One document matched: draft-ietf-i2rs-architecture-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
There has to be one entity for each item to be referenced.
An alternate method (rfc include) is described in the references. -->
<!ENTITY I-D.atlas-i2rs-problem-statement SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.atlas-i2rs-problem-statement.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="no" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="5"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="info" docName="draft-ietf-i2rs-architecture-00" ipr="trust200902">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
they will automatically be output with "(if approved)" -->
<!-- ***** FRONT MATTER ***** -->
<front>
<!-- The abbreviated title is used in the page header - it is only necessary if the
full title is longer than 39 characters -->
<title abbrev="I2RS Arch">An Architecture for the Interface to the Routing System</title>
<!-- add 'role="editor"' below for the editors if appropriate -->
<!-- Another author who claims to be an editor -->
<author fullname="Alia Atlas" initials="A.K.A."
surname="Atlas">
<organization>Juniper Networks</organization>
<address>
<postal>
<street>10 Technology Park Drive</street>
<city>Westford</city>
<region>MA</region>
<code>01886</code>
<country>USA</country>
</postal>
<email>akatlas@juniper.net</email>
</address>
</author>
<author fullname="Joel Halpern" initials="J.H." surname="Halpern">
<organization>Ericsson</organization>
<address>
<email>Joel.Halpern@ericsson.com</email>
</address>
</author>
<author fullname="Susan Hares" initials="S.H." surname="Hares">
<organization>ADARA</organization>
<address>
<email>shares@ndzh.com</email>
</address>
</author>
<author fullname="Dave Ward" initials="D.W." surname="Ward">
<organization>Cisco Systems</organization>
<address>
<postal>
<street>Tasman Drive</street>
<city>San Jose</city>
<region>CA</region>
<code>95134</code>
<country>USA</country>
</postal>
<email>wardd@cisco.com</email>
</address>
</author>
<author fullname="Thomas D. Nadeau" initials="T.N." surname="Nadeau">
<organization>Juniper Networks</organization>
<address>
<email>tnadeau@juniper.net</email>
</address>
</author>
<date year="2013" />
<!-- Meta-data Declarations -->
<area>Routing</area>
<abstract>
<t>This document describes an architecture for a standard,
programmatic interface for state transfer in and out of the Internet's
routing system. It describes the basic architecture, the components,
and their interfaces with particular focus on those to be standardized
as part of I2RS.</t>
</abstract>
</front>
<middle>
<section anchor="Intro" title="Introduction">
<t>Routers that form the Internet's routing infrastructure
maintain state at various layers of detail and function. For
example, a typical router maintains a Routing Information Base
(RIB), and implements routing protocols such as OSPF, ISIS, BGP
to exchange protocol state and other information about the state
of the network with other routers.</t>
<t>A router also has information that may be required for
applications to understand the network, verify that programmed
state is installed in the forwarding plane, measure the behavior
of various flows, routes or forwarding entries, as well as
understand the configured and active states of the
router. Furthermore, routers are typically configured with
procedural or policy-based instructions that tell them how to
convert all of this information into the forwarding operations
that are installed in the forwarding plane. It is also the
active state information that describes the expected and
observed operational behavior of the router.</t>
<t> This document sets out an architecture for a common,
standards-based interface to this information. This Interface to
the Routing System (I2RS) facilitates control and diagnosis of
the RIB manager's state, as well as enabling network
applications to be built on top of today's routed networks. The
I2RS is a programmatic asynchronous interface for transferring
state into and out of the Internet's routing system, and
recognizes that the routing system and a router's OS provide
useful mechanisms that applications could harness to accomplish
application-level goals.</t>
<t>Fundamental to the I2RS are clear data models that define the
semantics of the information that can be written and read. The
I2RS provides a framework for registering for and requesting the
appropriate information for each particular application. The
I2RS provides a way for applications to customize network
behavior while leveraging the existing routing system as much as
desired.</t>
<t>The I2RS, and therefore this document, are specifically
focused on an interface for routing data.</t>
<section title="Functional Overview">
<t>There are four key aspects to the I2RS. First, the
interface is a programmatic interface which needs to be
asynchronous and offers fast, interactive access. Second, the
I2RS gives access to information and state that is not usually
configurable or modeled in existing implementations or
configuration protocols. Third, the I2RS gives applications
the ability to learn additional, structured, filterable
information and events from the router. Fourth, the I2RS will
be data-model driven to facilitate extensibility and provide
standard data-models to be used by network applications.</t>
<t>I2RS is described as an asynchronous programmatic interface; the
key properties of which are described in Section 5 of <xref
target="I-D.atlas-i2rs-problem-statement"/>.</t>
<t>Such an interface facilitates the specification of
implicitly non-permanent state into the routing system, that
can optionally be made permanent. In addition, the extraction
of that information and additional dynamic information from
the routing system is a critical component of the interface. A
non-routing protocol or application could inject state into a
routing element via the state-insertion aspects of the I2RS
and that state could then be distributed in a routing or
signaling protocol and/or be used locally (e.g. to program the
co-located forwarding plane). </t>
<t>There are several types of information that the I2RS will
facilitate an I2RS Client obtaining. These range from dynamic
event notifications (e.g. changes to a particular next-hop,
interface up/down, etc.)to information collection streams
(statistics, topology, route changes, etc) to simply read
operations. The I2RS provides the ability for an I2RS client
to request filtered and thresholded information as well as
events.</t>
</section>
<section title="Architectural Overview">
<t>The figure in <xref target="arch_agent_client"/> shows the basic
architecture for I2RS. Inside a Routing Element, the I2RS agent
interacts with both the routing subsystem and with local
configuration. A network application uses an I2RS client to
communicate with one or more I2RS agents on their routing elements.
