the traffic class (PHB) and then
2419	   subtracting the amount of RMD traffic class requested resources,
2420	   included in the "Peak Data Rate-1 (p)" field of the local RMD-QSpec
2421	   <TMOD-1> parameter, from the total reserved amount of resources
2422	   stored in the RMD traffic class state. The <Time Lag> is used as
2423	   explained in the introductory part of Section 4.6.1.5.

2425	QNE (Ingress)     QNE (Interior)       QNE (Interior)    QNE (Egress)
2426	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
2427	    |                    |                   |                    |
2428	RESERVE                  |                   |                    |
2429	--->|                    |                   |     RESERVE        |
2430	    |------------------------------------------------------------>|
2431	    |RESERVE(RMD-QSpec:Tear=1)               |                    |
2432	    |------------------->|                   |                    |
2433	    |                    |RESERVE(RMD-QSpec:Tear=1)               |
2434	    |                    |------------------->|                   |
2435	    |                    |                 RESERVE(RMD-QSpec:Tear=1)
2436	    |                    |                   |------------------->|
2437	    |                    |                   |                RESERVE
2438	    |                    |                   |                    |-->

2440	   Figure 11: Explicit release triggered by RESERVE used by the RMD-QOSM

2442	   After that the REQUIRED bandwidth is released from the RMD-QOSM
2443	   traffic class state at the QNE Ingress, an intra-domain RESERVE (RMD-
2444	   QOSM) message has to be generated. The intra-domain RESERVE (RMD-
2445	   QSpec) message MUST include a "RMD QoS object combination" field and
2446	   a PHR container, (i.e., "PHR_Resource_Release") and it MAY include a
2447	   PDR container, (i.e., PDR_Release_Request). An example of this
2448	   operation can be seen in Figure 11.

2450	   Most of the non default values of the objects contained in the
2451	   tear intra-domain RESERVE message are set by the QNE Ingress node in
2452	   the same way as described in Section 4.6.1.1.  The following objects
2453	   are set differently (see QoS-NSLP-RMF API described in [QoS-NSLP]):

2455	   *  The <RII> object MUST NOT be included in this message.  This is
2456	      because the QNE Ingress node does not need to receive a
2457	      response from the QNE Egress node;

2459	   *  If the release procedure is not applied for the RMD modification
2460	      of aggregated reservation procedure, see Section 4.6.1.4, then
2461	      the TEAR flag MUST be set to ON;

2463	   *  the PHR resource units MUST be included into the "Peak Data Rate-1
2464	      (p)" value of the local RMD-QSpec <TMOD-1> parameter of the RMD-
2465	      QOSM <QoS Desired>;

2467	   *  the value of the <Admitted Hops> parameter MUST be set to "1";
2468	   *  the value of the <Time Lag> parameter of the PHR container is
2469	      calculated by the RMD-QOSM functionality (see 4.6.1.5) the value
2470	      of the <Control Type> parameter of PHR container is set to "20"
2471	      (i.e., PHR_Resource_Release).

2473	   Any QNE Interior node that receives the combination of the RMD-
2474	   QOSM <Qos Desired> object and the "PHR_Resource_Release" control
2475	   information container  MUST identify the traffic class (PHB)
2476	   and release the requested resources included in the "Peak Data Rate-1
2477	   (p)" value of the local RMD-QSpec <TMOD-1> parameter. This can be
2478	   achieved by subtracting the amount of RMD traffic class requested
2479	   resources, included in the "Peak Data Rate-1 (p)" field of the local
2480	   RMD-QSpec <TMOD-1> parameter, from the total reserved amount of
2481	   resources stored in the RMD traffic class state.  The value of the
2482	   <Time Lag> parameter of the "PHR_Resource_Release" container is used
2483	   during the release procedure as explained in the introductory part of
2484	   Section 4.6.1.5.

2486	   The intra-domain tear RESERVE (RMD-QSpec) message is received and
2487	   processed by the QNE Egress node.  The RMD-QOSM <QoS Desired>) and
2488	   the "PHR RMD-QOSM control" container (and if available the "PDR
2489	   Container") are read and processed by the RMD QoS node.

2491	   The value of the "Peak Data Rate-1 (p)" field of the local RMD-QSpec
2492	   <TMOD-1> parameter of the RMD-QOSM <QoS Desired> and the value of the
2493	   <Time Lag> field of the PHR container MUST be used by the RMD release
2494	   procedure.  This can be achieved by subtracting the amount of RMD
2495	   traffic class requested resources, included in the "Peak Data Rate-1
2496	   (p)" field value of the local RMD-QSpec <TMOD-1> parameter, from the
2497	   total reserved amount of resources stored in the RMD traffic class
2498	   state.

2500	   The end-to-end RESERVE message is forwarded by the next hop (i.e.,
2501	   the QNE Egress) only if the intra-domain tear RESERVE (RMD-QSpec)
2502	   message arrives at the QNE Egress node. Furthermore, the QNE Egress
2503	   MUST stop the marking process that was used to bypass the QNE
2504	   Interior nodes by reassigning the QoS-NSLP default NSLP-ID value to
2505	   the end-to-end RESERVE message, see Section 4.4.
2506	   Note that when the QNE edges maintain aggregated QoS-NSLP reservation
2507	   states the RMD-QOSM functionality MAY start a RMD modification
2508	   procedures (see Section 4.6.1.4.) that uses the explicit release
2509	   procedure described above, in this subsection. Note that
2510	   if the complete bandwidth associated with the aggregated reservation
2511	   maintained at the QNE ingress has to be released then the
2512	   TEAR flag MUST be set to ON. Otherwise, the TEAR
2513	   flag MUST be set to OFF, see Section 4.6.1.4.

2515	4.6.1.5.2   Triggered by a marked RESPONSE or NOTIFY message

2517	   This RMD explicit release procedure can be triggered by either an
2518	   intra-domain RESPONSE message with a PDR container carrying among
2519	   others the <M> and <S> parameters with values <M>=1 and <S>=0 (see
2520	   Section 4.6.1.2) an intra-domain (refresh) RESPONSE message carrying
2521	   a PDR Container with <M>=1 and <S>=1  (see Section 4.6.1.6.1) or an
2522	   end to end NOTIFY message (see Section 4.6.1.6.) with an INFO_SPEC
2523	   object with the following values:

2525	   Error Severity Class: Informational
2526	   Error Code value: Congestion situation

2528	   When the aggregated intra-domain QoS-NSLP operational states are used
2529	   then an end-to-end NOTIFY message used to trigger an RMD release
2530	   procedure MAY contain a PDR container that carries a <M> and a <S>
2531	   with values <M>=1 and <S>=1, and a bandwidth value in the <PDR
2532	   Bandwidth> parameter included in a "PDR_Refresh_Report" or
2533	   "PDR_Congestion_Report" container.

2535	   Note that in all explicit release procedures, before generating an
2536	   intra-domain tear RESERVE, the RMD-QOSM has to release the requested
2537	   RMD-QOSM bandwidth from the RMD traffic class state maintained at the
2538	   QNE Ingress. This can be achieved by identifying the traffic class
2539	   (PHB) and then subtracting the amount of RMD traffic class requested
2540	   resources, included in the "Peak Data Rate-1 (p)" field of the
2541	   local RMD-QSpec <TMOD-1> parameter, from the total reserved amount of
2542	   resources stored in the RMD traffic class state.

2544	   Figure 12 shows the situation that the intra-domain tear RESERVE is
2545	   generated after being triggered by either an intra-domain (refresh)
2546	   RESPONSE message that carries a PDR Container with <M>=1 and <S>=1,
2547	   or by an end-to-end NOTIFY message that do not carry a PDR container,
2548	   but an INFO_SPEC object. The error code values carried by this NOTIFY
2549	   message are:

2551	   Error Severity Class: Informational
2552	   Error Code value: Congestion situation

2554	   Most of the non-default values of the objects contained in the
2555	   tear intra-domain RESERVE(RMD-QSpec) message are set by the QNE
2556	   Ingress node in the same way as described in Section 4.6.1.1.

2558	   The following objects MUST be used and/or set differently (see
2559	   QoS-NSLP-RMF described in [QoS-NSLP]):

2561	   *  The value of the <M> parameter of the PHR container MUST be set
2562	      to "1".

2564	   *  the value of the <S> parameter of the
2565	      "PHR container" MUST be set to "1".

2567	   *  The RESERVE message MAY include a PDR container. Note that this
2568	      is needed if bi-directional scenario is used, see Section 4.6.2.

2570	QNE (Ingress)     QNE (Interior)         QNE (Interior)    QNE (Egress)
2571	NTLP stateful    NTLP stateless         NTLP stateless    NTLP stateful
2572	    |                  |                  |                  |
2573	    | NOTIFY           |                  |                  |
2574	    |<-------------------------------------------------------|
2575	    |RESERVE(RMD-QSpec:Tear=1,M=1,S=1)    |                  |
2576	    | ---------------->|RESERVE(RMD-QSpec:Tear=1, M=1,S=1)   |
2577	    |                  |                  |                  |
2578	    |                  |----------------->|                  |
2579	    |                  |           RESERVE(RMD-QSpec:Tear=1, M=1,S=1)
2580	    |                  |                  |----------------->|

2582	   Figure 12: Basic operation during RMD explicit release procedure
2583	   triggered by NOTIFY used by the RMD-QOSM.

2585	   Note that if the values of the <M> and <S> parameters included in the
2586	   PHR container carried by a intra-domain tear RESERVE(RMD-QOSM) are
2587	   set as ((<M>=0 and <S>=1) or (<M>=0 and <S>=0) or (<M>=1 and <S>=1))
2588	   then the <Max Admitted Hops> value SHOULD NOT be compared to the
2589	   <Admitted Hops> value and the value of the <K> field MUST NOT be set.
2590	   Any QNE edge or QNE Interior node that receives the intra-domain tear
2591	   RESERVE it MUST check the <K> field included in the PHR Container. If
2592	   the <K> fied is "0" then the traffic class state (PHB) has to be
2593	   identified, using the <PHB Class> parameter, and the the requested
2594	   resources included in the "Peak Data Rate-1 (p)" field of the
2595	   local RMD-QSpec <TMOD-1> parameter have to be released. This can be
2596	   achieved by subtracting the amount of RMD traffic class requested
2597	   resources, included in the "Peak Data Rate-1 (p)" field of the local
2598	   RMD-QSpec <TMOD-1> parameter, from the total reserved amount of
2599	   resources stored in the RMD traffic class state.  The value of the
2600	   <Time Lag> parameter of the PHR field is used during the release
2601	   procedure as explained in the introductory part of Section 4.6.1.5.
2602	   Afterwards, the QNE Egress node MUST terminate the tear intra-domain
2603	   RESERVE(RMD-QSpec) message.

2605	   The RMD specific release procedure that is triggered by an
2606	   intra-domain RESPONSE message with <M>=1 and <S>=0 PDR container (see
2607	   Section 4.6.1.2) generates an intra-domain tear RESERVE message
2608	   that uses the combination of <Max Admitted Hops> and <Admitted_Hops>
2609	   fields to calculate and specify when the <K> value carried by the
2610	   "PHR Container" can be set. When the <K> field is set, then the "PHR
2611	   Container" and the RMD-QOSM <QoS Desired>  carried by an intra-domain
2612	   tear RESERVE MUST NOT be processed.

2614	   The RMD specific explicit release procedure that uses the combination
2615	   of <Max Admitted Hops>, <Admitted_Hops> and <K> fields to release
2616	   resources/bandwidth in only a part of the RMD domain, is denoted as
2617	   RMD partial release procedure.

2619	   This explicit release procedure can be used, for example, during
2620	   unsuccessful reservation (see Section 4.6.1.2). When the RMD-
2621	   QoSM/QoS-NSLP signaling model functionality of a QNE Ingress node
2622	   receives a  PDR container with values <M>=1 and <S>=0, of type
2623	   "PDR_Reservation_Report", it MUST start an RMD partial release
2624	   procedure.

2626	   In this situation, after that the REQUIRED bandwidth is released from
2627	   the RMD-QOSM traffic class state at the QNE Ingress, an intra-domain
2628	   RESERVE (RMD-QOSM) message has to be generated. An example of this
2629	   operation can be seen in Figure 13.

2631	   Most of the non-default values of the objects contained in the
2632	   tear intra-domain RESERVE(RMD-QSpec) message are set by the QNE
2633	   Ingress node in the same way as described in Section 4.6.1.1.

2635	   The following objects MUST be used and/or set differently:

2637	   *  The value of the <M> parameter of the PHR container MUST be set
2638	      to "1".

2640	   *  The RESERVE message MAY include a PDR container.

2642	* the value of the <Max Admitted Hops> carried by the "PHR
2643	     Container" MUST be set equal to the <Max Admitted Hops> value
2644	     carried by the "PDR Container" (with <M>=1 and <S.=0) carried by
2645	     the received intra-domain RESPONSE message that triggers the
2646	     release procedure.

2648	QNE (Ingress)     QNE (Interior)        QNE (Interior)    QNE (Egress)
2649	                                     Node that marked
2650	                                    PHR_Resource_Request
2651	                                       <PHR> object
2652	NTLP stateful    NTLP stateless        NTLP stateless    NTLP stateful
2653	    |                    |                   |                    |
2654	    |                    |                   |                    |
2655	    | RESPONSE (RMD-QSpec: M=1)              |                    |
2656	    |<------------------------------------------------------------|
2657	RESERVE(RMD-QSpec: Tear=1, M=1, <Admit Hops>=<Max Admitted Hops>, K=0)
2658	    |------------------->|                   |                    |
2659	    |                    |RESERVE(RMD-QSpec: Tear=1, M=1, K=1)    |
2660	    |                    |------------------>|                    |
2661	    |                    |    RESERVE(RMD-QSpec: Tear=1, M=1, K=1)|
2662	    |                    |                   |------------------->|
2663	    |                    |                   |                    |

2665	   Figure 13: Basic operation during RMD explicit release procedure
2666	   Triggered by RESPONSE used by the RMD-QOSM
2667	   Any QNE edge or QNE Interior node that receives the intra-domain tear
2668	   RESERVE has to check the value of the <K> field in the "PHR
2669	   Container" before releasing the requested resources.

2671	   If the value of the <K> field is "1", then all the QNEs located
2672	   downstream, including the QNE Egress, MUST NOT process the carried
2673	   "PHR Container" and the RMD-QOSM <QoS Desired> object by the intra-
2674	   domain tearing RESERVE.

2676	   If the <K> field value is "0", any QNE edge or QNE Interior node that
2677	   receives the intra-domain tear RESERVE can release the resources by
2678	   subtracting the amount of RMD traffic class requested resources,
2679	   included in the "Peak Data Rate-1 (p)" field of the local RMD-QSpec
2680	   <TMOD-1> parameter, from the total reserved amount of resources
2681	   stored in the RMD traffic class state.  The value of the <Time Lag>
2682	   parameter of the PHR field is used during the release procedure as
2683	   explained in the introductory part of Section 4.6.1.5.
2684	   Furthermore, the QNE MUST perform the following procedures.
2685	   If the values of the <M> and <S> parameters included in the
2686	    "PHR_Resource_Release" PHR container are (<M=1> and <S>=0) then the
2687	   <Max Admitted Hops> value MUST be compared with the calculated
2688	   <Admitted Hops> value.  Note that each time that the intra-domain
2689	   tear RESERVE is processed and before being forwarded by a QNE, the
2690	   <Admitted Hops> value included in the PHR container is increased by
2691	   one.

2693	   When these two values are equal then the intra-domain
2694	   RESERVE(RMD-QSpec) that is forwarded further towards the QNE Egress
2695	   MUST set the <K> value of the carried "PHR Container" to "1".
2696	   The reason of doing this is that the QNE node that is currently
2697	   processing this message was the last QNE node that successfully
2698	   processed the RMD-QOSM <QoS Desired>) and PHR container of its
2699	   associated initial reservation request (i.e., initial intra-domain
2700	   RESERVE(RMD-QSpec) message). Its next QNE downstream node was unable
2701	   to successfully process the initial reservation request, therefore,
2702	   this QNE node marked the <M> and <Hop_U> parameters of the
2703	   "PHR_Resource_Request".

2705	   Note that finally the QNE Egress node MUST terminate the intra-domain
2706	   RESERVE(RMD-QSpec) message.

2708	   Note that the above described RMD partial release procedure applies
2709	   to the situation that the QNE edges maintain a per flow QoS-NSLP
2710	   reservation state.

2712	   When the QNE edges maintain aggregated intra-domain QoS-NSLP
2713	   operational states and a severe congestion occurs, then the QNE
2714	   Ingress MAY receive an end to end NOTIFY message (see Section
2715	   4.6.1.6.) with a PDR container that carries the  <M>=0 and <S>=1
2716	   fields and a bandwidth value in the <PDR Bandwidth> parameter
2717	   included in a "PDR_Congestion_Report" container. Furthermore the
2718	   same end-to-end NOTIFY message carries an INFO_SPEC object with the
2719	   following values:

2721	   Error Severity Class: Informational
2722	   Error Code value: Congestion situation

2724	   The end-to-end session associated with this NOTIFY message maintains
2725	   the BOUND_SESSION_ID of the bound aggregated session, see Sections
2726	   4.3.1. The RMD-QOSM at QNE Ingress MUST start a RMD modification
2727	   procedures (see Section 4.6.1.4) that uses the RMD explicit release
2728	   procedure described above in this section. In particular, the RMD
2729	   explicit release procedure releases the bandwidth value included in
2730	   the <PDR Bandwidth> parameter, within the "PDR_Congestion_Report"
2731	   container, from the reserved bandwidth associated with the aggregated
2732	   intra-domain QoS-NSLP operational state.

