idnits 2.17.1 draft-ietf-tsvwg-diffserv-class-aggr-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 17. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 790. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 801. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 808. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 814. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 5, 2007) is 6252 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '1' is defined on line 674, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 677, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2309 (ref. '9') (Obsoleted by RFC 7567) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TSVWG K. Chan 3 Internet-Draft J. Babiarz 4 Intended status: Informational Nortel Networks 5 Expires: September 6, 2007 F. Baker 6 Cisco Systems 7 March 5, 2007 9 Aggregation of DiffServ Service Classes 10 draft-ietf-tsvwg-diffserv-class-aggr-02 12 Status of this Memo 14 By submitting this Internet-Draft, each author represents that any 15 applicable patent or other IPR claims of which he or she is aware 16 have been or will be disclosed, and any of which he or she becomes 17 aware will be disclosed, in accordance with Section 6 of BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on September 6, 2007. 37 Copyright Notice 39 Copyright (C) The IETF Trust (2007). 41 Abstract 43 In the core of a high capacity network, service differentiation is 44 still needed to support applications' utilization of the network. 45 Applications with similar traffic characteristics and performance 46 requirements are mapped into diffserv service classes based on end- 47 to-end behavior requirements of the applications as indicated by 48 Diffserv Service Classes [5]. However, some network segments may be 49 configured in such a way that a single forwarding treatment may 50 satisfy the traffic characteristics and performance requirements of 51 two or more service classes. In these cases, it may be desirable to 52 aggregate two or more Diffserv Service Classes [5] into a single 53 forwarding treatment. This document provides guidelines for the 54 aggregation of Diffserv Service Classes [5] into forwarding 55 treatments. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 4 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 3. Overview of Service Class Aggregation . . . . . . . . . . . . 5 63 4. Service Classes to Treatment Aggregate Mapping . . . . . . . . 6 64 4.1. Mapping Service Classes into Four Treatment Aggregates . . 6 65 4.1.1. Network Control Treatment Aggregate . . . . . . . . . 9 66 4.1.2. Real Time Treatment Aggregate . . . . . . . . . . . . 9 67 4.1.3. Assured Elastic Treatment Aggregate . . . . . . . . . 10 68 4.1.4. Elastic Treatment Aggregate . . . . . . . . . . . . . 11 69 5. Using MPLS for Treatment Aggregates . . . . . . . . . . . . . 12 70 5.1. Network Control Treatment Aggregate with E-LSP . . . . . . 14 71 5.2. Real Time Treatment Aggregate with E-LSP . . . . . . . . . 14 72 5.3. Assured Elastic Treatment Aggregate with E-LSP . . . . . . 14 73 5.4. Elastic Treatment Aggregate with E-LSP . . . . . . . . . . 14 74 5.5. Treatment Aggregates and L-LSP . . . . . . . . . . . . . . 15 75 6. Treatment Aggregates and Inter-Provider Relationships . . . . 15 76 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 77 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 78 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 79 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 80 10.1. Normative References . . . . . . . . . . . . . . . . . . . 16 81 10.2. Informative References . . . . . . . . . . . . . . . . . . 17 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 83 Intellectual Property and Copyright Statements . . . . . . . . . . 19 85 1. Introduction 87 In the core of a high capacity network, it is common for the network 88 to be engineered in such a way that a major link, switch, or router 89 can fail and the result will be a routed network that still meets 90 ambient SLAs. The implication of this is that there is sufficient 91 capacity on any given link such that all SLAs sold can be 92 simultaneously supported at their respective maximum rates, and that 93 this remains true after re-routing (either IP re-routing or MPLS 94 protection-mode switching) has occurred. 96 Over-provisioning is generally considered to meet the requirements of 97 all traffic without further QoS treatment, and in the general case 98 that is true in high capacity backbones. However, as the process of 99 network convergence continues, and with the increasing speed of the 100 access networks, certain services still have issues. Delay, jitter, 101 and occasional loss are perfectly acceptable for elastic 102 applications. However, sub-second surges that occur in the best- 103 designed of networks [14] affect real-time applications. Moreover, 104 DOS loads, worms, and network disruptions such as that of 11 105 September 2001 affect routing [15]. Our objective is to prevent 106 disruption to routing (which in turn affects all services), and 107 jitter-sensitive services that may be revenue-bearing. 