The scope of I2RS is to define the interactions between the I2RS agent
and the I2RS client and the associated proper behavior of the I2RS
agent and I2RS client.</t>
<figure anchor="arch_agent_client"
title="Architecture of I2RS clients and agents" align="center">
<artwork align="center"><![CDATA[
*********************** ***********************
* Application A * * Application B *
* * * *
* +----------------+ * * +----------------+ *
* | Client A | * * | Client B | *
* +----------------+ * * +----------------+ *
******* ^ ************* ***** ^ ****** ^ ******
| | |
| -----------------------| |
| | |
******* v ***** v ************ ************** v **********
* +----------------+ * * +----------------+ *
* | Agent 1 | * * | Agent 2 | *
* +----------------+ * * +----------------+ *
* ^ ^ ^ * * ^ ^ ^ *
* | | | * * | | | *
* v | v * * v | v *
* *********** | ********** * * *********** | ********* *
* * Routing * | * Local * * * * Routing * | * Local * *
* * and * | * Config * * * * and * | * Config* *
* *Signaling* | ********** * * *Signaling* | ********* *
* ********** v * * *********** v *
* ************ * * *********** *
* * Dynamic * * * * Dynamic * *
* * System * * * * System * *
* * State * * * * State * *
* ************ * * *********** *
* * * *
* Routing Element 1 * * Routing Element 2 *
****************************** ***************************
]]></artwork>
</figure>
<t><list style="hanging">
<t hangText="Routing Element: ">A Routing Element implements at least
some portion of the routing system. It does not need to have a
forwarding plane associated with it. Examples of Routing Elements can
include:
<list>
<t>A router with a forwarding plane and RIB Manager that runs ISIS,
OSPF, BGP, PIM, etc.</t>
<t>A server that runs BGP as a Route Reflector</t>
<t>An LSR that implements RSVP-TE, OSPF-TE, and PCEP and has a
forwarding plane and associated RIB Manager.</t>
<t>A server that runs ISIS, OSPF, BGP and uses ForCES to control a
remote forwarding plane.</t>
</list>
A Routing Element may be locally managed, whether via CLI, SNMP, or
NETCONF.</t>
<t hangText="Routing and Signaling: ">This block represents that portion of the
Routing Element that implements part of the Internet routing system.
It includes not merely standardized protocols (i.e. IS-IS, OSPF, BGP,
PIM, RSVP-TE, LDP, etc.), but also the RIB Manager layer.</t>
<t hangText="Local Config: ">A Routing Element will provide the
ability to configure and manage it. The Local Config may be provided
via a combination of CLI, NETCONF, SNMP, etc. The black box behavior
for interactions between the state that I2RS installs into the routing
element and the Local Config must be defined.</t>
<t hangText="Dynamic System State: ">An I2RS agent needs access to
state on a routing element beyond what is contained in the routing
subsystem. Such state may include various counters, statistics, and
local events. How this information is provided to the I2RS agent is
out of scope, but the standardized information and data models for
what is exposed are part of I2RS.</t>
<t hangText="I2RS Agent: ">The I2RS agent implements the I2RS
protocol(s) and interacts with the routing element to provide
specified behavior.</t>
<t hangText="Application: ">A network application that needs to
manipulate the network to achieve its service requirements.</t>
<t hangText="I2RS Client: ">The I2RS client implements the I2RS
protocol(s). It interacts with other elements of the policy,
provisioning, and configuration system by means outside of the scope of
the I2RS effort. It interacts with the I2RS agents to collect
information from the routing and forwarding system. Based on the
information and the policy oriented interactions, the I2RS client may
also interact with the I2RS agent to modify the state of the routing
system the client interacts with to achieve operational goals.</t>
</list></t>
<t>As can be seen in <xref target="arch_agent_client"/>, an I2RS
client can communicate with multiple I2RS agents. An I2RS client may
connect to one or more I2RS agents based upon its needs. Similarly,
an I2RS agent may communicate with multiple I2RS clients - whether to
respond to their requests, to send notifications, etc. Timely
notifications are critical so that several simultaneously operating
applications have up-to-date information on the state of the
network.</t>
<t>As can also be seen in <xref target="arch_agent_client"/>, an I2RS
Agent may communicate with multiple clients. Each client may send the
agent a variety of write operations. The handling of this situation
has been a source of discussion in the working group. In order to
keep the protocol simple, the current view is that two clients should
not be attempting to write (modify) the same piece of information.
