Re: [Dime] DOIC Endpoint behavior -- Capability Exchange
Jouni Korhonen <jouni.nospam@gmail.com> Fri, 07 February 2014 08:44 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1C0F1A039F for <dime@ietfa.amsl.com>; Fri, 7 Feb 2014 00:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mu82Kiyqlwy5 for <dime@ietfa.amsl.com>; Fri, 7 Feb 2014 00:44:26 -0800 (PST)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id 60E7E1A05E8 for <dime@ietf.org>; Fri, 7 Feb 2014 00:44:26 -0800 (PST)
Received: by mail-lb0-f181.google.com with SMTP id z11so1426966lbi.12 for <dime@ietf.org>; Fri, 07 Feb 2014 00:44:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=K6YDJpN6nhQVNpvo0t5gT1ylVWRPh5XAIfD6AYKTI1Y=; b=HB4/lm4Bg7NuCL++m3Np9/RDTMslvdj/LpHq0VVHbi5BTFrov39JmlPmkCVUmvHOHG zc3xzIR3oPnRrqKdr9MKyRhwd9l2Ae3bfFSNQuRyIjUyuGGnzmZAww9TpgIH9E8YFhPP IwxxDhRpeXn73QOCrNdH2nf+AAlah6PBUE8hC0CTnRpnJiAdWw8/pzpPeh0n99i0obvQ lz2WOgU4oBYjX/LI5MSvTN/IwayvrnGD1nC9ZzwVZ1ORLpN8aeuS4KHkr0il3jr5LBIp uJNmby2xEnQfox+VxHpXLtvVnhNgJ+Lz+LQohxNKH/PExp1clPlfJD4gqy9HVf95vev9 uY7w==
X-Received: by 10.152.36.8 with SMTP id m8mr9256309laj.24.1391762664334; Fri, 07 Feb 2014 00:44:24 -0800 (PST)
Received: from ?IPv6:2001:6e8:480:60:5cf:580e:21dd:449d? ([2001:6e8:480:60:5cf:580e:21dd:449d]) by mx.google.com with ESMTPSA id gi5sm4093044lbc.4.2014.02.07.00.44.14 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 07 Feb 2014 00:44:14 -0800 (PST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <5BCBA1FC2B7F0B4C9D935572D9000668151B1E1B@DEMUMBX014.nsn-intra.net>
Date: Fri, 07 Feb 2014 10:44:15 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <84E09CCD-8651-45C2-867F-6E881C2E96AA@gmail.com>
References: <52F02C62.70600@usdonovans.com> <5BCBA1FC2B7F0B4C9D935572D9000668151B1E1B@DEMUMBX014.nsn-intra.net>
To: "Wiehe, Ulrich (NSN - DE/Munich)" <ulrich.wiehe@nsn.com>
X-Mailer: Apple Mail (2.1510)
Cc: "dime@ietf.org" <dime@ietf.org>
Subject: Re: [Dime] DOIC Endpoint behavior -- Capability Exchange
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 08:44:34 -0000
Gotta hate these mega long mails ;) See inline.. On Feb 4, 2014, at 3:43 PM, "Wiehe, Ulrich (NSN - DE/Munich)" <ulrich.wiehe@nsn.com> wrote: > Steve, > > please find comments inline. > > Regards > Ulrich > > From: DiME [mailto:dime-bounces@ietf.org] On Behalf Of ext Steve Donovan > Sent: Tuesday, February 04, 2014 12:55 AM > To: dime@ietf.org > Subject: [Dime] DOIC Endpoint behavior -- Capability Exchange > > All, > > I believe that the current DOIC Endpoint behavior definition is not sufficiently defined, especially for agents. > <Ulrich> I agree. </Ulrich> > > There was also a change introduced in the -01 version of the draft that implies that there can be a DOIC association that goes through a DOIC enabled agent. This was not how I understood endpoints. > <Ulrich> same with me </Ulrich> The original diagrams showed a DOIC agent as terminating an endpoint that came to it. I suspect there were different assumptions that lead to clearly different interpretations. > > I propose that we return to the original diagrams and add the wording below on how DOC agents behave. One way to look at this is that DOC agents act as back-to-back DOC endpoints. I intentionally don't say back-to-back Diameter endpoints because this does not impact anything except the handling of DOIC related AVPs. > > Note that I don't believe this requires any changes to Diameter clients or servers. I also don't believe this requires any changes to the contents of the DOIC related AVPs but there is an open question as to whether there is a need to indicate when a OC-Supported-Features AVP is generated or modified by an agent. > > I propose to add the following section to the section on capabilities announcement. I'll send a separate email proposing text to section 5.5 on how DOC agents are to behave. > > Regards, > > Steve > > ----- > > 5.3.1 DOC Agent handling of DOIC capability exchange. > > A DOC agent is defined as a Diameter agent that supports the DOIC extension. > <Ulrich> A Diameter agent that supports the DOIC extension is not necessarily taking the role of a reacting DOIC endpoint. > It only takes the role of a reacting DOIC endpoint when receiving a request that does not contain an OC-Supported-Features AVP. > Similarily a Diameter agent that supports the DOIC extensions is not necessarily taking the role of a reporting DOIC endpoint. > It only takes the role of a reporting DOIC endpoint when receiving a realm type request (not containing a destination host) that contains an OC-Supported-Features AVP while it is configured to act as a reporting DOIC endpoint for that realm. </Ulrich> > > A DOC node is defined