Internet Engineering Task Force (IETF) C. Shen Request for Comments: 7200 H. Schulzrinne Category: Standards Track Columbia U. ISSN: 2070-1721 A. Koike NTT April 2014
Internet Engineering Task Force (IETF) C. Shen Request for Comments: 7200 H. Schulzrinne Category: Standards Track Columbia U. ISSN: 2070-1721 A. Koike NTT April 2014
A Session Initiation Protocol (SIP) Load-Control Event Package
会话启动协议(SIP)负载控制事件包
Abstract
摘要
This specification defines a load-control event package for the Session Initiation Protocol (SIP). It allows SIP entities to distribute load-filtering policies to other SIP entities in the network. The load-filtering policies contain rules to throttle calls from a specific user or based on their source or destination domain, telephone number prefix. The mechanism helps to prevent signaling overload and complements feedback-based SIP overload control efforts.
本规范定义了会话启动协议(SIP)的负载控制事件包。它允许SIP实体将负载过滤策略分发给网络中的其他SIP实体。负载筛选策略包含限制来自特定用户或基于其源或目标域、电话号码前缀的呼叫的规则。该机制有助于防止信令过载,并补充了基于反馈的SIP过载控制工作。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7200.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7200.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3 2. Conventions .....................................................3 3. SIP Load-Filtering Overview .....................................4 3.1. Load-Filtering Policy Format ...............................4 3.2. Load-Filtering Policy Computation ..........................4 3.3. Load-Filtering Policy Distribution .........................4 3.4. Applicable Network Domains .................................8 4. Load-Control Event Package ......................................9 4.1. Event Package Name .........................................9 4.2. Event Package Parameters ...................................9 4.3. SUBSCRIBE Bodies ...........................................9 4.4. SUBSCRIBE Duration .........................................9 4.5. NOTIFY Bodies .............................................10 4.6. Notifier Processing of SUBSCRIBE Requests .................10 4.7. Notifier Generation of NOTIFY Requests ....................10 4.8. Subscriber Processing of NOTIFY Requests ..................10 4.9. Handling of Forked Requests ...............................12 4.10. Rate of Notifications ....................................12 4.11. State Delta ..............................................12 5. Load-Control Document ..........................................13 5.1. Format ....................................................13 5.2. Namespace .................................................13 5.3. Conditions ................................................14 5.3.1. Call Identity ......................................14 5.3.2. Method .............................................16 5.3.3. Target SIP Entity ..................................17 5.3.4. Validity ...........................................18 5.4. Actions ...................................................18 6. XML Schema Definition for Load Control .........................20 7. Security Considerations ........................................23 8. IANA Considerations ............................................24 8.1. Load-Control Event Package Registration ...................24 8.2. application/load-control+xml Media Type Registration ......24 8.3. URN Sub-Namespace Registration ............................25 8.4. Load-Control Schema Registration ..........................26 9. Acknowledgements ...............................................27 10. References ....................................................27 10.1. Normative References .....................................27 10.2. Informative References ...................................28 Appendix A. Definitions ...........................................30 Appendix B. Design Requirements ...................................30 Appendix C. Discussion of How This Specification Meets the Requirements of RFC 5390 ..............................31 Appendix D. Complete Examples .....................................36 D.1. Load-Control Document Examples ............................36 D.2. Message Flow Examples .....................................40
1. Introduction ....................................................3 2. Conventions .....................................................3 3. SIP Load-Filtering Overview .....................................4 3.1. Load-Filtering Policy Format ...............................4 3.2. Load-Filtering Policy Computation ..........................4 3.3. Load-Filtering Policy Distribution .........................4 3.4. Applicable Network Domains .................................8 4. Load-Control Event Package ......................................9 4.1. Event Package Name .........................................9 4.2. Event Package Parameters ...................................9 4.3. SUBSCRIBE Bodies ...........................................9 4.4. SUBSCRIBE Duration .........................................9 4.5. NOTIFY Bodies .............................................10 4.6. Notifier Processing of SUBSCRIBE Requests .................10 4.7. Notifier Generation of NOTIFY Requests ....................10 4.8. Subscriber Processing of NOTIFY Requests ..................10 4.9. Handling of Forked Requests ...............................12 4.10. Rate of Notifications ....................................12 4.11. State Delta ..............................................12 5. Load-Control Document ..........................................13 5.1. Format ....................................................13 5.2. Namespace .................................................13 5.3. Conditions ................................................14 5.3.1. Call Identity ......................................14 5.3.2. Method .............................................16 5.3.3. Target SIP Entity ..................................17 5.3.4. Validity ...........................................18 5.4. Actions ...................................................18 6. XML Schema Definition for Load Control .........................20 7. Security Considerations ........................................23 8. IANA Considerations ............................................24 8.1. Load-Control Event Package Registration ...................24 8.2. application/load-control+xml Media Type Registration ......24 8.3. URN Sub-Namespace Registration ............................25 8.4. Load-Control Schema Registration ..........................26 9. Acknowledgements ...............................................27 10. References ....................................................27 10.1. Normative References .....................................27 10.2. Informative References ...................................28 Appendix A. Definitions ...........................................30 Appendix B. Design Requirements ...................................30 Appendix C. Discussion of How This Specification Meets the Requirements of RFC 5390 ..............................31 Appendix D. Complete Examples .....................................36 D.1. Load-Control Document Examples ............................36 D.2. Message Flow Examples .....................................40
Appendix E. Related Work .........................................41 E.1. Relationship to Load Filtering in PSTN ....................41 E.2. Relationship with Other IETF SIP Overload Control Efforts .42
Appendix E. Related Work .........................................41 E.1. Relationship to Load Filtering in PSTN ....................41 E.2. Relationship with Other IETF SIP Overload Control Efforts .42
SIP load-control mechanisms are needed to prevent congestion collapse [RFC6357] in cases of SIP server overload [RFC5390]. There are two types of load-control approaches. In the first approach, feedback control, SIP servers provide load limits to upstream servers, to reduce the incoming rate of all SIP requests [SIP-OVERLOAD]. These upstream servers then drop or delay incoming SIP requests. Feedback control is reactive and affects signaling messages that have already been issued by user agent clients. This approach works well when SIP proxy servers in the core networks (core proxy servers) or destination-specific SIP proxy servers in the edge networks (edge proxy servers) are overloaded. By their nature, they need to distribute rate, drop, or window information to all upstream SIP proxy servers and normally affect all calls equally, regardless of destination.
在SIP服务器过载的情况下,需要SIP负载控制机制来防止拥塞崩溃[RFC6357][RFC5390]。有两种类型的负载控制方法。在第一种方法(反馈控制)中,SIP服务器向上游服务器提供负载限制,以降低所有SIP请求的传入速率[SIP-OVERLOAD]。然后,这些上游服务器丢弃或延迟传入的SIP请求。反馈控制是被动的,影响用户代理客户端已经发出的信令消息。当核心网络(核心代理服务器)中的SIP代理服务器或边缘网络(边缘代理服务器)中特定于目的地的SIP代理服务器过载时,此方法工作良好。就其性质而言,它们需要将速率、丢包或窗口信息分发到所有上游SIP代理服务器,并且通常会平等地影响所有呼叫,而不考虑目的地。
This specification proposes an additional, complementary load-control mechanism, called "load filtering". It is most applicable for situations where a traffic surge and its source/destination distribution can be predicted in advance. In those cases, network operators create load-filtering policies that indicate calls to specific destinations or from specific sources should be rate-limited or randomly dropped. These load-filtering policies are then distributed to SIP servers and possibly SIP user agents that are likely to generate calls to the affected destinations or from the affected sources. Load filtering works best if it prevents calls as close to the originating user agent clients as possible. The applicability of SIP load filtering can also be extended beyond overload control, e.g., to implement service level agreement commitments.
本规范提出了一种额外的补充性负载控制机制,称为“负载过滤”。它最适用于可以提前预测流量激增及其源/目的地分布的情况。在这些情况下,网络运营商创建负载过滤策略,指示对特定目的地或特定来源的呼叫应进行速率限制或随机丢弃。然后将这些负载过滤策略分发到SIP服务器,可能还有SIP用户代理,这些代理可能会生成到受影响目的地或来自受影响源的呼叫。如果负载过滤可以防止调用尽可能靠近原始用户代理客户端,则负载过滤效果最佳。SIP负载过滤的适用性也可以扩展到过载控制之外,例如,实现服务级别协议承诺。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Load-filtering policies are specified by sets of rules. Each rule contains both load-filtering conditions and actions. The load-filtering conditions define identities of the targets to be filtered (Section 5.3.1). For example, there are two typical resource limits in a possible overload situation, i.e., human destination limits (number of call takers) and node capacity limits. The load-filtering targets in these two cases can be the specific callee numbers or the destination domain corresponding to the overload. Load-filtering conditions also indicate the specific message type to be matched (Section 5.3.2), with which target SIP entity the filtering policy is associated (Section 5.3.3), and the period of time when the filtering policy should be activated and deactivated (Section 5.3.4). Load-filtering actions describe the desired control functions such as keeping the request rate below a specified level (Section 5.4).
负载筛选策略由一组规则指定。每个规则都包含加载筛选条件和操作。负载过滤条件定义了要过滤的目标的标识(第5.3.1节)。例如,在可能的过载情况下,有两种典型的资源限制,即人员目的地限制(呼叫接受者数量)和节点容量限制。这两种情况下的负载筛选目标可以是特定的被叫号码或与重载对应的目标域。负载过滤条件还指示要匹配的特定消息类型(第5.3.2节),过滤策略与之关联的目标SIP实体(第5.3.3节),以及应激活和停用过滤策略的时间段(第5.3.4节)。负载过滤动作描述了所需的控制功能,如将请求速率保持在指定水平以下(第5.4节)。
When computing the load-filtering policies, one needs to take into consideration information such as overload time, scope and network topology, as well as service policies. It is also important to make sure that there is no resource allocation loop and that server capacity is allocated in a way that both prevents overload and maximizes effective throughput (commonly called goodput). In some cases, in order to better utilize system resources, it may be preferable to employ an algorithm that dynamically computes the load-filtering policies based on currently observed server load status, rather than using a purely static filtering policy assignment. The computation algorithm for load-filtering policies is beyond the scope of this specification.
在计算负载过滤策略时,需要考虑过载时间、范围和网络拓扑以及服务策略等信息。同样重要的是,确保没有资源分配循环,服务器容量的分配方式既能防止过载,又能最大限度地提高有效吞吐量(通常称为goodput)。在某些情况下,为了更好地利用系统资源,最好采用基于当前观察到的服务器负载状态动态计算负载过滤策略的算法,而不是使用纯静态过滤策略分配。负载筛选策略的计算算法超出了本规范的范围。
For distributing load-filtering policies, this specification defines the SIP event package for load control, which is an "instantiation" of the generic SIP event notification framework [RFC6665]. This specification also defines the XML schema of a load-control document (Section 5), which is used to encode load-filtering policies.
为了分发负载过滤策略,本规范定义了用于负载控制的SIP事件包,它是通用SIP事件通知框架[RFC6665]的“实例化”。本规范还定义了负载控制文档(第5节)的XML模式,用于对负载过滤策略进行编码。
In order for load-filtering policies to be properly distributed, each capable SIP entity in the network subscribes to the SIP load-control event package of each SIP entity to which it sends signaling requests. A SIP entity that accepts subscription requests is called a "notifier" (Section 4.6). Subscription is initiated and maintained during normal server operation. The subscription of neighboring SIP
为了适当地分发负载过滤策略,网络中的每个有能力的SIP实体订阅它向其发送信令请求的每个SIP实体的SIP负载控制事件包。接受订阅请求的SIP实体称为“通知者”(第4.6节)。订阅在正常服务器操作期间启动和维护。相邻SIP的订阅
entities needs to be persistent, as described in Sections 4.1 and 4.2 of [RFC6665]. The refresh procedure is described in Section 4.7 below. Subscribers may terminate the subscription if they have not received notifications for an extended time period, and can resubscribe if they determine that signaling with the notifier becomes active again.
实体需要持久化,如[RFC6665]第4.1节和第4.2节所述。下文第4.7节介绍了刷新程序。如果订阅者在一段较长的时间内未收到通知,则可以终止订阅;如果订阅者确定通知器的信令再次激活,则可以重新订阅。
An example architecture is shown in Figure 1 to illustrate SIP load-filtering policy distribution. This scenario consists of two networks belonging to Service Provider A and Service Provider B, respectively. Each provider's network is made up of two SIP core proxy servers and four SIP edge proxy servers. The core proxy servers and edge proxy servers of Service Provider A are denoted as CPa1 to CPa2 and EPa1 to EPa4; the core proxy servers and edge proxy servers of Service Provider B are denoted as CPb1 to CPb2 and EPb1 to EPb4.
图1显示了一个示例体系结构,以说明SIP负载过滤策略分布。此场景由分别属于服务提供商A和服务提供商B的两个网络组成。每个提供商的网络由两个SIP核心代理服务器和四个SIP边缘代理服务器组成。服务提供商A的核心代理服务器和边缘代理服务器分别表示为CPa1到CPa2和EPa1到EPa4;服务提供商B的核心代理服务器和边缘代理服务器表示为CPb1到CPb2和EPb1到EPb4。
+-----------+ +-----------+ +-----------+ +-----------+ | | | | | | | | | EPa1 | | EPa2 | | EPa3 | | EPa4 | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+ \ / \ / \ / \ / \ / \ / +-----------+ +-----------+ | | | | | CPa1 |------------------| CPa2 | | | | | +-----------+ +-----------+ | | Service | | Provider A | | | | ================================================================= | | Service | | Provider B | | | | +-----------+ +-----------+ | | | | | CPb1 |------------------| CPb2 | | | | | +-----------+ +-----------+ / \ / \ / \ / \ / \ / \ +-----------+ +-----------+ +-----------+ +-----------+ | | | | | | | | | EPb1 | | EPb2 | | EPb3 | | EPb4 | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+
+-----------+ +-----------+ +-----------+ +-----------+ | | | | | | | | | EPa1 | | EPa2 | | EPa3 | | EPa4 | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+ \ / \ / \ / \ / \ / \ / +-----------+ +-----------+ | | | | | CPa1 |------------------| CPa2 | | | | | +-----------+ +-----------+ | | Service | | Provider A | | | | ================================================================= | | Service | | Provider B | | | | +-----------+ +-----------+ | | | | | CPb1 |------------------| CPb2 | | | | | +-----------+ +-----------+ / \ / \ / \ / \ / \ / \ +-----------+ +-----------+ +-----------+ +-----------+ | | | | | | | | | EPb1 | | EPb2 | | EPb3 | | EPb4 | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+
Figure 1: Example Network Scenario Using SIP Load-Control Event Package Mechanism
图1:使用SIP负载控制事件包机制的示例网络场景
During the initialization stage, the proxy servers first identify all their outgoing signaling neighbors and subscribe to them. Service providers can provision neighbors, or the proxy servers can incrementally learn who their neighbors are by inspecting signaling messages that they send and receive. Assuming all signaling relationships in Figure 1 are bidirectional, after this initialization stage, each proxy server will be subscribed to all its neighbors.
