Independent Submission S. Vinapamula Request for Comments: 7767 Juniper Networks Category: Informational S. Sivakumar ISSN: 2070-1721 Cisco Systems M. Boucadair Orange T. Reddy Cisco February 2016
Independent Submission S. Vinapamula Request for Comments: 7767 Juniper Networks Category: Informational S. Sivakumar ISSN: 2070-1721 Cisco Systems M. Boucadair Orange T. Reddy Cisco February 2016
Application-Initiated Check-Pointing via the Port Control Protocol (PCP)
通过端口控制协议(PCP)应用程序启动的检查点
Abstract
摘要
This document specifies a mechanism for a host to indicate via the Port Control Protocol (PCP) which connections should be protected against network failures. These connections will then be subject to high-availability mechanisms enabled on the network side.
本文档指定了主机通过端口控制协议(PCP)指示哪些连接应受到网络故障保护的机制。然后,这些连接将受制于网络端启用的高可用性机制。
This approach assumes that applications and/or users have more visibility about sensitive connections than any heuristic that can be enabled on the network side to guess which connections should be check-pointed.
这种方法假设应用程序和/或用户对敏感连接的可视性比网络端可以用来猜测应该检查哪些连接的任何启发式方法都要高。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7767.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7767.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Note . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Issues with the Existing Implementations . . . . . . . . . . 4 3. CHECKPOINT_REQUIRED PCP Option . . . . . . . . . . . . . . . 4 3.1. Format . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Operation . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Sample Use Cases . . . . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . 9 Appendix A. Additional Considerations . . . . . . . . . . . . . 11 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Note . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Issues with the Existing Implementations . . . . . . . . . . 4 3. CHECKPOINT_REQUIRED PCP Option . . . . . . . . . . . . . . . 4 3.1. Format . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Operation . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Sample Use Cases . . . . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . 9 Appendix A. Additional Considerations . . . . . . . . . . . . . 11 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
The risk of Internet service disruption is critical in service providers and enterprise networking environments. Such a risk is often mitigated with the introduction of active/backup systems. Such designs not only contribute to minimize the risk of service disruption, but also facilitate maintenance operations (e.g., hitless hardware or software upgrades).
互联网服务中断的风险在服务提供商和企业网络环境中至关重要。这种风险通常可以通过引入主动/备份系统来缓解。此类设计不仅有助于将服务中断的风险降至最低,而且有助于维护操作(例如,无故障硬件或软件升级)。
In addition, the nature of some connections leads to the establishment and the maintenance of connection-specific states by some of the network functions invoked when the connection is established. During active/backup failover in case of a network failure, the said states need to be check-pointed by the backup system. Additional issues are discussed in Section 2.
此外,某些连接的性质导致在建立连接时调用的某些网络功能建立和维护特定于连接的状态。在发生网络故障的主动/备份故障切换期间,备份系统需要检查上述状态。第2节讨论了其他问题。
Heuristics based on the protocol, mapping lifetime, etc., are used in the network to elect which connections need to be check-pointed (e.g., by means of high-availability (HA) techniques). This document advocates for an application-initiated approach that would allow applications and/or users to signal to the network which of their connections are critical.
在网络中使用基于协议、映射生存期等的启发式方法来选择需要检查的连接(例如,通过高可用性(HA)技术)。本文档提倡应用程序启动的方法,允许应用程序和/或用户向网络发出信号,告知他们的连接中哪些是关键的。
Within this document, "check-pointing" refers to a process of state replication and synchronization between active and backup PCP-controlled devices. When the active PCP-controlled device fails, the backup PCP-controlled device will take over all the existing established sessions that were check-pointed. This process is transparent to internal hosts.
在本文档中,“检查点”指的是活动和备份PCP控制设备之间的状态复制和同步过程。当活动PCP控制设备发生故障时,备份PCP控制设备将接管所有已检查点的现有已建立会话。此过程对内部主机是透明的。
This document specifies how PCP [RFC6887] can be extended to indicate which connection should be check-pointed for high availability (Section 3). A set of use cases are provided for illustrative purposes in Section 4. This document does not make any assumptions about the PCP-controlled device that will process the PCP-formatted signaling information from PCP clients. These devices are likely to be flow aware.
