| < draft-ietf-dime-drmp-04.txt | draft-ietf-dime-drmp-05.txt > | |||
|---|---|---|---|---|
| Diameter Maintenance and Extensions (DIME) S. Donovan | Diameter Maintenance and Extensions (DIME) S. Donovan | |||
| Internet-Draft Oracle | Internet-Draft Oracle | |||
| Intended status: Standards Track March 10, 2016 | Intended status: Standards Track April 5, 2016 | |||
| Expires: September 11, 2016 | Expires: October 7, 2016 | |||
| Diameter Routing Message Priority | Diameter Routing Message Priority | |||
| draft-ietf-dime-drmp-04.txt | draft-ietf-dime-drmp-05.txt | |||
| Abstract | Abstract | |||
| When making routing and resource allocation decisions, Diameter nodes | When making routing and resource allocation decisions, Diameter nodes | |||
| currently have no generic mechanism to determine the relative | currently have no generic mechanism to determine the relative | |||
| priority of Diameter messages. This document addresses this by | priority of Diameter messages. This document addresses this by | |||
| defining a mechanism to allow Diameter endpoints to indicate the | defining a mechanism to allow Diameter endpoints to indicate the | |||
| relative priority of Diameter transactions. With this information | relative priority of Diameter transactions. With this information | |||
| Diameter nodes can factor that priority into routing, resource | Diameter nodes can factor that priority into routing, resource | |||
| allocation and overload abatement decisions. | allocation and overload abatement decisions. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 11, 2016. | This Internet-Draft will expire on October 7, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 32 ¶ | skipping to change at page 2, line 32 ¶ | |||
| 9.1. DRMP AVP . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9.1. DRMP AVP . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 9.2. Attribute Value Pair flag rules . . . . . . . . . . . . . 12 | 9.2. Attribute Value Pair flag rules . . . . . . . . . . . . . 12 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 10.1. AVP codes . . . . . . . . . . . . . . . . . . . . . . . 12 | 10.1. AVP codes . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 10.2. New registries . . . . . . . . . . . . . . . . . . . . . 12 | 10.2. New registries . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 11. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | |||
| 11.1. Potential Threat Modes . . . . . . . . . . . . . . . . . 13 | 11.1. Potential Threat Modes . . . . . . . . . . . . . . . . . 13 | |||
| 11.2. Denial of Service Attacks . . . . . . . . . . . . . . . 14 | 11.2. Denial of Service Attacks . . . . . . . . . . . . . . . 14 | |||
| 11.3. End-to End-Security Issues . . . . . . . . . . . . . . . 14 | 11.3. End-to End-Security Issues . . . . . . . . . . . . . . . 14 | |||
| 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14 | 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 14 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 15 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 15 | 13.2. Informative References . . . . . . . . . . . . . . . . . 15 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| The DOIC solution [RFC7683] for Diameter overload control introduces | The Diameter Overload Indication Conveyance (DOIC) solution [RFC7683] | |||
| scenarios where Diameter routing decisions made by Diameter nodes can | for Diameter overload control introduces scenarios where Diameter | |||
| be influenced by the overload state of other Diameter nodes. This | routing decisions made by Diameter nodes can be influenced by the | |||
| includes the scenarios where Diameter endpoints and Diameter agents | overload state of other Diameter nodes. This includes the scenarios | |||
| can throttle requests as a result of the target for the request being | where Diameter endpoints and Diameter agents can throttle requests as | |||
| overloaded. | a result of the target for the request being overloaded. | |||
| With currently available mechanisms these Diameter nodes do not have | With currently available mechanisms these Diameter nodes do not have | |||
| a mechanism to differentiate request message priorities when making | a mechanism to differentiate request message priorities when making | |||
| these throttling decisions. As such, all requests are treated the | these throttling decisions. As such, all requests are treated the | |||
| same, meaning that all requests have the same probability of being | same, meaning that all requests have the same probability of being | |||
| throttled. | throttled. | |||
| There are scenarios where treating all requests the same can cause | There are scenarios where treating all requests the same can cause | |||
| issues. For instance it might be considered important to reduce the | issues. For instance, it might be considered important to reduce the | |||
| probability of transactions involving first responders during a | probability of transactions involving first responders being | |||
| period of heavy signaling resulting from a natural disaster being | throttled during overload scenarios caused, for example, by a period | |||