在初始化阶段,代理服务器首先识别其所有传出信令邻居并订阅它们。服务提供商可以提供邻居,或者代理服务器可以通过检查其发送和接收的信令消息,以增量方式了解其邻居是谁。假设图1中的所有信令关系都是双向的,在这个初始化阶段之后,每个代理服务器都将订阅其所有邻居。
Case I: EPa1 serves a TV program hotline and decides to limit the total number of incoming calls to the hotline to prevent an overload. To do so, EPa1 sends a notification to CPa1 with the specific hotline number, time of activation, and total acceptable call rate. Depending on the load-filtering policy computation algorithm, CPa1 may allocate the received total acceptable call rate among its neighbors, namely, EPa2, CPa2, and CPb1, and notify them about the resulting allocation along with the hotline number and the activation time. CPa2 and CPb1 may perform further allocation among their own neighbors and notify the corresponding proxy servers. This process continues until all edge proxy servers in the network have been informed about the event and have proper load-filtering policies configured.
案例一:EPa1为电视节目热线提供服务,并决定限制热线的来电总数,以防止过载。为此,EPa1向CPa1发送通知,告知具体的热线号码、激活时间和可接受的总呼叫率。根据负载过滤策略计算算法,CPa1可以在其邻居(即EPa2、CPa2和CPb1)之间分配接收到的总可接受呼叫速率,并将结果分配以及热线号码和激活时间通知他们。CPa2和CPb1可以在它们自己的邻居之间执行进一步的分配,并通知相应的代理服务器。此过程将继续,直到网络中的所有边缘代理服务器都已被告知事件并配置了正确的负载筛选策略。
In the above case, the network entity where load-filtering policy is first introduced is the SIP server providing access to the resource that creates the overload situation. In other cases, the network entry point of introducing load-filtering policy could also be an entity that hosts this resource. For example, an operator may host an application server that performs toll-free-number ("800 number") translation services. The application server itself may be a SIP proxy server or a SIP Back-to-Back User Agent (B2BUA). If one of the toll-free numbers hosted at the application server creates the overload condition, the load-filtering policies can be introduced from the application server and then propagated to other SIP proxy servers in the network.
在上述情况下,首先引入负载过滤策略的网络实体是提供对造成过载情况的资源的访问的SIP服务器。在其他情况下,引入负载筛选策略的网络入口点也可以是承载此资源的实体。例如,运营商可以托管执行免费号码(“800号码”)翻译服务的应用服务器。应用服务器本身可以是SIP代理服务器或SIP背靠背用户代理(B2BUA)。如果托管在应用服务器上的某个免费电话号码造成过载情况,则可以从应用服务器引入负载过滤策略,然后传播到网络中的其他SIP代理服务器。
Case II: A hurricane affects the region covered by CPb2, EPb3, and EPb4. All three of these SIP proxy servers are overloaded. The rescue team determines that outbound calls are more valuable than inbound calls in this specific situation. Therefore, EPb3 and EPb4 are configured with load-filtering policies to accept more outbound calls than inbound calls. CPb2 may be configured the same way or receive dynamically computed load-filtering policies from EPb3 and EPb4. Depending on the load-filtering policy computation algorithm, CPb2 may also send out notifications to its outside neighbors, namely CPb1 and CPa2, specifying a limit on the acceptable rate of inbound calls to CPb2's responsible domain. CPb1 and CPa2 may subsequently notify their neighbors about limiting the calls to CPb2's area. The same process could continue until all edge proxy servers are notified and have load-filtering policies configured.
案例二:飓风影响CPb2、EPb3和EPb4覆盖的区域。这三个SIP代理服务器都过载。救援小组确定,在这种特定情况下,呼出电话比呼入电话更有价值。因此,EPb3和EPb4配置了负载过滤策略,以接受比入站呼叫更多的出站呼叫。CPb2可以以相同的方式配置,或者从EPb3和EPb4接收动态计算的负载过滤策略。根据负载过滤策略计算算法,CPb2还可以向其外部邻居(即CPb1和CPa2)发送通知,指定对CPb2负责域的入站呼叫的可接受速率的限制。CPb1和CPa2可能随后通知其邻居将呼叫限制在CPb2的区域。在通知所有边缘代理服务器并配置了负载筛选策略之前,可以继续执行相同的过程。
Note that this specification does not define the provisioning interface between the party who determines the load-filtering policy and the network entry point where the policy is introduced. One of the options for the provisioning interface is the Extensible Markup Language (XML) Configuration Access Protocol (XCAP) [RFC4825].
请注意,本规范未定义确定负载筛选策略的一方与引入该策略的网络入口点之间的配置接口。供应接口的选项之一是可扩展标记语言(XML)配置访问协议(XCAP)[RFC4825]。
This specification MUST be applied inside a "Trust Domain". The concept of a Trust Domain is similar to that defined in [RFC3324] and [RFC3325]. A Trust Domain, for the purpose of SIP load filtering, is a set of SIP entities such as SIP proxy servers that are trusted to exchange load-filtering policies defined in this specification. In the simplest case, a Trust Domain is a network of SIP entities belonging to a single service provider who deploys it and accurately knows the behavior of those SIP entities. Such simple Trust Domains may be joined to form larger Trust Domains by bilateral agreements between the service providers of the SIP entities.
此规范必须在“信任域”内应用。信任域的概念类似于[RFC3324]和[RFC3325]中定义的概念。出于SIP负载过滤的目的,信任域是一组SIP实体,例如SIP代理服务器,它们被信任以交换本规范中定义的负载过滤策略。在最简单的情况下,信任域是属于单个服务提供商的SIP实体网络,该服务提供商部署了信任域并准确地知道这些SIP实体的行为。通过SIP实体的服务提供商之间的双边协议,可以加入这样的简单信任域以形成更大的信任域。
The key requirement of a Trust Domain for the purpose of SIP load filtering is that the behavior of all SIP entities within a given Trust Domain is known to comply to the following set of specifications.
为了进行SIP负载过滤,信任域的关键要求是已知给定信任域中所有SIP实体的行为符合以下一组规范。
o SIP entities in the Trust Domain agree on the mechanisms used to secure the communication among SIP entities within the Trust Domain.
o 信任域中的SIP实体同意用于保护信任域中SIP实体之间通信的机制。
o SIP entities in the Trust Domain agree on the manner used to determine which SIP entities are part of the Trust Domain.
o 信任域中的SIP实体同意用于确定哪些SIP实体是信任域的一部分的方式。
o SIP entities in the Trust Domain are compliant to SIP [RFC3261].
o 信任域中的SIP实体符合SIP[RFC3261]。
o SIP entities in the Trust Domain are compliant to SIP-Specific Event Notification[RFC6665].
o 信任域中的SIP实体符合SIP特定事件通知[RFC6665]。
o SIP entities in the Trust Domain are compliant to this specification.
o 信任域中的SIP实体符合此规范。
o SIP entities in the Trust Domain agree on what types of calls can be affected by this SIP load-filtering mechanism. For example, <call-identity> condition elements (Section 5.3.1) <one> and <many> might be limited to describe within certain prefixes.
o 信任域中的SIP实体同意该SIP负载过滤机制会影响哪些类型的呼叫。例如,<call identity>条件元素(第5.3.1节)<one>和<many>可能仅限于在某些前缀内描述。
o SIP entities in the Trust Domain agree on the destinations to which calls may be redirected when the "redirect" action (Section 5.4) is used. For example, the URI might have to match a given set of domains.
o 信任域中的SIP实体同意在使用“重定向”操作(第5.4节)时呼叫可以重定向到的目的地。例如,URI可能必须匹配给定的一组域。
SIP load filtering is only effective if all neighbors that are possible signaling sources participate and enforce the designated load-filtering policies. Otherwise, a single non-conforming neighbor could make all filtering efforts useless by pumping in excessive traffic to overload the server. Therefore, the SIP server that
SIP负载过滤只有在所有可能的信令源邻居都参与并实施指定的负载过滤策略时才有效。否则,一个不一致的邻居可能会通过注入过多的流量使服务器过载,从而使所有过滤工作无效。因此,SIP服务器
distributes load-filtering policies needs to take countermeasures towards any non-conforming neighbors. A simple method is to reject excessive requests with 503 "Service Unavailable" response messages as if they were obeying the rate. Considering the rejection costs, a more complicated but fairer method would be to allocate at the overloaded server the same amount of processing to the combination of both normal processing and rejection as the overloaded server would devote to processing requests for a conforming upstream SIP server. These approaches work as long as the total rejection cost does not overwhelm the entire server resources. In addition, SIP servers need to handle message prioritization properly while performing load filtering, which is described in Section 4.8.
分布式负载过滤策略需要对任何不一致的邻居采取对策。一个简单的方法是拒绝包含503条“Service Unavailable”(服务不可用)响应消息的过多请求,就像它们遵守速率一样。考虑到拒绝成本,一种更复杂但更公平的方法是在过载的服务器上分配与过载的服务器用于处理一致的上游SIP服务器的请求相同的处理量,以同时进行正常处理和拒绝。只要总拒绝成本不超过整个服务器资源,这些方法就可以工作。此外,SIP服务器在执行负载过滤时需要正确处理消息优先级,如第4.8节所述。
The SIP load-filtering mechanism defines a load-control event package for SIP based on [RFC6665].
SIP负载过滤机制基于[RFC6665]为SIP定义负载控制事件包。
The name of this event package is "load-control". This name is carried in the Event and Allow-Events header, as specified in [RFC6665].
此事件包的名称为“负载控制”。按照[RFC6665]中的规定,此名称包含在事件和允许事件标题中。
No package-specific event header field parameters are defined for this event package.
没有为此事件包定义包特定的事件标头字段参数。
This specification does not define the content of SUBSCRIBE bodies. Future specifications could define bodies for SUBSCRIBE messages, for example, to request specific types of load-control event notifications.
本规范未定义订阅主体的内容。未来的规范可以定义订阅消息的主体,例如,请求特定类型的负载控制事件通知。
A SUBSCRIBE request sent without a body implies the default subscription behavior as specified in Section 4.7.
不带正文发送的订阅请求意味着第4.7节中指定的默认订阅行为。
The default expiration time for a subscription to load-filtering policy is one hour. Since the desired expiration time may vary significantly for subscriptions among SIP entities with different signaling relationships, the subscribers and notifiers are RECOMMENDED to explicitly negotiate appropriate subscription duration when knowledge about the mutual signaling relationship is available.
订阅加载筛选策略的默认过期时间为一小时。由于具有不同信令关系的SIP实体之间的订阅的期望到期时间可能显著不同,因此建议订阅者和通知者在关于相互信令关系的知识可用时显式地协商适当的订阅持续时间。
The body of a NOTIFY request in this event package contains load-filtering policies. The format of the NOTIFY request body MUST be in one of the formats defined in the Accept header field of the SUBSCRIBE request or be the default format, as specified in [RFC6665]. The default data format for the NOTIFY request body of this event package is "application/load-control+xml" (defined in Section 5). This means that when a NOTIFY request body exists but no Accept header field is specified in a SUBSCRIBE request, the NOTIFY request body MUST contain content conforming to the "application/ load-control+xml" format.
此事件包中的NOTIFY请求主体包含负载筛选策略。NOTIFY请求正文的格式必须是订阅请求的Accept header字段中定义的格式之一,或者是[RFC6665]中指定的默认格式。此事件包的NOTIFY请求主体的默认数据格式为“应用程序/负载控制+xml”(在第5节中定义)。这意味着,当存在NOTIFY请求正文,但订阅请求中未指定Accept header字段时,NOTIFY请求正文必须包含符合“应用程序/负载控制+xml”格式的内容。
The notifier accepts a new subscription or updates an existing subscription upon receiving a valid SUBSCRIBE request.
通知程序在收到有效的订阅请求后接受新订阅或更新现有订阅。
If the identity of the subscriber sending the SUBSCRIBE request is not allowed to receive load-filtering policies, the notifier MUST return a 403 "Forbidden" response.
如果发送订阅请求的订户的身份不允许接收负载筛选策略,则通知程序必须返回403“禁止”响应。
If none of the media types specified in the Accept header of the SUBSCRIBE request are supported, the notifier SHOULD return a 406 "Not Acceptable" response.
如果订阅请求的Accept标头中指定的媒体类型均不受支持,则通知程序应返回406“不可接受”响应。
A notifier MUST send a NOTIFY request with its current load-filtering policy to the subscriber upon successfully accepting or refreshing a subscription. If no load-filtering policy needs to be distributed when the subscription is received, the notifier SHOULD sent a NOTIFY request without a body to the subscriber. The content-type header field of this NOTIFY request MUST indicate the correct body format as if the body were present (e.g., "application/load-control+xml"). Notifiers are likely to send NOTIFY requests without a body when a subscription is initiated for the first time, e.g., when a SIP entity is just introduced, because there may be no planned events that require load filtering at that time. A notifier SHOULD generate NOTIFY requests each time the load-filtering policy changes, with the maximum notification rate not exceeding values defined in Section 4.10.
在成功接受或刷新订阅后,通知程序必须向订阅服务器发送带有当前负载筛选策略的通知请求。如果在收到订阅时需要分发无负载筛选策略,则通知程序应向订阅服务器发送一个无正文的通知请求。此NOTIFY请求的content type标头字段必须指示正确的正文格式,就像正文存在一样(例如,“应用程序/负载控制+xml”)。当首次启动订阅时(例如,当刚刚引入SIP实体时),通知程序可能会在没有正文的情况下发送NOTIFY请求,因为此时可能没有需要负载筛选的计划事件。通知程序应在每次负载筛选策略更改时生成通知请求,最大通知率不超过第4.10节中定义的值。
The subscriber is the load-filtering server that enforces load-filtering policies received from the notifier. The way subscribers process NOTIFY requests depends on the load-filtering policies
订阅服务器是执行从通知程序接收的负载筛选策略的负载筛选服务器。订阅者处理通知请求的方式取决于负载筛选策略
conveyed in the notifications. Typically, load-filtering policies consist of rules specifying actions to be applied to requests matching certain conditions. A subscriber receiving a notification first installs these rules and then enforces corresponding actions on requests matching those conditions, for example, limiting the sending rate of call requests destined for a specific callee.
在通知中传达。通常,负载筛选策略由指定要应用于符合特定条件的请求的操作的规则组成。接收通知的订户首先安装这些规则,然后对符合这些条件的请求强制执行相应的操作,例如,限制发送给特定被叫方的呼叫请求的发送速率。
In the case when load-filtering policies specify a future validity, it is possible that when the validity time arrives, the subscription to the specific notifier that conveyed the rules has expired. In this case, it is RECOMMENDED that the subscriber re-activate its subscription with the corresponding notifier. Regardless of whether or not this re-activation of subscription is successful, when the validity time is reached, the subscriber SHOULD enforce the corresponding rules.
在负载筛选策略指定未来有效性的情况下,当有效性时间到达时,传递规则的特定通知程序的订阅可能已过期。在这种情况下,建议订阅服务器使用相应的通知程序重新激活其订阅。无论订阅的重新激活是否成功,当达到有效期时,订阅方应强制执行相应的规则。
Upon receipt of a NOTIFY request with a Subscription-State header field containing the value "terminated", the subscription status with the particular notifier will be terminated. Meanwhile, subscribers MUST also terminate previously received load-filtering policies from that notifier.
收到包含“已终止”值的订阅状态标头字段的NOTIFY请求后,特定通知程序的订阅状态将终止。同时,订阅者还必须终止以前从该通知程序收到的负载筛选策略。
The subscriber MUST discard unknown bodies. If the NOTIFY request contains several bodies, none of them being supported, it SHOULD unsubscribe unless it has knowledge that it will possibly receive NOTIFY requests with supported bodies from that notifier. A NOTIFY request without a body indicates that no load-filtering policies need to be updated.