as a Diameter client, Diameter server or Diameter agent that supports the DOIC extension > <Ulrich> and decided to take the role of a reacting DOIC endpoint and/or reporting DOIC endpoint </Ulrich>. > > An downstream DOIC Association is defined as the association between the DOIC supporting Diameter entity that sends a Diameter request message to a DOC agent and the DOC agent. > > A upstream DOIC Association is defined as the association between a DOC agent and the Diameter entity to which the DOC agent sends the Diameter request message. The following illustrated the upstream and downstream concepts. > > DOC node <--downstream DOIC association--> DOC agent <--upstream DOIC association--> DOC node > Direction of request message for a transaction -----> > Direction of answer message for a transaction <----- > <Ulrich> this depends on the point of view: one node's downstream DOIC association is another node's upstream DOIC association. </Ulrich> > <Ulrich> The general case is: > > +---------+ +---------+ +--------+ +--------+ +--------+ +--------+ > | client | | A1 | | A2 | | A3 | | A4 | | server | > | no DOIC | | no DOIC | | DOIC | | DOIC | | DOIC | | DOIC | > | support | | support | | support| | support| | support| | support| > +---------+ +---------+ +--------+ +--------+ +--------+ +--------+ > | | | | | | > | | |<---DOIC association 1------------------------->|<-------DOIC association 2-->| > | | | | | | > | | |<-----------------DOIC association 3----------------------------------------->| > | | | | | | > | | | | | | > |----1.xxR------->|---2.xxR----->| | | | > | | |---3.xxR----->|----4.xxR----------------------->| | > | | | | |--------5.xxR--------------->| > | | | | |<-------6.xxA----------------| > | | |<--8.xxA------|<---7.xxA------------------------| | > |<---10.xxA-------|<--9.xxA------| | | | > | | | | | | > | | | | | | > | | | | | | > | | | | | | > |----11.xxR------>|---12.xxR---->| | | | > | | |---13.xxR---->|-----14.xxR--------------------->|-------15.xxR--------------->| > | | | | | | > | | |<---18.xxA----|<----17.xxA----------------------|<-----16.xxA-----------------| > |<---20.xxA-------|<---19.xxA----| | | | > | | | | | | > DOIC association 1 is for realm type requests; > DOIC association 2 is for request for which A4 selects the server > DOIC association 3 is for host type requests > > 1. the client that does not support DOIC sends 1.xxR (realm type request not containing destination host) to the next hop; 1.xxR does not contain an OC-Supported-Features AVP > 2. the agent A1 that does not support DOIC forwards the request to the next hop; 2.xxR still dos not contain an OC-Supported-Feature AVP. > 3. the agent A2 that supports DOIC decides to take the role of a reacting endpoint; it inserts an OC-Supported-Features AVP into 3.xxR indicating support of features 1 and 2 (in this example). > 4. agent A3, although it supports DOIC, does not take the role of a reacting endpoint (because 3.xxR contains an OC-Supported-Features AVP); it also does not take the role of a reporting endpoint since it is not configured to act as reporting endpoint for the destination realm received in 3.xxR; 4.xxR (unmodified) is sent to the next hop. > 5. agent A4 is configured to take the role of the reporting endpoint for the realm. It therefore removes the OC-Supported-Features AVP reveived in 4.xxR and inserts its own supported features (in this example features 1 and 3) in 5.xxR. A4 also selects the server to which 5.xxR is sent. > 6. the server (that supports DOIC e.g. features 1 and 3) returns 6.xxA including an OLR1 (host type) requesting a feature 3 specific traffic reduction (e.g. window size 20). > 7. A4 calculates the overall realm overload level, removes the received OLR1 and adds its own calculated realm type OLR2 (e.g. a feature 1 specific traffic reduction of 50%-loss) to 7.xxA. A4 stores OLR1 for later use. > 8. A3 not taking any DOIC role forwards the answer unmodified. > 9. agent A2 may remove the reveived OLR2 when sending 9.xxA. A2 stores OLR2 for later use. > 10. A1 not supporting DOIC is transparent. > 11. client sends a new request 11.xxR (containing destination host as learnd from 10.xxA; no OC-Supported-Features AVP included. > 12. A1 is transparent. > 13. A2 decides to take the role of the reacting endpoint and includes again its supported features 1 and 2 in OC-Supported-Features AVO sent within 13.xxR. > 14. A3 is transparent > 15. A4 is transparent for host type requests that contain an OC-Supported-Features AVP. > 16. server returns 16.xxA including a host type OLR3 requesting a feature 1 specific traffic reduction of e.g. 30%-loss. > 17. A4 is transparent > 18. A3 is