本文档规定了如何扩展PCP[RFC6887],以指示应检查哪一个连接以实现高可用性(第3节)。第4节提供了一组用例用于说明目的。本文件不对处理来自PCP客户端的PCP格式信令信息的PCP控制设备进行任何假设。这些设备可能具有流量感知功能。
The approach in this document is aligned with the networking trends advocating for open network APIs to interact with applications/ services (e.g., [RFC7149]). For instance, the decision-making process about policy on the network side will be enriched with information provided by applications using PCP.
本文档中的方法与提倡开放网络API与应用程序/服务交互的网络趋势一致(例如,[RFC7149])。例如,使用PCP的应用程序提供的信息将丰富网络端的政策决策过程。
The CHECKPOINT_REQUIRED PCP option (Section 3) is defined in the "Specification Required" range (see Section 6). In order to be assigned a code point in that range, a permanent publication is required as per Section 4.1 of [RFC5226]. Publication of an RFC is an ideal means of achieving this requirement and also to ease interoperability.
检查点所需PCP选项(第3节)定义在“所需规范”范围内(见第6节)。根据[RFC5226]第4.1节的规定,为了在该范围内分配一个代码点,需要一份永久性出版物。发布RFC是实现这一要求的理想方法,也是简化互操作性的理想方法。
Note, this work was presented to the Port Control Protocol (PCP) WG, but there was no consensus to define this option in the "Standards Action" range despite positive feedback that was received from the working group. Technical comments that were received during PCP meetings and those received on the mailing list were addressed.
注:这项工作已提交给港口控制协议(PCP)工作组,但在“标准行动”范围内对这一选项的定义没有达成共识,尽管工作组提供了积极反馈。在PCP会议期间收到的技术意见以及邮寄清单上收到的技术意见均已提交。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
Regardless of the selected technology or design like HA-based designs, reliably securing connections is expensive in terms of memory, CPU usage, and other resources. Also, check-pointing may not be required for all connections, as all connections may not be critical. But, this leaves a challenge to identify what connections to check-point.
无论选择何种技术或设计(如基于HA的设计),可靠地保护连接在内存、CPU使用和其他资源方面都非常昂贵。此外,并非所有连接都需要检查点,因为所有连接可能都不重要。但是,这给确定到检查点的连接留下了挑战。
Typically, this is addressed by identifying long-lived connections and check-pointing the state of only those connections that lived long enough, to the backup for service continuity.
通常,这是通过识别长寿命连接并将仅那些长寿命连接的状态指向备份以实现服务连续性来解决的。
However, check-pointing long-lived connections raises the following issues:
但是,检查指向长寿命连接会引发以下问题:
1. It is hard for a network to identify (or guess) which connection is (business) critical. This characterization is often customer-specific: a flow can be sensitive for a User #1, while it is not for another User #2. Furthermore, this characterization can vary over time: a flow can be sensitive during hour X, while it is not during other times.
1. 网络很难识别(或猜测)哪个连接是(业务)关键的。这种特性通常是特定于客户的:流可能对用户1敏感,而对另一个用户2不敏感。此外,该特性随时间而变化:流量在X小时内可能敏感,而在其他时间则不敏感。
2. Heuristics are not deterministic.
2. 启发式不是确定性的。
3. A potentially long-lived connection may experience disruption upon failure of the active system, but before it is check-pointed.
3. 潜在的长寿命连接可能会在主动系统发生故障时,但在被检查点之前发生中断。
4. A connection may not be long-lived but it may be critical, e.g., for Voice over IP (VoIP) conversations.
4. 连接可能不会很长,但可能很关键,例如,对于IP语音(VoIP)对话。
5. Likewise, not all long-lived connections are deemed critical: for example, connections that pertain to free Internet services are usually considered not critical compared to the equivalent connections for paid services. Only the latter need to be check-pointed.