Such collisions may happen, but are considered error cases that should
be resolved by the network applications and management systems.</t>
<t>Multiple I2RS clients may need to supply data into the same list
(e.g. a prefix or filter list); this is not considered an error and
must be correctly handled. The nuances so that writers do not
normally collide should be handled in the information models.</t>
<t> The architectural goal for the I2RS is that such errors should
produce predictable behaviors, and be reportable to interested
clients. The details of the associated policy is discussed in <xref
target="multi_headed_control_sec"/>. The same policy mechanism
(simple priority per I2RS client) applies to interactions between the
I2RS agent and the CLI/SNMP/NETCONF as described in <xref
target="local_config_sec"/>.</t>
<t>In addition it must be noted that there may be indirect interactions
between write operations. Detection and avoidance of such
interactions is outside the scope of the I2RS work and is left to
agent design and implementation for now. [[Editor's note: This topic
needs more discussion in the working group.]]</t>
</section>
</section> <!-- End of Introduction -->
<section title="Terminology">
<t>The following terminology is used in this document.</t>
<t><list style="hanging">
<t hangText="agent or I2RS Agent: ">An I2RS agent provides the supported
I2RS services to the local system's routing sub-systems. The I2RS
agent understands the I2RS protocol and can be contacted by I2RS clients.</t>
<t hangText="client or I2RS Client: ">A client speaks the I2RS
protocol to communicate with I2RS Agents and uses the I2RS services to
accomplish a task. An I2RS client can be seen as the part of an
application that uses and supports I2RS and could be a software
library.</t>
<t hangText="service or I2RS Service: ">For the purposes of I2RS, a
service refers to a set of related state access functions together
with the policies that control their usage. The expectation is that a
service will be represented by a data-model. For instance, 'RIB
service' could be an example of a service that gives access to state
held in a device's RIB.</t>
<t hangText="read scope: ">The set of information which the
I2RS client is authorized to read. This access
includes the permission to see the existence of data and the ability
to retrieve the value of that data.</t>
<t hangText="notification scope: ">The set of events and associated
information that the I2RS Client can request be pushed by the I2RS
Agent. I2RS Clients have the ability to register for specific events
and information streams, but must do so given the access restrictions
of their notification scope.</t>
<t hangText="write scope: ">The set of field values which the I2RS
client is authorized to write (i.e. add, modify or delete). This
access can restrict what data can be modified or created, and what
specific value sets and ranges can be installed. </t>
<t hangText="scope: ">When unspecified as either read scope or write
scope, the term scope applies to both the read scope and write
scope.</t>
<t hangText="resources: ">A resource is an I2RS-specific use of
memory, storage, or execution that a client may consume due to its
I2RS operations. The amount of each such resource that a client may
consume in the context of a particular agent can be constrained based
upon the client's security role. An example of such a resource could
include the number of notifications registered for. These are not
protocol-specific resources or network-specific resources.</t>
<t hangText="role or security role: ">A security role specifies the
scope, resources, priorities, etc. that a client or agent has.</t>
<t hangText="identity: ">A client is associated with exactly one
specific identity. State can be attributed to a particular identity.
It is possible for multiple communication channels to use the same
identity; in that case, the assumption is that the associated client
is coordinating such communication.</t>
<t hangText="secondary identity: ">An I2RS Client may supply a
secondary opaque identity that is not interpreted by the I2RS Agent.
