RFC : | rfc9569 |
Title: | DNS Security Extensions (DNSSEC) |
Date: | September 2024 |
Status: | PROPOSED STANDARD |
Internet Engineering Task Force (IETF) K. Gao
Request for Comments: 9569 Sichuan University
Category: Standards Track R. Schott
ISSN: 2070-1721 Deutsche Telekom
Y. R. Yang
L. Delwiche
L. Keller
Yale University
September 2024
The Application-Layer Traffic Optimization (ALTO) Transport Information
Publication Service (TIPS)
Abstract
"Application-Layer Traffic Optimization (ALTO) Protocol" (RFC 7285)
leverages HTTP/1.1 and is designed for the simple, sequential
request-reply use case, in which an ALTO client requests a sequence
of information resources and the server responds with the complete
content of each resource, one at a time.
RFC 8895, which describes ALTO incremental updates using Server-Sent
Events (SSE), defines a multiplexing protocol on top of HTTP/1.x, so
that an ALTO server can incrementally push resource updates to
clients whenever monitored network information resources change,
allowing the clients to monitor multiple resources at the same time.
However, HTTP/2 and later versions already support concurrent, non-
blocking transport of multiple streams in the same HTTP connection.
To take advantage of newer HTTP features, this document introduces
the ALTO Transport Information Publication Service (TIPS). TIPS uses
an incremental RESTful design to give an ALTO client the new
capability to explicitly and concurrently (in a non-blocking manner)
request (or pull) specific incremental updates using HTTP/2 or
HTTP/3, while still functioning for HTTP/1.1.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9569.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Revised BSD License text as described in Section 4.e of the
Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents
1. Introduction
1.1. Requirements Language
1.2. Notations
2. TIPS Overview
2.1. Transport Requirements
2.2. TIPS Terminology
3. TIPS Updates Graph
3.1. Basic Data Model of an Updates Graph
3.2. Updates Graph Modification Invariants
4. TIPS Workflow and Resource Location Schema
4.1. Workflow
4.2. Resource Location Schema
5. TIPS Information Resource Directory (IRD) Announcement
5.1. Media Type
5.2. Capabilities
5.3. Uses
5.4. An Example
6. TIPS Management
6.1. Open Request
6.2. Open Response
6.3. Open Example
6.3.1. Basic Example
6.3.2. Example Using Digest Authentication
6.3.3. Example Using ALTO/SSE
7. TIPS Data Transfers - Client Pull
7.1. Request
7.2. Response
7.3. Example
7.4. New Next Edge Recommendation
7.4.1. Request
7.4.2. Response
7.4.3. Example
8. Operation and Processing Considerations
8.1. Considerations for Load Balancing
8.2. Considerations for Cross-Resource Dependency Scheduling
8.3. Considerations for Managing Shared TIPS Views
8.4. Considerations for Offering Shortcut Incremental Updates
9. Security Considerations
9.1. TIPS: Denial-of-Service Attacks
9.2. ALTO Client: Update Overloading or Instability
10. IANA Considerations
10.1. application/alto-tips+json Media Type
10.2. application/alto-tipsparams+json Media Type
11. References
11.1. Normative References
11.2. Informative References
Appendix A. A High-Level Deployment Model
Appendix B. Conformance with "Building Protocols with HTTP" (RFC
9205) Best Current Practices
Appendix C. Push-Mode TIPS Using HTTP Server Push
Appendix D. Persistent HTTP Connections
Acknowledgments
Authors' Addresses
1. Introduction
The Application-Layer Traffic Optimization (ALTO) protocol provides
means for network applications to obtain network status information.
So far, the ALTO information can be transported in two ways:
1. Using the ALTO base protocol [RFC7285], which is designed for the
simple use case in which an ALTO client requests a network
information resource and the server sends the complete content of
the requested information (if any) resource to the client.
2. Using ALTO incremental updates using Server-Sent Events (ALTO/
SSE) [RFC8895]; this method is designed for an ALTO client to
indicate to the server that it wants to receive updates for a set
of resources, and the server can then concurrently and
incrementally push updates to that client whenever monitored
resources change.
Both protocols are designed for HTTP/1.1 [RFC9112]. While they still
work with HTTP/2 [RFC9113] and HTTP/3 [RFC9114], ALTO and ALTO/SSE
cannot take full advantage of new features offered by HTTP/2 and
HTTP/3.
* First, consider the ALTO base protocol, which is designed to
transfer only complete information resources. A client can run
the base protocol on top of HTTP/2 or HTTP/3 to request multiple
information resources in concurrent streams, but each request must
be for a complete information resource: there is no capability for
the server to transmit incremental updates. Hence, there can be a
large overhead when the client already has an information resource
and then there are small changes to the resource.
* Next, consider ALTO/SSE [RFC8895]. Although ALTO/SSE can transfer
incremental updates, it introduces a customized multiplexing
protocol on top of HTTP, assuming a total-order message channel
from the server to the client. The multiplexing design does not
provide naming (i.e., a resource identifier) to individual
incremental updates. Such a design cannot use concurrent data
streams available in HTTP/2 and HTTP/3 because both cases require
a resource identifier. Additionally, ALTO/SSE is a push-only
protocol, which denies the client flexibility in choosing how and
when it receives updates.
To mitigate these concerns, this document introduces a new ALTO
service called the Transport Information Publication Service (TIPS).
TIPS uses an incremental RESTful design to provide an ALTO client
with a new capability to explicitly, concurrently issue non-blocking
requests for specific incremental updates using HTTP/2 or HTTP/3,
while still functioning for HTTP/1.1.
While both ALTO/SSE [RFC8895] and TIPS can transport incremental
updates of ALTO information resources to clients, they have different
design goals. The TIPS extension enables more scalable and robust
distribution of incremental updates but is missing the session
management and built-in server push capabilities of ALTO/SSE. From
the performance perspective, TIPS is optimizing throughput by
leveraging concurrent and out-of-order transport of data, while ALTO/
SSE is optimizing latency as new events can be immediately
transferred to the clients without waiting for another round of
communication when there are multiple updates. Thus, we do not see
TIPS as a replacement for ALTO/SSE, but as a complement to it. One
example of combining these two extensions is shown in Section 6.3.3.
Note that future extensions may leverage server push, a feature of
HTTP/2 [RFC9113] and HTTP/3 [RFC9114], as an alternative of SSE. We
discuss why this alternative design is not ready at the time of
writing in Appendix C.
Specifically, this document specifies:
* Extensions to the ALTO Protocol for dynamic subscription and
efficient uniform update delivery of an incrementally changing
network information resource.
* A new resource type that indicates the TIPS updates graph model
for a resource.
* URI patterns to fetch the snapshots or incremental updates.
Some operational complexities that must be taken into consideration
when implementing this extension are discussed in Section 8: these
include load balancing in Section 8.1 and fetching and processing
incremental updates of dependent resources in Section 8.2.
Appendix B discusses to what extent the TIPS design adheres to the
best current practices for building protocols with HTTP [RFC9205].
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.2. Notations
This document uses the same syntax and notations as introduced in
Section 8.2 of [RFC7285] to specify the extensions to existing ALTO
resources and services.
2. TIPS Overview
2.1. Transport Requirements
The ALTO Protocol and its extensions support two transport
mechanisms:
1. A client can directly request an ALTO resource and obtain a
complete snapshot of that ALTO resource, as specified in the base
protocol [RFC7285];
2. A client can subscribe to incremental changes of one or multiple
ALTO resources using the incremental update extension [RFC8895],
and a server pushes the updates to the client through SSE.
However, the current transport mechanisms are not optimized for
storing, transmitting, and processing (incremental) updates of ALTO
information resources. Specifically, the new transport mechanism
must satisfy the following requirements:
Incremental updates: Incremental updates only maintain and transfer
the "diff" upon changes. Thus, it is more efficient than storing
and transferring the full updates, especially when the change of
an ALTO resource is minor. The base protocol does not support
incremental updates and the current incremental update mechanism
in [RFC8895] has limitations (as discussed below).
