Internet DRAFT - draft-eckel-aeon-use-cases
draft-eckel-aeon-use-cases
Internet Engineering Task Force C. Eckel
Internet-Draft T. Reddy
Intended status: Informational Cisco Systems, Inc.
Expires: August 18, 2014 February 14, 2014
Application Enabled Open Networking Use Cases
draft-eckel-aeon-use-cases-01
Abstract
This document describes application enabled open networking use
cases. Application enabled open networking (AEON) is a framework in
which applications explicitly signal their flow characteristics to
the network. This provides network nodes with visibility of the
application flow characteristics, which enables them to apply the
correct flow treatment and provide feedback to applications.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 18, 2014.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Eckel & Reddy Expires August 18, 2014 [Page 1]
�
Internet-Draft AEON Use Cases February 2014
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Home: Consistent experience of video conferencing with
competing traffic . . . . . . . . . . . . . . . . . . . . 5
2.1.1. Description of Problem . . . . . . . . . . . . . . . 5
2.1.2. Proposed Solution . . . . . . . . . . . . . . . . . . 5
2.1.3. User Benefit . . . . . . . . . . . . . . . . . . . . 5
2.1.4. Operator Benefit . . . . . . . . . . . . . . . . . . 5
2.1.5. Flow characteristics provided by application . . . . 6
2.1.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 6
2.1.7. Feedback provided by network . . . . . . . . . . . . 6
2.1.8. Security and Privacy Considerations . . . . . . . . . 6
2.2. Firewall Traversal: Identification of new applications . 6
2.2.1. Description of Problem . . . . . . . . . . . . . . . 6
2.2.2. Proposed Solution . . . . . . . . . . . . . . . . . . 6
2.2.3. User Benefit . . . . . . . . . . . . . . . . . . . . 7
2.2.4. Operator Benefit . . . . . . . . . . . . . . . . . . 7
2.2.5. Flow characteristics provided by application . . . . 7
2.2.6. Action taken by firewall as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 7
2.2.7. Feedback provided by firewall . . . . . . . . . . . . 7
2.2.8. Security and Privacy Considerations . . . . . . . . . 7
2.3. Load Balancing: Identification of application for better
load balancing without solely relying on inspection
techniques . . . . . . . . . . . . . . . . . . . . . . . 7
2.3.1. Description of Problem . . . . . . . . . . . . . . . 8
2.3.2. Proposed Solution . . . . . . . . . . . . . . . . . . 8
2.3.3. User Benefit . . . . . . . . . . . . . . . . . . . . 8
2.3.4. Operator Benefit . . . . . . . . . . . . . . . . . . 8
2.3.5. Flow characteristics provided by application . . . . 8
2.3.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 8
2.3.7. Feedback provided by network . . . . . . . . . . . . 8
2.3.8. Security and Privacy Considerations . . . . . . . . . 8
2.4. Scavenger class: Creation of a scavenger class. Use
metadata to shift high-bandwidth, low priority traffic to
off-peak hours . . . . . . . . . . . . . . . . . . . . . 8
2.4.1. Description of Problem . . . . . . . . . . . . . . . 8
2.4.2. Proposed Solution . . . . . . . . . . . . . . . . . . 8
2.4.3. User Benefit . . . . . . . . . . . . . . . . . . . . 8
2.4.4. Operator Benefit . . . . . . . . . . . . . . . . . . 8
2.4.5. Flow characteristics provided by application . . . . 8
Eckel & Reddy Expires August 18, 2014 [Page 2]
�
Internet-Draft AEON Use Cases February 2014
2.4.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 8
2.4.7. Feedback provided by network . . . . . . . . . . . . 8
2.4.8. Security and Privacy Considerations . . . . . . . . . 8
2.5. Video Adaptation: Use client metadata to help video bit
rate selection . . . . . . . . . . . . . . . . . . . . . 8
2.5.1. Description of Problem . . . . . . . . . . . . . . . 9
2.5.2. Proposed Solution . . . . . . . . . . . . . . . . . . 9
2.5.3. User Benefit . . . . . . . . . . . . . . . . . . . . 10
2.5.4. Operator Benefit . . . . . . . . . . . . . . . . . . 10
2.5.5. Flow characteristics provided by application . . . . 10
2.5.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 10
2.5.7. Feedback provided by network . . . . . . . . . . . . 10
2.5.8. Security and Privacy Considerations . . . . . . . . . 10
2.6. Mobile Host/App Metadata: Use metadata for
troubleshooting and network planning . . . . . . . . . . 10
2.6.1. Description of Problem . . . . . . . . . . . . . . . 10
2.6.2. Proposed Solution . . . . . . . . . . . . . . . . . . 10
