Internet Draft
Internet Draft S. Berson
Expiration: May 1998 ISI
File: draft-berson-classy-approach-01.txt S. Vincent
ISI
Aggregation of Internet Integrated Services State
November 21, 1997
Status of Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
To learn the current status of any Internet-Draft, please check the
linebreak "1id-abstracts.txt" listing contained in the Internet-
Drafts Shadow Directories on ds.internic.net (US East Coast),
nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au
(Pacific Rim).
Abstract
The Internet Integrated Services (IIS) architecture[2] has a
fundamental scaling problem in that per flow state is maintained at
all routers and end-systems supporting a flow. This paper examines
the use of aggregation as a technique to reduce the amount of state
needed to provide IIS. In our approach, routers at the edge of a
region doing aggregation keep detailed IIS state, while in the
interior of this region, routers keep a greatly reduced amount of
state. Packets will be tagged at the edge with scheduling
information that will be used in place of the detailed IIS state.
The aggregation scheme described will allow large scale deployment of
IIS without overloading routers with state and associated processing.
Berson, Vincent Expiration: May 1998 [Page 1]
�
Internet Draft State Aggregation November 1997
1. Introduction
In order to deploy Internet Integrated Services (IIS), additional
resources are needed in the routers to keep state and to process
packets. As currently defined [4,2], this state is on a per session
basis, where a session is a unicast or multicast destination and
optionally a port. IIS state is stored at all routers between the
source(s) and destination(s) of a session. Thus, widespread use of
IIS would mean a large amount of state at routers in the core of the
Internet. This large amount of state and related processing could
overwhelm routers, so IIS state models that do not require per-
session state at all routers need to be explored.
Several types of per-session state are used with integrated services.
First, there is scheduling state that consists of the different
traffic service queues for packet forwarding. Second, there is
packet classifier state. Classifier state is used to assign each
arriving packet to a packet scheduling queue for forwarding. Third,
there is the state for the setup protocol, e.g. state carried in RSVP
PATH and RESV messages. Finally, current multicast routing
algorithms also store state, either per source and session (e.g.
DVMRP, PIM-DM) or per session shared-tree (e.g. CBT, PIM-SM). While
approaches to aggregation of routing state are similar to aggregation
of IIS state, they are beyond the scope of this paper.
Per session state in a router has two harmful effects. First,
additional state consumes memory, and second, additional state
requires additional CPU cycles to process the state. Depending on
the speed with which the memory needs to be accessed, different types
of memory can be used. State that is required in order to process
each packet (e.g. classifier state and scheduling state) needs to be
stored in fast (i.e. cache) memory, while other state (e.g. setup
protocol state) can be stored in slower memory. Since fast memory is
substantially more expensive than slow memory, and since accesses to
fast memory are on the router fast path, our primary goal is to
reduce the classifier and scheduler state. Reducing the amount of
setup protocol state is an important, but secondary goal.
Any aggregation scheme entails some tradeoffs. Keeping full
integrated services state at all routers allows the resources
dedicated to the flow of packets from each admitted session to be
isolated from the resources for packets from all other sessions.
This isolation means that resources reserved and needed for one
session will be used only on the reserving session. The disadvantage
of doing aggregation is the loss of some portion of this flow
isolation, since with aggregation many flows would share the same
traffic service class. Our goal is to provide Internet Integrated
Services to a network while using a greatly reduced amount of state.
Berson, Vincent Expiration: May 1998 [Page 2]
�
Internet Draft State Aggregation November 1997
We make several assumptions:
1. We assume that an explicitly definable region (e.g. one or more
contiguous autonomous systems), called an "aggregating region",
will aggregate and will implement supporting mechanisms at its
boundary points. We define an "ingress" of an aggregating
region as a router where a packet for a specific unicast or
multicast session enters the region, and an "egress" as a router
where a packet leaves the region. Also, we define an "interior
router" as any router in the aggregating region that is on the
data path for the session and is not the ingress or egress.
2. We assume that the choice to aggregate and the mechanism used to
do so is an intra-domain issue, not an inter-domain issue and
therefore there can be variability across regions so long as at
the boundaries routers continue to pass along adequate messages
to support the setup protocol upstream and downstream.