2734	4.6.1.6. Severe congestion handling

2736	   This section describes the operation of the RMD-QOSM when a severe
2737	   congestion occurs within the Diffserv domain.

2739	   When a failure in a communication path, e.g., a router or a link
2740	   failure occurs, the routing algorithms will adapt to failures by
2741	   changing the routing decisions to reflect changes in the topology and
2742	   traffic volume.  As a result, the re-routed traffic will follow a new
2743	   path, which MAY result in overloaded nodes as they need to support
2744	   more traffic.  This MAY cause severe congestion in the communication
2745	   path.  In this situation the available resources, are not enough to
2746	   meet the REQUIRED QoS for all the flows along the new path.
2747	   Therefore, one or more flows SHOULD be terminated, or forwarded in a
2748	   lower priority queue.

2750	   Interior nodes notify edge nodes by data marking or marking the
2751	   refresh messages.

2753	4.6.1.6.1 Severe congestion handling by the RMD-QOSM refresh procedure

2755	   This procedure applies to all RMD scenarios that use a RMD refresh
2756	   procedure. The QoS-NSLP and RMD are able to cope with congested
2757	   situations using the refresh procedure, see Section 4.6.1.3.

2759	   If the refresh is not successful in an QNE Interior node, edge nodes
2760	   are notified by setting <S>=1 (<M>=1) marking the refresh messages
2761	   and by including the percentage of overload into the <Overload %>
2762	   field in the "PHR_Refresh_Update" container, carried by the intra-
2763	   domain RESERVE message. The intra-domain RESPONSE message that is
2764	   sent by the QNE Egress towards QNE Ingress will contain a PDR
2765	   container with a Container ID =26, i.e., "PDR_Congestion_Report". The
2766	   values of the <M>, <S> and <Overload %> fields of this container
2767	   SHOULD be set equal to the values of the <M>, <S> and <Overload %>
2768	   fields, respectively, carried by the "PHR_Refresh_Update" container.
2769	   Part of the flows, corresponding to the <Overload %>, are terminated,
2770	   or forwarded in a lower priority queue. Note that an example of how
2771	   this value can be calculated is given in appendix A.1.1 and denoted
2772	   as the signaled_overload_rate parameter. The flows can be terminated
2773	   by the RMD release procedure described in Section 4.6.1.5.  Note that
2774	   the above described functionality applies to the RMD reservation-
2775	   based and to the NSIS measurement-based admission control schemes.
2776	   Furthermore, note that the above functionalities apply also for the
2777	   scenario where the QNE Edge nodes maintain either per flow QoS-NSLP
2778	   reservation states or aggregated QoS-NSLP reservation states.

2780	   In general, relying on the soft state refresh mechanism solves the
2781	   congestion within the time frame of the refresh period. If this
2782	   mechanism is not fast enough additional functions SHOULD be used,
2783	   which are described in Section 4.6.1.6.2.

2785	4.6.1.6.2 Severe congestion handling by proportional data packet marking

2787	   This severe congestion handling method requires the following
2788	   functionalities.

2790	4.6.1.6.2.1 Operation in the Interior nodes

2792	   The detection and marking/remarking functionality described in this
2793	   section applies to NSIS aware, but also to NSIS unaware nodes. This
2794	   means however, that the "not NSIS aware" nodes MUST be configured
2795	   such that they can detect the congestion/severe congestion situations
2796	   and remark packets in the same way as the "NSIS aware" nodes do.

2798	   The Interior node detecting severe congestion remarks data packets
2799	   passing the node. For this remarking, two additional DSCPs can be
2800	   allocated for each traffic class.  One DSCP MAY be used to indicate
2801	   that the packet passed a congested node. This type of DSCP is denoted
2802	   in this document as "affected DSCP" and is used to indicate that a
2803	   packet passed through a severe congested node.

2805	   The use of this DSCP type eliminates the possibility that, due to
2806	   e.g. flow-based ECMP (Equal Cost Multiple Paths) enabled routing, the
2807	   egress node either does not detect packets passed a severe congested
2808	   node or erroneously detects packets that actually did not pass the
2809	   severe congested node.  Note that this type of DSCP MUST only be used
2810	   if all the nodes within the RMD domain are configured to use it.
2811	   Otherwise, this type of DSCP MUST NOT be applied. The other DSCP MUST
2812	   be used to indicate the degree of congestion by marking the bytes
2813	   proportionally to the degree of congestion. This type of DSCP is
2814	   denoted in this document as "encoded DSCP".

2816	   Note that in this document the terms marked packets or marked bytes
2817	   refer to the "encoded DSCP". The terms unmarked packets or unmarked
2818	   bytes are representing the packets or the bytes belonging to these
2819	   packets that their DSCP is either the "affected DSCP" or the original
2820	   DSCP. Furthermore, in the algorithm described below it is considered
2821	   that the router MAY drop received packets. The counting/measuring of
2822	   marked or unmarked bytes described in this section is accomplished
2823	   within measurement periods. All nodes within a RMD domain use the
2824	   same, fixed measurement interval, say T seconds, which MUST be
2825	   pre-configured.

2827	   It is RECOMMENDED that the total number of additional (local and
2828	   experimental) DSCPs needed for severe congestion handling within an
2829	   RMD domain SHOULD be as low as possible and it SHOULD NOT exceed the
2830	   limit of 8. One possibility to reduce the number of used DSCPs is to
2831	   use only the "encoded DSCP" and not to use "affected DSCP" marking.
2832	   Another possible solution is for example, to allocate one DSCP for
2833	   severe congestion indication for each of the AF classes that can be
2834	   supported by RMD-QOSM.

2836	   An example of a remarking procedure can be found in Appendix A.1.1.

2838	4.6.1.6.2.2 Operation in the Egress nodes

2840	   When the QNE edges maintain a per flow intra-domain QoS-NSLP
2841	   operational state, see sections 4.3.2, 4.3.3, then the following
2842	   procedure is followed. The QNE Egress node applies a predefined
2843	   policy to solve the severe congestion situation, by selecting a
2844	   number of inter-domain (end-to-end) flows that SHOULD be terminated,
2845	   or forwarded in a lower priority queue.

2847	   When the RMD domain does not use the "affected DSCP"
2848	   marking then the egress MUST generate an ingress/egress pair
2849	   aggregated state, for each ingress and for each supported PHB. This
2850	   is because the edges MUST be able to detect in which ingress/egress
2851	   pair a severe congestion occurs. This is because otherwise the QNE
2852	   Egress will not have any information on which flows or groups of
2853	   flows were affected by the severe congestion.

2855	   When the RMD domain supports the "affected DSCP" marking then the
2856	   egress is able to detect all flows that are affected by the severe
2857	   congestion situation. Therefore, when the RMD domain supports the
2858	   "affected DSCP" marking, then the Egress MAY not generate and
2859	   maintain the ingress/egress pair aggregated reservation States. Note
2860	   that these aggregated reservation states MAY not be associated with
2861	   aggregated intra-domain QoS-NSLP operational states.

2863	   The ingress/egress pair aggregated reservation state can be derived
2864	   by detecting, which flows are using the same PHB and are sent by the
2865	   same Ingress (via the per flow end-to-end QoS-NSLP states).

2867	   Some flows, belonging to the same PHB traffic class might get
2868	   other priority than other flows belonging to the same PHB traffic
2869	   class. This difference in priority can be notified to the egress and
2870	   ingress nodes either by the RESERVE message that carries the QSpec
2871	   associated with the end-to-end QoS model, e.g.,, <Preemption
2872	   Priority> & <Defending Priority> parameter, or by using a local
2873	   defined policy. The priority value is kept in the reservation states,
2874	   see Section 4.3, which might be used during admission control and/or
2875	   severe congestion handling procedures. The terminated flows are
2876	   selected from the flows having the same PHB traffic class as the PHB
2877	   of the marked (as "encoded DSCP") and "affected DSCP" (when applied
2878	   in the complete RMD domain) packets and (when the ingress/egress pair
2879	   aggregated states are available) that are belonging to the same
2880	   ingress/egress pair aggregate.

2882	   For flows associated with the same PHB traffic class the priority of
2883	   the flow plays a significant role. An example of calculating the
2884	   number of flows associated with each priority class that have to be
2885	   terminated is explained in Appendix A.1.2.

2887	   For the flows (sessions) that have to be terminated, the QNE Egress
2888	   node generates and sends an end-to-end NOTIFY message to the QNE
2889	   Ingress node (its upstream stateful QoS-NSLP peer) to indicate the
2890	   severe congestion in the communication path.

2892	   The non-default values of the objects contained in the NOTIFY
2893	   message MUST be set by the QNE Egress node as follows
2894	   (see QoS-NSLP-RMF API described in [QoS-NSLP]):

2896	   *  the values of the <INFO_SPEC> object is set by the standard
2897	      QoS-NSLP protocol functions.

2899	   * the INFO_SPEC object MUST include information that notifies that
2900	     the end-to-end flow MUST be terminated. This information is as
2901	     follows:

2903	     Error Severity Class: Informational
2904	     Error Code value: Congestion situation

2906	   When the QNE edges maintain a per aggregate intra-domain QoS-NSLP
2907	   operational state, see sections 4.3.1 then the QNE Edge has to
2908	   calculate, per each aggregate intra-domain QoS-NSLP operational
2909	   state, the total bandwidth that has to be terminated in order to
2910	   solve the severe congestion. The total to be released bandwidth is
2911	   calculated in the same way as in the situation that the QNE edges
2912	   maintain per flow intra-domain QoS-NSLP operational states.
2913	   Note that for the aggregated sessions that are affected, the QNE
2914	   Egress node generates and sends one end-to-end NOTIFY message to the
2915	   QNE Ingress node(its upstream stateful QoS-NSLP peer) to indicate the
2916	   severe congestion in the communication path. Note that this end-to-
2917	   end NOTIFY message is associated with one of the end-to-end sessions
2918	   that is bound to the aggregated intra-domain QoS-NSLP operational
2919	   state.

2921	   The non-default values of the objects contained in the NOTIFY
2922	   message MUST be set by the QNE Egress node in the same way as the
2923	   ones used by the end-to-end NOTIFY message described above for the
2924	   situation that the QNE Egress maintains a per flow intra-domain
2925	   operational state. In addition to this the end-to-end NOTIFY MUST
2926	   carry the RMD-Qspec, which contains a PDR container with a
2927	   Container ID =26, i.e., "PDR_Congestion_Report". The
2928	   value of the <S> SHOULD be set. Furthermore, the value of the <PDR
2929	   Bandwidth> parameter MUST contain the bandwidth, associated with the
2930	   aggregated QoS-NSLP operational state, which has to be released.

2932	   Furthermore, the number of end-to-end sessions that have to be
2933	   terminated will be calculated as in the situation that the QNE edges
2934	   maintain per flow intra-domain QoS-NSLP operational states. Similarly
2935	   for each, to be terminated, ongoing flow the egress will notify the
2936	   ingress in the same way as in the situation that the QNE edges
2937	   maintain per flow intra-domain QoS-NSLP operational states.

2939	   Note that QNE egress SHOULD restore the original DSCP
2940	   values of the remarked packets, otherwise multiple actions for the
2941	   same event might occur. However, this value MAY be left in its
2942	   remarking form if there is an SLA agreement between domains that a
2943	   downstream domain handles the remarking problem.

2945	   An example of a detailed severe congestion operation in the Egress
2946	   Nodes can be found in Appendix A.1.2.

2948	   4.6.1.6.2.3 Operation in the Ingress nodes

2950	   Upon receiving the (end-to-end) NOTIFY message, the QNE Ingress node
2951	   resolves the severe congestion by a predefined policy, e.g., by
2952	   refusing new incoming flows (sessions), terminating the affected and
2953	   notified flows (sessions), and blocking their packets or shifting
2954	   them to an alternative RMD traffic class (PHB).

2956	   This operation is depicted in Figure 14, where the QNE Ingress, for
2957	   each flow (session) to be terminated, receives a NOTIFY message that
2958	   carries the "Congestion situation" error code.

2960	   When the QNE Ingress node receives the end-to-end NOTIFY message, it
2961	   associates this NOTIFY message with its bound intra-domain session,
2962	   see Sections 4.3.2, 4.3.3. via the BOUND_SESSION_ID information
2963	   included in the end-to-end per-flow QoS-NSLP state. The QNE Ingress
2964	   uses the operation described in Section 4.6.1.5.2 to terminate the
2965	   intra-domain session.

2967	 QNE (Ingress)    QNE (Interior)        QNE (Interior)    QNE (Egress)

2969	  user  |                  |                 |                  |
2970	  data  |  user data       |                 |                  |
2971	 ------>|----------------->|     user data   | user data        |
2972	        |                  |---------------->S(# marked bytes)  |
2973	        |                  |                 S----------------->|
2974	        |                  |                 S(# unmarked bytes)|
2975	        |                  |                 S----------------->|Term.
2976	        |                 NOTIFY             S                  |flow?
2977	        |<-----------------|-----------------S------------------|YES
2978	        |RESERVE(RMD-QSpec:Tear=1,M=1,S=1)   S                  |
2979	        | ---------------->|RESERVE(RMD-QSpec:T=1, M=1,S=1)     |
2980	        |                  |                 S                  |
2981	        |                  |---------------->S                  |
2982	        |                  |       RESERVE(RMD-QSpec:Tear=1, M=1,S=1)
2983	        |                  |                 S----------------->|

2985	   Figure 14:  RMD severe congestion handling

2987	   Note that the above functionality applies to the RMD reservation-
2988	   Based, see Section 4.3.3 and to both measurement-based admission
2989	   control methods (i.e., congestion notification based on probing and
2990	   the NSIS measurement-based admission control), see Section 4.3.2.

2992	   In the case that the QNE edges support aggregated intra-domain QoS-
2993	   NSLP operational states the following actions take place. The QNE
2994	   Ingress MAY receive an end to end NOTIFY message with a PDR container
2995	   that carries a <S> marked and a bandwidth value in the <PDR
2996	   Bandwidth> parameter included in a "PDR_Congestion_Report" container.
2997	   Furthermore the same end-to-end NOTIFY message carries an INFO_SPEC
2998	   object with the "Congestion situation" error code.

3000	   When the QNE Ingress node receives this end-to-end  NOTIFY message,
3001	   it associates the NOTIFY message with the aggregated intra-domain
3002	   QoS-NSLP operational state via the BOUND_SESSION_ID information
3003	   included in the end-to-end per-flow QoS-NSLP operational state, see
3004	   Section 4.3.1.

3006	   The RMD-QOSM at the QNE Ingress node by using the
3007	   total to be released bandwidth value included in the <PDR Bandwidth>
3008	   parameter MUST reduce the bandwidth associated and reserved by the
3009	   RMD aggregated session. This is accomplished by triggering the RMD
3010	   modification for Aggregated reservations procedure described in
3011	   Section 4.6.1.4.

3013	   In addition to the above, the QNE Ingress MUST select a number of
3014	   inter-domain (end-to-end) flows (sessions) that MUST be terminated.
3015	   This is accomplished in the same way as in the situation that the QNE
3016	   edges maintain per flow intra-domain QoS-NSLP operational states.

3018	   The terminated end-to-end sessions are selected from the end-to-end
3019	   sessions bound to the aggregated intra-domain QoS-NSLP operational
3020	   state. Note that the end-to-end session associated with the received
3021	   end-to-end NOTIFY message that notified the severe congestion MUST
3022	   also be selected for termination.
3023	   For the flows (sessions) that have to be terminated, the QNE Ingress
3024	   node generates and sends an end-to-end NOTIFY message upstream
3025	   towards the sender (QNI). The values carried by this message are:

3027	   *  the values of the <INFO_SPEC> object is set by the standard
3028	      QoS-NSLP protocol functions.

3030	   * the INFO_SPEC object MUST include information that notifies that
3031	     the end-to-end flow MUST be terminated. This information is as
3032	     follows:

3034	     Error Severity Class: Informational
3035	     Error Code value: Congestion situation

3037	4.6.1.7 Admission control using congestion notification based on probing

3039	   The congestion notification function based on probing can be used to
3040	   implement a simple measurement-based admission control within a
3041	   Diffserv domain.  At interior nodes along the data path congestion
3042	   notification thresholds are set in the measurement based admission
3043	   control function for the traffic belonging to different PHBs. These
3044	   interior nodes are not NSIS aware nodes.

3046	4.6.1.7.1 Operation in Ingress nodes

3048	   When an end-to-end reservation request (RESERVE) arrives at the
3049	   Ingress node (QNE), see Figure 15, it is processed based on the
3050	   procedures defined by the end-to-end QoS model.

3052	  The DSCP field of the GIST datagram message that is used to transport
3053	   this probe RESERVE message, SHOULD be marked with the same value of
3054	   DSCP as the data path packets associated with the same session. In
3055	   this way it is ensured that the end-to-end RESERVE (probe) packet
3056	   passed through the node that it is congested. This feature is very
3057	   useful when ECMP based routing is used to detect only flows that are
3058	   passing through the congested router.

3060	   When (end-to-end) RESPONSE message is received by the Ingress node,it
3061	   will be processed based on the procedures defined by the end-to-end
3062	   QoS model.

3064	4.6.1.7.2 Operation in Interior nodes

3066	   These Interior nodes are not needed to be NSIS aware nodes and they
3067	   do not need to process NSIS functionality of NSIS messages. Note that
3068	   the "not NSIS aware" nodes MUST be configured such that they can
3069	   detect the congestion/severe congestion situations and remark packets
3070	   in the same way as the "NSIS aware" nodes do.

3072	   Using standard functionalities congestion notification thresholds are
3073	   set for the traffic belonging to different PHBs, see Section 4.3.2.
3074	   The end-to-end RESERVE message, see Figure 15, is used as a probe
3075	   packet.