订阅服务器必须丢弃未知实体。如果NOTIFY请求包含多个实体,但其中没有一个被支持,则它应该取消订阅,除非它知道它可能会从该通知程序接收具有受支持实体的NOTIFY请求。没有正文的NOTIFY请求表示无负载筛选策略需要更新。
When the subscriber enforces load-filtering policies, it needs to prioritize requests and select those requests that need to be rejected or redirected. This selection is largely a matter of local policy. It is expected that the subscriber will follow local policy as long as the result in reduction of traffic is consistent with the overload algorithm in effect at that node. Accordingly, the normative behavior described in the next three paragraphs should be interpreted with the understanding that the subscriber will aim to preserve local policy to the fullest extent possible.
当订户强制执行负载筛选策略时,它需要对请求进行优先级排序,并选择需要拒绝或重定向的请求。这种选择在很大程度上取决于当地政策。只要通信量减少的结果与该节点上有效的过载算法一致,则预期订户将遵循本地策略。因此,在解释下三段中描述的规范性行为时,应理解认购人的目标是尽可能充分地维护当地政策。
o The subscriber SHOULD honor the local policy for prioritizing SIP requests such as policies based on message type, e.g., INVITEs versus requests associated with existing sessions.
o 订阅者应遵守对SIP请求进行优先级排序的本地策略,例如基于消息类型的策略,例如邀请与现有会话相关的请求。
o The subscriber SHOULD honor the local policy for prioritizing SIP requests based on the content of the Resource-Priority header (RPH, [RFC4412]). Specific (namespace.value) RPH contents may indicate high-priority requests that should be preserved as much
o 订阅者应遵守根据资源优先级头(RPH,[RFC4412])的内容对SIP请求进行优先级排序的本地策略。特定(namespace.value)RPH内容可能表示应尽可能保留的高优先级请求
as possible during overload. The RPH contents can also indicate a low-priority request that is eligible to be dropped during times of overload.
在过载期间,尽可能多地使用。RPH内容还可以指示低优先级请求,该请求在过载期间有资格被丢弃。
o The subscriber SHOULD honor the local policy for prioritizing SIP requests relating to emergency calls as identified by the sos URN [RFC5031] indicating an emergency request.
o 订阅者应遵守本地政策,按照指示紧急请求的sos URN[RFC5031]确定的与紧急呼叫相关的SIP请求的优先级。
A local policy can be expected to combine both the SIP request type and the prioritization markings and SHOULD be honored when overload conditions prevail.
可以预期本地策略将结合SIP请求类型和优先级标记,并且在过载条件盛行时应遵守该策略。
Forking is not applicable when this load-control event package mechanism is used within a single-hop distance between neighboring SIP entities. If communication scope of the load-control event package mechanism is among multiple hops, forking is also not expected to happen because the subscription request is addressed to a clearly defined SIP entity. However, in the unlikely case when forking does happen, the load-control event package only allows the first potential dialog-establishing message to create a dialog, as specified in Section 5.4.9 of [RFC6665].
当在相邻SIP实体之间的单跳距离内使用此负载控制事件包机制时,分叉不适用。如果负载控制事件包机制的通信范围在多个跃点之间,则也不会发生分叉,因为订阅请求是针对明确定义的SIP实体的。但是,在不太可能发生分叉的情况下,负载控制事件包仅允许第一个潜在的对话框建立消息来创建对话框,如[RFC6665]第5.4.9节所述。
The rate of notifications is unlikely to be of concern for this local control event package mechanism when it is used in a non-real-time mode for relatively static load-filtering policies. Nevertheless, if a situation does arise in which a rather frequently used load filtering policy update is needed, it is RECOMMENDED that the notifier not generate notifications at a rate higher than once per second in all cases, in order to avoid the NOTIFY request itself overloading the system.
当此本地控制事件包机制在非实时模式下用于相对静态的负载筛选策略时,通知速率不太可能与此本地控制事件包机制有关。但是,如果确实出现需要更新频繁使用的负载筛选策略的情况,建议通知程序在所有情况下都不要以高于每秒一次的速率生成通知,以避免通知请求本身使系统过载。
It is likely that updates to specific load-filtering policies are made by changing only part of the policy parameters (e.g., acceptable request rate or percentage, but not matching identities). This will typically be because the utilization of a resource subject to overload depends upon dynamic unknowns such as holding time and the relative distribution of offered loads over subscribing SIP entities. The updates could originate manually or be determined automatically by an algorithm that dynamically computes the load-filtering policies (Section 3.2). Another factor that is usually not known precisely or
对特定负载筛选策略的更新可能仅通过更改部分策略参数(例如,可接受的请求速率或百分比,但不匹配标识)来实现。这通常是因为过载资源的利用率取决于动态未知因素,如等待时间和订阅SIP实体上提供的负载的相对分布。更新可以手动发起,也可以由动态计算负载过滤策略的算法自动确定(第3.2节)。另一个通常无法准确或准确了解的因素
needs to be computed automatically is the duration of the event requiring load filtering. Therefore, it would also be common for the validity to change frequently.
需要自动计算的是需要负载筛选的事件的持续时间。因此,有效性经常变化也是很常见的。
This event package allows the use of state delta as in [RFC6665] to accommodate frequent updates of partial policy parameters. For each NOTIFY transaction in a subscription, a version number that increases by exactly one MUST be included in the NOTIFY request body when the body is present. When the subscriber receives a state delta, it associates the partial updates to the particular policy by matching the appropriate rule id (Appendix D). If the subscriber receives a NOTIFY request with a version number that is increased by more than one, it knows that it has missed a state delta and needs to ask for a full state snapshot. Therefore, the subscriber ignores that NOTIFY request containing the state delta, and resends a SUBSCRIBE request to force a NOTIFY request containing a complete state snapshot.
此事件包允许使用[RFC6665]中的状态增量来适应部分策略参数的频繁更新。对于订阅中的每个NOTIFY事务,当正文存在时,必须在NOTIFY请求正文中包含一个增加1的版本号。当订户收到状态增量时,它通过匹配适当的规则id将部分更新与特定策略相关联(附录D)。如果订阅服务器收到一个版本号增加了一个以上的NOTIFY请求,则它知道它错过了状态增量,需要请求完整状态快照。因此,订户忽略包含状态增量的NOTIFY请求,并重新发送订阅请求以强制包含完整状态快照的NOTIFY请求。
A load-control document is an XML document that describes the load-filtering policies. It inherits and enhances the common policy document defined in [RFC4745]. A common policy document contains a set of rules. Each rule consists of three parts: conditions, actions, and transformations. The conditions part is a set of expressions containing attributes such as identity, domain, and validity time information. Each expression evaluates to TRUE or FALSE. Conditions are matched on "equality" or "greater than" style comparison. There is no regular expression matching. Conditions are evaluated on receipt of an initial SIP request for a dialog or standalone transaction. If a request matches all conditions in a rule set, the action part and the transformation part are consulted to determine the "permission" on how to handle the request. Each action or transformation specifies a positive grant to the policy server to perform the resulting actions. Well-defined mechanism are available for combining actions and transformations obtained from more than one sources.
负载控制文档是描述负载筛选策略的XML文档。它继承并增强了[RFC4745]中定义的通用策略文档。公共策略文档包含一组规则。每个规则由三部分组成:条件、操作和转换。条件部分是一组表达式,包含标识、域和有效期时间信息等属性。每个表达式的计算结果为TRUE或FALSE。在“相等”或“大于”样式比较中匹配条件。没有正则表达式匹配。在收到对话或独立事务的初始SIP请求时,将评估条件。如果请求与规则集中的所有条件都匹配,则会咨询操作部分和转换部分,以确定如何处理请求的“权限”。每个操作或转换都为策略服务器指定一个正授权,以执行生成的操作。定义良好的机制可用于组合从多个源获得的操作和转换。
The namespace URI for elements defined by this specification is a Uniform Resource Namespace (URN) ([RFC2141]), using the namespace identifier "ietf" defined by [RFC2648] and extended by [RFC3688]. The URN is as follows:
本规范定义的元素的名称空间URI是统一资源名称空间(URN)([RFC2141]),使用[RFC2648]定义并由[RFC3688]扩展的名称空间标识符“ietf”。骨灰盒如下:
urn:ietf:params:xml:ns:load-control
urn:ietf:params:xml:ns:load-control
[RFC4745] defines three condition elements: <identity>, <sphere>, and <validity>. This specification defines new condition elements and reuses the <validity> element. The <sphere> element is not used.
[RFC4745]定义了三个条件元素:<identity>、<sphere>和<validity>。本规范定义了新的条件元素并重用<validity>元素。未使用<sphere>元素。
Since the problem space of this specification is different from that of [RFC4745], the [RFC4745] <identity> element is not sufficient for use with load filtering. First, load filtering may be applied to different identities contained in a request, including identities of both the receiving entity and the sending entity. Second, the importance of authentication varies when different identities of a request are concerned. This specification defines new identity conditions that can accommodate the granularity of specific SIP identity header fields. The requirement for authentication depends on which field is to be matched.
由于本规范的问题空间不同于[RFC4745],因此[RFC4745]<identity>元素不足以用于负载过滤。首先,负载过滤可以应用于请求中包含的不同标识,包括接收实体和发送实体的标识。第二,当涉及请求的不同身份时,身份验证的重要性会有所不同。本规范定义了新的标识条件,可适应特定SIP标识头字段的粒度。身份验证的要求取决于要匹配的字段。
The identity condition for load filtering is specified by the <call-identity> element and its sub-element <sip>. The <sip> element itself contains sub-elements representing SIP sending and receiving identity header fields: <from>, <to>, <request-uri>, and <p-asserted-identity>. All those sub-elements are of an extended form of the [RFC4745] <identity> element. In addition to the sub-elements including <one>, <except>, and <many> in the <identity> element from [RFC4745], the extended form adds two new sub-elements, namely, <many-tel> and <except-tel>, which will be explained later in this section.
负载筛选的标识条件由<call identity>元素及其子元素<sip>指定。<sip>元素本身包含表示sip发送和接收标识头字段的子元素:<from>、<to>、<request uri>和<p-asserted-identity>。所有这些子元素都是[RFC4745]<identity>元素的扩展形式。除了[RFC4745]中<identity>元素中的<one>、<Exception>和<many>等子元素外,扩展形式还添加了两个子元素,即<many tel>和<Exception tel>,这将在本节后面进行解释。
The [RFC4745] <one> and <except> elements may contain an "id" attribute, which is the URI of a single entity to be included or excluded in the condition. When used in the <from>, <to>, <request-uri>, and <p-asserted-identity> elements, this "id" value is the URI contained in the corresponding SIP header field, i.e., From, To, Request-URI, and P-Asserted-Identity.
[RFC4745]<one>和<except>元素可能包含一个“id”属性,该属性是要在条件中包括或排除的单个实体的URI。当在<from>、<to>、<request uri>和<p-asserted-identity>元素中使用时,该“id”值是相应SIP头字段中包含的uri,即from、to、request uri和p-asserted-identity。
When the <call-identity> element contains multiple <sip> sub- elements, the result is combined using logical OR. When the <from>, <to>, <request-uri>, and <p-asserted-identity> elements contain multiple <one>, <many>, or <many-tel> sub-elements, the result is also combined using logical OR. When the <many> sub-element further contains one or more <except> sub-elements, or when the <many-tel> sub-element further contains one or more <except-tel> sub-elements, the result of each <except> or <except-tel> sub-element is combined using a logical OR, similar to that of the [RFC4745] <identity> element. However, when the <sip> element contains multiple <from>, <to>, <request-uri>, and <p-asserted-identity> sub-elements, the
When the <call-identity> element contains multiple <sip> sub- elements, the result is combined using logical OR. When the <from>, <to>, <request-uri>, and <p-asserted-identity> elements contain multiple <one>, <many>, or <many-tel> sub-elements, the result is also combined using logical OR. When the <many> sub-element further contains one or more <except> sub-elements, or when the <many-tel> sub-element further contains one or more <except-tel> sub-elements, the result of each <except> or <except-tel> sub-element is combined using a logical OR, similar to that of the [RFC4745] <identity> element. However, when the <sip> element contains multiple <from>, <to>, <request-uri>, and <p-asserted-identity> sub-elements, the
result is combined using logical AND. This allows the call identity to be specified by multiple fields of a SIP request simultaneously, e.g., both the From and the To header fields.
使用逻辑AND组合结果。这允许SIP请求的多个字段同时指定呼叫标识,例如,From和to报头字段。
The following shows an example of the <call-identity> element, which matches call requests whose To header field contains the SIP URI "sip:alice@hotline.example.com" or the 'tel' URI "tel:+1-212-555-1234".
下面显示了<call identity>元素的示例,该元素匹配的调用请求的To头字段包含SIP URI“SIP:alice@hotline.example.com或“电话”URI“电话:+1-212-555-1234”。
<call-identity> <sip> <to> <one id="sip:alice@hotline.example.com"/> <one id="tel:+1-212-555-1234"/> </to> </sip> </call-identity>
<call-identity> <sip> <to> <one id="sip:alice@hotline.example.com"/> <one id="tel:+1-212-555-1234"/> </to> </sip> </call-identity>
Before evaluating <call-identity> conditions, the subscriber shall convert URIs received in SIP header fields in canonical form as per [RFC3261], except that the "phone-context" parameter shall not be removed, if present.
在评估<call identity>条件之前,用户应按照[RFC3261]将SIP报头字段中接收到的URI转换为规范格式,但“电话上下文”参数(如果存在)除外。
The [RFC4745] <many> and <except> elements may take a "domain" attribute. The "domain" attribute specifies a domain name to be matched by the domain part of the candidate identity. Thus, it allows matching a large and possibly unknown number of entities within a domain. The "domain" attribute works well for SIP URIs.
[RFC4745]<many>和<except>元素可能具有“domain”属性。“域”属性指定要与候选身份的域部分匹配的域名。因此,它允许在一个域中匹配大量可能未知数量的实体。“domain”属性对于SIPURI很有效。
A URI identifying a SIP user, however, can also be a 'tel' URI. Therefore, a similar way to match a group of 'tel' URIs is needed. There are two forms of 'tel' URIs: for global numbers and local numbers. According to [RFC3966], "All phone numbers MUST use the global form unless they cannot be represented as such...Local numbers MUST be tagged with a 'phone-context'". The global number 'tel' URIs start with a "+". The "phone-context" parameter of local numbers may be labeled as a global number or any number of its leading digits or a domain name. Both forms of the 'tel' URI make the resulting URI globally unique.
但是,标识SIP用户的URI也可以是“tel”URI。因此,需要一种类似的方法来匹配一组“tel”uri。“电话”URI有两种形式:全球号码和本地号码。根据[RFC3966],“所有电话号码必须使用全局形式,除非它们不能表示为全局形式……本地号码必须用‘电话上下文’标记。”。全局编号“tel”URI以“+”开头。本地号码的“phone context”参数可以标记为全局号码或其前导数字的任何数字或域名。“tel”URI的两种形式都使生成的URI全局唯一。
'tel' URIs of global numbers can be grouped by prefixes consisting of any number of common leading digits. For example, a prefix formed by a country code or both the country and area code identifies telephone numbers within a country or an area. Since the length of the country and area code for different regions are different, the length of the number prefix also varies. This allows further flexibility such as
全局编号的“tel”URI可以通过由任意数量的公共前导数字组成的前缀进行分组。例如,由国家代码或国家和地区代码组成的前缀标识国家或地区内的电话号码。由于不同地区的国家代码和区号长度不同,因此号码前缀的长度也不同。这允许进一步的灵活性,例如
grouping the numbers into sub-areas within the same area code. 'tel' URIs of local numbers can be grouped by the value of the "phone-context" parameter.