Concurrent, non-blocking update transmission: When a client needs to
receive and apply multiple incremental updates, it is desired to
transmit the updates concurrently to fully utilize the bandwidth
and to reduce head-of-line blocking. Unfortunately, the ALTO
incremental update extension [RFC8895] does not satisfy this
requirement. Even though the updates can be multiplexed by the
server to avoid head-of-line blocking between multiple resources,
the updates are delivered sequentially and can suffer from head-
of-line blocking inside the connection (for example, when there is
a packet loss).
Long polling updates: Long polling updates can reduce the time to
send the request, making it possible to achieve sub-RTT
transmission of ALTO incremental updates. In [RFC8895], this
requirement is fulfilled using SSE and is still desired in the new
ALTO transport.
Backward compatibility: While some of the previous requirements are
offered by HTTP/2 [RFC9113] and HTTP/3 [RFC9114], it is desired
that the new ALTO transport mechanism can work with HTTP/1.1 as
many development tools and current ALTO implementations are based
on HTTP/1.1.
The new ALTO transport specified in this document satisfies all of
the following design requirements above by:
* Reusing the data format introduced in [RFC8895] that enables
incremental updates using JSON patches or merge patches.
* Introducing a unified data model to describe the changes
(snapshots and incremental updates) of an ALTO resource, referred
to as a "TIPS view". In the data model, snapshots and incremental
updates are indexed as individual HTTP resources following a
unified naming convention, independent of the HTTP version. Thus,
these updates can be concurrently requested and be transferred in
a non-blocking manner either by using multiple connections or
leveraging multiplexed data transfer offered by HTTP/2 or HTTP/3.
* Basing the unified naming convention on a monotonically increasing
sequence number, making it possible for a client to construct the
URL of a future update and send a long polling request.
* Making the unified naming convention independent of the HTTP
versions and able to operate atop HTTP/1.1, HTTP/2, or HTTP/3.
This document assumes the deployment model discussed in Appendix A.
2.2. TIPS Terminology
In addition to the terms defined in [RFC7285], this document uses the
following terms:
Transport Information Publication Service (TIPS): A new type of ALTO
service, as specified in this document, to enable a uniform
transport mechanism for updates of an incrementally changing ALTO
network information resource.
Network information resource: A piece of retrievable information
about network state, per [RFC7285].
TIPS view (tv): The container of incremental transport information
about the network information resource. The TIPS view has one
basic component, the updates graph (ug), but may include other
transport information.
Updates graph (ug): A directed, acyclic graph whose nodes represent
the set of versions of an information resource and whose edges
represent the set of update items to compute these versions. An
ALTO map service (e.g., a cost map or a network map) may need only
a single updates graph. A dynamic network information service
(e.g., a filtered cost map) may create an updates graph (within a
new TIPS view) for each unique request. The encoding of an
updates graph is specified in Section 6.1.
Version: The representation of a historical content of an
information resource. For an information resource, each version
is associated with and uniquely identified by a monotonically and
consecutively increased sequence number. This document uses the
term "version s" to refer to the version associated with sequence
number "s". The version is encoded as a JSONNumber, as specified
in Section 6.1.
Start sequence number (<start-seq>): The smallest non-zero sequence
number in an updates graph.
End sequence number (<end-seq>): The largest sequence number in an
updates graph.
Snapshot: A full replacement of a resource that is contained within
an updates graph.
Incremental update: A partial replacement of a resource contained
within an updates graph, codified in this document as a JSON merge
patch or a JSON patch. An incremental update is mandatory if the
source version (i) and the target version (j) are consecutive
(i.e., i + 1 = j); otherwise, it is optional (or a shortcut).
Mandatory incremental updates are always in an updates graph,
while optional/shortcut incremental updates may or may not be
included in an updates graph.
Update item: The content on an edge of the updates graph, which can
be either a snapshot or an incremental update. An update item can
be considered to be a pair (op, data) where op denotes whether the
item is an incremental update or a snapshot and data is the
content of the item.
ID#i-#j: Denotation of the update item on a specific edge in the
updates graph to transition from version i to version j, where i
and j are the sequence numbers of the source node and the target
node of the edge, respectively.
+-------------+
+-----------+ +--------------+ | Dynamic | +-----------+
| Routing | | Provisioning | | Network | | External |
| Protocols | | Policy | | Information | | Interface |
+-----------+ +--------------+ +-------------+ +-----------+
| | | |
+-----------------------------------------------------------------+
| ALTO Server |
| +-------------------------------------------------------------+ |
| | Network Information | |
| | +-------------+ +-------------+ | |
| | | Information | | Information | | |
| | | Resource #1 | | Resource #2 | | |
| | +-------------+ +-------------+ | |
| +-----|--------------------------------------/-------\--------+ |
| | / \ |
| +-----|------------------------------------/-----------\------+ |
| | | Transport Information / \ | |
| | +--------+ +--------+ +--------+ | |
| | | tv1 | | tv2 | | tv3 | | |
| | +--------+ +--------+ +--------+ | |
| | | / | | |
| | +--------+ +--------+ +--------+ | |
| | | tv1/ug | | tv2/ug | | tv3/ug | | |
| | +--------+ +--------+ +--------+ | |
| +----|----\----------------|-------------------------|--------+ |
| | \ | | |
+------|------\--------------|-------------------------|----------+
| +------+ | |
| \ | |
+----------+ +----------+ +----------+
| Client 1 | | Client 2 | | Client 3 |
+----------+ +----------+ +----------+
tvi = TIPS view i
tvi/ug = incremental updates graph associated with tvi
Figure 1: Overview of ALTO TIPS
Figure 1 shows an example illustrating an overview of the ALTO TIPS
extension. The server provides TIPS for two information resources
(#1 and #2) where #1 is an ALTO map service and #2 is a filterable
service. There are three ALTO clients (Client 1, Client 2, and
Client 3) that are connected to the ALTO server.
Each client uses the TIPS view to retrieve updates. Specifically, a
TIPS view (tv1) is created for the map service #1 and is shared by
multiple clients. For the filtering service #2, two different TIPS
views (tv2 and tv3) are created upon different client requests with
different filter sets.
3. TIPS Updates Graph
In order to provide incremental updates for a resource, an ALTO
server creates an updates graph, which is a directed acyclic graph
that contains a sequence of incremental updates and snapshots
(collectively called "update items") of a network information
resource.
3.1. Basic Data Model of an Updates Graph
For each resource (e.g., a cost map or a network map), the
incremental updates and snapshots can be represented using the
following directed acyclic graph model, where the server tracks the
change of the resource maps with version IDs that are assigned
sequentially (i.e., incremented by one each time):
* Each node in the graph is a version of the resource, which is
identified by a sequence number (defined as a JSONNumber).
Version 0 is reserved as the initial state (empty/null).
* A tag identifies the content of a node. A tag has the same format
as the "tag" field in Section 10.3 of [RFC7285] and is valid only
within the scope of the resource.
* Each edge is an update item. In particular, the edge from i to j
is the update item to transit from version i to version j.
* The version is path independent, i.e., different paths arriving at
the node associated with the same version have the same content.
A concrete example is shown in Figure 2. There are seven nodes in
the graph, representing seven different versions of the resource.
Edges in the figure represent the updates from the source version to
the target version. Thick lines represent mandatory incremental
updates (e.g., ID103-104), dotted lines represent optional
incremental updates (e.g., ID103-105), and thin lines represent
snapshots (e.g., ID0-103). Note that node content is path
independent: the content of node v can be obtained by applying the
updates from any path that ends at v. For example, assume the latest
version is 105 and a client already has version 103. The base
version of the client is 103 as it serves as a base upon which
incremental updates can be applied.
The target version 105 can be:
* directly fetched as a snapshot;
* computed incrementally by applying the incremental updates between
103 and 104, then 104 and 105; or,
* computed incrementally by taking the "shortcut" path from 103 to
105 if the optional update from 103 to 105 exists.
