Re: [Dime] Fwd: New Version Notification for draft-donovan-doic-agent-cases-00.txt
Steve Donovan <srdonovan@usdonovans.com> Sun, 13 July 2014 19:43 UTC
Return-Path: <srdonovan@usdonovans.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 174001A00E6 for <dime@ietfa.amsl.com>; Sun, 13 Jul 2014 12:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.579
X-Spam-Level: *
X-Spam-Status: No, score=1.579 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2-9lh02hnP2 for <dime@ietfa.amsl.com>; Sun, 13 Jul 2014 12:43:05 -0700 (PDT)
Received: from biz131.inmotionhosting.com (biz131.inmotionhosting.com [66.117.4.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33C101A00E5 for <dime@ietf.org>; Sun, 13 Jul 2014 12:43:05 -0700 (PDT)
Received: from [41.164.142.123] (port=60336 helo=Steves-MacBook-Air-2.local) by biz131.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <srdonovan@usdonovans.com>) id 1X6Pfn-00055A-0X; Sun, 13 Jul 2014 12:43:02 -0700
Message-ID: <53C2E13F.8070406@usdonovans.com>
Date: Sun, 13 Jul 2014 21:42:55 +0200
From: Steve Donovan <srdonovan@usdonovans.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Wiehe, Ulrich (NSN - DE/Munich)" <ulrich.wiehe@nsn.com>, "dime@ietf.org" <dime@ietf.org>
References: <20140703161711.24974.27021.idtracker@ietfa.amsl.com> <53B85695.2010208@usdonovans.com> <5BCBA1FC2B7F0B4C9D935572D9000668151F77ED@DEMUMBX014.nsn-intra.net>
In-Reply-To: <5BCBA1FC2B7F0B4C9D935572D9000668151F77ED@DEMUMBX014.nsn-intra.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz131.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - usdonovans.com
X-Get-Message-Sender-Via: biz131.inmotionhosting.com: authenticated_id: srd+usdonovans.com/only user confirmed/virtual account not confirmed
Archived-At: http://mailarchive.ietf.org/arch/msg/dime/uFUefQlWBSZmJVWGXZGn7I_4oG8
Cc: "Rauschenbach, Uwe (NSN - DE/Munich)" <uwe.rauschenbach@nsn.com>
Subject: Re: [Dime] Fwd: New Version Notification for draft-donovan-doic-agent-cases-00.txt
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 19:43:08 -0000
Ulrich, Some comments inline. Steve On 7/11/14, 2:03 PM, Wiehe, Ulrich (NSN - DE/Munich) wrote: > Steve, > > Here are my comments: > > 1. Abstract 2nd sentence: > The sentence should read: "A DOIC node is a Diameter node that in a given context may act as a reporting node or a reacting node." > This is to align your definition "Any Diameter node that supports DOIC is a DOIC node" (see 1. Introduction, last paragraph) with our common understanding of the "end-to-end concept" which allows a DOIC node sitting between a supporting client and a supporting server to be transparent. > > 2. clause 1.1 Terminology and Abbreviations, Abating node: > The definition should read: "A reacting node that locally performs overload abatement (i.e. throttling or diversion but not delegation)." > > 3. lots of colons missing in clause 1.1 > > 4. clause 1.1 Terminology and Abbreviations, Overload Abatement: > The definition should read: "...... Overload abatement actions may involve local traffic reduction, or delegation of actions towards the client (Delegation). Local traffic reduction can be achieved by either rejecting a request (Throttling) or by routing a request to a different destination (Diversion)." > > 5. clause 1.1 Terminology and Abbreviations, Diversion: > I propose to add the following clarification: > Diversion is specific to agents that perform server selection for realm-routed requests. SRD> I disagree. Diversion is also a valid abatement action that can be taken on realm-routed requests by a transaction client that has a direct transport connection to an overloaded transaction server. > > 6. clause 1.1 Terminology and Abbreviations: > I propose to also define what Delegation is: > "Delegation: Overload abatement through the delegation of action (Throttling) to a further downstream reacting node. Delegation is specific to agents that perform server selection for realm-routed requests, and is typically done when the agent detects that all available servers have requested load reduction, i.e. when receiving an answer message in response to a (not throttled) request that was forwarded to a selected server which in the answer reports an update of its overload information." > > 7. clause 2 Deployment Architectures > There are many more architectures and scenarios which cannot all be covered separately. I therefore propose to focus on general principles that DOIC agents must follow independent from architecture and scenario. These principles are: SRD> I agree that we need to resolve to general principles, but they need to address reasonable deployment architectures. We cannot, and do not, know in advance the deployment architectures that will be implemented by users of the Diameter protocol. In addition, we should not knowingly limit those deployment architectures in the way the protocol is designed. > > A) When an agent receives a host-routed request that contains an OC-S-F AVP, it takes no DOIC-specific action, i.e. it forwards the request to the next hop without removing, modifying or inserting OC AVPs; also no DOIC specific action is performed when