将号码分组到同一区号内的子区域中。”本地号码的电话URI可以根据“phone context”参数的值进行分组。
The <many> and <except> sub-elements in the <identity> element of [RFC4745] do not allow additional attributes to be added directly. Redefining behavior of their existing "domain" attribute creates backward-compatibility issues. Therefore, this specification defines the <many-tel> and <except-tel> sub-elements that extend the [RFC4745] <identity> element. Both of them have a "prefix" attribute for grouping 'tel' URIs, similar to the "domain" attribute for grouping SIP URIs in existing <many> and <except> sub-elements. For global numbers, the "prefix" attribute value holds any number of common leading digits, for example, "+1-212" for US phone numbers within area code "212" or "+1-212-854" for the organization with US area code "212" and local prefix "854". For local numbers, the "prefix" attribute value contains the "phone-context" parameter value. It should be noted that visual separators (such as the "-" sign) in 'tel' URIs are not used for URI comparison as per [RFC3966].
[RFC4745]的<identity>元素中的<many>和<except>子元素不允许直接添加其他属性。重新定义其现有“域”属性的行为会产生向后兼容性问题。因此,本规范定义了扩展[RFC4745]<identity>元素的<many tel>和<except tel>子元素。它们都有一个“prefix”属性用于对“tel”uri进行分组,类似于在现有的<many>和<except>子元素中对SIP uri进行分组的“domain”属性。对于全局号码,“prefix”属性值保存任意数量的公共前导数字,例如,对于区号为“212”的美国电话号码,“+1-212”或对于区号为“212”且本地前缀为“854”的组织,“+1-212-854”。对于本地号码,“前缀”属性值包含“电话上下文”参数值。应该注意的是,根据[RFC3966],在“tel”URI中的可视分隔符(如“-”号)不用于URI比较。
The following example shows the use of the "prefix" attribute along with the "domain" attribute. It matches those requests calling to the number "+1-202-999-1234" but are not calling from a "+1-212" prefix or a SIP From URI domain of "manhattan.example.com".
下面的示例显示了“prefix”属性和“domain”属性的用法。它匹配那些调用号码“+1-202-999-1234”但不是从“+1-212”前缀或“manhattan.example.com”URI域调用的请求。
<call-identity> <sip> <from> <many> <except domain="manhattan.example.com"/> </many> <many-tel> <except-tel prefix="+1-212"/> </many-tel> </from> <to> <one id="tel:+1-202-999-1234"/> </to> </sip> </call-identity>
<call-identity> <sip> <from> <many> <except domain="manhattan.example.com"/> </many> <many-tel> <except-tel prefix="+1-212"/> </many-tel> </from> <to> <one id="tel:+1-202-999-1234"/> </to> </sip> </call-identity>
The load created on a SIP server depends on the type of initial SIP requests for dialogs or standalone transactions. The <method> element specifies the SIP method to which the load-filtering action applies. When this element is not included, the load-filtering actions are applicable to all applicable initial requests. These
在SIP服务器上创建的负载取决于对话框或独立事务的初始SIP请求的类型。元素指定应用负载筛选操作的SIP方法。如果不包括此元素,则负载筛选操作适用于所有适用的初始请求。这些
requests include INVITE, MESSAGE, REGISTER, SUBSCRIBE, OPTIONS, and PUBLISH. Non-initial requests, such as ACK, BYE, and CANCEL MUST NOT be subjected to load filtering. In addition, SUBSCRIBE requests are not filtered if the event-type header field indicates the event package defined in this specification.
请求包括邀请、消息、注册、订阅、选项和发布。非初始请求(如ACK、BYE和CANCEL)不得进行负载筛选。此外,如果事件类型标头字段指示本规范中定义的事件包,则不会过滤订阅请求。
The following example shows the use of the <method> element in the case the filtering actions should be applied to INVITE requests.
下面的示例显示了在过滤操作应应用于INVITE请求的情况下<method>元素的使用。
<method>INVITE</method>
<method>INVITE</method>
A SIP server that performs load-filtering may have multiple paths to route call requests matching the same set of call identity elements. In those situations, the SIP load-filtering server may desire to take advantage of alternative paths and only apply load-filtering actions to matching requests for the next-hop SIP entity that originated the corresponding load-filtering policy. To achieve that, the SIP load-filtering server needs to associate every load-filtering policy with its originating SIP entity. The <target-sip-entity> element is defined for that purpose, and it contains the URI of the entity that initiated the load-filtering policy, which is generally the corresponding notifier. A notifier MAY include this element as part of the condition of its filtering policy being sent to the subscriber, as below.
执行负载过滤的SIP服务器可能有多条路径来路由与同一组呼叫标识元素匹配的呼叫请求。在这些情况下,SIP负载过滤服务器可能希望利用替代路径,并且仅将负载过滤动作应用于针对发起相应负载过滤策略的下一跳SIP实体的匹配请求。为了实现这一点,SIP负载过滤服务器需要将每个负载过滤策略与其原始SIP实体相关联。<target sip entity>元素是为此目的定义的,它包含启动负载筛选策略的实体的URI,该实体通常是相应的通知程序。通知程序可以将此元素作为其过滤策略发送给订阅服务器的条件的一部分,如下所示。
<target-sip-entity>sip:biloxi.example.com</target-sip-entity>
<target-sip-entity>sip:biloxi.example.com</target-sip-entity>
When a SIP load-filtering server receives a policy with a <target-sip-entity> element, it SHOULD record it and take it into consideration when making load-filtering decisions. If the load-filtering server receives a load-filtering policy that does not contain a <target-sip-entity> element, it MAY still record the URI of the load-filtering policy's originator as the <target-sip-entity> information and consider it when making load-filtering decisions.
当SIP负载筛选服务器接收到包含<target SIP entity>元素的策略时,它应该记录该策略,并在做出负载筛选决策时将其考虑在内。如果负载过滤服务器接收到一个不包含“目标SIP实体>元素”的负载过滤策略,则它仍然可以将负载过滤策略的始发者的URI记录为“目标SIP实体>信息”,并在进行负载过滤决策时考虑它。
The following are two examples of using the <target-sip-entity> element.
下面是使用<target sip entity>元素的两个示例。
Use case I: The network has user A connected to SIP Proxy 1 (SP1), user B connected to SIP Proxy 3 (SP3), SP1 and SP3 connected via SIP Proxy 2 (SP2), and SP2 connected to an Application Server (AS). Under normal load conditions, a call from A to B is routed along the following path: A-SP1-SP2-AS-SP3-B. The AS provides a nonessential service and can be bypassed in case of overload. Now let's assume that AS is overloaded and sends to SP2 a load-filtering policy requesting that 50% of all INVITE requests be
用例一:网络中用户A连接到SIP代理1(SP1),用户B连接到SIP代理3(SP3),SP1和SP3通过SIP代理2(SP2)连接,SP2连接到应用服务器(AS)。在正常负载条件下,从a到B的调用沿以下路径路由:a-SP1-SP2-AS-SP3-B。AS提供非必要服务,在过载情况下可以绕过。现在让我们假设AS过载,并向SP2发送一个负载过滤策略,请求删除所有INVITE请求的50%
dropped. SP2 can maintain AS as the <target-sip-entity> for that policy so that it knows the 50% drop action is only applicable to call requests that must go through AS, without affecting those calls directly routed through SP3 to B.
下降。SP2可以为该策略维护AS<target sip entity>,以便它知道50%丢弃操作仅适用于必须通过AS的呼叫请求,而不会影响通过SP3直接路由到B的呼叫。
Use case II: A translation service for toll-free numbers is installed on two Application Servers, AS1 and AS2. User A is connected to SP1 and calls 800-1234-4529, which is translated by AS1 and AS2 into a regular E.164 number depending on, e.g., the caller's location. SP1 forwards INVITE requests with Request-URI = "800 number" to AS1 or AS2 based on a load-balancing strategy. As calls to 800-1234-4529 create a pre-overload condition in AS1, AS1 sends to SP1 a load-filtering policy requesting that 50% of calls towards 800-1234-4529 be rejected. In this case, SP1 can maintain AS1 as the <target-sip-entity> for the rule, and only apply the load-filtering policy on incoming requests that are intended to be sent to AS1. Those requests that are sent to AS2, although matching the <call-identity> of the filter, will not be affected.
用例二:免费电话号码的翻译服务安装在两个应用服务器AS1和AS2上。用户A连接到SP1并呼叫800-1234-4529,AS1和AS2根据呼叫方的位置将其转换为常规的E.164号码。SP1根据负载平衡策略将请求URI为“800 number”的INVITE请求转发给AS1或AS2。当对800-1234-4529的呼叫在AS1中创建预过载条件时,AS1向SP1发送负载筛选策略,请求拒绝对800-1234-4529的50%呼叫。在这种情况下,SP1可以将AS1维护为规则的<target sip entity>,并且只对打算发送到AS1的传入请求应用负载筛选策略。发送到AS2的那些请求虽然与筛选器的<call identity>匹配,但不会受到影响。
A filtering policy is usually associated with a validity period condition. This specification reuses the <validity> element of [RFC4745], which specifies a period of validity time by pairs of <from> and <until> sub-elements. When multiple time periods are defined, the validity condition is evaluated to TRUE if the current time falls into any of the specified time periods. That is, it represents a logical OR operation across all validity time periods.
筛选策略通常与有效期条件相关联。本规范重用[RFC4745]的<validity>元素,该元素通过成对的<from>和<till>子元素指定有效期。定义多个时间段时,如果当前时间属于任何指定的时间段,则有效性条件将评估为TRUE。也就是说,它表示跨越所有有效期的逻辑OR操作。
The following example shows a <validity> element specifying a valid period from 12:00 to 15:00 US Eastern Standard Time on 2008-05-31.
以下示例显示了一个<validity>元素,该元素指定2008-05-31美国东部标准时间12:00至15:00的有效期。
<validity> <from>2008-05-31T12:00:00-05:00</from> <until>2008-05-31T15:00:00-05:00</until> </validity>
<validity> <from>2008-05-31T12:00:00-05:00</from> <until>2008-05-31T15:00:00-05:00</until> </validity>
The actions a load-filtering server takes on loads matching the load- filtering conditions are defined by the <accept> element in the load- filtering policy, which includes any one of the three sub-elements <rate>, <percent>, and <win>. The <rate> element denotes an absolute value of the maximum acceptable request rate in requests per second; the <percent> element specifies the relative percentage of incoming requests that should be accepted; the <win> element describes the acceptable window size supplied by the receiver, which is applicable
The actions a load-filtering server takes on loads matching the load- filtering conditions are defined by the <accept> element in the load- filtering policy, which includes any one of the three sub-elements <rate>, <percent>, and <win>. The <rate> element denotes an absolute value of the maximum acceptable request rate in requests per second; the <percent> element specifies the relative percentage of incoming requests that should be accepted; the <win> element describes the acceptable window size supplied by the receiver, which is applicable
in window-based load-filtering. In static load-filtering policy configuration scenarios, using the <rate> sub-element is RECOMMENDED because it is hard to enforce the percentage rate or window-based load filtering when incoming load from upstream or reactions from downstream are uncertain. (See [SIP-OVERLOAD] and [RFC6357] for more details on rate-based, loss-based, and window-based load control.)
基于窗口的负载过滤。在静态负载过滤策略配置场景中,建议使用<rate>子元素,因为当来自上游的输入负载或来自下游的反应不确定时,很难实施百分比率或基于窗口的负载过滤。(有关基于速率、基于损耗和基于窗口的负载控制的更多详细信息,请参阅[SIP-重载]和[RFC6357])
In addition, the <accept> element takes an optional "alt-action" attribute that can be used to explicitly specify the desired action in case a request cannot be processed. The "alt-action" can take one of the following three values: "reject", "redirect", or "drop".
此外,<accept>元素采用可选的“alt action”属性,该属性可用于在无法处理请求的情况下显式指定所需的操作。“alt action”可以采用以下三个值之一:“reject”、“redirect”或“drop”。
o The "reject" action is the default value for "alt-action". It means that the load-filtering server will reject the request with a 503 "Service Unavailable" response message.
o “拒绝”操作是“alt操作”的默认值。这意味着负载筛选服务器将使用503“服务不可用”响应消息拒绝请求。
o The "redirect" action means redirecting the request to another target. When it is used, an "alt-target" attribute MUST be defined. The "alt-target" specifies one URI or a list of URIs where the request should be redirected. The server sends out the redirect URIs in a 300-class response message.
o “重定向”操作意味着将请求重定向到另一个目标。使用时,必须定义“alt target”属性。“alt target”指定一个URI或URI列表,请求应重定向到该URI或URI列表。服务器在300类响应消息中发送重定向URI。
o The "drop" action means simply ignoring the request without doing anything, which can, in certain cases, help save processing capability during overload. For example, when SIP is running over a reliable transport such as TCP, the "drop" action does not send out the rejection response, neither does it close the transport connection. However, when running SIP over an unreliable transport such as UDP, using the "drop" action will create message retransmissions that further worsen the possible overload situation. Therefore, any "drop" action applied to an unreliable transport MUST be treated as if it were "reject".
o “drop”操作意味着忽略请求而不做任何事情,在某些情况下,这有助于在过载期间节省处理能力。例如,当SIP在可靠传输(如TCP)上运行时,“drop”操作不会发送拒绝响应,也不会关闭传输连接。但是,当在不可靠的传输(如UDP)上运行SIP时,使用“drop”操作将创建消息重传,从而进一步恶化可能的过载情况。因此,应用于不可靠传输的任何“丢弃”操作必须视为“拒绝”。
The above "alt-action" processing can also be illustrated through the following pseudocode.
上述“alt action”处理也可以通过以下伪代码来说明。
SWITCH "alt-action" "redirect": "redirect" "drop": IF unreliable-transport THEN treat as "reject" ELSE "drop" "reject": "reject" default: "reject" END
SWITCH "alt-action" "redirect": "redirect" "drop": IF unreliable-transport THEN treat as "reject" ELSE "drop" "reject": "reject" default: "reject" END
In the following <actions> element example, the server accepts maximum of 100 call requests per second. The remaining calls are redirected to an answering machine.
在下面的<actions>元素示例中,服务器每秒最多接受100个调用请求。其余的电话被重定向到应答机。
<actions> <accept alt-action="redirect" alt-target= "sip:answer-machine@example.com"> <rate>100</rate> </accept> </actions>
<actions> <accept alt-action="redirect" alt-target= "sip:answer-machine@example.com"> <rate>100</rate> </accept> </actions>
This section defines the XML schema for the load-control document. It extends the Common Policy schema in [RFC4745] in two ways. Firstly, it defines two mandatory attributes for the <ruleset> element: "version" and "state". The "version" attribute allows the recipient of the notification to properly order them. Versions start at zero and increase by one for each new document sent to a subscriber within the same subscription. Versions MUST be representable using a non-negative 32-bit integer. The "state" attribute indicates whether the document contains a full load-filtering policy update or only state delta as partial update. Secondly, it defines new members of the <conditions> and <actions> elements.
