Network Working Group                                    M. Brunner, Ed.
Request for Comments: 3726                                           NEC
Category: Informational                                       April 2004
        
Network Working Group                                    M. Brunner, Ed.
Request for Comments: 3726                                           NEC
Category: Informational                                       April 2004
        

Requirements for Signaling Protocols

信令协议的要求

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2004). All Rights Reserved.

版权所有(C)互联网协会(2004年)。版权所有。

Abstract

摘要

This document defines requirements for signaling across different network environments, such as across administrative and/or technology domains. Signaling is mainly considered for Quality of Service (Qos) such as the Resource Reservation Protocol (RSVP). However, in recent years, several other applications of signaling have been defined. For example, signaling for label distribution in Multiprotocol Label Switching (MPLS) or signaling to middleboxes. To achieve wide applicability of the requirements, the starting point is a diverse set of scenarios/use cases concerning various types of networks and application interactions. This document presents the assumptions before listing the requirements. The requirements are grouped according to areas such as architecture and design goals, signaling flows, layering, performance, flexibility, security, and mobility.

本文档定义了跨不同网络环境(如跨管理和/或技术领域)的信令要求。信令主要考虑服务质量(Qos),如资源预留协议(RSVP)。然而,近年来,已经定义了信令的一些其他应用。例如,多协议标签交换(MPLS)中标签分发的信令或到中间盒的信令。为了实现需求的广泛适用性,起点是关于各种类型的网络和应用程序交互的一组不同的场景/用例。本文件在列出要求之前提出了假设。需求根据架构和设计目标、信令流、分层、性能、灵活性、安全性和移动性等领域进行分组。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.1.  Keywords . . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  Terminology. . . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Problem Statement and Scope. . . . . . . . . . . . . . . . . .  6
   4.  Assumptions and Exclusions . . . . . . . . . . . . . . . . . .  8
       4.1.  Assumptions and Non-Assumptions. . . . . . . . . . . . .  8
       4.2.  Exclusions . . . . . . . . . . . . . . . . . . . . . . .  9
   5.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 10
       5.1.  Architecture and Design Goals. . . . . . . . . . . . . . 11
             5.1.1.  NSIS SHOULD Provide Availability Information
                     on Request . . . . . . . . . . . . . . . . . . . 11
             5.1.2.  NSIS MUST be Designed Modularly. . . . . . . . . 11
             5.1.3.  NSIS MUST Decouple Protocol and Information. . . 12
             5.1.4.  NSIS MUST Support Independence of Signaling and
                     Network Control Paradigm . . . . . . . . . . . . 12
             5.1.5.  NSIS SHOULD be Able to Carry Opaque Objects. . . 12
       5.2.  Signaling Flows. . . . . . . . . . . . . . . . . . . . . 12
             5.2.1.  The Placement of NSIS Initiator, Forwarder, and
                     Responder Anywhere in the Network MUST be
                     Allowed. . . . . . . . . . . . . . . . . . . . . 12
             5.2.2.  NSIS MUST Support Path-Coupled and MAY Support
                     Path-Decoupled Signaling . . . . . . . . . . . . 13
             5.2.3.  Concealment of Topology and Technology
                     Information SHOULD be Possible . . . . . . . . . 13
             5.2.4.  Transparent Signaling Through Networks SHOULD be
                     Possible . . . . . . . . . . . . . . . . . . . . 13
       5.3.  Messaging. . . . . . . . . . . . . . . . . . . . . . . . 13
             5.3.1.  Explicit Erasure of State MUST be Possible . . . 13
             5.3.2.  Automatic Release of State After Failure MUST be
                     Possible . . . . . . . . . . . . . . . . . . . . 14
             5.3.3.  NSIS SHOULD Allow for Sending Notifications
                     Upstream . . . . . . . . . . . . . . . . . . . . 14
             5.3.4.  Establishment and Refusal to set up State MUST
                     be Notified. . . . . . . . . . . . . . . . . . . 15
             5.3.5.  NSIS MUST Allow for Local Information Exchange . 15
       5.4.  Control Information. . . . . . . . . . . . . . . . . . . 16
             5.4.1.  Mutability Information on Parameters SHOULD be
                     Possible . . . . . . . . . . . . . . . . . . . . 16
             5.4.2.  It SHOULD be Possible to Add and Remove Local
                     Domain Information . . . . . . . . . . . . . . . 16
             5.4.3.  State MUST be Addressed Independent of Flow
                     Identification . . . . . . . . . . . . . . . . . 16
             5.4.4.  Modification of Already Established State SHOULD
                     be Seamless. . . . . . . . . . . . . . . . . . . 16
             5.4.5.  Grouping of Signaling for Several Micro-Flows
                     MAY be Provided. . . . . . . . . . . . . . . . . 17
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.1.  Keywords . . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  Terminology. . . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Problem Statement and Scope. . . . . . . . . . . . . . . . . .  6
   4.  Assumptions and Exclusions . . . . . . . . . . . . . . . . . .  8
       4.1.  Assumptions and Non-Assumptions. . . . . . . . . . . . .  8
       4.2.  Exclusions . . . . . . . . . . . . . . . . . . . . . . .  9
   5.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 10
       5.1.  Architecture and Design Goals. . . . . . . . . . . . . . 11
             5.1.1.  NSIS SHOULD Provide Availability Information
                     on Request . . . . . . . . . . . . . . . . . . . 11
             5.1.2.  NSIS MUST be Designed Modularly. . . . . . . . . 11
             5.1.3.  NSIS MUST Decouple Protocol and Information. . . 12
             5.1.4.  NSIS MUST Support Independence of Signaling and
                     Network Control Paradigm . . . . . . . . . . . . 12
             5.1.5.  NSIS SHOULD be Able to Carry Opaque Objects. . . 12
       5.2.  Signaling Flows. . . . . . . . . . . . . . . . . . . . . 12
             5.2.1.  The Placement of NSIS Initiator, Forwarder, and
                     Responder Anywhere in the Network MUST be
                     Allowed. . . . . . . . . . . . . . . . . . . . . 12
             5.2.2.  NSIS MUST Support Path-Coupled and MAY Support
                     Path-Decoupled Signaling . . . . . . . . . . . . 13
             5.2.3.  Concealment of Topology and Technology
                     Information SHOULD be Possible . . . . . . . . . 13
             5.2.4.  Transparent Signaling Through Networks SHOULD be
                     Possible . . . . . . . . . . . . . . . . . . . . 13
       5.3.  Messaging. . . . . . . . . . . . . . . . . . . . . . . . 13
             5.3.1.  Explicit Erasure of State MUST be Possible . . . 13
             5.3.2.  Automatic Release of State After Failure MUST be
                     Possible . . . . . . . . . . . . . . . . . . . . 14
             5.3.3.  NSIS SHOULD Allow for Sending Notifications
                     Upstream . . . . . . . . . . . . . . . . . . . . 14
             5.3.4.  Establishment and Refusal to set up State MUST
                     be Notified. . . . . . . . . . . . . . . . . . . 15
             5.3.5.  NSIS MUST Allow for Local Information Exchange . 15
       5.4.  Control Information. . . . . . . . . . . . . . . . . . . 16
             5.4.1.  Mutability Information on Parameters SHOULD be
                     Possible . . . . . . . . . . . . . . . . . . . . 16
             5.4.2.  It SHOULD be Possible to Add and Remove Local
                     Domain Information . . . . . . . . . . . . . . . 16
             5.4.3.  State MUST be Addressed Independent of Flow
                     Identification . . . . . . . . . . . . . . . . . 16
             5.4.4.  Modification of Already Established State SHOULD
                     be Seamless. . . . . . . . . . . . . . . . . . . 16
             5.4.5.  Grouping of Signaling for Several Micro-Flows
                     MAY be Provided. . . . . . . . . . . . . . . . . 17
        
       5.5.  Performance. . . . . . . . . . . . . . . . . . . . . . . 17
             5.5.1.  Scalability. . . . . . . . . . . . . . . . . . . 17
             5.5.2.  NSIS SHOULD Allow for Low Latency in Setup . . . 18
             5.5.3.  NSIS MUST Allow for Low Bandwidth Consumption
                     for the Signaling Protocol . . . . . . . . . . . 18
             5.5.4.  NSIS SHOULD Allow to Constrain Load on Devices . 18
             5.5.5.  NSIS SHOULD Target the Highest Possible Network
                     Utilization. . . . . . . . . . . . . . . . . . . 18
       5.6.  Flexibility. . . . . . . . . . . . . . . . . . . . . . . 19
             5.6.1.  Flow Aggregation . . . . . . . . . . . . . . . . 19
             5.6.2.  Flexibility in the Placement of the NSIS
                     Initiator/Responder. . . . . . . . . . . . . . . 19
             5.6.3.  Flexibility in the Initiation of State Change. . 19
             5.6.4.  SHOULD Support Network-Initiated State Change. . 19
             5.6.5.  Uni / Bi-directional State Setup . . . . . . . . 20
       5.7.  Security . . . . . . . . . . . . . . . . . . . . . . . . 20
             5.7.1.  Authentication of Signaling Requests . . . . . . 20
             5.7.2.  Request Authorization. . . . . . . . . . . . . . 20
             5.7.3.  Integrity Protection . . . . . . . . . . . . . . 20
             5.7.4.  Replay Protection. . . . . . . . . . . . . . . . 21
             5.7.5.  Hop-by-Hop Security. . . . . . . . . . . . . . . 21
             5.7.6.  Identity Confidentiality and Network Topology
                     Hiding . . . . . . . . . . . . . . . . . . . . . 21
             5.7.7.  Denial-of-Service Attacks. . . . . . . . . . . . 21
             5.7.8.  Confidentiality of Signaling Messages. . . . . . 22
             5.7.9.  Ownership of State . . . . . . . . . . . . . . . 22
       5.8.  Mobility . . . . . . . . . . . . . . . . . . . . . . . . 22
             5.8.1.  Allow Efficient Service Re-Establishment After
                     Handover . . . . . . . . . . . . . . . . . . . . 22
       5.9.  Interworking with Other Protocols and Techniques . . . . 22
             5.9.1.  MUST Interwork with IP Tunneling . . . . . . . . 22
             5.9.2.  MUST NOT Constrain Either to IPv4 or IPv6. . . . 23
             5.9.3.  MUST be Independent from Charging Model. . . . . 23
             5.9.4.  SHOULD Provide Hooks for AAA Protocols . . . . . 23
             5.9.5.  SHOULD work with Seamless Handoff Protocols. . . 23
             5.9.6.  MUST Work with Traditional Routing . . . . . . . 23
       5.10. Operational. . . . . . . . . . . . . . . . . . . . . . . 23
             5.10.1. Ability to Assign Transport Quality to Signaling
                     Messages . . . . . . . . . . . . . . . . . . . . 23
             5.10.2. Graceful Fail Over . . . . . . . . . . . . . . . 24
             5.10.3. Graceful Handling of NSIS Entity Problems. . . . 24
   6.  Security Considerations. . . . . . . . . . . . . . . . . . . . 24
   7.  Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 24
   8.  Appendix: Scenarios/Use Cases. . . . . . . . . . . . . . . . . 26
       8.1.  Terminal Mobility. . . . . . . . . . . . . . . . . . . . 26
       8.2.  Wireless Networks. . . . . . . . . . . . . . . . . . . . 28
       8.3.  An Example Scenario for 3G Wireless Networks . . . . . . 29
       8.4.  Wired Part of Wireless Network . . . . . . . . . . . . . 31
        
       5.5.  Performance. . . . . . . . . . . . . . . . . . . . . . . 17
             5.5.1.  Scalability. . . . . . . . . . . . . . . . . . . 17
             5.5.2.  NSIS SHOULD Allow for Low Latency in Setup . . . 18
             5.5.3.  NSIS MUST Allow for Low Bandwidth Consumption
                     for the Signaling Protocol . . . . . . . . . . . 18
             5.5.4.  NSIS SHOULD Allow to Constrain Load on Devices . 18
             5.5.5.  NSIS SHOULD Target the Highest Possible Network
                     Utilization. . . . . . . . . . . . . . . . . . . 18
       5.6.  Flexibility. . . . . . . . . . . . . . . . . . . . . . . 19
             5.6.1.  Flow Aggregation . . . . . . . . . . . . . . . . 19
             5.6.2.  Flexibility in the Placement of the NSIS
                     Initiator/Responder. . . . . . . . . . . . . . . 19
             5.6.3.  Flexibility in the Initiation of State Change. . 19
             5.6.4.  SHOULD Support Network-Initiated State Change. . 19
             5.6.5.  Uni / Bi-directional State Setup . . . . . . . . 20
       5.7.  Security . . . . . . . . . . . . . . . . . . . . . . . . 20
             5.7.1.  Authentication of Signaling Requests . . . . . . 20
             5.7.2.  Request Authorization. . . . . . . . . . . . . . 20
             5.7.3.  Integrity Protection . . . . . . . . . . . . . . 20
             5.7.4.  Replay Protection. . . . . . . . . . . . . . . . 21
             5.7.5.  Hop-by-Hop Security. . . . . . . . . . . . . . . 21
             5.7.6.  Identity Confidentiality and Network Topology
                     Hiding . . . . . . . . . . . . . . . . . . . . . 21
             5.7.7.  Denial-of-Service Attacks. . . . . . . . . . . . 21
             5.7.8.  Confidentiality of Signaling Messages. . . . . . 22
             5.7.9.  Ownership of State . . . . . . . . . . . . . . . 22
       5.8.  Mobility . . . . . . . . . . . . . . . . . . . . . . . . 22
             5.8.1.  Allow Efficient Service Re-Establishment After
                     Handover . . . . . . . . . . . . . . . . . . . . 22
       5.9.  Interworking with Other Protocols and Techniques . . . . 22
             5.9.1.  MUST Interwork with IP Tunneling . . . . . . . . 22
             5.9.2.  MUST NOT Constrain Either to IPv4 or IPv6. . . . 23
             5.9.3.  MUST be Independent from Charging Model. . . . . 23
             5.9.4.  SHOULD Provide Hooks for AAA Protocols . . . . . 23
             5.9.5.  SHOULD work with Seamless Handoff Protocols. . . 23
             5.9.6.  MUST Work with Traditional Routing . . . . . . . 23
       5.10. Operational. . . . . . . . . . . . . . . . . . . . . . . 23
             5.10.1. Ability to Assign Transport Quality to Signaling
                     Messages . . . . . . . . . . . . . . . . . . . . 23
             5.10.2. Graceful Fail Over . . . . . . . . . . . . . . . 24
             5.10.3. Graceful Handling of NSIS Entity Problems. . . . 24
   6.  Security Considerations. . . . . . . . . . . . . . . . . . . . 24
   7.  Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 24
   8.  Appendix: Scenarios/Use Cases. . . . . . . . . . . . . . . . . 26
       8.1.  Terminal Mobility. . . . . . . . . . . . . . . . . . . . 26
       8.2.  Wireless Networks. . . . . . . . . . . . . . . . . . . . 28
       8.3.  An Example Scenario for 3G Wireless Networks . . . . . . 29
       8.4.  Wired Part of Wireless Network . . . . . . . . . . . . . 31
        
       8.5.  Session Mobility . . . . . . . . . . . . . . . . . . . . 33
       8.6.  QoS Reservation/Negotiation from Access to Core Network. 34
       8.7.  QoS Reservation/Negotiation Over Administrative
             Boundaries . . . . . . . . . . . . . . . . . . . . . . . 34
       8.8.  QoS Signaling Between PSTN Gateways and Backbone Routers 35
       8.9.  PSTN Trunking Gateway. . . . . . . . . . . . . . . . . . 36
       8.10. An Application Requests End-to-End QoS Path from the
             Network. . . . . . . . . . . . . . . . . . . . . . . . . 38
       8.11. QOS for Virtual Private Networks . . . . . . . . . . . . 39
             8.11.1. Tunnel End Points at the Customer Premises . . . 39
             8.11.2. Tunnel End Points at the Provider Premises . . . 39
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 40
       9.1.  Normative References . . . . . . . . . . . . . . . . . . 40
       9.2.  Informative References . . . . . . . . . . . . . . . . . 40
   10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 41
   11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 42
        
       8.5.  Session Mobility . . . . . . . . . . . . . . . . . . . . 33
       8.6.  QoS Reservation/Negotiation from Access to Core Network. 34
       8.7.  QoS Reservation/Negotiation Over Administrative
             Boundaries . . . . . . . . . . . . . . . . . . . . . . . 34
       8.8.  QoS Signaling Between PSTN Gateways and Backbone Routers 35
       8.9.  PSTN Trunking Gateway. . . . . . . . . . . . . . . . . . 36
       8.10. An Application Requests End-to-End QoS Path from the
             Network. . . . . . . . . . . . . . . . . . . . . . . . . 38
       8.11. QOS for Virtual Private Networks . . . . . . . . . . . . 39
             8.11.1. Tunnel End Points at the Customer Premises . . . 39
             8.11.2. Tunnel End Points at the Provider Premises . . . 39
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 40
       9.1.  Normative References . . . . . . . . . . . . . . . . . . 40
       9.2.  Informative References . . . . . . . . . . . . . . . . . 40
   10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 41
   11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 42
        
1. Introduction
1. 介绍

This document is the product of the Next Steps in Signaling (NSIS) Working Group. It defines requirements for signaling across different network environments. It does not list any problems of existing signaling protocols such as [RSVP].

