Generic Autonomic Signaling Protocol Application Program Interface (GRASP API)
draft-liu-anima-grasp-api-02
This document specifies the application programming interface (API) of the Generic Autonomic Signaling Protocol (GRASP). The API is used for Autonomic Service Agents (ASA) calling the GRASP protocol module to communicate autonomic network signalings with other ASAs.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 3, 2017.
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
As defined in [I-D.ietf-anima-reference-model] , the Autonomic Serveice Agent (ASA) is the atomic entity of an autonomic function; and it is instantiated on autonomic nodes. When ASAs communicate with each other, they should use the Generic Autonomic Signaling Protocol (GRASP) [I-D.ietf-anima-grasp].
As the following figure shows, the GRASP could contain two major sub-layers. The bottom is the GRASP base protocol module, which is only responsible for sending and recieving GRASP messages. The upper layer is some extended functions based upon GRASP basic protocol. For example, [I-D.liu-anima-grasp-distribution] is one of the extended functions.
It is desirable that ASAs can be designed as portable user-space programs using a portable API. In many operating systems, the GRASP module will therefore be split into two layers, one being a library that provides the API and the other being kernel code containing common components such as multicast handling and the discovery cache. The details of this are system-dependent.
+----+ +----+
|ASAs| |ASAs|
+----+ +----+
| |
| GRASP Function API |
| |
+------------------+ |GRASP API
| GRASP Extended | |
| Function Modules | |
+------------------+ |
+------------------------------------------+
| GRASP Library |
| GRASP Module - - - - - - - - - - - - - -|
| GRASP Kernel |
+------------------------------------------+
Both the GRASP base module and the extended function modules should be available to the ASAs. Thus, there needs to be two sub-sets of API. However, since the extended functions are expected to be added in an incremental manner, it is inappropriate to define the function APIs in a single document. This document only defines the base GRASP API.
2. GRASP API for ASA
2.1. Design Principles
The assumption of this document is that any Autonomic Service Agent (ASA) needs to call a GRASP module that handles protocol details (security, sending and listening for GRASP messages, waiting, caching discovery results, negotiation looping, sending and receiving sychronization data, etc.) but understands nothing about individual objectives. So this is a high level abstract API for use by ASAs. Individual language bindings should be defined in separate documents.
An assumption of this API is that ASAs may fall into various classes:
- ASAs that only use GRASP for discovery purposes.
- ASAs that use GRASP negotiation but only as an initiator (client).
- ASAs that use GRASP negotiation but only as a responder.
- ASAs that use GRASP negotiation as an initiator or responder.
- ASAs that use GRASP synchronization but only as an initiator (recipient).
- ASAs that use GRASP synchronization but only as a responder and/or flooder.
- ASAs that use GRASP synchronization as an initiator, responder and/or flooder.
The API also assumes that one ASA may support multiple objectives. Nothing prevents an ASA from supporting some objectives for synchronization and others for negotiation.
This is a preliminary version. Two particular gaps exist:
- Authorization of ASAs is out of scope.
- The Rapid mode of GRASP is not supported.
2.2. API definition
2.2.1. Parameters and data structures
Wherever a 'timeout' parameter appears, it is an integer expressed in milliseconds. If it is zero, the GRASP default timeout (GRASP_DEF_TIMEOUT, see [I-D.ietf-anima-grasp]) will apply. If no response is received before the timeout expires, the call will fail unless otherwise noted.
An 'objective' parameter is a data structure with the following components:
- name (UTF-8 string) - the objective's name
- neg (Boolean) - True if objective supports negotiation (default False)
- synch (Boolean) - True if objective supports synchronization (default False)
- loop_count (integer) - Limit on negotiation steps etc. (default GRASP_DEF_LOOPCT, see [I-D.ietf-anima-grasp])
- value - a specific data structure expressing the value of the objective. The format is language dependent, with the constraint that it can be validly represented in CBOR (default integer = 0).
An 'ASA_locator' parameter is a data structure with the following contents:
- locator - The actual locator, either an IP address or an ASCII string.
- ifi (integer) - The interface identifier index via which this was discovered - probably no use to a normal ASA
- expire (system dependent type) - The time on the local system clock when this locator will expire from the cache
- is_ipaddress (Boolean) - True if the locator is an IP address
- is_fqdn (Boolean) - True if the locator is an FQDN
- is_uri (Boolean) - True if the locator is a URI
- diverted (Boolean) - True if the locator was discovered via a Divert option
- protocol (integer) - Applicable transport protocol (IPPROTO_TCP or IPPROTO_UDP)
- port (integer) - Applicable port number
A 'tagged_objective' parameter is a data structure with the following contents:
- objective - An objective
- source - The ASA_locator from which the objective came
In most calls, an 'asa_nonce' parameter is required. It is generated when an ASA registers with GRASP, and any call in which an invalid nonce is presented will fail. It is an up to 24-bit opaque value (for example represented as a uint32_t, depending on the language). It should be unpredictable; a possible implementation is to use the same mechanism that GRASP uses to generate Session IDs [I-D.ietf-anima-grasp]. Another possible implementation is to hash the name of the ASA with a locally defined secret key.