receiving the corresponding answer. The agent may however store OLR information received in the answer for potential later use if it supports the features associated with the OLR. SRD> I disagree. I think the draft shows multiple reasons where it would be reasonable for an agent to modify OS-S-F AVPs in a request message. > > B) When an agent receives a host-routed request that does not contain an OC-S-F AVP, it performs throttling according to a previously receive host-type OLR (if any).If the request survives (or no throttling was performed because no host-type OLR matched), the agent inserts an OC-S-F AVP and sends the request to the next hop. When receiving the corresponding answer, the agent checks whether it contains an OLR update and if so replaces the stored info (if any) with the updated info. In any case the agent removes the OLR from the answer before sending it to the previous hop. SRD> The agent must have inserted OC-S-F AVPs in previous requests in order to receive an OC-OLR in an answer. It feels like you are making in much more complex than needed and are trying to constrain user's of the Diameter protocol in the way overload can be handled. SRD> It can be kept simple -- If an agent receives a request -- realm-routed or host-routed -- that does not contain a OC-S-F AVP then it SHOULD/MAP (strength of the requirement TBD) insert an OC-S-F AVP in the request message. If local policy indicates that the agent is taking on responsibility for handling overload for non supporting transaction clients then the agent MUST insert an OC-S-F AVP in the request message. > > C) When an agent that is not configured to perform server selection for realm-routed requests receives a realm-routed request that contains an OC-S-F AVP, it takes no DOIC-specific action, i.e. it forwards the request to the next hop without removing, modifying or inserting OC AVPs; also no DOIC specific action is performed when receiving the corresponding answer. The agent may however store OLR information received in the answer for potential later use if it supports the features associated with the OLR. SRD> There are scenarios where it should, based on local policy, modify the OC-S-F AVP, this was shown in the draft. Why are you proposing to limit how a user of Diameter can manage overload in their networks? Why do you propose that the rate algorithm cannot be turned on when transaction clients only support the loss algorithm? > > D) When an agent that is not configured to perform server selection for realm-routed requests receives a realm-routed request that does not contain an OC-S-F AVP, it performs throttling according to a previously receive realm-type OLR (if any).If the request survives (or no throttling was performed because no realm-type OLR matched), the agent inserts an OC-S-F AVP and sends the request to the next hop. When receiving the corresponding answer, the agent checks whether it contains an OLR update and if so replaces the stored info (if any) with the updated info. In any case the agent removes the OLR from the answer before sending it to the previous hop. SRD> I'm not sure this is a valid scenario. An agent that receives a realm-routed request must be configured to perform server selection. It's pretty useless otherwise. > > E) When an agent that is configured to perform server selection for realm-routed requests receives a realm-routed request that contains an OC-S-F AVP, it performs server selection, adds the Destination-Host AVP with the value identifying the selected server to the request (this need not be done when the selected server is an immediate peer), replaces the received OC-S-F AVP with its own OC-S-F AVP in the request and forwards the request to the next hop. When receiving the corresponding answer the agent checks whether it contains an OLR update and if so replaces the stored info (if any) with the updated info, calculates an (aggregated) realm-type OLR that fits to the supported features as received in the request. In any case the agent replaces the OC-S-F in the answer with its own OC-S-F (indicating the selected algorithm), removes the OC-OLR from the answer and adds its own calculated aggregated realm-type OLR (if any) to the answer before sending it to the previous hop. SRD> On the service, this looks like the processing that should apply to all realm-routed requests, independent of the presence or absence of OC-S-F in the request. > > F) When an agent that is configured to perform server selection for realm-routed requests receives a realm-routed request that does not contain an OC-S-F AVP, logically a combination of case D) followed by case E) is performed. SRD> Minus D). > > 8. clause 3. Diameter Routing, 3rd paragraph: > Should read: "In general, throttling (Section 4) is the only local abatement technique that works for host-routed requests. Diversion (Section 4) is typically not possible, since only a single TS can handle any given host-routed request." SRD> Ok. > > 9. clause 3. Diameter Routing, last sentence: > Should read: "Since realm-routed requests are not bound to a particular TS, it is often possible for the node that selects