3. We assume current multicast and unicast routing within the
aggregating region; but with no other enhancements.
2. Framework
Figure 1 shows the architecture of an Internet integrated services
device. There are three parts of the device, the scheduler, the
setup protocol engine, and the classifier. The scheduler is
responsible for enforcing a quality of service for each of the flows
(i.e. one flow per scheduling queue). The scheduler achieves this
with a scheduling algorithm and a policing algorithm. The scheduling
algorithm decides which queue the next packet to be forwarded will
come from, while the policing algorithm decides which packets are
discarded or put into a different scheduler queue in case of
congestion. Typical types of scheduling algorithms are based on fair
queueing and/or priority. The classifier is responsible for
assigning packets to queues. The classifier accomplishes this by
looking at fields (e.g. destination address) in the packet headers.
A table in the classifier tells which packet header values assign the
packet to each scheduler queue. The setup protocol engine is
responsible for setting up the classifier state and scheduler queues.
The setup engine receives requests that include a quality of service
and a packet classifier entry. Upon receiving a message, the setup
engine does admission control to determine if sufficient resources
are available to make the reservation. If resources are available, a
new scheduling queue is set up in the scheduler for the requested
resources, and the classifier entry is installed in the classifier.
Berson, Vincent Expiration: May 1998 [Page 3]
�
Internet Draft State Aggregation November 1997
[FIGURE]
Figure 1: Internet Integrated Services device
2.1 Reducing the amount of state
Reducing the amount of state means that some of the basic
functions of integrated services must be limited. Since each
network service provider will want to make decisions on how to
provide integrated services based on their provisioning and
traffic patterns, a detailed review of how IIS state is used, is
offered.
Scheduler classes are the unit of assignment of network resources.
Scheduler state typically takes the form of different traffic
classes. These traffic classes are assigned different priorities,
link shares, and policing policies to provide a certain level of
service. In the basic IIS model, each traffic flow gets its own
traffic class, meaning that each flow has certain resources
dedicated to it. By reducing the number of traffic classes, a
coarser granularity of resource assignment is done in that several
flows will be assigned to the same scheduler queue. A consequence
of the coarser granularity is that the aggregated traffic gets a
certain level of resource usage, but it is impossible inside an
aggregating region to isolate flows in the same traffic class from
each other. The lack of isolation can be mitigated by adequate
provisioning of network resources and by policing at aggregating
region borders.
Classifier state is used to assign packets to traffic classes.
Each arriving packet is classified into a traffic class at each
node according to state established by the setup protocol. In the
complete absense of classifier state, no service differentiation
is possible. However a packet can be classified at the ingress,
and the results of that classification can be encoded in each
packet. This reduced classifier state might be as simple as one
or more bits segregating different classes of traffic, or
alternatively, an encapsulation header. By encoding a small
amount of classifier state in the packet, only a very simple
classification is needed at interior routers.
Finally setup protocol (e.g. RSVP) state is used to do admission
control, provide policing, allow reclassification, and allow
merging of reservation messages. The first two of these issues,
admission control and policing, are general issues involving both
unicast and multicast traffic, while the last two,
reclassification and reservation merging, are only issues with
multicast traffic.
Berson, Vincent Expiration: May 1998 [Page 4]
�
Internet Draft State Aggregation November 1997
Setup protocol state is used in admission control. Admission
control with full IIS state involves computing how much network
resources are already committed and whether there are sufficient
resources to admit a new flow with certain resource requirements.
Lacking setup protocol state, admission control in the aggregating
region cannot be based on reservation state per flow. Instead,
admission control must be based on aggregated state information at
each node. More specifically, state will typically consist only
of measurements, and so admission control must be measurement
based.
Setup protocol state is used for traffic policing. Policing is
done at two points in an IIS network, at a traffic merge point,
and at a traffic split point. The traffic merge point is where
the traffic from two or more sources for the same session merge.