+======+
------| 0 |
/ +======+
ID0-101 / | |
|/__ | |
+======+ | |
tag: 3421097 -> | 101 | | |
+======+ | |
ID101-102 || | |
\/ | |
+======+ | |
tag: 6431234 -> | 102 | | |
+======+ | |
ID102-103 || | |
\/ | |
+======+ / |
+--------------+ tag: 0881080 -> | 103 |<--------/ |
| Base Version | =======> +======+ ID0-103 |
+--------------+ 103-104 || .. |
\/ .. |
+======+ .. |
tag: 6452654 -> | 104 | .. ID103 |
+======+ .. -105 |
ID104-105 || .. | ID0-105
\/ |._ /
+======+ /
tag: 7838392 -> | 105 |<-----------/
+======+
ID105-106 ||
\/
+======+
tag: 6470983 -> | 106 |
+======+
Figure 2: TIPS Model Example
3.2. Updates Graph Modification Invariants
A server might change its updates graph (to compact it, to add nodes,
etc.), but it will need to ensure that any resource state that it
makes available is reachable by clients, either directly via a
snapshot (that is, relative to 0) or indirectly by requesting an
earlier snapshot and a contiguous set of incremental updates.
Additionally, to allow clients to proactively construct URIs for
future update items, the ID of each added node in the updates graph
will need to increment contiguously by 1. More specifically, the
updates graph MUST satisfy the following invariants:
Continuity: At any time, let ns denote the smallest non-zero version
(i.e., <start-seq>) in the updates graph and let ne denote the
latest version (i.e., <end-seq>). Then, any version in between ns
and ne MUST also exist. This implies that the incremental update
from ni to ni + 1 exists for any ns <= ni <= ne, and all the
version numbers in the updates graph (except 0) constitute exactly
the integer interval [ns, ne].
Feasibility: Let ns denote <start-seq> in the updates graph. The
server MUST provide a snapshot of ns; in other words, there is
always a direct link to ns in the updates graph.
"Right shift" only: Assume a server provides versions in [n1, n2] at
time t and versions in [n1', n2'] at time t'. If t' > t, then n1'
>= n1 and n2' >= n2.
For example, consider the case that a server compacts a resource's
updates graph to conserve space, using the example model in
Section 3.1. Assume at time 0, the server provides the versions
{101, 102, 103, 104, 105, 106}. At time 1, both {103, 104, 105, 106}
and {105, 106} are valid sets. However, {102, 103, 104, 105, 106}
and {104, 105, 106} are not valid sets as there is no snapshot to
version 102 or 104 in the updates graph. Thus, there is a risk that
the right content of version 102 (in the first example) or 104 (in
the second example) cannot be obtained by a client that does not have
the previous version 101 or 103, respectively.
4. TIPS Workflow and Resource Location Schema
4.1. Workflow
At a high level, an ALTO client first requests the TIPS information
resource (denoted as TIPS-F, where F is for frontend) to indicate the
information resource or resources that the client wants to monitor.
For each requested resource, the server returns a JSON object that
contains a URI, which points to the root of a TIPS view (denoted as
TIPS-V), and a summary of the current view, which contains the
information to correctly interact with the current view. With the
URI to the root of a TIPS view, clients can construct URIs (see
Section 4.2) to fetch incremental updates.
An example workflow is shown in Figure 3. After the TIPS-F receives
the request from the client to monitor the updates of an ALTO
resource, it creates a TIPS view resource and returns the
corresponding information to the client. The URI points to that
specific TIPS-V instance, and the summary contains the <start-seq>
and <end-seq> of the updates graph and a server-recommended edge to
consume first (e.g., from i to j).
An ALTO client can then continuously pull each additional update with
the information. For example, the client in Figure 3 first fetches
the update from i to j and then from j to j+1. Note that the update
item at "<tips-view-uri>/ug/<j>/<j+1>" might not yet exist, so the
server holds the request until the update becomes available (i.e.,
long polling).
A server MAY close a TIPS view at any time (e.g., under high system
load or due to client inactivity). In the event that a TIPS view is
closed, an edge request will receive error code 404 (Not Found) in
response, and the client will have to request a new TIPS view URI.
If resources allow, a server SHOULD avoid closing TIPS views that
have active polling edge requests or have recently served responses
until clients have had a reasonable interval to request the next
update, unless guided by specific control policies.
Client TIPS-F TIPS-V
o . .
| POST to create/receive a TIPS view . Create TIPS .
| for resource 1 . View .
|-------------------------------------> |.-.-.-.-.-.-.-> |
| <tips-view-uri>, <tips-view-summary> . |
| <-------------------------------------| <-.-.-.-.-.-.-.|
| .
| GET /<tips-view-path>/ug/<i>/<j> .
|------------------------------------------------------> |
| content on edge i to j |
| <------------------------------------------------------|
| .
| GET /<tips-view-path>/ug/<j>/<j+1> .
|------------------------------------------------------> |
. .
. .
| content on edge j to j+1 |
| <------------------------------------------------------|
| .
o .
.
TIPS View Closed o
Figure 3: ALTO TIPS Workflow Supporting Client Pull
4.2. Resource Location Schema
The resource location schema defines how a client constructs URIs to
fetch incremental updates.
To access each update in an updates graph, consider the model
represented as a "virtual" file system (adjacency list), contained
within the root of a TIPS view URI (see Section 6.2 for the
definition of tips-view-uri). For example, assuming that the updates
graph of a TIPS view is as shown in Figure 2, the location schema of
this TIPS view will have the format as in Figure 4.
<tips-view-path> // root path to a TIPS view
|_ ug // updates graph
| |_ 0
| | |_ 101 // full 101 snapshot
| | |_ 103
| | \_ 105
| |_ 101
| | \_ 102 // 101 -> 102 incremental update
| |_ 102
| | \_ 103
| |_ 103
| | |_ 104
| | \_ 105 // optional shortcut 103 -> 105 incr. update
| |_ 104
| | \_ 105
| \_ 105
| \_ 106
\_ ...
Figure 4: Location Schema Example
TIPS uses this directory schema to generate template URIs that allow
clients to construct the location of incremental updates after
receiving the tips-view-uri from the server. The generic template
for the location of the update item on the edge from node 'i' to node
'j' in the updates graph is:
<tips-view-uri>/ug/<i>/<j>
Due to the sequential nature of the update item IDs, a client can
long poll a future update that does not yet exist (e.g., the
incremental update from 106 to 107). This can be done by
constructing the URI for the next edge that will be added, starting
from the sequence number of the current last node (denoted as <end-
seq>) in the graph to the next sequential node (with the sequence
number of <end-seq + 1>):
<tips-view-uri>/ug/<end-seq>/<end-seq + 1>
Incremental updates of a TIPS view are read-only. Thus, they are
fetched using the HTTP GET method.
5. TIPS Information Resource Directory (IRD) Announcement
To announce a TIPS information resource in the IRD, an ALTO server
MUST specify "media-type", "capabilities", and "uses" as follows.
5.1. Media Type
The media type of the Transport Information Publication Service
(TIPS) resource is "application/alto-tips+json".
5.2. Capabilities
The "capabilities" field of a TIPS information resource is modeled on
that defined in Section 6.3 of [RFC8895].
Specifically, the capabilities are defined as an object of the
TIPSCapabilities type:
object {
IncrementalUpdateMediaTypes incremental-change-media-types;
} TIPSCapabilities;
object-map {
ResourceID -> String;
} IncrementalUpdateMediaTypes;
Figure 5: TIPSCapabilities
with the field:
incremental-change-media-types: If a TIPS information resource can
provide updates with incremental changes for a resource, the
"incremental-change-media-types" field has an entry whose key is
the ID of the resource and the value is the supported media types
of incremental changes, separated by commas. For the
implementation of this specification, this MUST be "application/
merge-patch+json", "application/json-patch+json", or "application/
merge-patch+json,application/json-patch+json", unless defined by a
future extension.