本文件是信号(NSIS)工作组下一步工作的成果。它定义了跨不同网络环境的信令要求。它没有列出[RSVP]等现有信令协议的任何问题。

In order to derive requirements for signaling it is necessary to first have an idea of the scope within which they are applicable. Therefore, we list use cases and scenarios where an NSIS protocol could be applied. The scenarios are used to help derive requirements and to test the requirements against use cases.

为了得出信号要求,首先必须了解其适用范围。因此,我们列出了可以应用NSIS协议的用例和场景。这些场景用于帮助派生需求,并根据用例测试需求。

The requirements listed are independent of any application. However, resource reservation and QoS related issues are used as examples within the text. However, QoS is not the only field where signaling is used in the Internet. Signaling might also be used as a communication protocol to setup and maintain the state in middleboxes [RFC3234].

列出的要求独立于任何应用程序。然而,本文以资源预留和QoS相关问题为例。然而,QoS并不是互联网中使用信令的唯一领域。信令也可以用作通信协议,以设置和维护中间盒中的状态[RFC3234]。

This document does not cover requirements in relation to some networking areas, in particular, interaction with host and site multihoming. We leave these for future analysis.

本文件不包括与某些网络领域相关的要求,特别是与主机和站点多主的交互。我们将这些留给将来的分析。

1.1. Keywords
1.1. 关键词

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [KEYWORDS].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[关键词]中的描述进行解释。

2. Terminology
2. 术语

We list the most often used terms in the document. However, they cannot be made precise without a more complete architectural model, and they are not meant to prescribe any solution in the document. Where applicable, they will be defined in protocol documents.

我们在文档中列出了最常用的术语。但是,如果没有一个更完整的体系结构模型,它们就无法精确,并且它们也不打算在文档中规定任何解决方案。在适用的情况下,将在协议文件中对其进行定义。

NSIS Entity (NE): The function within a node, which implements an NSIS protocol. In the case of path-coupled signaling, the NE will always be on the data path.

NSIS实体(NE):节点内的功能,实现NSIS协议。在路径耦合信令的情况下,网元将始终位于数据路径上。

NSIS Forwarder (NF): NSIS Entity between a NI and NR, which may interact with local state management functions in the network. It also propagates NSIS signaling further through the network.

NSIS转发器(NF):NI和NR之间的NSIS实体,可与网络中的本地状态管理功能交互。它还通过网络进一步传播NSIS信令。

NSIS Initiator (NI): NSIS Entity that starts NSIS signaling to set up or manipulate network state.

NSIS启动器(NI):启动NSIS信令以设置或操作网络状态的NSIS实体。

NSIS Responder (NR): NSIS Entity that terminates NSIS signaling and can optionally interact with applications as well.

NSIS应答器(NR):终止NSIS信令并可选择与应用程序交互的NSIS实体。

Flow: A traffic stream (sequence of IP packets between two end systems) for which a specific packet level treatment is provided. The flow can be unicast (uni- or bi-directional) or multicast. For multicast, a flow can diverge into multiple flows as it propagates toward the receiver. For multi-sender multicast, a flow can also diverge when viewed in the reverse direction (toward the senders).

流量:提供特定数据包级别处理的流量流(两个终端系统之间的IP数据包序列)。流可以是单播(单向或双向)或多播。对于多播,当一个流向接收器传播时,它可以发散为多个流。对于多发送方多播,当以相反方向(朝向发送方)查看时,流也可能发散。

Data Path: The route across the networks taken by a flow or aggregate, i.e., which domains/subdomains it passes through and the egress/ingress points for each.

数据路径:流或聚合在网络上的路由,即它通过哪些域/子域以及每个域的出口/入口点。

Signaling Path: The route across the networks taken by a signaling flow or aggregate, i.e., which domains/subdomains it passes through and the egress/ingress points for each.

信令路径:信令流或聚合所采用的网络路由,即它通过的域/子域以及每个域的出口/入口点。

Path-coupled signaling: A mode of signaling where the signaling messages follow a path that is tied to the data packets. Signaling messages are routed only through nodes (NEs) that are in the data path.

路径耦合信令:一种信令模式,其中信令消息遵循与数据包绑定的路径。信令消息仅通过数据路径中的节点(NE)路由。

Path-decoupled signaling: Signaling with independent data and signaling paths. Signaling messages are routed to nodes (NEs) which are not assumed to be on the data path, but which are (presumably) aware of it. Signaling messages will always be directly addressed to the neighbor NE, and the NI/NR may have no relation at all with the ultimate data sender or receiver.

路径解耦信令:具有独立数据和信令路径的信令。信令消息被路由到节点(NE),这些节点(NE)不假定位于数据路径上,但(可能)知道数据路径。信令消息将始终直接寻址到邻居NE,并且NI/NR可能与最终数据发送方或接收方完全没有关系。

Service: A generic something provided by one entity and consumed by another. It can be constructed by allocating resources. The network can provide it to users or a network node can provide it to packets.

服务:由一个实体提供并由另一个实体使用的通用事物。它可以通过分配资源来构建。网络可以将其提供给用户,或者网络节点可以将其提供给数据包。

3. Problem Statement and Scope
3. 问题陈述和范围

We provide in the following a preliminary architectural picture as a basis for discussion. We will refer to it in the following requirement sections.

我们在下面提供一个初步的建筑图片作为讨论的基础。我们将在以下需求部分中参考它。

Note that this model is intended not to constrain the technical approach taken subsequently, simply to allow concrete phrasing of requirements (e.g., requirements about placement of the NSIS Initiator.)

请注意,该模型的目的不是为了限制随后采取的技术方法,只是为了允许具体的需求措辞(例如,有关NSIS启动器放置的需求)

Roughly, the scope of NSIS is assumed to be the interaction between the NSIS Initiator, NSIS Forwarder(s), and NSIS Responder including a protocol to carry the information, and the syntax/semantics of the information that is exchanged. Further statements on assumptions/exclusions are given in the next Section.

大致上,NSIS的范围假定为NSIS启动器、NSIS转发器和NSIS响应器之间的交互,包括承载信息的协议,以及交换的信息的语法/语义。关于假设/排除的进一步说明将在下一节中给出。

The main elements are:

主要内容包括:

1. Something that starts the request for state to be set up in the network, the NSIS Initiator.

1. 启动在网络中设置状态请求的东西,NSIS启动器。

This might be in the end system or within some other part of the network. The distinguishing feature of the NSIS Initiator is that it acts on triggers coming (directly or indirectly) from the higher layers in the end systems. It needs to map the services requested by them, and also provides feedback information to the higher layers, which might be used by transport layer algorithms or adaptive applications.

这可能在终端系统中或网络的其他部分中。NSIS启动器的显著特点是,它作用于(直接或间接)来自终端系统更高层的触发器。它需要映射它们所请求的服务,还需要向更高层提供反馈信息,这些信息可能被传输层算法或自适应应用程序使用。

2. Something that assists in managing state further along the signaling path, the NSIS Forwarder.

2. NSIS转发器有助于沿着信令路径进一步管理状态。

The NSIS Forwarder does not interact with higher layers, but interacts with the NSIS Initiator, NSIS Responder, and possibly one or more NSIS Forwarders on the signaling path, edge-to-edge or end-to-end.

NSIS转发器不与更高层交互,而是与NSIS启动器、NSIS响应器以及信令路径上的一个或多个NSIS转发器(边到边或端到端)交互。

3. Something that terminates the signaling path, the NSIS Responder.

3. 终止信令路径的东西,NSIS应答器。

The NSIS responder might be in an end-system or within other equipment. The distinguishing feature of the NSIS Responder is that it responds to requests at the end of a signaling path.

NSIS应答器可能位于终端系统或其他设备中。NSIS应答器的区别在于,它在信令路径的末端响应请求。

4. The signaling path traverses an underlying network covering one or more IP hops. The underlying network might use locally different technology. For instance, QoS technology has to be provisioned appropriately for the service requested. In the QoS example, an NSIS Forwarder maps service-specific information to technology-related QoS parameters and receives indications about success or failure in response.

4. 信令路径穿过覆盖一个或多个IP跃点的底层网络。底层网络可能使用本地不同的技术。例如,必须为请求的服务适当地提供QoS技术。在QoS示例中,NSIS转发器将特定于服务的信息映射到与技术相关的QoS参数,并在响应中接收关于成功或失败的指示。

5. We can see the network at the level of domains/subdomains rather than individual routers (except in the special case that the domain contains one link). Domains are assumed to be administrative entities. So security requirements might apply differently for the signaling between the domains and within a domain. Both cases we deal with in this document.

5. 我们可以在域/子域级别上看到网络,而不是单个路由器(除非在特殊情况下,域包含一条链路)。域被假定为管理实体。因此,域之间和域内的信令可能会采用不同的安全要求。我们在本文件中处理的两种情况。

4. Assumptions and Exclusions
4. 假设和排除
4.1. Assumptions and Non-Assumptions
4.1. 假设和非假设

1. The NSIS signaling could run end-to-end, end-to-edge, or edge-to-edge, or network-to-network (between providers), depending on what point in the network acts as NSIS initiator, and how far towards the other end of the network the signaling propagates. In general, we could expect NSIS Forwarders to become more 'dense' towards the edges of the network, but this is not a requirement. For example, in the case of QoS, an over-provisioned domain might contain no NSIS Forwarders at all (and be NSIS transparent); at the other extreme, NSIS Forwarders might be placed at every router. In the latter case, QoS provisioning can be carried out in a local implementation-dependent way without further signaling, whereas in the case of remote NSIS Forwarders, a protocol might be needed to control the routers along the path. This protocol is then independent of the end-to-end NSIS signaling.

1. NSIS信令可以运行端到端、端到边、边到边或网络到网络(在提供商之间),具体取决于网络中充当NSIS启动器的点以及信令向网络另一端传播的距离。一般来说,我们可以预期NSIS转发器在网络边缘变得更加“密集”,但这不是一个要求。例如,在QoS的情况下,过度配置的域可能根本不包含NSIS转发器(并且是NSIS透明的);在另一个极端,NSIS转发器可能放置在每个路由器上。在后一种情况下,QoS提供可以以依赖于本地实现的方式执行,而无需进一步信令,而在远程NSIS转发器的情况下,可能需要协议来控制路径上的路由器。然后,该协议独立于端到端NSIS信令。

2. We do not consider 'pure' end-to-end signaling that is not interpreted anywhere within the network. Such signaling is a higher-layer issue and IETF protocols such as SIP etc. can be used.

2. 我们不考虑“纯”端到端信令,它不能在网络内的任何地方进行解释。这种信令是更高层的问题,可以使用IETF协议,如SIP等。

3. Where the signaling does cover several domains, we do not exclude that different signaling protocols are used in each domain. We only place requirements on the universality of the control information that is being transported. (The goals here would be to allow the use of signaling protocols, which are matched to the characteristics of the portion of the network being traversed.) Note that the outcome of NSIS work might result in various flavors of the same protocol.

3. 当信令覆盖多个域时,我们不排除在每个域中使用不同的信令协议。我们只对正在传输的控制信息的通用性提出要求。(此处的目标是允许使用信令协议,该协议与正在穿越的网络部分的特征相匹配。)注意,NSIS工作的结果可能会导致相同协议的不同风格。

4. We assume that the service definitions a NSIS Initiator can ask for are known in advance of the signaling protocol running. For instance in the QoS example, the service definition includes QoS parameters, lifetime of QoS guarantee etc., or any other service-specific parameters.

4. 我们假设NSIS启动器可以请求的服务定义在信令协议运行之前就已经知道了。例如,在QoS示例中,服务定义包括QoS参数、QoS保证的生存期等,或任何其他特定于服务的参数。

There are many ways service requesters get to know about available services. There might be standardized services, the definition can be negotiated together with a contract, the service definition is published in some on-line directory (e.g., at a Web page), and so on.

服务请求者可以通过多种方式了解可用服务。可能有标准化的服务,定义可以与合同一起协商,服务定义发布在一些在线目录中(例如,在网页上),等等。

5. We assume that there are means for the discovery of NSIS entities in order to know the signaling peers (solutions include static configuration, automatically discovered, or implicitly runs over

5. 我们假设有办法发现NSIS实体,以便了解信令对等点(解决方案包括静态配置、自动发现或隐式运行)

the right nodes along the data path, etc.). The discovery of the NSIS entities has security implications that need to be addressed properly. For some security mechanisms (i.e., Kerberos, pre-shared secret) it is required to know the identity of the other entity. Hence the discovery mechanism may provide means to learn this identity, which is then later used to retrieve the required keys and parameters.

沿数据路径的正确节点等)。NSIS实体的发现具有需要适当解决的安全问题。对于某些安全机制(即Kerberos、预共享机密),需要知道其他实体的身份。因此,发现机制可以提供学习该身份的方法,该身份随后用于检索所需的密钥和参数。

6. NSIS assumes layer 3 routing and the determination of next data node selection is not done by NSIS.

6. NSIS假设第3层路由,下一个数据节点选择的确定不由NSIS完成。

4.2. Exclusions
4.2. 排除

1. Development of specific mechanisms and algorithms for application and transport layer adaptation are not considered, nor are the protocols that would support it.

1. 不考虑为应用程序和传输层自适应开发特定机制和算法,也不考虑支持该机制和算法的协议。

2. Specific mechanisms (APIs and so on) for interaction between transport/applications and the network layer are not considered, except to clarify the requirements on the negotiation capabilities and information semantics that would be needed of the signaling protocol.

2. 不考虑传输/应用程序与网络层之间交互的特定机制(API等),除非澄清信令协议所需的协商能力和信息语义要求。

3. Specific mechanisms and protocols for provisioning or other network control functions within a domain/subdomain are not considered. The goal is to reuse existing functions and protocols unchanged. However, NSIS itself can be used for signaling within a domain/subdomain.

3. 不考虑域/子域内用于供应或其他网络控制功能的特定机制和协议。其目标是重复使用现有的功能和协议。然而,NSIS本身可用于域/子域内的信令。

For instance in the QoS example, it means that the setting of QoS mechanisms in a domain is out of scope, but if we have a tunnel, NSIS could also be used for tunnel setup with QoS guarantees. It should be possible to exploit these mechanisms optimally within the end-to-end context. Consideration of how to do this might generate new requirements for NSIS however. For example, the information needed by a NSIS Forwarder to manage a radio subnetwork needs to be provided by the NSIS solution.

例如,在QoS示例中,这意味着域中QoS机制的设置超出范围,但是如果我们有一个隧道,NSIS也可以用于具有QoS保证的隧道设置。应该能够在端到端的环境中以最佳方式利用这些机制。然而,考虑如何做到这一点可能会对NSI产生新的要求。例如,NSIS转发器管理无线电子网所需的信息需要由NSIS解决方案提供。

4. Specific mechanisms (APIs and so on) for interaction between the network layer and underlying provisioning mechanisms are not considered.

4. 不考虑用于网络层和底层供应机制之间交互的特定机制(API等)。

5. Interaction with resource management or other internal state management capabilities is not considered. Standard protocols might be used for this. This may imply requirements for the sort of information that should be exchanged between the NSIS entities.