For a shared style reservation, the traffic from all the sources
needs to be policed to the reservation parameters at traffic merge
points. The second place that policing is needed is at traffic
split points. A traffic split point is where multicast traffic
has multiple outgoing interfaces. Because of reservation merging
and because some outgoing interfaces may have no reservation,
traffic at a split point needs to be policed on each outgoing
interface to the proper reserved values for that interface.
Lacking setup protocol state, no per flow policing can take place
inside an aggregating region. This implies that all per flow
policing must take place at the edges of the aggregating region.
Setup protocol state is used to allow reclassification of packets
from reserved to best effort. This reclassification is necessary
at traffic flow split points where there are one (or more)
outgoing interfaces with reservations and one (or more) outgoing
interfaces without reservations. At these points packets
forwarded to the outgoing interfaces with no reservations need to
be reclassified as best effort.
Finally, setup protocol state is used to merge reservation
messages coming from the egresses to the ingress. With setup
protocol state for each session, and hop by hop processing of
reservation messages, each router can limit the number of
reservation refreshes it sends. Without setup protocol state,
each reservation message would be sent to the ingress, requiring a
large amount of processing for any large multicast groups.
2.2 Basic aggregation architecture
We propose a scheme with a constant amount of scheduler state at
all routers, a constant amount of classifier state at interior
routers, and no unicast setup protocol state at interior routers.
Berson, Vincent Expiration: May 1998 [Page 5]
�
Internet Draft State Aggregation November 1997
In our approach, a fixed number of traffic service classes are
defined and configured at all routers in an aggregating region.
Each traffic service class is subject to admission control at the
ingress to the region. Traffic policing is done at the ingress
for unicast traffic, and at the ingress plus at traffic split
points for multicast traffic. Since only a fixed number of
traffic classes are available, the scheduler state at all routers
is constant.
Data packets are classified and "tagged" on entry to the
aggregating region with some identifier indicating to which
aggregated traffic class the packet should belong. This
identifier can consist of some bits in the packet header (e.g.
type of service bits) or the packet could be encapsulated. The
tag (or encapsulation) encodes the traffic service class that this
packet will receive across the aggregating region. Tagging or
encapsulating each packet bounds the amount of classifier state in
the interior of the aggregating region.
Full setup protocol state is stored at the borders of the
aggregating region, but only multicast setup protocol state is
needed in the interior of the region. When a reservation message
arrives at an ingress to the region (from an egress), and that
reservation passes admission control, then packets from the flow
associated with the new reservation are assigned to one of the
configured traffic service classes.
Admission control will be measurement-based, and, since there is
no setup protocol state in the interior, admission control will be
done at the ingress for a session. But the decision will be based
on congestion measurements within the aggregating region. Thus
each node in the aggregating region, upon receiving an admission
control setup protocol message, will make a local congestion
decision. This local congestion decision will be made on a
threshold basis where new reservations are not admitted if the
existing load plus the expected additional load from the new flow
is greater than a (possibly dynamic) threshold.
To implement the local congestion decision, each node keeps an
estimate of its current load per traffic class. As an admission
control message traverses the path between ingress and egress,
each interior router must admit that reservation. Each router
that provisionally admits the reservation should factor the new
reservation into its currect traffic estimate. To admit the flow,
an estimate of the amount of the reserved traffic due to this
reservation must be made, e.g. based on peak rate specified in the
admission control message. If some router does not admit the
reservation, the admission control message is marked appropriately
Berson, Vincent Expiration: May 1998 [Page 6]
�
Internet Draft State Aggregation November 1997
by the rejecting router and the message is forwarded. When the
admission control message arrives at the egress, the egress node
checks the message to see if any router rejected the message. If
some router rejected the reservation, then the egress will forward
the message to the ingress which will reject the reservation and
send a reservation error message.
In summary, our approach provides for reduction of packet
scheduler state, packet classifier state, and setup protocol (e.g.
RSVP) state in the following ways. A constant amount of packet
scheduler state at all routers in an aggregating region is
achieved by using preconfigured traffic service classes. A
constant amount of packet classifier state for unicast traffic at
all interior routers in the aggregating region is accomplished by
tagging or encapsulating each packet with its traffic service
class. No setup protocol state at interior routers for unicast
traffic is achieved by doing admission control and policing only
at the edges of the aggregating region. For multicast traffic,
full RSVP state is stored at all routers, but classifier state is
stored only at traffic split points and only on those outgoing
interfaces with no reservation.