5. 类似地,并非所有长寿命连接都被视为关键连接:例如,与付费服务的等效连接相比,与免费互联网服务相关的连接通常被视为不关键连接。只有后者需要检查。
The solution is based on the assumption that an application or user is the best judge of which of its connections are critical.
该解决方案基于这样一个假设:应用程序或用户是判断其连接是否关键的最佳人选。
An application or user may explicitly identify the connections that need to be check-pointed by means of a PCP client, using the CHECKPOINT_REQUIRED option as described in Figure 1.
应用程序或用户可以使用如图1所述的CHECKPOINT_REQUIRED选项,通过PCP客户端明确标识需要检查的连接。
The entry to be backed up is indicated by the content of a MAP or PEER message.
要备份的条目由映射或对等消息的内容指示。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Option Code=192| Reserved | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Option Code=192| Reserved | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Name: CHECKPOINT_REQUIRED Number: 192 Purpose: Indicate if an entry needs to be check-pointed. Valid for Opcodes: MAP, PEER Length: 0. May appear in: Request and response. Maximum occurrences: 1.
选项名称:CHECKPOINT_所需编号:192目的:指示是否需要对条目进行检查。对操作码有效:映射,对等长度:0。可能出现在:请求和响应。最大发生次数:1。
Figure 1: CHECKPOINT_REQUIRED PCP Option
图1:检查点所需的PCP选项
The description of the fields is as follows:
这些字段的说明如下所示:
o Option Code: 192 (see Section 6).
o 选项代码:192(见第6节)。
o Reserved: This field is initialized as specified in Section 7.3 of [RFC6887].
o 保留:按照[RFC6887]第7.3节的规定初始化此字段。
o Option Length: 0. This means no data is included in the option.
o 选项长度:0。这意味着选项中不包含任何数据。
An application or user can take advantage of this PCP option to explicitly indicate which of the connections need to be check-pointed and should not be disrupted. The processing of this option by the PCP server will then yield the check-pointing of the corresponding states by the relevant devices or functions dynamically controlled by the PCP server.
应用程序或用户可以利用此PCP选项明确指示哪些连接需要被检查点,哪些连接不应中断。然后,PCP服务器对该选项的处理将产生由PCP服务器动态控制的相关设备或功能对相应状态的检查点。
Communication between application/user and PCP client is implementation specific.
应用程序/用户和PCP客户端之间的通信是特定于实现的。
Support of the CHECKPOINT_REQUIRED option by PCP servers and PCP clients is optional. This option (Code 192; see Figure 1) may be included in a PCP MAP or PEER request to indicate a connection is to be protected against network failures.
PCP服务器和PCP客户端对CHECKPOINT_REQUIRED选项的支持是可选的。此选项(代码192;请参见图1)可以包含在PCP映射或对等请求中,以指示要针对网络故障保护连接。
There is a risk that every PCP client may wish to check-point every connection; this can potentially load the system. Administration SHOULD restrict the number of connections that can be elected to be
存在每个PCP客户可能希望检查每个连接点的风险;这可能会加载系统。管理部门应限制可选择的连接数
backed up and the rate of check-pointing per network attachment point (e.g., Customer Premises Equipment (CPE), host). To that aim, the PCP server should unambiguously identify the network attachment point a PCP client belongs to. For example, the PCP server may rely on the PCP identity [RFC7652], the assigned prefix to a CPE or host, the subscriber-mask [PREFIX-BINDING], or other identification means.
备份和每个网络连接点(例如,客户场所设备(CPE)、主机)的检查点速率。为此,PCP服务器应明确标识PCP客户端所属的网络连接点。例如,PCP服务器可以依赖PCP标识[RFC7652]、分配给CPE或主机的前缀、订户掩码[prefix-BINDING]或其他标识装置。
The PCP client includes a CHECKPOINT_REQUIRED option in a MAP or PEER request to signal that the corresponding mapping is to be protected.
