| Network Working Group | O. Finkelman |
| Internet-Draft | Qwilt |
| Intended status: Standards Track | S. Mishra |
| Expires: March 27, 2020 | Verizon |
| September 24, 2019 |
CDNI Request Routing Extensions
draft-ietf-cdni-request-routing-extensions-07
Open Caching is a use case of Content Delivery Networks Interconnetion (CDNI) in which the commercial Content Delivery Network (CDN) is the upstream CDN (uCDN) and the ISP caching layer serves as the downstream CDN (dCDN). The extensions specified in this document to the CDNI Metadata and FCI interfaces are derived from requirements raised by Open Caching but are also applicable to CDNI use cases in general.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 27, 2020.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The Open Caching working group of the Streaming Video Alliance (SVA) is focused on the delegation of video delivery requests from commercial CDNs to a caching layer at the Internet Service Provider's (ISP) network. Open Caching is a specific use case of CDNI where the commercial CDN is the upstream CDN (uCDN) and the ISP caching layer is the downstream CDN (dCDN). This document defines and registers CDNI generic metadata object [RFC8006] and CDNI Footprint and Capabilities object [RFC8008] that are required for Open Caching request routing. For consistency with other CDNI documents this document follows the CDNI convention of uCDN (upstream CDN) and dCDN (downstream CDN) to represent the commerical CDN and ISP caching layer respectively.
This document also registers CDNI Payload Types [RFC7736] for the defined objects:
The following terms are used throughout this document:
Additionaly, this document reuses the terminology defined in [RFC6707], [RFC7336], [RFC8006], [RFC8007], and [RFC8008]. Specifically, we use the following CDNI acronyms:
Iterative request redirection is defined in Section 1.1 of [RFC7336] and elaborated by examples in Sections 3.2 and 3.4 of [RFC7336]. A Redirection Target (RT) is defined in Section 2 of [RFC7975] for Recursive Request Redirection as:
In this document we adopt the same defintion of the RT for the Iterative Request Redirect use case. This use case requires the provisioning of the RT address to be used by the uCDN in order to redirect to the dCDN. RT addresses can vary between different footprints, for example, between different regions, and they may also change over time, for example as a result of network problems. Given this variable and dynamic nature of the redirect target address, it may not be suitable to advertise it during bootstrap. A more dynamic and footprint oriented interface is required. Section 4.3 of [RFC7336] suggests that it could be one of the roles of the FCI [RFC8008]. Following this suggestion we have, therefore, chosen to use the CDNI Footprint and Capabilities interface for redirect target address advertisement.
Use cases
The Redirect Target capability object is used to indicate the target address the uCDN should use in order to redirect a client to the dCDN. A target may be attached to a specific uCDN host, a list of uCDN hosts, or used globally for all the hosts of the uCDN.
When a dCDN is attaching the redirect target to a specific uCDN host or a list of uCDN hosts, the dCDN MUST advertise the hosts within the Redirect Target capability object as "redirecting-hosts". In this case, the uCDN can redirect to that dCDN address, only if the User Agent request was to one of these uCDN hosts.
A redirect target for DNS redirection is an IPv4 address used as an A record response, an IPv6 address used as an AAAA record response or a FQDN used as an alias in a CNAME record response (see [RFC1034]) of the uCDN DNS router. Note that DNS routers make routing decisions based on either the DNS resolver's IP address or the client IP address when EDNS0 client-subnet is used (see [RFC7871]). The dCDN may choose to advertise redirect targets and footprints to cover both cases. A uCDN DNS router implemenation SHOULD prefer routing based on client IP address when it is available.
A redirect target for HTTP redirection is the URI to be used as the value for the Location header of a HTTP redirect 3xx response, typically a 302 (Found) (see Section 7.1.2 of [RFC7231] and section 6.4 of [RFC7231]).
If the redirect target capability object does not contain a target or the target is empty, the uCDN MUST interpret it as "no target available for these uCDN hosts for the specified footprint". In case such a target was already advertised in a previous FCI object, the uCDN MUST interperet it as an update that deletes the previous redirect target.