2.3 Multicast
We would like to apply the above approach to multicast traffic.
However, there are some fundamental differences between unicast
and multicast traffic that results in additional setup protocol
state being desirable. Since traffic with multiple destinations
is being classified and tagged at the ingress router, a tagged
multicast packet will receive reserved service everywhere in the
cloud, including branches for which there are no reservations.
This all-or-nothing reservation property, caused by tagging at the
ingress, complicates aggregating state for multicast sessions.
The complications derive from two features of multicast sessions,
"heterogeneity" and "dynamic group membership". Heterogeneity
refers to the situation where different branches of a multicast
distribution tree have different reservations, including the case
where some branches have no reservation. Unreserved packets
receiving reserved service can adversely affect packet flows that
properly have a reservation. Without additional state, there is
no way to determine which packets have a legitimate reservation.
The other multicast feature causing complications is dynamic group
membership. Dynamic group membership means that the members of a
multicast session can be changing over time by having new
receivers join, and old receivers leave. Due to the all-or-
nothing property, a new best effort receiver joining a multicast
session with a reservation in place will be receiving reserved
Berson, Vincent Expiration: May 1998 [Page 7]
�
Internet Draft State Aggregation November 1997
service. Admission control will not have been done for that new
receiver, and so those reserved packets to the new receiver can
cause congestion for other properly reserved packets. Thus a best
effort receiver can disrupt reserved traffic.
Our approach to aggregation and multicast is to keep setup
protocol state for multicast sessions. Since setup protocol state
is not on the router fast path, this option is reasonable since
scheduler state and classifier state are still minimized. Some
additional classifier state is needed, but only for sessions with
heterogeneous branches, and only at those nodes with heterogeneous
outgoing interfaces. This classifier state can be established
dynamically from setup protocol state and routing state. When a
node discovers that it has heterogeneous outgoing interfaces,
classifier entries are established on the best effort branches.
The packets that the classifier matches have the reserved markings
removed and new markings inserted indicating that the packets are
to be forwarded as best effort.
Having setup protocol state for multicast can also solve the
problems mentioned in section 2.1 with implosion of reservation
and ADREP messages, and with policing. Also note that an
additional optimization would be to store setup protocol state for
a session only on routers with multiple outgoing interfaces for
that session.
2.4 Policing in interior
There is still an issue with state aggregation and shared (e.g.
RSVP wildcard or shared explicit) style reservations at traffic
merge points. At a merge point, the traffic entering the node may
conform to the reservation, but the traffic exiting the node may
be non-conforming due to multiple senders. With setup protocol
state, the traffic would be policed at the merge node. Since
there is no state in the interior of the network, it is impossible
to police the traffic of an individual flow in the interior. The
traffic will eventually be policed at the next ingress, but may
interfere with actual reserved traffic between the merge point and
the egress. Since the traffic will eventually be policed, there
is no "free bandwidth" for a user trying to exploit this feature.
However there is a security problem where a malicious user could
tie up reserved bandwidth traffic in a transit network. To
protect a network from this sort of abuse, the reservation of an
abuser could be cancelled by the egress when excess traffic at an
egress is detected.
Berson, Vincent Expiration: May 1998 [Page 8]
�
Internet Draft State Aggregation November 1997
3. RSVP operations/extensions
In this section we describe how this aggregation scheme would be
applied to RSVP. We assume that a measurement based admission
control algorithm is defined, and we describe how to utilize this
system to implement aggregation. The basic issues are gathering the
measurement data, keeping track of which reservations are new, and
describing the appropriate data structures.