transparent > 19. A2 stores OLR3 for later use and may remove OLR3 when sending 19.xxA. > 20. client receives 20.xxA. > </Ulrich> Thanks for the diagram. It is pretty thorough. > > Four scenarios must be supported: > > - Scenario 1 - There is both an upstream and downstream DOIC association. > <Ulrich> for example see A4 in the figure above </Ulrich> > - Scenario 2 - There is no upstream DOIC association > <Ulrich> do you mean "There is a downstream DOIC association but no upstream DOIC association"? Not covered in the figure above. </Ulrich> > - Scenario 3 - There is no downstream DOIC association > <Ulrich> do you mean "There is an upstream DOIC association but no downstream DOIC association"? for example see A2 in the figure above </Ulrich> > - Scenario 4 - No DOIC association in either direction > <Ulrich> for example see A3 in the figure above </Ulrich> > > Scenario 1 - Both upstream and downstream DOIC associations > > Request message handling: > > A DOC agent that receives a request that contains the OC-Supported-Features AVP must act as an endpoint for the downstream DOIC association. > <Ulrich> NO! see A3 receiving 3.xxR or 13.xxR (this may not be scenario 1, but how does the agent know which scenario applies?)</Ulrich> > > If the DOC agent relays or proxies the request message then the agent must include an OC-Supported-Features AVP in the relayed message. The contents of the OC-Supported-Features AVP must include, at a minimum, all of the content included in the received OC-Supported-Features AVP. If the agent does not support any additional features then the sent OC-Supported-Features AVP will remain the same as the received OC-Supported-Features AVP. > <Ulrich>There cannot be more than one OC-Supported-Features AVPs in one request. An agent that inserts an OC-Supported-Features AVP must remove the received OC-Supported-Features AVP (see A4 when sending 5.xxR). The inserted OC-Supported Features AVP shall indicate the features the inserting node supports, not more, not less</Ulrich> > > If the agent supports DOIC features that are not indicated in the received OC-Supported-Features AVP then the agent must modify the OC-Supported-Features AVP to indicate support for those features. The modified OC-Supported-Features AVP must be included in the relayed request message. > > Note: any DOIC extension must define the changes needed to the OC-Feature-Vector AVP and any additional AVPs that need to be added to the OC-Supported-Features AVP as part of the capabilities advertisement for that feature. > > Question: Should there be an indication that the contents of the OC-Supported-Features AVP was changed? > <Ulrich> no. for what reason? </Ulrich> > > Question: Will this work when end-to-end security is introduced? Would adding a separate OC-Supported-Features AVP be better, especially when end-to-end security is considered? > <Ulrich> what is the issue? </Ulrich> With e2e security, modified AVPs fail the integrity check and therefore are subject to be rejected.. > > Answer message handling: > > When an agent receives the answer message that corresponds to the above request message > <Ulrich> i.e. the request message into which the agent has inserted its OC-Supported-Features AVP </Ulrich> > , the agent must act as the DOIC endpoint for the upstream DOIC association. > > If the DOC agent relays or proxies the answer message then the agent must include an OC-Supported-Features AVP in the relayed message. > <Ulrich> OC-Supported-Features AVP in answer messages is an open issue </Ulrich> I don't think this is an open issue.. we already had supported features in answers covered Section 5.3. > The contents of the OC-Supported-Features AVP must include, at a minimum, all of the content included in the received OC-Supported-Features AVP. If the agent does not support any additional features then the sent OC-Supported-Features AVP will remain the same as the received OC-Supported-Features AVP. > > If the agent supports DOIC features that are not indicated in the received OC-Supported-Features AVP then the agent should modify the OC-Supported-Features AVP to indicate support for those features. The modified OC-Supported Features AVP must be included in the relayed answer message. > > Scenario 2 - No downstream DOIC association with an upstream association > <Ulrich> wasn't that scenario 3? </Ulrich> > > In this case a request is received that does not contain an OC-Supported-Features AVP. > > Request message handling: > > If a DOC agent receives a request that does NOT contain an OC-Supported-Features AVP then the agent must generate an OC-Supported-Features AVP reflecting the DOIC features supported