The Redirect Target capability object consists of the following properties:
The following is an example of a Redirect Target capability object serialization that advertises a dCDN target address that is attached to a specific list of uCDN "redirecting-hosts". A uCDN host that is included in that list can redirect to the advertised dCDN redirect target. The capabilities object is serialized as a JSON object as defined in Section 5 of [RFC8008]
{
"capabilities": [
{
"capability-type": "FCI.RedirectTarget",
"capability-value": {
"redirecting-hosts": [
"a.service123.ucdn.example.com",
"b.service123.ucdn.example.com"
],
"dns-target": {
"host": "service123.ucdn.dcdn.example.com"
},
"http-target": {
"host": "us-east1.dcdn.example.com",
"path-prefix": "/cache/1/",
"include-redirecting-host": true
}
},
"footprints": [
<Footprint objects>
]
}
]
}
The DnsTarget object gives the target address for the DNS response to delegate from the uCDN to the dCDN.
The following is an example of DnsTarget object:
{
"host": "service123.ucdn.dcdn.example.com"
}
The following is an example of a DNS query for uCDN address "a.service123.ucdn.example.com" and the corresponding CNAME redirection response:
Query:
a.service123.ucdn.example.com:
type A, class IN
Response:
a.service123.ucdn.example.com:
type CNAME, class IN, cname service123.ucdn.dcdn.example.com
The HttpTarget object gives the necessary information to construct the target Location URI for HTTP redirection.
Example of HttpTarget object with a path-prefix and include-redirecting-host:
{
"host": "us-east1.dcdn.example.com",
"path-prefix": "/cache/1/",
"include-redirecting-host": true
}
Example of a HTTP request for content at uCDN host "a.service123.ucdn.example.com" and the corresponding HTTP response with Location header used for redirecting the client to the dCDN using the the http-target in the above example:
Request:
GET /vod/1/movie.mp4 HTTP/1.1
Host: a.service123.ucdn.example.com
Response:
HTTP/1.1 302 Found
Location: http://us-east1.dcdn.example.com/cache/1/
a.service123.ucdn.example.com/vod/1/movie.mp4
Before requests can be routed from the uCDN to the dCDN the CDNs must exchange service configurations between them. Using the MI the uCDN advertises out-of-band its hosts to the dCDN, each host is designated by a host name and has its own specific metadata (see Section 4.1.2 of [RFC8006]. The dCDN, using the FCI, advertises, also out-of-band, the redirect target address object defined in Section 2.1 for the relevant uCDN hosts. The following is a generalized example of the message flow between an upstream CDN and a downstream dCDN. For simplicity, we focus on the sequence of messages between the uCDN and dCDN and not on how they are passed.
dCDN uCDN
+ +
| |
(1) | MI: host: s123.ucdn.example.com |
| host-metadata: < metadata > |
<-------------------------------------------------------+
| |
(2) | FCI: capability-type: FCI.RedirectTarget |
| redirecting-hosts: us-east1.dcdn.example.com |
| target host: s123.ucdn.example.com |
+------------------------------------------------------->
| |
| |
+ +
Figure 1: Redirect target address advertisement
Once the redirect target has been set, the uCDN can start redirecting user requests to the dCDN. The following is a generic sequence of redirection using the host and redirect target that were advertised in Figure 1 above.
End User dCDN uCDN RR
+ + +
| | |
(1) | Request sent s123.ucdn.example.com |
+-----------------------+----------------------->
| | |
(2) | Redirect to us-east1.dcdn.example.com |
<-----------------------+-----------------------+
| | |
(3) | Request us-east1.dcdn.example.com |
+-----------------------> |
| | |
(4) | Response | |
<-----------------------+ |
| | |
+ + +
Figure 2: Generic requests redirection sequence
Open Caching requires that the uCDN provides a fallback target server to the dCDN, to be used in cases where the dCDN cannot properly handle the request. To avoid redirect loops, the fallback target server's address at the uCDN MUST be different from the original uCDN address from which the client was redirected to the dCDN. The uCDN MUST avoid further redirection when receiving the client request at the fallback target. The fallback target is defined as a generic metadata object (see Section 3.2 of [RFC8006])
Use cases
The Fallback target metadata object is used to indicate the target address the dCDN should use in order to redirect a client back to the uCDN. Fallback target is represented as endpoint objects as defined in section 4.3.3 of [RFC8006].
The uCDN fallback target address may be used as a DNS A record, AAAA record or CNAME record in case of DNS redirection or a hostname for HTTP redirect.