本节定义了负载控制文档的XML模式。它以两种方式扩展了[RFC4745]中的公共策略模式。首先,它为<ruleset>元素定义了两个必需属性:“version”和“state”。“version”属性允许通知的接收者对其进行正确排序。版本从零开始,对于同一订阅中发送给订阅者的每个新文档,版本增加一个。版本必须使用非负32位整数表示。“state”属性指示文档是包含满载筛选策略更新还是仅包含状态增量作为部分更新。其次,它定义了<conditions>和<actions>元素的新成员。
<?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:ietf:params:xml:ns:load-control" xmlns:lc="urn:ietf:params:xml:ns:load-control" xmlns:cp="urn:ietf:params:xml:ns:common-policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributedFormDefault="unqualified">
<?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:ietf:params:xml:ns:load-control" xmlns:lc="urn:ietf:params:xml:ns:load-control" xmlns:cp="urn:ietf:params:xml:ns:common-policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributedFormDefault="unqualified">
<xs:import namespace="urn:ietf:params:xml:ns:common-policy"/>
<xs:import namespace="urn:ietf:params:xml:ns:common-policy"/>
<!-- RULESET -->
<!-- RULESET -->
<xs:element name="ruleset"> <xs:complexType> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:sequence> <xs:element name="rule" type="cp:ruleType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:restriction> </xs:complexContent>
<xs:element name="ruleset"> <xs:complexType> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:sequence> <xs:element name="rule" type="cp:ruleType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:restriction> </xs:complexContent>
<xs:attribute name="version" type="xs:integer" use="required"/> <xs:attribute name="state" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="full"/> <xs:enumeration value="partial"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> </xs:element>
<xs:attribute name="version" type="xs:integer" use="required"/> <xs:attribute name="state" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="full"/> <xs:enumeration value="partial"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> </xs:element>
<!-- CONDITIONS -->
<!-- CONDITIONS -->
<!-- CALL IDENTITY --> <xs:element name="call-identity" type="lc:call-identity-type"/>
<!-- CALL IDENTITY --> <xs:element name="call-identity" type="lc:call-identity-type"/>
<!-- CALL IDENTITY TYPE --> <xs:complexType name="call-identity-type"> <xs:choice> <xs:element name="sip" type="lc:sip-id-type"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> <anyAtrribute namespace="##other" processContents="lax"/> </xs:complexType>
<!-- CALL IDENTITY TYPE --> <xs:complexType name="call-identity-type"> <xs:choice> <xs:element name="sip" type="lc:sip-id-type"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> <anyAtrribute namespace="##other" processContents="lax"/> </xs:complexType>
<!-- SIP ID TYPE --> <xs:complexType name="sip-id-type"> <xs:sequence> <element name="from" type="lc:identityType" minOccurs="0"/> <element name="to" type="lc:identityType" minOccurs="0"/> <element name="request-uri" type="lc:identityType" minOccurs="0"/> <element name="p-asserted-identity" type="lc:identityType" minOccurs="0"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <anyAtrribute namespace="##other" processContents="lax"/> </xs:complexType>
<!-- SIP ID TYPE --> <xs:complexType name="sip-id-type"> <xs:sequence> <element name="from" type="lc:identityType" minOccurs="0"/> <element name="to" type="lc:identityType" minOccurs="0"/> <element name="request-uri" type="lc:identityType" minOccurs="0"/> <element name="p-asserted-identity" type="lc:identityType" minOccurs="0"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <anyAtrribute namespace="##other" processContents="lax"/> </xs:complexType>
<!-- IDENTITY TYPE --> <xs:complexType name="identityType"> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:choice minOccurs="1" maxOccurs="unbounded"> <xs:element name="one" type="cp:oneType"/>
<!-- IDENTITY TYPE --> <xs:complexType name="identityType"> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:choice minOccurs="1" maxOccurs="unbounded"> <xs:element name="one" type="cp:oneType"/>
<xs:element name="many" type="lc:manyType"/> <xs:element name="many-tel" type="lc:manyTelType"/> <xs:any namespace="##other" processContents="lax"/> </xs:choice> </xs:restriction> </xs:complexContent> </xs:complexType>
<xs:element name="many" type="lc:manyType"/> <xs:element name="many-tel" type="lc:manyTelType"/> <xs:any namespace="##other" processContents="lax"/> </xs:choice> </xs:restriction> </xs:complexContent> </xs:complexType>
<!-- MANY-TEL TYPE --> <xs:complexType name="manyTelType"> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="except-tel" type="lc:exceptTelType"/> <xs:any namespace="##other" minOccurs="0" processContents="lax"/> </xs:choice> <xs:attribute name="prefix" use="optional" type="xs:string"/> </xs:restriction> </xs:complexContent> </xs:complexType>
<!-- MANY-TEL TYPE --> <xs:complexType name="manyTelType"> <xs:complexContent> <xs:restriction base="xs:anyType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="except-tel" type="lc:exceptTelType"/> <xs:any namespace="##other" minOccurs="0" processContents="lax"/> </xs:choice> <xs:attribute name="prefix" use="optional" type="xs:string"/> </xs:restriction> </xs:complexContent> </xs:complexType>
<!-- EXCEPT-TEL TYPE --> <xs:complexType name="exceptTelType"> <xs:attribute name="prefix" type="xs:string" use="optional"/> <xs:attribute name="id" type="xs:anyURI" use="optional"/> </xs:complexType>
<!-- EXCEPT-TEL TYPE --> <xs:complexType name="exceptTelType"> <xs:attribute name="prefix" type="xs:string" use="optional"/> <xs:attribute name="id" type="xs:anyURI" use="optional"/> </xs:complexType>
<!-- METHOD --> <xs:element name="method" type="lc:method-type"/>
<!-- METHOD --> <xs:element name="method" type="lc:method-type"/>
<!-- METHOD TYPE --> <xs:simpleType name="method-type"> <xs:restriction base="xs:string"> <xs:enumeration value="INVITE"/> <xs:enumeration value="MESSAGE"/> <xs:enumeration value="REGISTER"/> <xs:enumeration value="SUBSCRIBE"/> <xs:enumeration value="OPTIONS"/> <xs:enumeration value="PUBLISH"/> </xs:restriction> </xs:simpleType>
<!-- METHOD TYPE --> <xs:simpleType name="method-type"> <xs:restriction base="xs:string"> <xs:enumeration value="INVITE"/> <xs:enumeration value="MESSAGE"/> <xs:enumeration value="REGISTER"/> <xs:enumeration value="SUBSCRIBE"/> <xs:enumeration value="OPTIONS"/> <xs:enumeration value="PUBLISH"/> </xs:restriction> </xs:simpleType>
<!-- TARGET SIP ENTITY --> <xs:element name="target-sip-entity" type="xs:anyURI" minOccurs="0"/>
<!-- TARGET SIP ENTITY --> <xs:element name="target-sip-entity" type="xs:anyURI" minOccurs="0"/>
<!-- ACTIONS -->
<!-- ACTIONS -->
<xs:element name="accept"> <xs:choice> <element name="rate" type="xs:decimal" minOccurs="0"/> <element name="win" type="xs:integer" minOccurs="0"/> <element name="percent" type="xs:decimal" minOccurs="0"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> <xs:attribute name="alt-action" type="xs:string" default="reject"/> <xs:attribute name="alt-target" type="lc:alt-target-type" use="optional"/> <anyAtrribute namespace="##other" processContents="lax"/> </xs:element>
<xs:element name="accept"> <xs:choice> <element name="rate" type="xs:decimal" minOccurs="0"/> <element name="win" type="xs:integer" minOccurs="0"/> <element name="percent" type="xs:decimal" minOccurs="0"/> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> <xs:attribute name="alt-action" type="xs:string" default="reject"/> <xs:attribute name="alt-target" type="lc:alt-target-type" use="optional"/> <anyAtrribute namespace="##other" processContents="lax"/> </xs:element>
<!-- ALT TARGET TYPE --> <xs:simpleType name="alt-target-type"> <xs:list itemType="xs:anyURI"/> </xs:simpleType>
<!-- ALT TARGET TYPE --> <xs:simpleType name="alt-target-type"> <xs:list itemType="xs:anyURI"/> </xs:simpleType>
</xs:schema>
</xs:schema>
Two primary security considerations arise from this specification. One is the distribution mechanism for the load filtering policy that is based on the SIP event notification framework, and the other is the enforcement mechanism for the load-filtering policy.
本规范提出了两个主要的安全注意事项。一个是基于SIP事件通知框架的负载过滤策略的分发机制,另一个是负载过滤策略的实施机制。
Security considerations for SIP event package mechanisms are covered in Section 6 of [RFC6665]. A particularly relevant security concern for this event package is that if the notifiers can be spoofed, attackers can send fake notifications asking subscribers to throttle all traffic, leading to denial-of-service (DoS) attacks. Therefore, this SIP load-filtering mechanism MUST be used in a Trust Domain (Section 3.4). But if a legitimate notifier in the Trust Domain is itself compromised, additional mechanisms will be needed to detect the attack.
[RFC6665]第6节介绍了SIP事件包机制的安全注意事项。此事件包的一个特别相关的安全问题是,如果可以欺骗通知程序,攻击者可以发送虚假通知,要求订阅者限制所有流量,从而导致拒绝服务(DoS)攻击。因此,必须在信任域中使用此SIP负载过滤机制(第3.4节)。但是,如果信任域中的合法通知程序本身受到损害,则需要其他机制来检测攻击。
Security considerations for load-filtering policy enforcement depends very much on the contents of the policy. This specification defines a possible match of the following SIP header fields in a load-filtering policy: <from>, <to>, <request-uri>, and <p-asserted-identity>. The exact requirement to authenticate and authorize these fields is up to the service provider. In general, if the identity field represents the source of the request, it SHOULD be authenticated and authorized; if the identity field represents the destination of the request, the authentication and authorization is optional.
负载筛选策略实施的安全注意事项在很大程度上取决于策略的内容。此规范在负载筛选策略中定义了以下SIP头字段的可能匹配项:<from>、<to>、<request uri>和<p-asserted-identity>。验证和授权这些字段的确切要求取决于服务提供商。通常,如果标识字段表示请求的来源,则应对其进行身份验证和授权;如果标识字段表示请求的目的地,则身份验证和授权是可选的。
In addition, the "redirect" action (Section 5.4) could facilitate a reflection denial-of-service attack. If a number of SIP proxy servers in a Trust Domain are using UDP and configured to get their policies from a central server. An attacker spoofs the central server's address to send a number of NOTIFY bodies telling the proxy servers to redirect all calls to victim@outside-of-trust-domain.com. The proxy servers then redirect all calls to the victim, who then becomes a victim of Denial of Service attack and becomes inaccessiable from the Internet. To address this type of threat, this specification requires that a Trust Domain agrees on what types of calls can be affected as well as on the destinations to which calls may be redirected, as in Section 3.4.
此外,“重定向”操作(第5.4节)可能会促进反射拒绝服务攻击。如果信任域中的多个SIP代理服务器正在使用UDP并配置为从中央服务器获取其策略。攻击者伪造中央服务器的地址,发送多个NOTIFY Body,通知代理服务器将所有调用重定向到服务器victim@outside-of-trust-domain.com。然后,代理服务器将所有呼叫重定向到受害者,受害者随后成为拒绝服务攻击的受害者,无法从Internet访问。为了解决这种类型的威胁,本规范要求信任域就哪些类型的呼叫可能受到影响以及呼叫可能被重定向到的目的地达成一致,如第3.4节所述。
This specification registers a SIP event package, a new media type, a new XML namespace, and a new XML schema.
该规范注册了一个SIP事件包、一个新的媒体类型、一个新的XML名称空间和一个新的XML模式。
This section registers an event package based on the registration procedures defined in [RFC6665].
本节根据[RFC6665]中定义的注册过程注册事件包。
Package name: load-control
包名称:负载控制
Type: package
类型:包装
Published specification: This specification
已发布规范:本规范
Person to contact: Charles Shen, charles@cs.columbia.edu
联系人:查尔斯·沈,charles@cs.columbia.edu
This section registers a new media type based on the procedures defined in [RFC6838] and guidelines in [RFC3023].
本节根据[RFC6838]中定义的程序和[RFC3023]中的指南注册新媒体类型。
Type name: application
类型名称:应用程序
Subtype name: load-control+xml
子类型名称:加载控制+xml
Required parameters: none
所需参数:无
Optional parameters: Same as charset parameter of application/xml as specified in [RFC3023].
可选参数:与[RFC3023]中指定的application/xml的charset参数相同。
Encoding considerations: Same as encoding considerations of application/xml as specified in [RFC3023].
编码注意事项:与[RFC3023]中指定的应用程序/xml的编码注意事项相同。
Security considerations: See Section 10 of [RFC3023] and Section 7 of this specification.
安全注意事项:见[RFC3023]第10节和本规范第7节。
Interoperability considerations: none
互操作性注意事项:无
Published specification: This specification
已发布规范:本规范
Applications that use this media type: Applications that perform load control of SIP entities.
使用此媒体类型的应用程序:执行SIP实体负载控制的应用程序。
Fragment identifier considerations: Same as fragment identifier considerations of application/xml as specified in [RFC3023].
片段标识符注意事项:与[RFC3023]中指定的应用程序/xml的片段标识符注意事项相同。
Additional Information:
其他信息:
Deprecated alias names for this type: none
此类型的已弃用别名:无
Magic Number(s): none
幻数:无
File Extension(s): .xml
文件扩展名:.xml
Macintosh file type code(s): "TEXT"
Macintosh文件类型代码:“文本”
Person and email address for further information: Charles Shen, charles@cs.columbia.edu
有关更多信息的人员和电子邮件地址:Charles Shen,charles@cs.columbia.edu
Intended usage: COMMON
预期用途:普通
Restrictions on usage: none
使用限制:无
Author: Charles Shen, Henning Schulzrinne, Arata Koike
作者:查尔斯·申、亨宁·舒尔兹林内、阿拉塔·小池百川
Change controller: IESG
更改控制器:IESG
Provisional registration? (standards tree only): no
临时登记?(仅限标准树):否
This section registers a new XML namespace, as per the guidelines in [RFC3688]
本节根据[RFC3688]中的指南注册一个新的XML名称空间
URI: The URI for this namespace is
URI:此命名空间的URI为
urn:ietf:params:xml:ns:load-control
urn:ietf:params:xml:ns:load-control
Registrant Contact: IETF SOC Working Group <sip-overload@ietf.org>, as designated by the IESG <iesg@ietf.org>
Registrant Contact: IETF SOC Working Group <sip-overload@ietf.org>, as designated by the IESG <iesg@ietf.org>
XML:
XML:
BEGIN <?xml version="1.0"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"/> <title>SIP Load-Control Namespace</title> </head> <body> <h1>Namespace for SIP Load Control</h1> <h2>urn:ietf:params:xml:ns:load-control</h2> <p>See <a href="http://www.rfc-editor.org/rfc/rfc7200.txt"> RFC 7200</a>.</p> </body> </html> END
BEGIN <?xml version="1.0"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"/> <title>SIP Load-Control Namespace</title> </head> <body> <h1>Namespace for SIP Load Control</h1> <h2>urn:ietf:params:xml:ns:load-control</h2> <p>See <a href="http://www.rfc-editor.org/rfc/rfc7200.txt"> RFC 7200</a>.</p> </body> </html> END
URI: urn:ietf:params:xml:schema:load-control
URI: urn:ietf:params:xml:schema:load-control
Registrant Contact: IETF SOC working group, Charles Shen (charles@cs.columbia.edu).
注册人联系人:IETF SOC工作组,Charles Shen(charles@cs.columbia.edu).
XML: the XML schema contained in Section 6 has been registered.