109 The document "Diffserv Service Classes" [5] defines the basic 110 diffserv classes from the points of view of the application requiring 111 specific end-to-end behaviors from the network. The service classes 112 are differentiated based on the traffic-payload's tolerance to packet 113 loss, delay, and delay variation (jitter). Different degrees of 114 these criterions form the foundation for supporting the needs of 115 real-time and elastic traffic. The "Diffserv Service Classes" [5] 116 document also provides recommendations for the treatment method of 117 these service classes. But, at some network segments of the end-to- 118 end path, the number of levels of network treatment differentiation 119 may be less than the number of service classes that the network 120 segment needs to support. In such a situation, that network segment 121 may use the same treatment to support more than one service class. 122 In this document we provide guidelines on how multiple service 123 classes may be aggregated into a forwarding treatment aggregate. 124 With the IP traffic belonging to service classes, expressed using the 125 DSCP, as described by "Diffserv Service Classes" [5]. Note that in a 126 given domain, we may recommend that the supported service classes be 127 aggregated into forwarding treatment aggregates; however, this does 128 not mean all service classes need to be supported and hence not all 129 forwarding treatment aggregates need to be supported. A domain may 130 support fewer or greater number of forwarding treatment aggregates. 131 Which service classes and which forwarding treatment aggregates are 132 supported by a domain is up to the domain administration and may be 133 influenced by business reasons. 135 In this document, we've provided: 137 o definitions for terminology we use in this document, 139 o requirements for performing this aggregation, 141 o an example of performing this aggregation over MPLS using E-LSP. 143 The treatment aggregate recommendations are designed to aggregate the 144 service classes [5] in such a manner as to protect real-time traffic 145 and routing, on the assumption that real-time sessions are protected 146 from each other by admission at the edge. 148 An example of aggregation over MPLS networks using E-LSP, EXP 149 Inferred PHB Scheduling Class (PSC) Label Switched Path (LSP), to 150 realize the treatment aggregates is provided. Note that the MPLS 151 E-LSP is just an example; this document does not exclude the use of 152 other methods. This example only considers aggregation of IP traffic 153 into E-LSP. The use of E-LSP by none-IP traffic is not discussed. 155 1.1. Requirements Notation 157 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 158 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 159 document are to be interpreted as described in RFC 2119 [3]. 161 2. Terminology 163 This document assumes the reader is familiar with the terms used in 164 differentiated services. This document provides the definitions for 165 new terms introduced by this document and referencing information for 166 existing none differentiated services terms defined in existing RFCs. 168 For new terms introduced by this document, we provide the definition 169 here: 171 o Treatment Aggregate. This term is used here to indicate the 172 aggregate of DiffServ service classes. This is different from 173 Behavior Aggregate and Traffic Aggregate because Treatment 174 Aggregate is only concerned with the treatment of the aggregated 175 traffic. It does not concern itself with how the aggregated 176 traffic is marked, and hence does not put a restriction on the 177 aggregated traffic having a single diffserv codepoint that have a 178 single PHB. 180 For terms from existing RFCs, we provide the reference to the 181 appropriate section of the relevant RFC that contain the definition: 183 o Real-Time and Elastic Applications and their traffic. Section 3.1 184 of RFC 1633 [6]. 186 o Diffserv Service Class. Section 1.3 of RFC 4594 [5]. 188 o MPLS E-LSP, EXP Inferred PHB Scheduling Class (PSC) Label Switched 189 Path (LSP). Section 1.2 of RFC 3270 [8]. 191 o MPLS L-LSP, Label Only Inferred PHB Scheduling Class (PSC) Label 192 Switched Path (LSP). Section 1.3 of RFC 3270 [8]. 194 3. Overview of Service Class Aggregation 196 In diffserv domains where less granular traffic treatment 197 differentiation is provided, aggregation of the different service 198 classes [5] may be required. 