In some calls, a 'session_nonce' parameter is required. This is an opaque data structure as far as the ASA is concerned, used to identify calls to the API as belonging to a specific GRASP session. In fully threaded implementations this parameter might not be needed, but it is included to act as a session handle if necessary. It will also allow GRASP to detect and ignore malicious calls or calls from timed-out sessions. A possible implementation is to form the nonce from the underlying GRASP Session ID and the source address of the session.
Other parameters are described in the following sections.
2.2.2. Registration
These functions are used to register an ASA and the objectives that it supports with the GRASP module. If an authorization model is added to GRASP, it would be added here.
- register_asa()
- Input parameter:
- name of the ASA (UTF-8 string)
- Return parameters:
- success (Boolean)
- result
- if success: asa_nonce (integer)
- if not success: error message (UTF-8 string)
- This initialises state in the GRASP module for the calling entity (the ASA). In the case of success, an 'asa_nonce' is returned which the ASA must present in all subsequent calls. In the case of failure, the ASA has not been authorized and cannot operate.
- deregister_asa()
- Input parameters:
- asa_nonce (integer)
- name of the ASA (UTF-8 string)
- Return parameters:
- success (Boolean)
- result
- if success: none
- if not success: error message (UTF-8 string)
- This removes all state in the GRASP module for the calling entity (the ASA), and deregisters any objectives it has registered. Note that these actions must also happen automatically if an ASA crashes.
- Note - the ASA name is strictly speaking redundant in this call, but is present for clarity.
- register_objective()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- ttl (integer - default GRASP_DEF_TIMEOUT)
- discoverable (Boolean - default False)
- overlap (Boolean - default False)
- local (Boolean - default False)
- Return parameters:
- success (Boolean)
- result
- if success: none
- if not success: error message (UTF-8 string)
- This registers an objective that this ASA supports and may modify. The 'objective' becomes a candidate for discovery. However, discovery responses should not be enabled until the ASA calls listen_negotiate() or listen_synchronize(), showing that it is able to act as a responder. The ASA may negotiate the objective or send synchronization or flood data. Registration is not needed if the ASA only wants to receive synchronization or flood data for the objective concerned.
- The 'ttl' parameter is the valid lifetime (time to live) in milliseconds of any discovery response for this objective. The default value should be the GRASP default timeout (GRASP_DEF_TIMEOUT, see [I-D.ietf-anima-grasp]).
- If the optional parameter 'discoverable' is True, the objective is immediately discoverable. This is intended for objectives that are only defined for GRASP discovery, and which do not support negotiation or synchronization.
- If the optional parameter 'overlap' is True, more than one ASA may register this objective in the same GRASP instance.
- If the optional parameter 'local' is True, discovery must return a link-local address. This feature is for objectives that must be restricted to the local link.
- This call may be repeated for multiple objectives.
- deregister_objective()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: none
- if not success: error message (UTF-8 string)
- The 'objective' must have been registered by the calling ASA; if not, this call fails. Otherwise, it removes all state in the GRASP module for the given objective.
- discover()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- timeout (integer)
- flush (Boolean - default False)
- Return parameters:
- locator_list (structure)
- This returns a list of discovered 'ASA_locator's for the given objective. If the optional parameter 'flush' is True, any locally cached locators for the objective are deleted first. Otherwise, they are returned immediately. If not, GRASP discovery is performed, and all results obtained before the timeout expires are returned. If no results are obtained, an empty list is returned after the timeout.
- This should be called in a separate thread if asynchronous operation is required.
- request_negotiate()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- peer (ASA_locator)
- timeout (integer)
- Return parameters:
- success (Boolean)
- session_nonce (structure)
- result
- if success: objective (structure)
- if not success: error message (UTF-8 string)
- This function opens a negotiation session. The 'objective' parameter must include the requested value, and its loop count should be set to a suitable value by the ASA. If not, the GRASP default will apply.
- The 'peer' parameter is the target node; it must be an 'ASA_locator' as returned by discover(). If the peer is null, GRASP discovery is performed first.