When choosing the media types to encode incremental updates for a
resource, the server MUST consider the limitations of the
encoding. For example, when a JSON merge patch specifies that the
value of a field is null, its semantics are that the field is
removed from the target; hence, the field is no longer defined
(i.e., undefined). However, this may not be the intended result
for the resource, when null and undefined have different semantics
for the resource. In such a case, the server MUST choose JSON
patch encoding over JSON merge patch encoding for the incremental
update if both media types "application/json-patch+json" and
"application/merge-patch" are supported by the TIPS information
resource.
5.3. Uses
The "uses" attribute MUST be an array with the resource IDs of every
network information resource for which this TIPS information resource
can provide service.
This set MAY be any subset of the ALTO server's network information
resources and MAY include resources defined in linked IRDs. However,
it is RECOMMENDED that the ALTO server selects a set that is closed
under the resource dependency relationship. That is, if a TIPS
information resource's "uses" set includes resource R1, and resource
R1 depends on ("uses") resource R0, then the "uses" set should
include R0 as well as R1. For example, if a TIPS information
resource provides a TIPS view for a cost map, it should also provide
a TIPS view for the network map upon which that cost map depends.
If the set is not closed, at least one resource R1 in the "uses"
field of a TIPS information resource depends on another resource R0
that is not in the "uses" field of the same TIPS information
resource. Thus, a client cannot receive incremental updates for
another resource R0 that is not in the "uses" field of the same TIPS
information resource. If the client observes in an update of R1 that
the version tag for R0 has changed, it must request the full content
of R0, which is likely to be less efficient than receiving the
incremental updates of R0.
5.4. An Example
Extending the IRD example in Section 8.1 of [RFC8895], Figure 6 is
the IRD of an ALTO server supporting the ALTO base protocol, ALTO/
SSE, and ALTO TIPS.
"my-network-map": {
"uri": "https://alto.example.com/networkmap",
"media-type": "application/alto-networkmap+json"
},
"my-routingcost-map": {
"uri": "https://alto.example.com/costmap/routingcost",
"media-type": "application/alto-costmap+json",
"uses": ["my-network-map"],
"capabilities": {
"cost-type-names": ["num-routingcost"]
}
},
"my-hopcount-map": {
"uri": "https://alto.example.com/costmap/hopcount",
"media-type": "application/alto-costmap+json",
"uses": ["my-network-map"],
"capabilities": {
"cost-type-names": ["num-hopcount"]
}
},
"my-simple-filtered-cost-map": {
"uri": "https://alto.example.com/costmap/filtered/simple",
"media-type": "application/alto-costmap+json",
"accepts": "application/alto-costmapfilter+json",
"uses": ["my-network-map"],
"capabilities": {
"cost-type-names": ["num-routingcost", "num-hopcount"],
"cost-constraints": false
}
},
"update-my-costs": {
"uri": "https://alto.example.com/updates/costs",
"media-type": "text/event-stream",
"accepts": "application/alto-updatestreamparams+json",
"uses": [
"my-network-map",
"my-routingcost-map",
"my-hopcount-map",
"my-simple-filtered-cost-map"
],
"capabilities": {
"incremental-change-media-types": {
"my-network-map": "application/json-patch+json",
"my-routingcost-map": "application/merge-patch+json",
"my-hopcount-map": "application/merge-patch+json"
},
"support-stream-control": true
}
},
"update-my-costs-tips": {
"uri": "https://alto.example.com/updates-new/costs",
"media-type": "application/alto-tips+json",
"accepts": "application/alto-tipsparams+json",
"uses": [
"my-network-map",
"my-routingcost-map",
"my-hopcount-map",
"my-simple-filtered-cost-map"
],
"capabilities": {
"incremental-change-media-types": {
"my-network-map": "application/json-patch+json",
"my-routingcost-map": "application/merge-patch+json",
"my-hopcount-map": "application/merge-patch+json",
"my-simple-filtered-cost-map": "application/merge-patch+json"
}
}
},
"tips-sse": {
"uri": "https://alto.example.com/updates/tips",
"media-type": "text/event-stream",
"accepts": "application/alto-updatestreamparams+json",
"uses": [ "update-my-costs-tips" ],
"capabilities": {
"incremental-change-media-types": {
"update-my-costs-tips": "application/merge-patch+json"
}
}
}
Figure 6: Example of an ALTO Server Supporting the ALTO Base
Protocol, ALTO/SSE, and ALTO TIPS
Note that it is straightforward for an ALTO server to run HTTP/2 and
support concurrent retrieval of multiple resources such as "my-
network-map" and "my-routingcost-map" using multiple HTTP/2 streams.
The resource "update-my-costs-tips" provides an ALTO TIPS information
resource, and this is indicated by the media type "application/alto-
tips+json".
6. TIPS Management
Upon request, a server sends a TIPS view to a client. This TIPS view
might be created at the time of the request or might already exist
(either because another client has already created a TIPS view for
the same requested network resource or because the server perpetually
maintains a TIPS view for an often-requested resource).
6.1. Open Request
An ALTO client requests that the server provide a TIPS view for a
given resource by sending an HTTP POST body with the media type
"application/alto-tipsparams+json". That body contains a JSON object
of the TIPSReq type, where:
object {
ResourceID resource-id;
[JSONString tag;]
[Object input;]
} TIPSReq;
Figure 7: TIPSReq
with the following fields:
resource-id: This field contains the resource ID of an ALTO resource
to be monitored, which MUST be in the TIPS information resource's
"uses" list (Section 5). If a client does not support all
incremental methods from the set announced in the server's
capabilities, the client MUST NOT use the TIPS information
resource.
tag: If the "resource-id" is associated with a GET-mode resource
with a version tag (or "vtag"), as defined in Section 10.3 of
[RFC7285], and the ALTO client has previously retrieved a version
of that resource from ALTO, the ALTO client MAY set the "tag"
field to the tag part of the client's version of that resource.
The server MAY use the tag when calculating a recommended starting
edge for the client to consume. Note that the client MUST support
all incremental methods from the set announced in the server's
capabilities for this resource.
input: If the resource is a POST-mode service that requires input,
the ALTO client MUST set the "input" field to a JSON object with
the parameters that the resource expects.
6.2. Open Response
The response to a valid request MUST be a JSON object of the
AddTIPSResponse type, denoted as media type "application/alto-
tips+json":
object {
URI tips-view-uri;
TIPSViewSummary tips-view-summary;
} AddTIPSResponse;
object {
UpdatesGraphSummary updates-graph-summary;
} TIPSViewSummary;
object {
JSONNumber start-seq;
JSONNumber end-seq;
StartEdgeRec start-edge-rec;
} UpdatesGraphSummary;
object {
JSONNumber seq-i;
JSONNumber seq-j;
} StartEdgeRec;
Figure 8: AddTIPSResponse
with the following fields:
tips-view-uri: This is the URI to the requested TIPS view. The
value of this field MUST have the following format:
scheme "://" tips-view-host "/" tips-view-path
tips-view-host = host [ ":" port]
tips-view-path = path
where scheme MUST be "http" or "https" unless specified by a
future extension, and host, port, and path are as specified in
Sections 3.2.2, 3.2.3, and 3.3 in [RFC3986]. An ALTO server
SHOULD use the "https" scheme unless the contents of the TIPS view
are intended to be publicly accessible and do not raise security
concerns. The field MUST contain only ASCII characters. In case
the original URL contains international characters (e.g., in the
domain name), the ALTO server implementation MUST properly encode
the URL into the ASCII format (e.g., using the "urlencode"
function).
A server MUST NOT use the same URI for different TIPS views,
either for different resources or for different request bodies to
the same resource. URI generation is implementation specific; for
example, one may compute a Universally Unique Identifier (UUID)
[RFC9562] or a hash value based on the request and append it to a
base URL. For performance considerations, it is NOT RECOMMENDED
to use properties that are not included in the request body to
determine the URI of a TIPS view, such as cookies or the client's
IP address, which may result in duplicated TIPS views in cases
such as mobile clients. However, this is not mandatory as a
server might intentionally use client information to compute the
TIPS view URI to provide service isolation between clients.
tips-view-summary: Contains an updates-graph-summary.
