Internet Draft Internet Engineering Task Force K. Nichols Differentiated Services Working Group Cisco Systems Internet Draft Brian Carpenter Expires in August, 2000 IBM draft-ietf-diffserv-ba-def-01.txt February, 2000 Definition of Differentiated Services Behavior Aggregates and Rules for their Specification <draft-ietf-diffserv-ba-def-01.txt> Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other doc- uments at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This document is a product of the Diffserv working group. Com- ments on this draft should be directed to the Diffserv mailing list. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http:// www.ietf.org/shadow.html. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract The diffserv WG has defined the general architecture for differen- tiated services (RFC 2475) and has been focused on the definition and standardization of the "per-hop forwarding behaviors" (or PHBs) required in routers (RFCs 2474, 2597, and 2598). The dif- ferentiated services framework creates services within a network by applying rules at the edges in the creation of traffic aggregates (known as Behavior Aggregates) coupled with the forwarding path behavior. The WG has also discussed the behavior required at diffserv network edges or boundaries for conditioning the aggregates, elements such as policers and shapers [MODEL, MIB]. A major feature of diffserv is that only the components applying the rules at the edge need to be changed in response to short-term changes in QoS goals in the network, rather than reconfiguring the interior behaviors. Nichols and Carpenter Expires: August, 2000 [page 1 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 The next step for the WG is to lay out how the forwarding path components (PHBs, classifiers, and traffic conditioners) can be used within the architectural framework to compose specific Behavior Aggregates. These BAs should have properties such that the transit of individual packets of a BA through a differentiated services network can be characterized by specific metrics. How- ever, no microflow information should be required as packets transit a differentiated services network. This document defines and discusses Behavior Aggregates in detail and lays out the format and required content for contribu- tions to the Diffserv WG on BAs and the rules that will be applied for individual BA specifications to advance as WG products. This format is specified to expedite working group review of BA sub- missions. A pdf version of this document is available at: ftp://ftp- eng.cisco.com/ftp/kmn-group/docs/BA_def.pdf. Table of Contents 1. Introduction................................................ 2 2. Some Definitions from RFC 2474.............................. 3 3. The Value of Defining Edge-to-Edge BAs...................... 3 4. Understanding Diffserv Behavior Aggregates.................. 4 5. Format for Specification of Diffserv Behavior Aggregates.... 6 6. Structuring BAs to Meet Expectations........................ 7 7. Reference Behavior Aggregates............................... 10 8. Sketchy Examples of Creating and Using BAs.................. 11 9. Procedure for submitting BAs to Diffserv WG................. 12 10 Acknowledgements............................................ 13 1.0 Introduction Differentiated Services allows an approach to IP QoS that is mod- ular, high performance, incrementally deployable, and scalable [RFC2475]. Although an ultimate goal is interdomain quality of service, there remain many untaken steps on the road to achieving this goal. One essential step, the evolution of the business models for interdomain QoS, will necessarily develop outside of the IETF. A goal of the diffserv WG is to provide the firm technical foundation that allows these business models to develop. Nichols and Carpenter Expires: August, 2000 [page 2 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 The Diffserv WG has finished the first phase of standardizing the behaviors required in the forwarding path of all network nodes, the per-hop forwarding behaviors or PHBs. The PHBs defined in RFCs 2474, 2597 and 2598 give a rich toolbox for differential packet handling. Although business models will have to evolve over time, there are technical issues in moving "beyond the box" that lead to QoS models within a single network, i.e., not crossing administrative domain boundaries. Providing QoS within a single network is useful in itself and will provide useful deployment experience for further IETF work as well as for the evolution of business models. This step is critical in the evolution of Diffserv QoS and should ultimately provide the technical input that will aid in the construction of business models. The ultimate goal of creating end to end QoS in the Internet imposes the requirement that we can create and quantify a behavior for a group of packets that is preserved when they are aggregated with other packets. Once packets