5. 不考虑与资源管理或其他内部状态管理功能的交互。标准协议可用于此目的。这可能意味着需要NSIS实体之间交换的信息种类。

6. Security implications related to multicasting are outside the scope of the signaling protocol.

6. 与多播相关的安全问题超出了信令协议的范围。

7. Service definitions and in particular QoS services and classes are out of scope. Together with the service definition any definition of service specific parameters are not considered in this document. Only the base NSIS signaling protocol for transporting the service information are addressed.

7. 服务定义,特别是QoS服务和类超出范围。与服务定义一起,本文件不考虑服务特定参数的任何定义。仅处理用于传输服务信息的基本NSIS信令协议。

8. Similarly, specific methods, protocols, and ways to express service information in the Application/Session level are not considered (e.g., SDP, SIP, RTSP, etc.).

8. 类似地,不考虑在应用程序/会话级别表达服务信息的特定方法、协议和方式(例如,SDP、SIP、RTSP等)。

9. The specification of any extensions needed to signal information via application level protocols (e.g., SDP), and the mapping to NSIS information are considered outside of the scope of NSIS working group, as this work is in the direct scope of other IETF working groups (e.g., MMUSIC).

9. 通过应用级协议(如SDP)发送信息所需的任何扩展规范以及NSIS信息的映射不在NSIS工作组的范围内,因为这项工作属于其他IETF工作组(如MMUSIC)的直接范围。

10. Handoff decision and trigger sources: An NSIS protocol is not used to trigger handoffs in mobile IP, nor is it used to decide whether to handoff or not. As soon as or in some situations even before a handoff happened, an NSIS protocol might be used for signaling for the particular service again. The basic underlying assumption is that the route comes first (defining the path) and the signaling comes after it (following the path). This doesn't prevent a signaling application at some node interacting with something that modifies the path, but the requirement is then just for NSIS to live with that possibility. However, NSIS must interwork with several protocols for mobility management.

10. 切换决策和触发源:NSIS协议不用于触发移动IP中的切换,也不用于决定是否切换。一旦或在某些情况下,甚至在切换发生之前,NSIS协议可能会再次用于特定服务的信令。基本的基本假设是路由在前(定义路径),信令在后(沿着路径)。这并不能阻止某个节点上的信令应用程序与修改路径的内容交互,但要求NSI能够适应这种可能性。然而,NSIS必须与多个协议互通以进行移动性管理。

11. Service monitoring is out of scope. It is heavily dependent on the type of the application and or transport service, and in what scenario it is used.

11. 服务监视超出范围。它在很大程度上取决于应用程序和/或传输服务的类型,以及在什么场景中使用它。

5. Requirements
5. 要求

This section defines more detailed requirements for a signaling solution, respecting the problem statement, scoping assumptions, and terminology considered earlier. The requirements are in subsections, grouped roughly according to general technical aspects: architecture and design goals, topology issues, parameters, performance, security, information, and flexibility.

本节定义了信号解决方案的更详细的要求,包括前面考虑的问题陈述、范围假设和术语。需求分为几个小节,大致按照一般技术方面进行分组:体系结构和设计目标、拓扑问题、参数、性能、安全性、信息和灵活性。

Two general (and potentially contradictory) goals for the solution are that it should be applicable in a very wide range of scenarios, and at the same time be lightweight in implementation complexity and resource consumption requirements in NSIS Entities. We use the terms

该解决方案的两个一般(且可能相互矛盾)目标是,它应适用于非常广泛的场景,同时在NSIS实体中的实现复杂性和资源消耗需求方面是轻量级的。我们使用这些术语

'access' and 'core' informally in the discussion of some particular requirements to refer to deployment conditions where particular protocol attributes, especially performance characteristics, have special importance. Specifically, 'access' refers to lower capacity networks with fewer users and sessions. 'Core' refers to high capacity networks with a large number of users and sessions.

在讨论某些特定需求时,非正式地使用“访问”和“核心”来指代特定协议属性(尤其是性能特征)具有特殊重要性的部署条件。具体而言,“接入”指的是用户和会话较少的低容量网络“核心”是指具有大量用户和会话的高容量网络。

One approach to this is that the solution could deal with certain requirements via modular components or capabilities, which are optional to implement or use in individual nodes.

实现这一点的一种方法是,该解决方案可以通过模块化组件或功能来处理某些需求,这些组件或功能是可选的,可以在单个节点中实现或使用。

5.1. Architecture and Design Goals
5.1. 架构和设计目标

This section contains requirements related to desirable overall characteristics of a solution, e.g., enabling flexibility, or independence of parts of the framework.

本节包含与解决方案的理想总体特征相关的要求,例如,实现灵活性或框架各部分的独立性。

5.1.1. NSIS SHOULD Provide Availability Information on Request
5.1.1. NSIS应根据要求提供可用性信息

NSIS SHOULD provide a mechanism to check whether state to be setup is available without setting it up. For the resource reservation example this translates into checking resource availability without performing resource reservation. In some scenarios, e.g., the mobile terminal scenario, it is required to query, whether resources are available, without performing a reservation on the resource.

NSIS应提供一种机制来检查待设置状态是否可用,而无需进行设置。对于资源预留示例,这转化为检查资源可用性而不执行资源预留。在某些场景中,例如移动终端场景,需要查询资源是否可用,而不需要对资源执行保留。

5.1.2. NSIS MUST be Designed Modularly
5.1.2. NSI必须模块化设计

A modular design allows for more lightweight implementations, if fewer features are needed. Mutually exclusive solutions are supported. Examples for modularity:

如果需要更少的功能,模块化设计允许更轻量级的实现。支持相互排斥的解决方案。模块化示例:

- Work over any kind of network (narrowband versus broadband, error-prone versus reliable, ...). This implies low bandwidth signaling, and elimination of redundant information MUST be supported if necessary.

- 在任何类型的网络上工作(窄带与宽带、易出错与可靠等)。这意味着低带宽信令,必要时必须支持消除冗余信息。

- State setup for uni- and bi-directional flows is possible.

- 单向流和双向流的状态设置是可能的。

- Extensible in the future with different add-ons for certain environments or scenarios.

- 可在将来通过针对特定环境或场景的不同附加组件进行扩展。

- Protocol layering, where appropriate. This means NSIS MUST provide a base protocol, which can be adapted to different environments.

- 协议分层(如适用)。这意味着NSIS必须提供可适应不同环境的基本协议。

5.1.3. NSIS MUST Decouple Protocol and Information
5.1.3. NSIS必须将协议和信息解耦

The signaling protocol MUST be clearly separated from the control information being transported. This provides for the independent development of these two aspects of the solution, and allows for this control information to be carried within other protocols, including application layer ones, existing ones or those being developed in the future. The flexibility gained in the transport of information allows for the applicability of the same protocol in various scenarios.

信令协议必须与传输的控制信息明确分开。这提供了解决方案这两个方面的独立开发,并允许在其他协议(包括应用层协议、现有协议或未来正在开发的协议)中携带该控制信息。在信息传输中获得的灵活性使同一协议适用于各种场景。

However, note that the information carried needs to be standardized; otherwise interoperability is difficult to achieve.

但是,请注意,所携带的信息需要标准化;否则很难实现互操作性。

5.1.4. NSIS MUST Support Independence of Signaling and Network Control Paradigm

5.1.4. NSIS必须支持信令和网络控制模式的独立性

The signaling MUST be independent of the paradigm and mechanism of network control. E.g., in the case of signaling for QoS, the independence of the signaling protocol from the QoS provisioning allows for using the NSIS protocol together with various QoS technologies in various scenarios.

信令必须独立于网络控制的模式和机制。例如,在针对QoS的信令的情况下,信令协议与QoS供应的独立性允许在各种场景中将NSIS协议与各种QoS技术一起使用。

5.1.5. NSIS SHOULD be Able to Carry Opaque Objects
5.1.5. NSIS应能携带不透明物体

NSIS SHOULD be able to pass around opaque objects, which are interpreted only by some NSIS-capable nodes.

NSIS应该能够传递不透明的对象,这些对象只能由一些支持NSIS的节点进行解释。

5.2. Signaling Flows
5.2. 信号流

This section contains requirements related to the possible signaling flows that should be supported, e.g., over what parts of the flow path, between what entities (end-systems, routers, middleboxes, management systems), in which direction.

本节包含与应支持的可能信令流相关的要求,例如,在流路径的哪些部分上,在哪些实体(终端系统、路由器、中间盒、管理系统)之间,在哪个方向上。

5.2.1. The placement of NSIS Initiator, Forwarder, and Responder Anywhere in the Network MUST be Allowed

5.2.1. 必须允许在网络中的任何位置放置NSIS启动器、转发器和响应器

The protocol MUST work in various scenarios such as host-to-network-to-host, edge-to-edge, (e.g., just within one provider's domain), user-to-network (from end system into the network, ending, e.g., at the entry to the network and vice versa), and network-to-network (e.g., between providers).

协议必须在各种场景下工作,例如主机到网络到主机、边缘到边缘(例如,仅在一个提供商的域内)、用户到网络(从终端系统到网络、结束,例如,在网络入口,反之亦然)和网络到网络(例如,提供商之间)。

Placing the NSIS Forwarder and NSIS Initiator functions at different locations allows for various scenarios to work with the same protocol.

将NSIS转发器和NSIS启动器功能放置在不同的位置允许不同的场景使用相同的协议。

5.2.2. NSIS MUST Support Path-Coupled and MAY Support Path-Decoupled Signaling.

5.2.2. NSI必须支持路径耦合,并且可以支持路径解耦信令。

The path-coupled signaling mode MUST be supported. NSIS signaling messages are routed only through nodes (NEs) that are in the data path.

必须支持路径耦合信令模式。NSIS信令消息仅通过数据路径中的节点(NE)路由。

However, there is a set of scenarios, where signaling is not on the data path. Therefore, NSIS MAY support the path-decoupled signaling mode, where signaling messages are routed to nodes (NEs), which are not assumed to be on the data path, but which are aware of it.

然而,存在一组场景,其中信令不在数据路径上。因此,NSIS可以支持路径解耦信令模式,其中信令消息被路由到节点(ne),节点(ne)被假定不在数据路径上,但知道它。

5.2.3. Concealment of Topology and Technology Information SHOULD be Possible

5.2.3. 应能够隐藏拓扑和技术信息

The NSIS protocol SHOULD allow for hiding the internal structure of a NSIS domain from end-nodes and from other networks. Hence an adversary should not be able to learn the internal structure of a network with the help of the signaling protocol.

NSIS协议应允许对终端节点和其他网络隐藏NSIS域的内部结构。因此,敌方不能借助信令协议了解网络的内部结构。

In various scenarios, topology information should be hidden for various reasons. From a business point of view, some administrations don't want to reveal the topology and technology used.

在各种情况下,由于各种原因,拓扑信息应该隐藏。从业务的角度来看,一些管理部门不想透露所使用的拓扑结构和技术。

5.2.4. Transparent Signaling Through Networks SHOULD be Possible
5.2.4. 通过网络的透明信令应该是可能的

It SHOULD be possible that the signaling for some flows traverses path segments transparently, i.e., without interpretation at NSIS Forwarders within the network. An example would be a subdomain within a core network, which only interpreted signaling for aggregates established at the domain edge, with the signaling for individual flows passing transparently through it.

一些流的信令可能透明地穿过路径段,即,在网络内的NSIS转发器处不进行解释。一个例子是核心网络中的子域,它仅解释在域边缘建立的聚合的信令,而单个流的信令透明地通过它。

In other words, NSIS SHOULD work in hierarchical scenarios, where big pipes/trunks are setup using NSIS signaling, but also flows which run within that big pipe/trunk are setup using NSIS.

换句话说,NSI应该在分层场景中工作,其中使用NSIS信令设置大管道/主干,但也使用NSI设置在该大管道/主干内运行的流。

5.3. Messaging
5.3. 消息传递
5.3.1. Explicit Erasure of State MUST be Possible
5.3.1. 状态的显式擦除必须是可能的

When state along a path is no longer necessary, e.g., because the application terminates, or because a mobile host experienced a hand-off, it MUST be possible to erase the state explicitly.

当路径上的状态不再必要时,例如,由于应用程序终止,或由于移动主机经历了切换,必须能够明确地擦除该状态。

5.3.2. Automatic Release of State After Failure MUST be Possible
5.3.2. 必须能够在故障后自动释放状态

When the NSIS Initiator goes down, the state it requested in the network SHOULD be released, since it will most likely no longer be necessary.

当NSIS启动器关闭时,它在网络中请求的状态应该被释放,因为它很可能不再需要。

After detection of a failure in the network, any NSIS Forwarder/Initiator MUST be able to release state it is involved in. For example, this may require signaling of the "Release after Failure" message upstream as well as downstream, or soft state timing out.

在检测到网络故障后,任何NSIS转发器/启动器必须能够释放其所涉及的状态。例如,这可能需要向上游和下游发送“故障后释放”消息的信令,或软状态超时。

The goal is to prevent stale state within the network and add robustness to the operation of NSIS. So in other words, an NSIS signaling protocol or mechanisms MUST provide means for an NSIS entity to discover and remove local stale state.

其目标是防止网络内出现陈旧状态,并增强NSIS运行的稳健性。所以换句话说,NSIS信令协议或机制必须为NSIS实体提供发现和移除本地陈旧状态的方法。

Note that this might need to work together with a notification mechanism. Note as well, that transient failures in NSIS processing shouldn't necessarily have to cause all state to be released immediately.

请注意,这可能需要与通知机制配合使用。还要注意的是,NSIS处理中的瞬时故障不一定会导致立即释放所有状态。

5.3.3. NSIS SHOULD Allow for Sending Notifications Upstream
5.3.3. NSIS应允许向上游发送通知

NSIS Forwarders SHOULD notify the NSIS Initiator or any other NSIS Forwarder upstream, if there is a state change inside the network. There are various types of network changes for instance among them:

如果网络内的状态发生变化,NSIS转发器应通知NSIS启动器或上游的任何其他NSIS转发器。有各种类型的网络更改,例如:

Recoverable errors: the network nodes can locally repair this type error. The network nodes do not have to notify the users of the error immediately. This is a condition when the danger of degradation (or actual short term degradation) of the provided service was overcome by the network (NSIS Forwarder) itself.

可恢复错误:网络节点可以在本地修复此类错误。网络节点不必立即通知用户错误。当网络(NSIS转发器)本身克服了所提供服务降级(或实际短期降级)的危险时,就会出现这种情况。

Unrecoverable errors: the network nodes cannot handle this type of error, and have to notify the users as soon as possible.

不可恢复的错误:网络节点无法处理此类错误,必须尽快通知用户。

Service degradation: In case the service cannot be provided completely but only partially.

服务降级:服务不能完全提供,但只能部分提供。

Repair indication: If an error occurred and it has been fixed, this triggers the sending of a notification.

修复指示:如果发生错误并已修复,则会触发发送通知。

Service upgrade available: If a previously requested better service becomes available.

服务升级可用:如果以前请求的更好的服务可用。

The content of the notification is very service specific, but it is must at least carry type information. Additionally, it may carry the location of the state change.

通知的内容非常特定于服务,但它必须至少包含类型信息。此外,它可能携带状态更改的位置。

The notifications may or may not be in response to a NSIS message. This means an NSIS entity has to be able to handle notifications at any time.

通知可能响应NSIS消息,也可能不响应NSIS消息。这意味着NSIS实体必须能够随时处理通知。

Note however, that there are a number of security consideration needs to be solved with notification, even more important if the notification is sent without prior request (asynchronously). The problem basically is, that everybody could send notifications to any NSIS entity and the NSIS entity most likely reacts on the notification. For example, if it gets an error notification it might erase state, even if everything is ok. So the notification might depend on security associations between the sender of the notification and its receiver. If a hop-by-hop security mechanism is chosen, this implies also that notifications need to be sent on the reverse path.