An example use is when the I2RS Client is a go-between for multiple
applications and it is necessary to track which application has
requested a particular operation.</t>
</list></t>
</section>
<section title="Key Architectural Properties">
<section title="Simplicity">
<t>There have been many efforts over the years to improve the access
to the information known to the routing and forwarding system. Making
such information visible and usable to network management and
applications has many well-understood benefits. There are two related
challenges in doing so. First, the span of information potentially
available is very large. Second, the variation both in the structure
of the data and in the kinds of operations required tends to introduce
protocol complexity.</t>
<t>Having noted that, it is also critical to the utility of I2RS that
it be easily deployed and robust. Complexity in the protocol hinders
implementation, robustness, and deployability. Also, complexity in
the data models frequently makes it harder to extend rather than
easier.</t>
<t>Thus, one of the key aims for I2RS is the keep the protocol and
modeling architecture simple. So for each architectural component or
aspect, we ask ourselves "do we need this complexity, or is the
behavior merely nice to have?" Protocol parsimony is clearly a
goal.</t>
</section>
<section title="Extensibility">
<t>There are several ways that the scope of the I2RS work is being
restricted in the interests of achieving a deliverable and deployable
result. We are only working on the models to be used over the single
identified interface. We are only looking at modeling a subset of the
data of interest. And we are probably only representing a subset of
the operations that may eventually be needed (although there is some
hope that we are closer on that aspect than others to what is needed.)
Thus, it is important to consider extensibility not only of the
underlying services' data models, but also of the primitives and
protocol operations. </t>
<t>At the same time, it is clearly desirable for the data models and
protocol operations we define in the I2RS to be useful the in more
general settings. It should be easy to integrate data models from the
I2RS with other data. Other work should be able to easily extend it
to represent additional aspects of the network elements or network
systems. Hence, the data model and protocol definitions need to be
designed to be highly extensible, preferably in a regular and simple
fashion.</t>
</section>
<section title="Model-Driven Programmatic Interfaces">
<t>A critical component of I2RS is the standard information and data
models with their associated semantics. While many components of the
routing system are standardized, associated data models for them are
not yet available. Instead, each router uses different information,
different mechanisms, and different CLI which makes a standard
interface for use by applications extremely cumbersome to develop and
maintain. Well-known data modeling languages exist and may be used for
defining the data models for I2RS.</t>
<t>There are several key benefits for I2RS in using model-driven
architecture and protocol(s). First, it allows for transferring
data-models whose content is not explicitly implemented or understood.
Second, tools can automate checking and manipulating data; this is
particularly valuable for both extensibility and for the ability to
easily manipulate and check proprietary data-models.</t>
<t>The different services provided by I2RS can correspond to separate
data-models. An I2RS agent may indicate which data-models are
supported.</t>
</section>
<section anchor="aa_sec" title="Authorization and Authentication">
<t>All control exchanges between the I2RS client and agent MUST be
authenticated and integrity protected (such that the contents cannot
be changed without detection). Manipulation of the system must be
accurately attributable. In an ideal architecture, even information
collection and notification should be protected; this may be subject
to engineering tradeoffs during the design.</t>
<t>I2RS Agents, in performing information collection and manipulation,
will be acting on behalf of the I2RS clients. As such, they will
operate based on the lower of the two permissions of the agent itself
and of the client.</t>
<t>I2RS clients may be operating on behalf of other applications.
While those applications' identities are not need for authorization,
each application should have a unique opaque identifier that can be
provided by the I2RS client to the I2RS agent for purposes of tracking
attribution of operations to support functionality such as accounting
and troubleshooting.</t>
</section>
</section>
<section title="Network Applications and I2RS Client">
<t>An I2RS Client has a standardized interface that uses the I2RS
protocol(s) to communicate with I2RS Agents. The interface between an I2RS client and the network applications is outside the scope of I2RS.</t>
<t>When an I2RS Client interacts with multiple network applications,
that I2RS Client is behaving as a go-between and should indicate this to
the I2RS Agents by, for example, specifying a secondary opaque
identity to allow improved troubleshooting.</t>
<t>A network application that uses an I2RS client may also be
considered a routing element and include an I2RS agent for
interactions. However, where the needed information and data models
for that upper interface differs from that of a conventional routing
element, those models are, at least initially, out of scope for I2RS.</t>
<section title="Example Network Application: Topology Manager">
<t>One example of such an application is a Topology Manager. A
Topology Manager includes an I2RS client that uses the I2RS data
models and protocol to collect information about the state of the
network by communicating directly with one or more I2RS agents. From
these I2RS agents, the Topology Manager collects routing configuration
and operational data. Most importantly, it collects information about
the routing system, including the contents of the IGP (e.g., IS-IS or
OSPF) and BGP data sets.</t>
<t>The Topology Manager may be embedded as a component of a larger
application. It would construct internal data structures and use the