have crossed the DS boundary, adherence to the diffserv framework makes it possible to group packets solely according to the behavior they receive at each hop. This approach has well-known scaling advantages, both in the forwarding path and in the control plane. Less well recognized is that these scaling properties only result if the per-hop behavior definition gives rise to a particular type of invariance under aggregation. Since the per- hop behavior must be the same for every node in the domain while the set of packets marked for that PHB may be different at every node, a PHB should be defined such that its treatment of packets of a behavior aggregate doesn't change when other pack- ets join or leave the BA. If the properties of a BA using a particu- lar PHB hold regardless of how the aggregate mutates as it traverses the domain, then that BA scales. If there are limits to where the properties hold, that translates to a limit on the size or topology of a DS domain that can use that BA. Although useful single-link BAs might exist, BAs that are invariant with network size or that have simple relationships with network size and whose properties can recovered by reapplying rules (that is, form- ing another diffserv boundary or edge to re-enforce the rules for the aggregate) are needed for building scalable end-to-end quality of service. There is a clear distinction between the definition of a Behavior Aggregate in a DS domain and a service that might be specified in a Service Level Agreement. The BA definition is a technical building block that couples rules, specific PHBs, and configura- tions with specific observable characteristics. These definitions are intended to be useful tools in configuring DS domains, but the BA (or BAs) used by a provider are not expected to be visible to customers any more than the specific PHBs employed in the pro- vider's network would be. QoS providers are expected to select their own measures to make customer-visible in contracts and these may be stated quite differently from the characteristics in a BA definition. Similarly, specific BAs are intended as tools for Nichols and Carpenter Expires: August, 2000 [page 3 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 ISPs to construct differentiated services offerings; each may choose different sets of tools, or even develop their own, in order to achieve particular externally observable metrics. This document defines Differentiated Services Behavior Aggre- gates more precisely than past documents and specifies the format that must be used for submissions of particular Behavior Aggre- gates to the Diffserv WG. 2.0 Some Definitions from RFC 2474 The following definitions are stated in RFCs 2474 and 2475 and are repeated here for easy reference: Behavior Aggregate: a collection of packets with the same codepoint crossing a link in a particular direction. The terms "aggregate" and "behavior aggregate" are used interchangeably in this document. Differentiated Services Domain: a contiguous portion of the Internet over which a consistent set of differentiated services policies are administered in a coordinated fashion. A differentiated services domain can represent different administrative domains or autono- mous systems, different trust regions, different network technologies (e.g., cell/frame), hosts and routers, etc. Also DS domain. Differentiated Services Boundary: the edge of a DS domain, where classifiers and traffic conditioners are likely to be deployed. A diff- erentiated services boundary can be further sub-divided into ingress and egress nodes, where the ingress/egress nodes are the downstream/ upstream nodes of a boundary link in a given traffic direction. A differentiated services boundary typically is found at the ingress to the first-hop differentiated services-compliant router (or network node) that a host's packets traverse, or at the egress of the last-hop differentiated services-compliant router or network node that packets traverse before arriving at a host. This is sometimes referred to as theboundary at a leaf router. A differentiated services boundary may be co-located with a host, subject to local policy. Also DS boundary. 3.0 The Value of Defining Edge-to-Edge BAs Networks of DS domains can be connected to create end-to-end services, but where DS domains are independently administered, the evolution of the necessary business agreements and future sig- naling arrangements will take some time. Early deployments will be within a single administrative domain. The specification of the transit expectations of behavior aggregates across DS domains both assists in the deployment of that single-domain QoS and will help enable the composition of end-to-end, cross domain services to proceed. Putting aside the business issues, the same technical issues that arise in interconnecting DS domains with homoge- neous administration will arise in interconnecting the autono- mous systems (ASs) of the