| throttled during overload scenarios. | of heavy signaling resulting from a natural disaster. | |||
| This document defines a mechanism that allows Diameter nodes to | This document defines a mechanism that allows Diameter nodes to | |||
| indicate the relative priority of Diameter transactions. With this | indicate the relative priority of Diameter transactions. With this | |||
| information other Diameter nodes can factor the relative priority of | information other Diameter nodes can factor the relative priority of | |||
| requests into routing and throttling decisions. | requests into routing and throttling decisions. | |||
| 2. Terminology and Abbreviations | 2. Terminology and Abbreviations | |||
| Diversion | Diversion | |||
| skipping to change at page 3, line 46 ¶ | skipping to change at page 3, line 46 ¶ | |||
| node. Abatement actions include diversion and throttling. | node. Abatement actions include diversion and throttling. | |||
| Priority | Priority | |||
| The relative importance of a Diameter message. A lower priority | The relative importance of a Diameter message. A lower priority | |||
| value implies a higher relative importance of the message. | value implies a higher relative importance of the message. | |||
| Throttling | Throttling | |||
| As defined in [RFC7683]. An abatement treatment that limits the | As defined in [RFC7683]. An abatement treatment that limits the | |||
| number of requests sent by the DIOC reacting node. Throttling can | number of requests sent by the DOIC reacting node. Throttling can | |||
| include a Diameter Client choosing to not send requests, or a | include a Diameter Client choosing to not send requests, or a | |||
| Diameter Agent or Server rejecting requests with appropriate error | Diameter Agent or Server rejecting requests with appropriate error | |||
| responses. In both cases the result of the throttling is a | responses. In both cases the result of the throttling is a | |||
| permanent rejection of the transaction. | permanent rejection of the transaction. | |||
| 3. Conventions Used in This Document | 3. Conventions Used in This Document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| skipping to change at page 4, line 52 ¶ | skipping to change at page 4, line 52 ¶ | |||
| It is also envisioned that DRMP priority information could be used by | It is also envisioned that DRMP priority information could be used by | |||
| Diameter endpoints to make resource allocation decisions. For | Diameter endpoints to make resource allocation decisions. For | |||
| instance, a Diameter Server might choose to use the priority | instance, a Diameter Server might choose to use the priority | |||
| information to treat higher priority requests ahead of lower priority | information to treat higher priority requests ahead of lower priority | |||
| requests. | requests. | |||
| Note: There are a number of application specific definitions | Note: There are a number of application specific definitions | |||
| indicating various views of application level priority for | indicating various views of application level priority for | |||
| different requests. Using these application specific priority | different requests. Using these application specific priority | |||
| AVPs as input to throttling and other Diameter routing decisions | Attribute Value Pairs (AVPs) as input to throttling and other | |||
| would require Diameter agents to understand all applications and | Diameter routing decisions would require Diameter agents to | |||
| do application specific parsing of all messages in order to | understand all applications and do application specific parsing of | |||
| determine the priority of individual messages. This is considered | all messages in order to determine the priority of individual | |||
| an unacceptable level of complexity to put on elements whose | messages. This is considered an unacceptable level of complexity | |||
| primary responsibility is to route Diameter messages. | to put on elements whose primary responsibility is to route | |||
| Diameter messages. | ||||
| 5. Use Cases | 5. Use Cases | |||
| This section discusses various scenarios where Diameter transactions | This section discusses various scenarios where Diameter transactions | |||
| can benefit from the use of priority information. | can benefit from the use of priority information. | |||
| 5.1. First Responder Related Signaling | 5.1. First Responder Related Signaling | |||
| Natural disasters can result in a considerable increase in usage of | Natural disasters can result in a considerable increase in usage of | |||
| network resources. This can be made worse if the disaster results in | network resources. This can be made worse if the disaster results in | |||
| skipping to change at page 6, line 12 ¶ | skipping to change at page 6, line 12 ¶ | |||
| emergency calls, this signaling should also be given preferential | emergency calls, this signaling should also be given preferential | |||
| treatment when possible. | treatment when possible. | |||
| 5.3. Differentiated Services | 5.3. Differentiated Services | |||