The "updates-graph-summary" field contains the <start-seq> of the
updates graph (in the "start-seq" field) and the <end-seq> that is
currently available (in the "end-seq" field), along with a
recommended edge to consume (in the "start-edge-rec" field). If
the client does not provide a version tag, the server MUST
recommend the edge of the latest available snapshot. If the
client provides a version tag, the server MUST either recommend
the first incremental update edge starting from the client's
tagged version or recommend the edge of the latest snapshot: which
edge is selected depends on the implementation. For example, a
server MAY calculate the cumulative size of the incremental
updates available from that version onward and compare it to the
size of the complete resource snapshot. If the snapshot is
bigger, the server recommends the first incremental update edge
starting from the client's tagged version. Otherwise, the server
recommends the latest snapshot edge.
If the request has any errors, the ALTO server MUST return an HTTP
400 (Bad Request) error code to the ALTO client; the body of the
response follows the generic ALTO error response format specified in
Section 8.5.2 of [RFC7285]. Hence, an example ALTO error response
has the format shown in Figure 9.
HTTP/1.1 400 Bad Request
Content-Length: 131
Content-Type: application/alto-error+json
{
"meta":{
"code": "E_INVALID_FIELD_VALUE",
"field": "resource-id",
"value": "my-network-map/#"
}
}
Figure 9: ALTO Error Example
Note that "field" and "value" are optional fields. If the "value"
field exists, the "field" field MUST exist.
* If the TIPS request does not have a "resource-id" field, the error
code of the error message MUST be "E_MISSING_FIELD" and the
"field" field, if present, MUST be "resource-id". The ALTO server
MUST NOT create any TIPS view.
* If the "resource-id" field is invalid or is not associated with
the TIPS information resource, the error code of the error message
MUST be "E_INVALID_FIELD_VALUE". If present, the "field" field
MUST be the full path of the "resource-id" field, and the "value"
field MUST be the value of the "resource-id" field in the request.
* If the resource is a POST-mode service that requires input, the
client MUST set the "input" field to a JSON object with the
parameters that resource expects. If the "input" field is missing
or invalid, the ALTO server MUST return the same error response
that resource would return for missing or invalid inputs (see
[RFC7285]).
Furthermore, it is RECOMMENDED that the server use the following HTTP
code to indicate other errors, with the media type "application/alto-
error+json".
429 (Too Many Requests): Indicates when the number of TIPS views
open requests exceeds the server threshold. The server MAY
indicate when to retry the request in the "Re-Try After" headers.
It is RECOMMENDED that the server provide the ALTO/SSE support for
the TIPS resource. Thus, the client can be notified of the version
updates of all the TIPS views that it monitors and make better cross-
resource transport decisions (see Section 8.2 for related
considerations).
6.3. Open Example
6.3.1. Basic Example
For simplicity, assume that the ALTO server is using Basic
authentication [RFC7617]. If a client with username "client1" and
password "helloalto" wants to create a TIPS view of an ALTO cost map
resource with the resource ID "my-routingcost-map", it can send the
request depicted in Figure 10.
POST /tips HTTP/1.1
Host: alto.example.com
Accept: application/alto-tips+json, application/alto-error+json
Authorization: Basic Y2xpZW50MTpoZWxsb2FsdG8K
Content-Type: application/alto-tipsparams+json
Content-Length: 41
{
"resource-id": "my-routingcost-map"
}
Figure 10: Request Example of Opening a TIPS View
If the operation is successful, the ALTO server returns the message
shown in Figure 11.
HTTP/1.1 200 OK
Content-Type: application/alto-tips+json
Content-Length: 255
{
"tips-view-uri": "https://alto.example.com/tips/2718281828",
"tips-view-summary": {
"updates-graph-summary": {
"start-seq": 101,
"end-seq": 106,
"start-edge-rec" : {
"seq-i": 0,
"seq-j": 105
}
}
}
}
Figure 11: Response Example of Opening a TIPS View
6.3.2. Example Using Digest Authentication
Below is another example of the same query using Digest
authentication, a mandatory authentication method of ALTO servers as
defined in Section 8.3.5 of [RFC7285]. The content of the response
is the same as in Figure 11; thus, it has been omitted for
simplicity.
POST /tips HTTP/1.1
Host: alto.example.com
Accept: application/alto-tips+json, application/alto-error+json
Authorization: Basic Y2xpZW50MTpoZWxsb2FsdG8K
Content-Type: application/alto-tipsparams+json
Content-Length: 41
{
"resource-id": "my-routingcost-map"
}
HTTP/1.1 401 UNAUTHORIZED
WWW-Authenticate: Digest
realm="alto.example.com",
qop="auth",
algorithm="MD5",
nonce="173b5aba4242409ee2ac3a4fd797f9d7",
opaque="a237ff9ab865379a69d9993162ef55e4"
POST /tips HTTP/1.1
Host: alto.example.com
Accept: application/alto-tips+json, application/alto-error+json
Authorization: Digest
username="client1",
realm="alto.example.com",
uri="/tips",
qop=auth,
algorithm=MD5,
nonce="173b5aba4242409ee2ac3a4fd797f9d7",
nc=00000001,
cnonce="ZTg3MTI3NDFmMDQ0NzI1MDQ3MWE3ZTFjZmM5MTNiM2I=",
response="8e937ae696c1512e4f990fa21c7f9347",
opaque="a237ff9ab865379a69d9993162ef55e4"
Content-Type: application/alto-tipsparams+json
Content-Length: 41
{
"resource-id": "my-routingcost-map"
}
HTTP/1.1 200 OK
Content-Type: application/alto-tips+json
Content-Length: 258
{....}
Figure 12: Open Example with Digest Authentication
6.3.3. Example Using ALTO/SSE
This section gives an example of receiving incremental updates of the
TIPS view summary using ALTO/SSE [RFC8895]. Consider the "tips-sse"
resource, as announced by the IRD in Figure 6, which provides ALTO/
SSE for the "update-my-cost-tips" resource; a client might send the
following request to receive updates of the TIPS view (authentication
is omitted for simplicity).
POST /updates/tips HTTP/1.1
Host: alto.example.com
Accept: text/event-stream,application/alto-error+json
Content-Type: application/alto-updatestreamparams+json
Content-Length: 76
{
"add": {
"tips-123": { "resource-id": "update-my-cost-tips" }
}
}
Figure 13: Example of Monitoring TIPS View with ALTO/SSE
Then, the client will be able to receive the TIPS view summary as
follows.
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/event-stream
event: application/alto-tips+json,tips-123
data: {
data: "tips-view-uri": "https://alto.example.com/tips/2718281828",
data: "tips-view-summary": {
data: "updates-graph-summary": {
data: "start-seq": 101,
data: "end-seq": 106,
data: "start-edge-rec" : {
data: "seq-i": 0,
data: "seq-j": 105
data: }
data: }
data: }
data: }
When there is an update to the TIPS view (for example, when the "end-
seq" field is increased by 1), the client will be able to receive the
incremental update of the TIPS view summary as follows.
event: application/merge-patch+json,tips-123
data: {
data: "tips-view-summary": {
data: "updates-graph-summary": {
data: "end-seq": 107
data: }
data: }
data: }
7. TIPS Data Transfers - Client Pull
TIPS allows an ALTO client to retrieve the content of an update item
from the updates graph, with an update item defined as the content
(incremental update or snapshot) on an edge in the updates graph.
7.1. Request
The client sends an HTTP GET request, where the media type of an
update item resource MUST be the same as the "media-type" field of
the update item on the specified edge in the updates graph.