Internet. Today's Internet is composed of multiple independently adminis- Nichols and Carpenter Expires: August, 2000 [page 4 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 tered domains or Autonomous Systems (ASs), represented by the circles in figure 1. To deploy ubiquitous end-to-end quality of ser- vice in the Internet, a business models must evolve that include issues of charging and reporting that are not in scope for the IETF. In the meantime, there are many possible uses of quality of service within an AS and the IETF can address the technical issues in creating an intradomain QoS within a Differentiated Services framework. In fact, this approach is quite amenable to incremental deployment strategies. Figure 1: Interconnection of ASs and DS Domains A single AS (for example, B in figure 1) may be composed of subnetworks and, as the definition allows, these can be separate DS domains. For a number of reasons, it might be useful to have multiple DS domains in an AS, most notable being to follow topological and/or technological boundaries and to separate the allocation of resources. If we confine ourselves to the DS bound- aries between these "interior" DS domains, we avoid the non- technical problems of setting up a service and can address the issues of creating characterizable behavior aggregates. The incentive structure for differentiated services is based on upstream domains ensuring their traffic conforms to agreed upon rules and downstream domains enforcing that conformance so that characteristics of behavior aggregates might sensibly be com- puted. The filled in boxes in figure 1 represent the conformance ensurers (e.g., shapers) and conformance enforcers (e.g., polic- ers). Although we expect that policers and shapers will be required at the boundaries of ASs, they might appear anywhere, or nowhere, inside the AS. Thus, the boxes at the DS boundaries internal to the AS may or may not condition traffic. Understand- ing behavior under aggregation will result in guidelines for the placement of DS boundaries. 4.0 Understanding Diffserv Behavior Aggregates 4.1 Defining BAs In this section we expand on the definition of Behavior Aggre- gates given in RFCs 2474 and 2475. Those RFCs define a Differ- entiated Services Behavior Aggregate as "a collection of packets with the same DS codepoint crossing a link in a particular direc- tion" and further state that packets with the same DSCP get the same per-hop forwarding treatment (or PHB) everywhere inside a single DS domain. Note that even if multiple DSCPs map to the same PHB, this must hold for each DSCP individually. Within a DS domain, BAs are formed by the application of rules to packets arriving at the DS boundary, through classification and traffic conditioning. Packets that conform to the rules are marked with the same DSCP (or a known set of DSCPs) within a domain. In the interior of a DS domain, where DSCPs should not be Nichols and Carpenter Expires: August, 2000 [page 5 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 remarked, as there are no rules being applied. Though a DS domain may be as small as a single node, more complex topolo- gies are expected to be the norm, thus the BA's definition must hold as it is split and merged on the interior links of a DS domain. Packet flow in a network is not part of the BA definition; the application of rules as packets enter the DS domain and the con- sistent PHB through the DS domain must suffice. (Though limits can be put on the applicability of a specific BA.) Associated with each BA are measurable, quantifiable, character- istics which can be used to describe what will happen to packets of that BA as they cross the DS domain. These expectations derive from the rules that are enforced during the entry of packets into the DS domain (the creation of the BA) and the forwarding treatment (PHB) the BA gets inside the cloud. They may be abso- lute or statistical bounds and they may be parameterized by net- work properties. 4.2 Constructing BAs Generally, the forwarding path of a DS domain is configured to meet the network operator's traffic engineering goals for the domain, independently of the performance goals for a particular flow of a BA. Once the interior is configured, the rules on allocat- ing BAs come from meeting the desired performance goals sub- ject to that configuration of link schedulers and bandwidth. The rules at the edge may be altered by provisioning or admission control but the decision about which to use and how to apply the rules comes from matching performance to goals. For example, consider the diffserv domain of figure 1. A BA which specifies explicit bounds on loss must have rules at the edge to ensure that, on the average, no more packets are admitted than can emerge. As the network can contain queues, input traffic may not equal the output traffic over all timescales. However the averaging timescale should not exceed what might be expected for reasonably sized