3077	   The DSCP field of all data packets and of the GIST message carrying
3078	   the RESERVE message will be re-marked when the corresponding
3079	   "congestion notification" threshold is exceeded, see Section 4.3.2.
3080	   Note that when the data rate is higher than the congestion
3081	   notification threshold then also the data packets are remarked. An
3082	   example of the detailed operation of this procedure is given in
3083	   Appendix A.2.1.

3085	4.6.1.7.3 Operation in Egress nodes

3087	   As emphasised in Section 4.6.1.6.2.2, the egress node, by using the
3088	   per flow end-to-end QoS-NSLP states, can derive which flows are using
3089	   the same PHB and are sent by the same ingress.

3091	   For each ingress, the egress SHOULD generate an ingress/egress pair
3092	   aggregated (RMF) reservation state for each supported PHB. Note that
3093	   this aggregated reservation state does not require that also an
3094	   aggregated intra-domain QoS-NSLP operational state is needed.

3096	   In Appendix A.2.2 an example is described how and when a (probe)
3097	   RESERVE message that arrives at the egress, is admitted or rejected.

3099	   If the request is rejected then the Egress node SHOULD
3100	   generate an (end-to-end) RESPONSE message to notify that the
3101	   reservation is unsuccesfull. In particular it will generate an
3102	   INFO_SPEC object of:
3103	     Error Severity Class: Transient Failure
3104	     Error Code value: Reservation failure

3106	   The QSpec that was carried by the end to end RESERVE belonging to
3107	   the same session as this end to end RESPONSE is included in this
3108	   message. The parameters included in the QSpec <QoS Reserved> object
3109	   are copied from the original <QoS Desired> values. The "E" flag
3110	   associated with the <QoS Reserved> object and the "E" flag associated
3111	   with local RMD-QSpec <TMOD-1> parameter are also set. This RESPONSE
3112	   message will be sent to the Ingress node and it will be processed
3113	   based on the end-to-end QoS model.

3115	   Note that QNE egress SHOULD restore the original DSCP values of the
3116	   remarked packets, otherwise multiple actions for the same event might
3117	   occur. However, this value MAY be left in its remarking form if there
3118	   is an SLA agreement between domains that a downstream domain handles
3119	   the remarking problem. Note that the break "B" flag carried by the
3120	   end-to-end RESERVE message MUST NOT be set.

3122	QNE (Ingress)          Interior          Interior       QNE (Egress)
3123	                    (not NSIS aware) (not NSIS aware)
3124	  user  |                  |                 |                  |
3125	  data  |  user data       |                 |                  |
3126	 ------>|----------------->|     user data   |                  |
3127	        |                  |---------------->| user data        |
3128	        |                  |                 |----------------->|
3129	  user  |                  |                 |                  |
3130	  data  |  user data       |                 |                  |
3131	 ------>|----------------->|     user data   | user data        |
3132	        |                  |---------------->S(# marked bytes)  |
3133	        |                  |                 S----------------->|
3134	        |                  |                 S(# unmarked bytes)|
3135	        |                  |                 S----------------->|
3136	        |                  |                 S                  |
3137	RESERVE |                  |                 S                  |
3138	------->|                  |                 S                  |
3139	        |----------------------------------->S                  |
3140	        |                  |           RESERVE(re-marked DSCP in GIST)
3141	        |                  |                 S----------------->|
3142	        |                  |RESPONSE(unsuccessful INFO-SPEC)    |
3143	        |<------------------------------------------------------|
3144	 RESPONSE(unsuccessful INFO-SPEC)            |                  |
3145	 <------|                  |                 |                  |

3147	   Figure 15:  Using RMD congestion notification function for admission
3148	               control based on probing

3150	4.6.2  Bi-directional operation

3152	   This section describes the basic bidirectional operation and
3153	   sequence of events/triggers of the RMD-QOSM.  The following basic
3154	   operation cases are distinguished:

3156	     * Successful and unsuccessful reservation (Section 4.6.2.1);
3157	     * Refresh reservation (Section 4.6.2.2);
3158	     * Modification of aggregated reservation (Section 4.6.2.3);
3159	     * Release procedure (Section 4.6.2.4);
3160	     * Severe congestion handling (Section 4.6.2.5);
3161	     * Admission control using congestion notification based on probing
3162	      (Section 4.6.2.6).

3164	   It is important to emphasize that the content of this section is used
3165	   for the specification of the following RMD-QOSM/QoS-NSLP signaling
3166	   schemes, when basic unidirectional operation is assumed:

3168	    * "per flow congestion notification based on probing";

3170	    * "per flow RMD NSIS measurement based admission control",

3172	    * "per flow RMD reservation based" in combination with "severe
3173	     congestion handling by the RMD-QOSM refresh procedure"

3175	    * "per flow RMD reservation based" in combination with "severe
3176	     congestion handling by proportional data packet marking"

3178	    * "per aggregate RMD reservation based" in combination with
3179	      "severe congestion handling by the RMD-QOSM refresh procedure"

3181	    * "per aggregate RMD reservation based" in combination with
3182	      "severe congestion handling by proportional data packet marking"

3184	   For more details, please see Section 3.2.3.

3186	   In particular, the described functionality described in Sections
3187	   4.6.2.1, 4.6.2.2, 4.6.2.3, 4.6.2.4, 4.6.2.5 applies to the RMD
3188	   reservation-based and to the NSIS measurement-based admission control
3189	   methods. The described functionality in Section 4.6.2.6 applies to
3190	   the admission control procedure that uses the congestion notification
3191	   based on probing. The QNE Edge nodes maintain either per flow QoS-
3192	   NSLP operational and reservation states or aggregated QoS-NSLP
3193	   operational and reservation states.

3195	   RMD-QOSM assumes that asymmetric routing MAY be applied in the RMD
3196	   domain.  Combined sender-receiver initiated reservation cannot be
3197	   efficiently done in the RMD domain because upstream NTLP states are
3198	   not stored in Interior routers.

3200	   Therefore, the bi-directional operation SHOULD be performed by two
3201	   sender-initiated reservations (sender&sender).  We assume that the
3202	   QNE edge nodes are common for both upstream and downstream
3203	   directions, therefore, the two reservations/sessions can be bound at
3204	   the QNE edge nodes. Note that if this is not the case then the bi-
3205	   directional procedure could be managed and maintained by nodes
3206	   located outside the RMD domain, by using other procedures than the
3207	   ones defined in RMD-QOSM.

3209	   This (intra-domain) bi-directional sender&sender procedure can then
3210	   be applied between the QNE edges (QNE Ingress and QNE Egress) nodes
3211	   of the RMD QoS signaling model.  In the situation a security
3212	   association exists between the QNE Ingress and QNE Egress nodes (see
3213	   Figure 15), and the QNE Ingress node has the REQUIRED "Peak Data
3214	   Rate-1 (p)" values of the local RMD-QSpec <TMOD-1> parameters for
3215	   both directions, i.e., QNE Ingress towards QNE Egress and QNE Egress
3216	   towards QNE Ingress, then the QNE Ingress MAY include both "Peak Data
3217	   Rate-1 (p)" values of the local RMD-QSpec <TMOD-1> parameters (needed
3218	   for both directions) into the RMD-QSpec within a RESERVE message.  In
3219	   this way the QNE Egress node is able to use the QoS parameters needed
3220	   for the "Egress towards Ingress" direction (QoS-2).  The QNE Egress
3221	   is then able to create a RESERVE with the right QoS parameters
3222	   included in the QSpec, i.e., RESERVE (QoS-2). Both directions of the
3223	   flows are bound by inserting <BOUND_SESSION_ID> objects at the QNE
3224	   Ingress and QNE Egress, which will be carried by bound end-to-end
3225	   RESERVE messages.

3227	     |------ RESERVE (QoS-1, QoS-2)----|
3228	     |                                 V
3229	     |           Interior/stateless QNEs
3230	                 +---+     +---+
3231	        |------->|QNE|-----|QNE|------
3232	        |        +---+     +---+     |
3233	        |                            V
3234	      +---+                        +---+
3235	      |QNE|                        |QNE|
3236	      +---+                        +---+
3237	         ^                           |
3238	      |  |       +---+     +---+     V
3239	      |  |-------|QNE|-----|QNE|-----|
3240	      |          +---+     +---+
3241	   Ingress/                         Egress/
3242	   statefull QNE                    statefull QNE
3243	                                     |
3244	   <--------- RESERVE (QoS-2) -------|

3246	   Figure 16: The intra-domain bi-directional reservation scenario in
3247	   the RMD domain
3248	   Note that it is RECOMMENDED that the QNE implementations of RMD-QOSM
3249	   process the QoS-NSLP signaling messages with a higher priority than
3250	   data packets. This can be accomplished as described in Section 3.3.4
3251	   in [QoS-NSLP] and the QoS-NSLP-RMF API [QoS-NSLP].

3253	   A bidirectional reservation, within the RMD domain, is indicated by
3254	   the PHR <B> and PDR <B> flags, which are set in all messages. In this
3255	   case two BOUND_SESSION_ID objects SHOULD be used.

3257	   When the QNE edges maintain per-flow intra-domain QoS-NSLP
3258	   operational states then the end-to-end RESERVE message carries two
3259	   BOUND_SESSION_IDs. One BOUND_SESSION_ID carries the SESSION_ID of the
3260	   tunneled intra-domain (per-flow) session that is using a BINDING_CODE
3261	   with value set to code (Tunneled and end-to-end sessions).  Another
3262	   BOUND_SESSION_ID carries the SESSION_ID of the bound bidirectional
3263	   end-to-end session. The BINDING_CODE associated with this
3264	   BOUND_SESSION_ID is set to code (Bi-directional sessions).

3266	   When the QNE edges maintain aggregated intra-domain QoS-NSLP
3267	   operational states then the end-to-end RESERVE message carries two
3268	   BOUND_SESSION_IDs. One BOUND_SESSION_ID carries the SESSION_ID of the
3269	   tunneled aggregated intra-domain session that is using a BINDING_CODE
3270	   with value set to code (Aggregated sessions).  Another
3271	   BOUND_SESSION_ID carries the SESSION_ID of the bound bidirectional
3272	   end-to-end session. The BINDING_CODE associated with this
3273	   BOUND_SESSION_ID is set to code (Bi-directional sessions).

3275	   The intra-domain and end-to-end QoS-NSLP operational states are
3276	   initiated/modified depending on the binding type, see Section 4.3.1,
3277	   4.3.2, 4.3.3.

3279	   If no security association exists between the QNE Ingress and QNE
3280	   Egress nodes the bi-directional reservation for the sender&sender
3281	   scenario in the RMD domain SHOULD use the scenario specified in
3282	   [QoS-NSLP] as "Bi-directional reservation for sender&sender
3283	   scenario". This is because in this scenario the RESERVE message sent
3284	   from QNE Ingress to QNE Egress does not have to carry the QoS
3285	   parameters needed for the "Egress towards Ingress" direction (QoS-2).

3287	   In the following sections it is considered that the QNE
3288	   edge nodes are common for both upstream and downstream directions
3289	   and therefore, the two reservations/sessions can be bound at the
3290	   QNE edge nodes.  Furthermore, it is considered that a security
3291	   association exists between the QNE Ingress and QNE Egress nodes,
3292	   and the QNE Ingress node has the REQUIRED "Peak Data Rate-1 (p)"
3293	   value of the local RMD-QSpec <TMOD-1> parameters for both directions,
3294	   i.e., QNE Ingress towards QNE Egress and QNE Egress towards QNE
3295	   Ingress.

3297	4.6.2.1 Successful and unsuccessful reservations

3299	   This section describes the operation of the RMD-QOSM where a RMD
3300	   Intra-domain bi-directional reservation operation, see Figure 16 and
3301	   Section 4.6.2, is either successfully or unsuccessfully accomplished.

3303	   The bi-directional successful reservation is similar to a
3304	   combination of two unidirectional successful reservations that are
3305	   accomplished in opposite directions, see Figure 17. The main
3306	   differences of the bi-directional successful reservation procedure
3307	   with the combination of two unidirectional successful reservations
3308	   accomplished in opposite directions are as follows. Note also that
3309	   the intra-domain and end-to-end QoS-NSLP operational states generated
3310	   and maintained by the end-to-end RESERVE messages contain, compared
3311	   to the unidirectional reservation scenario, a different
3312	   BOUND_SESSION_ID data structure, see Section 4.3.1, 4.3.2, 4.3.3.
3313	   In this scenario the intra-domain RESERVE message sent by the QNE
3314	   Ingress node towards the QNE Egress node, is denoted in Figure 17 as
3315	   RESERVE (RMD-QSpec): "forward".  The main differences between the
3316	   intra-domain RESERVE (RMD-QSpec):"forward" message used for the bi-
3317	   directional successful reservation procedure and a RESERVE (RMD-
3318	   QSpec) message used for the unidirectional successful reservation are
3319	   as follows (see QoS-NSLP-RMF API described in [QoS-NSLP]):

3321	   *  the RII object MUST NOT be included in the message. This is
3322	      because no RESPONSE message is REQUIRED.

3324	   *  the <B> bit of the PHR container indicates a bi-directional
3325	      reservation and it MUST be set to "1".

3327	   *  the PDR container is also included into the RESERVE(RMD-QSpec):
3328	      "forward" message. The value of the Container ID is
3329	      "20", i.e., "PDR_Reservation_Request".  Note that the response
3330	      PDR container sent by a QNE Egress to a QNE Ingress node is not
3331	      carried by an end-to-end RESPONSE message, but it is carried by an
3332	      intra-domain RESERVE message that is sent by the QNE Egress node
3333	      towards the QNE Ingress node (denoted in Figure 16 as
3334	      RESERVE(RMD-QSpec):"reverse").

3336	   *  the <B> PDR bit indicates a bi-directional reservation and is set
3337	      to "1".

3339	   *  the <PDR Bandwidth> field specifies the
3340	      requested bandwidth that has to be used by the QNE Egress node to
3341	      initiate another intra-domain RESERVE message in the reverse
3342	      direction.

3344	   The RESERVE(RMD-QSpec):"reverse" message is initiated by the QNE
3345	   Egress node at the moment that the RESERVE(RMD-QSpec):"forward"
3346	   message is successfully processed by the QNE Egress node.

3348	   The main differences between the RESERVE(RMD-QSpec):"reverse"
3349	   message used for the bi-directional successful reservation procedure
3350	   and a RESERVE(RMD-QSpec) message used for the unidirectional
3351	   successful reservation are as follows:

3353	QNE (Ingress)   QNE (int.)    QNE (int.)    QNE (int.)   QNE (Egress)
3354	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
3355	    |                |               |               |              |
3356	    |                |               |               |              |
3357	    |RESERVE(RMD-QSpec)              |               |              |
3358	    |"forward"       |               |               |              |
3359	    |                |    RESERVE(RMD-QSpec):        |              |
3360	    |--------------->|    "forward"  |               |              |
3361	    |                |------------------------------>|              |
3362	    |                |               |               |------------->|
3363	    |                |               |               |              |
3364	    |                |               |RESERVE(RMD-QSpec)            |
3365	    |      RESERVE(RMD-QSpec)        | "reverse"     |<-------------|
3366	    |      "reverse" |               |<--------------|              |
3367	    |<-------------------------------|               |              |

3369	      Figure 17: Intra-domain signaling operation for successful
3370	                 bi-directional reservation

3372	   *  the RII object is not included in the message. This is because no
3373	      RESPONSE message is REQUIRED;

3375	   *  the value of the "Peak Data Rate-1 (p)" field of the local RMD-
3376	      QSpec <TMOD-1> parameter is set equal to the value of the
3377	      <PDR Bandwidth> field included in the RESERVE(RMD-QSpec):"forward"
3378	      message that triggered the generation of this RESERVE(RMD-QSpec):
3379	      "reverse" message;

3381	   *  the <B> bit of the PHR container indicates a bi-directional
3382	      reservation and is set to "1";

3384	   *  the PDR container is included into the
3385	      RESERVE(RMD-QSpec):"reverse" message.  The value of the
3386	      Container ID is "23", i.e., "PDR_Reservation_Report";

3388	   *  the <B> PDR bit indicates a bi-directional reservation and is
3389	      set to "1".

3391	   Figure 18 and Figure 19 show the flow diagrams used in case of a
3392	   unsuccessful bi-directional reservation.  In Figure 18 it
3393	   is considered that the QNE that is not able to support the
3394	   requested "Peak Data Rate-1 (p)" value of local RMD-QSpec <TMOD-1>
3395	   is located in the direction QNE Ingress towards QNE Egress.  In
3396	   Figure 19 it is considered that the QNE that is not able to support
3397	   the requested "Peak Data Rate-1 (p)" value of local RMD-QSpec
3398	   <TMOD-1>  is located in the direction QNE Egress towards QNE Ingress.

3400	   The main differences between the bi-directional unsuccessful
3401	   procedure shown in Figure 18 and the bi-directional successful
3402	   procedure are as follows:

3404	   *  the QNE node that is not able to reserve resources for a
3405	      certain request is located in the "forward" path, i.e., path
3406	      from QNE Ingress towards the QNE Egress.

3408	   *  the QNE node that is not able to support the requested "Peak Data
3409	      Rate-1 (p)" value of local RMD-QSpec <TMOD-1> it MUST mark the <M>
3410	      bit, i.e., set to value "1", of the RESERVE(RMD-QSpec): "forward".