- If the 'success' parameter is 'true', the negotiation has successfully started. There are then two cases:
- The 'session_nonce' parameter is null. In this case the negotiation has succeeded (the peer has accepted the request). The returned objective contains the value accepted by the peer.
- The 'session_nonce' parameter is not null. In this case negotiation must continue. The returned objective contains the first value proffered by the negotiation peer. Note that this instance of the objective must be used in the subsequent negotiation call because it also contains the current loop count. The 'session_nonce' must be presented in all subsequent negotiation steps.
This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait' and/or 'end_negotiate' until the negotiation ends. 'request_negotiate' may then be called again to start a new negotation.
- If the 'success' parameter is 'false', the negotiation has failed for the reason given in the result parameter. An exponential backoff is recommended before any retry.
- This should be called in a separate thread if asynchronous operation is required.
- Special note for the ACP infrastructure ASA: It is likely that this ASA will need to discover and negotiate with its peers in each of its on-link neighbors. It will therefore need to know not only the link-local IP address but also the physical interface and transport port for connecting to each neighbor. One implementation approach to this is to include these details in the 'session_nonce' data structure, which is opaque to normal ASAs.
- listen_negotiate()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: session_nonce (structure)
- if not success: error message (UTF-8 string)
- requested_objective (structure)
- This function instructs GRASP to listen for negotiation requests for the given 'objective'. It also enables discovery responses for the objective. It will block waiting for an incoming request, so should be called in a separate thread if asynchronous operation is required. Unless there is an unexpected failure, this call only returns after an incoming negotiation request. When it does so, 'requested_objective' contains the first value requested by the negotiation peer. Note that this instance of the objective must be used in the subsequent negotiation call because it also contains the current loop count. The 'session_nonce' must be presented in all subsequent negotiation steps.
- This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait' and/or 'end_negotiate' until the negotiation ends. 'listen_negotiate' may then be called again to await a new negotation.
- If an ASA is capable of handling multiple negotiations simultaneously, it may call 'listen_negotiate' simultaneously from multiple threads. The API and GRASP implementation must support re-entrant use of the listening state and the negotiation calls. Simultaneous sessions will be distinguished by the threads themselves, the GRASP Session IDs, and the underlying unicast transport sockets.
- stop_listen_negotiate()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- Instructs GRASP to stop listening for negotiation requests for the given objective, i.e., cancels 'listen_negotiate'. Of course, it must be called from a different thread.
- negotiate_step()
- Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- objective (structure)
- timeout (integer)
- Return parameters:
- Exactly as for 'request_negotiate'
- Executes the next negotation step with the peer. The 'objective' parameter contains the next value being proffered by the ASA in this step.
- negotiate_wait()
- Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- timeout (integer)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- Delay negotiation session by 'timeout' milliseconds.
- end_negotiate()
- Input parameters:
- asa_nonce (integer)
- session_nonce (structure)
- reply (Boolean)
- reason (UTF-8 string)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- End the negotiation session.
'reply' = True for accept (successful negotiation), False for decline (failed negotiation).
'reason' = optional string describing reason for decline.
2.2.5. Synchronization and Flooding
- synchronize()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- peer (ASA_locator)
- timeout (integer)
- Return parameters:
- success (Boolean)
- result
- if success: objective (structure)
- if not success: error message (UTF-8 string)
- This call requests the synchronized value of the given 'objective'.
- Since this is essentially a read operation, any ASA can do it. Therefore the API checks that the ASA is registered but the objective doesn't need to be registered by the calling ASA.
- If the objective was already flooded, the flooded value is returned immediately in the 'result' parameter. In this case, the 'source' and 'timeout' are ignored.
- Otherwise, synchronization with a discovered ASA is performed. The 'peer' parameter is an 'ASA_locator' as returned by discover(). If 'peer' is null, GRASP discovery is performed first.
- This call should be repeated whenever the latest value is needed.
- Call in a separate thread if asynchronous operation is required.
- Since this is essentially a read operation, any ASA can use it. Therefore GRASP checks that the calling ASA is registered but the objective doesn't need to be registered by the calling ASA.
- In the case of failure, an exponential backoff is recommended before retrying.
- listen_synchronize()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- This instructs GRASP to listen for synchronization requests for the given objective, and to respond with the value given in the 'objective' parameter. It also enables discovery responses for the objective.
- This call is non-blocking and may be repeated whenever the value changes.
- stop_listen_synchronize()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- This call instructs GRASP to stop listening for synchronization requests for the given 'objective', i.e. it cancels a previous listen_synchronize.