buffering inside the network. Thus if we allow bursts to arrive into the interior of the network, we must know there is enough capacity to ensure that losses don't exceed the BA's bound. Note that explicit bounds on the loss level can be particularly difficult as the exact way in which packets of a partic- ular BA merge inside the network affect the aggregate burstiness and hence, loss. PHBs give explicit expressions of what treatment a BA can expect from each hop. This behavior must continue to apply under aggregation of merging BA flows. Explicit expressions of what happens to this behavior under aggregation, possibly param- eterized by node in-degrees or network diameters are required. This allows us to determine what to do at internal aggregation points. For example, do we reapply edge rules? Characterizing a BA requires exploring what happens to a PHB Nichols and Carpenter Expires: August, 2000 [page 6 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 under aggregation. Rules must be recursively applied to result in a known behavior. As an example, since maximum burst sizes grow with the number of microflows or BA flows merged, a BA speci- fication must address this. A clear advantage of constructing behaviors that aggregate is the ease of building up BAs that span interior DS domains and eventually farther. For example, a BA with known properties that crosses an interior DS domain of AS B in figure 1, can be merged with the same type of BA at the inte- rior shaded routers. Using the same (or fewer) rules as were applied to create the BA at the entrance to AS B, there should be confidence that the BA can continue to be quantified by the expected behavior. The specification of the transit expectations of behavior aggre- gates across domains both assists in the deployment of QoS within a DS domain and helps enable the composition of end-to- end, cross-domain services to proceed. 4.3 Forwarding path vs. control plane for BAs The PHB and the edge rules that form and condition BAs are in the forwarding path and take place at line rates while the configu- ration of the DS domain edge to enforce rules on who goes into a BA and how the BA should behave temporally is done by the con- trol plane on a very different time scale. For example, configura- tion of PHBs might only occur monthly or quarterly. The edge rules might be reconfigured at a few regular intervals during the day or might happen in response to signalling decisions thou- sands of times a day. Even at the shortest time scale, control plane actions are not expected to happen per-packet. Much of the con- trol plane work is still evolving and is outside the charter of the Diffserv WG since how the configuration is done and at what time scale it is done should not affect the characteristics of the BA. 5.0 Format for Specification of Diffserv Behavior Aggregates Behavior Aggregates arise from a particular relationship between edge and interior (which may be parameterized). The quantifiable characteristics of a BA MUST be independent of whether the net- work edge is configured statically or dynamically. The particular configuration of traffic conditioners at the DS domain edge is critical to how a BA performs, but the act(s) of configuring the edge is a control plane action which can be separated from the specification of the BA. The following sections must be present in any specification of a Differentiated Services Behavior Aggregate. Of necessity, their length and content will vary greatly. 5.1 Applicability Statement All BAs must have an applicability statement that outlines the Nichols and Carpenter Expires: August, 2000 [page 7 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 intended use of this BA and the limits to its use. 5.2 Rules This section describes the rules to be followed in the creation of this BA. Rules should be distinguished with MAY, MUST, and SHOULD. The rules specify the edge behavior and configuration and the PHB (or PHBs) to be used and any additional require- ments on their configuration beyond that contained in RFCs. 5.3 Characteristics The characteristics of a BA tell how it behaves under ideal condi- tions if configured in a specified manner (where the specification may be parameterized). Characteristics of a BA might be drop rate, throughput, delay bounds measured over some time period. They may be absolute bounds or statistical bounds (e.g., "90% of all packets measured over intervals of at least 5 minutes will cross the DS domain in less than 5 milliseconds"). A wide variety of characteristics may be used but they MUST be explicit, quantifi- able, and defensible. Where particular statistics are used, the doc- ument must be precise about how they are to be measured and about how the characteristics were derived. Advice to a network operator would be to use these characteris- tics as guidelines in creating a service specification rather than use them directly. For example, a "loss-free" BA would probably not be sold as such, but rather as a service with a very small packet loss probability. 