1 / 31

An Architecture for Differentiated Services

An Architecture for Differentiated Services. RFC 2475. Introduction. Diffserv architecture is to implement scalable service in the Internet A Service defines some significant characteristics of packet transmission such as : throughput, delay, jitter, loss

veda-cote
Download Presentation

An Architecture for Differentiated Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Architecture for Differentiated Services RFC 2475

  2. Introduction • Diffserv architecture is to implement scalable service in the Internet • A Service defines some significant characteristics of packet transmission such as : • throughput, delay, jitter, loss • Service differentiation is desired to accommodate heterogeneous app. requirements and user expectations

  3. Introduction • Diffserv architecture is compose of a number of functional elements implemented in network nodes: • A small set of per-hop forwarding behavior • Packet classification functions • Traffic conditioning functions • Complex classification and conditioning functions are only at boundary nodes • achieves scalability

  4. Requirements • Accommodate a wide variety of services and provisioning policies • Allow decoupling of the service form the particular app. in use • Work with existing app. without the need for the changes of the app. • Decouple traffic conditioning and service provisioning functions form forwarding behaviors within core nodes

  5. Requirements • Should not depend on hop-by-hop app. signaling • Require only a small set of forwarding behaviors • Avoid per-microflow or per-customer state within core network nodes • Utilize only aggregated classification state within core network nodes

  6. Requirements • Permit simple packet classification implementations in core network nodes • Permit reasonable interoperability with non-DS-compliant network nodes • Accommodate incremental deployment

  7. Diffserv Architectural Model • The simple model is: • Traffic entering a network is classified and possibly conditioned at the boundaries of the network, and assigned to different behavior aggregates • Behavior aggregate is identified by a single DS codepoint • Packets are forwarded according to the per-hop behavior associated with the DS codepoint in the core network

  8. Diffserv Domain • DS boundary nodes • classify and possibly condition ingress traffic • DS interior nodes • Select the forwarding behavior for packets based on their DS codepoint

  9. Diffserv Domain

  10. Ingress and Egress nodes • DS boundary nodes act both as a DS ingress node and as a DS egress node for different directions of traffic • DS ingress node is responsible for • ensuring that the traffic entering the DS domain conforms to the TCA • DS egress node • perform traffic conditioning functions on traffic forwarded to another domain

  11. Diffserv Region • A set of one or more contiguous DS domains • To permit services which span across the domains, the peering DS domains must each establish a peering SLA • Several DS domains within a DS region— • Adopt a common service provisioning policy • Support a common set of PHB groups and codepoint mappings

  12. Traffic classification and conditioning • Packet classification policy • Identify the subset of traffic • Traffic conditioning performs: • Metering • Shaping • Policing • Remarking

  13. Classifiers • Select packets in a traffic stream based on the content of some portion of the packet header • Two types of classifiers— • BA (Behavior Aggregate) classifier • Classify the packets based on codepoint only • MF (Multi-Field) classifier • Classify the packets based on the value of a combination of one or more header fields

  14. Traffic profiles • Specifies the temporal properties of a traffic stream selected by a classifier • Provides rules for determining whether a particular packet is in-profile or out-of-profile • Example: • codepoint=X, use token-bucket r, b • r—rate ; b—burst size

  15. Traffic conditioners • A traffic conditioner may contain the following elements: • Meter • Marker • Shaper • Dropper • A traffic stream is selected by a classifier • Classifier steers the packets to a logical instance of a traffic conditioner

  16. Logical view of classifier and conditioner Meter Shaper/ Dropper Classifier Marker Packets

  17. Traffic conditioners • Meters • measure the temporal properties of the stream of packets • passes state information to other conditioning functions • Markers • Set the DS field of a packet to a particular codepoint • re-marked the packets

  18. Traffic conditioners • Shapers • Delay packets in a traffic stream • Discard packets when the buffer is full • Droppers • Discard packets in a traffic stream • Can be implemented by set the shaper buffer size to zero

  19. Location of traffic conditioners • Within the source domain • Marking packets close to the traffic source • At the boundary of a DS domain • Ingress and egress nodes • In non-DS-capable domains • In interior DS nodes • More restrictive access policies may be enforced on a transoceanic link

  20. Per-Hop Behaviors • The externally observable behavior of a DS node applied to a particular DS behavior aggregate • PHBs are implemented in nodes by means of some buffer management and packet scheduling mechanisms • A PHB is selected at a node by a mapping of the DS codepoint

  21. Resource Allocation • Traffic conditioners can further control the usage of resources through— • Enforcement of TCAs • Operational feedback from the nodes and traffic conditioners in the domain

  22. PHB Specification Guidelines • Help foster implementation consistency • A PHB group must satisfy the guidelines • Preserve the integrity of this architecture • There are totally 15 guidelines in the RFC 2475

  23. Non-Diffserv-Compliant Nodes • Does not interpret the DS field as specified in [DSFIELD] • Dose not implement some or all of the PHB standardized PHBs • Due to the capabilities or configuration of the node • A special case of a non-DS-compliant node is the legacy node

  24. Non-Diffserv-Compliant Nodes • The use of non-DS-compliant nodes within a DS domain • Impossible to offer low-delay, low-loss, or provisioned bandwidth services • The use of a legacy node may be an acceptable alternative • The legacy node may or may not interpret bits 3-5 in accordance with RFC1349 • Result in unpredictable forwarding results

  25. Non-Diffserv-Compliant Nodes • The behavior of services which traverse non-DS-capable domains • Limit the ability to consistently deliver some types of services across the domain • A DS domain and a non-DS-capable domain may negotiate an agreement • A traffic stream form no-DS-capable domain to DS domain should be conditioned according to the appropriate SLA or policy

  26. Multicast considerations • Multicast packets may simultaneously take multiple paths through some segments of the domain • Consume more network resources than unicast packets • Multicast group membership is dynamic • Difficult to predict in advance the amount of network resources

  27. Multicast considerations • The selection of the DS codepoint for a multicast packet arriving at a DS ingress node • Packet may exit the DS domain at multiple DS egress nodes • The service guarantees for unicast traffic may be impacted

  28. Multicast considerations • One means for addressing this problem: • Establish a particular set of codepoints for multicast packets • Implement the necessary classification and traffic conditioning mechanisms in the DS egress nodes • Provide preferential isolation for unicast traffic

  29. Security Considerations • Theft and Denial of Service • An adversary may be able to obtain better service by modifying the DS field to codepoint • The theft of service becomes denial-of-service when it depletes the resources • Traffic conditioning at DS boundary nodes bust be along with security and integrity

  30. IPsec and Tunneling Interactions • IPsec’s tunnel mode provides security for the encapsulated IP header’s DS field • A tunnel mode IPsec packet contains 2 IP headers: • Outer header supplied by the tunnel ingress node • Encapsulated inner header supplied by the original source of the packet

  31. IPsec and Tunneling Interactions • At the tunnel egress node, IPsec processing includes: • Stripping the outer header • Forwarding the packet using the inner header • The tunnel egress node can safely assume that the DS field in the inner header has the same value as it had at the tunnel ingress node

More Related