PCP客户端在映射或对等请求中包含一个CHECKPOINT_REQUIRED选项,以表示要保护相应的映射。
If the PCP client does not receive a CHECKPOINT_REQUIRED option in response to a PCP request that enclosed the CHECKPOINT_REQUIRED option, this means that either the PCP server does not support the option, or the PCP server is configured to ignore the option, or the PCP server cannot satisfy the request expressed in this option (e.g., because of a lack of resources).
如果PCP客户端没有收到包含CHECKPOINT_REQUIRED选项的PCP请求的CHECKPOINT_REQUIRED选项,这意味着PCP服务器不支持该选项,或者PCP服务器配置为忽略该选项,或者PCP服务器无法满足该选项中表示的请求(例如,由于缺乏资源)。
If the CHECKPOINT_REQUIRED option is not included in the PCP client request, the PCP server MUST NOT include the CHECKPOINT_REQUIRED option in the associated response.
如果PCP客户端请求中未包含CHECKPOINT_REQUIRED选项,则PCP服务器不得在相关响应中包含CHECKPOINT_REQUIRED选项。
When the PCP server receives a CHECKPOINT_REQUIRED option, the PCP server checks if it can honor this request depending on whether resources are available for check-pointing. If there are no resources available for check-pointing, but there are resources available to honor the MAP or PEER request, a response is sent back to the PCP client without including the CHECKPOINT_REQUIRED option (i.e., the request is processed as any MAP or PEER request that does not convey a CHECKPOINT_REQUIRED option). If check-pointing resources are still available and the quota for this PCP client has not been reached, the PCP server tags the corresponding entry as eligible to the HA mechanism and sends back the CHECKPOINT_REQUIRED option in the positive answer to the PCP client.
当PCP服务器接收到CHECKPOINT_REQUIRED选项时,PCP服务器将根据资源是否可用于检查点检查来检查是否能够满足此请求。如果没有可用于检查点的资源,但有可用于执行MAP或对等请求的资源,则会将响应发送回PCP客户端,而不包括CHECKPOINT_REQUIRED选项(即,将请求处理为任何不传递CHECKPOINT_REQUIRED选项的MAP或对等请求)。如果检查点资源仍然可用且尚未达到此PCP客户端的配额,则PCP服务器将相应条目标记为符合HA机制的条件,并将肯定回答中的CHECKPOINT_REQUIRED选项发送回PCP客户端。
To update the check-pointing behavior of a mapping maintained by the PCP server, the PCP client generates a PCP MAP or PEER renewal request that includes a CHECKPOINT_REQUIRED option to indicate this mapping has to be check-pointed or that doesn't include a CHECKPOINT_REQUIRED option to indicate this mapping does not need be check-pointed anymore. Upon receipt of the PCP request, the PCP server proceeds with the same operations to validate a MAP or PEER request to update an existing mapping. If validation checks are passed, the PCP server updates the check-point flag associated with that mapping accordingly (i.e., it is set if a CHECKPOINT_REQUIRED option was included in the update request or it is cleared if no CHECKPOINT_REQUIRED option was included), and the PCP server returns the response to the PCP client accordingly.
要更新由PCP服务器维护的映射的检查点行为,PCP客户端生成一个PCP映射或对等续订请求,该请求包含一个CHECKPOINT_REQUIRED选项,以指示必须对该映射进行检查点,或不包含一个CHECKPOINT_REQUIRED选项,以指示该映射不再需要进行检查点。收到PCP请求后,PCP服务器继续执行相同的操作以验证映射或对等请求以更新现有映射。如果验证检查通过,PCP服务器将相应地更新与该映射相关联的检查点标志(即,如果更新请求中包含需要检查点的选项,则设置该标志;如果不包含需要检查点的选项,则清除该标志),PCP服务器将相应地向PCP客户端返回响应。
What information to check-point and how to check-point are outside the scope of this document and are left for implementations. Also, the mechanism for users or applications to indicate check-pointing in a PCP request may be automatic, semiautomatic, or require human intervention. This behavior is also left for application implementations. For managed CPEs, a service provider may influence what connections are to be check-pointed.