5.4 Parameters The definition and characteristics of a BA MAY be parameterized by network-specific features; for example, maximum number of hops, minimum bandwidth, total number of entry/exit points of the BA to/from the diffserv network, maximum transit delay of network elements, minimum buffer size available for the BA at a network node, etc. 5.5 Assumptions In most cases, BAs will be characterized assuming lossless links, no link failures, and relatively stable routing. This is reasonable since otherwise it would be very difficult to quantify behavior. However, these assumptions must be clearly stated. If additional restrictions, e.g., route pinning, are required, these must be stated. Some BAs may be developed without these assumptions, e.g., for high loss rate links, and these must also be made explicit. Further, if any assumptions are made about the allocation of resources within a diffserv network in the creation of the aggre- gate, these must be made explicit. Nichols and Carpenter Expires: August, 2000 [page 8 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 5.6 Example Uses A BA specification must give example uses to motivate the under- standing of ways in which a diffserv network could make use of the BA although these are not expected to be detailed. For exam- ple, "A bulk handling behavior aggregate may be used for all packets which should not take any resources from the network unless they would otherwise go unused. This might be useful for Netnews traffic or for traffic rejected from some other BA due to violation of that BA's rules." 5.7 Environmental Concerns (media, topology, etc.) Note that it is not necessary for a provider to expose what Behav- ior Aggregate (if a commonly defined one) is being used nor is it necessary for a provider to specify the service by the BA's charac- teristics. For example, a service provider might use a BA with a "no queueing loss" characteristic in order to specify a "very low loss" service. This section is to inject realism into the characteristics described above. Detail the assumptions made there and what constraints that puts on topology or type of physical media or allocation. 6.0 Structuring BAs to Meet Expectations Associated with each BA is an expectation: measurable, quantifi- able, characteristics which can be used to describe what will hap- pen to packets of that BA as they cross the domain. These expectations result directly from the application of rules enforced during the creation of the BA and/or its entry into the domain and the forwarding treatment (PHB) packets of the BA get inside the domain. There are many ways in which traffic might be distrib- uted, but creating a quantifiable, realizable service across the DS domain will limit the scenarios which can occur. There is a clear correlation between the strictness of the rules and the quality of the characterization of the BA. There are two kinds of BA properties to consider. First are the properties over "long" time periods, or average behaviors. In a description of a BA, these would be the rates or throughput seen over some specified time period. The second set of properties has to do with the "short" time behavior, usually expressed as the allowable burstiness in an aggregate. The short time behavior is important is understanding the buffering (and associated loss characteristics) and in quantifying how the BA aggregates, either within a DS domain or at the boundaries. For short-time behavior, we are interested primarily in two things: 1) how many back-to- back packets of this BA will we see at any point (this would be metered as a burst) and 2) how large a burst of packets of this BA can appear in a queue at once (gives queue overflow and loss). Put simply, a BA specification should provide the answer to the Nichols and Carpenter Expires: August, 2000 [page 9 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 question: Under what conditions can we join the output of this domain to another under the same rules and expectations? 6.1 Considerations in specifying long-term or average BA characteristics To make this more concrete, consider the DS domain of figure 2. First consider the average or long-term behavior that must be specified for a target BA which we designate as BAx. Can the DS domain handle the average traffic flow? Is that answer topology- dependent or are there some specific assumptions on routing which must hold for BAx to preserve its "adequately provi- sioned" capability? In other words, if the topology of D changes suddenly, will the properties of BAx change? Will the loss rate of BAx dramatically increase? Figure 2: ISP and DS domain D connected in a ring and connected to DS domain E Let figure 2 be an ISP ringing the U.S. with links of bandwidth B and with N tails to various metropolitan areas. If the link between the node connected to A and the node connected to