| Operators may desire to differentiate network-based services by | Operators may desire to differentiate network-based services by | |||
| providing a service level agreement that includes preferential | providing a service level agreement that includes preferential | |||
| Diameter routing behavior. This might, for example, be modeled as | Diameter routing behavior. This might, for example, be modeled as | |||
| Platinum, Gold and Silver levels of service. | Platinum, Gold and Silver levels of service. | |||
| In this scenario an operator might offer a Platinum SLA the includes | In this scenario an operator might offer a Platinum SLA that includes | |||
| ensuring that all signaling for a customer who purchases the Platinum | ensuring that all signaling for a customer who purchases the Platinum | |||
| service being marked as having a higher priority than signaling | service being marked as having a higher priority than signaling | |||
| associated with Gold and Silver customers. | associated with Gold and Silver customers. | |||
| 5.4. Application Specific Priorities | 5.4. Application Specific Priorities | |||
| There are scenarios within Diameter applications where it might be | There are scenarios within Diameter applications where it might be | |||
| appropriate to give a subset of the transactions for the application | appropriate to give a subset of the transactions for the application | |||
| a higher priority than other transactions for that application. | a higher priority than other transactions for that application. | |||
| skipping to change at page 6, line 48 ¶ | skipping to change at page 6, line 48 ¶ | |||
| There are also scenarios where the priority of requests for | There are also scenarios where the priority of requests for | |||
| individual command codes within an application depends on the context | individual command codes within an application depends on the context | |||
| that exists when the request is sent. There isn't always information | that exists when the request is sent. There isn't always information | |||
| in the message from which this context can be determined by Diameter | in the message from which this context can be determined by Diameter | |||
| nodes other than the node that originates the request. | nodes other than the node that originates the request. | |||
| This is similar to the scenario where a series of requests are needed | This is similar to the scenario where a series of requests are needed | |||
| to access a network service. It is different in that the series of | to access a network service. It is different in that the series of | |||
| requests involve different application command codes. In this | requests involve different application command codes. In this | |||
| scenario it is requests with the same command code that have | scenario requests with the same command code have different implied | |||
| different implied priorities. | priorities. | |||
| One example of this is in the 3GPP application [S6a] where a ULR | One example of this is in the 3GPP application [S6a] where an | |||
| request resulting from an MME (Mobility Management Entity) | Update Location Request (ULR) request resulting from an MME | |||
| restoration procedure might be given a higher priority than a ULR | (Mobility Management Entity) restoration procedure might be given | |||
| (Update Location Request) resulting from an initial attach. | a higher priority than a ULR (Update Location Request) resulting | |||
| from an initial attach. | ||||
| 6. Theory of Operation | 6. Theory of Operation | |||
| This section outlines the envisioned usage of DRMP. | This section outlines the envisioned usage of DRMP. | |||
| The expected behavior depends on the role (request sender, agent or | The expected behavior depends on the role (request sender, agent or | |||
| request handler) of the Diameter node handling the request. | request handler) of the Diameter node handling the request. | |||
| The following behavior is expected during the flow of a Diameter | The following behavior is expected during the flow of a Diameter | |||
| transaction. | transaction. | |||
| skipping to change at page 8, line 34 ¶ | skipping to change at page 8, line 34 ¶ | |||
| answers for higher priority transactions are given preferential | answers for higher priority transactions are given preferential | |||
| treatment to lower priority transactions. When forwarding the | treatment to lower priority transactions. When forwarding the | |||
| answer messages, agents generally do not modify the priority | answer messages, agents generally do not modify the priority | |||
| information present in the received answer messages nor include | information present in the received answer messages nor include | |||
| the priority information when absent in the received answer | the priority information when absent in the received answer | |||
| messages. However, in some scenarios, agents can modify the | messages. However, in some scenarios, agents can modify the | |||
| priority information, for example, edge agents modifying the | priority information, for example, edge agents modifying the | |||