XML:第6节中包含的XML模式已经注册。
Its first line is
它的第一行是
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>
and its last line is
最后一行是
</xs:schema>
</xs:schema>
The authors would like to thank Jari Arkko, Richard Barnes, Stewart Bryant, Gonzalo Camarillo, Bruno Chatras, Benoit Claise, Spencer Dawkins, Martin Dolly, Keith Drage, Ashutosh Dutta, Donald Eastlake, Adrian Farrel, Stephen Farrell, Janet Gunn, Vijay Gurbani, Brian Haberman, Volker Hilt, Geoff Hunt, Carolyn Johnson, Hadriel Kaplan, Paul Kyzivat, Barry Leiba, Pearl Liang, Salvatore Loreto, Timothy Moran, Eric Noel, Parthasarathi R, Pete Resnick, Adam Roach, Dan Romascanu, Shida Schubert, Robert Sparks, Martin Stiemerling, Sean Turner, Phil Williams, and other members of the SOC and SIPPING working groups for many helpful comments. In particular, Bruno Chatras proposed the <method> and <target-sip-entity> condition elements along with many other text improvements. Janet Gunn provided detailed text suggestions including Appendix C. Eric Noel suggested clarification on load-filtering policy distribution initialization process. Shida Schubert made many suggestions such as terminology usage. Phil Williams suggested adding support for delta updates. Ashutosh Dutta gave pointers to Public Switched Telephone Network (PSTN) references. Adam Roach suggested improvements related to RFC 6665 and offered other helpful clarifications. Richard Barnes made many suggestions such as referencing the Trust Domain concept of RFCs 3324 and 3325, the use of a separate element for 'tel' URI grouping, and addressing the "redirect" action security threat.
作者要感谢贾里·阿尔科、理查德·巴恩斯、斯图尔特·布莱恩特、冈萨洛·卡马里洛、布鲁诺·查特拉斯、贝诺特·克莱斯、斯宾塞·道金斯、马丁·多利、基思·德雷奇、阿什图什·杜塔、唐纳德·伊斯特莱克、阿德里安·法雷尔、斯蒂芬·法雷尔、珍妮特·冈恩、维杰·古巴尼、布赖恩·哈伯曼、沃尔克·希尔特、杰夫·亨特、卡罗琳·约翰逊、哈德里尔·卡普兰、保罗·基齐瓦特、,巴里·莱巴、梁珠儿、萨尔瓦托·洛雷托、蒂莫西·莫兰、埃里克·诺埃尔、帕塔萨拉蒂·R、皮特·雷斯尼克、亚当·罗奇、丹·罗马斯坎努、希达·舒伯特、罗伯特·斯帕克斯、马丁·斯蒂默林、肖恩·特纳、菲尔·威廉姆斯和其他SOC成员,并啜饮着工作组中的有益意见。特别是,Bruno Chatras提出了<method>和<target sip entity>条件元素以及许多其他文本改进。Janet Gunn提供了详细的文本建议,包括附录C。Eric Noel建议对负载筛选策略分发初始化过程进行澄清。Shida Schubert提出了许多建议,例如术语的使用。Phil Williams建议添加对增量更新的支持。Ashutosh Dutta为公共交换电话网(PSTN)提供了参考。Adam Roach提出了与RFC 6665相关的改进建议,并提供了其他有用的澄清。Richard Barnes提出了许多建议,例如引用RFCs 3324和3325的信任域概念,使用单独的元素进行“tel”URI分组,以及解决“重定向”操作安全威胁。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC2141]Moats,R.,“瓮语法”,RFC 21411997年5月。
[RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types", RFC 3023, January 2001.
[RFC3023]Murata,M.,St.Laurent,S.,和D.Kohn,“XML媒体类型”,RFC 3023,2001年1月。
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[RFC3261]Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.,和E.Schooler,“SIP:会话启动协议”,RFC 3261,2002年6月。
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.
[RFC3688]Mealling,M.“IETF XML注册表”,BCP 81,RFC 3688,2004年1月。
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004.
[RFC3966]Schulzrinne,H.,“电话号码的电话URI”,RFC 3966,2004年12月。
[RFC4745] Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J., and J. Rosenberg, "Common Policy: A Document Format for Expressing Privacy Preferences", RFC 4745, February 2007.
[RFC4745]Schulzrinne,H.,Tschofenig,H.,Morris,J.,Cuellar,J.,Polk,J.,和J.Rosenberg,“共同政策:表达隐私偏好的文件格式”,RFC 47452007年2月。
[RFC6665] Roach, A., "SIP-Specific Event Notification", RFC 6665, July 2012.
[RFC6665]Roach,A.,“SIP特定事件通知”,RFC 66652012年7月。
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, January 2013.
[RFC6838]Freed,N.,Klensin,J.和T.Hansen,“媒体类型规范和注册程序”,BCP 13,RFC 6838,2013年1月。
[E.300SerSup3] ITU-T, "North American Precise Audible Tone Plan", Recommendation E.300 Series Supplement 3, November 1988.
[E.300SerSup3]ITU-T,“北美精确音频计划”,建议E.300系列补充件3,1988年11月。
[E.412] ITU-T, "Network Management Controls", Recommendation E.412-2003, January 2003.
[E.412]ITU-T,“网络管理控制”,建议E.412-2003,2003年1月。
[Q.1248.2] ITU-T, "Interface Recommendation for Intelligent Network Capability Set4:SCF-SSF interface", Recommendation Q.1248.2, July 2001.
[Q.1248.2]ITU-T,“智能网络能力集4的接口建议:SCF-SSF接口”,建议Q.1248.2,2001年7月。
[RFC2648] Moats, R., "A URN Namespace for IETF Documents", RFC 2648, August 1999.
[RFC2648]Moats,R.,“IETF文档的URN名称空间”,RFC 26481999年8月。
[RFC3324] Watson, M., "Short Term Requirements for Network Asserted Identity", RFC 3324, November 2002.
[RFC3324]Watson,M.,“网络断言身份的短期要求”,RFC 33242002年11月。
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks", RFC 3325, November 2002.
[RFC3325]Jennings,C.,Peterson,J.,和M.Watson,“在可信网络中声明身份的会话启动协议(SIP)的私有扩展”,RFC 33252002年11月。
[RFC4412] Schulzrinne, H. and J. Polk, "Communications Resource Priority for the Session Initiation Protocol (SIP)", RFC 4412, February 2006.
[RFC4412]Schulzrinne,H.和J.Polk,“会话启动协议(SIP)的通信资源优先级”,RFC 4412,2006年2月。
[RFC4825] Rosenberg, J., "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)", RFC 4825, May 2007.
[RFC4825]Rosenberg,J.,“可扩展标记语言(XML)配置访问协议(XCAP)”,RFC4825,2007年5月。
[RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for Emergency and Other Well-Known Services", RFC 5031, January 2008.
[RFC5031]Schulzrinne,H.,“应急和其他知名服务的统一资源名称(URN)”,RFC 5031,2008年1月。
[RFC5390] Rosenberg, J., "Requirements for Management of Overload in the Session Initiation Protocol", RFC 5390, December 2008.
[RFC5390]Rosenberg,J.,“会话启动协议中过载管理的要求”,RFC 53902008年12月。
[RFC6357] Hilt, V., Noel, E., Shen, C., and A. Abdelal, "Design Considerations for Session Initiation Protocol (SIP) Overload Control", RFC 6357, August 2011.
[RFC6357]Hilt,V.,Noel,E.,Shen,C.,和A.Abdelal,“会话启动协议(SIP)过载控制的设计考虑”,RFC 6357,2011年8月。
[SIP-OVERLOAD] Gurbani, V., Ed., Hilt, V., and H. Schulzrinne, "Session Initiation Protocol (SIP) Overload Control", Work in Progress, March 2014.
[SIP-OVERLOAD]Gurbani,V.,Ed.,Hilt,V.,和H.Schulzrinne,“会话启动协议(SIP)过载控制”,正在进行的工作,2014年3月。
This specification reuses the definitions for "Event Package", "Notification", "Notifier", "Subscriber", and "Subscription" as in [RFC6665]. The following additional definitions are also used.
本规范重用了[RFC6665]中对“事件包”、“通知”、“通知程序”、“订阅者”和“订阅”的定义。还使用了以下附加定义。
Load Filtering: A load-control mechanism that applies specific actions to selected loads (e.g., SIP requests) matching specific conditions.
负载过滤:一种负载控制机制,将特定操作应用于符合特定条件的选定负载(例如SIP请求)。
Load-Filtering Policy: A set of zero or more load-filtering rules, also known as load-filtering rule set.
负载筛选策略:一组零或多个负载筛选规则,也称为负载筛选规则集。
Load-Filtering Rule: Conditions and actions to be applied for load filtering.
负载筛选规则:应用于负载筛选的条件和操作。
Load-Filtering Condition: Elements that describe how to select loads to apply load-filtering actions. This specification defines the <call-identity>, <method>, <target-sip-identity>, and <validity> condition elements (Section 5.3).
负载过滤条件:描述如何选择负载以应用负载过滤操作的元素。本规范定义了<call identity>、<method>、<target sip identity>和<validity>条件元素(第5.3节)。
Load-Filtering Action: An operation to be taken by a load-filtering server on loads that match the load-filtering conditions. This specification allows actions such as accept, reject, and redirect of loads (Section 5.4).
负载筛选操作:负载筛选服务器对符合负载筛选条件的负载执行的操作。本规范允许诸如接受、拒绝和重定向负载等操作(第5.4节)。
Load-Filtering Server: A server that performs load filtering. In the context of this specification, the load-filtering server is the subscriber, which receives load-filtering policies from the notifier and enforces those policies during load filtering.
负载筛选服务器:执行负载筛选的服务器。在本规范的上下文中,负载筛选服务器是订阅者,它从通知程序接收负载筛选策略,并在负载筛选期间强制执行这些策略。
Load-Control Document: An XML document that describes the load-filtering policies (Section 5). It inherits and enhances the common policy document defined in [RFC4745].
负载控制文档:描述负载过滤策略的XML文档(第5节)。它继承并增强了[RFC4745]中定义的通用策略文档。
The SIP load-filtering mechanism needs to satisfy the following requirements:
SIP负载过滤机制需要满足以下要求:
o For simplicity, the solution should focus on a method for controlling SIP load, rather than a generic application-layer mechanism.
o 为简单起见,解决方案应侧重于控制SIP负载的方法,而不是通用的应用层机制。
o The load-filtering policy needs to be distributed efficiently to possibly a large subset of all SIP elements.
o 负载过滤策略需要有效地分布到所有SIP元素的一个较大子集。
o The solution should reuse existing SIP protocol mechanisms to reduce implementation and deployment complexity.
o 解决方案应该重用现有的SIP协议机制,以降低实现和部署的复杂性。
o For predictable overload situations, such as holidays and mass calling events, the load-filtering policy should specify during what time it is to be applied, so that the information can be distributed ahead of time.
o 对于可预测的过载情况,如节假日和群发呼叫事件,负载筛选策略应指定在何时应用,以便提前分发信息。
o For destination-specific overload situations, the load-filtering policy should be able to describe the destination domain or the callee.
o 对于特定于目标的过载情况,负载筛选策略应该能够描述目标域或被调用方。
o To address accidental and intentional high-volume call generators, the load-filtering policy should be able to specify the caller.
o 为了解决意外和有意的大容量呼叫生成器,负载筛选策略应该能够指定调用者。
o Caller and callee need to be specified as both SIP URIs and 'tel' URIs [RFC3966] in load-filtering policies.
o 在负载筛选策略中,需要将呼叫者和被呼叫者同时指定为SIP URI和“tel”URI[RFC3966]。
o It should be possible to specify particular information in the SIP headers (e.g., prefixes in telephone numbers) that allow load filtering over limited regionally focused overloads.
o 应该可以在SIP头中指定特定信息(例如,电话号码中的前缀),以允许在有限的区域集中过载上进行负载过滤。
o The solution should draw upon experiences from related PSTN mechanisms [Q.1248.2] [E.412] [E.300SerSup3] where applicable.
o 解决方案应借鉴相关PSTN机制[Q.1248.2][E.412][E.300SerSup3]的经验(如适用)。
o The solution should be extensible to meet future needs.
o 解决方案应该是可扩展的,以满足未来的需要。
Appendix C. Discussion of How This Specification Meets the Requirements of RFC 5390
附录C.本规范如何满足RFC 5390要求的讨论
This section evaluates whether the load-control event package mechanism defined in this specification satisfies various SIP overload control requirements set forth by [RFC5390]. As mentioned in Section 1, this specification complements other efforts in the overall SIP load-control solution space. Therefore, not all RFC 5390 requirements are found applicable to this specification. This specification categorizes the assessment results into Yes (the requirement is met), P/A (Partially Applicable), No (must be used in conjunction with another mechanism to meet the requirement), and N/A (Not Applicable).
本节评估本规范中定义的负载控制事件包机制是否满足[RFC5390]规定的各种SIP过载控制要求。如第1节所述,本规范补充了整个SIP负载控制解决方案空间中的其他工作。因此,并非所有RFC 5390要求都适用于本规范。本规范将评估结果分为是(满足要求)、P/A(部分适用)、否(必须与其他机制结合使用以满足要求)和N/A(不适用)。
REQ 1: The overload mechanism shall strive to maintain the overall useful throughput (taking into consideration the quality-of-service needs of the using applications) of a SIP server at reasonable levels, even when the incoming load on the network is far in excess of its capacity. The overall throughput under load is the ultimate measure of the value of an overload control mechanism.
REQ 1:过载机制应努力将SIP服务器的总体有效吞吐量(考虑到使用应用程序的服务质量需求)保持在合理水平,即使网络上的输入负载远远超过其容量。负载下的总吞吐量是过载控制机制值的最终度量。
P/A. The goal of load filtering is to prevent overload or maintain overall goodput during the time of overload, but it is dependent on the predictions of the load and the computations as well as distribution of the filtering policies. If the load predictions or filtering policy computations are incorrect, or the filtering policy is not properly distributed, the mechanism will be less effective. On the other hand, if the load can be accurately predicted and filtering policies be computed and distributed appropriately, this requirement can be met.
P/A.负载过滤的目标是防止过载或在过载期间保持整体输出,但这取决于负载预测、计算以及过滤策略的分布。如果负载预测或筛选策略计算不正确,或者筛选策略分布不正确,则该机制的有效性将降低。另一方面,如果能够准确地预测负载,并适当地计算和分配过滤策略,则可以满足这一要求。
REQ 2: When a single network element fails, goes into overload, or suffers from reduced processing capacity, the mechanism should strive to limit the impact of this on other elements in the network. This helps to prevent a small-scale failure from becoming a widespread outage.
REQ 2:当单个网元出现故障、过载或处理能力降低时,该机制应努力限制其对网络中其他网元的影响。这有助于防止小规模故障成为大范围停机。
N/A if load-filtering policies are installed in advance and do not change during the potential overload period, P/A if load-filtering policies are dynamically adjusted. The algorithm to dynamically compute load-filtering policies is outside the scope of this specification, while the distribution of the updated filtering policies uses the event package mechanism of this specification.
N/A如果预先安装了负载过滤策略并且在潜在过载期间没有更改,P/A如果动态调整负载过滤策略。动态计算负载筛选策略的算法不在本规范的范围内,而更新的筛选策略的分发使用本规范的事件包机制。
REQ 3: The mechanism should seek to minimize the amount of configuration required in order to work. For example, it is better to avoid needing to configure a server with its SIP message throughput, as these kinds of quantities are hard to determine.
