Internet Engineering Task Force | C. Eckel |
Internet-Draft | T. Reddy |
Intended status: Informational | Cisco Systems, Inc. |
Expires: July 12, 2014 | January 08, 2014 |
Application Enabled Open Networking Use Cases
draft-eckel-aeon-use-cases-00
This document describes application enabled open networking use cases. Application enabled open networking (AEON) is a framework in which applications explicitly signal their flow characteristics to the network. This provides network nodes with visibility of the application flow characteristics, which enables them to apply the correct flow treatment and provide feedback to applications.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 12, 2014.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Identification and treatment of application flows are critical for the successful deployment and operation of applications based on a wide range of signaling protocols. Historically, this functionality has been accomplished to the extent possible using heuristics, which inspect and infer flow characteristics. Heuristics may be based on port ranges, IP subnetting, or deep packet inspection (DPI), e.g. application level gateway (ALG). Port based solutions suffer from port overloading and inconsistent port usage. IP subnetting solutions are error prone and result in network management hassle. DPI is computationally expensive and becomes a challenge with the wider adoption of encrypted signaling and secured traffic. An additional drawback of DPI is that the resulting insights are not available, or need to be recomputed, at network nodes further down the application flow path.
Application enabled open networking (AEON) allows applications to explicitly signal their flow characteristics to the network. This provides network nodes with visibility of the application flow characteristics. These network nodes may take action based on this visibility and/or contribute to the flow description. The resulting flow description may be communicated as feedback from the network to applications.
This document describes a set of use cases addressable by AEON. Additional details on the AEON are provided in [I-D.eckert-intarea-flow-metadata-framework]
The following use cases have been identified.
In describing each use case, the following information is provided.
Modern firewalls use application-layer gateways (ALGs) to perform policy enforcement. For example firewalls implement SIP-aware Application Layer Gateway function, which examines the SIP signaling and opens the appropriate pinholes for the RTP media. In particular firewall extracts media transport addresses, transport protocol and ports from session description and creates a dynamic mapping for media to flow through. This model will not work in the following cases:
Enterprise networks that use firewalls with restrictive policies block new applications like WebRTC and delay deployment of killer applications.
The above problems can be addressed by the host getting authorization from the Application Server trusted by the network in order to install flows and associated actions (e.g., policies). PCP third party authorization (draft-wing-pcp-third-party-authz-01) solves this problem by associating the media session with the signaling session. This is done by sending a cryptographic token in the signaling which authorizes the firewall mapping for the media session.
Enterprise networks that use firewalls with restrictive policies can deploy new applications at a faster rate for user benefit.
Enterprise firewalls can enforce restrictive policies without the need to be enhanced to perform ALG on new applications. For example Enterprise firewall could have granular policies to permit peer-to-peer UDP media session only when the call is initiated using the selected WebRTC server (Dr. Good) it trusts and block others (Dr. Evil). PCP-aware firewalls can enforce such granular security policies without performing ALG on the session signaling protocols. This mechanism can be used by any other Application Function trusted by the network to permit time-bound, encrypted, peer-to-peer traffic.
The client requests dynamic mappings to permit flows required by the application. This request includes a cryptographic token and characteristics of the flow, such as the anticipated bandwidth needs as well as the tolerance to delay, loss, and jitter.
The firewall uses the client request to permit and prioritize the traffic associated with those flows. The cryptographic token provides authorization for the flows and their prioritization.
Firewall matches the authorization data with what is requested in the request sent by the client. If the authorization sets match, the firewall processes the request made by the client. If the token is invalid or the request exceeds what is authorized by the token then firewall rejects the request.
HTTP Adaptive Streaming (HAS) is an umbrella term for various HTTP-based streaming technologies that allow a client to adaptively switch between multiple bitrates, depending on current network conditions. HAS client first requests and receives a Manifest File, and then, after parsing the information in the Manifest File, proceeds with sequentially requesting the chunks listed in the Manifest File.
The problems with HAS are:
If ISP has agreement with content provider then HAS client can use third party authorization to request network resources. At a high level, this authorization works by the client first obtaining a cryptographic token from the authorizing network element, then including that token in the request along with relevant flow characteristics. ISP validates the token and grants the request.
AEON helps increase the average play quality, reduces the start-up delay and frame freezes by avoiding attempt to retrieve a too high-bit rate chunk etc thus improving the quality of experience for end user.
Network Operators can recognize and prioritize one-way video streaming content.
HAS client signals the flow characteristics such as the anticipated bandwidth needs as well as the tolerance to delay, loss, and jitter.
Subject to local policies, a network node might perform bandwidth counting, or reconfigure the underlying network so that additional bandwidth is made available for this particular flow, or might perform other actions.
The network responds that the client request can be fully or partially accommodated. It also notifies the client when conditions change.
An increasing number of hosts are operating in multiple-interface environments and a host with multiple interfaces needs to choose the best interface for communication. Oftentimes, this decision is based on a static configuration and does not consider the link characteristics of that interface, which may affect the user experience. The network interfaces may have different link characteristics, but that will not be known without the awareness of the upstream and downstream characteristics of the access link.
TODO
Applications can choose the best interface for communication using AEON.
The network that can provide the requested flow characteristics will be selected by the application thus increasing the subscriber base of the operator.
Application signals flow characteristics over multiple interfaces and based on the response from its various interfaces sorts the source addresses according to the link capacity characteristics. Source addresses from the interface which best fulfills the desired flow characteristics are assigned the highest priority and would be tried first to communicate with the server or remote peer. For example draft-reddy-mmusic-ice-best-interface-pcp-00 explains the mechanism where Interactive Connectivity Establishment (ICE) agent on a host with multiple interfaces uses AEON to determine the link characteristics of the host's interfaces, which influences the ICE candidate priority. Similarly draft-wing-mptcp-pcp-00 explains how Multipath TCP (MPTCP) can select the best path when multiple paths are available.
The authors thank the attendees of the Bar BoF for contributing towards this set of use cases.
[I-D.eckert-intarea-flow-metadata-framework] | Eckert, T., Penno, R., Choukir, A. and C. Eckel, "A Framework for Signaling Flow Characteristics between Applications and the Network", Internet-Draft draft-eckert-intarea-flow-metadata-framework-00, July 2013. |