The GET request MUST have the following format:
GET /<tips-view-path>/ug/<i>/<j>
HOST: <tips-view-host>
For example, consider the updates graph in Figure 4. If the client
wants to query the content of the first update item (0 -> 101) whose
media type is "application/alto-costmap+json", it sends a request to
"/tips/2718281828/ug/0/101" and sets the "Accept" header to
"application/alto-costmap+json,application/alto-error+json". See
Section 7.3 for a concrete example.
7.2. Response
If the request is valid (i.e., "ug/<i>/<j>" exists), the response is
encoded as a JSON object whose data format is indicated by the media
type.
A client MAY conduct proactive fetching of future updates, by long
polling updates that have not been provided in the directory yet.
For such updates, the client MUST indicate all media types that might
appear. It is RECOMMENDED that the server allow for at least the
long polling of <end-seq> -> <end-seq + 1>.
Hence, the server processing logic MUST be:
* If a resource with path "ug/<i>/<j>" exists, return content using
encoding.
* Else, if long polling "ug/<i>/<j>" is acceptable, put request in a
backlog queue, then either a response is triggered when the
content is ready or the request is interrupted (e.g., by a network
error).
* Else, return error.
It is RECOMMENDED that the server use the following HTTP codes to
indicate errors, with the media type "application/alto-error+json",
regarding update item requests.
404 (Not Found): Indicates that the requested update does not exist
or the requested TIPS view does not exist or is closed by the
server.
410 (Gone): Indicates an update has a seq that is smaller than the
<start-seq>.
415 (Unsupported Media Type): Indicates the media type (or types)
accepted by the client does not include the media type of the
update chosen by the server.
425 (Too Early): Indicates the seq exceeds the server long polling
window.
429 (Too Many Requests): Indicates the number of pending (long poll)
requests exceeds the server threshold. The server MAY indicate
when to retry the request in the "Re-Try After" headers.
7.3. Example
Assume the client wants to get the contents of the update item on
edge 0 to 101. The format of the request is shown in Figure 14.
GET /tips/2718281828/ug/0/101 HTTP/1.1
Host: alto.example.com
Accept: application/alto-costmap+json, \
application/alto-error+json
Figure 14: GET Example
The response is shown in Figure 15.
HTTP/1.1 200 OK
Content-Type: application/alto-costmap+json
Content-Length: 50
{ ... full replacement of my-routingcost-map ... }
Figure 15: Response to a GET Request
7.4. New Next Edge Recommendation
While intended TIPS usage is for the client to receive a recommended
starting edge in the TIPS summary, consume that edge, and then
construct all future URIs by incrementing the sequence count by one,
there may be cases in which the client needs to request a new next
edge to consume. For example, if a client has an open TIPS view but
has not polled in a while, the client might request the next logical
incremental URI; however, the server has compacted the updates graph,
so it no longer exists. Thus, the client MAY request a new next edge
to consume based on its current version of the resource.
7.4.1. Request
An ALTO client requests that the server provide a next edge
recommendation for a given TIPS view by sending an HTTP POST request
with the media type "application/alto-tipsparams+json". The URL of
the request MUST have the following format:
<tips-view-path>/ug
and the "HOST" field MUST be "<tips-view-host>".
The POST body has the same format as the TIPSReq in Figure 7. The
"resource-id" field MUST be the same as the resource ID used to
create the TIPS view, and the optional "input" field MUST NOT be
present.
7.4.2. Response
The response to a valid request MUST be a JSON merge patch to the
object of the AddTIPSResponse type (defined in Section 6.2), denoted
as media type "application/merge-patch+json". The "updates-graph-
summary" field MUST be present in the response; hence, its parent
field "tips-view-summary" MUST be present as well.
If the "tag" field is present in the request, the server MUST check
if any version within the range [<start-seq>, <end-seq>] has the same
tag value. If the version exists (e.g., denoted as <tag-seq>), the
server MUST compute the paths from both <tag-seq> and 0 to the <end-
seq> and choose the one with the minimal cost. The cost MAY be
implementation specific (e.g., number of messages, accumulated data
size, etc.). The first edge of the selected path MUST be returned as
the recommended next edge.
If the "tag" field is not present, the interpretation MUST be that
the <tag-seq> is 0.
It is RECOMMENDED that the server use the following HTTP code to
indicate errors, with the media type "application/alto-error+json",
regarding new next edge requests.
404 (Not Found): Indicates that the requested TIPS view does not
exist or has been closed by the server.
7.4.3. Example
In this section, we give an example of the new next edge
recommendation service. Assume that a client already creates a TIPS
view (as in Section 6.3) whose updates graph is as shown in Figure 2.
Now assume that the client already has tag 0881080, whose
corresponding sequence number is 103, and sends the following new
next edge recommendation request (authentication is omitted for
simplicity):
POST /tips/2718281828/ug HTTP/1.1
HOST alto.example.com
Accept: application/merge-patch+json, application/alto-error+json
Content-Type: application/alto-tipsparams+json
Content-Length: 62
{
"resource-id": "my-routingcost-map",
"tag": "0881080"
}
According to Figure 2, there are three potential paths: 103 -> 104 ->
105 -> 106, 103 -> 105 -> 106, and 0 -> 105 -> 106. Assume that the
server chooses the shortest update path by the accumulated data size
and the best path is 103 -> 105 -> 106. Thus, the server responds
with the following message:
HTTP/1.1 200 OK
Content-Type: application/merge-patch+json
Content-Length: 193
{
"tips-view-summary": {
"updates-graph-summary": {
"start-seq": 101,
"end-seq": 106,
"start-edge-rec": {
"seq-i": 103,
"seq-j": 105
}
}
}
}
8. Operation and Processing Considerations
TIPS has some common operational considerations as ALTO/SSE
[RFC8895], including:
* the server choosing update messages (Section 9.1 of [RFC8895]);
* the client processing update messages (Section 9.2 of [RFC8895]);
* the updates of filtered map services (Section 9.3 of [RFC8895]);
and
* the updates of ordinal mode costs (Section 9.4 of [RFC8895]).
There are also some operational considerations specific to TIPS,
which we discuss below.
8.1. Considerations for Load Balancing
There are two levels of load balancing in TIPS: the first level is to
balance the load of TIPS views for different clients and the second
is to balance the load of incremental updates.
Load balancing of TIPS views can be achieved either at the
application layer or at the infrastructure layer. For example, an
ALTO server MAY set <tips-view-host> to different subdomains to
distribute TIPS views or simply use the same host of the TIPS
information resource and rely on load balancers to distribute the
load.
TIPS allows a client to make concurrent pulls of incremental updates
for the same TIPS view, potentially through different HTTP
connections. As a consequence, TIPS introduces additional
complexities when the ALTO server balances the load by distributing
the requests to a set of backend servers. For example, a request
might be directed to the wrong backend server and get processed
incorrectly if the following two conditions both hold:
* these backend servers are stateful (i.e., the TIPS view is created
and stored only on a single server); and
* the ALTO server is using Layer 4 load balancing (i.e., the
requests are distributed based on the TCP 5-tuple).
Thus, additional considerations are required to enable correct load
balancing for TIPS, including:
Using a stateless architecture: One solution is to follow the
stateless computing pattern: states about the TIPS view are not
maintained by the backend servers but are stored in a distributed
database. Thus, concurrent requests to the same TIPS view can be
processed on arbitrary stateless backend servers, which all fetch
data from the same database.
Configuring the load balancers properly: In the case that the
backend servers are stateful, the load balancers must be properly
configured to guarantee that requests of the same TIPS view always
arrive at the same server. For example, an operator or a provider
of an ALTO server MAY configure Layer 7 load balancers that
distribute requests based on the tips-view-path component in the
URI.
8.2. Considerations for Cross-Resource Dependency Scheduling
Dependent ALTO resources result in cross-resource dependencies in
TIPS. Consider the following pair of resources, where my-cost-map
(C) is dependent on my-network-map (N). The updates graph for each
resource is shown, along with links between the respective updates
graphs to show dependency:
+---+ +---+ +---+ +---+ +---+
my-network-map (N) | 0 |-->|89 |-->|90 |-->|91 |-->|92 |
+---+ +---+ +---+ +---+ +---+
| \ \ \
| \ \ \
+---+ +---+ +---+ +---+ +---+
my-cost-map (C) | 0 |-->|101|-->|102|-->|103|-->|104|
+---+ +---+ +---+ +---+ +---+
|_______________________|
Figure 16: Example Dependency Model
In Figure 16, the cost-map versions 101 and 102 (denoted as C101 and
C102) are dependent on the network-map version 89 (denoted as N89).