但是,请注意,需要通过通知解决许多安全问题,如果在没有事先请求的情况下(异步)发送通知,则更为重要。问题基本上是,每个人都可以向任何NSIS实体发送通知,而NSIS实体很可能会对通知做出反应。例如,如果它收到错误通知,它可能会删除状态,即使一切正常。因此,通知可能取决于通知的发送方和接收方之间的安全关联。如果选择逐跳安全机制,这也意味着需要在反向路径上发送通知。

5.3.4. Establishment and Refusal to Set Up State MUST be Notified
5.3.4. 必须通知成立和拒绝成立国家

A NR MUST acknowledge establishment of state on behalf of the NI requesting establishment of that state. A refusal to set up state MUST be replied with a negative acknowledgement by the NE refusing to set up state. It MUST be sent to the NI. Depending on the signaling application the (positive or negative) notifications may have to pass through further NEs upstream. Information on the reason of the refusal to set up state MAY be made available. For example, in the resource reservation example, together with a negative answer, the amount of resources available might also be returned.

NR必须代表请求建立国家的NI确认国家的建立。拒绝设置状态必须由拒绝设置状态的网元以否定确认进行回复。它必须被送到国家情报局。根据信令应用(肯定或否定)通知可能必须通过进一步的网元上游。可以提供关于拒绝设立国家的原因的信息。例如,在资源保留示例中,连同否定答案,还可能返回可用资源量。

5.3.5. NSIS MUST Allow for Local Information Exchange
5.3.5. NSIS必须允许本地信息交换

The signaling protocol MUST be able to exchange local information between NSIS Forwarders located within one single administrative domain. The local information exchange is performed by a number of separate messages not belonging to an end-to-end signaling process. Local information might, for example, be IP addresses, notification of successful or erroneous processing of signaling messages, or other conditions.

信令协议必须能够在位于单个管理域内的NSIS转发器之间交换本地信息。本地信息交换由不属于端到端信令过程的多个独立消息执行。例如,本地信息可以是IP地址、信令消息处理成功或错误的通知或其他条件。

In some cases, the NSIS signaling protocol MAY carry identification of the NSIS Forwarders located at the boundaries of a domain. However, the identification of edge should not be visible to the end host (NSIS Initiator) and only applies within one administrative domain.

在某些情况下,NSIS信令协议可以携带位于域边界处的NSIS转发器的标识。但是,边缘的标识对于终端主机(NSIS启动器)不应可见,并且仅适用于一个管理域。

5.4. Control Information
5.4. 控制信息

This section contains requirements related to the control information that needs to be exchanged.

本节包含与需要交换的控制信息相关的要求。

5.4.1. Mutability Information on Parameters SHOULD be Possible
5.4.1. 参数的可变性信息应该是可能的

It is possible that nodes modify parameters of a signaling message. However, it SHOULD be possible for the NSIS Initiator to control the mutability of the signaled information. For example, the NSIS Initiator should be able to control what is requested end-to-end, without the request being gradually mutated as it passes through a sequence of nodes.

节点可能修改信令消息的参数。然而,NSIS发起者应该能够控制信号信息的可变性。例如,NSIS启动器应该能够端到端地控制所请求的内容,而不会在请求通过一系列节点时逐渐发生变化。

5.4.2. It SHOULD be Possible to Add and Remove Local Domain Information
5.4.2. 应该可以添加和删除本地域信息

It SHOULD be possible to add and remove local scope elements. Compared to Requirement 5.3.5 this requirement does use the normal signaling process and message exchange for transporting local information. For example, at the entrance to a domain, domain-specific information is added information is added, which is used in this domain only, and the information is removed again when a signaling message leaves the domain. The motivation is in the economy of re-using the protocol for domain internal signaling of various information pieces. Where additional information is needed within a particular domain, it should be possible to carry this at the same time as the end-to-end information.

应该可以添加和删除本地范围元素。与要求5.3.5相比,该要求使用正常的信令过程和消息交换来传输本地信息。例如,在域的入口,添加特定于域的信息,添加仅在该域中使用的信息,并且当信令消息离开该域时,再次删除该信息。其动机是在经济上重新使用协议,用于各种信息块的域内部信令。在特定领域内需要额外信息的情况下,应能够在端到端信息的同时携带这些信息。

5.4.3. State MUST be Addressed Independent of Flow Identification
5.4.3. 状态必须独立于流标识进行处理

Addressing or identifying state MUST be independent of the flow identifier (flow end-points, topological addresses). Various scenarios in the mobility area require this independence because flows resulting from handoff might have changed end-points etc. but still have the same service requirement. Also several proxy-based signaling methods profit from such independence, though these are not chartered work items for NSIS.

寻址或标识状态必须独立于流标识符(流端点、拓扑地址)。移动性区域中的各种场景需要这种独立性,因为由切换产生的流可能已经改变了端点等,但仍然具有相同的服务需求。此外,一些基于代理的信令方法也从这种独立性中获益,尽管它们不是NSI的特许工作项。

5.4.4. Modification of Already Established State SHOULD be Seamless
5.4.4. 对已建立状态的修改应该是无缝的

In many case, the established state needs to be updated (in QoS example upgrade or downgrade of resource usage). This SHOULD happen seamlessly without service interruption. At least the signaling protocol should allow for it, even if some data path elements might not be capable of doing so.

在许多情况下,需要更新已建立的状态(在QoS示例中,资源使用的升级或降级)。这应该在不中断服务的情况下无缝实现。至少信令协议应该允许它,即使某些数据路径元素可能无法做到这一点。

5.4.5. Grouping of Signaling for Several Micro-Flows MAY be Provided
5.4.5. 可以提供多个微流的信令分组

NSIS MAY group signaling information for several micro-flows into one signaling message. The goal of this is the optimization in terms of setup delay, which can happen in parallel. This helps applications requesting several flows at once. Also potential refreshes (in case of a soft state solution) might profit from grouping.

NSIS可以将多个微流的信令信息分组到一个信令消息中。这样做的目的是优化设置延迟,设置延迟可以并行进行。这有助于应用程序同时请求多个流。另外,潜在的刷新(在软状态解决方案的情况下)可能会从分组中获益。

However, the network need not know that a relationship between the grouped flows exists. There MUST NOT be any transactional semantic associated with the grouping. It is only meant for optimization purposes.

然而,网络不需要知道分组流之间存在关系。不能有任何与分组关联的事务语义。它仅用于优化目的。

5.5. Performance
5.5. 表演

This section discusses performance requirements and evaluation criteria and the way in which these could and should be traded off against each other in various parts of the solution.

本节讨论性能要求和评估标准,以及在解决方案的各个部分中,这些要求和标准可以而且应该相互权衡的方式。

Scalability is always an important requirement for signaling protocols. However, the type of scalability and its importance varies from one scenario to another.

可伸缩性一直是信令协议的一个重要要求。但是,可伸缩性的类型及其重要性因场景而异。

Note that many of the performance issues are heavily dependent on the scenario assumed and are normally a trade-off between speed, reliability, complexity, and scalability. The trade-off varies in different parts of the network. For example, in radio access networks low bandwidth consumption will outweigh the low latency requirement, while in core networks it may be reverse.

请注意,许多性能问题严重依赖于假设的场景,通常是速度、可靠性、复杂性和可伸缩性之间的权衡。在网络的不同部分,权衡是不同的。例如,在无线接入网络中,低带宽消耗将超过低延迟要求,而在核心网络中可能相反。

5.5.1. Scalability
5.5.1. 可伸缩性

NSIS MUST be scalable in the number of messages received by a signaling communication partner (NSIS Initiator, NSIS Forwarder, and NSIS Responder). The major concern lies in the core of the network, where large numbers of messages arrive.

NSIS在信令通信伙伴(NSIS启动器、NSIS转发器和NSIS响应器)接收的消息数量上必须是可伸缩的。主要的问题在于网络的核心,大量的消息到达这里。

It MUST be scalable in number of hand-offs in mobile environments. This mainly applies in access networks, because the core is transparent to mobility in most cases.

它必须在移动环境中的切换次数上具有可扩展性。这主要适用于接入网络,因为在大多数情况下,核心对移动性是透明的。

It MUST be scalable in the number of interactions for setting up state. This applies for end-systems setting up several states. Some servers might be expected to setup a large number of states.

它必须在设置状态的交互数量上具有可伸缩性。这适用于设置多个状态的终端系统。某些服务器可能需要设置大量状态。

Scalability in the amount of state per entity MUST be achieved for NSIS Forwarders in the core of the network.

网络核心中的NSIS转发器必须实现每个实体状态量的可伸缩性。

Scalability in CPU usage MUST be achieved on end terminals and intermediate nodes in case of many state setup processes at the same time.

在多个状态设置过程同时进行的情况下,必须在终端和中间节点上实现CPU使用的可伸缩性。

Specifically, NSIS MUST work in Internet scale deployments, where the use of signaling by hosts becomes universal. Note that requirement 5.2.4 requires the functionality of transparently signaling through networks without interpretation. Additionally, requirement 5.6.1 lists the capability to aggregate. Furthermore, requirement 5.5.4 states that NSIS should be able to constrain the load on devices. Basically, the performance of the signaling MUST degrade gracefully rather than catastrophically under overload conditions.

具体而言,NSI必须在互联网规模的部署中工作,在这种部署中,主机使用信令变得普遍。注意,要求5.2.4要求通过网络发出透明的信号,而无需解释。此外,要求5.6.1列出了聚合的能力。此外,要求5.5.4规定NSI应能够约束设备上的负载。基本上,在过载条件下,信号的性能必须优雅地降低,而不是灾难性地降低。

5.5.2. NSIS SHOULD Allow for Low Latency in Setup
5.5.2. NSIS应允许设置中的低延迟

NSIS SHOULD allow for low latency setup of states. This is only needed in scenarios where state setups are required on a short time scale (e.g., handover in mobile environments), or where human interaction is immediately concerned (e.g., voice communication setup delay).

NSIS应允许低延迟状态设置。这仅适用于需要在短时间内进行状态设置(例如,移动环境中的切换)或直接涉及人机交互(例如,语音通信设置延迟)的场景。

5.5.3. NSIS MUST Allow for Low Bandwidth Consumption for the Signaling Protocol

5.5.3. NSI必须允许信令协议的低带宽消耗

NSIS MUST allow for low bandwidth consumption in certain access networks. Again only small sets of scenarios call for low bandwidth, mainly those where wireless links are involved.

NSI必须允许某些接入网络中的低带宽消耗。同样,只有一小部分场景需要低带宽,主要是那些涉及无线链路的场景。

5.5.4. NSIS SHOULD Allow to Constrain Load on Devices
5.5.4. NSIS应允许约束设备上的负载

The NSIS architecture SHOULD give the ability to constrain the load (CPU load, memory space, signaling bandwidth consumption and signaling intensity) on devices where it is needed. One of the reasons is that the protocol handling should have a minimal impact on interior (core) nodes.

NSIS架构应该能够在需要的设备上限制负载(CPU负载、内存空间、信令带宽消耗和信令强度)。其中一个原因是协议处理应该对内部(核心)节点的影响最小。

This can be achieved by many different methods. Examples include message aggregation, header compression, minimizing functionality, or ignoring signaling in core nodes. NSIS may choose any method as long as the requirement is met.

这可以通过许多不同的方法实现。示例包括消息聚合、报头压缩、最小化功能或忽略核心节点中的信令。只要满足要求,NSIS可以选择任何方法。

5.5.5. NSIS SHOULD Target the Highest Possible Network Utilization
5.5.5. NSI应以尽可能高的网络利用率为目标

This requirement applies specifically to QoS signaling.

此要求特别适用于QoS信令。

There are networking environments that require high network utilization for various reasons, and the signaling protocol SHOULD to its best ability support high resource utilization while maintaining appropriate service quality.

由于各种原因,存在需要高网络利用率的网络环境,信令协议应尽其最大能力支持高资源利用率,同时保持适当的服务质量。

In networks where resources are very expensive (as is the case for many wireless networks), efficient network utilization for signaling traffic is of critical financial importance. On the other hand there are other parts of the network where high utilization is not required.

在资源非常昂贵的网络中(就像许多无线网络一样),有效地利用网络信令流量在财务上至关重要。另一方面,网络的其他部分不需要高利用率。

5.6. Flexibility
5.6. 灵活性

This section lists the various ways the protocol can flexibly be employed.

本节列出了灵活使用协议的各种方式。

5.6.1. Flow Aggregation
5.6.1. 流聚合

NSIS MUST allow for flow aggregation, including the capability to select and change the level of aggregation.

NSI必须允许流聚合,包括选择和更改聚合级别的能力。

5.6.2. Flexibility in the Placement of the NSIS Initiator/Responder
5.6.2. NSIS发起方/响应方位置的灵活性

NSIS MUST be flexible in placing an NSIS Initiator and NSIS Responder. The NSIS Initiator might be located at the sending or the receiving side of a data stream, and the NSIS Responder naturally on the other side.

NSIS必须灵活放置NSIS启动器和NSIS响应程序。NSIS启动器可能位于数据流的发送端或接收端,NSIS响应器自然位于另一端。

Also network-initiated signaling and termination MUST be allowed in various scenarios such as PSTN gateways, some VPNs, and mobility. This means the NSIS Initiator and NSIS Responder might not be at the end points of the data stream.

此外,在各种情况下,如PSTN网关、某些VPN和移动性,必须允许网络发起的信令和终止。这意味着NSIS启动器和NSIS响应程序可能不在数据流的端点。

5.6.3. Flexibility in the Initiation of State Change
5.6.3. 启动状态更改时的灵活性

The NSIS Initiator or the NSIS Responder SHOULD be able to initiate a change of state. In the example of resource reservation this is often referred to as resource re-negotiation. It can happen due to various reasons, such as local resource shortage (CPU, memory on end-system) or a user changed application preference/profiles.

NSIS启动器或NSIS响应程序应能够启动状态更改。在资源保留的示例中,这通常被称为资源重新协商。这可能是由于各种原因造成的,如本地资源短缺(CPU、终端系统内存)或用户更改了应用程序首选项/配置文件。

5.6.4. SHOULD Support Network-Initiated State Change
5.6.4. 应支持网络启动的状态更改

NSIS SHOULD support network-initiated state change. In the QoS example, this is used in cases, where the network is not able to further guarantee resources and wants to e.g., downgrade a resource reservation.

NSI应支持网络发起的状态更改。在QoS示例中,这用于网络不能进一步保证资源并且想要例如降级资源预留的情况。

5.6.5. Uni / Bi-Directional State Setup
5.6.5. 单向/双向状态设置

Both unidirectional as well as bi-direction state setup SHOULD be possible. With bi-directional state setup we mean that the state for bi-directional data flows is setup. The bi-directional data flows have the same end-points, but the path in the two directions does not need to be the same.

单向和双向状态设置都应该是可能的。对于双向状态设置,我们的意思是双向数据流的状态是设置。双向数据流具有相同的端点,但两个方向上的路径不必相同。

The goal of a bi-directional state setup is mainly an optimization in terms of setup delay. There is no requirements on constrains such as use of the same data path etc.

双向状态设置的目标主要是设置延迟方面的优化。对约束条件没有要求,例如使用相同的数据路径等。

5.7. Security
5.7. 安全

This section discusses security-related requirements. The NSIS protocol MUST provide means for security, but it MUST be allowed that nodes implementing NSIS signaling do not have to use the security means.

本节讨论与安全相关的要求。NSIS协议必须提供安全手段,但必须允许实现NSIS信令的节点不必使用安全手段。

5.7.1. Authentication of Signaling Requests
5.7.1. 信令请求的认证

A signaling protocol MUST make provision for enabling various entities to be authenticated against each other using strong authentication mechanisms. The term strong authentication points to the fact that weak plain-text password mechanisms must not be used for authentication.

信令协议必须规定使用强身份验证机制使各种实体能够相互验证。术语强身份验证指出,弱纯文本密码机制不得用于身份验证。

5.7.2. Request Authorization
5.7.2. 请求授权

The signaling protocol MUST provide means to authorize state setup requests. This requirement demands a hook to interact with a policy entity to request authorization data. This allows an authenticated entity to be associated with authorization data and to verify the request. Authorization prevents state setup by unauthorized entities, setups violating policies, and theft of service. Additionally it limits denial of service attacks against parts of the network or the entire network caused by unrestricted state setups. Additionally it might be helpful to provide some means to inform other protocols of participating nodes within the same administrative domain about a previous successful authorization event.