- flood()
- Input parameters:
- asa_nonce (integer)
- locator (structure - default null)
- ttl (integer)
- objectives (structure)
- Return parameters:
- success (Boolean)
- result
- if success: null
- if not success: error message (UTF-8 string)
- This call instructs GRASP to flood the given synchronization objective(s) and their value(s) to all GRASP nodes.
- The 'locator' parameter is normally null but may be a valid 'ASA_locator'. Infrastructure ASAs needing to flood an {address, protocol, port} 3-tuple with an objective create an ASA_locator object to do so. If the IP address in that locator is the unspecified address ('::') it is replaced by the link-local address of the sending node in each copy of the flood multicast, which will be forced to have a loop count of 1. This feature is for objectives that must be restricted to the local link.
- The 'ttl' parameter is the valid lifetime (time to live) of the flooded data in milliseconds (0 = infinity)
- The 'objectives' parameter is a list of one or more objectives.
- Checks that the ASA registered each objective.
- This call may be repeated whenever any value changes.
- get_flood()
- Input parameters:
- asa_nonce (integer)
- objective (structure)
- Return parameters:
- success (Boolean)
- result
- if success: tagged_objective_list (structure)
- if not success: error message (UTF-8 string)
- This call instructs GRASP to return the given synchronization objective if it has been flooded and its lifetime has not expired.
- Since this is essentially a read operation, any ASA can do it. Therefore the API checks that the ASA is registered but the objective doesn't need to be registered by the calling ASA.
- The 'tagged_objective_list' parameter is a list of 'tagged_objective' couplets, each one being a copy of the flooded objective and a coresponding locator. Thus if the same objective has been flooded by multiple ASAs, the recipient can distinguish the copies.
- Note that this call is for advanced ASAs. In a simple case, an ASA can simply call synchronize() in order to get a valid flooded objective.
- expire_flood()
- Input parameters:
- asa_nonce (integer)
- tagged_objective (structure)
- Return parameters:
- None
- This is a call that can only be used after a preceding call to get_flood() by an ASA that is capable of deciding that the flooded value is stale or invalid. Use with care.
- The 'tagged_objective' parameter is the one to be expired.
TBD
(Until this section is written, some Python examples can be found at <https://www.cs.auckland.ac.nz/~brian/graspy/Briggs.py>, <https://www.cs.auckland.ac.nz/~brian/graspy/Gray.py>, and <https://www.cs.auckland.ac.nz/~brian/graspy/brski/>.)
Security issues for the GRASP protocol are discussed in [I-D.ietf-anima-grasp]. Authorization of ASAs is a subject for future study.
The 'asa_nonce' parameter is used in the API as a first line of defence against a malware process attempting to imitate a legitimately registered ASA. The 'session_nonce' parameter is used in the API as a first line of defence against a malware process attempting to hijack a GRASP session.
This does not need IANA assignment.
This document was produced using the xml2rfc tool [RFC7749].
7. References
7.1. Normative References
7.2. Informative References
[I-D.ietf-anima-reference-model]
|
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Pierre, P., Liu, B., Nobre, J. and J. Strassner, "A Reference Model for Autonomic Networking", Internet-Draft draft-ietf-anima-reference-model-02, July 2016. |
[I-D.liu-anima-grasp-distribution]
|
Liu, B. and S. Jiang, "Information Distribution over GRASP", Internet-Draft draft-liu-anima-grasp-distribution-02, September 2016. |
[RFC7749]
|
Reschke, J., "The "xml2rfc" Version 2 Vocabulary", RFC 7749, DOI 10.17487/RFC7749, February 2016. |
draft-liu-anima-grasp-api-02, 2016-09-30:
Added items for draft-ietf-anima-grasp-07
Editorial corrections
draft-liu-anima-grasp-api-01, 2016-06-24:
Updated for draft-ietf-anima-grasp-05
Editorial corrections
draft-liu-anima-grasp-api-00, 2016-04-04:
Initial version
Brian Carpenter
Carpenter
Department of Computer Science
University of Auckland
PB 92019
Auckland,
1142
New Zealand
EMail: brian.e.carpenter@gmail.com
Bing Liu (editor)
Liu
Huawei Technologies
Q14, Huawei Campus
No.156 Beiqing Road
Hai-Dian District, Beijing,
100095
P.R. China
EMail: leo.liubing@huawei.com
Wendong Wang
Wang
BUPT University
Beijing University of Posts & Telecom.
No.10 Xitucheng Road
Hai-Dian District, Beijing 100876,
P.R. China
EMail: wdwang@bupt.edu.cn
Xiangyang Gong
Gong
BUPT University
Beijing University of Posts & Telecom.
No.10 Xitucheng Road
Hai-Dian District, Beijing 100876,
P.R. China
EMail: xygong@bupt.edu.cn