要求3:该机制应尽量减少工作所需的配置量。例如,最好避免使用SIP消息吞吐量配置服务器,因为这些数量很难确定。
No. This mechanism is entirely dependent on advance configuration, based on advance knowledge. In order to satisfy REQ 3, it should be used in conjunction with other mechanisms that are not based on advance configuration.
否。该机制完全依赖于基于预先知识的预先配置。为了满足REQ 3,它应该与其他不基于高级配置的机制结合使用。
REQ 4: The mechanism must be capable of dealing with elements that do not support it, so that a network can consist of a mix of elements that do and don't support it. In other words, the mechanism should not work only in environments where all elements support it. It is reasonable to assume that it works better in such environments, of course. Ideally, there should be incremental improvements in overall network throughput as increasing numbers of elements in the network support the mechanism.
REQ 4:该机制必须能够处理不支持它的元素,以便网络可以由支持和不支持它的元素组成。换句话说,该机制不应该只在所有元素都支持它的环境中工作。当然,我们有理由假设它在这样的环境中工作得更好。理想情况下,随着网络中支持该机制的元素数量的增加,总体网络吞吐量应该有增量的提高。
No. This mechanism is entirely dependent on the participation of all possible neighbors. In order to satisfy REQ 4, it should be used in conjunction with other mechanisms, some of which are described in Section 3.4.
不。这一机制完全取决于所有可能的邻国的参与。为了满足REQ 4,应将其与其他机制结合使用,其中一些机制在第3.4节中描述。
REQ 5: The mechanism should not assume that it will only be deployed in environments with completely trusted elements. It should seek to operate as effectively as possible in environments where other elements are malicious; this includes preventing malicious elements from obtaining more than a fair share of service.
REQ 5:该机制不应假定它仅部署在具有完全受信任元素的环境中。它应寻求在其他元素恶意的环境中尽可能有效地运行;这包括防止恶意元素获得超过公平份额的服务。
No. This mechanism is entirely dependent on the non-malicious participation of all possible neighbors. In order to satisfy REQ 5, it should be used in conjunction with other mechanisms, some of which are described in Section 3.4.
否。此机制完全依赖于所有可能邻居的非恶意参与。为了满足REQ 5的要求,应将其与第3.4节所述的其他机制结合使用。
REQ 6: When overload is signaled by means of a specific message, the message must clearly indicate that it is being sent because of overload, as opposed to other, non overload-based failure conditions. This requirement is meant to avoid some of the problems that have arisen from the reuse of the 503 response code for multiple purposes. Of course, overload is also signaled by lack of response to requests. This requirement applies only to explicit overload signals.
REQ 6:当通过特定消息发出过载信号时,该消息必须清楚地表明是由于过载而发送的,而不是其他基于非过载的故障情况。此要求旨在避免因将503响应代码用于多种用途而产生的一些问题。当然,过载的信号还包括对请求的响应不足。此要求仅适用于明确的过载信号。
N/A. This mechanism signals anticipated overload, not actual overload. However, the signals in this mechanism are not used for any other purpose.
不适用。该机制表示预期过载,而不是实际过载。但是,此机制中的信号不用于任何其他目的。
REQ 7: The mechanism shall provide a way for an element to throttle the amount of traffic it receives from an upstream element. This throttling shall be graded so that it is not all-or-nothing as with the current 503 mechanism. This recognizes the fact that "overload" is not a binary state and that there are degrees of overload.
REQ 7:该机制应为元件提供一种方式,以限制其从上游元件接收的通信量。该节流应分级,以使其与当前503机构不完全相同或完全不同。这认识到“过载”不是二进制状态,并且存在不同程度的过载。
Yes. This event package allows rate-/loss-/window-based overload control options as discussed in Section 5.4.
对如第5.4节所述,此事件包允许基于速率/损失/窗口的过载控制选项。
REQ 8: The mechanism shall ensure that, when a request was not processed successfully due to overload (or failure) of a downstream element, the request will not be retried on another element that is also overloaded or whose status is unknown. This requirement derives from REQ 1.
REQ 8:该机制应确保,当由于下游元件过载(或故障)导致请求未成功处理时,不会在另一个同样过载或状态未知的元件上重试该请求。此要求源自REQ 1。
N/A to the load-control event package mechanism itself.
负载控制事件包机制本身不适用。
REQ 9: That a request has been rejected from an overloaded element shall not unduly restrict the ability of that request to be submitted to and processed by an element that is not overloaded. This requirement derives from REQ 1.
REQ 9:来自过载元素的请求被拒绝不应过度限制该请求提交给未过载元素并由其处理的能力。此要求源自REQ 1。
Yes. For example, load-filtering policy (Section 3.1) can include alternative forwarding destinations for rejected requests.
对例如,负载筛选策略(第3.1节)可以包括拒绝请求的备选转发目的地。
REQ 10: The mechanism should support servers that receive requests from a large number of different upstream elements, where the set of upstream elements is not enumerable.
REQ 10:该机制应支持从大量不同上游元素接收请求的服务器,其中上游元素集不可枚举。
No. Because this mechanism requires advance configuration of specifically identified neighbors, it does not support environments where the number and identity of the upstream neighbors are not known in advance. In order to satisfy REQ 10, it should be used in conjunction with other mechanisms.
否。因为此机制需要预先配置特定标识的邻居,所以它不支持预先不知道上游邻居的数量和身份的环境。为了满足REQ 10,它应该与其他机制一起使用。
REQ 11: The mechanism should support servers that receive requests from a finite set of upstream elements, where the set of upstream elements is enumerable.
REQ 11:该机制应支持从有限的上游元素集接收请求的服务器,其中上游元素集是可枚举的。
Yes. See also answer to REQ 10.
对另见对要求10的回答。
REQ 12: The mechanism should work between servers in different domains.
请求12:该机制应在不同域中的服务器之间工作。
Yes. The load-control event package mechanism is not limited by domain boundaries. However, it is likely more applicable in intra-domain scenarios than in inter-domain scenarios due to security and other concerns (see also Section 3.4).
对负载控制事件包机制不受域边界的限制。但是,由于安全和其他方面的考虑,它可能更适用于域内场景而不是域间场景(另请参见第3.4节)。
REQ 13: The mechanism must not dictate a specific algorithm for prioritizing the processing of work within a proxy during times of overload. It must permit a proxy to prioritize requests based on any local policy, so that certain ones (such as a call for emergency services or a call with a specific value of the Resource-Priority header field [RFC4412]) are given preferential treatment, such as not being dropped, being given additional retransmission, or being processed ahead of others.
REQ 13:该机制不得规定在过载期间对代理内的工作处理进行优先级排序的特定算法。它必须允许代理根据任何本地策略对请求进行优先级排序,以便对某些请求(例如紧急服务呼叫或具有资源优先级头字段[RFC4412]特定值的呼叫)给予优先处理,例如不被丢弃、被给予额外重传或被提前处理。
P/A. This mechanism does not specifically address the prioritizing of work during times of overload. But it does not preclude any particular local policy.
P/A。该机制未具体解决过载期间的工作优先级问题。但这并不排除任何特定的地方政策。
REQ 14: The mechanism should provide unambiguous directions to clients on when they should retry a request and when they should not. This especially applies to TCP connection establishment and SIP registrations, in order to mitigate against avalanche restart.
REQ 14:该机制应向客户端提供明确的指示,说明何时应重试请求,何时不应重试请求。这尤其适用于TCP连接建立和SIP注册,以缓解雪崩重启。
N/A to the load-control event package mechanism itself.
负载控制事件包机制本身不适用。
REQ 15: In cases where a network element fails, is so overloaded that it cannot process messages, or cannot communicate due to a network failure or network partition, it will not be able to provide explicit indications of the nature of the failure or its levels of congestion. The mechanism must properly function in these cases.
REQ 15:如果一个网元发生故障,过载到无法处理消息,或者由于网络故障或网络分区而无法通信,那么它将无法提供故障性质或拥塞级别的明确指示。在这些情况下,该机制必须正常运作。
P/A. Because the load-filtering policies are provisioned in advance, they are not affected by the overload or failure of other network elements. On the other hand, they may not, in those cases, be able to protect the overloaded network elements (see REQ 1).
P/A。由于负载过滤策略是预先设置的,因此它们不受其他网元过载或故障的影响。另一方面,在这些情况下,它们可能无法保护过载的网络元件(参见REQ 1)。
REQ 16: The mechanism should attempt to minimize the overhead of the overload control messaging.
REQ 16:该机制应尝试最小化过载控制消息传递的开销。
Yes. The standardized SIP event package mechanism [RFC6665] is used.
对使用标准化的SIP事件包机制[RFC6665]。
REQ 17: The overload mechanism must not provide an avenue for malicious attack, including DoS and DDoS attacks.
请求17:过载机制不得提供恶意攻击的途径,包括DoS和DDoS攻击。
P/A. This mechanism does provide a potential avenue for malicious attacks. Therefore, the security mechanisms for SIP event packages, in general, [RFC6665] and Section 7 of this specification should be used.
P/A。该机制确实为恶意攻击提供了潜在途径。因此,通常应使用SIP事件包的安全机制[RFC6665]和本规范第7节。
REQ 18: The overload mechanism should be unambiguous about whether a load indication applies to a specific IP address, host, or URI, so that an upstream element can determine the load of the entity to which a request is to be sent.
REQ 18:重载机制应该明确负载指示是否适用于特定的IP地址、主机或URI,以便上游元素可以确定要向其发送请求的实体的负载。
Yes. The identity of load indication is covered in the load-filtering policy format definition in Section 3.1.
对第3.1节中的负载过滤策略格式定义涵盖了负载指示的标识。
REQ 19: The specification for the overload mechanism should give guidance on which message types might be desirable to process over others during times of overload, based on SIP-specific considerations. For example, it may be more beneficial to process a SUBSCRIBE refresh with Expires of zero than a SUBSCRIBE refresh with a non-zero expiration (since the former reduces the overall amount of load on the element), or to process re-INVITEs over new INVITEs.
REQ 19:过载机制的规范应根据SIP的具体考虑,给出过载期间哪些消息类型可能需要优先于其他类型处理的指导。例如,处理到期时间为零的订阅刷新可能比处理到期时间为非零的订阅刷新更有利(因为前者减少了元素上的总负载量),或者处理新邀请上的重新邀请。
N/A to the load-control event package mechanism itself.
负载控制事件包机制本身不适用。
REQ 20: In a mixed environment of elements that do and do not implement the overload mechanism, no disproportionate benefit shall accrue to the users or operators of the elements that do not implement the mechanism.
REQ 20:在实施和未实施过载机制的元件的混合环境中,未实施过载机制的元件的用户或操作员不得获得不相称的利益。
No. This mechanism is entirely dependent on the participation of all possible neighbors. In order to satisfy REQ 20, it should be used in conjunction with other mechanisms, some of which are described in Section 3.4.
不。这一机制完全取决于所有可能的邻国的参与。为了满足REQ 20的要求,应将其与第3.4节所述的其他机制结合使用。
REQ 21: The overload mechanism should ensure that the system remains stable. When the offered load drops from above the overall capacity of the network to below the overall capacity, the throughput should stabilize and become equal to the offered load.
REQ 21:过载机制应确保系统保持稳定。当提供的负载从网络的总容量以上下降到总容量以下时,吞吐量应稳定并与提供的负载相等。
N/A to the load-control event package mechanism itself.
负载控制事件包机制本身不适用。
REQ 22: It must be possible to disable the reporting of load information towards upstream targets based on the identity of those targets. This allows a domain administrator who considers the load of their elements to be sensitive information, to restrict access to that information. Of course, in such cases, there is no expectation that the overload mechanism itself will help prevent overload from that upstream target.
REQ 22:必须能够根据上游目标的标识禁用向这些目标报告负载信息。这允许将其元素的负载视为敏感信息的域管理员限制对该信息的访问。当然,在这种情况下,我们并不期望过载机制本身能够帮助防止来自上游目标的过载。
N/A to the load-control event package mechanism itself.
负载控制事件包机制本身不适用。
REQ 23: It must be possible for the overload mechanism to work in cases where there is a load balancer in front of a farm of proxies.
REQ 23:在代理服务器群前面有负载平衡器的情况下,过载机制必须能够工作。
Yes. The load-control event package mechanism does not preclude its use in a scenario with server farms.
对负载控制事件包机制并不排除在服务器场场景中使用它。
This section presents two complete examples of load-control documents valid with respect to the XML schema defined in Section 6.
本节介绍了两个完整的负载控制文档示例,这些文档对于第6节中定义的XML模式是有效的。
The first example assumes that a set of hotlines are set up at "sip:alice@hotline.example.com" and "tel:+1-212-555-1234". The hotlines are activated from 12:00 to 15:00 US Eastern Standard Time on 2008-05-31. The goal is to limit the incoming calls to the hotlines to 100 requests per second. Calls that exceed the rate limit are explicitly rejected.
第一个示例假设在“sip:alice@hotline.example.com和“电话:+1-212-555-1234”。热线于2008年5月31日美国东部标准时间12:00至15:00开通。目标是将拨打热线的来电限制在每秒100个请求。超过速率限制的呼叫将被明确拒绝。
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="0" state="full">
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="0" state="full">
<rule id="f3g44k1"> <conditions> <lc:call-identity> <lc:sip> <lc:to> <one id="sip:alice@hotline.example.com"/> <one id="tel:+1-212-555-1234"/> </lc:to> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2008-05-31T12:00:00-05:00</from> <until>2008-05-31T15:00:00-05:00</until> </validity> </conditions> <actions> <lc:accept alt-action="reject"> <lc:rate>100</lc:rate> </lc:accept> </actions>
<rule id="f3g44k1"> <conditions> <lc:call-identity> <lc:sip> <lc:to> <one id="sip:alice@hotline.example.com"/> <one id="tel:+1-212-555-1234"/> </lc:to> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2008-05-31T12:00:00-05:00</from> <until>2008-05-31T15:00:00-05:00</until> </validity> </conditions> <actions> <lc:accept alt-action="reject"> <lc:rate>100</lc:rate> </lc:accept> </actions>
</rule> </ruleset>
</rule> </ruleset>
The second example optimizes the usage of server resources during the three-day period following a hurricane. Incoming calls to the domain "sandy.example.com" or to call destinations with prefix "+1-212" will be limited to a rate of 100 requests per second, except for those calls originating from a particular rescue team domain "rescue.example.com". Outgoing calls from the hurricane domain or calls within the local domain are never limited. All calls that are throttled due to the rate limit will be forwarded to an answering machine with updated hurricane rescue information.
第二个示例优化了飓风过后三天内服务器资源的使用情况。对域“sandy.example.com”或前缀为“+1-212”的呼叫目的地的传入呼叫速率将限制为每秒100个请求,但来自特定救援团队域“rescue.example.com”的呼叫除外。来自飓风域的传出呼叫或本地域内的呼叫从不受限制。由于速率限制而被限制的所有呼叫都将被转发到带有最新飓风救援信息的应答机。
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="1" state="full">
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="1" state="full">
<rule id="f3g44k2"> <conditions> <lc:call-identity> <lc:sip> <lc:to> <many domain="sandy.example.com"/> <many-tel prefix="+1-212"/> </lc:to> <lc:from> <many> <except domain="sandy.example.com"/> <except domain="rescue.example.com"/> </many> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2012-10-25T09:00:00+01:00</from> <until>2012-10-28T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="redirect" alt-target= "sip:sandy@update.example.com"> <lc:rate>100</lc:rate> </lc:accept> </actions>
<rule id="f3g44k2"> <conditions> <lc:call-identity> <lc:sip> <lc:to> <many domain="sandy.example.com"/> <many-tel prefix="+1-212"/> </lc:to> <lc:from> <many> <except domain="sandy.example.com"/> <except domain="rescue.example.com"/> </many> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2012-10-25T09:00:00+01:00</from> <until>2012-10-28T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="redirect" alt-target= "sip:sandy@update.example.com"> <lc:rate>100</lc:rate> </lc:accept> </actions>
</rule> </ruleset>
</rule> </ruleset>
Sometimes it may occur that multiple rules in a ruleset define actions that match the same methods, call identity and validity. In those cases, the "first-match-wins" principle is used. For example, in the following ruleset, the first rule requires all calls from the "example.com" domain to be rejected. Even though the rule following that one specifies that calls from "sip:alice@example.com" be redirected to a specific target "sip:eve@example.com", the calls from "sip:alice@example.com" will still be rejected because they have already been matched by the earlier rule.