3412	QNE(Ingress)   QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
3413	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
3414	    |                |             |              |               |
3415	    |RESERVE(RMD-QSpec):           |              |               |
3416	    |  "forward"     |  RESERVE(RMD-QSpec):       |               |
3417	    |--------------->|  "forward"  |              M RESERVE(RMD-QSpec):
3418	    |                |--------------------------->M  "forward-M marked"
3419	    |                |             |              M-------------->|
3420	    |                |           RESPONSE(PDR)    M               |
3421	    |                |        "forward - M marked"M               |
3422	    |<------------------------------------------------------------|
3423	    |RESERVE(RMD-QSpec, K=0)       |              M               |
3424	    |"forward - T tear"            |              M               |
3425	    |--------------->|             |              M               |
3426	    |                    RESERVE(RMD-QSpec, K=1)  M               |
3427	    |                |   "forward - T tear"       M               |
3428	    |                |--------------------------->M               |
3429	    |                |                  RESERVE(RMD-QSpec, K=1)   |
3430	    |                |                 "forward - T tear"         |
3431	    |                |                            M-------------->|

3433	   Figure 18: Intra-domain signaling operation for unsuccessful
3434	              bi-directional reservation (rejection on path QNE(Ingress)
3435	              towards QNE(Egress))

3437	   The operation for this type of unsuccessful bi-directional
3438	   reservation is similar to the operation for unsuccessful uni-
3439	   directional reservation shown in Figure 9.

3441	   The main differences between the bi-directional unsuccessful
3442	   procedure shown in Figure 19 and the in bi-directional successful
3443	   procedure are as follows:

3445	   *  the QNE node that is not able to reserve resources for a
3446	      certain request is located in the "reverse" path, i.e., path
3447	      from QNE Egress towards the QNE Ingress.

3449	   *  the QNE node that is not able to support the requested
3450	      "Peak Data Rate-1 (p)" value of local RMD-QSpec <TMOD-1> it MUST
3451	      mark the <M> bit, i.e., set to value "1", the
3452	      RESERVE(RMD-QSpec):"reverse".

3454	QNE (Ingress)    QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
3455	NTLP stateful   NTLP st.less  NTLP st.less  NTLP st.less   NTLP stateful
3456	    |                |                |                |              |
3457	    |RESERVE(RMD-QSpec)               |                |              |
3458	    |"forward"       |  RESERVE(RMD-QSpec):            |              |
3459	    |--------------->|  "forward"     |           RESERVE(RMD-QSpec): |
3460	    |                |-------------------------------->|"forward"     |
3461	    |                |   RESERVE(RMD-QSpec):           |------------->|
3462	    |                |    "reverse"   |                |              |
3463	    |                |              RESERVE(RMD-QSpec) |              |
3464	    |    RESERVE(RMD-QSpec):          M      "reverse" |<-------------|
3465	    |   "reverse - M marked"          M<---------------|              |
3466	    |<--------------------------------M                |              |
3467	    |                |                M                |              |
3468	    |RESERVE(RMD-QSpec, K=0):         M                |              |
3469	    |"forward - T tear"               M                |              |
3470	    |--------------->|  RESERVE(RMD-QSpec, K=0):       |              |
3471	    |                |  "forward - T tear"             |              |
3472	    |                |-------------------------------->|              |
3473	    |                |                M                |------------->|
3474	    |                |                M         RESERVE(RMD-QSpec, K=0):
3475	    |                |                M             reverse - T tear" |
3476	    |                |                M                |<-------------|
3477	    |                                 M RESERVE(RMD-QSpec, K=1)       |
3478	    |                |                M "forward - T tear"            |
3479	    |                |                M<---------------|              |
3480	    |          RESERVE(RMD-QSpec, K=1)M                |              |
3481	    |          "forward - T tear"     M                |              |
3482	    |<--------------------------------M                |              |

3484	   Figure 19: Intra-domain signaling normal operation for unsuccessful
3485	             bi-directional reservation (rejection on path QNE(Egress)
3486	             towards QNE(Ingress)

3488	   *  the QNE Ingress uses the information contained in the received
3489	      PHR and PDR containers of the RESERVE(RMD-QSpec): "reverse" and
3490	      generates a tear intra-domain RESERVE(RMD-QSpec):
3491	      "forward - T tear" message.  This message carries a
3492	      "PHR_Release_Request" and a "PDR_Release_Request" control
3493	      information.  This message is sent to QNE Egress node.
3494	      The QNE Egress node uses the information contained in the
3495	      "PHR_Release_Request" and the "PDR_Release_Request" control
3496	      info containers to generate a RESERVE(RMD-QSpec):"reverse - T
3497	      tear" message that is sent towards the QNE Ingress node.

3499	4.6.2.2 Refresh reservations

3501	   This section describes the operation of the RMD-QOSM where a RMD
3502	   intra-domain bi-directional refresh reservation operation is
3503	   accomplished.
3504	   The refresh procedure in case of RMD reservation-based method
3505	   follows a similar scheme as the successful reservation procedure,
3506	   described in Section 4.6.2.1, and depicted in Figure 17 and the
3507	   way of how the refresh process of the reserved resources is
3508	   maintained, is similar to the refresh process used for the intra-
3509	   domain uni-directional reservations (see Section 4.6.1.3).

3511	   Note that the RMD traffic class refresh periods used by the bound bi-
3512	   directional sessions MUST be equal in all QNE edge and QNE Interior
3513	   nodes.

3515	   The main differences between the RESERVE(RMD-QSpec):"forward"
3516	   message used for the bi-directional refresh procedure
3517	   and a RESERVE(RMD-QSpec):"forward" message used for the bi-
3518	   directional successful reservation procedure are as follows:

3520	   *  the value of the Container ID of the PHR container is
3521	      "19", i.e., "PHR_Refresh_Update".

3523	   *  the value of the Container ID of the PDR container is
3524	      "21", i.e., "PDR_Refresh_Request".

3526	   The main differences between the RESERVE(RMD-QSpec):"reverse"
3527	   message used for the bi-directional refresh procedure and the RESERVE
3528	   (RMD-QSpec): "reverse" message used for the bi-directional successful
3529	   reservation procedure are as follows:

3531	   *  the value of the Container ID of the PHR container is
3532	      "19", i.e., "PHR_Refresh_Update".

3534	   *  the value of the Container ID of the PDR container is
3535	      "24", i.e., "PDR_Refresh_Report".

3537	4.6.2.3 Modification of aggregated intra-domain QoS-NSLP operational
3538	reservation states

3540	   This section describes the operation of the RMD-QOSM where RMD
3541	   intra-domain bi-directional QoS-NSLP aggregated reservation states
3542	   have to be modified.

3544	   In the case when the QNE edges maintain, for the RMD QoS model,
3545	   QoS-NSLP aggregated reservation states and if such an aggregated
3546	   reservation has to be modified (see Section 4.3.1) then similar
3547	   procedures to Section 4.6.1.4. are applied. In particular:

3549	   * When the modification request requires an increase of the reserved
3550	   resources, the QNE Ingress node MUST include the corresponding value
3551	   into the "Peak Data Rate-1 (p)" field local RMD-QSpec <TMOD-1>
3552	   parameter of the RMD-QOSM <QoS Desired>), which is sent together with
3553	   a "PHR_Resource_Request" control information. If a QNE edge or QNE
3554	   Interior node is not able to reserve the number of requested
3555	   resources, then the "PHR_Resource_Request" associated with the
3556	   local RMD-QSpec <TMOD-1> parameter MUST be marked.  In this situation
3557	   the RMD specific operation for unsuccessful reservation will be
3558	   applied (see Section 4.6.2.1). Note that the value of the
3559	   <PDR Bandwidth> parameter, which is sent within a
3560	   "PDR_Reservation_Request" container, represents the increase of the
3561	   reserved resources in the "reverse" direction.

3563	   * When the modification request requires a decrease of the
3564	   reserved resources, the QNE Ingress node MUST include this value
3565	   into the "Peak Data Rate-1 (p)" field of the local RMD-QSpec <TMOD-1>
3566	   parameter of the RMD-QOSM <QoS Desired>). Subsequently an RMD release
3567	   procedure SHOULD be accomplished (see Section 4.6.2.4). Note that the
3568	   value of the <PDR Bandwidth> parameter, which is sent within a
3569	   "PDR_Release_Request" container, represents the decrease of the
3570	   reserved resources in the "reverse" direction.

3572	4.6.2.4 Release procedure

3574	   This section describes the operation of the RMD-QOSM where a RMD
3575	   intra-domain bi-directional reservation release operation is
3576	   accomplished. The message sequence diagram used in this procedure is
3577	   similar to the one used by the successful reservation procedures,
3578	   described in Section 4.6.2.1, and depicted in Figure 17. However, the
3579	   way of how the release of the reservation is accomplished, is similar
3580	   to the RMD release procedure used for the intra-domain uni-
3581	   directional reservations (see Section 4.6.1.5 and Figure 18 and
3582	   Figure 19).

3584	   The main differences between the RESERVE (RMD-QSpec):
3585	   "forward" message used for the bi-directional release procedure
3586	   and a RESERVE (RMD-QSpec): "forward" message used for the bi-
3587	   directional successful reservation procedure are as follows:

3589	   *  the value of the Container ID of the PHR container is
3590	      "18", i.e."PHR_Release_Request";

3592	   *  the value of the Container ID of the PDR container is
3593	      "22", i.e., "PDR_Release_Request";

3595	   The main differences between the RESERVE (RMD-QSpec): "reverse"
3596	   message used for the bi-directional release procedure and the RESERVE
3597	   (RMD-QSpec): "reverse" message used for the bi-directional successful
3598	   reservation procedure are as follows:

3600	   *  the value of the Container ID of the PHR container is
3601	      "18", i.e., "PHR_Release_Request";

3603	   *  the PDR container is not included in the RESERVE (RMD-QSpec):
3604	      "reverse" message.

3606	4.6.2.5 Severe congestion handling

3608	   This section describes the severe congestion handling operation used
3609	   in combination with RMD intra-domain bi-directional reservation
3610	   procedures. This severe congestion handling operation is similar to
3611	   the one described in Section 4.6.1.6.

3613	4.6.2.5.1 Severe congestion handling by the RMD-QOSM bi-directional
3614	          refresh procedure

3616	   This procedure is similar to the severe congestion handling procedure
3617	   described in Section 4.6.1.6.1. The difference is related to how the
3618	   refresh procedure is accomplished, see Section 4.6.2.2 and to how the
3619	   flows are terminated, see Section 4.6.2.4.

3621	4.6.2.5.2 Severe congestion handling by proportional data packet marking

3623	   This section describes the severe congestion handling by proportional
3624	   data packet marking when this is combined with a RMD intra-domain
3625	   bi-directional reservation procedure. Note that the detection and
3626	   marking/remarking functionality described in this section and used by
3627	   Interior nodes, applies to NSIS aware, but also to NSIS unaware
3628	   nodes. This means however, that the "not NSIS aware" Interior nodes
3629	   MUST be configured such that they can detect the congestion
3630	   situations and remark packets in the same way as the Interior "NSIS
3631	   aware" nodes do.

3633	   This procedure is similar to the severe congestion handling procedure
3634	   described in Section 4.6.1.6.2. The main difference is related to the
3635	   location of the severe congested node, i.e. "forward" or "reverse"
3636	   path. Note that when a severe congestion situation occurs on
3637	   e.g. on a forward path, and flows are terminated to solve the severe
3638	   congestion in forward path, then the reserved bandwidth associated
3639	   with the terminated bidirectional flows will also be released.
3640	   Therefore, a careful selection of the flows that have to be
3641	   terminated SHOULD take place. An example of such a selection is
3642	   given in Appendix A.3.1.

3644	   Furthermore, a special case of this operation is associated to the
3645	   severe congestion situation occurring simultaneously on the forward
3646	   and reverse paths. An example of this operation is given in Appendix
3647	   A.3.2.

3649	    Simulation results associated with these procedures can be found in
3650	   [DiKa08].

3652	QNE(Ingress)   QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
3653	NTLP stateful  NTLP st.less  NTLP st.less  NTLP st.less  NTLP stateful
3654	user|                |             |              |               |
3655	data|    user        |             |              |               |
3656	--->|    data        | user data   |              |user data      |
3657	    |--------------->|             |              S               |
3658	    |                |--------------------------->S (#marked bytes)
3659	    |                |             |              S-------------->|
3660	    |                |             |              S(#unmarked bytes)
3661	    |                |             |              S-------------->|Term
3662	    |                |             |              S               |flow?
3663	    |                |          NOTIFY (PDR)      S               |YES
3664	    |<------------------------------------------------------------|
3665	    |RESERVE(RMD-QSpec)            |              S               |
3666	    |"forward - T tear"            |              S               |
3667	    |--------------->|             |           RESERVE(RMD-QSpec):|
3668	    |                |--------------------------->S"forward - T tear"
3669	    |                |             |              S-------------->|
3670	    |                |             |          RESERVE(RMD-QSpec): |
3671	    |                |             |           "reverse - T tear" |
3672	    | RESERVE(RMD-QSpec):          |              |<--------------|
3673	    |"reverse - T tear"            |<-------------S               |
3674	    |<-----------------------------|              S               |

3676	Figure 20: Intra-domain RMD severe congestion handling for
3677	           bi-directional reservation (congestion on path QNE(Ingress)
3678	           towards QNE(Egress))

3680	   Figure 20 shows the scenario where the severe congested node is
3681	   located in the "forward" path. The QNE Egress node has to generate an
3682	   end-to-end NOTIFY(PDR) message. In this way the QNE Ingress will be
3683	   able to receive the (#marked and #unmarked) that were measured by the
3684	   QNE Egress node on the congested "forward path". Note that in this
3685	   situation it is assumed that the "reverse path" is not congested.
3686	   This scenario is very similar to the
3687	   severe congestion handling scenario described in Section 4.6.1.6.2
3688	   and shown in Figure 14. The difference is related to the release
3689	   procedure, which is accomplished in the same way as described in
3690	   Section 4.6.2.4.

3692	   Figure 21 shows the scenario where the severe congested node is
3693	   located in the "reverse" path. Note that in this situation it is
3694	   assumed that the "forward path" is not congested. The main difference
3695	   between this scenario and the scenario shown in Figure 20 is that no
3696	   end-to-end NOTIFY(PDR) message has to be generated by the QNE Egress
3697	   node.

3699	   This is because now the severe congestion occurs on the "reverse
3700	   path" and the QNE Ingress node receives the (#marked and #unmarked)
3701	   user data passing through the severely congested "reverse path". The
3702	   QNE Ingress node will be able to calculate the number of flows that
3703	   have to be terminated or forwarded in a lower priority queue.

3705	QNE (Ingress)    QNE (int.)    QNE (int.)    QNE (int.)    QNE (Egress)
3706	NTLP stateful   NTLP st.less  NTLP st.less  NTLP st.less   NTLP stateful
3707	user|                |                |           |               |
3708	data|    user        |                |           |               |
3709	--->|    data        | user data      |           |user data      |
3710	    |--------------->|                |           |               |
3711	    |                |--------------------------->|user data      |user
3712	    |                |                |           |-------------->|data
3713	    |                |                |           |               |--->
3714	    |                |                |  user     |               |<---
3715	    |   user data    |                |  data     |<--------------|
3716	    | (#marked bytes)|                S<----------|               |
3717	    |<--------------------------------S           |               |
3718	    | (#unmarked bytes)               S           |               |
3719	Term|<--------------------------------S           |               |
3720	Flow?                |                S           |               |
3721	YES |RESERVE(RMD-QSpec):              S           |               |
3722	    |"forward - T tear"               s           |               |
3723	    |--------------->|  RESERVE(RMD-QSpec):       |               |
3724	    |                |  "forward - T tear"        |               |
3725	    |                |--------------------------->|               |
3726	    |                |                S           |-------------->|
3727	    |                |                S         RESERVE(RMD-QSpec):
3728	    |                |                S       "reverse - T tear"  |
3729	    |      RESERVE(RMD-QSpec)         S           |<--------------|
3730	    |      "reverse - T tear"         S<----------|               |
3731	    |<--------------------------------S           |               |

3733	   Figure 21: Intra-domain RMD severe congestion handling for
3734	           bi-directional reservation (congestion on path QNE(Egress)
3735	           towards QNE(Ingress)

3737	   For the flows that have to be terminated a release procedure, see
3738	   Section 4.6.2.4, is initiated to release the reserved resources
3739	   on the "forward" and "reverse" paths.

3741	4.6.2.6 Admission control using congestion notification based on
3742	          probing

3744	   This section describes the admission control scheme that uses the
3745	   congestion notification function based on probing when RMD
3746	   intra-domain bi-directional reservations are supported.

3748	QNE(Ingress)    Interior    QNE (int.)      Interior      QNE (Egress)
3749	NTLP stateful not NSIS aware not NSIS aware not NSIS aware NTLP stateful
3750	user|                |             |              |               |
3751	data|                |             |              |               |
3752	--->|                | user data   |              |user data      |
3753	    |-------------------------------------------->S (#marked bytes)
3754	    |                |             |              S-------------->|
3755	    |                |             |              S(#unmarked bytes)
3756	    |                |             |              S-------------->|
3757	    |                |             |              S               |
3758	    |                |           RESERVE(re-marked DSCP in GIST)):|
3759	    |                |             |              S               |
3760	    |-------------------------------------------->S               |
3761	    |                |             |              S-------------->|
3762	    |                |             |              S               |
3763	    |                |          RESPONSE(unsuccessful INFO-SPEC)  |
3764	    |<------------------------------------------------------------|
3765	    |                |             |              S               |

3767	   Figure 22: Intra-domain RMD congestion notification based on probing
3768	              for bi-directional admission control (congestion on path
3769	              from QNE(Ingress) towards QNE(Egress))

3771	   This procedure is similar to the congestion notification for
3772	   admission control procedure described in Section 4.6.1.7. The main
3773	   difference is related to the location of the severe congested node,
3774	   i.e., "forward" path (i.e., path between QNE Ingress towards QNE
3775	   Egress) or "reverse" path (i.e., path between QNE Egress towards
3776	   QNE Ingress).