Z were to go down, causing all the BAx traffic between the two to transit the entire ring, would the bounded behavior of BAx change? If some node of the ring now has a larger arrival rate to one of its links than the capacity of the link for BAx, clearly the loss rate would change dramatically. In that case, there were topological assump- tions made about the path of the traffic from A to Z that affected the characteristics of BAx. Once these no longer hold, any assumptions on the loss rate of packets of BAx crossing the domain would change; for example, a characteristic such as "loss rate no greater than 1% over any interval larger than 10 minutes" would no longer hold. A BA specification should spell out the assumptions made on preserving the characteristics. 6.2 Considerations in specifying short-term or bursty BA characteristics Next, consider the short-time behavior of a BA, specifically whether permitting the maximum bursts to add in the same man- ner as the average rates will lead to properties that aggregate or under what rules this will lead to properties that aggregate. In our example, if domain D allows each of the uplinks to burst of p packets into BAx, they could accumulate as they transit the ring. For packets headed for link L, back-to-back BAx packets can come from both directions and arrive at the same time. If the bandwidth of link L is the same as the links of the ring, this prob- ably does not present a buffering problem. If there are two input links that can send packets to queue for L, at worst, two packets can arrive simultaneously for L. If the bandwidth of link L equals or exceeds twice B, the packets won't accumulate. Further, if p is limited to one, and the bandwidth of L exceeds the rate of arrival (over the longer term) of BAx packets (required for bounding the Nichols and Carpenter Expires: August, 2000 [page 10 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 loss) then the queue of BAx packets for link L will empty before new packets arrive. If the bandwidth of L is equal to B, one packet of BAx must queue while the other is transmitted. This would result in N x p back-to-back packets of BAx arriving over L dur- ing the same time scale as the bursts of p were permitted on the uplinks. Link L should be configured to handle the sum of the rates that ingress to BAx, but that doesn't guarantee that it can handle the sum of the N bursts into BAx. If the bandwidth of L is less than B, then the link must buffer Nxpx(B-L)/B BAx packets to avoid loss. If BAx is getting less than the full bandwidth L, this number is larger. For probabilistic bounds, a smaller buffer might do if the probability of exceeding it can be bounded. More generally, for router indegree of d, bursts of BAx packets might arrive on each input. Then, in the absence of any additional rules, it is possible that dxpx(# of uplinks) back-to-back BAx packets can be sent across link L to domain E. Thus the DS domain E must permit these much larger bursts into BAx than domain D permits on the N uplinks or else the flow of BAx pack- ets must be made to conform to the rules for entering E (e.g., by shaping). What conditions should be imposed on a BA and on the PHBs which carry it in order to ensure BAs that can be interconnected as across the interior DS domains of figure 1? Edge rules for con- structing a BA that has certain characteristics across a DS domain should apply independently of the origin of the packets. With ref- erence to the example we've been exploring, the rules for a BA entering link L into domain E should not depend on the number of uplinks into domain D. 6.3 Example Consider where all the uplinks have the same bandwidth B and link L has bandwidth L which is less than or equal to B. Flows of BAx packets from the N uplinks each have average rate R and are destined to cross L. If only a fraction a of link L is allocated to BAx, then R =axL/N fits the average rate constraint. If each of the N flows can have a burst of p packets and half the flows transit the ring in each direction, then 2xp packets can arrive at the BAx queue for link L in time it took to transmit p packets on the ring, p/B. Although the link scheduler for link L might allow the burst of packets to be transmitted at the line rate L, after the burst allot- ment has been exceeded, the queue should be expected to clear at only rate axL. Then consider the packets that can accumulate. It takes 2xp/(axL) to clear the queue of BAx packets. In that time, bursts of p packets from the other uplinks can arrive from the ring, so the packets do not even have to be back-to-back. Even if the packets do not arrive back-to-back, but are spaced by less time than it takes to clear the queue of BAx packets, either the required buffer size can become large or the burst size of BAx entering E Nichols and Carpenter Expires: August, 2000 [page 11 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 across L becomes large and is a function of