200 These aggregations have the following requirements: 202 1. The end-to-end network performance characteristic required by the 203 application must be supported. This performance characteristic 204 is represented by the use of Diffserv Service Classes [5]. 206 2. The treatment aggregate must exhibit the strictest requirement of 207 its member service classes. 209 3. The treatment aggregate should only contain member service 210 classes with similar traffic characteristic and performance 211 requirements. 213 4. The notion of the individual end-to-end service classes must not 214 be destroyed when aggregation is performed. Each domain along 215 the end-to-end path may perform aggregation differently, based on 216 the original end-to-end service classes. We recommend an easy 217 way to accomplish this by not altering the DSCP used to indicate 218 the end-to-end service class. But some administrative domains 219 may require the use of their own marking; when this is needed, 220 the original end-to-end service class indication must be restored 221 upon exiting such administrative domains. 223 5. Each treatment aggregate has limited resources, hence traffic 224 conditioning and/or admission control must be performed for each 225 service class aggregated into the treatment aggregate. 227 with the following suggestions: 229 1. The treatment aggregate and assigned resources may consider 230 historical traffic patterns and the variability of these 231 patterns. For example, a point-point service (e.g., pseudowire) 232 may have a very predictable pattern, while a multipoint service 233 (e.g., VPLS) may have a much less predictable pattern. Even the 234 traffic patterns within the Internet may vary widely. 236 2. In addition to Diffserv, other controls are available to 237 influence the traffic level offered to a particular traffic 238 aggregate. These include adjustment of routing metrics, usage of 239 MPLS-based traffic engineering techniques. 241 This document only describes the aggregation of IP traffic based on 242 the use of Diffserv Service Classes [5]. 244 4. Service Classes to Treatment Aggregate Mapping 246 The service class and DSCP selection in "Diffserv Service Classes" 247 [5] has been defined to allow, in many instances, mapping of two or 248 possibly more service classes into a single forwarding treatment 249 aggregate. Notice that there is a relationship/trade-off between 250 link speed, queue depth, delay, and jitter. The degree of 251 aggregation and hence the number of treatment aggregates will depend 252 on whether the speed of the links and scheduler behavior, being used 253 to implement the aggregation, can minimize the affects of mixing 254 traffic with different packet sizes and transmit rates on queue 255 depth. And their impacts on loss, delay, and jitter. A general 256 rule-of-thumb is that higher link speeds allow for more aggregation/ 257 smaller number of treatment aggregates. 259 4.1. Mapping Service Classes into Four Treatment Aggregates 261 This section provides an example of mapping all the service classes 262 defined in RFC 4594 [5] into four treatment aggregates. The use of 263 four treatment aggregates assumes that the resources allocated to 264 each treatment aggregate is sufficient to honor the required behavior 265 of each service class [5] in each of the four treatment aggregates. 266 We use the performance requirement (tolerance to loss, delay, and 267 jitter) from the application/end-user as a guide on how to map the 268 service classes into treatment aggregates. We have also used Section 269 3.1 of RFC 1633 [6] to provide us with guidance on the definition of 270 Real-Time and Elastic applications. An overview of the mapping 271 between service classes and the four treatment aggregates is provided 272 by Figure 1, with the mapping being based on performance 273 requirements. In Figure 1, the right side columns of "Service 274 Class", "Tolerance to Loss/Delay/Jitter" are from Figure 2 of 275 Diffserv Service Classes [5]. 277 It is recommended that certain service classes be mapped into 278 specific treatment aggregates. But this does not mean that all the 279 service classes recommended for that treatment aggregate need to be 280 supported. Hence, for a given domain, a treatment aggregate may 281 contain only a subset of the service classes recommended in this 282 document, they being the service classes supported by that domain. A 283 domain's treatment of non-supported service classes should be based 284 on the domain's local policy. This local policy may be influenced by 285 its agreement with its customers. Such treatment may use the Elastic 286 Treatment Aggregate, dropping the packets, or some other 287 arrangements. 