3778	   Figure 22 shows the scenario where the severe congested node is
3779	   located in the "forward" path. The functionality of providing
3780	   admission control is the same as the one described in Section
3781	   4.6.1.7, Figure 15.

3783	   Figure 23 shows the scenario where the congested node is located in
3784	   the "reverse" path. The probe RESERVE message sent in the "forward"
3785	   direction will not be affected by the severe congested node, while
3786	   the DSCP value in the IP header of any packet of the "reverse"
3787	   direction flow and also of the GIST message that carries the
3788	   probe RESERVE message sent in the "reverse" direction will be
3789	   remarked by the congested node. The QNE ingress is in this way
3790	   notified that a congestion occurred in the network and therefore it
3791	   is able to refuse the new initiation of the reservation.

3793	   Note that the "not NSIS aware" Interior nodes MUST be configured
3794	   such that they can detect the congestion/severe congestion
3795	   situations and remark packets in the same way as the Interior
3796	   "NSIS aware" nodes do.

3798	QNE (Ingress)    Interior    QNE (int.)     Interior       QNE (Egress)
3799	NTLP stateful not NSIS aware  NTLP st.less not NSIS aware NTLP stateful
3800	user|                |                |           |               |
3801	data|                |                |           |               |
3802	--->|                | user data      |           |               |
3803	    |-------------------------------------------->|user data      |user
3804	    |                |                |           |-------------->|data
3805	    |                |                |           |               |--->
3806	    |                |                |           |               |user
3807	    |                |                |           |               |data
3808	    |                |                |           |               |<---
3809	    |                S                | user data |               |
3810	    |                S  user data     |<--------------------------|
3811	    |   user data    S<---------------|           |               |
3812	    |<---------------S                |           |               |
3813	    |  user data     S                |           |               |
3814	    | (#marked bytes)S                |           |               |
3815	    |<---------------S                |           |               |
3816	    |                S           RESERVE(unmarked DSCP in GIST)): |
3817	    |                S                |           |               |
3818	    |----------------S------------------------------------------->|
3819	    |                S          RESERVE(re-marked DSCP in GIST)   |
3820	    |                S<-------------------------------------------|
3821	    |<---------------S                |           |               |

3823	   Figure 23: Intra-domain RMD congestion notification for
3824	           bi-directional admission control (congestion on path
3825	           QNE(Egress) towards QNE(Ingress))

3827	4.7 Handling of additional errors

3829	   During the QSpec processing, additional errors MAY occur. The way
3830	   in which these additional errors are handled and notified is
3831	   specified in [QSP-T] and [QoS-NSLP].

3833	5.  Security Considerations

3835	   A router implementing a QoS signaling protocol can, similar to a
3836	   router without QoS signaling, do a lot of harm to a system. If taken
3837	   over by an adversary, a router can delay, drop, inject, duplicate or
3838	   modify packets. Additional threats are, however, introduced with new
3839	   protocols and they are subject for a discussion below.

3841	   The RMD-QOSM aims to be very lightweight signaling with regard to
3842	   the number of signaling message roundtrips and the amount of state
3843	   established at involved signaling nodes with and without reduced
3844	   state on QNEs. The actions allowed by a QNE Interior node are minimal
3845	   (i.e., only those specified by the RMD-QOSM).

3847	   For example, only the QNE Ingress and the QNE Egress nodes are
3848	   allowed to initiate certain signaling messages. Moroever, RMD
3849	   signaling is targeted towards intra-domain signaling only. Therefore,
3850	   RMD-QOSM relies on the security support that is provided by the
3851	   bounded end-to-end session, which is running between the boundaries
3852	   of the RMD domain (i.e., the RMD-QOSM QNE edges). This implies the
3853	   usage of the Datagram Mode,  which does not have any built in channel
3854	   security mechanisms.
3855	   The security considerations described in this section apply to all
3856	   the supported RMD-QOSM/QoS-NSLP signalling schemes, see Section
3857	   3.2.3.

3859	       QNE             QNE             QNE            QNE
3860	     Ingress         Interior        Interior        Egress
3861	 NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
3862	        |               |               |              |
3863	        | RESERVE (1)   |               |              |
3864	        +--------------------------------------------->|
3865	        | RESERVE` (2)  |               |              |
3866	        +-------------->|               |              |
3867	        |               | RESERVE`      |              |
3868	        |               +-------------->|              |
3869	        |               |               | RESERVE`     |
3870	        |               |               +------------->|
3871	        |               |               | RESPONSE` (2)|
3872	        |<---------------------------------------------+
3873	        |               |               | RESPONSE (1) |
3874	        |<---------------------------------------------+

3876	                 Figure 24: RMD message exchange

3878	   In the context of RMD-QOSM signaling a classification between
3879	   on-path adversaries and off-path adversaries needs to be made.
3880	   Furthermore, it might be necessary to differentiate between off-path
3881	   nodes that never participate in the RMD signaling exchange and nodes

3883	   that are only off-path with regard to a specific signaling session
3884	   whereby routing asymmetry might even mean that the downstream and the
3885	   upstream signaling direction matters for this classification.

3887	   Note that RMD always uses the message exchange shown in Figure 24
3888	   even if there is no end-to-end signaling session. If the RMD-QOSM is
3889	   triggered based on an E2E signaling exchange then the RESERVE message
3890	   is created by a node outside the RMD domain and will subsequently
3891	   travel further on (e.g., to the data receiver). Such an exchange is
3892	   shown in Figure 3. As such, an evaluation of RMD`s security MUST
3893	   always been seen as a combination of the two signaling sessions, (1)
3894	   and (2) of Figure 24.

3896	   The following security requirements are set as goals for the
3897	   intra-domain communication, namely:

3899	*  Nodes, which are never supposed to participate in the NSIS signaling
3900	   exchange, MUST NOT interfere with QNE Interior nodes. Off-path
3901	   nodes (off-path with regard to the path taken by a particular
3902	   signaling message exchange) MUST NOT be able to interfere with
3903	   other on-path signaling nodes.

3905	*  The actions allowed by a QNE Interior node SHOULD be minimal (i.e.,
3906	   only those specified by the RMD-QOSM). For example, only the QNE
3907	   Ingress and the QNE Egress nodes are allowed to initiate certain
3908	   signaling messages. QNE Interior nodes are, for example, allowed to
3909	   modify certain signaling message payloads.

3911	   Note that the term `interfere` refers to all sorts of security
3912	   threats, such as denial of service, spoofing, replay, signaling
3913	   message injection, etc.

3915	   If we assume that the RESERVE/RESPONSE is sent with hop-by-hop
3916	   channel security provided by GIST and protected between the QNE
3917	   Ingress and the QNE Egress node then we can
3918	   be sure that the payloads of these messages MUST be authenticated,
3919	   integrity, replay protected and encrypted. Encryption is necessary to
3920	   prevent an adversary that is located along the path of the RESERVE
3921	   message to learn information about the session that can later be used
3922	   to inject a valid RESERVE`. The following messages need to relate to
3923	   each other to make sure that the occurrence of one message is not
3924	   without the other one:

3926	   a) the RESERVE and the RESERVE` relate to each other at the QNE
3927	      Egress and

3929	   b) the RESPONSE and the RESERVE relate to each other at the QNE
3930	      Ingress and

3932	   c) the RESERVE` and the RESPONSE` relate to each other. The RII is
3933	   carried in the RESERVE` message and the RESPONSE` message that is
3934	   generated by the QNE Egress node contains the same RII as the
3935	   RESERVE`. The RII can be used by the QNE Ingress to match the
3936	   RESERVE` with the RESPONSE`. The QNE Egress is able to determine
3937	   whether the RESERVE` was created by the QNE Ingress node since the
3938	   intra-domain session, which sent the RESERVE`, is bound to an end-to-
3939	   end session via the BOUND_SESSION_ID value included in the intra-
3940	   domain QoS-NSLP operational state maintained at the QNE Egress.

3942	   The RESERVE and the RESERVE` message are tied together using the
3943	   BOUND_SESSION_ID(s) maintained by the intra-domain and end-to-end
3944	   QoS-NSLP operational states maintained at the QNE edges, see Section
3945	   4.3.1, 4.3.2, 4.3.3. Hence, there cannot be a RESERVE` without a
3946	   corresponding RESERVE. The SESSION_ID can fulfill this purpose quite
3947	   well if the aim is to provide protection against off-path adversaries
3948	   that do not see the SESSION_ID carried in the RESERVE and the
3949	   RESERVE` messages.

3951	   If, however, the path changes (due to re-routing or due to mobility)
3952	   then an adversary could inject RESERVE` messages (with a previously
3953	   seen SESSION_ID) and could potentially cause harm.

3955	   An off-path adversary can, of course, create RESERVE` messages that
3956	   cause intermediate nodes to create some state (and cause other
3957	   actions) but the message would finally hit the QNE Egress node. The
3958	   QNE Egress node would then be able to determine that there is
3959	   something going wrong and generate an error message.

3961	   The severe congestion handling can be triggered by intermediate nodes
3962	   (unlike other messages). In many cases, however, intermediate nodes
3963	   experiencing congestion use refresh messages modify the <S> and
3964	   <Overload %> parameters of the message. These messages are still
3965	   initiated by the QNE Ingress node and carry the SESSION_ID. The QNE
3966	   Egress node will use the SESSION_ID and subsequently the
3967	   BOUND_SESSION_ID, maintained by the intra-domain QoS-NSLP operational
3968	   state, to refer to a flow that might be terminated. The
3969	   aspect of intermediate nodes initiating messages for severe
3970	   congestion handling is for further study.

3972	   QNE Ingress    QNE Interior   QNE Interior    QNE Egress
3973	 NTLP stateful  NTLP stateless  NTLP stateless  NTLP stateful
3974	        |               |               |              |
3975	        | REFRESH RESERVE`              |              |
3976	        +-------------->| REFRESH RESERVE`             |
3977	        | (+RII)        +-------------->| REFRESH RESERVE`
3978	        |               | (+RII)        +------------->|
3979	        |               |               | (+RII)       |
3980	        |               |               |              |
3981	        |               |               |     REFRESH  |
3982	        |               |               |     RESPONSE`|
3983	        |<---------------------------------------------+
3984	        |               |               |     (+RII)   |

3986	                 Figure 25: RMD REFRESH message exchange

3988	   During the refresh procedure a RESERVE` creates a RESPONSE`, see
3989	   Figure 25. The RII is carried in the RESERVE` message and the
3990	   RESPONSE` message that is generated by the QNE Egress node contains
3991	   the same RII as the RESERVE`.

3993	   The RII can be used by the QNE Ingress to match the RESERVE` with the
3994	   RESPONSE`.

3996	   A further aspect is marking of data traffic. Data packets can be
3997	   modified by an intermediary without any relationship to a signaling
3998	   session (and a SESSION_ID). The problem appears if an off-path
3999	   adversary injects spoofed data packets.

4001	   The adversary thereby needs to spoof data packets that relate to the
4002	   flow identifier of an existing end-to-end reservation that SHOULD be
4003	   terminated. Therefore the question arises how an off-path adversary
4004	   SHOULD create a data packet that matches an existing flow identifier
4005	   (if a 5-tuple is used). Hence, this might not turn out to be simple
4006	   for an adversary unless we assume the previously mentioned
4007	   mobility/re-routing case where the path through the network changes
4008	   and the set of nodes that are along a path changes over time.

4010	6.  IANA Considerations

4012	   This section defines additional codepoint assignments in the QSPEC
4013	   Parameter ID registry, in accordance with BCP 26 [RFC5226].

4015	6.1. Assignment of QSPEC Container IDs

4017	   This document specifies the following QSPEC containers to be assigned
4018	   within the QSPEC Parameter ID registry created in
4019	   [I-D.ietf-nsis-qspec]:

4021	   <PHR_Resource_Request> container (Section 4.1.2 above, suggested
4022	   ID=17)

4024	   <PHR_Release_Request> container (Section 4.1.2 above, suggested
4025	   ID=18)

4027	   <PHR_Refresh_Update> container (Section 4.1.2 above, suggested ID=19)

4029	   <PDR_Reservation_Request> container (Section 4.1.3 above, suggested
4030	   ID=20)

4032	   <PDR_Refresh_Request> container (Section 4.1.3 above, suggested
4033	   ID=21)

4035	   <PDR_Release_Request> container (Section 4.1.3 above, suggested
4036	   ID=22)

4038	   <PDR_Reservation_Report> container (Section 4.1.3 above, suggested
4039	   ID=23)

4041	   <PDR_Refresh_Report> container (Section 4.1.3 above, suggested ID=24)

4043	   <PDR_Release_Report> container (Section 4.1.3 above, suggested ID=25)

4045	   <PDR_Congestion_Report> container (Section 4.1.3 above, suggested
4046	   ID=26)

4048	7.  Acknowledgments

4050	   The authors express their acknowledgement to people who have worked
4051	   on the RMD concept: Z. Turanyi, R. Szabo, G. Pongracz, A. Marquetant,
4052	   O. Pop, V. Rexhepi, G. Heijenk, D. Partain, M. Jacobsson, S.
4053	   Oosthoek, P. Wallentin, P. Goering, A. Stienstra, M. de Kogel, M.
4054	   Zoumaro-Djayoon, M. Swanink, R. Klaver G. Stokkink, J. W. van
4055	   Houwelingen, D. Dimitrova, T. Sealy, H. Chang.

4057	8.  Authors' Addresses

4059	   Attila Bader
4060	   Ericsson Research
4061	   Ericsson Hungary Ltd.
4062	   Laborc 1, Budapest, Hungary, H-1037
4063	   EMail: Attila.Bader@ericsson.com

4065	   Lars Westberg
4066	   Ericsson Research
4067	   Torshamnsgatan 23
4068	   SE-164 80 Stockholm, Sweden
4069	   EMail: Lars.Westberg@ericsson.com

4071	   Georgios Karagiannis
4072	   University of Twente
4073	   P.O.  BOX 217
4074	   7500 AE Enschede, The Netherlands
4075	   EMail: g.karagiannis@ewi.utwente.nl

4077	   Cornelia Kappler
4078	   DeZem GmbH
4079	   Knesebeckstr. 86/87
4080	   10623 Berlin
4081	   Germany
4082	   Email: cornelia.kappler@googlemail.com

4084	   Hannes Tschofenig
4085	   Nokia Siemens Networks
4086	   Linnoitustie 6
4087	   Espoo 02600
4088	   Finland
4089	   EMail: Hannes.Tschofenig@nsn.com
4090	   URI: http://www.tschofenig.priv.at

4092	   Tom Phelan
4093	   Sonus Networks
4094	   250 Apollo Dr.
4095	   Chelmsford, MA USA 01824
4096	   EMail: tphelan@sonusnet.com
4097	   Attila Takacs
4098	   Ericsson Research
4099	   Ericsson Hungary Ltd.
4100	   Laborc 1, Budapest, Hungary, H-1037
4101	   EMail: Attila.Takacs@ericsson.com

4103	   Andras Csaszar
4104	   Ericsson Research
4105	   Ericsson Hungary Ltd.
4106	   Laborc 1, Budapest, Hungary, H-1037
4107	   EMail: Andras.Csaszar@ericsson.com

4109	9.  Normative References

4111	   [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
4112	   Requirement Levels", RFC 2119, March 1997.

4114	   [QoS-NSLP] Manner, J., Karagiannis, G.,McDonald, A.,
4115	   "NSLP for Quality-of-Service signaling", draft-ietf-nsis-qos-
4116	   nslp (work in progress).

4118	   [QSP-T] Ash, J., Bader, A., Kappler C., "QoS-NSLP QSpec Template"
4119	   draft-ietf-nsis-qspec (work in progress).

4121	   [GIST]  Schulzrinne, H., Hancock, R., "GIST: General Internet
4122	   Messaging Protocol for Signaling", draft-ietf-nsis-ntlp
4123	   (work in progress).

4125	10.  Informative References

4127	   [AdCa03] Adler, M., Cai, J.-Y., Shapiro, J. K., Towsley, D.,
4128	   "Estimation of congestion price using probabilistic packet marking",
4129	   Proc. IEEE INFOCOM, pp. 2068-2078, 2003.

4131	   [AnHa06] Lachlan L. H. Andrew and Stephen V. Hanly, "The Estimation
4132	   Error of Adaptive Deterministic Packet Marking", 44th Annual Allerton
4133	   Conference on Communication, Control and Computing, 2006.

4135	   [AtLi01] Athuraliya, S., Li, V. H., Low, S. H., Yin, Q., "REM: active
4136	   queue management", IEEE Network, vol. 15, pp. 48-53, May/June 2001.

4138	   [Chan07] H. Chang, "Security support in RMD-QOSM", Masters thesis,
4139	   University of Twente, 2007.

4141	   [CsTa05]  Csaszar, A., Takacs, A., Szabo, R., Henk, T., "Resilient
4142	   Reduced-State Resource Reservation", Journal of Communication and
4143	   Networks, Vol. 7, Nr. 4, December 2005.

4145	   [DiKa08]  Dimitrova, D., Karagiannis, G., de Boer, P.-T., "Severe
4146	   congestion handling approaches in NSIS RMD domains with bi-
4147	   directional reservations", Journal of Computer Communications,
4148	   Elsevier, vol. 31, pp. 3153-3162, 2008.

4150	   [JaSh97]  Jamin, S., Shenker, S., Danzig, P., "Comparison of
4151	   Measurement-based Admission Control Algorithms for Controlled-Load
4152	   Service", Proceedings IEEE Infocom `97, Kobe, Japan, April 1997.