N, the number of uplinks of domain D. Let L = 1.5 Mbps, B = 45 Mbps, a = 1/3, N=10, p = 3. Suppose that the bursts from two streams of BAx arrive at the queue for link L very close together. Even if 3 of the packets are cleared at the line rate of 1.5 Mbps, there will be 3 packets remaining to be serviced at a 500 kbps rate. In the time allocated to send one of these, 9 packets can arrive on each of the inputs from the ring. If any non-zero number of these 18 packets are of BAx, the queue size will not reduce. If two more bursts (6 of the 18 packets) arrive, the queue increases to 8 packets. Thus, it's possible to build up quite a large queue, one likely to exceed the buffer allo- cated for BAx. The rate bound means that each of the uplinks will be idle for the time to send three packets at 50 kbps, possibly by policing at the ring egress, and thus the queue would eventually decrease and clear, however, the queue at link L can still be very large. There may be BAs where the intention is to permit loss, but in that case, it should be constructed so as to provide a probabilis- tic bound for the queue size to exceed a reasonable buffer size of one or two bandwidth-delay products. Alternatively or addition- ally, rules can be used that bound the amount of BAx that queues by limiting the burst size at the ingress uplinks to one packet, resulting in a maximum queue of N or 10 or to impose additional rules on the creation of the aggregate, such as intermediate shap- ing. 7.0 Reference Behavior Aggregates The intent of this section is to define one or a few "reference" BAs; certainly a Best Effort BA and perhaps others. This section is very preliminary at this time and meant to be the starting point for discussion rather than its end. These are BAs that have little in the way of rules or expectations. 7.1 Best Effort Behavior Aggregate 7.1.1 Applicability A Best Effort (BE) BA is for sending "normal internet traffic" across a diffserv network. That is, the definition and use of this BA is to preserve, to a reasonable extent, the pre-diffserv delivery expectation for packets in a diffserv network that do not require any special differentiation. 7.1.2 Rules There are no rules governing rate and bursts of packets beyond the limits imposed by the ingress link. At each network node in the interior of the network, packets marked for this BA are given the Default PHB (as defined in [RFC2474]). 7.1.3 Characteristics of this BA Nichols and Carpenter Expires: August, 2000 [page 12 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 "As much as possible as soon as possible". Packets of this BA will not be completely starved and when resources are available, this BA should be configured to consume them. Although some network operators may bound the delay and loss rate for this aggregate given knowledge about their network, such characteristics are not required. 7.1.4 Parameters None. 7.1.5 Assumptions A properly functioning network. 7.1.6 Example uses 1. For the normal Internet traffic connection of an organization. 2. For the "non-critical" Internet traffic of an organization. 7.2 Bulk Handling Behavior Aggregate 7.2.1 Applicability A Bulk Handling (BH) BA is for sending extremely non-critical traffic across a diffserv network. There should be an expectation that these packets may be delayed or dropped when other traffic is present. 7.2.2 Rules There are no rules governing rate and bursts of packets beyond the limits imposed by the ingress link. At each network node in the interior of the network, packets marked for this BA are given a CS or AF PHB configured so that it may be starved when other traffic is present. 7.2.3 Characteristics of this BA Packets are forwarded when there are idle resources. 7.2.4 Parameters None. 7.2.5 Assumptions A properly functioning network. Nichols and Carpenter Expires: August, 2000 [page 13 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 7.2.6 Example uses 1. For Netnews and other "bulk mail" of the Internet. 2. For "downgraded" traffic from some other BA. 8.0 Sketchy Examples of Creating and Using BAs There is a clear interaction between the number and strictness of the rules and the number and strictness of quantifiable character- istics for a BA. Examples of more strictly defined BAs will be necessary to make this document's definitions clearer. This is being addressed in two ways. One, a companion document is in preparation defining a BA that uses the EF PHB and is related to the VLL described in [RFC2598]. In addition, this section includes two "sketchy" examples to motivate thinking and discus- sion on BAs. The following examples are illustrative rather than exhaustive or even complete. The following should be looked at as "mythical" BAs that may never see the light of day and will likely not appear in future revi- sions of this document. 