Our approach to collecting measurement information for admission
control is to originate the state collection from the ingress upon
receiving an RSVP reservation message (RESV). The basic exchange of
messages is shown in figure 2. Note that no processing is needed in
the interior of the aggregating region on the RESV or the preceding
PATH messages. But when the ingress receives a new RESV message
(i.e. a message for which it has no traffic control state), the
ingress initiates admission control. For admission control, the
ingress sends an ADmission REQuest (ADREQ) message hop-by-hop through
the interior of the aggregating region to the egress (known from the
previous RSVP hop field in the RESV message). At each hop through
the region, the node attempts to admit the reservation. If admission
control succeeds at a node, the ADREQ message is forwarded unchanged
to the next hop. If admission control fails at a node, a failure
object is appended to the ADREQ message and then the message is
forwarded to the next hop. When the egress receives the ADREQ
message, it checks if any interior node appended a failure object to
the message. If there is no rejection information in the ADREQ
message, an ADMISSION REPLY (ADREP) message with an ADMITTED status
flag is sent back to the ingress. If there is a failure object in
the message, an ADREP message with a REJECTED status is sent back to
the ingress. The ingress will treat the ADREP message with a
REJECTED status as an admission control failure and a RSVP
reservation error will be sent out.
[FIGURE]
Figure 2: Admission control exchange of messages
There are three other possible approaches to aggregated admission
control that may be useful in certain types of network environments,
but which have serious limitations in general. One approach is to
put the admission control request and responses in RSVP reservation
messages. This approach is conceptually simpler than the above
scheme, but assumes that the reverse route (i.e. egress to ingress)
through the aggregating region is known. There are cases where this
holds, most notably in link state protocols, but in general this is
not the case.
Berson, Vincent Expiration: May 1998 [Page 9]
�
Internet Draft State Aggregation November 1997
The second approach to collecting admisson control information is an
RSVP path message which travels on the forward route from data
ingress to data egress. When this message is processed at each
interior node, admission control information is collected. The
accumulated admission control information is then included in a
corresponding RSVP reservation message from egress to ingress. The
main disadvantage with this scheme is that the service class is
generally not known only from path information. If a region offers
only a small number of services, it would be possible to include
admission control information for all of the services in the path
message, but this could be a large amount of information in general.
The third approach to collecting admission control information is by
out-of-band communication, e.g. as part of routing protocols. In
this case, the ingress site can do the admission control based on the
out-of-band communication. Further work is needed in this area.
The remainder of this section shows the additions to RSVP to support
our approach; using separate ADREQ and ADREP messages in the
aggregating region.
3.1 RSVP messages
Two new RSVP message types would be needed for RSVP messages,
admission request (ADREQ) and admission reply (ADREP). The ADREQ
is used by an ingress to set up the reservation across the
aggregating region, while the ADREP is used by the egress to
report that the reservation has succeeded or not.
In addition to new message types, an admission control object
(ADMISSION), and an admission control status (STATUS) object types
are needed. The ADMISSION object and zero or more STATUS objects
are included as part of a ADREQ or ADREP message. The ADMISSION
object contains a common object header, the IP address of the
ingress, a handle from the ingress node, and some flags. The
handle is included by the ingress node on initiating aggregated
admission control and is used to uniquely identify reservation
state on the ingress. The STATUS object has a common header, an
IP address, and a load status. The IP address is the address of
the node supplying the load report, while the load status is the
measured load from a node.
The format of the ADREQ and ADREP messages are very simple and are
as follows:
::=
Berson, Vincent Expiration: May 1998 [Page 10]
�
Internet Draft State Aggregation November 1997
status_report ::= |
::=
When an ingress receives a new RSVP RESV message (and local
admission control is successful), the ingress initiates aggregated
admission control by sending an ADREQ message. The FLOWSPEC from
the RESV message is used in the ADREQ message, as well as an
ADMISSION object containing a handle chosen by the ingress.
On receiving an ADREQ message, an interior router will perform
admission control based on the measured load and the FLOWSPEC
object. If the router is too congested to accept a flow, the
rejecting router adds its address and measured load information to
a STATUS object which is appended to the ADREQ message. The ADREQ
message eventually arrives at the egress with a (possibly empty)
list of STATUS objects, containing the address and measured load
of nodes that are congested. The egress will set the flags in the
ADMISSION object and then return the ADMISSION object and the list
of STATUS objects in an ADREP message unicasted to the ingress.