4154	   [GrTs03]  Grossglauser, M., Tse, D.N.C, "A Time-Scale Decomposition
4155	   Approach to Measurement-Based Admission Control",  IEEE/ACM
4156	   Transactions on Networking, Vol. 11, No. 4, August 2003

4158	   [Part94]  C. Partridge, Gigabit Networking, Addison Wesley
4159	   Publishers (1994).

4161	   [RFC 2215] Shenker, S., and J. Wroclawski, "General Characterization
4162	   Parameters for Integrated Service Network Elements", RFC 2215,
4163	   September 1997.

4165	   [RFC3175]  Baker, F., Iturralde, C. Le Faucher, F., Davie, B.,
4166	   "Aggregation of RSVP for IPv4 and IPv6 Reservations",
4167	   IETF RFC 3175, 2001.

4169	   [RFC3726] M. Brunner, "Requirements for Signaling Protocols",
4170	   RFC 3726, April 2004.

4172	   [RFC4125] Le Faucheur & Lai, "Maximum Allocation Bandwidth
4173	   Constraints Model for Diffserv-aware MPLS Traffic Engineering",
4174	   RFC 4125, June 2005.

4176	   [RFC4127] Le Faucheur et al, Russian Dolls Bandwidth Constraints
4177	   Model for Diffserv-aware MPLS Traffic Engineering, RFC 4127, June
4178	   2005

4180	   [RFC1633] Braden R., Clark D., Shenker S., "Integrated Services in
4181	   the Internet Architecture: an Overview", RFC 1633

4183	   [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.
4184	   and W.  Weiss, "An Architecture for Differentiated Services", RFC
4185	   2475, December 1998

4187	   [RFC2638] Nichols K., Jacobson V., Zhang L.  "A Two-bit
4188	   Differentiated Services Architecture for the Internet", RFC 2638,
4189	   July 1999

4191	   [RMD1]  Westberg, L., et al., "Resource Management in Diffserv
4192	   (RMD): A Functionality and Performance Behavior Overview", IFIP
4193	   PFHSN`02

4195	  [RMD2] G. Karagiannis, et al., "RMD - a lightweight application
4196	   of NSIS" Networks 2004, Vienna, Austria.

4198	  [RMD3] Marquetant A., Pop O., Szabo R., Dinnyes G., Turanyi Z.,
4199	   "Novel Enhancements to Load Control - A Soft-State, Lightweight
4200	   Admission Control Protocol", Proc. of the 2nd Int. Workshop on
4201	   Quality of Future Internet Services, Coimbra, Portugal,
4202	   Sept 24-26, 2001, pp. 82-96.

4204	   [RMD4] A. Csaszar et al., "Severe congestion handling with
4205	   resource management in diffserv on demand", Networking 2002

4207	   [RFC2998] Bernet Y., Ford, P., Yavatkar, R., Baker, F., Zhang, L.,
4208	   Speer, M., Braden, R., Davie, B., Wroclawski, J. and E.
4209	   Felstaine, "Integrated Services Operation Over Diffserv
4210	   Networks", RFC 2998, November 2000.

4212	   [TaCh99] P. P. Tang, T-Y Charles Tai, "Network Traffic
4213	   Characterization Using Toket Bucket Model",
4214	   IEEE Infocom 1999, The Conference on Computer Communications, no. 1,
4215	   March 1999, pp. 51-62.

4217	   [ThCo04] Thommes, R. W., Coates, M. J., "Deterministic packet marking
4218	   for congestion packet estimation" Proc. IEEE Infocom, 2004.

4220	Appendix A.1.1 Example of a remarking operation during severe
4221	congestion in the Interior nodes

4223	   This appendix describes an example of a remarking operation during
4224	   severe congestion in the Interior nodes.
4225	   Per supported PHB, the interior node can support the operation states
4226	   depicted in Figure A.1, when the per-flow congestion notification
4227	   based on probing signaling scheme is used in combination with this
4228	   severe congestion type. Figure A.2 depicts the same functionality
4229	   when the per-flow congestion notification based on probing scheme is
4230	   not used in combination with the severe congestion scheme. The
4231	   description given in this and the following appendices, focuses
4232	   on the situation that during the congestion notification state, the
4233	   "notified DSCP" marking and during the severe congestion state the
4234	   "encoded DSCP" and "affected DSCP" markings are used. In this case,
4235	   the "notified DSCP" marking is used during the congestion
4236	   notification state to mark all packets passing through an interior
4237	   node that operates in the congestion notification state. In this way,
4238	   and in combination with probing, an flow-based ECMP solution can be
4239	   provided for the congestion notification state. The "encoded DSCP"
4240	   marking is used to encode and signal the excess rate, measured at
4241	   interior nodes, to the egress nodes. The "affected DSCP" marking is
4242	   used to mark all packets that are passing through a severe congested
4243	   node and are not "encoded DSCP" marked.
4244	   Another possible situation could be derived where both congestion
4245	   notification and severe congestion state are using the "encoded DSCP"
4246	   marking, without using the "notified DSCP" marking. The "affected
4247	   DSCP" marking is used to mark all packets that are passing through
4248	   an Interior node that is in severe congestion state and are not
4249	   "encoded DSCP" marked. In addition, the probe packet that is carried
4250	   by an intra-domain RESERVE message and pass through Interior nodes
4251	   SHOULD be "encoded DSCP" marked if the Interior node is in
4252	   congestion notification or severe congestion states. Otherwise the
4253	   probe packet will remain unmarked. In this way an ECMP solution can
4254	   be provided for both congestion notification and severe congestion
4255	   states. The"encoded DSCP" packets are signaling excess rate that is
4256	   not only associated with interior nodes that are in severe congestion
4257	   state, but also with interior nodes that are in congestion
4258	   notification state.  The algorithm at the Interior node, is similar
4259	   to the algorithm described in the following appendix sections.
4260	   However, this method is not described in detail in this example.

4262	                ---------------------------------------------
4263	               |        event B                              |
4264	               |                                             V
4265	            ----------             -------------           ----------
4266	           | Normal   |  event A  | Congestion  | event B | Severe   |
4267	           |  state   |---------->| notification|-------->|congestion|
4268	           |          |           |  state      |         |  state   |
4269	            ----------             -------------           ----------
4270	             ^  ^                       |                     |
4271	             |  |      event C          |                     |
4272	             |   -----------------------                      |
4273	             |         event D                                |
4274	              ------------------------------------------------

4276	        Figure A.1: States of operation, severe congestion combined with
4277	        congestion notification based on probing

4279	            ----------                 -------------
4280	           | Normal   |  event B      | Severe      |
4281	           |  state   |-------------->| congestion  |
4282	           |          |               |  state      |
4283	            ----------                 -------------
4284	                ^                           |
4285	                |      event E              |
4286	                 ---------------------------
4287	        Figure A.2: States of operation, severe congestion without
4288	        congestion notification based on probing

4290	   The terms used in Figure A.1 and Figure A.2 are:

4292	   Normal state: represents the normal operation conditions of the
4293	   node,   i.e. no congestion

4295	   Severe congestion state: it represents the state when state the
4296	   interior node is severely congested related to a certain PHB. It is
4297	   important to emphasize that one of the targets of the severe
4298	   congestion state solution to change the severe congestion state
4299	   behaviour directly to the normal state.

4301	   Congestion notification: state where the load is relatively high,
4302	   close to the level when congestion can occur

4304	   event A: this event occurs when the incoming PHB rate is higher than
4305	   the "congestion notification detection" threshold and lower than the
4306	   severe congestion detection". This threshold is used by the
4307	   congestion notification based on probing scheme, see
4308	   Section 4.6.1.7, 4.6.2.6.

4310	   event B: this event occurs when the incoming PHB rate is higher than
4311	   the "severe congestion detection" threshold.

4313	   event C: this event occurs when the incoming PHB rate is lower than
4314	   or equal to the "congestion notification detection" threshold.

4316	   event D: this event occurs when the incoming PHB rate is lower than
4317	   or equal to the "severe_congestion_restoration" threshold. It is
4318	   important to emphasize that this even supports one of the targets of
4319	   the severe congestion state solution to change the severe congestion
4320	   state behaviour directly to the normal state.

4322	   event E: this event occurs when the incoming PHB rate is lower than
4323	   or equal to the "severe congestion restoration" threshold.

4325	   Note that the "severe congestion detection", "severe congestion
4326	   restoration" and admission thresholds SHOULD be higher than the
4327	   "congestion notification detection" threshold, i.e.,:
4328	   "severe congestion detection" > "congestion notification detection"
4329	   and "severe congestion restoration" > "congestion notification
4330	   detection"

4332	   Furthermore, the "severe congestion detection" threshold SHOULD be
4333	   higher than or equal to the admission threshold that is used by the
4334	   reservation based and NSIS measurement based signaling schemes.
4335	   "severe congestion detection" >= admission threshold

4337	   Moreover, the "severe congestion restoration" threshold SHOULD be
4338	   lower than or equal to the "severe congestion detection" threshold
4339	   that is used by the reservation based and NSIS measurement based
4340	   signaling schemes, i.e.,:

4342	   "severe congestion restoration" <= "severe congestion detection"

4344	   During severe congestion the interior node calculates, per traffic
4345	   class (PHB), the incoming rate that is above the "severe congestion
4346	   restoration" threshold, denoted as signaled_overload_rate, in the
4347	   following way:

4349	   * A severe congested interior node SHOULD take into account that
4350	   packets might be dropped. Therefore, before queuing and eventually
4351	   dropping packets, the interior node SHOULD count the total number of
4352	   unmarked and remarked bytes received by the severe congested node,
4353	   denote this number as total_received_bytes. Note that there are
4354	   situations when more than one interior nodes in the same path become
4355	   severe congested. Therefore, any interior node located behind a
4356	   severe congested node MAY receive marked bytes.

4358	   When the "severe congestion detection" threshold per PHB is set
4359	   equal to the maximum capacity allocated to one PHB used by the RMD-
4360	   QOSM it means that if the maximum capacity associated to a PHB is
4361	   fully utilized and a packet belonging to this PHB arrives, then it is
4362	   assumed that the interior node will not forward this packet
4363	   downstream.

4365	   In other words this packet will either be dropped or set to another
4366	   PHB. Furthermore, this also means that after the severe congestion
4367	   situation is solved, then the ongoing flows will be able to send
4368	   their associated packets up to a total rate equal to the maximum
4369	   capacity associated to the PHB. Therefore, when more than one
4370	   interior nodes located on the same path will be severe congested and
4371	   when the interior node receives "encoded DSCP" marked packets, then
4372	   it will mean that an interior node located upstream is also severely
4373	   congested.

4375	   When the "severe congestion detection" threshold per PHB
4376	   is set equal to the maximum capacity allocated to one PHB, then this
4377	   interior node MUST forward the "encoded DSCP" marked packets and it
4378	   SHOULD NOT consider these packets during its local remarking process.
4379	   In other words, the egress should see the excess rates encoded by the
4380	   different severe congested interior nodes as independent, and
4381	   therefore, these independent excess rates will be added.

4383	   When the "severe congestion detection" threshold per PHB
4384	   is not set equal to the maximum capacity allocated to one PHB then
4385	   this means that after the severe congestion situation is solved, the
4386	   ongoing flows will not be able to send their associated packets
4387	   up to a total rate equal to the maximum capacity associated to the
4388	   PHB, but only up to the "severe_congestion_threshold". When more than
4389	   one interior nodes located on the same communication path are severe
4390	   congested and when one of these interior node receives "encoded_DSCP"
4391	   marked packets then this interior node SHOULD NOT mark unmarked,
4392	   i.e., either "original DSCP" or "affected DSCP" or "notified DSCP""
4393	   encoded packets, up to a rate equal to the difference between the
4394	   maximum PHB capacity and the "severe congestion threshold", when the
4395	   incoming "encoded DSCP"" marked packets are already able to signal
4396	   this difference. In this case the "severe congestion threshold"
4397	   SHOULD be configured in all interior nodes, which are located in the
4398	   RMD domain, and equal to:

4400	  "severe_congestion_threshold" =
4401	   = Maximum PHB capacity - threshold_offset_rate

4403	   The threshold_offset_rate represents rate and SHOULD have the same
4404	   value in all interior nodes.

4406	   * before queuing and eventually dropping the packets, at the end of
4407	   each measurement interval of T seconds, calculate the current
4408	   estimated overloaded rate, say measured_overload_rate, by using the
4409	   following equation:

4411	   measured_overload_rate =
4412	   =((total_received_bytes)/T)-severe_congestion_restoration)
4413	   To provide reliable estimation of the encoded information several
4414	   techniques can be used, see [AtLi01], [AdCa03], [ThCo04], [AnHa06].
4415	   Note that since marking is done in interior nodes, the decisions are
4416	   made at egress nodes, and termination of flows are performed by
4417	   ingress nodes, there is a significant delay until the overload
4418	   information is learned by the ingress nodes, see Section 6 of
4419	   [CsTa05]). The delay consists of the trip time of data packets from
4420	   the severe congested interior node to the egress, the measurement
4421	   interval, i.e., T, and the trip time of the notification signaling
4422	   messages from egress to ingress. Moreover, until the overload
4423	   decreases at the severe congested interior node, an additional trip
4424	   time from the ingress node to the severe congested interior node MUST
4425	   expire. This is because immediately before receiving the congestion
4426	   notification, the ingress MAY have sent out packets in the flows that
4427	   were selected for termination. That is, a terminated flow MAY
4428	   contribute to congestion for a time longer that is taken from the
4429	   ingress to the interior node. Without considering the above, interior
4430	   nodes would continue marking the packets until the measured
4431	   utilization falls below the severe congestion restoration threshold.
4432	   In this way, at the end more flows will be terminated than necessary,
4433	   i.e., an over-reaction takes place. [CsTa05] provides a solution to
4434	   this problem, where the interior nodes use a sliding window memory to
4435	   keep track of the signaling overload in a couple of previous
4436	   measurement intervals. At the end of a measurement intervals, T,
4437	   before encoding and signaling the overloaded rate as "encoded DSCP"
4438	   packets, the actual overload is decreased with the sum of already
4439	   signaled overload stored in the sliding window memory, since that
4440	   overload is already being handled in the severe congestion handling
4441	   control loop. The sliding window memory consists of an integer number
4442	   of cells, i.e, n = maximum number of cells. Guidelines for
4443	   configuring the sliding window parameters are given in [CsTa05].

4445	   At the end of each measurement interval, the newest calculated
4446	   overload is pushed into the memory, and the oldest cell is dropped.

4448	   If Mi is the overload_rate stored in ith memory cell (i = [1..n]),
4449	   then at the end of every measurement interval, the overload rate that
4450	   is signaled to the egress node, i.e., signaled_overload_rate is
4451	   calculated as follows:

4453	   Sum_Mi =0
4454	   For i =1 to n
4455	   {
4456	   Sum_Mi = Sum_Mi + Mi
4457	   }

4459	   signaled_overload_rate = measured_overload_rate - Sum_Mi,

4461	   where Sum_Mi is calculated as above.

4463	   Next, the sliding memory is updated as follows:
4464	       for i = 1..(n-1): Mi <- Mi+1
4465	       Mn <- signaled_overload_rate

4467	   The bytes that have to be remarked to satisfy the signaled overload
4468	   rate: signaled_remarked_bytes, are calculated using the
4469	   following pseudo code:
4470	   IF severe_congestion_threshold <> Maximum PHB capacity
4471	   THEN
4472	    {
4473	     IF (incoming_encoded-DSCP_rate <> 0) AND
4474	        (incoming_encoded-DSCP_rate =< termination_offset_rate)
4475	     THEN
4476	        { signaled_remarked_bytes =
4477	         = ((signaled_overload_rate - incoming_encoded-DSCP_rate)*T)/N
4478	        }
4479	     ELSE IF (incoming_encoded-DSCP_rate > termination_offset_rate)
4480	     THEN signaled_remarked_bytes =
4481	         = ((signaled_overload_rate - termination_offset_rate)*T)/N
4482	     ELSE IF (incoming_encoded-DSCP_rate =0)
4483	     THEN signaled_remarked_bytes =
4484	         = signaled_overload_rate*T/N
4485	     }
4486	    ELSE signaled_remarked_bytes =  signaled_overload_rate *T/N

4488	    Where the incoming "encoded DSCP" rate is calculated as follows:
4489	    incoming_encoded-DSCP_rate =
4490	     = (received number of "encoded_DSCP" during T) * N)/T;

4492	   The signal_remarked_bytes represents also the number of
4493	   the outgoing packets (after the dropping stage) that MUST be
4494	   remarked, during each measurement interval T, by a node when operates
4495	   in severe congestion mode.

4497	   Note that in order to process an overload situation higher than 100%
4498	   of the maintained severe congestion threshold all the nodes within
4499	   the domain MUST be configured and maintain a scaling parameter, e.g.,
4500	   N used in the above equation, which in combination with the marked
4501	   bytes, e.g., signaled_remarked_bytes, such a high overload situation
4502	   can be calculated and represented. N can be equal or higher than 1.

4504	   Note that when incoming remarked bytes are dropped, the operation of
4505	   the severe congestion algorithm MAY be affected, e.g., the algorithm
4506	   MAY become in certain situations slower. An implementation of the
4507	   algorithm MAY assure as much as possible that the incoming marked
4508	   bytes are not dropped. This could for example be accomplished by
4509	   using different dropping rate thresholds for marked and unmarked
4510	   bytes.

4512	   Note that when the "affected DSCP" marking is used by a node
4513	   that is congested due to a a severe congestion situation then all
4514	   the outgoing packets that are not marked (i.e., by using the "encoded
4515	   DSCP") have to be remarked using the "affected DSCP" marking.