The cost-map version 103 (C103) is dependent on the network-map
version 90 (N90), and so on.
Thus, the client must decide the order in which to receive and apply
the updates. The order may affect how fast the client can build a
consistent view and how long the client needs to buffer the update.
Example 1: The client requests N89, N90, N91, C101, C102 in that
order. The client either gets no consistent view of the resources
or has to buffer N90 and N91.
Example 2: The client requests C101, C102, C103, N89. The client
either gets no consistent view or has to buffer C103.
To get consistent ALTO information, a client must process the updates
following the guidelines specified in Section 9.2 of [RFC8895]. If
resources permit (i.e., sufficient updates can be buffered), an ALTO
client can safely use long polling to fetch all the updates. This
allows a client to build consistent views quickly as the updates are
already stored in the buffer. Otherwise, it is RECOMMENDED to
request a full snapshot if the client does not have enough local
resources to buffer and process the incremental updates.
8.3. Considerations for Managing Shared TIPS Views
From a client's point of view, it sees only one copy of the TIPS view
for any resource. However, on the server side, there are different
implementation options, especially for common resources (e.g.,
network maps or cost maps) that may be frequently queried by many
clients. Some potential options are listed below:
* An ALTO server creates one TIPS view of the common resource for
each client.
* An ALTO server maintains one copy of the TIPS view for each common
resource and all clients requesting the same resources use the
same copy. There are two ways to manage the storage for the
shared copy:
- the ALTO server maintains the set of clients that have sent a
polling request to the TIPS view and only removes the view from
the storage when the set becomes empty and no client
immediately issues a new edge request; or
- the TIPS view is never removed from the storage.
Developers may choose different implementation options depending on
criteria such as request frequency, available resources of the ALTO
server, the ability to scale, and programming complexity.
8.4. Considerations for Offering Shortcut Incremental Updates
Besides the mandatory stepwise incremental updates (from i to i+1),
an ALTO server MAY optionally offer shortcut incremental updates, or
simple shortcuts, between two non-consecutive versions i and i+k (k >
1). Such shortcuts offer alternative paths in the updates graph and
can potentially speed up the transmission and processing of
incremental updates, leading to faster synchronization of ALTO
information, especially when the client has limited bandwidth and
computation. However, implementors of an ALTO server must be aware
that:
1. optional shortcuts may increase the size of the updates graph,
worst case scenario being the square of the number of updates
(i.e., when a shortcut is offered for each version to all future
versions).
2. optional shortcuts require additional storage on the ALTO server.
3. optional shortcuts may reduce concurrency when the updates do not
overlap (e.g., when the updates apply to different parts of an
ALTO resource). In such a case, the total size of the original
updates is close to the size of the shortcut, but the original
updates can be transmitted concurrently while the shortcut is
transmitted in a single connection.
9. Security Considerations
The security considerations of the base protocol (Section 15 of
[RFC7285]) fully apply to this extension. For example, the same
authenticity and integrity considerations (Section 15.1 of [RFC7285])
still fully apply; the same considerations for the privacy of ALTO
users (Section 15.4 of [RFC7285]) also still fully apply.
Additionally, operators of the ALTO servers MUST follow the
guidelines in [RFC9325] to avoid new TLS vulnerabilities discovered
after [RFC7285] was published.
The additional services (the addition of update read service and
update push service) provided by this extension extend the attack
surface described in Section 15.1.1 of [RFC7285]. The following
subsections discuss the additional risks and their remedies.
9.1. TIPS: Denial-of-Service Attacks
Allowing TIPS views enables new classes of DoS attacks. In
particular, for the TIPS server, one or multiple malicious ALTO
clients might create an excessive number of TIPS views, to exhaust
the server resource and/or to block normal users from accessing the
service.
To avoid such attacks, the server MAY choose to limit the number of
active views and reject new requests when that threshold is reached.
TIPS allows predictive fetching and the server MAY also choose to
limit the number of pending requests. If a new request exceeds the
threshold, the server MAY log the event and return the HTTP status
429 (Too Many Requests).
It is important to note that the preceding approaches are not the
only possibilities. For example, it might be possible for a TIPS
server to use somewhat more clever logic involving TIPS view eviction
policies, IP reputation, rate-limiting, and compartmentalization of
the overall threshold into smaller thresholds that apply to subsets
of potential clients. If service availability is a concern, ALTO
clients MAY establish service level agreements with the ALTO server.
9.2. ALTO Client: Update Overloading or Instability
The availability of continuous updates can also cause overload for an
ALTO client, in particular, an ALTO client with limited processing
capabilities. The current design does not include any flow control
mechanisms for the client to reduce the update rates from the server.
For example, TCP, HTTP/2, and QUIC provide stream and connection flow
control data limits, which might help prevent the client from being
overloaded. Under overloading, the client MAY choose to remove the
information resources with high update rates.
Also, under overloading, the client might no longer be able to detect
whether information is still fresh or has become stale. In such a
case, the client should be careful in how it uses the information to
avoid stability or efficiency issues.
10. IANA Considerations
IANA has registered the following media types from the registry
available at [IANA-Media-Type]:
* application/alto-tips+json: as described in Section 6.2;
* application/alto-tipsparams+json: as described in Section 6.1;
10.1. application/alto-tips+json Media Type
Type name: application
Subtype name: alto-tips+json
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: Encoding considerations are identical to
those specified for the "application/json" media type. See
[RFC8259].
Security considerations: See the Security Considerations section of
RFC 9569.
Interoperability considerations: N/A
Published specification: Section 6.2 of RFC 9569.
Applications that use this media type: ALTO servers and ALTO clients
either stand alone or are embedded within other applications.
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): N/A
File extension(s): RFC 9569 uses the media type to refer to
protocol messages; thus, it does not require a file extension.
Macintosh file type code(s): N/A
Person & email address to contact for further information:
See the Authors' Addresses section of RFC 9569.
Intended usage: COMMON
Restrictions on usage: N/A
Author: See the Authors' Addresses section of RFC 9569.
Change controller: Internet Engineering Task Force (iesg@ietf.org).
10.2. application/alto-tipsparams+json Media Type
Type name: application
Subtype name: alto-tipsparams+json
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: Encoding considerations are identical to
those specified for the "application/json" media type. See
[RFC8259].
Security considerations: See the Security Considerations section of
RFC 9569.
Interoperability considerations: N/A
Published specification: Section 6.1 of RFC 9569.
Applications that use this media type: ALTO servers and ALTO clients
either stand alone or are embedded within other applications.
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): N/A
File extension(s): RFC 9569 uses the media type to refer to
protocol messages; thus, it does not require a file extension.
Macintosh file type code(s): N/A
Person & email address to contact for further information:
See the Authors' Addresses section of RFC 9569.
Intended usage: COMMON
Restrictions on usage: N/A
Author: See the Authors' Addresses section of RFC 9569.
Change controller: Internet Engineering Task Force (iesg@ietf.org).
11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC7285] Alimi, R., Ed., Penno, R., Ed., Yang, Y., Ed., Kiesel, S.,
Previdi, S., Roome, W., Shalunov, S., and R. Woundy,
"Application-Layer Traffic Optimization (ALTO) Protocol",
RFC 7285, DOI 10.17487/RFC7285, September 2014,
<https://www.rfc-editor.org/info/rfc7285>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/info/rfc8259>.
[RFC8895] Roome, W. and Y. Yang, "Application-Layer Traffic
Optimization (ALTO) Incremental Updates Using Server-Sent
Events (SSE)", RFC 8895, DOI 10.17487/RFC8895, November
2020, <https://www.rfc-editor.org/info/rfc8895>.