289 Our example of four treatment aggregates is based on the basic 290 differences in performance requirement from the application/end-user 291 perspective. A domain may choose to support more or less treatment 292 aggregates. For example, only supporting three treatment aggregates, 293 and with mapping any network control traffic into the Assured Elastic 294 treatment aggregate. This is a choice the administrative domain has. 296 --------------------------------------------------------------------- 297 |Treatment | Tolerance to ||Service Class | Tolerance to | 298 |Aggregate | Loss |Delay |Jitter|| | Loss |Delay |Jitter| 299 |==========+======+======+======++===============+======+======+======| 300 | Network | Low | Low | Yes || Network | Low | Low | Yes | 301 | Control | | | || Control | | | | 302 |==========+======+======+======++===============+======+======+======| 303 | Real | Very | Very | Very || Telephony | VLow | VLow | VLow | 304 | Time | Low | Low | Low ||---------------+------+------+------| 305 | | | | || Signaling | Low | Low | Yes | 306 | | | | ||---------------+------+------+------| 307 | | | | || Multimedia |Low - | Very | Low | 308 | | | | || Conferencing |Medium| Low | | 309 | | | | ||---------------+------+------+------| 310 | | | | || Real-time | Low | Very | Low | 311 | | | | || Interactive | | Low | | 312 | | | | ||---------------+------+------+------| 313 | | | | || Broadcast | Very |Medium| Low | 314 | | | | || Video | Low | | | 315 |==========+======+======+======++===============+======+======+======| 316 | Assured | Low |Low - | Yes || Multimedia |Low - |Medium| Yes | 317 | Elastic | |Medium| || Streaming |Medium| | | 318 | | | | ||---------------+------+------+------| 319 | | | | || Low Latency | Low |Low - | Yes | 320 | | | | || Data | |Medium| | 321 | | | | ||---------------+------+------+------| 322 | | | | || OAM | Low |Medium| Yes | 323 | | | | ||---------------+------+------+------| 324 | | | | ||High Throughput| Low |Medium| Yes | 325 | | | | || Data | |- High| | 326 |==========+======+======+======++===============+======+======+======| 327 | Elastic | Not Specified || Standard | Not Specified | 328 | | | | ||---------------+------+------+------| 329 | | | | || Low Priority | High | High | Yes | 330 | | | | || Data | | | | 331 --------------------------------------------------------------------- 333 Figure 1: Treatment Aggregate and Service Class Performance 334 Requirements 336 As we are recommending to preserve the notion of the individual end- 337 to-end service classes, we also recommend that the original DSCP 338 field marking not be changed when treatment aggregates are used. 339 Instead, classifiers that select packets based on the contents of the 340 DSCP field should be used to direct packets from the member DiffServ 341 Service Classes into the queue that handles each of the treatment 342 aggregates, without remarking the DSCP field of the packets. This is 343 summarized in Figure 2, which shows the behavior each Treatment 344 Aggregate should have, and the DSCP field marking of the packets that 345 should be classified into each of the treatment aggregates. 347 ------------------------------------------------------------ 348 |Treatment |Treatment || DSCP | 349 |Aggregate |Aggregate || | 350 | |Behavior || | 351 |==========+==========++=====================================| 352 | Network | CS || CS6 | 353 | Control |(RFC 2474)|| | 354 |==========+==========++=====================================| 355 | Real | EF || EF, CS5, AF41, AF42, AF43, CS4, CS3 | 356 | Time |(RFC 3246)|| | 357 |==========+==========++=====================================| 358 | Assured | AF || CS2, AF31, AF21, AF11 | 359 | Elastic |(RFC 2597)||-------------------------------------| 360 | | || AF32, AF22, AF12 | 361 | | ||-------------------------------------| 362 | | || AF33, AF23, AF13 | 363 |==========+==========++=====================================| 364 | Elastic | Default || Default, (CS0) | 365 | |(RFC 2474)||-------------------------------------| 366 | | || CS1 | 367 ------------------------------------------------------------ 369 Figure 2: Treatment Aggregate Behavior 371 4.1.1. Network Control Treatment Aggregate 373 The Network Control Treatment Aggregate aggregates all service 374 classes that are functionally necessary for the survival of a network 375 during a DOS attack or other high traffic load interval. The theory 376 is that whatever else is true, the network must protect itself. This 377 includes the traffic that "Diffserv Service Classes" [5] 378 characterizes as being included in the Network Control Service Class. 380 The DSCPs of the original service class remain an important 381 consideration and should be preserved during aggregation. Traffic in 382 the Network Control treatment aggregate should be carried in a common 383 queue or class with a PHB as described in RFC 2474 [4] section 384 4.2.2.2. This treatment aggregate should have a lower probability of 385 packet loss, bearing a relatively deep target mean queue depth (min- 386 threshold if RED is being used). 