collected data to drive functions such as path computations or anomalous
routing detection. Alternatively, the Topology Manager could combine
the I2RS-collected data with other information, abstract a composite
set, and provide a coherent picture of the network state accessible via
another interface. That interface might use the same I2RS protocol and
could use extensions to the I2RS data models. Developing such
mechanisms is outside the initial scope of the I2RS work.</t>
</section>
</section>
<section title="I2RS Agent Role and Functionality">
<t>The I2RS Agent is part of a routing element. As such, it has
relationships with that routing element as a whole, and with various
components of that routing element.</t>
<section title="Relationship to its Routing Element">
<t>A Routing Element may be implemented with a wide variety of
different architectures: an integrated router, a split architecture,
distributed architecture, etc. The architecture does not need to
affect the general I2RS agent behavior.</t>
<t>For scalability and generality, the I2RS agent may be responsible
for collecting and delivering large amounts of data from various parts
of the routing element. Those parts may or may not actually be part
of a single physical device. Thus, for scalability and robustness, it
is important that the architecture allow for a distributed set of
reporting components providing collected data from the I2RS agent back
to the relevant I2RS clients. As currently envisioned, a given I2RS
agent would have only one locus per I2RS service for manipulation of
routing element state.</t>
</section>
<section title="State Storage">
<t>State modification requests are sent to the I2RS agent in a network
element by I2RS clients. The I2RS agent is responsible for applying
these changes to the system. How much data must the I2RS Agent store
about these state-modifying operations, and with what persistence?
There are range of possible answers. One extreme is where it stores
nothing, cannot indicate why or by whom state was placed into the
routing element, and relies on clients reapplying things in all
possible cases. The other extreme is where multiple clients'
overlapping operations are stored and managed, as is done in the RIB
for routes with a preference or priority to pick between the routes.</t>
<t> In answering this question, this architecture tries to provide
sufficient power to keep client operations effective, while still
being simple to implement in the I2RS Agent, and to observe
meaningfully during operation. The I2RS agent stores the set of
operations it has applied. Simply, the I2RS agent stores who did what
operation to which entity. New changes replace any data about old
ones. If an I2RS client does an operation to remove some state, that
state is removed and the I2RS agent stores no more information about
it. This allows any interested party to determine what the current
effect of I2RS on the system is, and why. Meaningful logging is also
recommended.
</t>
<t>The I2RS Agent will not attempt to retain or reapply state across
routing element reboot. Determination of whether state still applies
depends heavily on the causes of reboots, and reapplication is at least
as likely to cause problems as it is to provide for correct
operation. [[Editor's note: This topics needs more discussion in
the working group.]]</t>
<section title="Starting and Ending">
<t>An I2RS client applies changes via the I2RS protocol based on
policy and other application inputs. While these changes may be of
the form "do this now, and leave it there forever", they are
frequently driven by other conditions which may have start times, stop
times, or are only to be used under certain conditions. The I2RS
interface protocol could be designed to allow an I2RS Client to
provide a wide range of such conditional information to the I2RS Agent
for application. At the other extreme, the I2RS client could provide
all such functionality based on its own clocking and network event
reporting from the relevant I2RS Agents. </t>
<t>Given that the complexity of possible conditions is very large, and
that some conditions may even cross network element boundaries,
clearly some degree of handling must be provided on the I2RS client.
As such, in this architecture it is assumed that all the complexity
associated with this should be left to the I2RS client. This
architectural view does mean that reliability of the communication
path between the I2RS client and I2RS agent is critical. [[Editor's
note: This requires more discussion in the working group.]]
</t>
</section>
<section title="Reversion">
<t> An I2RS Agent may decide that some state should no longer be
applied. An I2RS Client may instruct an Agent to remove state it has
applied. In all such cases, the state will revert to what it would
have been without the I2RS; that state is generally whatever was
specified via the CLI, NETCONF, SNMP, etc. I2RS Agents will not store
multiple alternative states, nor try to determine which one among such
a plurality it should fall back to. Thus, the model followed is not
like the RIB, where multiple routes are stored at different
preferences.</t>
<t>An I2RS Client may register for notifications when state that was
applied by a particular I2RS Client is modified or removed.</t>
</section>
</section>
<section anchor="local_config_sec" title="Interactions with Local Config">
<t>As described above, local device configuration is considered to be
separate from the I2RS data store. Thus, changes may originate from
either source. Policy (i.e. comparisons between a CLI/SNMP/NETCONF
priority and a I2RS agent priority) can determine whether the local
configuration should overwrite any state written by I2RS and
attributed to a particular I2RS Client or whether I2RS as attributed
to a particular I2RS Client can overwrite local configuration
state.</t>
<t>Simply allowing the most recent state to prevail could cause race
conditions where the final state is not repeatably deterministic. One
important aspect is that if CLI/SNMP/NETCONF changes data that is
subject to monitoring or manipulating by I2RS, then the system must be
instrumented enough to provide suitable I2RS notifications of these
changes.