4517	   The "encoded DSCP" and the "affected DSCP" marked packets (when
4518	   applied in the whole RMD domain) are propagated to the QNE edge
4519	   nodes.

4521	   Furthermore, note that when the congestion notification based on
4522	   probing is used in combination with severe congestion, then in
4523	   addition to the possible "encoded DSCP" and "affected DSCP" another
4524	   DSCP for the remarking of the same PHB is used, see Section 4.6.1.7.
4525	   This additional DSCP is denoted in this document as "notified
4526	   DSCP". When an interior node operates
4527	   in the severe congested state, see Figure A.2, and receives "notified
4528	   DSCP" packets, these packets are considered to be unmarked packets
4529	   (but not "affected DSCP" packets). This means that during severe
4530	   congestion also the "notified DSCP" packets can be remarked and
4531	   encoded as either "encoded DSCP" or "affected DSCP" packets.

4533	Appendix A.1.2 Example of a detailed severe congestion operation in the
4534	Egress nodes

4536	   This appendix describes an example of a detailed severe congestion
4537	   operation in the Egress nodes.

4539	   The states of operation in Egress nodes are similar to the ones
4540	   described in  A.1.1. The definition of the events, see below, is
4541	   however different than the definition of the events given in Figure
4542	   A.1 and Figure A.2:

4544	   * event A: when the egress receives a predefined rate of "notified
4545	   DSCP" marked bytes/packets then event_A is activated, see Section
4546	   4.6.1.7 and A.2.2. The predefined rate of "notified DSCP" marked
4547	   bytes is denoted as the congestion notification detection threshold.
4548	   Note this congestion notification detection threshold can also be
4549	   zero, meaning that the event_A is activated when the egress node,
4550	   during an interval T, receives at least one "notified DSCP" packet.

4552	   * event B: this event occurs when the egress receives packets marked
4553	   as either "encoded DSCP" or "affected DSCP" (when "affected DSCP" is
4554	   applied in the whole RMD domain).

4556	   * event C: this event occurs when the rate of incoming
4557	   "notified DSCP" packets decreases below the congestion notification
4558	   detection threshold. In the situation that the congestion
4559	   notification detection threshold is zero, this will mean that event C
4560	   is activated when the egress node, during an interval T, does not
4561	   receive any "notified DSCP" marked packets.

4563	   * event D: this event occurs when the egress, during an interval T,
4564	   does not receive packets marked as either "encoded DSCP" or "affected
4565	   DSCP" (when "affected DSCP" is applied in the whole RMD domain).
4566	   Note that when "notified DSCP" is applied in the whole RMD domain for
4567	   the support of congestion notification, then this event could cause
4568	   the following change in operation state.
4569	   When the egress, during an interval T, does not receive (1) packets
4570	   marked as either "encoded DSCP" or "affected DSCP" (when "affected
4571	   DSCP" is applied in the whole RMD domain) and (2) it does NOT receive
4572	   "notified DSCP" marked packets then the change in the operation state
4573	   occurs from the "Severe congestion state" to "Normal state".
4574	   When the egress, during an interval T, does not receive (1) packets
4575	   marked as either "encoded DSCP" or "affected DSCP" (when "affected
4576	   DSCP" is applied in the whole RMD domain) and (2) it does receive
4577	   "notified DSCP" marked packets then the change in the operation state
4578	   occurs from the "Severe congestion state" to "Congestion notification
4579	   state".

4581	   event E: this event occurs when the egress, during an interval T,
4582	   does not receive packets marked as either "encoded DSCP" or
4583	   "affected DSCP" (when "affected DSCP" is applied in the whole RMD
4584	   domain)

4586	   An example of the algorithm for calculation of the number of flows
4587	   associated with each priority class that have to be terminated is
4588	   explained by the pseudo-code below.

4590	   The edge nodes are able to support severe congestion handling by: (1)
4591	   identifying which flows were affected by the severe congestion and
4592	   (2) selecting and terminating some of these flows such that the
4593	   quality of service of the remaining flows is recovered.

4595	   The "encoded DSCP" and the "affected DSCP" marked packets (when
4596	   applied in the whole RMD domain) are received by the QNE edge node.

4598	   The QNE edge nodes keep per flow state and therefore they can
4599	   translate the calculated bandwidth to be terminated, to number of
4600	   flows. The QNE egress node records the excess rate and the identity
4601	   of all the flows, arriving at the QNE egress node, with
4602	   "encoded DSCP" and with "affected DSCP" (when applied in the whole
4603	   RMD domain); only these flows, which are the ones passing through the
4604	   severely congested interior node(s), are candidates for termination.
4605	   The excess rate is calculated by measuring the rate of all the
4606	   "encoded DSCP" data packets that arrive at the QNE egress node. The
4607	   Measured excess rate is converted by the egress node, by multiplying
4608	   it by the factor N, which was used by the QNE interior node(s) to
4609	   encode the overload level.

4611	   When different priority flows are supported all the low priority
4612	   flows that arrived at the egress node are terminated first. Next all
4613	   the medium priority flows are stopped and finally, if necessary, even
4614	   high priority flows are chosen. Within a priority class both "encoded
4615	   DSCP" and "aected DSCP" are considered before the mechanism moves to
4616	   higher priority class. Finally, for each flow that has to be
4617	   terminated the egress node sends a NOTIFY message to the ingress node
4618	   which stops the flow.

4620	   Below this algorithm is described in detail.
4621	   First, when the egress operates in the severe congestion state then
4622	   the total amount of remarked bandwidth associated with the PHB
4623	   traffic class, say total_congested_bandwidth, is calculated.
4624	   Note that when the node maintains information about
4625	   each ingress/egress pair aggregate, then the
4626	   total_congested_bandwidth MUST be calculated per ingress/egress pair
4627	   reservation aggregate. This bandwidth represents the severe congested
4628	   bandwidth that SHOULD be terminated. The total_congested_bandwidth
4629	   can be calculated as follows:

4631	   total_congested_bandwidth = N*input_remarked_bytes/T

4633	   Where, input_remarked_bytes represents the number of "encoded DSCP"
4634	   marked bytes that arrive at the egress, during one measurement
4635	   interval T, N is defined as in Section 4.6.1.6.2.1 and A.1.1. The
4636	   term denoted as terminated_bandwidth is a temporal variable
4637	   representing the total bandwidth that have to be terminated,
4638	   belonging to the same PHB traffic class. The
4639	   terminate_flow_bandwidth(priority_class) is the total of bandwidth
4640	   associated with flows of priority class equal to priority_class. The
4641	   parameter priority_class is an integer fulfilling

4643	   0 =< priority_class =< Maximum_priority.

4645	   The QNE egress node records the identity of the QNE Ingress Node that
4646	   forwarded each flow, the total_congested_bandwidth and the identity
4647	   of all the flows, arriving at the QNE Egress Node, with "encoded
4648	   DSCP" and "affected DSCP" (when applied in whole RMD domain). This
4649	   ensures that only these flows, which are the ones passing through the
4650	   severely overloaded QNE interior node(s), are candidates for
4651	   termination. The selection of the flows to be terminated is described
4652	   in the pseudo-code that is given below, which is realized by the
4653	   function denoted below as calculate_terminate_flows().

4655	   The calculate_terminate_flows() function uses the
4656	   terminate_bandwidth_class value and translates this bandwidth value
4657	   to number of flows that have to be terminated. Only the "encoded
4658	   DSCP" flows and "affected DSCP" (when applied in whole RMD domain)
4659	   flows, which are the ones passing through the severely overloaded
4660	   interior node(s), are candidates for termination.

4662	   After the flows to be terminated are selected the
4663	   sum_bandwidth_terminate(priority_class) value is calculated that is
4664	   the sum of the bandwidth associated with the flows, belonging to a
4665	   certain priority class, which will certainly be terminated.
4666	   The constraint of finding the total number of flows that have to
4667	   be terminated is that sum_bandwidth_terminate(priority_class), SHOULD
4668	   be smaller or approximatelly equal to the variable
4669	   terminate_bandwidth(priority_class).

4671	     terminated_bandwidth = 0;
4672	     priority_class = 0;
4673	     while terminated_bandwidth < total_congested_bandwidth
4674	      {
4675	       terminate_bandwidth(priority_class) =
4676	       = total_congested_bandwidth - terminated_bandwidth
4677	       calculate_terminate_flows(priority_class);
4678	       terminated_bandwidth =
4679	       = sum_bandwidth_terminate(priority_class) + terminated_bandwidth;
4680	       priority_class = priority_class + 1;
4681	      }

4683	   If the egress node maintains ingress/egress pair reservation
4684	   aggregates, then the above algorithm is performed for each
4685	   ingress/egress pair reservation aggregate.

4687	   Finally, for each flow that has to be terminated the QNE egress node
4688	   sends a NOTIFY message to the QNE ingress node to terminate the flow.

4690	Appendix A.2.1 Example of a detailed remarking admission control
4691	(congestion notification) operation in Interior nodes

4693	   This appendix describes an example of a detailed remarking admission
4694	   control (congestion notification) operation in Interior nodes.
4695	   The predefined congestion notification threshold, see Appendix A.1.1,
4696	   is set according to, and usually less than, an engineered bandwidth
4697	   limitation, i.e., admission threshold, based on e.g. agreed Service
4698	   Level Agreement or a capacity limitation of specific links.
4699	   The difference between the congestion notification threshold and the
4700	   engineered bandwidth limitation, i.e., admission threshold, provides
4701	   an interval where the signaling information on resource limitation is
4702	   already sent by a node but the actual resource limitation is not
4703	   reached. This is due to the fact that data packets associated with an
4704	   admitted session have not yet arrived, while allows the admission
4705	   control process available at the egress to interpret the signaling
4706	   information and reject new calls before reaching congestion.

4708	   Note that in the situation when the data rate is higher than the
4709	   preconfigured congestion notification rate, also data packets are
4710	   re-marked, see section 4.6.1.6.2.1. To distinguish between congestion
4711	   notification and severe congestion, two methods MAY be used (see
4712	   Appendix 1.1.1):

4714	   * using different DSCP values (re-marked DSCP values). The remarked
4715	   DSCP that is used for this purpose is denoted as "notified DSCP" in
4716	   this document. When this method is used and when the interior node is
4717	   in "congestion notification" state, see A.1.1, then the node SHOULD
4718	   remark all the unmarked bytes passing through the node using the
4719	   "notified DSCP". Note that this method can only be applied if all
4720	   nodes in RMD domain use the "notified" DSCP marking. In this way,
4721	   also probe packets that will pass through the interior node that
4722	   operates in congestion notification state are being encoded using the
4723	   "notified DSCP" marking.

4725	   * Using the "encoded DSCP" marking for congestion notification and
4726	   severe congestion. This method is not described in detail in this
4727	   example appendix.

4729	Appendix A.2.2 Example of a detailed admission control (congestion
4730	notification) operation in Egress nodes

4732	   This appendix describes an example of a detailed admission control
4733	  (congestion notification) operation in Egress nodes.

4735	   The admission control congestion notification procedure can be
4736	   applied only if the egress maintains the ingress/egress pair
4737	   aggregate. When the operation state of the ingress/egress pair
4738	   aggregate is the "congestion notification", see Appendix A.1.2, then
4739	   the implementation of the algorithm depends on how the congestion
4740	   notification situation is notified to the egress. As mentioned in
4741	   Section A.2.1, two methods are used:

4743	   * using the "notified DSCP". During a measurement interval T, the
4744	   egress counts the number of "notified DSCP" marked bytes that belong
4745	   to the same PHB and are associated with the same ingress/egress pair
4746	   aggregate, say input_notified_bytes. We denote the rate as
4747	   incoming_notified_rate.

4749	   * using the "encoded DSCP". In this case, during a measurement
4750	   interval T, the egress measures the input_notified_bytes by counting
4751	   the "encoded DSCP" bytes.

4753	   Below only the detail description of the first method is given.

4755	   The incoming congestion_rate can be then calculated as follows:

4757	   incoming_congestion_rate = input_notified_bytes/T

4759	   If the incoming_congestion_rate is higher than a preconfigured
4760	   congestion notification threshold, then the communication path
4761	   between ingress and egress is considered to be congested. Note that
4762	   the pre-congestion notification threshold can be set to zero. In this
4763	   case the egress node will operate in congestion notification state at
4764	   the moment that it receives at least one "notified DSCP" encoded
4765	   packet.

4767	   When the egress node operates in "congestion notification" state
4768	   and if the end-to-end RESERVE (probe) arrives at the egress, then
4769	   this request SHOULD be rejected. Note that this is happening
4770	   only when the probe packet is either "notified DSCP" or "encoded
4771	   DSCP" marked. In this way it is ensured that the end-to-end RESERVE
4772	   (probe) packet passed through the node that it is congested. This
4773	   feature is very useful when ECMP based routing is used to detect
4774	   Only flows that are passing through the congested router.

4776	   If such an ingress/egress pair aggregated state is not available when
4777	   the (probe) RESERVE message arrives at the egress, then this request
4778	   is accepted if the DSCP of the packet carrying the RESERVE messsage
4779	   is unmarked. Otherwise (if the packet is either "notified DSCP" or
4780	   "encoded DSCP" marked), it is rejected.

4782	Appendix A.3.1 Example of selecting bi-directional flows for termination
4783	during severe congestion

4785	   This appendix describes an example of selecting bi-directional flows
4786	   for termination during severe congestion.
4787	   When a severe congestion occurs on e.g., in the forward path, and
4788	   when the algorithm terminates flows to solve the severe congestion in
4789	   forward path, then the reserved bandwidth associated with the
4790	   terminated bidirectional flows is also released. Therefore, a careful
4791	   selection of the flows that have to be terminated SHOULD take place.
4792	   A possible method of selecting the flows belonging to the same
4793	   priority type passing through the severe congestion point on a
4794	   unidirectional path can be the following:

4796	   * the egress node SHOULD select, if possible, first unidirectional
4797	   flows instead of bidirectional flows
4798	   * the egress node SHOULD select, if possible, bidirectional flows
4799	   that reserved a relatively small amount of resources on the path
4800	   reversed to the path of congestion.

4802	Appendix A.3.2 Example of a severe congestion solution for bi-
4803	directional flows congested simultaneously on forward and reverse path

4805	   This appendix describes an example of a severe congestion solution
4806	   for bi-directional flows congested simultaneously on forward and
4807	   reverse path.

4809	   This scenario describes a solution using the combination of the
4810	   severe congestion solutions described in Section 4.6.2.5.2.
4811	   It is considered that the severe congestion occurs simultaneously on
4812	   forward and reverse directions, which MAY affect the same bi-
4813	   directional flows.

4815	   When the QNE Edges maintain per-flow intra-domain QoS-NSLP
4816	   operational states then the steps can be the following, see Figure
4817	   A.3. Consider that the egress node selects a number of bi-directional
4818	   flows to be terminated. In this case the egress will send for each
4819	   bi-directional flows a NOTIFY message to ingress. If the Ingress
4820	   receives these NOTIFY messages and its operational state (associated
4821	   with reverse path) is in the severe congestion state (see Figure A.1
4822	   and A.2), then the ingress operates in the following way:

4824	   * For each NOTIFY message, the Ingress SHOULD identify the
4825	   bidirectional flows have to be terminated.

4827	   * The ingress then calculates the total bandwidth that SHOULD be
4828	   released in the reverse direction (thus not in forward direction) if
4829	   the bidirectional flows will be terminated (preempted), say
4830	   "notify_reverse_bandwidth". This bandwidth can be calculated by the
4831	   sum of the bandwidth values associated with all the end-to-end
4832	   sessions that received a (severe congestion) NOTIFY message.

4834	   * Furthermore, using the received marked packets (from the reverse
4835	   path) the ingress will calculate, using the algorithm used by an
4836	   egress and described in A.1.2, the total bandwidth that has to be
4837	   terminated in order to solve the congestion in the reverse path
4838	   direction, say "marked_reverse_bandwidth".

4840	   * The ingress then calculates the bandwidth of the additional flows
4841	   that have to be terminated, say "additional_reverse_bandwidth", in
4842	   order to solve the severe congestion in reverse direction, by taking
4843	   into account:

4845	   ** the bandwidth in the reverse direction of the bidirectional flows
4846	   that were appointed by the egress (the ones that received a NOTIFY
4847	   message) to be preempted, i.e., "notify_reverse_bandwidth"

4849	   **  the total amount of bandwidth in the reverse direction that has
4850	   been calculated by using the received marked packets, i.e.,
4851	   "marked_reverse_bandwidth".