信令协议必须提供授权状态设置请求的方法。这个需求需要一个钩子来与策略实体交互以请求授权数据。这允许经过身份验证的实体与授权数据关联并验证请求。授权可防止未经授权的实体进行状态设置、违反策略的设置以及服务被盗。此外,它还限制了由不受限制的状态设置引起的针对部分网络或整个网络的拒绝服务攻击。此外,提供一些方法来通知同一管理域内参与节点的其他协议先前成功的授权事件可能会有所帮助。

5.7.3. Integrity Protection
5.7.3. 完整性保护

The signaling protocol MUST provide means to protect the message payloads against modifications. Integrity protection prevents an adversary from modifying parts of the signaling message and from mounting denial of service or theft of service type of attacks against network elements participating in the protocol execution.

信令协议必须提供保护消息有效负载不受修改的方法。完整性保护可防止敌方修改部分信令消息,并针对参与协议执行的网络元件发起拒绝服务或窃取服务类型的攻击。

5.7.4. Replay Protection
5.7.4. 重播保护

To prevent replay of previous signaling messages the signaling protocol MUST provide means to detect old i.e., already transmitted signaling messages. A solution must cover issues of synchronization problems in the case of a restart or a crash of a participating network element.

为了防止重播先前的信令消息,信令协议必须提供检测旧的(即,已传输的)信令消息的方法。解决方案必须涵盖参与的网元重新启动或崩溃时的同步问题。

5.7.5. Hop-by-Hop Security
5.7.5. 逐跳安全

Channel security between signaling entities MUST be implemented. It is a well known and proven concept in Quality of Service and other signaling protocols to have intermediate nodes that actively participate in the protocol to modify the messages as it is required by processing rules. Note that this requirement does not exclude end-to-end or network-to-network security of a signaling message. End-to-end security between the NSIS Initiator and the NSIS Responder may be used to provide protection of non-mutable data fields. Network-to-network security refers to the protection of messages over various hops but not in an end-to-end manner i.e., protected over a particular network.

必须实现信令实体之间的信道安全。在服务质量和其他信令协议中,让积极参与协议的中间节点根据处理规则的要求修改消息是一个众所周知且经过验证的概念。注意,此要求不排除信令消息的端到端或网络到网络安全。NSIS发起方和NSIS响应方之间的端到端安全性可用于提供不可变数据字段的保护。网络到网络安全是指通过各种跃点保护消息,但不是以端到端的方式,即通过特定网络进行保护。

5.7.6. Identity Confidentiality and Network Topology Hiding
5.7.6. 身份保密与网络拓扑隐藏

Identity confidentiality SHOULD be supported. It enables privacy and avoids profiling of entities by adversary eavesdropping the signaling traffic along the path. The identity used in the process of authentication may also be hidden to a limited extent from a network to which the initiator is attached. However the identity MUST provide enough information for the nodes in the access network to collect accounting data.

应支持身份保密。它支持隐私,并避免对手窃听路径上的信令流量,从而对实体进行分析。认证过程中使用的身份也可以在有限的程度上对启动器所连接的网络隐藏。然而,身份必须为接入网络中的节点提供足够的信息来收集记帐数据。

Network topology hiding MAY be supported to prevent entities along the path to learn the topology of a network. Supporting this property might conflict with a diagnostic capability.

可以支持网络拓扑隐藏,以防止路径上的实体学习网络拓扑。支持此属性可能与诊断功能冲突。

5.7.7. Denial-of-Service Attacks
5.7.7. 拒绝服务攻击

A signaling protocol SHOULD provide prevention of Denial-of-service attacks. To effectively prevent denial-of-service attacks it is necessary that the used security and protocol mechanisms MUST have low computational complexity to verify a state setup request prior to authenticating the requesting entity. Additionally the signaling protocol and the used security mechanisms SHOULD NOT require large resource consumption on NSIS Entities (for example main memory or other additional message exchanges) before a successful authentication is done.

信令协议应能防止拒绝服务攻击。为了有效防止拒绝服务攻击,所使用的安全和协议机制必须具有较低的计算复杂性,以便在验证请求实体之前验证状态设置请求。此外,在成功完成身份验证之前,信令协议和使用的安全机制不应要求NSIS实体(例如主内存或其他附加消息交换)上的大量资源消耗。

5.7.8. Confidentiality of Signaling Messages
5.7.8. 信令消息的保密性

Based on the signaling information exchanged between nodes participating in the signaling protocol an adversary may learn both the identities and the content of the signaling messages. Since the ability to listen to signaling channels is a major guide to what data channels are interesting ones.

基于参与信令协议的节点之间交换的信令信息,对手可以学习信令消息的身份和内容。因为监听信令信道的能力是了解哪些数据信道是有趣的信道的主要指南。

To prevent this from happening, confidentiality of the signaling message in a hop-by-hop manner SHOULD be provided. Note that most messages must be protected on a hop-by-hop basis, since entities, which actively participate in the signaling protocol, must be able to read and eventually modify the signaling messages.

为了防止这种情况发生,应以逐跳方式提供信令消息的机密性。注意,大多数消息必须逐跳保护,因为积极参与信令协议的实体必须能够读取并最终修改信令消息。

5.7.9. Ownership of State
5.7.9. 国家所有权

When existing states have to be modified then there is a need to use a session identifier to uniquely identify the established state. A signaling protocol MUST provide means of security protection to prevent adversaries from modifying state.

当必须修改现有状态时,需要使用会话标识符来唯一标识已建立的状态。信令协议必须提供安全保护手段,以防止对手修改状态。

5.8. Mobility
5.8. 流动性
5.8.1. Allow Efficient Service Re-Establishment After Handover
5.8.1. 允许在移交后高效地重新建立服务

Handover is an essential function in wireless networks. After handover, the states may need to be completely or partially re-established due to route changes. The re-establishment may be requested by the mobile node itself or triggered by the access point that the mobile node is attached to. In the first case, the signaling MUST allow efficient re-establishment after handover. Re-establishment after handover MUST be as quick as possible so that the mobile node does not experience service interruption or service degradation. The re-establishment SHOULD be localized, and not require end-to-end signaling.

切换是无线网络中的一项基本功能。移交后,由于路线变化,可能需要完全或部分重新建立状态。重建可由移动节点本身请求或由移动节点所连接的接入点触发。在第一种情况下,信令必须允许在切换后有效地重新建立。切换后的重新建立必须尽可能快,以便移动节点不会经历服务中断或服务降级。重建应本地化,不需要端到端信令。

5.9. Interworking with Other Protocols and Techniques
5.9. 与其他协议和技术的互通

Hooks SHOULD be provided to enable efficient interworking between various protocols and techniques including the following listed.

应提供挂钩,以实现各种协议和技术之间的有效交互,包括以下所列。

5.9.1. MUST Interwork with IP Tunneling
5.9.1. 必须与IP隧道互通

IP tunneling for various applications MUST be supported. More specifically IPSec tunnels are of importance. This mainly impacts the identification of flows. When using IPSec, parts of information commonly used for flow identification (e.g., transport protocol information and ports) may not be accessible due to encryption.

必须支持各种应用程序的IP隧道。更具体地说,IPSec隧道非常重要。这主要影响流的识别。使用IPSec时,由于加密,通常用于流标识的部分信息(例如,传输协议信息和端口)可能无法访问。

5.9.2. MUST NOT Constrain Either to IPv4 or IPv6
5.9.2. 不能约束到IPv4或IPv6
5.9.3. MUST be Independent from Charging Model
5.9.3. 必须独立于充电模式

Signaling MUST NOT be constrained by charging models or the charging infrastructure used.

信令不得受充电模式或使用的充电基础设施的限制。

5.9.4. SHOULD Provide Hooks for AAA Protocols
5.9.4. 应该为AAA协议提供挂钩

The NSIS protocol SHOULD be developed with respect to be able to collect usage records from one or more network elements.

NSIS协议的开发应考虑到能够从一个或多个网元收集使用记录。

5.9.5. SHOULD Work with Seamless Handoff Protocols
5.9.5. 应使用无缝切换协议

An NSIS protocol SHOULD work with seamless handoff protocols such as context transfer and candidate access router (CAR) discovery.

NSIS协议应与无缝切换协议(如上下文传输和候选访问路由器(CAR)发现)配合使用。

5.9.6. MUST Work with Traditional Routing
5.9.6. 必须使用传统路由

NSIS assumes traditional L3 routing, which is purely based on L3 destination addresses. NSIS MUST work with L3 routing, in particular it MUST work in case of route changes. This means state on the old route MUST be released and state on the new route MUST be established by an NSIS protocol.

NSIS采用传统的L3路由,它完全基于L3目标地址。NSIS必须与L3路由配合使用,尤其是在路由发生变化时。这意味着必须释放旧路由上的状态,并且必须通过NSIS协议建立新路由上的状态。

Networks, which do non-traditional routing, should not break NSIS signaling. NSIS MAY work for some of these situations. Particularly, combinations of NSIS unaware nodes and routing other then traditional one causes some problems. Non-traditional routing includes, for example, routing decisions based on port numbers, other IP header fields than the destination address, or splitting traffic based on header hash values. These routing environments result in the signaling path being potentially different than the data path.

进行非传统路由的网络不应中断NSIS信令。NSI可能适用于其中一些情况。特别是,NSIS未意识到的节点和其他传统节点的路由组合会导致一些问题。非传统路由包括,例如,基于端口号的路由决定、目标地址以外的其他IP报头字段,或基于报头哈希值分割流量。这些路由环境导致信令路径可能不同于数据路径。

5.10. Operational
5.10. 操作的
5.10.1. Ability to Assign Transport Quality to Signaling Messages
5.10.1. 为信令消息分配传输质量的能力

The NSIS architecture SHOULD allow the network operator to assign the NSIS protocol messages a certain transport quality. As signaling opens up the possibility of denial-of-service attacks, this requirement gives the network operator a means, but also the obligation, to trade-off between signaling latency and the impact (from the signaling messages) on devices within the network. From protocol design this requirement states that the protocol messages SHOULD be detectable, at least where the control and assignment of the messages priority is done.

NSIS体系结构应允许网络运营商为NSIS协议消息分配一定的传输质量。由于信令打开了拒绝服务攻击的可能性,该要求为网络运营商提供了一种手段,但也有义务在信令延迟和(来自信令消息的)对网络内设备的影响之间进行权衡。从协议设计来看,该要求表明协议消息应是可检测的,至少在控制和分配消息优先级的情况下是如此。

Furthermore, the protocol design must take into account reliability concerns. Communication reliability is seen as part of the quality assigned to signaling messages. So procedures MUST be defined for how an NSIS signaling system behaves if some kind of request it sent stays unanswered. The basic transport protocol to be used between adjacent NSIS Entities MAY ensure message integrity and reliable transport.

此外,协议设计必须考虑可靠性问题。通信可靠性被视为分配给信令消息的质量的一部分。因此,必须为NSIS信号系统在其发送的某种请求未得到响应时的行为定义程序。相邻NSIS实体之间使用的基本传输协议可确保消息完整性和可靠传输。

5.10.2. Graceful Fail Over
5.10.2. 优雅故障切换

Any unit participating in NSIS signaling MUST NOT cause further damage to other systems involved in NSIS signaling when it has to go out of service.

任何参与NSIS信令的单元在必须停止服务时,不得对参与NSIS信令的其他系统造成进一步损害。

5.10.3. Graceful Handling of NSIS Entity Problems
5.10.3. NSIS实体问题的优雅处理

NSIS entities SHOULD be able to detect a malfunctioning peer. It may notify the NSIS Initiator or another NSIS entity involved in the signaling process. The NSIS peer may handle the problem itself e.g., switching to a backup NSIS entity. In the latter case note that synchronization of state between the primary and the backup entity is needed.

NSIS实体应该能够检测出发生故障的对等方。它可以通知NSIS发起方或信令过程中涉及的另一NSIS实体。NSIS对等方可自行处理问题,例如,切换到备份NSIS实体。在后一种情况下,请注意,需要在主实体和备份实体之间同步状态。

6. Security Considerations
6. 安全考虑

Section 5.7 of this document provides security related requirements of a signaling protocol.

本文件第5.7节提供了信令协议的安全相关要求。

7. Acknowledgments
7. 致谢

Quite a number of people have been involved in the discussion of the document, adding some ideas, requirements, etc. We list them without a guarantee on completeness: Changpeng Fan (Siemens), Krishna Paul (NEC), Maurizio Molina (NEC), Mirko Schramm (Siemens), Andreas Schrader (NEC), Hannes Hartenstein (NEC), Ralf Schmitz (NEC), Juergen Quittek (NEC), Morihisa Momona (NEC), Holger Karl (Technical University Berlin), Xiaoming Fu (Technical University Berlin), Hans-Peter Schwefel (Siemens), Mathias Rautenberg (Siemens), Christoph Niedermeier (Siemens), Andreas Kassler (University of Ulm), Ilya Freytsis.

相当多的人参与了文件的讨论,添加了一些想法、要求等。我们在不保证完整性的情况下列出了这些想法和要求:范昌鹏(西门子)、克里希纳·保罗(NEC)、莫里齐奥·莫利纳(NEC)、米尔科·施拉姆(西门子)、安德烈亚斯·施拉德(NEC)、汉内斯·哈滕斯坦(NEC)、拉尔夫·施密茨(NEC)、尤尔根·奎特克(NEC)、莫里希萨·莫莫莫纳(NEC)、霍尔格·卡尔(柏林理工大学)、傅晓明(柏林理工大学)、汉斯·彼得·施韦费尔(西门子)、马蒂亚斯·劳滕伯格(西门子)、克里斯托夫·尼德梅尔(西门子)、安德烈亚斯·卡斯勒(乌尔姆大学)、伊利亚·弗雷蒂斯。

Some text and/or ideas for text, requirements, scenarios have been taken from an Internet Draft written by the following authors: David Partain (Ericsson), Anders Bergsten (Telia Research), Marc Greis (Nokia), Georgios Karagiannis (Ericsson), Jukka Manner (University of Helsinki), Ping Pan (Juniper), Vlora Rexhepi (Ericsson), Lars Westberg (Ericsson), Haihong Zheng (Nokia). Some of those have actively contributed new text to this document as well.

一些文本和/或关于文本、需求、场景的想法摘自以下作者撰写的互联网草稿:大卫·帕坦(爱立信)、安德斯·伯格斯滕(泰利亚研究)、马克·格雷斯(诺基亚)、乔治奥斯·卡拉吉安尼斯(爱立信)、朱卡·韦德(赫尔辛基大学)、平潘(朱尼珀)、弗拉·雷克谢皮(爱立信)、拉尔斯·韦斯特伯格(爱立信)、郑海虹(诺基亚)。其中一些人也积极为本文档提供了新文本。

Another Internet Draft impacting this document has been written by Sven Van den Bosch, Maarten Buchli, and Danny Goderis (all Alcatel). These people contributed also new text.

另一份影响本文件的互联网草案由斯文·范登·博什(Sven Van den Bosch)、马尔滕·布奇利(Maarten Buchli)和丹尼·戈德利斯(Danny Goderis)(均为阿尔卡特)撰写。这些人也贡献了新的文本。

Thanks also to Kwok Ho Chan (Nortel) for text changes. And finally thanks Alison Mankin for the thorough AD review and thanks to Harald Tveit Alvestrand and Steve Bellovin for the IESG review comments.

同时感谢郭浩灿(北电)的文字修改。最后,感谢Alison Mankin对广告的全面评论,感谢Harald Tveit Alvestrand和Steve Bellovin对IESG评论的评论。

8. Appendix: Scenarios/Use Cases
8. 附录:场景/用例

In the following we describe scenarios, which are important to cover, and which allow us to discuss various requirements. Some regard this as use cases to be covered defining the use of a signaling protocol. In general, these scenarios consider the specific case of signaling for QoS (resource reservation), although many of the issues carry over directly to other signaling types.

在下面,我们将描述一些场景,这些场景非常重要,可以让我们讨论各种需求。一些人认为这是定义信令协议使用的用例。一般来说,这些场景考虑QoS(资源预留)的信令的特定情况,尽管许多问题直接传递到其他信令类型。

8.1. Terminal Mobility
8.1. 终端移动性

The scenario we are looking at is the case where a mobile terminal (MT) changes from one access point to another access point. The access points are located in separate QoS domains. We assume Mobile IP to handle mobility on the network layer in this scenario and consider the various extensions (i.e., IETF proposals) to Mobile IP, in order to provide 'fast handover' for roaming Mobile Terminals. The goal to be achieved lies in providing, keeping, and adapting the requested QoS for the ongoing IP sessions in case of handover. Furthermore, the negotiation of QoS parameters with the new domain via the old connection might be needed, in order to support the different 'fast handover' proposals within the IETF.