</t>
</section>
<section title="Routing Components and Associated I2RS Services">
<t>For simplicity, each logical protocol or set of functionality that
be compactly described in a separable information and data model is
considered as a separate I2RS Service. A routing element need not
implement all routing components described nor provide the associated
I2RS services. The initial services included in the I2RS architecture
are as follows.</t>
<section title="Unicast and Multicast RIB and LFIB">
<t>Network elements concerned with routing IP maintain IP unicast
RIBs. Similarly, there are RIBs for IP Multicast, and a Label
Information Base (LIB) for MPLS. The I2RS Agent
needs to be able to read and write these sets of data. The I2RS data
model must include models for this information.</t>
<t>In particular, with regard to writing this information, the I2RS
Agent should use the same mechanisms that the routing element already
uses to handle RIB input from multiple sources, so as to compatibly
change the system state.</t>
<t>The multicast state added to the multicast RIB does not need to
match to well-known protocol installed state. The I2RS Agent can
create arbitrary replication state in the RIB, subject to the
advertised capabilities of the routing element.</t>
</section>
<section title="IGPs, BGP and Multicast Protocols">
<t>In addition to interacting with the consolidated RIB, the I2RS agent
may need to interact with the individual routing protocols on the
device. This interaction includes a number of different kinds of
operations:</t>
<t><list style="symbols">
<t>reading the various internal rib(s) of the routing protocol is
often helpful for understanding the state of the network. Directly
writing these protocol-specific RIBs or databases is out of scope for
I2RS.</t>
<t>reading the various pieces of policy information the particular
protocol instance is using to drive its operations.</t>
<t>writing policy information such as interface attributes that are
specific to the routing protocol or BGP policy that may indirectly
manipulate attributes of routes carried in BGP.</t>
<t>writing routes or prefixes to be advertised via the protocol.</t>
<t>joining/removing interfaces from the multicast trees</t>
<t>subscribing to an information stream of route changes</t>
<t>receiving notifications about peers coming up or going down</t>
</list></t>
<t>For example, the interaction with OSPF might include modifying the
local routing element's link metrics, announcing a locally-attached
prefix, or reading some of the OSPF link-state database. However,
direct modification of of the link-state database is NOT allowed to
preserve network state consistency.</t>
</section>
<section title="MPLS">
<t>The I2RS agent will need to interact with the protocols that create
transport LSPs (e.g. LDP and RSVP-TE) as well as protocols (e.g. BGP,
LDP) that provide MPLS-based services (e.g. pseudowires, L3VPNs,
L2VPNs, etc).</t>
</section>
<section title="Policy and QoS Mechanisms">
<t>Many network elements have separate policy and QoS mechanisms,
including knobs which affect local path computation and queue control
capabilities. These capabilities vary widely across implementations,
and I2RS cannot model the full range of information collection or
manipulation of these attributes. A core set does need to be included
in the I2RS data models and in the expected interfaces between the I2RS
Agent and the network element, in order to provide basic capabilities
and the hooks for future extensibility. [[Editor's
note: This requires more discussion in the working group.]]</t>
</section>
</section>
</section>
<section title="I2RS Client Agent Interface">
<section anchor="prot_struct_sec" title="Protocol Structure">
<t>One could view I2RS merely as a way to talk about the existing
network management interfaces to a network element. That would be
quite limiting and would not meet the requirements elucidated
elsewhere. One could also view I2RS as a collection of protocols -
some existing and some new - that meet the needs. While that could be
made to work, the complexity of such a mechanism would be quite high.
One would need to develop means to coordinate information across a set
of protocols that were not designed to work together. From a
deployability perspective, this would not meet the goal of simplicity.