2.6.3. User Benefit . . . . . . . . . . . . . . . . . . . . 10
2.6.4. Operator Benefit . . . . . . . . . . . . . . . . . . 10
2.6.5. Flow characteristics provided by application . . . . 11
2.6.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 11
2.6.7. Feedback provided by network . . . . . . . . . . . . 11
2.6.8. Security and Privacy Considerations . . . . . . . . . 11
2.7. Multi-interface selection: Use metadata to help interface
selection or prioritization . . . . . . . . . . . . . . . 11
2.7.1. Description of Problem . . . . . . . . . . . . . . . 11
2.7.2. Proposed Solution . . . . . . . . . . . . . . . . . . 11
2.7.3. User Benefit . . . . . . . . . . . . . . . . . . . . 11
2.7.4. Operator Benefit . . . . . . . . . . . . . . . . . . 11
2.7.5. Flow characteristics provided by application . . . . 11
2.7.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 12
2.7.7. Feedback provided by network . . . . . . . . . . . . 12
2.7.8. Security and Privacy Considerations . . . . . . . . . 12
2.8. Session Identification: Identification of multiple media
flows belonging to a common application session . . . . . 12
2.8.1. Description of Problem . . . . . . . . . . . . . . . 12
2.8.2. Proposed Solution . . . . . . . . . . . . . . . . . . 12
2.8.3. User Benefit . . . . . . . . . . . . . . . . . . . . 13
2.8.4. Operator Benefit . . . . . . . . . . . . . . . . . . 13
2.8.5. Flow characteristics provided by application . . . . 13
2.8.6. Action taken by network as result of receiving flow
characteristics . . . . . . . . . . . . . . . . . . . 13
2.8.7. Feedback provided by network . . . . . . . . . . . . 13
2.8.8. Security and Privacy Considerations . . . . . . . . . 13
Eckel & Reddy Expires August 18, 2014 [Page 3]
�
Internet-Draft AEON Use Cases February 2014
3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
4. Informative References . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
Identification and treatment of application flows are critical for
the successful deployment and operation of applications based on a
wide range of signaling protocols. Historically, this functionality
has been accomplished to the extent possible using heuristics, which
inspect and infer flow characteristics. Heuristics may be based on
port ranges, network separation, or deep packet inspection (DPI),
e.g. application level gateway (ALG). Port based solutions suffer
from port overloading and inconsistent port usage. Network
separation solutions are error prone and result in network management
hassle. DPI is computationally expensive and becomes a challenge
with the wider adoption of encrypted signaling and secured traffic.
An additional drawback of DPI is that the resulting insights are not
available, or need to be recomputed, at network nodes further down
the application flow path.
Application enabled open networking (AEON) allows applications to
explicitly signal their flow characteristics to the network. This
provides network nodes with visibility of the application flow
characteristics. These network nodes may take action based on this
visibility and/or contribute to the flow description. The resulting
flow description may be communicated as feedback from the network to
applications.
This document describes a set of use cases addressable by AEON.
Additional details on the AEON are provided in
[I-D.eckert-intarea-flow-metadata-framework].
2. Use Cases
The following use cases have been identified.
1. Traffic Prioritization: Consistent experience of video
conferencing with competing traffic.
2. Firewall Traversal: Identification of new applications.
3. Load Balancing: Identification of application for better load
balancing without solely relying on inspection techniques.
4. Scavenger class: Creation of a scavenger class. Use metadata to
shift high-bandwidth, low priority traffic to off-peak hours.
TODO: That drifts from a use-case to a solution ("use metadata to
Eckel & Reddy Expires August 18, 2014 [Page 4]
�
Internet-Draft AEON Use Cases February 2014
..."). Also, it appears to mix two things: (a) scavenger class
and (b) time-shifting traffic. This is confusing.
5. Video Adaptation: Use client metadata to help video bit rate
selection.
6. Mobile Host/App Metadata: Use metadata for troubleshooting and
network planning.
7. Multi-interface selection: Use metadata to help interface
selection or prioritization.
8. Session Identification: Identification of multiple media flows
belonging to a common application session.