[RFC9112] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112,
June 2022, <https://www.rfc-editor.org/info/rfc9112>.
[RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113,
DOI 10.17487/RFC9113, June 2022,
<https://www.rfc-editor.org/info/rfc9113>.
[RFC9114] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114,
June 2022, <https://www.rfc-editor.org/info/rfc9114>.
[RFC9325] Sheffer, Y., Saint-Andre, P., and T. Fossati,
"Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November
2022, <https://www.rfc-editor.org/info/rfc9325>.
11.2. Informative References
[IANA-Media-Type]
IANA, "Media Types",
<https://www.iana.org/assignments/media-types>.
[RFC7617] Reschke, J., "The 'Basic' HTTP Authentication Scheme",
RFC 7617, DOI 10.17487/RFC7617, September 2015,
<https://www.rfc-editor.org/info/rfc7617>.
[RFC9205] Nottingham, M., "Building Protocols with HTTP", BCP 56,
RFC 9205, DOI 10.17487/RFC9205, June 2022,
<https://www.rfc-editor.org/info/rfc9205>.
[RFC9562] Davis, K., Peabody, B., and P. Leach, "Universally Unique
IDentifiers (UUIDs)", RFC 9562, DOI 10.17487/RFC9562, May
2024, <https://www.rfc-editor.org/info/rfc9562>.
Appendix A. A High-Level Deployment Model
Conceptually, the TIPS system consists of three types of resources:
(R1): The TIPS frontend to create TIPS views.
(R2): The TIPS view directory, which provides metadata (e.g.,
references) about the network resource data.
(R3): The actual network resource data, encoded as complete ALTO
network resources (e.g., a cost map or a network map) or
incremental updates.
+------------------------------------------------+
| |
+------+ |R1: Frontend/Open R2: Directory/Meta R3: Data |
| | "iget" base | +-----+ +-----+ +-----+ |
| | resource 1 | | | | | | | |
| |-------------|---->| | | | | | |
| | incremental | | | | |-------->| | |
| | transfer | | | | | | | |
| | resource | | | | | | | |
| |<------------|-----------------------| | | | |
|Client| | | | +-----+ +-----+ |
| | "iget" base | | | |
| | resource 2 | | | +-----+ +-----+ |
| |-------------|---->| | | | | | |
| | incremental | | | | | | | |
| | transfer | +-----+ | | ------->| | |
| | resource | | | | | |
| |<------------|-----------------------| | | | |
+------+ | +-----+ +-----+ |
| |
+------------------------------------------------+
Figure 17: Sample TIPS Deployment Model
Design Point: Component Resource Location
Design 1 (Single): all the three resource types at the same single
server (accessed via relative reference).
Design 2 (Flexible): all three resource types can be at their own
server (accessed via absolute reference).
Design 3 (Dir + Data): R2 and R3 must remain together, though R1
might not be on the same server.
This document supports Designs 1 and 3. For Design 1, the ALTO
server simply needs to always use the same host for the TIPS views.
For Design 3, the ALTO server can set tips-view-host to a different
server. Note that the deployment flexibility is at the logical
level, as these services can be distinguished by different paths and
potentially be routed to different physical servers by Layer 7 load
balancing. See Section 8.1 for a discussion on load balancing
considerations. Future documents could extend the protocol to
support Design 2.
Appendix B. Conformance with "Building Protocols with HTTP" (RFC 9205)
Best Current Practices
This specification adheres fully to [RFC9205] as further elaborated
below:
* TIPS does not (as described in Section 3.1 of [RFC9205]):
| ...redefine, refine, or overlay the semantics of generic
| protocol elements such as methods, status codes, or existing
| header fields.
and instead focuses on
| ...protocol elements that are specific to [the TIPS]
| application -- namely, [its] HTTP resources.
* There are no statically defined URI components (Section 3.2 of
[RFC9205]).
* No minimum version of HTTP is specified by TIPS, which is
recommended (in Section 4.1 of [RFC9205]).
* The TIPS design follows the advice (in Section 4.1 of [RFC9205])
that:
| When specifying examples of protocol interactions, applications
| should document both the request and response messages with
| complete header sections, preferably in HTTP/1.1 format...
* TIPS uses URI templates, which is recommended (in Section 4.2 of
[RFC9205]).
* TIPS follows the pattern (in Section 4.4.1 of [RFC9205]) that:
| Generally, a client will begin interacting with a given
| application server by requesting an initial document that
| contains information about that particular deployment,
| potentially including links to other relevant resources. Doing
| so ensures that the deployment is as flexible as possible
| (potentially spanning multiple servers), allows evolution, and
| also gives the application the opportunity to tailor the
| "discovery document" to the client.
* TIPS uses existing HTTP schemes (Section 4.4.2 of [RFC9205]).
* TIPS defines its errors "to use the most applicable status code"
(Section 4.6 of [RFC9205]).
* TIPS does not (as in Section 4.11 of [RFC9205]):
| ...make assumptions about the relationship between separate
| requests on a single transport connection; doing so breaks many
| of the assumptions of HTTP as a stateless protocol and will
| cause problems in interoperability, security, operability, and
| evolution.
The only relationship between requests is that a client has to
first discover where a TIPS view of a resource will be served,
which is consistent with the URI discovery in Section 4.4.1 of
[RFC9205].
Appendix C. Push-Mode TIPS Using HTTP Server Push
TIPS allows ALTO clients to subscribe to incremental updates of an
ALTO resource, and the specification in this document is based on the
current best practice of building such a service using basic HTTP.
Earlier versions of this document had investigated the possibility of
enabling push-mode TIPS (i.e., by taking advantage of the server push
feature in HTTP/2 and HTTP/3).
In the ideal case, push-mode TIPS can potentially improve performance
(e.g., latency) in more dynamic environments and use cases with wait-
free message delivery. Using the built-in HTTP server push also
results in minimal changes to the current protocol. While not
adopted due to the lack of server push support and increased protocol
complexity, push-mode TIPS remains a potential direction of protocol
improvement.
Appendix D. Persistent HTTP Connections
Previous draft versions of this document use persistent HTTP
connections to detect the liveness of clients. However, this design
does not conform well with the best current practices of HTTP. For
example, if an ALTO client is accessing a TIPS view over an HTTP
proxy, the connection is not established directly between the ALTO
client and the ALTO server, but between the ALTO client and the proxy
and between the proxy and the ALTO server. Thus, using persistent
connections might not correctly detect the right liveness state.
Acknowledgments
The authors of this document would like to thank Mark Nottingham and
Spencer Dawkins for providing invaluable reviews of earlier draft
versions of this document; Adrian Farrel, Qin Wu, and Jordi Ros
Giralt for their continuous feedback; Russ White, Donald Eastlake
3rd, Martin Thomson, Bernard Aboba, Spencer Dawkins, Linda Dunbar,
and Sheng Jiang for the directorate reviews; Martin Duke for the area
director review; Francesca Palombini, Wesley Eddy, Roman Danyliw,
Murray Kucherawy, and Zaheduzzaman Sarker for the telechat and IESG
reviews; and Mohamed Boucadair for shepherding the document.
Authors' Addresses
Kai Gao
Sichuan University
No.24 South Section 1, Yihuan Road
Chengdu
610000
China
Email: kaigao@scu.edu.cn
Roland Schott
Deutsche Telekom
Deutsche-Telekom-Allee 9
64295 Darmstadt
Germany
Email: Roland.Schott@telekom.de
Yang Richard Yang
Yale University
51 Prospect Street
New Haven, CT 06511
United States of America
Email: yry@cs.yale.edu
Lauren Delwiche
Yale University
51 Prospect Street
New Haven, CT 06511
United States of America
Email: lauren.delwiche@yale.edu
Lachlan Keller
Yale University
51 Prospect Street
New Haven, CT 06511
United States of America
Email: lachlan.keller@aya.yale.edu
ERRATA