检查点的哪些信息以及如何检查点超出了本文档的范围,留待实现。此外,用户或应用程序在PCP请求中指示检查点的机制可以是自动、半自动或需要人工干预。这种行为也留给应用程序实现。对于托管CPE,服务提供商可能会影响要检查的连接。
For honored requests, it is RECOMMENDED to check-point state on backup before a response is sent to the PCP client.
对于已处理的请求,建议在将响应发送到PCP客户端之前检查备份上的点状态。
Below are provided some examples for illustrative purposes:
以下提供了一些示例,以便于说明:
Example 1: Consider a streaming service such as live TV broadcasting, or any other media streaming, that supports check-pointing signaling functionality. Suppose this application is installed in three hosts A, B and C. For A, the application is critical and should not be interrupted, while for B it is not. While for C, only some programs are of interest. At the time of installing this application's software, corresponding preferences can be provisioned. When the application starts streaming:
示例1:考虑流电视服务,如直播电视广播,或任何其他媒体流,支持检查点信令功能。假设此应用程序安装在三台主机A、B和C中。对于A,该应用程序是关键的,不应中断,而对于B,则不应中断。而对于C,只有一些程序是感兴趣的。在安装此应用程序的软件时,可以设置相应的首选项。当应用程序开始流式处理时:
* All the flows associated with the streaming application are critical for A. Limiting the number of flows to be backed up will ensure that host doesn't exceed the user's limit.
* 与流应用程序关联的所有流对于A来说都是至关重要的。限制要备份的流的数量将确保主机不会超过用户的限制。
* For B, none of these flows are critical for check-pointing. The CHECKPOINT_REQUIRED option is not included in the PCP requests.
* 对于B,这些流都不是检查点的关键。PCP请求中不包括CHECKPOINT_REQUIRED选项。
* For C, the user is invited to interact with the application by means of a configuration option that is provided to dynamically select which streaming to check-point, based on the user's interest.
* 对于C,用户被邀请通过配置选项与应用程序交互,该配置选项根据用户的兴趣动态选择要检查点的流。
Example 2: Consider a streaming service offered by a provider. Suppose three levels of subscriptions are offered by that provider, e.g., gold, silver, and bronze. To guarantee a certain level of quality of service for each subscription, policies are configured such that:
示例2:考虑由提供商提供的流式服务。假设该提供商提供三个级别的订阅,例如金、银和铜。为保证每个订阅具有一定级别的服务质量,策略的配置应确保:
* All flows associated with a gold subscription should be check-pointed.
* 与黄金认购相关的所有流都应勾选。
* Only some flows associated with a silver subscription are check-pointed.
* 只有一些与白银订阅关联的流被勾选。
* None of the flows associated with a bronze subscription are check-pointed.
* 与bronze订阅关联的所有流均未选中。
When a user invokes the streaming service, he/she may fall into one of those buckets, and according to the configured policy, his/ her associated streaming flows are automatically check-pointed. Login credentials can be used as a trigger to determine the subscription level (and therefore the associated check-pointing behavior).
当用户调用流式处理服务时,他/她可能会落入这些桶中的一个桶中,并且根据配置的策略,他/她关联的流式处理流会自动被选中。登录凭据可以用作触发器来确定订阅级别(以及相关的检查点行为)。
Example 3: Consider a VoIP application that is able to request that its flows be check-pointed. No matter what is configured by the user, some calls such as emergency calls should be check-pointed. The application has to identify such calls.
示例3:考虑VoIP应用程序,它能够请求其流被检查指出。无论用户配置了什么,一些呼叫(如紧急呼叫)都应该被勾选。应用程序必须识别此类调用。
Example 4: In the context of an enterprise network, applications are customized by the administrator. Instructions about whether a CHECKPOINT_REQUIRED option is to be included are determined by the administrator. Only the subset of applications identified by the administrator will make use of this option in conformance with the enterprise network's management policies. Any misbehavior can be considered as abuse.