388 4.1.2. Real Time Treatment Aggregate 390 The Real Time Treatment Aggregate aggregates all real-time 391 (inelastic) service classes. The theory is that real-time traffic is 392 admitted under some model and controlled by a SLA managed at the edge 393 of the network prior to aggregation. As such, there is a predictable 394 and enforceable upper bound on the traffic that can enter such a 395 queue, and to provide predictable variation in delay it must be 396 protected from bursts of elastic traffic. The predictability of 397 traffic level may be based upon admission control for a well known 398 community of interest (e.g., a point-point service) and/or based upon 399 historical measurements. 401 This treatment aggregate may include the following service classes 402 from the Diffserv Service Classes [5], in addition to other locally 403 defined classes: Telephony, Signaling, Multimedia Conferencing, Real- 404 time Interactive, Broadcast Video. 406 Traffic in each service class that is going to be aggregated into the 407 treatment aggregate should be conditioned prior to aggregation. It 408 is recommended that per service class admission control procedures be 409 used followed by per service class policing so that any individual 410 service class does not generate more than what it is allowed. 411 Furthermore, additional admission control and policing may be used on 412 the sum of all service classes aggregated. 414 The DSCPs of the original service classes remain an important 415 consideration and should be preserved during aggregation. Traffic 416 bearing these DSCPs is carried in a common queue or class with a PHB 417 as described in RFC 3246 [11] and RFC 3247 [12]. 419 4.1.3. Assured Elastic Treatment Aggregate 421 The Assured Elastic Treatment Aggregate aggregates all elastic 422 traffic that uses the Assured Forwarding model as described in RFC 423 2597 [10]. The premise of such a service is that a SLA is negotiated 424 which includes a "committed rate" and the ability to exceed that rate 425 (and perhaps a second "excess rate") in exchange for a higher 426 probability of loss using AQM [9] or ECN flagging [13] for the 427 portion of traffic deemed to be in excess. 429 This treatment aggregate may include the following service classes 430 from the Diffserv Service Classes [5], in addition to other locally 431 defined classes: Multimedia Streaming, Low Latency Data, OAM, High 432 Throughput Data. 434 The DSCP values belonging to the AF PHB group and class selector of 435 the original service classes remain an important consideration and 436 should be preserved during aggregation. This treatment aggregate 437 should maintain the AF PHB group marking of the original packet. For 438 example, AF3x marked packets should remain AF3x marked within this 439 treatment aggregate. In addition, the class selector DSCP value 440 should not be changed. Traffic bearing these DSCPs is carried in a 441 common queue or class with a PHB as described in RFC 2597 [10]. In 442 effect, appropriate target rate thresholds have been applied at the 443 edge, dividing traffic into AFn1 (committed, for any value of n), 444 AFn2, and AFn3 (excess). The service should be engineered so that 445 AFn1 and CS2 marked packet flows have sufficient bandwidth in the 446 network to provide high assurance of delivery. Since the traffic is 447 elastic and responds dynamically to packet loss, Active Queue 448 Management [9] should be used primarily to reduce the forwarding rate 449 to the minimum assured rate at congestion points. The probability of 450 loss of AFn1 and CS2 traffic must not exceed the probability of loss 451 of AFn2 traffic, which in turn must not exceed the probability of 452 loss of AFn3 traffic. 454 If RED [9] is used as an AQM algorithm, the min-threshold specifies a 455 target queue depth for each of AFn1+CS2, AFn2, AFn3, and the max- 456 threshold specifies the queue depth above which all traffic with such 457 a DSCP is dropped or ECN marked. Thus, in this Treatment Aggregate, 458 the following inequalities should hold in queue configurations: 460 o min-threshold AFn3 < max-threshold AFn3 462 o max-threshold AFn3 <= min-threshold AFn2 464 o min-threshold AFn2 < max-threshold AFn2 466 o max-threshold AFn2 <= min-threshold AFn1+CS2 468 o min-threshold AFn1+CS2 < max-threshold AFn1+CS2 470 o max-threshold AFn1+CS2 <= memory assigned to the queue 472 Note: This configuration tends to drop AFn3 traffic before AFn2 and 473 AFn2 before AFn1 and CS2. Many other AQM algorithms exist and are 474 used; they should be configured to achieve a similar result. 