the server to divert a number of them to other servers that are less overloaded." SRD> Ok. > > 10. clause 4. Overload Abatement Methods, 4th word: > Should read "server". Agent overload is out of scope. SRD> I agree with Ben's response here. Agent overload needs to be addressed and we need to make sure that the base DOIC spec doesn't make it impossible to add it in the future. > > 11. clause 4. Overload Abatement Method, 7th paragraph: > Diversion (which is limited to realm-routed requests) can only occur at the Diameter Node that performs the server selection. Topology knowledge is not needed. Overload state knowledge actually is pushed further down the chain. The node can control how the received realm-routed request is routed upstream by inserting a Destination-Host AVP. SRD> I have nothing to add to Ben's response. > > 12. clause 4. Overload Abatement Methods, last paragraph: > "lease" should read "least" > > 13. clause 5. DOIC Use Cases: > I have lots of detailed comments which I can share in a separate mail. The essence is that all the use cases described should follow the general principles A to F outlined above. It may be worth to totally rewrite this clause to illustrate the general principles A to F. SRD> I don't agree with the general principles A to F so I don't agree with this section. I also agree with Ben's response. The use cases presented are all reasonable and the protocol needs to support them. We should not be constraining how Diameter is used by limiting the reasonable deployment scenarios. > > 14. clause 6.1. General Recommendation, last paragraph: > This is not strictly required. Multiple occurrences of OC-OLR could be regarded an an optimization. But then there are issues: when there are two OLRs in one answer, e.g. one realm-type OLR for loss and one host-type OLR for rate, we would also need two OC-S-F AVPs: one indicating that loss is selected, and one indicating that rate is selected. But this seems to be contradicting information. SRD> I agree that there is a constraint in the current DOIC spec that would force all overload reports to apply to the same algorithm. We need to make sure this is a reasonable constraint. I do not agree that we can assume a single overload report in an answer message and the use cases presented clearly show this to be the case. > > 15. clause 6.2.1 Capabilities Exchange Behaviours, 3rd paragraph: > Should read: "An agent may act as a reporting node on behalf of a non-supporting TS, or as reacting node on behalf of a non-supporting TC.[Section 5.3]". I'm not sure whether we should cover the first case. At least it should be limited to architectures where the agent (acting as reporting node on behalf of the non supporting server) and the (non supporting) server are immediate peers and the server has no other immediate peers, so that the two nodes can be regarded a single supporting server. SRD> I don't see the need for such a limitation. In the end, it should be up to the operator of the Diameter network to determine how to manage overload which includes which of those nodes are reporting nodes and which of those nodes are reacting nodes. > > 16. clause 6.2.1 Capabilities Exchange Behaviours, 4th paragraph: > To add some clarificatios this should read: > "An agent that acts as a reacting node must include an OC-Supported-Features in each Diameter request that it forwards in that role. If the inbound request included an OC-Supported-Features AVP, the agent may copy its content to the one in the outbound request (this is the case where the request is a) host-routed or b) realm-routed and the agent is not configured to perform server selection), or may replace the contents indicating the DOIC capabilities of the agent itself (this is the case where the request is realm routed and the agent is configured to perform server selection). If an inbound request does not contain an OC-Supported-Features AVP, the agent must insert one into the outbound request, indicating the DOIC capabilities of the agent itself." SRD> I agree with Ben's response. > > 17. clause 6.2.1 Capabilities Exchange Behaviours, last paragraph: > Should read: "An agent that does not support the DOIC mechanism is likely to forward an OC-Supported-Features AVP without modification. A DOIC node must be able to tell between an OC-Supported-Features AVP that was inserted by a node within a trusted domain, and one inserted by a node within a non-trusted domain.