示例4:在企业网络的上下文中,应用程序由管理员自定义。关于是否包含检查点所需选项的说明由管理员确定。只有管理员确定的应用程序子集才能根据企业网络的管理策略使用此选项。任何不当行为都可以被视为虐待。
In order to prevent every application from including a CHECKPOINT_REQUIRED option in its PCP requests, the following items are assumed:
为了防止每个应用程序在其PCP请求中包含CHECKPOINT_REQUIRED选项,假定以下各项:
o Applications may be delivered with some default settings for check-pointing, and these settings should be programmable by end user.
o 交付的应用程序可能带有一些用于检查点的默认设置,这些设置应由最终用户进行编程。
o Exposing and enforcing these settings is application specific.
o 公开和强制这些设置是特定于应用程序的。
o The end user may customize these settings based on the requirements.
o 最终用户可根据要求自定义这些设置。
PCP-related security considerations are discussed in [RFC6887].
[RFC6887]中讨论了PCP相关的安全注意事项。
The CHECKPOINT_REQUIRED option can be used by an attacker to identify critical flows; this is sensitive from a privacy standpoint. Also, an attacker can cause critical flows to not be check-pointed by stripping the CHECKPOINT_REQUIRED option or by consuming the quota by adding the option to other flows.
攻击者可以使用CHECKPOINT_REQUIRED选项来识别关键流;从隐私的角度来看,这是敏感的。此外,攻击者还可以通过剥离CHECKPOINT_REQUIRED选项或通过将该选项添加到其他流来消耗配额,从而导致关键流不被检查点指向。
These two issues can be mitigated if the network on which the PCP messages are to be sent is fully trusted. Means to defend against attackers who can intercept packets between the PCP server and the PCP client should be enabled. In some deployments, access control lists (ACLs) can be installed on the PCP client, PCP server, and the network between them, so those ACLs allow only communications between trusted PCP elements. If the networking environment between the PCP client and the PCP server is not secure, PCP authentication [RFC7652] MUST be enabled.
如果发送PCP消息的网络完全可信,则可以缓解这两个问题。应启用防止攻击者拦截PCP服务器和PCP客户端之间数据包的方法。在某些部署中,访问控制列表(ACL)可以安装在PCP客户端、PCP服务器以及它们之间的网络上,因此这些ACL只允许可信PCP元素之间的通信。如果PCP客户端和PCP服务器之间的网络环境不安全,则必须启用PCP身份验证[RFC7652]。
A network device can always override the end-user signaling, i.e., what is signaled by the PCP client, if the instructions conflict with the network policies.
如果指令与网络策略冲突,则网络设备始终可以覆盖最终用户信令,即,PCP客户端发出的信令。
The following PCP Option Code has been allocated in the "Specification Required" range of the "PCP Options" registry (http://www.iana.org/assignments/pcp-parameters):
以下PCP选项代码已分配到“PCP选项”注册表的“所需规格”范围内(http://www.iana.org/assignments/pcp-parameters):
192 CHECKPOINT_REQUIRED (see Section 3.1)
需要192个检查点(见第3.1节)
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, DOI 10.17487/RFC6887, April 2013, <http://www.rfc-editor.org/info/rfc6887>.
[RFC6887]Wing,D.,Ed.,Cheshire,S.,Boucadair,M.,Penno,R.,和P.Selkirk,“港口控制协议(PCP)”,RFC 6887,DOI 10.17487/RFC6887,2013年4月<http://www.rfc-editor.org/info/rfc6887>.
[RFC7652] Cullen, M., Hartman, S., Zhang, D., and T. Reddy, "Port Control Protocol (PCP) Authentication Mechanism", RFC 7652, DOI 10.17487/RFC7652, September 2015, <http://www.rfc-editor.org/info/rfc7652>.