When using HTTP redirect to route a client request back to the uCDN, it is the dCDN's responsibility to use the original URL path as the client would have used for the original uCDN request, stripping, if needed, the dCDN path-prefix and/or the uCDN hostname from the redirect URL that may have been used to request the content from the dCDN.
The MI.FallbackTarget Metadata object consists of the following single property:
Example of a MI.FallbackTarget Metadata object that designates the host address the dCDN should use as fallback address to redirect back to the uCDN.
{
"generic-metadata-type": "MI.FallbackTarget",
"generic-metadata-value":
{
"host": "fallback-a.service123.ucdn.example"
}
}
The uCDN advertises out-of-band the fallback target address to the dCDN, so that the dCDN may redirect a request back to the uCDN in case the dCDN cannot serve it. Using the MI the uCDN advertises its hosts to the dCDN, along with their specific host metadata (see Section 4.1.2 of [RFC8006]. The Fallback Target generic metadata object is encapsulated within the "host-metadata" property of each host. The following is an example of a message flow between an upstream CDN and a downstream dCDN. For simplicity, we focus on the sequence of messages between the uCDN and dCDN, not on how they are passed.
dCDN uCDN
+ +
| |
(1) | MI: host: s123.ucdn.example.com |
| host-metadata: |
| < metadata objects > |
| < MI.FallbackTarget |
| host: fallback-a.service123.ucdn.example > |
| < metadata objects > |
<-------------------------------------------------------+
| |
(2) | FCI: capability-type: FCI.RedirectTarget |
| redirecting-hosts: us-east1.dcdn.example.com |
| target host: s123.ucdn.example.com |
+------------------------------------------------------->
| |
| |
+ +
Figure 3: Advertisement of host metadata with Fallback Target
The following is a generic sequence of redirection using the configurations that were advertised in Figure 3 above. In this case the dCDN redirects back to the uCDN fallback target address.
End User dCDN uCDN fallback uCDN RR
+ + + +
| | | |
(1) | Request sent s123.ucdn.example.com | |
+-------------------+-------------------+------------------->
| | | |
(2) | Redirect to us-east1.dcdn.example.com | |
<-------------------+-------------------+-------------------+
| | | |
(3) | Request us-east1.dcdn.example.com | |
+-------------------> | |
| | | |
(4) | Redirect back to fallback-a.service123.ucdn.example |
<-------------------+ | |
| | | |
(5) | Request fallback-a.service123.ucdn.example |
+---------------------------------------> |
| | | |
(6) | Response | | |
<-------------------+-------------------+ |
| | | |
+ + + +
Figure 4: Redirection to Fallback Target
This document requests the registration of the following CDNI Payload Types under the IANA "CDNI Payload Types" registry defined in [RFC7736]:
| Payload Type | Specification |
|---|---|
| FCI.RedirectTarget | RFCthis |
| MI.FallbackTarget | RFCthis |
[RFC Editor: Please replace RFCthis with the published RFC number for this document.]
Purpose: The purpose of this payload type is to distinguish RedirectTarget FCI objects
Interface: FCI
Encoding: see Section 2.1
Purpose: The purpose of this payload type is to distinguish FallbackTarget MI objects (and any associated capability advertisement)
Interface: MI/FCI
Encoding: see Section 3.1
This specification is in accordance with the CDNI Metadata Interface and the CDNI Request Routing: Footprint and Capabilities Semantics. As such, it is subject to the security and privacy considerations as defined in Section 8 of [RFC8006] and in Section 7 of [RFC8008] respectively.
The redirect Target FCI object potentially exposes information about the internal strcture of the dCDN network. A third party could intercept the FCI transactions and use the information to attack the dCDN. An implemenation of the FCI MUST therefore use strong authentication and encryption and strictly follow the directions for securing the interface as defined for the Metadata Interface in Section 8.3 of [RFC8006].
The authors thank Nir B. Sopher for reality checks against production use cases, his contribution is significant to this document. The authors also thank Ben Niven-Jenkins for his review and feedback and Kevin J. Ma for his guidance throughout the development of this document including his regular reviews.
| [RFC7736] | Ma, K., "Content Delivery Network Interconnection (CDNI) Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, December 2015. |
| [RFC7871] | Contavalli, C., van der Gaast, W., Lawrence, D. and W. Kumari, "Client Subnet in DNS Queries", RFC 7871, DOI 10.17487/RFC7871, May 2016. |