476 4.1.4. Elastic Treatment Aggregate 478 The Elastic Treatment Aggregate aggregates all remaining elastic 479 traffic. The premise of such a service is that there is no intrinsic 480 SLA differentiation of traffic, but that AQM [9] or ECN flagging [13] 481 is appropriate for such traffic. 483 This treatment aggregate may include the following service classes 484 from the Diffserv Service Classes [5], in addition to other locally 485 defined classes: Standard, Low Priority Data. 487 The DSCPs of the original service classes remain an important 488 consideration and should be preserved during aggregation. Traffic 489 bearing these DSCPs is carried in a common queue or class with a PHB 490 as described in RFC 2474 [4] section 4.1: A Default PHB. The AQM 491 thresholds for Elastic traffic MAY be separately set, so that Low 492 Priority Data traffic is dropped before Standard traffic, but this is 493 not a requirement. 495 5. Using MPLS for Treatment Aggregates 497 RFC 2983 on DiffServ and Tunnels [7] and RFC 3270 on MPLS Support of 498 DiffServ [8] provide a very good background on this topic. This 499 document provides an example of using the E-LSP, EXP Inferred PHB 500 Scheduled Class (PSC) Label Switched Path (LSP), defined by MPLS 501 Support of DiffServ [8] for realizing the Treatment Aggregates. 503 When Treatment Aggregates are represented in MPLS using EXP Inferred 504 PSC LSP, we recommend the following usage of the MPLS EXP field for 505 Treatment Aggregates. 507 ------------------------------------------- 508 |Treatment || MPLS || DSCP | DSCP | 509 |Aggregate || EXP || name | value | 510 |==========++======++=========|=============| 511 | Network || 110 || CS6 | 110000 | 512 | Control || || | | 513 |==========++======++=========|=============| 514 | Real || 100 || EF | 101110 | 515 | Time || ||---------|-------------| 516 | || || CS5 | 101000 | 517 | || ||---------|-------------| 518 | || ||AF41,AF42|100010,100100| 519 | || || AF43 | 100110 | 520 | || ||---------|-------------| 521 | || || CS4 | 100000 | 522 | || ||---------|-------------| 523 | || || CS3 | 011000 | 524 |==========++======++=========|=============| 525 | Assured || 010* || CS2 | 010000 | 526 | Elastic || || AF31 | 011010 | 527 | || || AF21 | 010010 | 528 | || || AF11 | 001010 | 529 | ||------||---------|-------------| 530 | || 011* || AF32 | 011100 | 531 | || || AF22 | 010100 | 532 | || || AF12 | 001100 | 533 | || || AF33 | 011110 | 534 | || || AF23 | 010110 | 535 | || || AF13 | 001110 | 536 |==========++======++=========|=============| 537 | Elastic || 000* || Default | 000000 | 538 | || || (CS0) | | 539 | ||------||---------|-------------| 540 | || 001* || CS1 | 001000 | 541 ------------------------------------------- 543 Figure 3: Treatment Aggregate and MPLS EXP Field Usage 545 Notes *: For Assured Elastic (and Elastic) Treatment Aggregate, the 546 usage of 010 or 011 (000 or 001) as EXP field value depends on the 547 drop probability. Packets in the LSP with EXP field of 011 (001) 548 have a higher probability of being dropped than packets with an EXP 549 field of 010 (000). 551 The above table indicates the recommended usage of EXP fields for 552 Treatment Aggregates. Because many deployments of MPLS are on a per 553 domain basis, each domain has total control of its EXP usage and each 554 domain may use a different EXP field allocation for the domain's 555 supported Treatment Aggregates. 557 5.1. Network Control Treatment Aggregate with E-LSP 559 The usage of E-LSP for Network Control Treatment Aggregate needs to 560 adhere to the recommendations indicated in section 4.1.1 of this 561 document and section 3.2 of "Diffserv Service Classes" [5]. 562 Reinforcing these recommendations, there should be no drop precedence 563 associated with the MPLS PSC used for Network Control Treatment 564 Aggregate because dropping of Network Control Treatment Aggregate 565 traffic should be prevented. 567 5.2. Real Time Treatment Aggregate with E-LSP 569 In addition to the recommendations provided in section 4.1.2 of this 570 document and in member service classes' sections of "Diffserv Service 571 Classes" [5], we want to indicate that Real Time Treatment Aggregate 572 traffic should not be dropped, as some of the applications whose 573 traffic is carried in the Real Time Treatment Aggregate do not react 574 well to dropped packets. As indicated in section 4.1.2 of this 575 document, admission control should be performed on each Service Class 576 contributing to the Real Time Treatment Aggregate to prevent packet 577 loss due to insufficient resources allocated to Real Time Treatment 578 Aggregate. Further, admission control and policing may also be 579 applied on the sum of all traffic aggregated into this treatment 580 aggregate. 