| priority values set by an adjacent operator. There might be | priority values set by an adjacent operator. There might be | |||
| other scenarios where a Diameter endpoint does not support the | other scenarios where a Diameter endpoint does not support the | |||
| DRMP mechanism and agents insert the priority information for | DRMP mechanism and agents insert the priority information for | |||
| that non supporting endpoint. | that non-supporting endpoint. | |||
| 6. Answer handler - The answer handler uses the same method as the | 6. Answer handler - The answer handler uses the same method as the | |||
| agent to determine the priority of the answer message. By | agent to determine the priority of the answer message. By | |||
| default the handler of the answer message uses the priority saved | default the handler of the answer message uses the priority saved | |||
| in the transaction's state. Priority information in the answer | in the transaction's state. Priority information in the answer | |||
| message is used when present. The priority is used when | message is used when present. The priority is used when | |||
| allocating resources for processing that occurs after the receipt | allocating resources for processing that occurs after the receipt | |||
| of the answer message. | of the answer message. | |||
| 7. Extensibility | 7. Extensibility | |||
| skipping to change at page 9, line 29 ¶ | skipping to change at page 9, line 29 ¶ | |||
| understand application specific AVPs. | understand application specific AVPs. | |||
| When available, Diameter nodes SHOULD use routing priority | When available, Diameter nodes SHOULD use routing priority | |||
| information included in the DRMP AVP when making Diameter overload | information included in the DRMP AVP when making Diameter overload | |||
| throttling decisions. | throttling decisions. | |||
| Diameter agents MAY use routing priority information included in the | Diameter agents MAY use routing priority information included in the | |||
| DRMP AVP when relaying request and answer messages. This includes | DRMP AVP when relaying request and answer messages. This includes | |||
| the selection of routes and the ordering of messages relayed. | the selection of routes and the ordering of messages relayed. | |||
| The priority information included in the DRMP AVP in request | Note: The priority information included in the DRMP AVP in request | |||
| messages applies to both the request message and, by default, | messages applies to both the request message and, by default, | |||
| answer message associated with the transaction. | answer message associated with the transaction. | |||
| While done only in exceptional circumstances, Diameter agents MAY | While done only in exceptional circumstances, Diameter agents MAY | |||
| modify priority information when relaying request and answer | modify priority information when relaying request and answer | |||
| messages. | messages. | |||
| There might be scenarios where a Diameter agent does modify | Note: There might be scenarios where a Diameter agent does modify | |||
| priority information. For instance, an edge agent might need to | priority information. For instance, an edge agent might need to | |||
| modify the priority values set by an adjacent operator. | modify the priority values set by an adjacent operator. | |||
| While done only in exceptional circumstances, Diameter agents MAY add | While done only in exceptional circumstances, Diameter agents MAY add | |||
| priority information when relaying request and answer messages. | priority information when relaying request and answer messages. | |||
| There might be scenarios where a Diameter endpoint does not | Note: There might be scenarios where a Diameter endpoint does not | |||
| support the DRMP mechanism and agents insert priority information | support the DRMP mechanism and agents insert priority information | |||
| for that non supporting endpoint. | for that non-supporting endpoint. | |||
| Diameter endpoints MAY use routing priority information included in | Diameter endpoints MAY use routing priority information included in | |||
| the DRMP AVP when making resource allocation decisions for the | the DRMP AVP when making resource allocation decisions for the | |||
| transaction associated with the request message that contains the | transaction associated with the request message that contains the | |||
| DRMP information. | DRMP information. | |||
| Diameter endpoints MAY use routing priority information included in | Diameter endpoints MAY use routing priority information included in | |||
| the DRMP AVP when making resource allocation decisions for the | the DRMP AVP when making resource allocation decisions for the | |||
| transaction associated with the answer messages using the DRMP | transaction associated with the answer messages using the DRMP | |||
| information associated with the transaction. | information associated with the transaction. | |||
| skipping to change at page 11, line 20 ¶ | skipping to change at page 11, line 20 ¶ | |||
| 9. Attribute Value Pairs | 9. Attribute Value Pairs | |||