[RFC7652]Cullen,M.,Hartman,S.,Zhang,D.,和T.Reddy,“端口控制协议(PCP)认证机制”,RFC 7652,DOI 10.17487/RFC7652,2015年9月<http://www.rfc-editor.org/info/rfc7652>.
[PREFIX-BINDING] Vinapamula, S. and M. Boucadair, "Recommendations for Prefix Binding in the Softwire DS-Lite Context", Work in Progress, draft-vinapamula-softwire-dslite-prefix-binding-12, October 2015.
[前缀绑定]Vinapamula,S.和M.Boucadair,“软线DS-Lite上下文中前缀绑定的建议”,正在进行的工作,草稿-Vinapamula-Softwire-dslite-PREFIX-BINDING-12,2015年10月。
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,DOI 10.17487/RFC5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined Networking: A Perspective from within a Service Provider Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014, <http://www.rfc-editor.org/info/rfc7149>.
[RFC7149]Boucadair,M.和C.Jacquenet,“软件定义的网络:服务提供商环境中的视角”,RFC 7149,DOI 10.17487/RFC7149,2014年3月<http://www.rfc-editor.org/info/rfc7149>.
It was tempting to include additional fields in the option but this would lead to a more complex design that is not justified. For example, we considered the following.
在选项中包含其他字段很有诱惑力,但这将导致更复杂的设计,这是不合理的。例如,我们考虑了以下几点。
o Define a dedicated field to indicate a priority level. This priority is intended to be used by the PCP server as a hint when processing a request with a CHECKPOINT_REQUIRED option. Nevertheless, an application may systematically choose to set the priority level to the highest value so that it increases its chance to be serviced!
o 定义专用字段以指示优先级。当使用检查点所需选项处理请求时,PCP服务器将此优先级用作提示。然而,应用程序可能会系统地选择将优先级设置为最高值,以增加其获得服务的机会!
o Return a more granular failure error code to the requesting PCP client. However, this would require extra processing at both the PCP client and server sides for handling the various error codes without any guarantee that the PCP client would have its mappings check-pointed.
o 向请求PCP客户端返回更精细的故障错误代码。但是,这需要在PCP客户端和服务器端进行额外的处理,以处理各种错误代码,而不保证PCP客户端将检查其映射。
Acknowledgments
致谢
Thanks to Reinaldo Penno, Stuart Cheshire, Dave Thaler, Prashanth Patil, and Christian Jacquenet for their comments.
感谢雷纳尔多·佩诺、斯图亚特·切希尔、戴夫·泰勒、帕蒂尔和克里斯蒂安·雅克内特的评论。
Authors' Addresses
作者地址
Suresh Vinapamula Juniper Networks 1194 North Mathilda Avenue Sunnyvale, CA 94089 United States
Suresh Vinapamula Juniper Networks 1194 North Mathilda Avenue Sunnyvale,加利福尼亚州94089
Phone: +1 408 936 5441 Email: sureshk@juniper.net
Phone: +1 408 936 5441 Email: sureshk@juniper.net
Senthil Sivakumar Cisco Systems 7100-8 Kit Creek Road Research Triangle Park, NC 27760 United States
美国北卡罗来纳州Kit Creek Road研究三角公园Senthil Sivakumar Cisco Systems 7100-8号,邮编27760
Phone: +1 919 392 5158 Email: ssenthil@cisco.com
Phone: +1 919 392 5158 Email: ssenthil@cisco.com
Mohamed Boucadair Orange Rennes 35000 France
穆罕默德·布卡代尔·奥兰治·雷恩35000法国
Email: mohamed.boucadair@orange.com
Email: mohamed.boucadair@orange.com
Tirumaleswar Reddy Cisco Systems, Inc. Cessna Business Park, Varthur Hobli Sarjapur Marathalli Outer Ring Road Bangalore, Karnataka 560103 India
Tirumaleswar Reddy Cisco Systems,Inc.印度卡纳塔克邦班加罗尔外环路瓦图尔霍布里萨贾普尔马拉塔利塞斯纳商业园560103
Email: tireddy@cisco.com
Email: tireddy@cisco.com