4853	QNE (Ingress)    NE (int.)    NE (int.)       NE (int.)    QNE (Egress)
4854	NTLP stateful                                             NTLP stateful
4855	data|    user        |                |           |               |
4856	--->|    data        | #unmarked bytes|           |               |
4857	    |--------------->S #marked bytes  |           |               |
4858	    |                S--------------------------->|               |
4859	    |                |                |           |-------------->|data
4860	    |                |                |           |               |--->
4861	    |                |                |           |              Term.?
4862	    |            NOTIFY               |           |               |Yes
4863	    |<------------------------------------------------------------|
4864	    |                |                |           |               |data
4865	    |                |                |  user     |               |<---
4866	    |   user data    |                |  data     |<--------------|
4867	    | (#marked bytes)|                S<----------|               |
4868	    |<--------------------------------S           |               |
4869	    | (#unmarked bytes)               S           |               |
4870	Term|<--------------------------------S           |               |
4871	Flow?                |                S           |               |
4872	YES |RESERVE(RMD-QSpec):              S           |               |
4873	    |"forward - T tear"               s           |               |
4874	    |--------------->|  RESERVE(RMD-QSpec):       |               |
4875	    |                |  "forward - T tear"        |               |
4876	    |                |--------------------------->|               |
4877	    |                |                S           |-------------->|
4878	    |                |                S         RESERVE(RMD-QSpec):
4879	    |                |                S       "reverse - T tear"  |
4880	    |      RESERVE(RMD-QSpec)         S           |<--------------|
4881	    |      "reverse - T tear"         S<----------|               |
4882	    |<--------------------------------S           |               |

4884	  Figure A.3: Intra-domain RMD severe congestion handling for
4885	           bi-directional reservation (congestion on both forward and
4886	           reverse direction)

4888	   This additional bandwidth can be calculated using the following
4889	   algorithm:

4891	    IF ("marked_reverse_bandwidth" > "notify_reverse_bandwidth") THEN
4892	    "additional_reverse_bandwidth" =
4893	     = "marked_reverse_bandwidth"- "notify_reverse_bandwidth";
4894	    ELSE
4895	    "additional_reverse_bandwidth" = 0

4897	* Ingress terminates the flows that experienced a severe congestion
4898	in the "forward" path and received a (severe congestion) NOTIFY
4899	   message

4901	   * If possible the ingress SHOULD terminate unidirectional flows that
4902	   are using the same egress-ingress reverse direction communication
4903	   path to satisfy the release of a total bandiwtdh up equal to the:
4904	   "additional_reverse_bandwidth", see Appendix 3.1.

4906	   * If the number of REQUIRED uni-directional flows (to satisfy the
4907	   above issue) is not available, then a number of bi-directional flows
4908	   that are using the same egress-ingress reverse direction
4909	   communication path MAY be selected for pre-emption in order to
4910	   satisfy the release of a total bandiwtdh equal up to the:
4911	   "additional_reverse_bandwidth".  Note that using the guidelines given
4912	   in Appendix A.3.1, first the bidirectional flows that reserved a
4913	   relatively small amount of resources on the path reversed to the path
4914	   of congestion SHOULD be selected for termination.

4916	   When the QNE Edges maintain aggregated intra-domain QoS-NSLP
4917	   operational states then the steps can be the following.

4919	   * The egress calculates the bandwidth to be terminated using the same
4920	   method as described in Section 4.6.1.6.2.2. The egress includes this
4921	   bandwidth value in a <PDR Bandwidth> within a "PDR_Congestion_Report"
4922	   container that is carried by the end-to-end NOTIFY message.

4924	   * The Ingress receives the NOTIFY message and reads the <PDR
4925	   Bandwidth> value included in the "PDR_Congestion_Report" container.
4926	   Note that this value is denoted as "notify_reverse_bandwidth" in the
4927	   situation that the QNE edges maintain per flow intra-domain QoS-NSLP
4928	   operational states, but is calculated differently. The variables
4929	   "marked_reverse_bandwidth" and "additional_reverse_bandwidth are
4930	   calculated using the same steps as explained for the situation that
4931	   the QNE edges maintain per flow intra-domain QoS-NSLP states.

4933	   * Regarding the termination of flows that are using the same egress-
4934	   ingress reverse direction communication path, the Ingress can follow
4935	   the same procedures as the situation that the QNE edges
4936	   maintain per-flow intra-domain QoS-NSLP operational states.

4938	   The RMD aggregated (reduced state) reservations maintained by the
4939	   interior nodes, can be reduced in the "forward" and "reverse"
4940	   directions by using the procedure described in Section 4.6.2.3 and
4941	   including in the  <Bandwith> parameter within the "RMD-QOSM QOS
4942	   Description" field carried by the "forward" intra-domain RESERVE the
4943	   value equal to "notify_reverse_bandwidth" and by including the
4944	   "additional_reverse_bandwidth" value in the <PDR Bandwidth> parameter
4945	   within the "PDR_Release_Request" container that is carried by the
4946	   same intra-domain RESERVE message.

4948	Appendix A.4 Example of pre-emption handling during admission control

4950	   This appendix describes an example of how pre-emption handling is
4951	   supported during admission control.
4952	   This section describes the mechanism that can be supported by the
4953	   QNE Ingress, QNE Interior and QNE Egress nodes to satisfy
4954	   pre-emption during the admission control process.
4955	   This mechanism uses the pre-emption building blocks specified in
4956	   [QoS-NSLP].

4958	A.4.1 Pre-emption handling in QNE Ingress nodes

4960	   If a QNE Ingress receives a RESERVE for a session that causes other
4961	   session(s) to be pre-empted, for each of these to be pre-empted
4962	   sessions, then the QNE Ingress follows the following steps:

4964	   Step_1:

4966	   The QNE Ingress MUST send a tearing RESERVE downstream and add a
4967	   BOUND_SESSION_ID, with Binding_Code value equal to "Indicated session
4968	   caused pre-emption" that indicates the SESSION_ID of the session that
4969	   caused the pre-emption. Furthermore, an INFO-SPEC object with error
4970	   code value equal to "Reservation pre-empted" has to be included in
4971	   each of these tearing RESERVE messages.
4972	   The selection of which flows have to be preempted can be based on
4973	   predefined policies. For example, this selection process can be based
4974	   on the MRI associated with the high and low priority sessions. In
4975	   particular, the QNE Ingress can select low(er) priority session(s)
4976	   where their MRI is "close" (especially the target IP) to the one
4977	   associated with the higher priority session. This means that
4978	   typically the high priority session and the to be preempted lower
4979	   priority sessions are following the same communication path and are
4980	   passing through the same QNE Egress node.

4982	   Furthermore, the amount of lower priority sessions that have to be
4983	   pre-empted per each high priority session, has to be such that the
4984	   requested resources by the higher priority session SHOULD be lower or
4985	   equal than the sum of the reserved resources associated with the
4986	   lower priority sessions that have to be pre-empted.

4988	   Step_2:

4990	   For each of the sent tearing RESERVE(s) the QNE Ingress will send a
4991	   NOTIFY message with an INFO-SPEC objects with error code value equal
4992	   to "Reservation pre-empted" towards the QNI.

4994	   Step_3:

4996	   After sending the pre-empted (tearing) RESERVE(s), the Ingress QNE
4997	   will send the (reserving) RESERVE, which caused the pre-emption,
4998	   downstream towards the QNE Egress.

5000	A.4.2 Pre-emption handling in QNE Interior nodes

5002	   The QNE Interior upon receiving the first (tearing) RESERVE that
5003	   carries the BOUND_SESSION_ID object with Binding_Code value equal to
5004	   "Indicated session caused pre-emption" and an INFO-SPEC object with
5005	   error code value equal to "Reservation preempted" it considers that
5006	   this session has to be pre-empted.
5007	   In this case the QNE Interior creates a so called "pre-emption
5008	   state", which is identified by the SESSION_ID carried in the
5009	   pre-emption related BOUND_SESSION_ID object. Furthermore, this
5010	   "pre-emption state" will include the SESSION_ID of the session
5011	   associated with the (tearing) RESERVE. If subsequently additional
5012	   tearing RESERVE(s) are arriving including the same values of
5013	   BOUND_SESSION_ID and INFO-SPEC objects, then the associated
5014	   SESSION_IDs of these (tearing) RESERVE message will be included in
5015	   the already created "pre-emption state". The QNE will then set a
5016	   timer, with a value that is high enough to ensure that it will not
5017	   expire before the (reserving) RESERVE arrives.
5018	   Note that when the "pre-emption state" timer expires then the
5019	   bandwidth associated with the pre-empted session(s) will have to be
5020	   released, following a normal RMD-QOSM bandwidth release procedure..
5021	   If the QNE interior node will not receive the all to be pre-empted
5022	   (tearing) RESERVE messages sent by the QNE Ingress before their
5023	   associated (reserving) RESERVE message arrives, then the (reserving)
5024	   RESERVE message will not reserve any resources and this message will
5025	   be "M" marked, see Section 4.6.1.2. Note that this situation is not a
5026	   typical situation. Typically, this situation can only occur when at
5027	   least one of (tearing) RESERVe messages are dropped due to an error
5028	   condition.

5030	   Otherwise, if the QNE Interior receives the all to be pre-empted
5031	   (tearing) RESERVE messages sent by the QNE Ingress, then the QNE
5032	   Interior will remove the pending resources, and make the new
5033	   reservation using normal RMD-QOSM bandwidth release and reservation
5034	   procedures.

5036	A.4.3 Pre-emption handling in QNE Egress nodes

5038	   Similar to the QNE Interior operation, the QNE Egress upon receiving
5039	   the first (tearing) RESERVE that carries the BOUND_SESSION_ID object
5040	   with Binding_Code value equal to "Indicated session caused
5041	   pre-emption" and an INFO-SPEC object with error code value equal to
5042	   "Reservation preempted" it considers that this session has to be pre-
5043	   empted. Similar to the QNE Interior operation the QNE Egress creates
5044	   a so called "pre-emption state", which is identified by the
5045	   SESSION_ID carried in the pre-emption related BOUND_SESSION_ID
5046	   object. This "pre-emption state" will store the same type of
5047	   information and use the same timer value as specified in section
5048	   A.4.2.

5050	   If subsequently additional tearing RESERVE(s) are arriving including
5051	   the same values of BOUND_SESSION_ID and INFO-SPEC objects, then the
5052	   associated SESSION_IDs of these (tearing) RESERVE message will be
5053	   included in the already created "pre-emption state".
5054	   If the (reserving) RESERVE sent by the QNE Ingress node arrived and
5055	   is not "M" marked and if all the to be pre-empted (tearing) RESERVE
5056	   messages arrived then the QNE Egress will remove the pending
5057	   resources and make the new reservation using normal RMD-QOSM
5058	   procedures.

5060	   If the QNE Egress receives a "M" marked RESERVE message then the QNE
5061	   Egress will use the normal partial RMD-QOSM procedure to release the
5062	   partial reserved resources associated with the "M" marked RESERVE,
5063	   see Section 4.6.1.2.

5065	   If the QNE Egress will not receive all the to be pre-empted (tearing)
5066	   RESERVE messages sent by the QNE Ingress before their associated and
5067	   not "M" marked (reserving) RESERVE message arrives, then the
5068	   following steps can be followed:

5070	 * If the QNE Egress uses an end-to-end QOSM supports the pre-emption
5071	   handling then the QNE Egress have to calculate and select new
5072	   lower priority sessions that have to be terminated. The way of how
5073	   the to be pre-empted sessions are selected and signalled to the
5074	   downstream QNEs is similar to the operation specified in Section
5075	   A.4.1.
5076	 * If the QNE Egress does not use an end-to-end QOSM that supports
5077	   the pre-emption handling then the QNE Egress has to reject the
5078	   requesting (reserving) RESERVE associated with the high priority
5079	   session, see Section 4.6.1.2.

5081	   Note that typically, the situation that the QNE Egress does not
5082	   receive all the to be pre-empted (tearing) RESERVE messages sent by
5083	   the QNE Ingress can only occur when at least one of (tearing) RESERVe
5084	   messages are dropped due to an error condition.

5086	A.5 Example of a retransmission procedure within the RMD domain

5088	   This appendix describes an example of a retransmission procedure that
5089	   can be used in the RMD domain.
5090	   If the retransmission of intra-domain RESERVE messages within the RMD
5091	   domain is not disallowed then all the QNE Interior nodes SHOULD use
5092	   the functionality described in this section.

5094	   In this situation we enable QNE Interior nodes to maintain a replay
5095	   cache in which each entry contains the <RSN>, <SESSION_ID> (available
5096	   via GIST), <REFRESH_PERIOD> (available via the QoS NSLP [QoS-NSLP])
5097	   and the last received "PHR Container" <Container ID> carried by the
5098	   RMD-QSpec for each session [QSP-T]. Thus this solution uses
5099	   information carried by QOS-NSLP objects [QoS-NSLP] and parameters
5100	   carried by the RMD-QSpec "PHR Container". The following phases can be
5101	   distinguished:

5103	   Phase 1: Create Replay Cache Entry

5105	   When an Interior node receives an intra-domain RESERVE
5106	   message and its cache is empty or there is no matching entry, it
5107	   reads the <Container ID> field of the "PHR container" of the received
5108	   message. If the <Container ID> is a PHR_RESOURCE_REQUEST, which
5109	   indicates that the intra-domain Reserve message is a reservation
5110	   request, then the QNE Interior node creates a new entry in the cache
5111	   and copies the <RSN>, <SESSION_ID> and <Container ID> to the entry
5112	   and sets the <REFRESH_PERIOD>.
5113	   By using the information stored in the List the Interior node
5114	   verifies whether the received intra-domain RESERVE message is sent
5115	   by an adversary or not. For example, if the <SESSION_ID> and <RSN> of
5116	   a received intra-domain RESERVE message match the values stored in
5117	   the List then the Interior node checks the <Container ID> part.

5119	   If the <Container_ID> is different then:

5121	     Situation D1: <Container ID> in its own list is
5122	        PHR_RESOURCE_REQUEST, and <Container ID> in the message is
5123	        PHR_REFRESH_UPDATE;

5125	     Situation D2: <Container ID> in its own list is
5126	        PHR_RESOURCE_REQUEST or PHR_REFRESH_UPDATE, and <Container ID>
5127	        in the message is PHR_RELEASE_REQUEST;

5129	     Situation D3: <Container ID> in its own list is PHR_REFRESH_UPDATE,
5130	        and <Container ID> in the message is PHR_RESOURCE_REQUEST;

5132	    For Situation D1, the QNE Interior node processes this message by
5133	    RMD-QoSM default operation, reserves bandwidth, updates the entry
5134	    and passes the message to downstream nodes. For Situation D2, the
5135	    QNE Interior node processes this message by RMD-QoSM default
5136	    operation, releases bandwidth, deletes all entries associated with
5137	    the session and passes the message to downstream nodes. For
5138	    situation D3, the QNE Interior node does not use/process the
5139	    local RMD-QSpec <TMOD-1> parameter carried by the received intra-
5140	    domain RESERVE message. Furthermore, the <K> flag in the "PHR
5141	    Container" have to be set such that the local RMD-QSpec <TMOD-1>
5142	    parameter carried by the intra-domain RESERVE message is not
5143	    processed/used by a QNE Interior node.

5145	    If the <Container_ID> is the same then:

5147	     Situation S1: <Container ID> is equal to PHR_RESOURCE_REQUEST;
5148	     Situation S2: <Container ID> is equal to PHR_REFRESH_UPDATE;

5150	     For situation S1, the QNE Interior node does not process the
5151	     intra-domain RESERVE message but it just passes it to
5152	     downstream nodes, because
5153	     it might have been retransmitted by the QNE Ingress node;
5154	     For situation S2, the QNE Interior node processes the first
5155	     incoming intra-domain (refresh) RESERVE message within a refresh
5156	     period and updates the entry and forwards it to the downstream
5157	     nodes.

5159	    If only <Session_ID> is matched to the list, then the QNE Interior
5160	    Node checks the <RSN>. Here also two situations can be
5161	    distinguished:

5163	    If a rerouting takes place, see Section 5.2.5.2 in [QoS-NSLP], the
5164	    <RSN> in the message will be equal either to <RSN + 2> in the
5165	    stored list if it is not a tearing RESERVE or to <RSN -1> in the
5166	     stored list if it is a tearing RESERVE:

5168	     The QNE Interior node will check the <Container ID> part;

5170	     If the <RSN> in the message is equal to <RSN + 2> in the
5171	     stored list and the <Container ID> is a PHR_RESOURCE_REQUEST or
5172	     PHR_REFRESH_UPDATE then the received intra-domain RESERVE
5173	     message has to be interpreted and processed as a typical
5174	     (non tearing) RESERVE message, which is caused by rerouting, see
5175	      Section 5.2.5.2 in [QoS-NSLP].

5177	     If the <RSN> in the message is equal to <RSN-1> in the
5178	     stored list and the <Container ID> is a PHR_RELEASE_REQUEST
5179	     then the received intra-domain RESERVE message has to be
5180	     interpreted and processed as a typical (tearing) RESERVE
5181	     message, which is caused by rerouting, see Section 5.2.5.2 in
5182	     [QoS-NSLP].

5184	     If other situations occur than the ones described above, then
5185	     the QNE Interior node does not use/process the local RMD-QSpec
5186	     <TMOD-1> parameter carried by the received intra-domain RESERVE
5187	     message. Furthermore, the <K> paramer has to be set, see above.

5189	    Phase 2: Update Replay Cache Entry

5191	    When a QNE Interior node receives an intra-domain RESERVE message,
5192	    it retrieves the corresponding entry from the cache and compares the
5193	    values. If the message is valid, the Interior node will update
5194	    <Container ID> and <REFRESH_PERIOD> in the List entry.

5196	    Phase 3: Delete Replay Cache Entry

5198	    When a QNE Interior node receives an intra-domain (tear) RESERVE
5199	    message and an entry in the replay cache can be found, then the
5200	    QNE Interior node will delete this entry after processing the
5201	    message. Furthermore, the Interior node will delete cache entries,
5202	    if it did not receive an intra-domain (refresh) Reserve message
5203	    during the <REFRESH_PERIOD> period with a <Container_ID> value equal
5204	    to PHR_REFRESH_UPDATE.

5206	Disclaimer

5208	   This document may contain material from IETF Documents or IETF
5209	   Contributions published or made publicly available before November
5210	   10, 2008.  The person(s) controlling the copyright in some of this
5211	   material may not have granted the IETF Trust the right to allow
5212	   modifications of such material outside the IETF Standards Process.
5213	   Without obtaining an adequate license from the person(s)
5214	   controlling the copyright in such materials, this document may not
5215	   be modified outside the IETF Standards Process, and derivative
5216	   works of it may not be created outside the IETF Standards Process,
5217	   except to format it for publication as an RFC or to translate it
5218	   into languages other than English.