| This section describes the encoding and semantics of the Diameter | This section describes the encoding and semantics of the Diameter | |||
| Overload Indication Attribute Value Pairs (AVPs) defined in this | Overload Indication Attribute Value Pairs (AVPs) defined in this | |||
| document. | document. | |||
| 9.1. DRMP AVP | 9.1. DRMP AVP | |||
| The DRMP (AVP code TBD1) is of type Enumerated. The value of the AVP | The DRMP (AVP code TBD1) is of type Enumerated. The value of the AVP | |||
| indicates the routing message priority for the transaction. The | indicates the routing message priority for the transaction. The | |||
| following values are initially defined: | following values are defined: | |||
| PRIORITY_15 15 PRIORITY_15 is the lowest priority. | PRIORITY_15 15 PRIORITY_15 is the lowest priority. | |||
| PRIORITY_14 14 PRIORITY_14 is a higher priority than PRIORITY_15 and | PRIORITY_14 14 PRIORITY_14 is a higher priority than PRIORITY_15 and | |||
| a lower priority than PRIORITY_13. | a lower priority than PRIORITY_13. | |||
| PRIORITY_13 13 PRIORITY_13 is a higher priority than PRIORITY_14 and | PRIORITY_13 13 PRIORITY_13 is a higher priority than PRIORITY_14 and | |||
| a lower priority than PRIORITY_12. | a lower priority than PRIORITY_12. | |||
| PRIORITY_12 12 PRIORITY_12 is a higher priority than PRIORITY_13 and | PRIORITY_12 12 PRIORITY_12 is a higher priority than PRIORITY_13 and | |||
| skipping to change at page 12, line 46 ¶ | skipping to change at page 12, line 46 ¶ | |||
| AVP codes are allocated from the 'Authentication, Authorization, and | AVP codes are allocated from the 'Authentication, Authorization, and | |||
| Accounting (AAA) Parameters' AVP Codes registry. | Accounting (AAA) Parameters' AVP Codes registry. | |||
| 10.2. New registries | 10.2. New registries | |||
| There are no new IANA registries introduced by this document. | There are no new IANA registries introduced by this document. | |||
| 11. Security Considerations | 11. Security Considerations | |||
| DRMP gives Diameter nodes the ability to influence which requests are | DRMP gives Diameter nodes the ability to influence which requests are | |||
| are throttled during overload scenarios. Improper use of the DRMP | throttled during overload scenarios. Improper use of the DRMP | |||
| mechanism could result in the malicious Diameter node gaining | mechanism could result in the malicious Diameter node gaining | |||
| preferential treatment, by reducing the probability of its requests | preferential treatment, by reducing the probability of its requests | |||
| being throttled, over other Diameter nodes. This would be achieved | being throttled, over other Diameter nodes. This would be achieved | |||
| by the malicious node inserting artificially high priority values. | by the malicious node inserting artificially high priority values. | |||
| Diameter does not include features to provide end-to-end | Diameter does not include features to provide end-to-end | |||
| authentication, integrity protection, or confidentiality. This opens | authentication, integrity protection, or confidentiality. This opens | |||
| the possibility that malicious or compromised agents in the path of a | the possibility that malicious or compromised agents in the path of a | |||
| request could modify the DRMP AVP to reflect a priority different | request could modify the DRMP AVP to reflect a priority different | |||
| than that asserted by the sender of the request. | than that asserted by the sender of the request. | |||
| 11.1. Potential Threat Modes | 11.1. Potential Threat Modes | |||
| The Diameter protocol involves transactions in the form of requests | The Diameter protocol involves transactions in the form of requests | |||
| and answers exchanged between clients and servers. These clients and | and answers exchanged between clients and servers. These clients and | |||
| servers may be peers, that is, they may share a direct transport | servers may be peers, that is, they may share a direct transport | |||
| (e.g., TCP or SCTP) connection, or the messages may traverse one or | (e.g., Transmission Control Protocol (TCP) or Stream Control | |||
| more intermediaries, known as Diameter Agents. Diameter nodes use | Transmission Protocol (SCTP)) connection, or the messages may | |||
| TLS, DTLS, or IPsec to authenticate peers, and to provide | traverse one or more intermediaries, known as Diameter Agents. | |||
| Diameter nodes use Transport Layer Security (TLS), Datagram Transport | ||||
| Layer Security (DTLS), or IPsec to authenticate peers, and to provide | ||||
| confidentiality and integrity protection of traffic between peers. | confidentiality and integrity protection of traffic between peers. | |||
| Nodes can make authorization decisions based on the peer identities | Nodes can make authorization decisions based on the peer identities | |||
| authenticated at the transport layer. | authenticated at the transport layer. | |||
| When agents are involved, this presents an effectively transitive | When agents are involved, this presents an effectively transitive | |||