As a result, this architecture views the I2RS as an interface
supporting a single control and data exchange protocol. Whether such
a protocol is built upon extending existing mechanisms or requires a
new mechanism requires further investigation. That protocol may use
several underlying transports (TCP, SCTP, DCCP), with suitable
authentication and integrity protection mechanisms. These different
transports can support different types of communication (e.g. control,
reading, notifications, and information collection) and different sets
of data. Whatever transport is used for the data exchange, it must
also support suitable congestion control mechanisms.</t>
</section>
<section title="Channel">
<t>The uses of a single I2RS protocol does not imply that only one
channel of communication is required. There may be a range of
reliability requirements, and to support the scaling there may need to
be channels originating from multiple sub-components of a routing
element. These will all use the date exchange protocol, and
establishment of additional channels for communication will be
coordinated between the I2RS client and the I2RS agent.</t>
</section>
<section title="Negotiation">
<t>Protocol support capabilities will vary across I2RS Clients and
Routing Elements supporting I2RS Agents. As such, capability
negotiation (such as which transports are supported beyond the minimum
required to implement) will clearly be necessary. It is important
that such negotiations be kept simple and robust, as such mechanisms
are often a source of difficulty in implementation and deployment.</t>
<t>Negotiation should be broken into several aspects, such as protocol
capablities and I2RS services and model types supported.</t>
</section>
<section anchor="ident_sec" title="Identity and Security Role">
<t>Each I2RS Client will have a unique identity; it can also have secondary
identities to be used for troubleshooting. A secondary identity is
merely a unique, opaque identifier that may be helpful in
troubleshooting. Via authentication and authorization mechanisms, the
I2RS agent will have a specific scope for reading data, for writing
data, and limitations on the resources that can be consumed. The
scopes need to specify both the data and the value ranges.</t>
<section anchor="redundancy_sec" title="Client Redundancy">
<t>I2RS must support client redundancy. At the simplest, this can be
handled by having a primary and a backup network application that both
use the same client identity and can successfully authenticate as
such. Since I2RS does not require a continuous transport connection
and supports multiple transport sessions, this can provide some basic
redundancy. However, it does not address concerns for troubleshooting
and accountability about knowing which network application is actually
active. At a minimum, basic transport information about each
connection and time can be logged with the identity. Further
discussion is necessary to determine whether additional client
identification information is necessary.[[Editor's
note: This requires more discussion in the working group.]]</t>
</section>
</section>
<section title="Connectivity">
<t>A client may or may not maintain an active communication channel
with an agent. Therefore, an agent may need to open a communication
channel to the client to communicate previously requested information.
The lack of an active communication channel does not imply that the
associated client is non-functional. When communication is required,
the agent or client can open a new communication channel.</t>
<t>State held by an agent that is owned by a client should not be
removed or cleaned up when a client is no longer communicating - even
if the agent cannot successfully open a new communication channel to
the client.</t>
<t>There are three different assumptions that can apply to handling
dead clients. The first is that the network applications or
management systems will detect a dead network application and either
restart that network application or clean up any state left behind.
The second is to allow state expiration, expressed as a policy
associated with the I2RS client's role. The state expiration could
occur after there has been no successful communication channel to or
from the I2RS client for the policy-specified duration. The third is
that the client could explicitly request state clean-up if a
particular transport session is terminated.</t>
</section>
<section title="Notifications">
<t>As with any policy system interacting with the network, the I2RS
Agent needs to be able to receive notifications of changes in network
state. Notifications here refers to changes which are unanticipated,
represent events outside the control of the systems (such as
interface failures on controlled devices), or are sufficiently sparse
as to be anomalous in some fashion.</t>
<t>Such events may be of interest to multiple I2RS Clients controlling
data handled by an I2RS Agent, and to multiple other I2RS clients
which are collecting information without exerting control. The
architecture therefore requires that it be practical for I2RS Clients to
register for a range of notifications, and for the I2R Agents to send
notifications to a number of Clients.</t>
<t>As the I2RS is developed, it is likely that a management
information-model and data-model will be required to describe event
notifications for general or I2RS errors.</t>
<t>For performance and scaling by the I2RS client and general
information privacy, an I2RS Client needs to be able to register for
just the events it is interested in. It is also possible that I2RS
might might provide a stream of notifications via a publish/subscribe
mechanism that is not amenable to having the I2RS agent do the
filtering.</t>
</section>
<section title="Information collection">
<t>One of the other important aspects of the I2RS is that it is
intended to simplify collecting information about the state of network
elements. This includes both getting a snapshot of a large amount of
data about the current state of the network element, and subscribing
to a feed of the ongoing changes to the set of data or a subset
thereof. This is considered architecturally separate from
notifications due to the differences in information rate and total
volume.</t>
</section>
<section anchor="multi_headed_control_sec" title="Multi-Headed Control">
<t>As was described earlier, an I2RS Agent interacts with multiple
I2RS Clients who are actively controlling the network element. From
an architecture and design perspective, the assumption is that by
means outside of this system the data to be manipulated within the
network element is appropriately partitioned so that any given piece
of information is only being manipulated by a single I2RS Client.</t>
<t>Nonetheless, unexpected interactions happen and two (or more) I2RS
clients may attempt to manipulate the same piece of data. This is
considered an error case. This architecture does not attempt to
determine what the right state of data is in such a collision Rather,
the architecture mandates that there be decidable means by which I2RS
Agents will handle the collisions. The current recommendation is to
have a simple priority associated with each I2RS clients, and the
highest priority change remains in effect. In the case of priority
ties, the first client whose attribution is associated with the data
will keep control</t>
<t>In order for this to be useful for I2RS Clients, it is important
that it be possible for an I2RS Client to register for changes to any
I2RS manipulatable data that it may care about. The I2RS client may
then respond to the situation as it sees fit.</t>
</section>
<section title="Transactions">
<t>In the interest of simplicity, the I2RS architecture does not
include multi-message atomicity and rollback mechanisms. Rather, it
includes a small range of error handling for a set of operations
included in a single message. An I2RS Client may indicate one of the
following three error handling for a given message with multiple
operations which it sends to an I2RS Agent:</t>
<t><list style="hanging">
<t hangText="Perform all or none: ">This traditional SNMP semantic
indicates that other I2RS agent will keep enough state when handling a
single message to roll back the operations within that message.