In describing each use case, the following information is provided.
o description of the problem
o proposed solution
o user benefit
o operator benefit
o flow characteristics provided by application
o action taken by network as result of receiving flow
characteristics
o feedback provided by network
o security and privacy considerations
2.1. Home: Consistent experience of video conferencing with competing
traffic
2.1.1. Description of Problem
2.1.2. Proposed Solution
2.1.3. User Benefit
2.1.4. Operator Benefit
Eckel & Reddy Expires August 18, 2014 [Page 5]
�
Internet-Draft AEON Use Cases February 2014
2.1.5. Flow characteristics provided by application
2.1.6. Action taken by network as result of receiving flow
characteristics
2.1.7. Feedback provided by network
2.1.8. Security and Privacy Considerations
2.2. Firewall Traversal: Identification of new applications
2.2.1. Description of Problem
Modern firewalls use application-layer gateways (ALGs) to perform
policy enforcement. For example firewalls implement SIP-aware
Application Layer Gateway function, which examines the SIP signaling
and opens the appropriate pinholes for the RTP media. In particular
firewall extracts media transport addresses, transport protocol and
ports from session description and creates a dynamic mapping for
media to flow through. This model will not work in the following
cases:
1. Session signaling is end-to-end encrypted (say, using TLS).
2. Firewall does not understand the session signaling protocol, or
extensions to the protocol, used by the endpoints (e.g. WebRTC
signaling protocols).
3. Session signaling and media traverse different firewalls (e.g.,
signaling exits a network via one firewall whereas media exits a
network via a different firewall).
Enterprise networks that use firewalls with restrictive policies
block new applications like WebRTC and delay deployment of killer
applications.
2.2.2. Proposed Solution
The above problems can be addressed by the host getting authorization
from the Application Server trusted by the network in order to
install flows and associated actions (e.g., policies). PCP third
party authorization (draft-wing-pcp-third-party-authz-01) solves this
problem by associating the media session with the signaling session.
This is done by sending a cryptographic token in the signaling which
authorizes the firewall mapping for the media session.
Eckel & Reddy Expires August 18, 2014 [Page 6]
�
Internet-Draft AEON Use Cases February 2014
2.2.3. User Benefit
Enterprise networks that use firewalls with restrictive policies can
deploy new applications at a faster rate for user benefit.
2.2.4. Operator Benefit
Enterprise firewalls can enforce restrictive policies without the
need to be enhanced to perform ALG on new applications. For example
Enterprise firewall could have granular policies to permit peer-to-
peer UDP media session only when the call is initiated using the
selected WebRTC server (Dr. Good) it trusts and block others (Dr.
Evil). PCP-aware firewalls can enforce such granular security
policies without performing ALG on the session signaling protocols.
This mechanism can be used by any other Application Function trusted
by the network to permit time-bound, encrypted, peer-to-peer traffic.
2.2.5. Flow characteristics provided by application
The client requests dynamic mappings to permit flows required by the
application. This request includes a cryptographic token and
characteristics of the flow, such as the anticipated bandwidth needs
as well as the tolerance to delay, loss, and jitter.
2.2.6. Action taken by firewall as result of receiving flow
characteristics
The firewall uses the client request to permit and prioritize the
traffic associated with those flows. The cryptographic token
provides authorization for the flows and their prioritization.
2.2.7. Feedback provided by firewall
Firewall matches the authorization data with what is requested in the
request sent by the client. If the authorization sets match, the
firewall processes the request made by the client. If the token is
invalid or the request exceeds what is authorized by the token then
firewall rejects the request.
2.2.8. Security and Privacy Considerations
2.3. Load Balancing: Identification of application for better load
balancing without solely relying on inspection techniques
Eckel & Reddy Expires August 18, 2014 [Page 7]
�
Internet-Draft AEON Use Cases February 2014
2.3.1. Description of Problem
2.3.2. Proposed Solution
2.3.3. User Benefit
2.3.4. Operator Benefit
2.3.5. Flow characteristics provided by application
2.3.6. Action taken by network as result of receiving flow
characteristics
2.3.7. Feedback provided by network
2.3.8. Security and Privacy Considerations
2.4. Scavenger class: Creation of a scavenger class. Use metadata to
shift high-bandwidth, low priority traffic to off-peak hours
2.4.1. Description of Problem
2.4.2. Proposed Solution
2.4.3. User Benefit
2.4.4. Operator Benefit
2.4.5. Flow characteristics provided by application
2.4.6. Action taken by network as result of receiving flow
characteristics
2.4.7. Feedback provided by network
2.4.8. Security and Privacy Considerations
2.5. Video Adaptation: Use client metadata to help video bit rate
selection
HTTP Adaptive Streaming (HAS) is an umbrella term for various HTTP-
based streaming technologies that allow a client to adaptively switch
between multiple bitrates, depending on current network conditions.