| trust model. That is, a Diameter client or server can authorize an | trust model. That is, a Diameter client or server can authorize an | |||
| agent for certain actions, but it must trust that agent to make | agent for certain actions, but it must trust that agent to make | |||
| appropriate authorization decisions about its peers, and so on. | appropriate authorization decisions about its peers, and so on. | |||
| Since confidentiality and integrity protection occurs at the | Since confidentiality and integrity protection occurs at the | |||
| transport layer, agents can read, and perhaps modify, any part of a | transport layer, agents can read, and perhaps modify, any part of a | |||
| skipping to change at page 14, line 10 ¶ | skipping to change at page 14, line 12 ¶ | |||
| have a potentially greater impact in this scenario as the priority | have a potentially greater impact in this scenario as the priority | |||
| indication impacts the handling of all requests at all times, | indication impacts the handling of all requests at all times, | |||
| independent of the overload status of Diameter nodes in the Diameter | independent of the overload status of Diameter nodes in the Diameter | |||
| network. | network. | |||
| 11.2. Denial of Service Attacks | 11.2. Denial of Service Attacks | |||
| The DRMP mechanism does not open direct denial of service attack | The DRMP mechanism does not open direct denial of service attack | |||
| vectors. Rather, it introduces a mechanism where a node can gain | vectors. Rather, it introduces a mechanism where a node can gain | |||
| unwarranted preferential treatment. It also introduces a mechanism | unwarranted preferential treatment. It also introduces a mechanism | |||
| where a node can get degrated service in the scenario where a rogue | where a node can get degraded service in the scenario where a rogue | |||
| agent changes the priority value included in messages. | agent changes the priority value included in messages. | |||
| 11.3. End-to End-Security Issues | 11.3. End-to End-Security Issues | |||
| The lack of end-to-end integrity features makes it difficult to | The lack of end-to-end integrity features in Diameter [RFC6733] makes | |||
| establish trust in DRMP AVPs received from non-adjacent nodes. Any | it difficult to establish trust in DRMP AVPs received from non- | |||
| agents in the message path may insert or modify DRMP AVPs. Nodes | adjacent nodes. Any agents in the message path may insert or modify | |||
| must trust that their adjacent peers perform proper checks on | DRMP AVPs. Nodes must trust that their adjacent peers perform proper | |||
| overload reports from their peers, and so on, creating a transitive- | checks on overload reports from their peers, and so on, creating a | |||
| trust requirement extending for potentially long chains of nodes. | transitive-trust requirement extending for potentially long chains of | |||
| Network operators must determine if this transitive trust requirement | nodes. Network operators must determine if this transitive trust | |||
| is acceptable for their deployments. Nodes supporting DRMP MUST give | requirement is acceptable for their deployments. Nodes supporting | |||
| operators the ability to select which peers are trusted to deliver | DRMP MUST give operators the ability to select which peers are | |||
| DRMP AVPs, and whether they are trusted to forward the DRMP AVPs from | trusted to deliver DRMP AVPs, and whether they are trusted to forward | |||
| non-adjacent nodes. Diameter nodes MUST strip DRMP AVPs from | the DRMP AVPs from non-adjacent nodes. Diameter nodes MUST strip | |||
| messages received from peers that are not trusted for DRMP purposes. | DRMP AVPs from messages received from peers that are not trusted for | |||
| DRMP purposes. | ||||
| It is expected that work on end-to-end Diameter security might make | It is expected that work on end-to-end Diameter security might make | |||
| it easier to establish trust in non-adjacent nodes for DRMP purposes. | it easier to establish trust in non-adjacent nodes for DRMP purposes. | |||
| Readers should be reminded, however, that the DRMP mechanism allows | Readers should be reminded, however, that the DRMP mechanism allows | |||
| Diameter agents to modify AVPs in existing messages that are | Diameter agents to modify AVPs in existing messages that are | |||
| originated by other nodes. If end-to-end security is enabled, there | originated by other nodes. If end-to-end security is enabled, there | |||
| is a risk that such modification could violate integrity protection. | is a risk that such modification could violate integrity protection. | |||
| The details of using any future Diameter end-to-end security | The details of using any future Diameter end-to-end security | |||
| mechanism with DRMP will require careful consideration, and are | mechanism with DRMP will require careful consideration, and are | |||
| beyond the scope of this document. | beyond the scope of this document. | |||
| End of changes. 21 change blocks. | ||||
| 53 lines changed or deleted | 58 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||