我们正在研究的场景是移动终端(MT)从一个接入点切换到另一个接入点的情况。接入点位于单独的QoS域中。我们假设移动IP在这个场景中处理网络层上的移动性,并考虑到移动IP的各种扩展(即IETF建议),以便为漫游移动终端提供“快速切换”。要实现的目标在于在切换情况下为正在进行的IP会话提供、保持和调整请求的QoS。此外,可能需要通过旧连接与新域协商QoS参数,以支持IETF内的不同“快速切换”方案。

The entities involved in this scenario include a mobile terminal, access points, an access network manager, and communication partners of the MT (the other end(s) of the communication association). From a technical point of view, terminal mobility means changing the access point of a mobile terminal (MT). However, technologies might change in various directions (access technology, QoS technology, administrative domain). If the access points are within one specific QoS technology (independent of access technology) we call this intra-QoS technology handoff. In the case of an inter-QoS technology handoff, one changes from e.g., a DiffServ to an IntServ domain, however still using the same access technology. Finally, if the access points are using different access technologies we call it inter-technology hand-off.

该场景中涉及的实体包括移动终端、接入点、接入网络管理器和MT的通信伙伴(通信关联的另一端)。从技术角度来看,终端移动性意味着改变移动终端(MT)的接入点。然而,技术可能在不同的方向发生变化(接入技术、QoS技术、管理领域)。如果接入点位于一种特定的QoS技术内(独立于接入技术),我们称之为QoS内技术切换。在QoS间技术切换的情况下,例如从DiffServ切换到IntServ域,但是仍然使用相同的接入技术。最后,如果接入点使用不同的接入技术,我们称之为技术间切换。

The following issues are of special importance in this scenario:

在这种情况下,以下问题特别重要:

1) Handoff decision

1) 切换决策

- The QoS management requests handoff. The QoS management can decide to change the access point, since the traffic conditions of the new access point are better supporting the QoS requirements. The metric may be different (optimized towards a single or a group/class of users). Note that the MT or the network (see below) might trigger the handoff.

- QoS管理请求切换。QoS管理可以决定更改接入点,因为新接入点的业务条件更好地支持QoS需求。度量可能不同(针对单个或组/类用户进行优化)。请注意,MT或网络(见下文)可能会触发切换。

- The mobility management forces handoff. This can have several reasons. The operator optimizes his network, admission is no longer granted (e.g., emptied prepaid condition). Or another example is when the MT is reaching the focus of another base station. However, this might be detected via measurements of QoS on the physical layer and is therefore out of scope of QoS signaling in IP. Note again that the MT or the network (see below) might trigger the handoff.

- 移动性管理强制切换。这可能有几个原因。运营商优化其网络,不再允许接入(例如,清空预付费条件)。或者另一示例是当MT到达另一基站的焦点时。然而,这可能通过物理层上的QoS测量来检测,因此超出了IP中QoS信令的范围。再次注意,MT或网络(见下文)可能触发切换。

- This scenario shows that local decisions might not be enough. The rest of the path to the other end of the communication needs to be considered as well. Hand-off decisions in a QoS domain do not only depend on the local resource availability, e.g., the wireless part, but involve the rest of the path as well. Additionally, decomposition of an end-to-end signaling might be needed, in order to change only parts of it.

- 这种情况表明,仅依靠本地决策可能是不够的。还需要考虑到通向通信另一端的其余路径。QoS域中的切换决策不仅取决于本地资源可用性,例如无线部分,还涉及路径的其余部分。此外,可能需要对端到端信令进行分解,以便仅更改其一部分。

2) Trigger sources

2) 触发源

- Mobile terminal: If the end-system QoS management identifies another (better-suited) access point, it will request the handoff from the terminal itself. This will be especially likely in the case that two different provider networks are involved. Another important example is when the current access point bearer disappears (e.g., removing the Ethernet cable). In this case, the NSIS Initiator is basically located on the mobile terminal.

- 移动终端:如果终端系统QoS管理确定了另一个(更适合的)接入点,它将从终端本身请求切换。这在涉及两个不同的提供商网络的情况下尤其可能。另一个重要示例是当前接入点承载消失时(例如,移除以太网电缆)。在这种情况下,NSIS启动器基本上位于移动终端上。

- Network (access network manager): Sometimes, the handoff trigger will be issued from the network management to optimize the overall load situation. Most likely this will result in changing the base-station of a single providers network. Most likely the NSIS Initiator is located on a system within the network.

- 网络(接入网络管理器):有时,网络管理会发出切换触发器,以优化总体负载情况。这很可能会导致更改单个提供商网络的基站。NSIS启动器很可能位于网络内的系统上。

3) Integration with other protocols

3) 与其他协议的集成

- Interworking with other protocol must be considered in one or the other form. E.g., it might be worth combining QoS signaling between different QoS domains with mobility signaling at hand-over.

- 必须以一种或另一种形式考虑与其他协议的互通。例如,将不同QoS域之间的QoS信令与移交时的移动性信令相结合可能是值得的。

4) Handover rates

4) 移交率

In mobile networks, the admission control process has to cope with far more admission requests than call setups alone would generate. For example, in the GSM (Global System for Mobile communications) case, mobility usually generates an average of one to two handovers

在移动网络中,接纳控制过程必须处理比呼叫设置本身产生的接纳请求多得多的接纳请求。例如,在GSM(全球移动通信系统)的情况下,移动性通常产生平均一到两次切换

per call. For third generation networks (such as UMTS), where it is necessary to keep radio links to several cells simultaneously (macro-diversity), the handover rate is significantly higher.

每次通话。对于第三代网络(如UMTS),需要同时保持与多个小区的无线链路(宏分集),切换率要高得多。

5) Fast state installation

5) 快速状态安装

Handover can also cause packet losses. This happens when the processing of an admission request causes a delayed handover to the new base station. In this situation, some packets might be discarded, and the overall speech quality might be degraded significantly. Moreover, a delay in handover may cause degradation for other users. In the worst-case scenario, a delay in handover may cause the connection to be dropped if the handover occurred due to bad air link quality. Therefore, it is critical that QoS signaling in connection with handover be carried out very quickly.

切换也会导致数据包丢失。当接纳请求的处理导致到新基站的延迟切换时,会发生这种情况。在这种情况下,可能会丢弃一些数据包,并且整体语音质量可能会显著降低。此外,切换中的延迟可能会导致其他用户的性能下降。在最坏的情况下,如果由于空气链路质量差而发生切换,则切换延迟可能会导致连接断开。因此,快速执行与切换相关的QoS信令是至关重要的。

6) Call blocking in case of overload

6) 过载情况下的呼叫阻塞

Furthermore, when the network is overloaded, it is preferable to keep states for previously established flows while blocking new requests. Therefore, the resource reservation requests in connection with handover should be given higher priority than new requests for resource reservation.

此外,当网络过载时,最好在阻止新请求的同时保持先前建立的流的状态。因此,与切换相关的资源预留请求应被赋予比新的资源预留请求更高的优先级。

8.2. Wireless Networks
8.2. 无线网络

In this scenario, the user is using the packet services of a wireless system (such as the 3rd generation wireless system 3GPP/UMTS, 3GPP2/cdma2000). The region between the End Host and the Edge Node (Edge Router) connecting the wireless network to another QoS domain is considered to be a single QoS domain.

在该场景中,用户正在使用无线系统(例如第三代无线系统3GPP/UMTS、3GPP2/cdma2000)的分组服务。终端主机和将无线网络连接到另一个QoS域的边缘节点(边缘路由器)之间的区域被认为是单个QoS域。

The issues in such an environment regarding QoS include:

这种环境中有关QoS的问题包括:

1) The wireless networks provide their own QoS technology with specialized parameters to coordinate the QoS provided by both the radio access and wired access networks. Provisioning of QoS technologies within a wireless network can be described mainly in terms of calling bearer classes, service options, and service instances. These QoS technologies need to be invoked with suitable parameters when higher layers trigger a request for QoS. Therefore these involve mapping of the requested higher layer QoS parameters onto specific bearer classes or service instances. The request for allocation of resources might be triggered by signaling at the IP level that passes across the wireless system, and possibly other QoS domains. Typically, wireless network specific messages are invoked to setup the underlying bearer

1) 无线网络提供其自己的具有专门参数的QoS技术,以协调无线接入和有线接入网络提供的QoS。无线网络中QoS技术的供应主要可以根据呼叫承载类、服务选项和服务实例来描述。当更高层触发QoS请求时,需要使用合适的参数调用这些QoS技术。因此,这些涉及将请求的更高层QoS参数映射到特定的承载类或服务实例。资源分配请求可能由通过无线系统和可能的其他QoS域的IP级信令触发。通常,调用特定于无线网络的消息来设置底层承载

classes or service instances in parallel with the IP layer QoS negotiation, to allocate resources within the radio access network.

与IP层QoS协商并行的类或服务实例,用于在无线接入网络内分配资源。

2) The IP signaling messages are initiated by the NSIS initiator and interpreted by the NSIS Forwarder. The most efficient placement of the NSIS Initiator and NSIS Forwarder has not been determined in wireless networks, but a few potential scenarios can be envisioned. The NSIS Initiator could be located at the End Host (e.g., 3G User equipment (UE)), the Access Gateway or at a node that is not directly on the data path, such as a Policy Decision Function. The Access Gateway could act as a proxy NSIS Initiator on behalf of the End Host. The Policy Decision Function that controls per-flow/aggregate resources with respect to the session within its QoS domain (e.g., the 3G wireless network) may act as a proxy NSIS Initiator for the end host or the Access Gateway. Depending on the placement of the NSIS Initiator, the NSIS Forwarder may be located at an appropriate point in the wireless network.

2) IP信令消息由NSIS启动器发起,并由NSIS转发器解释。NSIS启动器和NSIS转发器的最有效位置尚未在无线网络中确定,但可以预见一些潜在场景。NSIS发起方可以位于终端主机(例如3G用户设备(UE))、接入网关或不直接位于数据路径上的节点,例如策略决策功能。访问网关可以作为代表终端主机的代理NSIS启动器。控制关于其QoS域(例如3G无线网络)内的会话的每流/聚合资源的策略决策功能可以充当终端主机或接入网关的代理NSIS启动器。取决于NSIS启动器的位置,NSIS转发器可位于无线网络中的适当点。

3) The need for re-negotiation of resources in a new wireless domain due to host mobility. In this case the NSIS Initiator and the NSIS Forwarder should detect mobility events and autonomously trigger re-negotiation of resources.

3) 由于主机移动性,需要在新的无线域中重新协商资源。在这种情况下,NSIS启动器和NSIS转发器应检测移动事件并自动触发资源的重新协商。

8.3. An Example Scenario for 3G Wireless Networks
8.3. 3G无线网络的一个示例场景

The following example is a pure hypothetical scenario, where an NSIS signaling protocol might be used in a 3G environment. We do not impose in any way, how a potential integration might be done. Terms from the 3GPP architecture are used (P-CSCF, IMS, expanded below) in order to give specificity, but in a hypothetical design, one that reflects neither development nor review by 3GPP. The example should help in the design of a NSIS signaling protocol such that it could be used in various environments.

下面的示例是一个纯粹的假设场景,其中NSIS信令协议可能会在3G环境中使用。我们不会以任何方式强加如何进行潜在整合。使用3GPP架构中的术语(P-CSCF、IMS,如下扩展)以给出特定性,但在假设设计中,该设计既不反映3GPP的开发也不反映3GPP的审查。该示例应有助于NSIS信令协议的设计,使其能够在各种环境中使用。

The 3G wireless access scenario is shown in Figure 1. The Proxy-Call State Control Function (P-CSCF) is the outbound SIP proxy (only used in IP Multimedia Subsystems (IMS)). The Access Gateway is the egress router of the 3G wireless domain and it connects the radio access network to the Edge Router (ER) of the backbone IP network. The Policy Decision Function (PDF) is an entity responsible for controlling bearer level resource allocations/de-allocations in relation to session level services e.g., SIP. The Policy Decision Function may also control the Access Gateway to open and close the gates and to configure per-flow policies, i.e., to authorize or forbid user traffic. The P-CSCF (only used in IMS) and the Access Gateway communicate with the Policy Decision Function, for network

3G无线接入场景如图1所示。代理呼叫状态控制功能(P-CSCF)是出站SIP代理(仅用于IP多媒体子系统(IMS))。接入网关是3G无线域的出口路由器,它将无线接入网络连接到骨干IP网络的边缘路由器(ER)。策略决策功能(PDF)是负责控制与会话级服务(如SIP)相关的承载级资源分配/取消分配的实体。策略决策功能还可以控制接入网关打开和关闭网关,并配置每流策略,即授权或禁止用户流量。P-CSCF(仅在IMS中使用)和接入网关与策略决策功能进行通信,用于网络

resource allocation/de-allocation decisions. The User Equipment (UE) or the Mobile Station (MS) consists of a Mobile Terminal (MT) and Terminal Equipment (TE), e.g., a laptop.

资源分配/取消分配决策。用户设备(UE)或移动站(MS)包括移动终端(MT)和终端设备(TE),例如笔记本电脑。

                     +--------+
          +--------->| P-CSCF |---------> SIP signaling
         /           +--------+
        / SIP            |
       |                 |
       |              +-----+            +----------------+
       |              | PDF |<---------->| NSIS Forwarder |<--->
       |              +-----+            +----------------+
       |                 |                  ^
       |                 |                  |
       |                 |                  |
       |                 |COPS              |
       |                 |                  |
   +------+          +---------+            |
   | UE/MS|----------| Access  |<-----------+     +----+
   +------+          | Gateway |------------------| ER |
                     +---------+                  +----+
        
                     +--------+
          +--------->| P-CSCF |---------> SIP signaling
         /           +--------+
        / SIP            |
       |                 |
       |              +-----+            +----------------+
       |              | PDF |<---------->| NSIS Forwarder |<--->
       |              +-----+            +----------------+
       |                 |                  ^
       |                 |                  |
       |                 |                  |
       |                 |COPS              |
       |                 |                  |
   +------+          +---------+            |
   | UE/MS|----------| Access  |<-----------+     +----+
   +------+          | Gateway |------------------| ER |
                     +---------+                  +----+
        

Figure 1: 3G wireless access scenario

图1:3G无线接入场景

The PDF has all the required QoS information for per-flow or aggregate admission control in 3G wireless networks. It receives resource allocation/de-allocation requests from the P-CSCF and/or Access Gateway etc. and responds with policy decisions. Hence the PDF may be a candidate entity to host the functionality of the NSIS Initiator, initiating the NSIS QoS signaling towards the backbone IP network. On the other hand, the UE/MS may act as the NSIS Initiator or the Access Gateway may act as a Proxy NSIS Initiator on behalf of the UE/MS. In the former case, the P-CSCF/PDF has to do the mapping from codec types and media descriptors (derived from SIP/SDP signaling) to IP traffic descriptor. In the latter case, the UE/MS may use any appropriate QoS signaling mechanism as the NSIS Initiator. If the Access Gateway is acting as the Proxy NSIS initiator on behalf of the UE/MS, then it may have to do the mapping of parameters from radio access specific QoS to IP QoS traffic parameters before forwarding the request to the NSIS Forwarder.