Either all the operations will succeed, or none of them will be
applied and an error message will report the single failure which
caused the not to be applied. This is useful when there are, for
example, mutual dependencies across operations in the message.</t>
<t hangText="Perform until error: ">In this case, the operations in
the message are applied in the specified order. When an error occurs,
no further operations are applied, and an error is returned indicating
the failure. This is useful if there are dependencies among the
operations and they can be topologically sorted.</t>
<t hangText="Perform all storing errors: ">In this case, the I2RS Agent will attempt
to perform all the operations in the message, and will return error
indications for each one that fails. This is useful when there is no
dependency across the operation, or where the client would prefer to
sort out the effect of errors on its own.</t> </list></t> <t>In the
interest of robustness and clarity of protocol state, the protocol
will include an explicit reply to modification operations even when
they fully succeed.</t>
</section>
</section>
<section title="Manageability Considerations">
<t>Manageability plays a key aspect in I2RS. Some initial examples
include: <list style="hanging">
<t hangText="Resource Limitations: ">Using I2RS, applications can
consume resources, whether those be operations in a time-frame,
entries in the RIB, stored operations to be triggered, etc. The
ability to set resource limits based upon authorization is
important.</t>
<t hangText="Configuration Interactions: ">The interaction
of state installed via the I2RS and via a router's
configuration needs to be clearly defined. As described in
this architecture, a simple priority that is configured can
be used to express the desired policy.</t>
</list></t>
</section>
<section anchor="Security" title="Security Considerations">
<t>This framework describes interfaces that clearly require
serious consideration of security. The ability to identify,
authenticate and authorize applications that wish to install
state is necessary and briefly described in <xref
target="aa_sec"/>. Security of communications from the
applications is also required as discussed in <xref
target="prot_struct_sec"/>. Scopes for reading and writing data
specified in the context of the data models and the value ranges
are discussed briefly in <xref target="ident_sec"/>.
</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document includes no request to IANA.</t>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>Significant portions of this draft came from
draft-ward-i2rs-framework-00 and
draft-atlas-i2rs-policy-framework-00.</t>
<t>The authors would like to thank Nitin Bahadur, Shane Amante, Ed
Crabbe, Ken Gray, Carlos Pignataro, Wes George, Joe Clarke, Juergen
Schoenwalder, and Jamal Hadi Salim for their suggestions and
review.</t>
</section>
</middle>
<!-- *****BACK MATTER ***** -->
<back>
<!-- References split into informative and normative -->
<!-- There are 2 ways to insert reference entries from the
citation libraries: 1. define an ENTITY at the top, and use
"ampersand character"RFC2629; here (as shown) 2. simply use a PI
"less than character"?rfc include="reference.RFC.2119.xml"?> here
(for I-Ds:
include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")
Both are cited textually in the same manner: by using xref
elements. If you use the PI option, xml2rfc will, by default,
try to find included files in the same directory as the including
file. You can also define the XML_LIBRARY environment variable
with a value containing a set of directories to search. These
can be either in the local filing system or remote ones accessed
by http (http://domain/dir/... ).-->
<!--
<references title="Normative References">
</references>
-->
<references title="Informative References">
&I-D.atlas-i2rs-problem-statement;
</references>
<!-- Change Log
v02 2013-08-13 AKA Made changes based on WG adoption call discussions
v00 2013-06-18 AKA First full version
-->
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 23:52:59 |