HAS client first requests and receives a Manifest File, and then,
after parsing the information in the Manifest File, proceeds with
sequentially requesting the chunks listed in the Manifest File.
Eckel & Reddy Expires August 18, 2014 [Page 8]
�
Internet-Draft AEON Use Cases February 2014
2.5.1. Description of Problem
The problems with HAS are:
o HAS client selects the initial bitrate without knowing the current
network conditions which could cause start-up delay and frame
freezes while a lower bitrate chunk is being retrieved. HAS
client does not have a mechanism to signal the flow
characteristics and flow priority to the network.
o HAS server can mark the packets appropriately but setting DSCP has
limitations. DSCP value may not be preserved or honored over the
Internet and OS may not allow to set DSCP values.
o Content Providers may have agreements with ISPs and need a
mechanism to convey the flow characteristics and flow priority to
the ISP. Existing mechanisms and the associated limitations are:
1. ISP can be configured with the IP addresses of content
providers to prioritize the traffic originating from those
servers. The limitations with this approach are ISP has to
keep track of content providers IP addresses. With CDNI
(Content Delivery Network InterConnection) content could be
served either from uCDN (upstream CDN) or any of a number of
dCDNs (downstream CDN) and it will not be possible to manually
track the IP addresses of all the CDN surrogates. There is
also no way to differentiate content which could be available
in different bitrates.
2. If HAS client is behind NAT and content provider uses RESTful
API (OneAPI) to install differentiated QoS then ISP will
struggle to find the pre-NAT information. Content provider
also needs to be aware of the ISP to which the client is
attached and the IP address of the Policy Decision Point (PDP)
in the ISP to which it needs to signal the flow
characteristics.
o ISP can use DPI to prioritize one-way video streaming content but
is expensive and fails if the traffic is encrypted.
2.5.2. Proposed Solution
If ISP has agreement with content provider then HAS client can use
third party authorization to request network resources. At a high
level, this authorization works by the client first obtaining a
cryptographic token from the authorizing network element, then
including that token in the request along with relevant flow
characteristics. ISP validates the token and grants the request.
Eckel & Reddy Expires August 18, 2014 [Page 9]
�
Internet-Draft AEON Use Cases February 2014
2.5.3. User Benefit
AEON helps increase the average play quality, reduces the start-up
delay and frame freezes by avoiding attempt to retrieve a too high-
bit rate chunk etc thus improving the quality of experience for end
user.
2.5.4. Operator Benefit
Network Operators can recognize and prioritize one-way video
streaming content.
2.5.5. Flow characteristics provided by application
HAS client signals the flow characteristics such as the anticipated
bandwidth needs as well as the tolerance to delay, loss, and jitter.
2.5.6. Action taken by network as result of receiving flow
characteristics
Subject to local policies, a network node might perform bandwidth
counting, or reconfigure the underlying network so that additional
bandwidth is made available for this particular flow, or might
perform other actions.
2.5.7. Feedback provided by network
The network responds that the client request can be fully or
partially accommodated. It also notifies the client when conditions
change.
2.5.8. Security and Privacy Considerations
2.6. Mobile Host/App Metadata: Use metadata for troubleshooting and
network planning
2.6.1. Description of Problem
2.6.2. Proposed Solution
2.6.3. User Benefit
2.6.4. Operator Benefit
Eckel & Reddy Expires August 18, 2014 [Page 10]
�
Internet-Draft AEON Use Cases February 2014
2.6.5. Flow characteristics provided by application
2.6.6. Action taken by network as result of receiving flow
characteristics
2.6.7. Feedback provided by network
2.6.8. Security and Privacy Considerations
2.7. Multi-interface selection: Use metadata to help interface
selection or prioritization
2.7.1. Description of Problem
An increasing number of hosts are operating in multiple-interface
environments and a host with multiple interfaces needs to choose the
best interface for communication. Oftentimes, this decision is based
on a static configuration and does not consider the link
characteristics of that interface, which may affect the user
experience. The network interfaces may have different link
characteristics, but that will not be known without the awareness of
the upstream and downstream characteristics of the access link.
2.7.2. Proposed Solution
TODO
2.7.3. User Benefit
Applications can choose the best interface for communication using
AEON.
2.7.4. Operator Benefit
The network that can provide the requested flow characteristics will
be selected by the application thus increasing the subscriber base of
the operator.