PDF具有3G无线网络中每流或聚合准入控制所需的所有QoS信息。它接收来自P-CSCF和/或访问网关等的资源分配/取消分配请求,并用策略决策进行响应。因此,PDF可以是承载NSIS发起方的功能的候选实体,发起朝向骨干IP网络的NSIS QoS信令。另一方面,UE/MS可以充当NSIS启动器,或者接入网关可以代表UE/MS充当代理NSIS启动器。在前一种情况下,P-CSCF/PDF必须进行从编解码器类型和媒体描述符(从SIP/SDP信令导出)到IP业务描述符的映射。在后一种情况下,UE/MS可以使用任何适当的QoS信令机制作为NSIS发起方。如果接入网关代表UE/MS充当代理NSIS发起方,则在将请求转发到NSIS转发器之前,它可能必须进行从无线接入特定QoS到IP QoS业务参数的参数映射。

The NSIS Forwarder is currently not part of the standard 3G wireless architecture. However, to achieve end-to-end QoS a NSIS Forwarder is needed such that the NSIS Initiators can request a QoS connection to the IP network. As in the previous example, the NSIS Forwarder could manage a set of pre-provisioned resources in the IP network, i.e., bandwidth pipes, and the NSIS Forwarder perform per-flow admission control into these pipes. In this way, a connection can be made

NSIS转发器目前不是标准3G无线架构的一部分。然而,为了实现端到端QoS,需要NSIS转发器,使得NSIS启动器可以请求到IP网络的QoS连接。如前一示例中所示,NSIS转发器可以管理IP网络中的一组预先配置的资源,即带宽管道,并且NSIS转发器对这些管道执行每流准入控制。这样,就可以建立连接

between two 3G wireless access networks, and hence, end-to-end QoS can be achieved. In this case the NSIS Initiator and NSIS Forwarder are clearly two separate logical entities. The Access Gateway or/and the Edge Router in Fig.1 may contain the NSIS Forwarder functionality, depending upon the placement of the NSIS Initiator as discussed in scenario 2 in section 8.2. This use case clearly illustrates the need for an NSIS QoS signaling protocol between NSIS Initiator and NSIS Forwarder. An important application of such a protocol may be its use in the end-to-end establishment of a connection with specific QoS characteristics between a mobile host and another party (e.g., end host or content server).

在两个3G无线接入网络之间,因此,可以实现端到端的QoS。在这种情况下,NSIS启动器和NSIS转发器显然是两个独立的逻辑实体。图1中的接入网关或/和边缘路由器可能包含NSIS转发器功能,具体取决于第8.2节场景2中讨论的NSIS启动器的位置。这个用例清楚地说明了在NSIS启动器和NSIS转发器之间需要NSIS QoS信令协议。这种协议的重要应用可以是其在移动主机和另一方(例如,终端主机或内容服务器)之间具有特定QoS特征的连接的端到端建立中的使用。

8.4. Wired Part of Wireless Network
8.4. 无线网络的有线部分

A wireless network, seen from a QoS domain perspective, usually consists of three parts: a wireless interface part (the "radio interface"), a wired part of the wireless network (i.e., Radio Access Network) and the backbone of the wireless network, as shown in Figure 2. Note that this figure should not be seen as an architectural overview of wireless networks but rather as showing the conceptual QoS domains in a wireless network.

从QoS域的角度来看,无线网络通常由三部分组成:无线接口部分(“无线接口”)、无线网络的有线部分(即无线接入网络)和无线网络的主干,如图2所示。请注意,此图不应视为无线网络的体系结构概述,而应视为显示无线网络中的概念QoS域。

In this scenario, a mobile host can roam and perform a handover procedure between base stations/access routers. In this scenario the NSIS QoS protocol can be applied between a base station and the gateway (GW). In this case a GW can also be considered as a local handover anchor point. Furthermore, in this scenario the NSIS QoS protocol can also be applied either between two GWs, or between two edge routers (ER).

在这种情况下,移动主机可以漫游并在基站/接入路由器之间执行切换过程。在这种情况下,可以在基站和网关(GW)之间应用NSIS QoS协议。在这种情况下,GW也可以被视为本地切换锚点。此外,在此场景中,NSIS QoS协议也可以应用于两个GWs之间或两个边缘路由器(ER)之间。

                          |--|
                          |GW|
   |--|                   |--|
   |MH|---                 .
   |--|  / |-------|       .
        /--|base   | |--|  .
           |station|-|ER|...
           |-------| |--|  . |--| back- |--|  |---|              |----|
                           ..|ER|.......|ER|..|BGW|.."Internet"..|host|
        -- |-------| |--|  . |--| bone  |--|  |---|              |----|
   |--| \  |base   |-|ER|...     .
   |MH|  \ |station| |--|        .
   |--|--- |-------|             .          MH  = mobile host
                              |--|          ER  = edge router
      <---->                  |GW|          GW  = gateway
     Wireless link            |--|          BGW = border gateway
                                            ... = interior nodes
            <------------------->
       Wired part of wireless network
        
                          |--|
                          |GW|
   |--|                   |--|
   |MH|---                 .
   |--|  / |-------|       .
        /--|base   | |--|  .
           |station|-|ER|...
           |-------| |--|  . |--| back- |--|  |---|              |----|
                           ..|ER|.......|ER|..|BGW|.."Internet"..|host|
        -- |-------| |--|  . |--| bone  |--|  |---|              |----|
   |--| \  |base   |-|ER|...     .
   |MH|  \ |station| |--|        .
   |--|--- |-------|             .          MH  = mobile host
                              |--|          ER  = edge router
      <---->                  |GW|          GW  = gateway
     Wireless link            |--|          BGW = border gateway
                                            ... = interior nodes
            <------------------->
       Wired part of wireless network
        
   <---------------------------------------->
                Wireless Network
        
   <---------------------------------------->
                Wireless Network
        

Figure 2. QoS architecture of wired part of wireless network

图2。无线网络有线部分的QoS体系结构

Each of these parts of the wireless network impose different issues to be solved on the QoS signaling solution being used:

无线网络的这些部分中的每一个都对所使用的QoS信令解决方案施加了不同的问题:

1) Wireless interface: The solution for the air interface link has to ensure flexibility and spectrum efficient transmission of IP packets. However, this link layer QoS can be solved in the same way as any other last hop problem by allowing a host to request the proper QoS profile.

1) 无线接口:空中接口链路的解决方案必须确保IP数据包的灵活性和频谱效率。但是,通过允许主机请求适当的QoS配置文件,可以以与任何其他最后一跳问题相同的方式解决此链路层QoS。

2) Wired part of the wireless network: This is the part of the network that is closest to the base stations/access routers. It is an IP network although some parts logically perform tunneling of the end user data. In cellular networks, the wired part of the wireless network is denoted as a radio access network.

2) 无线网络的有线部分:这是最靠近基站/接入路由器的网络部分。它是一个IP网络,尽管某些部分在逻辑上执行最终用户数据的隧道传输。在蜂窝网络中,无线网络的有线部分被表示为无线电接入网络。

This part of the wireless network has different requirements for signaling protocol characteristics when compared to traditional IP networks:

与传统IP网络相比,无线网络的这一部分对信令协议特性有不同的要求:

- The network must support mobility. Many wireless networks are able to provide a combination of soft and hard handover procedures. When handover occurs, reservations need to be established on new paths. The establishment time has to be as

- 网络必须支持移动性。许多无线网络能够提供软切换和硬切换过程的组合。当发生切换时,需要在新路径上建立预约。成立时间必须如下所示:

short as possible since long establishment times for s degrade the performance of the wireless network. Moreover, for maximal utilization of the radio spectrum, frequent handover operations are required.

尽可能短,因为s的长建立时间会降低无线网络的性能。此外,为了最大限度地利用无线电频谱,需要频繁的切换操作。

- These links are typically rather bandwidth-limited.

- 这些链路通常带宽有限。

- The wired transmission in such a network contains a relatively high volume of expensive leased lines. Overprovisioning might therefore be prohibitively expensive.

- 这种网络中的有线传输包含相对高容量的昂贵租用线路。因此,过度供应的成本可能高得令人望而却步。

- The radio base stations are spread over a wide geographical area and are in general situated a large distance from the backbone.

- 无线基站分布在广泛的地理区域,通常距离主干网很远。

3) Backbone of the wireless network: the requirements imposed by this network are similar to the requirements imposed by other types of backbone networks.

3) 无线网络的主干网:该网络施加的要求与其他类型的主干网施加的要求类似。

Due to these very different characteristics and requirements, often contradictory, different QoS signaling solutions might be needed in each of the three network parts.

由于这些非常不同的特性和要求,三个网络部分中的每一个都可能需要不同的QoS信令解决方案,这通常是矛盾的。

8.5. Session Mobility
8.5. 会话移动性

In this scenario, a session is moved from one end-system to another. Ongoing sessions are kept and QoS parameters need to be adapted, since it is very likely that the new device provides different capabilities. Note that it is open which entity initiates the move, which implies that the NSIS Initiator might be triggered by different entities.

在此场景中,会话从一个终端系统移动到另一个终端系统。保持正在进行的会话,并且需要调整QoS参数,因为新设备很可能提供不同的功能。请注意,启动移动的实体是开放的,这意味着NSIS启动器可能由不同的实体触发。

User mobility (i.e., a user changing the device and therefore moving the sessions to the new device) is considered to be a special case within the session mobility scenario.

用户移动性(即,用户改变设备并因此将会话移动到新设备)被认为是会话移动性场景中的特例。

Note that this scenario is different from terminal mobility. The terminal (end-system) has not moved to a different access point. Both terminals are still connected to an IP network at their original points.

请注意,此场景与终端移动性不同。终端(终端系统)未移动到其他接入点。两个终端仍在其原始点连接到IP网络。

The issues include:

这些问题包括:

1) Keeping the QoS guarantees negotiated implies that the end-point(s) of communication are changed without changing the s.

1) 保持协商的QoS保证意味着在不更改通信端点的情况下更改通信端点。

2) The trigger of the session move might be the user or any other party involved in the session.

2) 会话移动的触发器可能是用户或会话中涉及的任何其他方。

8.6. QoS Reservation/Negotiation from Access to Core Network
8.6. 从接入到核心网的QoS预留/协商

The scenario includes the signaling between access networks and core networks in order to setup and change reservations together with potential negotiation.

该场景包括接入网络和核心网络之间的信令,以便设置和更改保留以及潜在的协商。

The issues to be solved in this scenario are different from previous ones.

此场景中要解决的问题与以前的不同。

1) The entity of reservation is most likely an aggregate.

1) 保留的实体很可能是一个集合。

2) The time scales of states might be different (long living states of aggregates, less often re-negotiation).

2) 国家的时间尺度可能不同(总量的长期存在状态,较少重新谈判)。

3) The specification of the traffic (amount of traffic), a particular QoS is guaranteed for, needs to be changed. E.g., in case additional flows are added to the aggregate, the traffic specification of the flow needs to be added if it is not already included in the aggregates specification.

3) 流量(流量量)的规格(保证特定的QoS)需要更改。例如,如果向骨料中添加了额外的流量,则需要添加流量的流量规格(如果该流量规格尚未包含在骨料规格中)。

4) The flow specification is more complex including network addresses and sets of different address for the source as well as for the destination of the flow.

4) 流规范更为复杂,包括网络地址以及流的源和目标的不同地址集。

8.7. QoS Reservation/Negotiation Over Administrative Boundaries
8.7. 管理边界上的QoS保留/协商

Signaling between two or more core networks to provide QoS is handled in this scenario. This might also include access to core signaling over administrative boundaries. Compared to the previous one it adds the case, where the two networks are not in the same administrative domain. Basically, it is the inter-domain/inter-provider signaling which is handled in here.

在此场景中,处理两个或多个核心网络之间的信令以提供QoS。这可能还包括通过管理边界访问核心信令。与前一个网络相比,它增加了两个网络不在同一管理域中的情况。基本上,这里处理的是域间/提供商间信令。

The domain boundary is the critical issue to be resolved. Which of various flavors of issues a QoS signaling protocol has to be concerned with.

域边界是需要解决的关键问题。QoS信令协议必须关注的各种问题中的哪一种。

1) Competing administrations: Normally, only basic information should be exchanged, if the signaling is between competing administrations. Specifically information about core network internals (e.g., topology, technology, etc.) should not be exchanged. Some information exchange about the "access points" of the core networks (which is topology information as well) may be required, to be exchanged, because it is needed for proper signaling.

1) 竞争管理:通常,如果信令在竞争管理之间,则只应交换基本信息。具体而言,不应交换有关核心网络内部的信息(如拓扑、技术等)。可能需要交换一些关于核心网络的“接入点”的信息(也是拓扑信息),因为这是正确信令所必需的。

2) Additionally, as in scenario 4, signaling most likely is based on aggregates, with all the issues raise there.

2) 此外,与场景4一样,信令很可能是基于聚合的,所有问题都会在那里提出。

3) Authorization: It is critical that the NSIS Initiator is authorized to perform a QoS path setup.

3) 授权:授权NSIS启动器执行QoS路径设置至关重要。

4) Accountability: It is important to notice that signaling might be used as an entity to charge money for, therefore the interoperation with accounting needs to be available.

4) 问责性:重要的是要注意,信令可能被用作收费实体,因此需要提供与会计的互操作。

8.8. QoS Signaling Between PSTN Gateways and Backbone Routers
8.8. PSTN网关和骨干路由器之间的QoS信令

A PSTN gateway (i.e., host) requires information from the network regarding its ability to transport voice traffic across the network. The voice quality will suffer due to packet loss, latency and jitter. Signaling is used to identify and admit a flow for which these impairments are minimized. In addition, the disposition of the signaling request is used to allow the PSTN GW to make a call routing decision before the call is actually accepted and delivered to the final destination.

PSTN网关(即主机)需要来自网络的关于其在网络上传输语音流量能力的信息。由于数据包丢失、延迟和抖动,语音质量将受到影响。信令用于识别和接纳这些损害最小化的流。此外,信令请求的处理用于允许PSTN GW在呼叫实际被接受并传送到最终目的地之前作出呼叫路由决策。

PSTN gateways may handle thousands of calls simultaneously and there may be hundreds of PSTN gateways in a single provider network. These numbers are likely to increase as the size of the network increases. The point being that scalability is a major issue.

PSTN网关可以同时处理数千个呼叫,在单个提供商网络中可能有数百个PSTN网关。随着网络规模的增加,这些数字可能会增加。关键是可伸缩性是一个主要问题。

There are several ways that a PSTN gateway can acquire assurances that a network can carry its traffic across the network. These include:

PSTN网关可以通过多种方式获得网络可以在网络上传输其流量的保证。这些措施包括:

1. Over-provisioning a high availability network.

1. 过度配置高可用性网络。

2. Handling admission control through some policy server that has a global view of the network and its resources.

2. 通过具有网络及其资源全局视图的策略服务器处理许可控制。

3. Per PSTN GW pair admission control.

3. 每PSTN GW对接入控制。

4. Per call admission control (where a call is defined as the 5-tuple used to carry a single RTP flow).

4. 每次呼叫允许控制(其中呼叫定义为用于承载单个RTP流的5元组)。

Item 1 requires no signaling at all and is therefore outside the scope of this working group.

第1项完全不需要信号,因此不在本工作组的范围内。

Item 2 is really a better informed version of 1, but it is also outside the scope of this working group as it relies on a particular telephony signaling protocol rather than a packet admission control protocol.

第2项实际上是第1项的一个更好的信息版本,但它也超出了本工作组的范围,因为它依赖于特定的电话信令协议,而不是数据包许可控制协议。

Item 3 is initially attractive, as it appears to have reasonable scaling properties, however, its scaling properties only are effective in cases where there are relatively few PSTN GWs. In the

项目3最初具有吸引力,因为它似乎具有合理的缩放特性,但是,其缩放特性仅在PSTN GWs相对较少的情况下有效。在

more general case where a PSTN GW reduces to a single IP phone sitting behind some access network, the opportunities for aggregation are reduced and the problem reduces to item 4.

更一般的情况是,PSTN GW减少到位于某个接入网络后面的单个IP电话,聚合的机会减少,问题减少到第4项。

Item 4 is the most general case. However, it has the most difficult scaling problems. The objective here is to place the requirements on Item 4 such that a scalable per-flow admission control protocol or protocol suite may be developed.

第4项是最普遍的情况。然而,它有最困难的缩放问题。此处的目标是将要求放在第4项上,以便开发可扩展的每流准入控制协议或协议套件。

The case where per-flow signaling extends to individual IP end-points allows the inclusion of IP phones on cable, DSL, wireless or other access networks in this scenario.

每流信令扩展到各个IP端点的情况允许在此场景中包括有线、DSL、无线或其他接入网络上的IP电话。

Call Scenario

呼叫场景

A PSTN GW signals end-to-end for some 5-tuple defined flow a bandwidth and QoS requirement. Note that the 5-tuple might include masking/wildcarding. The access network admits this flow according to its local policy and the specific details of the access technology.