有时,规则集中的多个规则可能会定义与相同方法、调用标识和有效性匹配的操作。在这些情况下,使用“第一场比赛获胜”原则。例如,在以下规则集中,第一条规则要求拒绝来自“example.com”域的所有调用。即使下面的规则指定从“sip:alice@example.com“被重定向到特定目标”sip:eve@example.com,来自“sip:alice@example.com“仍将被拒绝,因为它们已被先前的规则匹配。
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="1" state="full">
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="urn:ietf:params:xml:ns:common-policy" xmlns:lc="urn:ietf:params:xml:ns:load-control" version="1" state="full">
<rule id="f3g44k3"> <conditions> <lc:call-identity> <lc:sip> <lc:from> <many domain="example.com"/> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2013-7-2T09:00:00+01:00</from> <until>2013-7-3T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="reject"> <lc:rate>0</lc:rate> </lc:accept> </actions> </rule>
<rule id="f3g44k3"> <conditions> <lc:call-identity> <lc:sip> <lc:from> <many domain="example.com"/> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2013-7-2T09:00:00+01:00</from> <until>2013-7-3T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="reject"> <lc:rate>0</lc:rate> </lc:accept> </actions> </rule>
<rule id="f3g44k4"> <conditions> <lc:call-identity> <lc:sip> <lc:from> <one id="sip:alice@example.com"/> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2013-7-2T09:00:00+01:00</from> <until>2013-7-3T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="redirect" alt-target= "sip:eve@example.com"> <lc:rate>0</lc:rate> </lc:accept> </actions>
<rule id="f3g44k4"> <conditions> <lc:call-identity> <lc:sip> <lc:from> <one id="sip:alice@example.com"/> </lc:from> </lc:sip> </lc:call-identity> <method>INVITE</method> <validity> <from>2013-7-2T09:00:00+01:00</from> <until>2013-7-3T09:00:00+01:00</until> </validity> </conditions> <actions> <lc:accept alt-action="redirect" alt-target= "sip:eve@example.com"> <lc:rate>0</lc:rate> </lc:accept> </actions>
</rule> </ruleset>
</rule> </ruleset>
This section presents an example message flow of using the load-control event package mechanism defined in this specification.
本节介绍使用本规范中定义的负载控制事件包机制的示例消息流。
atlanta biloxi | F1 SUBSCRIBE | |------------------>| | F2 200 OK | |<------------------| | F3 NOTIFY | |<------------------| | F4 200 OK | |------------------>|
atlanta biloxi | F1 SUBSCRIBE | |------------------>| | F2 200 OK | |<------------------| | F3 NOTIFY | |<------------------| | F4 200 OK | |------------------>|
F1 SUBSCRIBE atlanta.example.com -> biloxi.example.com
F1订阅atlanta.example.com->biloxi.example.com
SUBSCRIBE sip:biloxi.example.com SIP/2.0 Via: SIP/2.0/TCP atlanta.example.com;branch=z9hG4bKy7cjbu3 From: sip:atlanta.example.com;tag=162ab5 To: sip:biloxi.example.com Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 2012 SUBSCRIBE Contact: sip:atlanta.example.com Event: load-control Max-Forwards: 70 Accept: application/load-control+xml Expires: 3600 Content-Length: 0
SUBSCRIBE sip:biloxi.example.com SIP/2.0 Via: SIP/2.0/TCP atlanta.example.com;branch=z9hG4bKy7cjbu3 From: sip:atlanta.example.com;tag=162ab5 To: sip:biloxi.example.com Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 2012 SUBSCRIBE Contact: sip:atlanta.example.com Event: load-control Max-Forwards: 70 Accept: application/load-control+xml Expires: 3600 Content-Length: 0
F2 200 OK biloxi.example.com -> atlanta.example.com
F2 200 OK biloxi.example.com->atlanta.example.com
SIP/2.0 200 OK Via: SIP/2.0/TCP biloxi.example.com;branch=z9hG4bKy7cjbu3 ;received=192.0.2.1 To: <sip:biloxi.example.com>;tag=331dc8 From: <sip:atlanta.example.com>;tag=162ab5 Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 2012 SUBSCRIBE Expires: 3600 Contact: sip:biloxi.example.com Content-Length: 0
SIP/2.0 200 OK Via: SIP/2.0/TCP biloxi.example.com;branch=z9hG4bKy7cjbu3 ;received=192.0.2.1 To: <sip:biloxi.example.com>;tag=331dc8 From: <sip:atlanta.example.com>;tag=162ab5 Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 2012 SUBSCRIBE Expires: 3600 Contact: sip:biloxi.example.com Content-Length: 0
F3 NOTIFY biloxi.example.com -> atlanta.example.com
F3通知biloxi.example.com->atlanta.example.com
NOTIFY sip:atlanta.example.com SIP/2.0 Via: SIP/2.0/TCP biloxi.example.com;branch=z9hG4bKy71g2ks From: <sip:biloxi.example.com>;tag=331dc8 To: <sip:atlanta.example.com>;tag=162ab5 Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com Event: load-control Subscription-State: active;expires=3599 Max-Forwards: 70 CSeq: 1775 NOTIFY Contact: sip:biloxi.example.com Content-Type: application/load-control+xml Content-Length: ...
通过sip/2.0/TCP biloxi.example.com通知sip:atlanta.example.com sip/2.0;branch=z9hG4bKy71g2ks From:<sip:biloxi.example.com>;tag=331dc8到:<sip:atlanta.example.com>;tag=162ab5呼叫ID:2xTb9vxSit55XU7p8@atlanta.example.com事件:负载控制订阅状态:活动;expires=3599最大转发:70 CSeq:1775通知联系人:sip:biloxi.example.com内容类型:应用程序/负载控制+xml内容长度:。。。
[Load-Control Document]
[负载控制文件]
F4 200 OK atlanta.example.com -> biloxi.example.com
F4 200 OK atlanta.example.com->biloxi.example.com
SIP/2.0 200 OK Via: SIP/2.0/TCP atlanta.example.com;branch=z9hG4bKy71g2ks ;received=192.0.2.2 From: <sip:biloxi.example.com>;tag=331dc8 To: <sip:atlanta.example.com>;tag=162ab5 Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 1775 NOTIFY Content-Length: 0
SIP/2.0 200 OK Via: SIP/2.0/TCP atlanta.example.com;branch=z9hG4bKy71g2ks ;received=192.0.2.2 From: <sip:biloxi.example.com>;tag=331dc8 To: <sip:atlanta.example.com>;tag=162ab5 Call-ID: 2xTb9vxSit55XU7p8@atlanta.example.com CSeq: 1775 NOTIFY Content-Length: 0
It is known that an existing PSTN network also uses a load-filtering mechanism to prevent overload and the filtering policy configuration is done manually except in specific cases when the Intelligent Network architecture is used [Q.1248.2][E.412]. This specification defines a load-filtering mechanism based on the SIP event notification framework that allows automated filtering policy distribution in suitable environments.
众所周知,现有PSTN网络还使用负载过滤机制来防止过载,并且过滤策略配置是手动完成的,除非在使用智能网络架构的特定情况下[Q.1248.2][E.412]。本规范定义了一种基于SIP事件通知框架的负载过滤机制,该框架允许在适当的环境中自动分发过滤策略。
PSTN overload control uses messages that specify an outgoing control list, call gap duration, and control duration [Q.1248.2][E.412]. These items correspond roughly to the identity, action, and time fields of the SIP load-filtering policy defined in this specification. However, the load-filtering policy defined in this specification is much more generic and flexible as opposed to its PSTN counterpart.
PSTN过载控制使用指定传出控制列表、呼叫间隔持续时间和控制持续时间的消息[Q.1248.2][E.412]。这些项大致对应于本规范中定义的SIP负载过滤策略的标识、操作和时间字段。但是,本规范中定义的负载过滤策略比其PSTN对应策略更通用、更灵活。
Firstly, PSTN load filtering only applies to telephone numbers. The identity element of SIP load-filtering policy allows both SIP URI and telephone numbers (through 'tel' URI) to be specified. These identities can be arbitrarily grouped by SIP domains or any number of leading prefixes of the telephone numbers.
首先,PSTN负载过滤仅适用于电话号码。SIP负载筛选策略的标识元素允许同时指定SIP URI和电话号码(通过“tel”URI)。这些身份可以通过SIP域或电话号码的任何前导前缀任意分组。
Secondly, the PSTN load-filtering action is usually limited to call gapping. The action field in SIP load-filtering policy allows more flexible possibilities such as rate throttle and others.
其次,PSTN负载过滤操作通常仅限于呼叫间隙。SIP负载过滤策略中的操作字段允许更灵活的可能性,例如速率限制和其他。
Thirdly, the duration field in PSTN load filtering specifies a value in seconds for the load-filtering duration only, and the allowed values are mapped into a value set. The time field in SIP load-filtering policy may specify not only a duration, but also a future activation time that could be especially useful for automating load filtering for predictable overloads.
第三,PSTN负载过滤中的持续时间字段仅为负载过滤持续时间指定以秒为单位的值,并将允许的值映射到值集。SIP负载筛选策略中的时间字段不仅可以指定持续时间,还可以指定将来的激活时间,这对于自动化可预测过载的负载筛选特别有用。
PSTN load filtering can be performed in both edge switches and transit switches; the SIP load filtering can also be applied in both edge proxy servers and core proxy servers, and even in capable user agents.
PSTN负载过滤可以在边缘交换机和传输交换机中执行;SIP负载过滤还可以应用于边缘代理服务器和核心代理服务器,甚至可以应用于功能强大的用户代理。
PSTN load filtering also has special accommodation for High Probability of Completion (HPC) calls, which would be similar to calls designated by the SIP Resource Priority Headers [RFC4412]. The SIP load-filtering mechanism also allows prioritizing the treatment of these calls by specifying favorable actions for them.
PSTN负载过滤还特别适用于高完成概率(HPC)呼叫,这类似于SIP资源优先级头指定的呼叫[RFC4412]。SIP负载过滤机制还允许通过为这些调用指定有利的操作来优先处理这些调用。
PSTN load filtering also provides an administrative option for routing failed call attempts to either a reorder tone [E.300SerSup3] indicating overload conditions or a special recorded announcement. A similar capability can be provided in the SIP load-filtering mechanism by specifying appropriate "alt-action" attribute in the SIP load-filtering action field.
PSTN负载筛选还提供了一个管理选项,用于将失败的呼叫尝试路由到指示过载情况的重新排序音调[E.300SerSup3]或特殊录制的公告。通过在SIP负载过滤操作字段中指定适当的“alt action”属性,可以在SIP负载过滤机制中提供类似的功能。
The load-filtering policies in this specification consist of identity, action, and time. The identity can range from a single specific user to an arbitrary user aggregate, domains, or areas. The user can be identified by either the source or the destination. When the user is identified by the source and a favorable action is specified, the result is, to some extent, similar to identifying a priority user based on authorized Resource Priority Headers [RFC4412] in the requests. Specifying a source user identity with an unfavorable action would cause an effect to some extent similar to an inverse SIP resource priority mechanism.
本规范中的负载筛选策略包括标识、操作和时间。标识的范围从单个特定用户到任意用户聚合、域或区域。用户可以通过源或目标来识别。当源识别用户并指定有利操作时,结果在某种程度上类似于根据请求中的授权资源优先级头[RFC4412]识别优先级用户。使用不利操作指定源用户标识将在某种程度上产生类似于反向SIP资源优先级机制的效果。
The load-filtering policy defined in this specification is generic and expected to be applicable not only to the load-filtering mechanism but also to the feedback overload control mechanism in [SIP-OVERLOAD]. In particular, both mechanisms could use specific or wildcard identities for load control and could share well-known load-control actions. The time duration field in the load-filtering policy could also be used in both mechanisms. As mentioned in Section 1, the load-filtering policy distribution mechanism and the feedback overload control mechanism address complementary areas in the overload control problem space. Load filtering is more proactive and focuses on distributing filtering policies towards the source of the traffic; the hop-by-hop feedback-based approach is reactive and reduces traffic already accepted by the network. Therefore, they could also make different use of the generic load-filtering policy components. For example, the load-filtering mechanism may use the time field in the filtering policy to specify not only a control duration but also a future activation time to accommodate a predicable overload such as the one caused by Mother's Day greetings or a viewer-voting program; the feedback-based control might not need to use the time field or might use the time field to specify an immediate load-control duration.
本规范中定义的负载过滤策略是通用的,预计不仅适用于负载过滤机制,而且适用于[SIP-overload]中的反馈过载控制机制。特别是,这两种机制都可以使用特定或通配符标识进行负载控制,并且可以共享众所周知的负载控制操作。负载筛选策略中的“持续时间”字段也可用于这两种机制。如第1节所述,负载过滤策略分配机制和反馈过载控制机制解决过载控制问题空间中的互补区域。负载过滤更加主动,重点是向流量源分发过滤策略;基于逐跳反馈的方法是被动的,可以减少网络已经接受的流量。因此,它们还可以对通用负载筛选策略组件进行不同的使用。例如,负载过滤机制可以使用过滤策略中的时间字段来不仅指定控制持续时间,而且还指定未来激活时间,以适应可预测的过载,例如由母亲节问候语或观众投票节目引起的过载;基于反馈的控制可能不需要使用时间字段,或者可以使用时间字段指定即时负载控制持续时间。
Authors' Addresses
作者地址
Charles Shen Columbia University Department of Computer Science 1214 Amsterdam Avenue, MC 0401 New York, NY 10027 USA
美国纽约州纽约市阿姆斯特丹大道1214号哥伦比亚大学计算机科学系
Phone: +1 212 854 3109 EMail: charles@cs.columbia.edu
Phone: +1 212 854 3109 EMail: charles@cs.columbia.edu
Henning Schulzrinne Columbia University Department of Computer Science 1214 Amsterdam Avenue, MC 0401 New York, NY 10027 USA
美国纽约州纽约市阿姆斯特丹大道1214号亨宁·舒尔兹林内哥伦比亚大学计算机科学系,邮编:10027
Phone: +1 212 939 7004 EMail: schulzrinne@cs.columbia.edu
Phone: +1 212 939 7004 EMail: schulzrinne@cs.columbia.edu
Arata Koike NTT Network Technology Labs 3-9-11 Midori-cho Musashino-shi Tokyo 180-8585 Japan
Arata Koike NTT网络技术实验室3-9-11 Midori cho Musashino shi东京180-8585日本
Phone: +81 422 59 6099 EMail: koike.arata@lab.ntt.co.jp
Phone: +81 422 59 6099 EMail: koike.arata@lab.ntt.co.jp