2.7.5. Flow characteristics provided by application
Application signals flow characteristics over multiple interfaces and
based on the response from its various interfaces sorts the source
addresses according to the link capacity characteristics. Source
addresses from the interface which best fulfills the desired flow
characteristics are assigned the highest priority and would be tried
first to communicate with the server or remote peer. For example
draft-reddy-mmusic-ice-best-interface-pcp-00 explains the mechanism
where Interactive Connectivity Establishment (ICE) agent on a host
Eckel & Reddy Expires August 18, 2014 [Page 11]
�
Internet-Draft AEON Use Cases February 2014
with multiple interfaces uses AEON to determine the link
characteristics of the host's interfaces, which influences the ICE
candidate priority. Similarly draft-wing-mptcp-pcp-00 explains how
Multipath TCP (MPTCP) can select the best path when multiple paths
are available.
2.7.6. Action taken by network as result of receiving flow
characteristics
2.7.7. Feedback provided by network
2.7.8. Security and Privacy Considerations
2.8. Session Identification: Identification of multiple media flows
belonging to a common application session
2.8.1. Description of Problem
Many end-to-end application sessions involve multiple application
protocols, devices and administrative domains. These sessions
involve multiple media flows (e.g. an audio flow and a video flow for
a video call, media flows between different entities in a
supplementary service session consisting of multiple SIP dialogs or
H.323 calls). Media flows may be added/removed from a application
session during the lifetime of the session. From within the network,
determining which media flows are associated with each application
session is often difficult, making it hard to provide application
level troubleshooting, traffic analysis, and QoS.
2.8.2. Proposed Solution
Including a session identify (e.g. as defined in
[I-D.ietf-insipid-session-id-reqts]) in the flow characteristics
communicated by the application to the network would allow the
network to identify media flows belonging to a common application
session. This visibility would enable the following:
o network troubleshooting and traffic analysis tools to correctly
associate media flows with application sessions
o media flows that are part of established application sessions to
be identified (e.g. the triggered call in the case of a transfer)
and given dedicated QoS. Preserving established sessions
generally is higher priority than setting up new sessions (except
when there is some form of multi-level preemption). Giving more
bandwidth to additional flows on established sessions might cause
some newer sessions to fail due to resource unavailability while
Eckel & Reddy Expires August 18, 2014 [Page 12]
�
Internet-Draft AEON Use Cases February 2014
established sessions continue without degradation, which is the
preferred outcome in most cases.
2.8.3. User Benefit
Users receive more predictable and reliable QoS for their application
sessions.
2.8.4. Operator Benefit
Operators are able to perform traffic analysis and troubleshooting at
the application level, and they are able to provide QoS at the
application level rather than only at the media flow level.
2.8.5. Flow characteristics provided by application
The application provides a common session id as metadata for all its
media flows throughout the lifetime of the session.
2.8.6. Action taken by network as result of receiving flow
characteristics
The network identifies all media flows associated with a given
session. This information may be used to provide application level
QoS, preserving established sessions and/or giving more bandwidth to
additional flows on established sessions.
2.8.7. Feedback provided by network
The network may provide feedback to the application indicating the
amount of bandwidth it expects to be able to provide for its session.
It may also be provide indications of the expected amount of delay,
jitter, and loss the application should be prepared to tolerate.
2.8.8. Security and Privacy Considerations
3. Acknowledgements
The authors thank the attendees of the Bar BoF for contributing
towards this set of use cases.
4. Informative References
[I-D.eckert-intarea-flow-metadata-framework]
Eckert, T., Penno, R., Choukir, A., and C. Eckel, "A
Framework for Signaling Flow Characteristics between
Applications and the Network", draft-eckert-intarea-flow-
metadata-framework-02 (work in progress), October 2013.
Eckel & Reddy Expires August 18, 2014 [Page 13]
�
Internet-Draft AEON Use Cases February 2014
[I-D.ietf-insipid-session-id-reqts]
Jones, P., Salgueiro, G., Polk, J., Liess, L., and H.
Kaplan, "Requirements for an End-to-End Session
Identification in IP-Based Multimedia Communication
Networks", draft-ietf-insipid-session-id-reqts-11 (work in
progress), February 2014.
Authors' Addresses
Charles Eckel
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
US
Email: eckelcu@cisco.com
Tirumaleswar Reddy
Cisco Systems, Inc.
Cessna Business Park, Varthur Hobli
Sarjapur Marathalli Outer Ring Road
Bangalore, Karnataka 560103
India
Email: tireddy@cisco.com
Eckel & Reddy Expires August 18, 2014 [Page 14]