[Section 5.4]". This is because the reporting node (if it sends an OLR within an answer) sends it's OLR to the node that has inserted the OC-S-F AVP to the request. > > 18. clause 6.2.2 Overload Report Behaviours, 1st sentence, the part in brackets: > I do not agree; when passing through, the responsibility is at the source, not at the relay. The sentence should read: "When a DOIC-supporting relay inserts or replaces an OC-Supported-Features AVP, it becomes responsible for ensuring that any OLRs it receives from upstream nodes are honored." > > 19. clause 6.2.2 Overload Report Behaviours, 2nd sentence: > If the abatement is not "Diversion" and "Delegation" is possible, "Delegation" rather than "Throttling" must be done. > > 20. clause 6.2.2 Overload Report Behaviours, 2nd paragraph, last sentence: > I do not agree. See also comment 11. Diversion is limited to realm-routed requests and can only be performed by nodes that do the server selection. These nodes can convert the realm-routed request to a host-routed request. > > 21. clause 6.2.2 Overload Report Behaviours, 3rd paragraph, last sentence: > Modifying OLRs must follow strict rules. We either have > a) one DOIC association betwee reacting node and reporting node where all agents in between are transparent and do not modify OC-xxx AVPs, or > b) two independent DOIC associations, one between reacting node and agent (acting as reporting node) and one between the same agent (now acting as reacting node) and reporting node. Here the agent removes the received host-type OLR and inserts its own aggregated realm-type OLR. I would not call this a modification but a replacement. Modifications other than this may not be a good idea. > > 22. clause 6.2.2 Overload Report Behaviours, last but one paragraph: > It is the other way round: > An agent shall not throttle traffic locally when it has already sent (or will soon send) an OLR downstream (i.e. when it can or already has delegated the abatement). When receiving a xxR that contains an OC-S-F AVP (and the xxR matches an OLR) the agent can almost safely assume that this request survived an ongoing throttling downstream. The principle is that throttling should be done as close as possible to the client. SRD> I have nothing to add to Ben's comments on the above with the exception that I also see little value to carrying the concept of a DOIC Endpoint forward. Multiple Diameter nodes and and will need to perform abatement on a single overload report. It won't only be an endpoint as previously conceived that does so. > > Regards, > Ulrich > > > From: DiME [mailto:dime-bounces@ietf.org] On Behalf Of ext Steve Donovan > Sent: Saturday, July 05, 2014 9:49 PM > To: dime@ietf.org > Subject: [Dime] Fwd: New Version Notification for draft-donovan-doic-agent-cases-00.txt > > All, > > The below referenced draft focuses on a number of DOIC deployment scenarios involving agents. The goal of this draft is to identify any new DOIC behaviors required to address these deployment scenarios. > > This directly addresses open issues #25, #27, #60 and #61 while indirectly addressing other open issues. > > Regards, > > Steve > > -------- Original Message -------- > Subject: > New Version Notification for draft-donovan-doic-agent-cases-00.txt > Date: > Thu, 03 Jul 2014 09:17:11 -0700 > From: > internet-drafts@ietf.org > To: > Ben Campbell <ben@nostrum.com>, "Steve Donovan" <srdonovan@usdonovans.com>, Steve Donovan <srdonovan@usdonovans.com>, "Ben Campbell" <ben@nostrum.com> > > A new version of I-D, draft-donovan-doic-agent-cases-00.txt > has been successfully submitted by Steve Donovan and posted to the > IETF repository. > > Name: draft-donovan-doic-agent-cases > Revision: 00 > Title: Analysis of Agent Use Cases for Diameter Overload Information Conveyance (DOIC) > Document date: 2014-07-03 > Group: Individual Submission > Pages: 34 > URL: http://www.ietf.org/internet-drafts/draft-donovan-doic-agent-cases-00.txt > Status: https://datatracker.ietf.org/doc/draft-donovan-doic-agent-cases/ > Htmlized: http://tools.ietf.org/html/draft-donovan-doic-agent-cases-00 > > > Abstract: > The Diameter Overload Information Conveyance (DOIC) solution > describes a mechanism for exchanging information about Diameter > Overload among Diameter nodes. A DOIC node is a Diameter node that > acts as either a reporting node are a reacting node. A reporting > node originates overload reports, requesting reacting nodes to reduce > the amount of traffic sent. DOIC allows Diameter agents to act as > reporting nodes, reacting nodes, or both, but does not describe agent > behavior. This document explores several use cases for agents to > participate in overload control, and makes recommendations for > certain agent behaviors to be added to DOIC. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > >
- [Dime] Fwd: New Version Notification for draft-do… Steve Donovan
- Re: [Dime] Fwd: New Version Notification for draf… Jouni Korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] New Version Notification for draft-don… Ben Campbell
- Re: [Dime] Fwd: New Version Notification for draf… Steve Donovan
- Re: [Dime] New Version Notification for draft-don… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] New Version Notification for draft-don… Steve Donovan
- Re: [Dime] New Version Notification for draft-don… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] New Version Notification for draft-don… Steve Donovan
- Re: [Dime] New Version Notification for draft-don… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] New Version Notification for draft-don… Steve Donovan
- Re: [Dime] New Version Notification for draft-don… Wiehe, Ulrich (NSN - DE/Munich)
- Re: [Dime] New Version Notification for draft-don… Steve Donovan
- Re: [Dime] Fwd: New Version Notification for draf… Wiehe, Ulrich (NSN - DE/Munich)