The ingress will locate the reservation state block by using the
handle in the ADMISSION object. Then the ingress will check the
ADREP message for any status objects. If there are any STATUS
objects the ingress will reject the reservation and send a
reservation error message downstream. If there are no STATUS
objects in the ADREP message then the ingress will accept the
reservation and the RESV message will be forwarded upstream.
Note that if either an ADREQ or an ADREP message is lost, then the
ingress behaves as a router that lost an RSVP reservation message.
The ingress will wait until the reservation message is refreshed
and then send a new ADREQ. It would also be possible to resend an
ADREQ after a configurable amount of time.
struct {
Object_header header;
struct in_addr ingress;
Handle handle;
int flags;
} ADMISSION;
#define ADMITTED 1
#define REJECTED 0
struct {
Object_header header;
struct in_addr sess;
Load load;
Berson, Vincent Expiration: May 1998 [Page 11]
�
Internet Draft State Aggregation November 1997
} STATUS;
#define RSVP_ADREQ 11
#define RSVP_ADREP 12
4. Reserved traffic congestion
One last issue is how to deal with traffic congestion in reserved
traffic classes. Congestion is typically detected in an ADREQ/ADREP
message. Similar to the load threshold for admission, there can be a
load threshold for congestion which is higher.
There are two ways that admitted load can cause high levels of
congestion on a router, measurement based admission control failure
and link failure. Measurement based admission control failure occurs
due to past load not being representative of the future. For
example, if many idle reserved sources become very active at the same
time, some links may become overloaded. Link failure is caused by a
link being declared down and a new set of routes are generated. The
traffic that was traversing the failed link may now be added to an
already heavily loaded link. In both of these cases, links may
become overcommitted.
For small amounts of congestion, reserved traffic can preempt best
effort traffic, i.e. best effort traffic packets are dropped, but new
admission control requests are rejected. For larger amounts of
congestion, reserved packets need to be dropped of reservations need
to be preepted. For link failure in a per-flow IS state network, the
setup protocol would typically use reservation preempting (while
admission control mistakes are expected not to happen). With
aggregated IS state, the point at which the routing changes may not
have setup protocol state. Thus a node typically cannot distinguish
an overload caused by a link failure from one caused by transient
heavy congestion. The response is the same for either cause of
congestion; Ingress nodes in this case will need to preempt
reservations.
5. Acknowledgements
This Internet Draft is the result of discussions with many people
particularly Bob Braden, Bob Lindell, Deborah Estrin, and Daniel
Zappala.
REFERENCES
[1] Braden, R., Zhang, L., Berson, S., Herzog, S., and Jamin, S.,
"Resource ReSerVation Protocol (RSVP) -- Version 1 Functional
Specification," RFC 2205, September 1997.
Berson, Vincent Expiration: May 1998 [Page 12]
�
Internet Draft State Aggregation November 1997
[2] Braden, R., Clark, D., and Shenker, S., "Integrated Services in the
Internet Architecture: an Overview," RFC 1633, June 1994.
[3] Floyd, S., and Jacobson, V., "Link-sharing and Resource Management
Models for Packet Networks," IEEE/ACM Transactions on Networking,
Vol. 3 No. 4, pp. 365-386, August 1995.
[4] Jamin, S., Shenker, S., and Danzig, P., "Comparison of Measurement-
based Admission Control Algorithms for Controlled-Load Service,"
Infocomm '97.
[5] Rampal, S., "Flow Grouping for Reducing Reservation Requirements for
Guaranteed Delay Service," Internet Draft, December 1996.
Security Considerations
Security considerations have not been addressed in this draft.
Author's Address
Steven Berson
USC Information Sciences Institute
4676 Admiralty Way
Marina del Rey, CA 90292
Phone: +1 310 822 1511
EMail: berson@isi.edu
Subramaniam Vincent
USC Information Sciences Institute
4676 Admiralty Way
Marina del Rey, CA 90292
Phone: +1 310 822 1511
EMail: svincent@isi.edu
Berson, Vincent Expiration: May 1998 [Page 13]