582 5.3. Assured Elastic Treatment Aggregate with E-LSP 584 EXP field markings of 010 and 011 are used for the Assured Elastic 585 Treatment Aggregate. The two encodings are used to provide two 586 levels of drop precedence indications, with 010 encoded traffic 587 having a lower probability of being dropped than 011 encoded traffic. 588 This provides for the mapping of CS2, AF31, AF21, and AF11 into EXP 589 010; and AF32, AF22, AF12 and AF33, AF23, AF13 into EXP 011. If the 590 domain chooses to support only one drop precedence for this treatment 591 aggregate, we recommend the use of 010 for EXP field marking. 593 5.4. Elastic Treatment Aggregate with E-LSP 595 EXP field markings of 000 and 001 are used for the Elastic Treatment 596 Aggregate. The two encodings are used to provide two levels of drop 597 precedence indications, with 000 encoded traffic having a lower 598 probability of being dropped than 001 encoded traffic. This provides 599 for the mapping of Default/CS0 into 000; and CS1 into 001. Notice 600 that with this mapping, during congestion, CS1 marked traffic may be 601 starved. If the domain chooses to support only one drop precedence 602 for this treatment aggregate, we recommend the use of 000 for EXP 603 field marking. 605 5.5. Treatment Aggregates and L-LSP 607 Because L-LSP (Label Only Inferred PSC LSP) supports a single PSC per 608 LSP, the support of each Treatment Aggregate is on a per LSP basis. 609 This document does not further specify any additional recommendation 610 (beyond what has been indicated in section 4 of this document) for 611 Treatment Aggregate to L-LSP mapping, leaving this to each individual 612 MPLS domain administrations. 614 6. Treatment Aggregates and Inter-Provider Relationships 616 When Treatment Aggregates are used at provider boundaries, we 617 recommend that the Inter-Provider Relationship be based on Diffserv 618 Service Classes [5]. This allows the admission control into each 619 Treatment Aggregate of a provider domain to be based on the admission 620 control of traffic into the supported Service Classes, as indicated 621 by the discussion in section 4 of this document. 623 If the Inter-Provider Relationship needs to be based on Treatment 624 Aggregates specified by this document, then the exact Treatment 625 Aggregate content and representation must be agreed to by the peering 626 providers. 628 Some additional work on Inter-Provider Relationships is provided by 629 Inter-provider QoS [16], where details on supporting realtime 630 services between service providers are discussed. Some related work 631 in ITU-T provided by Appendix VI of Y.1541 [17] may also help with 632 inter-provider relationships, especially with international 633 providers. 635 7. Security Considerations 637 This document discusses the policy of using Differentiated Services 638 and its service classes. If implemented as described, it should 639 require that the network do nothing that the network has not already 640 allowed. If that is the case, no new security issues should arise 641 from the use of such a policy. 643 It is possible for the policy to be applied incorrectly, or for a 644 wrong policy to be applied in the network for the defined 645 aggregation. In that case, a policy issue exists that the network 646 must detect, assess, and deal with. This is a known security issue 647 in any network dependent on policy-directed behavior. 649 A well known flaw appears when bandwidth is reserved or enabled for a 650 service (for example, voice transport) and another service or an 651 attacking traffic stream uses it. This possibility is inherent in 652 DiffServ technology, which depends on appropriate packet markings. 653 When bandwidth reservation or a priority queuing system is used in a 654 vulnerable network, the use of authentication and flow admission is 655 recommended. To the best of the authors' knowledge, there is no 656 known technical way to respond to or act upon a data stream that has 657 been admitted for service but that it is not intended for 658 authenticated use. 660 8. IANA Considerations 662 This document does not request any IANA considerations. 664 9. Acknowledgements 666 This document has benefited from discussions with numerous people, 667 especially Shane Amante, Brian Carpenter, and Dave McDysan. It has 668 also benefited from detailed reviews by David Black and Marvin Krym. 670 10. References 672 10.1. Normative References 674 [1] Postel, J., "Internet Protocol", STD 5, RFC 791, 675 September 1981. 677 [2] Bradner, S., "The Internet Standards Process -- Revision 3", 678 BCP 9, RFC 2026, October 1996. 680 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 681 Levels", BCP 14, RFC 2119, March 1997. 683 [4] Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of 684 the Differentiated Services Field (DS Field) in the IPv4 and 685 IPv6 Headers", RFC 2474, December 1998. 