by the DOC agent. The new OC-Supported-Features AVP must be included in the relayed/proxied request message. > > The agent will then become the reacting DOIC endpoint for the upstream DOIC association that results from the transaction. > > Note: Section x.x.x defines agent behavior when it is the reacting node for a DOIC association. > > Answer message handling > > In this case the answer message will contain an OC-Supported-Features AVP. The DOC agent must store the advertised capabilities for use when the DOC agent reacts to an overload report from the upstream Diameter node. > > The DOC agent should remove the OC-Supported-Features AVP from the answer message before relaying/proxying the answer message. > > Scenario 3 - Downstream DOC association with no upstream DOIC association > <Ulrich> wasn't this scenario 2? </Ulrich> > > In this case a OC-Supported-Features AVP is received in the request from the downstream Diameter entity but no OC-Supported-Features AVP is received in the answer message received from the upstream Diameter entity. In this case the agent must act as the reporting DOIC endpoint for the downstream DOIC association. > <Ulrich> this is totally new to me. Where does this come from? If a server does not support DOIC it cannot request load reduction from a downstream agent. The downstream agent (even if it would detect the DOIC-non-support of the server) cannot request load reduction from further downstream nodes on behalf of the server </Ulrich> > > Request message handling: > > Request message handling is the same as for scenario 1. > > Answer message handling: > > If a DOC agent receives an answer message that does not contain an OC-Supported-Features AVP for a transaction that includes an upstream DOC association then the agent must generate an OC-Supported-Features AVP reflecting the DOIC features supported by the DOC agent. The generation of this OC-Supported-Features AVP must also follow the rules specified in section 5.3.2. The new OC-Supported-Features AVP must be included in the relayed/proxied the answer message. > > Scenario 4 - No upstream association and no downstream association > > Request message handling: > > The request message handling in this case is the same as scenario 2. > > Answer message handling: > > If the DOC agent receives an answer message that does not contain an OC-Supported-Features AVP for a transaction that does not include a downstream DOC association then the agent must NOT generate an OC-Supported-Features AVP. The DOC Agent must relay/proxy the answer message with no DOIC related change. > > <Ulrich> the open issue seems to be: How can an agent determine which scenario is applicable? Let me try: > An agent that does not support DOIC is always in scenario 4 (no upstream DOIC association, no downstream DOIC association). > For an agent that supports DOIC: > When receiving a request that does not contain an OC-Supported-Features AVP the agent is in scenario 3 or 4 (no downstream DOIC association). Whether its 3 or 4 depends on whether or not an OLR is received in the corresponding answer. > When receiving a host type request (a request that contains a Destination-Host AVP) that contains an OC-Supported-Feature AVP the agent is in scenario 4 (no upstream DOIC association, no downstream DOIC association) > When receiving a realm type request (a request that does not contain a Destination-Host AVP) that contains an OC-Supported-Feature AVP and the agent is configured to act as reporting node for that realm, the agent is scenario 1 or 2 (there is a downstream DOIC association). Whether its 1 or 2 depends on whether or not an OLR is received in the corresponding answer. > When receiving a realm type request (a request that does not contain a Destination-Host AVP) that contains an OC-Supported-Feature AVP and the agent is configured not to act as reporting node for that realm, the agent is in scenario 4 (no upstream DOIC association, no downstream DOIC association). </Ulrich> I tend to agree most of <ulrich> assertions. However, I need to reread this mail/proposal a couple of time since my attention span has difficulties with very long mails :) - Jouni > > > > > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime
- [Dime] DOIC Endpoint behavior -- Capability Excha… Steve Donovan
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Jouni Korhonen
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Jouni Korhonen
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Maria Cruz Bartolome
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Steve Donovan
- Re: [Dime] DOIC Endpoint behavior -- Capability E… Wiehe, Ulrich (NSN - DE/Munich)