8.1 Loss Tolerant Provisioned A loss-tolerant provisioned BA is useful for statistically provi- sioning a BA whose packets should have low delay, but are loss- tolerant. Rules for this aggregate are that entering composite BAs must not exceed a peak rate of Rp and may not burst more than two MTU packet-times at Rp. The BA uses CS3, selected by DSCP03 and configured so that its minimum share of all internal links is Smin (in bps), running active queue management with a low threshold (defined in time rather than packets) and a small maximum queue size (also in time). Characteristics of this BA: Some 90th percentile bound on loss and delay. Parameterized by Smin and Rp. The sum of all the Rp should be on the order of some over provisioning factor (larger than 1). Assumptions on these characteristics are that the network is oper- ating under ideal conditions. 8.2 Preferred A Preferred BA is for provisioning traffic so as to give low-load performance across a DS domain. The rules governing it are that the packets of this BA arriving over any ingress to the domain are average rate-limited to Ra with a maximum burst size of Bmax. The BA uses CS4, selected by DSCP04 and configured so that its minimum share of all internal links is Smin (in bps) and the sum of all Ra < Smin. Characteristics of this BA: Nichols and Carpenter Expires: August, 2000 [page 14 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 Probabilistic bounds based on the sum of all allocated rates and the burst size. Throughput measured over 5 minute intervals will be at least Ra. Assumptions on these characteristics are that the network is oper- ating under ideal conditions. Example uses: 1. A voice service where customer is guaranteed a conformant packet loss rate of less than 0.5% and a latency bound of 20 ms, 99th percentile jitter less than 2 packet-times, median jitter of less than a packet-time across the domain. 2. A "leased line replacement" where the customer is guaranteed to receive throughput performance indistinguishable from a leased line at Rp with a per-packet delay of less than 20 msec through the cloud. 9.0 Procedure for submitting BAs to Diffserv WG 1. Following the guidelines of this document, write a draft and submit it as an Internet Draft and bring it to the attention of the WG mailing list. 2. Initial discussion on the WG should focus primarily on the merits of such a BA, though comments and questions on the claimed characteristics are reasonable. 3. Once consensus has been reached on a version of a draft that it is a useful BA and that the characteristics "appear" to be correct (i.e., not egregiously wrong) that version of the draft goes to a review panel the WG Co-chairs set up to audit and report on the characteristics. The review panel will be given a deadline for the review. The exact timing of the deadline will be set on a case-by- case basis by the co-chairs to reflect the complexity of the task and other constraints (IETF meetings, major holidays) but is expected to be in the 4-8 week range. During that time, the panel may correspond with the authors directly (cc'ing the WG co- chairs) to get clarifications. This process should result in a revised draft and/or a report to the WG from the panel that either endorses or disputes the claimed characteristics. 4. If/when endorsed by the panel, that draft goes to WG last call. If not endorsed, the author(s) can give a itemized response to the panel's report and ask for a WG Last Call. 5. If/when passes Last Call, goes to ADs for publication as a WG Informational RFC in our "BA series". Nichols and Carpenter Expires: August, 2000 [page 15 ] INTERNET DRAFT draft-ietf-diffserv-ba-def-01.txt February, 2000 10.0 Acknowledgements The ideas in this document have been heavily influenced by the Diffserv WG and, in particular, by discussions with Van Jacob- son, Dave Clark, Lixia Zhang, Geoff Huston, Scott Bradner, Randy Bush, Frank Kastenholz, Aaron Falk, and a host of other people who should be acknowledged for their useful input but not be held accountable for our mangling of it. 11.0 References [RFC2474] RFC 2474, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", K.Nichols, S. Blake, F. Baker, D. Black, www.ietf.org/ rfc/rfc2474.txt [RFC2475] RFC 2475, "An Architecture for Differentiated Ser- vices", S. Blake, D. Black, M.Carl- son,E.Davies,Z.Wang,W.Weiss, www.ietf.org/rfc/ rfc2475.txt [RFC2597] RFC 2597, "Assured Forwarding PHB Group", F. Baker, J. Heinanen, W. Weiss, J. Wroclawski, ftp:// ftp.isi.edu/in-notes/rfc2597.txt [RFC2598] RFC 2598, "An Expedited Forwarding PHB", V.Jacobson, K.Nichols, K.Poduri, ftp://ftp.isi.edu/in- notes/rfc2598.txt [MODEL] "A Conceptual Model for Diffserv Routers", draft-ietf- diffserv-model-01.txt, Bernet et. al. [MIB] "Management Information Base for the Differentiated Services Architecture", draft-ietf-diffserv-mib-01.txt, Baker et. al. Authors' Addresses Kathleen Nichols Brian E. Carpenter Cisco Systems IBM 170 West Tasman Drive c/o iCAIR San Jose, CA 95134-1706 Suite 150 1890 Maple Avenue email: kmn@cisco.com Evanston, IL 60201 USA EMail: brian@icair.org