PSTN GW为一些5元组定义的流发送端到端信号,以满足带宽和QoS要求。注意,5元组可能包括屏蔽/通配符。接入网络根据其本地政策和接入技术的具体细节允许这种流量。

At the edge router (i.e., border node), the flow is admitted, again with an optional authentication process, possibly involving an external policy server. Note that the relationship between the PSTN GW and the policy server and the routers and the policy server is outside the scope of NSIS. The edge router then admits the flow into the core of the network, possibly using some aggregation technique.

在边缘路由器(即,边界节点)上,流被接纳,同样具有可选的身份验证过程,可能涉及外部策略服务器。请注意,PSTN GW和策略服务器以及路由器和策略服务器之间的关系不在NSIS的范围内。然后边缘路由器允许流进入网络核心,可能使用某种聚合技术。

At the interior nodes, the NSIS host-to-host signaling should either be ignored or invisible as the Edge router performed the admission control decision to some aggregate.

在内部节点,当边缘路由器对某个聚合执行接纳控制决策时,NSIS主机到主机信令应该被忽略或不可见。

At the inter-provider router (i.e., border node), again the NSIS host-to-host signaling should either be ignored or invisible, as the Edge router has performed an admission control decision about an aggregate across a carrier network.

在提供商间路由器(即,边界节点)处,NSIS主机到主机信令同样应该被忽略或不可见,因为边缘路由器已经执行了关于跨载波网络的聚合的接纳控制决策。

8.9. PSTN Trunking Gateway
8.9. PSTN中继网关

One of the use cases for the NSIS signaling protocol is the scenario of interconnecting PSTN gateways with an IP network that supports QoS.

NSIS信令协议的一个用例是将PSTN网关与支持QoS的IP网络互连的场景。

Four different scenarios are considered here.

这里考虑了四种不同的场景。

1. In-band QoS signaling is used. In this case the Media Gateway (MG) will be acting as the NSIS Initiator and the Edge Router (ER) will be the NSIS Forwarder. Hence, the ER should do admission control (into pre-provisioned traffic trunks) for the individual traffic flows. This scenario is not further considered here.

1. 使用带内QoS信令。在这种情况下,媒体网关(MG)将充当NSIS启动器,边缘路由器(ER)将充当NSIS转发器。因此,ER应该对各个业务流进行准入控制(进入预配置的业务中继)。这里不进一步考虑这种情况。

2. Out-of-band signaling in a single domain, the NSIS forwarder is integrated in the Media Gateway Controller (MGC). In this case no NSIS protocol is required.

2. 在单个域中的带外信令中,NSIS转发器集成在媒体网关控制器(MGC)中。在这种情况下,不需要NSIS协议。

3. Out-of-band signaling in a single domain, the NSIS forwarder is a separate box. In this case NSIS signaling is used between the MGC and the NSIS Forwarder.

3. 在单个域中,NSIS转发器是一个单独的盒子。在这种情况下,在MGC和NSIS转发器之间使用NSIS信令。

4. Out-of-band signaling between multiple domains, the NSIS Forwarder (which may be integrated in the MGC) triggers the NSIS Forwarder of the next domain.

4. 多个域之间的带外信令,NSIS转发器(可集成在MGC中)触发下一个域的NSIS转发器。

When the out-of-band QoS signaling is used the Media Gateway Controller (MGC) will be acting as the NSIS Initiator.

当使用带外QoS信令时,媒体网关控制器(MGC)将充当NSIS启动器。

In the second scenario the voice provider manages a set of traffic trunks that are leased from a network provider. The MGC does the admission control in this case. Since the NSIS Forwarder acts both as a NSIS Initiator and a NSIS Forwarder, no NSIS signaling is required. This scenario is shown in Figure 3.

在第二种情况下,语音提供商管理从网络提供商租用的一组流量中继。在这种情况下,MGC进行准入控制。由于NSIS转发器同时充当NSIS启动器和NSIS转发器,因此不需要NSIS信令。此场景如图3所示。

    +-------------+    ISUP/SIGTRAN     +-----+              +-----+
    | SS7 network |---------------------| MGC |--------------| SS7 |
    +-------------+             +-------+-----+---------+    +-----+
          :                    /           :             \
          :                   /            :              \
          :                  /    +--------:----------+    \
          :          MEGACO /    /         :           \    \
          :                /    /       +-----+         \    \
          :               /    /        | NMS |          \    \
          :              /     |        +-----+          |     \
          :              :     |                         |     :
   +--------------+  +----+    |   bandwidth pipe (SLS)  |  +----+
   | PSTN network |--| MG |--|ER|======================|ER|-| MG |--
   +--------------+  +----+     \                       /   +----+
                                 \     QoS network     /
                                  +-------------------+
        
    +-------------+    ISUP/SIGTRAN     +-----+              +-----+
    | SS7 network |---------------------| MGC |--------------| SS7 |
    +-------------+             +-------+-----+---------+    +-----+
          :                    /           :             \
          :                   /            :              \
          :                  /    +--------:----------+    \
          :          MEGACO /    /         :           \    \
          :                /    /       +-----+         \    \
          :               /    /        | NMS |          \    \
          :              /     |        +-----+          |     \
          :              :     |                         |     :
   +--------------+  +----+    |   bandwidth pipe (SLS)  |  +----+
   | PSTN network |--| MG |--|ER|======================|ER|-| MG |--
   +--------------+  +----+     \                       /   +----+
                                 \     QoS network     /
                                  +-------------------+
        

Figure 3: PSTN trunking gateway scenario

图3:PSTN中继网关场景

In the third scenario, the voice provider does not lease traffic trunks in the network. Another entity may lease traffic trunks and may use a NSIS Forwarder to do per-flow admission control. In this case the NSIS signaling is used between the MGC and the NSIS Forwarder, which is a separate box here. Hence, the MGC acts only as a NSIS Initiator. This scenario is depicted in Figure 4.

在第三种情况下,语音提供商不在网络中租用流量中继。另一个实体可以租用流量中继线,并可以使用NSIS转发器进行每流准入控制。在这种情况下,在MGC和NSIS转发器之间使用NSIS信令,这是一个单独的框。因此,MGC仅充当NSIS启动器。此场景如图4所示。

    +-------------+    ISUP/SIGTRAN     +-----+              +-----+
    | SS7 network |---------------------| MGC |--------------| SS7 |
    +-------------+             +-------+-----+---------+    +-----+
          :                    /           :             \
          :                   /         +-----+           \
          :                  /          | NF  |            \
          :                 /           +-----+             \
          :                /               :                 \
          :               /       +--------:----------+       \
          :       MEGACO :       /         :           \       :
          :              :      /       +-----+         \      :
          :              :     /        | NMS |          \     :
          :              :     |        +-----+          |     :
          :              :     |                         |     :
   +--------------+  +----+    |   bandwidth pipe (SLS)  |  +----+
   | PSTN network |--| MG |--|ER|======================|ER|-| MG |--
   +--------------+  +----+     \                       /   +----+
                                 \     QoS network     /
                                  +-------------------+
        
    +-------------+    ISUP/SIGTRAN     +-----+              +-----+
    | SS7 network |---------------------| MGC |--------------| SS7 |
    +-------------+             +-------+-----+---------+    +-----+
          :                    /           :             \
          :                   /         +-----+           \
          :                  /          | NF  |            \
          :                 /           +-----+             \
          :                /               :                 \
          :               /       +--------:----------+       \
          :       MEGACO :       /         :           \       :
          :              :      /       +-----+         \      :
          :              :     /        | NMS |          \     :
          :              :     |        +-----+          |     :
          :              :     |                         |     :
   +--------------+  +----+    |   bandwidth pipe (SLS)  |  +----+
   | PSTN network |--| MG |--|ER|======================|ER|-| MG |--
   +--------------+  +----+     \                       /   +----+
                                 \     QoS network     /
                                  +-------------------+
        

Figure 4: PSTN trunking gateway scenario

图4:PSTN中继网关场景

In the fourth scenario multiple transport domains are involved. In the originating network either the MGC may have an overview on the resources of the overlay network or a separate NSIS Forwarder will have the overview. Hence, depending on this either the MGC or the NSIS Forwarder of the originating domain will contact the NSIS Forwarder of the next domain. The MGC always acts as a NSIS Initiator and may also be acting as a NSIS Forwarder in the first domain.

在第四个场景中,涉及多个传输域。在始发网络中,MGC可以对覆盖网络的资源进行概述,或者由单独的NSIS转发器进行概述。因此,根据这一点,发起域的MGC或NSIS转发器将联系下一个域的NSIS转发器。MGC始终充当NSIS启动器,并且还可以充当第一域中的NSIS转发器。

8.10. An Application Requests End-to-End QoS Path from the Network
8.10. 应用程序从网络请求端到端QoS路径

This is actually the conceptually simplest case. A multimedia application requests a guaranteed service from an IP network. We assume here that the application is somehow able to specify the network service. The characteristics here are that many hosts might do it, but that the requested service is low capacity (bounded by the access line). Note that there is an issue of scaling in the number of applications requesting this service in the core of the network.

这实际上是概念上最简单的情况。多媒体应用程序从IP网络请求有保障的服务。这里我们假设应用程序能够以某种方式指定网络服务。这里的特点是许多主机可能会这样做,但请求的服务容量很低(受访问线限制)。请注意,在网络核心中请求此服务的应用程序数量存在扩展问题。

8.11. QOS for Virtual Private Networks
8.11. 虚拟专用网的QOS

In a Virtual Private Network (VPN), a variety of tunnels might be used between its edges. These tunnels could be for example, IPSec, GRE, and IP-IP. One of the most significant issues in VPNs is related to how a flow is identified and what quality a flow gets. A flow identification might consist among others of the transport protocol port numbers. In an IP-Sec tunnel this will be problematic since the transport protocol information is encrypted.

在虚拟专用网络(VPN)中,可能在其边缘之间使用各种隧道。例如,这些隧道可以是IPSec、GRE和IP-IP。VPN中最重要的问题之一是如何识别流以及流的质量。流标识可能包括传输协议端口号等。在IP-Sec隧道中,这将是有问题的,因为传输协议信息是加密的。

There are two types of L3 VPNs, distinguished by where the endpoints of the tunnels exist. The endpoints of the tunnels may either be on the customer (CPE) or the provider equipment or provider edge (PE).

有两种类型的L3 VPN,根据隧道端点的位置进行区分。隧道的端点可以在客户(CPE)或提供商设备或提供商边缘(PE)上。

Virtual Private networks are also likely to request bandwidth or other type of service in addition to the premium services the PSTN GW are likely to use.

除了PSTN GW可能使用的高级服务外,虚拟专用网络还可能请求带宽或其他类型的服务。

8.11.1. Tunnel End Points at the Customer Premises
8.11.1. 客户场所的隧道端点

When the endpoints are the CPE, the CPE may want to signal across the public IP network for a particular amount of bandwidth and QoS for the tunnel aggregate. Such signaling may be useful when a customer wants to vary their network cost with demand, rather than paying a flat rate. Such signaling exists between the two CPE routers. Intermediate access and edge routers perform the same exact call admission control, authentication and aggregation functions performed by the corresponding routers in the PSTN GW scenario with the exception that the endpoints are the CPE tunnel endpoints rather than PSTN GWs and the 5-tuple used to describe the RTP flow is replaced with the corresponding flow spec to uniquely identify the tunnels. Tunnels may be of any variety (e.g., IP-Sec, GRE, IP-IP).

当端点是CPE时,CPE可能希望通过公共IP网络为隧道聚合发送特定数量的带宽和QoS的信号。当客户希望根据需求改变其网络成本而不是支付固定费率时,这种信令可能很有用。这种信令存在于两个CPE路由器之间。中间接入路由器和边缘路由器执行相同的呼叫准入控制,在PSTN GW场景中,由相应路由器执行的身份验证和聚合功能除外,端点是CPE隧道端点而不是PSTN GWs,用于描述RTP流的5元组替换为相应的流规范,以唯一标识隧道。隧道可以是任何种类(例如IP Sec、GRE、IP-IP)。

In such a scenario, NSIS would actually allow partly for customer managed VPNs, which means a customer can setup VPNs by subsequent NSIS signaling to various end-point. Plus the tunnel end-points are not necessarily bound to an application. The customer administrator might be the one triggering NSIS signaling.

在这种情况下,NSIS实际上会部分允许客户管理的VPN,这意味着客户可以通过后续NSIS向各个端点发送信令来设置VPN。另外,隧道端点不一定绑定到应用程序。触发NSIS信令的可能是客户管理员。

8.11.2. Tunnel End Points at the Provider Premises
8.11.2. 提供商场所的隧道端点

In the case were the tunnel end-points exist on the provider edge, requests for bandwidth may be signaled either per flow, where a flow is defined from a customers address space, or between customer sites.

如果隧道端点存在于提供商边缘上,则带宽请求可以按流(其中流是从客户地址空间定义的)或在客户站点之间发出信号。

In the case of per flow signaling, the PE router must map the bandwidth request to the tunnel carrying traffic to the destination specified in the flow spec. Such a tunnel is a member of an

在按流信令的情况下,PE路由器必须将带宽请求映射到承载流量的隧道到流规范中指定的目的地。这样的隧道是

aggregate to which the flow must be admitted. In this case, the operation of admission control is very similar to the case of the PSTN GW with the additional level of indirection imposed by the VPN tunnel. Therefore, authentication, accounting and policing may be required on the PE router.

必须允许流动的骨料。在这种情况下,接纳控制的操作与PSTN-GW的情况非常相似,具有由VPN隧道施加的附加间接级别。因此,可能需要在PE路由器上进行身份验证、记帐和管理。

In the case of per site signaling, a site would need to be identified. This may be accomplished by specifying the network serviced at that site through an IP prefix. In this case, the admission control function is performed on the aggregate to the PE router connected to the site in question.

在按站点发送信号的情况下,需要识别站点。这可以通过通过IP前缀指定在该站点上服务的网络来实现。在这种情况下,在连接到所述站点的PE路由器的集合上执行接纳控制功能。

9. References
9. 工具书类
9.1. Normative References
9.1. 规范性引用文件

[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

9.2. Informative References
9.2. 资料性引用

[RSVP] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S. and S. Jamin, "Resource Protocol (RSVP) -- Version 1 Functional Specification", RFC 2205, September 1997.

[RSVP]Braden,R.,Ed.,Zhang,L.,Berson,S.,Herzog,S.和S.Jamin,“资源协议(RSVP)——第1版功能规范”,RFC 22052997年9月。

[RFC3234] Carpenter, B. and S. Brim, "Middleboxes: Taxonomy and Issues", RFC 3234, February 2002.

[RFC3234]Carpenter,B.和S.Brim,“中间盒:分类和问题”,RFC 32342002年2月。

10. Authors' Addresses
10. 作者地址

Marcus Brunner (Editor) NEC Europe Ltd. Network Laboratories Kurfuersten-Anlage 36 D-69115 Heidelberg Germany

Marcus Brunner(编辑)NEC欧洲有限公司网络实验室Kurfuersten Anlage 36 D-69115德国海德堡

   EMail: brunner@netlab.nec.de
        
   EMail: brunner@netlab.nec.de
        

Robert Hancock Roke Manor Research Ltd Romsey, Hants, SO51 0ZN United Kingdom

罗伯特·汉考克·罗克庄园研究有限公司罗姆西,汉茨,英国

   EMail: robert.hancock@roke.co.uk
        
   EMail: robert.hancock@roke.co.uk
        

Eleanor Hepworth Roke Manor Research Ltd Romsey, Hants, SO51 0ZN United Kingdom

Eleanor Hepworth Roke Manor研究有限公司罗姆西,汉茨,英国

   EMail: eleanor.hepworth@roke.co.uk
        
   EMail: eleanor.hepworth@roke.co.uk
        

Cornelia Kappler Siemens AG Berlin 13623 Germany

德国柏林Cornelia Kappler西门子公司13623

   EMail: cornelia.kappler@siemens.com
        
   EMail: cornelia.kappler@siemens.com
        

Hannes Tschofenig Siemens AG Otto-Hahn-Ring 6 81739 Munchen Germany

德国慕尼黑汉内斯·茨霍芬尼西门子公司奥托·哈恩环6 81739

   EMail: Hannes.Tschofenig@mchp.siemens.de
        
   EMail: Hannes.Tschofenig@mchp.siemens.de
        
11. Full Copyright Statement
11. 完整版权声明

Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78 and except as set forth therein, the authors retain all their rights.

版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。