687 [5] Babiarz, J., Chan, K., and F. Baker, "Configuration Guidelines 688 for DiffServ Service Classes", RFC 4594, August 2006. 690 [6] Braden, B., Clark, D., and S. Shenker, "Integrated Services in 691 the Internet Architecture: an Overview", RFC 1633, June 1994. 693 [7] Black, D., "Differentiated Services and Tunnels", RFC 2983, 694 October 2000. 696 [8] Le Faucheur, F., Wu, L., Davie, B., Davari, S., Vaananen, P., 697 Krishnan, R., Cheval, P., and J. Heinanen, "Multi-Protocol 698 Label Switching (MPLS) Support of Differentiated Services", 699 RFC 3270, May 2002. 701 [9] Braden, B., Clark, D., Crowcroft, J., Davie, B., Deering, S., 702 Estrin, D., Floyd, S., Jacobson, V., Minshall, G., Partridge, 703 C., Peterson, L., Ramakrishnan, K., Shenker, S., Wroclawski, 704 J., and L. Zhang, "Recommendations on Queue Management and 705 Congestion Avoidance in the Internet", RFC 2309, April 1998. 707 [10] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski, "Assured 708 Forwarding PHB Group", RFC 2597, June 1999. 710 [11] Davie, B., Charny, A., Bennet, J., Benson, K., Le Boudec, J., 711 Courtney, W., Davari, S., Firoiu, V., and D. Stiliadis, "An 712 Expedited Forwarding PHB (Per-Hop Behavior)", RFC 3246, 713 March 2002. 715 [12] Charny, A., Bennet, J., Benson, K., Boudec, J., Chiu, A., 716 Courtney, W., Davari, S., Firoiu, V., Kalmanek, C., and K. 717 Ramakrishnan, "Supplemental Information for the New Definition 718 of the EF PHB (Expedited Forwarding Per-Hop Behavior)", 719 RFC 3247, March 2002. 721 [13] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of 722 Explicit Congestion Notification (ECN) to IP", RFC 3168, 723 September 2001. 725 10.2. Informative References 727 [14] Choi, B., Moon, S., Zhang, Z., Papagiannaki, K., and C. Diot, 728 "Analysis of Point-To-Point Packet Delay in an Operational 729 Network", INFOCOMM 2004, March 2004, 730 . 732 [15] Ogielski, A. and J. Cowie, "Internet Routing Behavior on 9/11", 733 March 2002, . 736 [16] MIT Communications Futures Program, "Inter-provider Quality of 737 Service", November 2006, < 738 http://cfp.mit.edu/resources/papers/Interprovider QoS 739 MIT_CFP_WP_9_14_06.pdf>. 741 [17] International Telecommunications Union, "Network performance 742 objectives for IP-based services", February 2006. 744 Authors' Addresses 746 Kwok Ho Chan 747 Nortel Networks 748 600 Technology Park Drive 749 Billerica, MA 01821 750 US 752 Phone: +1-978-288-8175 753 Fax: +1-978-288-8700 754 Email: khchan@nortel.com 756 Jozef Z. Babiarz 757 Nortel Networks 758 3500 Carling Avenue 759 Ottawa, Ont. K2H 8E9 760 Canada 762 Phone: +1-613-763-6098 763 Fax: +1-613-768-2231 764 Email: babiarz@nortel.com 766 Fred Baker 767 Cisco Systems 768 1121 Via Del Rey 769 Santa Barbara, CA 93117 770 US 772 Phone: +1-408-526-4257 773 Fax: +1-413-473-2403 774 Email: fred@cisco.com 776 Full Copyright Statement 778 Copyright (C) The IETF Trust (2007). 780 This document is subject to the rights, licenses and restrictions 781 contained in BCP 78, and except as set forth therein, the authors 782 retain all their rights. 784 This document and the information contained herein are provided on an 785 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 786 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 787 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 788 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 789 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 790 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 792 Intellectual Property 794 The IETF takes no position regarding the validity or scope of any 795 Intellectual Property Rights or other rights that might be claimed to 796 pertain to the implementation or use of the technology described in 797 this document or the extent to which any license under such rights 798 might or might not be available; nor does it represent that it has 799 made any independent effort to identify any such rights. Information 800 on the procedures with respect to rights in RFC documents can be 801 found in BCP 78 and BCP 79. 803 Copies of IPR disclosures made to the IETF Secretariat and any 804 assurances of licenses to be made available, or the result of an 805 attempt made to obtain a general license or permission for the use of 806 such proprietary rights by implementers or users of this 807 specification can be obtained from the IETF on-line IPR repository at 808 http://www.ietf.org/ipr. 810 The IETF invites any interested party to bring to its attention any 811 copyrights, patents or patent applications, or other proprietary 812 rights that may cover technology that may be required to implement 813 this standard. Please address the information to the IETF at 814 ietf-ipr@ietf.org. 816 Acknowledgment 818 Funding for the RFC Editor function is provided by the IETF 819 Administrative Support Activity (IASA).