rfc1125.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,179 行 · 第 1/4 页
TXT
1,179 行
and provides evidence to third parties (i.e., non-repudiation).
Accountability mechanisms can also be used to provide feedback to
users as to consumption of resources. Internally an AD often decides
to do away with such feedback under the premise that communication is
a global good and should not be inhibited. There is not necessarily a
"global good" across AD boundaries. Therefore, it becomes more
appropriate to have resource usage visible to users, whether or not
actual charging for usage takes place. Another motivation that
drives the need for accountability across AD boundaries is the
greater variability in implementations. Different implementations of
a single network protocol can vary greatly as to their efficiency
[8]. We can not assume control over implementation across AD
boundaries. Feedback mechanisms such as metering (and charging in
some cases) would introduce a concrete incentive for ADs to employ
efficient and correct implementations. PR should allow an AD to
advertise and apply such accounting measures to inter-AD traffic.
In summary, the lack of global authority, the need to support network
resource sharing as well as network interconnection, the complex and
dynamic mapping of users to ADs and rights, and the need for
accountability across ADs, are characteristics of inter-AD
communications which must be taken into account in the design of both
policies and supporting technical mechanisms.
5 TOPOLOGY MODEL OF INTERNET
Before discussing policies per se, we outline our model of inter-AD
topology and how it influences the type of policy support required.
Most members of the Internet community agree that the future Internet
will connect on the order of 150,000,000 termination points and
100,000 ADs. However, there are conflicting opinions as to the AD
topology for which we must design PR mechanisms. The informal
argument is described here.
SIMPLE AD TOPOLOGY AND POLICY MODEL Some members of the Internet
community believe that the current complex topology of interconnected
ADs is a transient artifact resulting from the evolutionary nature of
the Research Internet's history. (FOOTNOTE 9: David Cheriton of
Stanford University articulated this side of the argument at an
Estrin [Page 6]
RFC 1125 Policy Requirements November 1989
Internet workshop in Santa Clara, January, 1989). The critical points
of this argument relate to topology and policy. They contend that in
the long term the following three conditions will prevail:
* The public carriers will provide pervasive, competitively
priced, high speed data services.
* The resulting topology of ADs will be
stub (not transit) ADs connected to regional
backbones, which in turn interconnect via multiple,
overlapping long haul backbones, i.e., a hierarchy with
no lateral connections between stub-ADs or regionals,
and no vertical bypass links.
* The policy requirements of the backbone and stub-ADs
will be based only on charging for resource usage at the
stub-AD to backbone-AD boundary, and to settling accounts
between neighboring backbone providers (regional to long haul,
and long haul to long haul).
Under these assumptions, the primary requirement for general AD
interconnect is a metering and charging protocol. The routing
decision can be modeled as a simple least cost path with the metric
in dollars and cents. In other words, restrictions on access to
transit services will be minimal and the functionality provided by
the routing protocol need not be changed significantly from current
day approaches.
COMPLEX AD TOPOLOGY AND POLICY MODEL The counter argument is that a
more complex AD topology will persist. (FOOTNOTE 10: Much of the
remainder of this paper attempts to justify and provide evidence for
this statement.) The different assumptions about AD topology lead to
the significantly different assumptions about AD policies.
This model assumes that the topology of ADs will in many respects
agree with the previous model of increased commercial carrier
participation and resulting hierarchical structure. However, we
anticipate unavoidable and persistent exceptions to the hierarchy.
We assume that there will be a relatively small number of long haul
transit ADs (on the order of 100), but that there may be tens of
thousands of regional ADs and hundreds of thousands of stub ADs
(e.g., campuses, laboratories, and private companies). The competing
long haul offerings will differ, both in the services provided and in
their packaging and pricing. Regional networks will overlap less and
will connect campus and private company networks. However, many
stub-ADs will retain some private lateral links for political,
technical, and reliability reasons. For example, political
incentives cause organizations to invest in bypass links that are not
Estrin [Page 7]
RFC 1125 Policy Requirements November 1989
always justifiable on a strict cost comparison basis; specialized
technical requirements cause organizations to invest in links that
have characteristics (e.g., data rate, delay, error, security) not
available from public carriers at a competitive rate; and critical
requirements cause organizations to invest in redundant back up links
for reliability reasons. These exceptions to the otherwise regular
topology are not dispensible. They will persist and must be
accommodated, perhaps at the expense of optimality; see Section 5 for
more detail. In addition, many private companies will retain their
own private long haul network facilities. (FOOTNOTE 11: While
private voice networks also exist, private data networks are more
common. Voice requirements are more standardized because voice
applications are more uniform than are data applications, and
therefore the commercial services more often have what the voice
customer wants at a price that is competitive with the private
network option. Data communication requirements are still more
specialized and dynamic. Thus, there is less opportunity for economy
of scale in service offerings and it is harder to keep up to date
with customer demand. For this reason we expect private data networks
to persist for the near future. As the telephone companies begin to
introduce the next generation of high speed packet switched services,
the scenario should change. However, we maintain that the result will
be a predominance, but not complete dominance, of public carrier use
for long haul communication. Therefore, private data networks will
persist and the routing architecture must accommodate controlled
interconnection.) Critical differences between the two models follow
from the difference in assumptions regarding AD topology. In the
complex case, lateral connections must be supported, along with the
means to control the use of such connections in the routing
protocols.
The different topologies imply different policy requirements. The
first model assumes that all policies can be expressed and enforced
in terms of dollars and cents and distributed charging schemes. The
second model assumes that ADs want more varied control over their
resources, control that can not be captured in a dollars and cents
metric alone. We describe the types of policies to be supported and
provide examples in the following section, Section 6. In brief, given
private lateral links, ADs must be able to express access and
charging related restrictions and privileges that discriminate on an
AD basis. These policies will be diverse, dynamic, and new
requirements will emerge over time, consequently support must be
extensible. For example, the packaging and charging schemes of any
single long haul service will vary over time and may be relatively
elaborate (e.g., many tiers of service, special package deals, to
achieve price discrimination).
Note that these assumptions about complexity do not preclude some
Estrin [Page 8]
RFC 1125 Policy Requirements November 1989
collection of ADs from "negotiating away" their policy differences,
i.e., forming a federation, and coordinating a simplified inter-AD
configuration in order to reduce the requirements for inter-AD
mechanisms. However, we maintain that there will persist collections
of ADs that will not and can not behave as a single federation; both
in the research community and, even more predominantly, in the
broader commercial arena. Moreover, when it comes to interconnecting
across these federations, non-negotiable differences will arise
eventually. It is our goal to develop mechanisms that are applicable
in the broader arena.
The Internet community developed its original protocol suite with
only minimal provision for resource control [9]. This was
appropriate at the time of development based on the assumed community
(i.e., researchers) and the ground breaking nature of the technology.
The next generation of network technology is now being designed to
take advantage of high speed media and to support high demand traffic
generated by more powerful computers and their applications [10]. As
with TCP/IP we hope that the technology being developed will find
itself applied outside of the research community. This time it would
be inexcusable to ignore resource control requirements and not to pay
careful attention to their specification.
Finally, we look forward to the Internet structure taking advantage
of economies of scale offered by enhanced commercial services.
However, in many respects the problem that stub-ADs may thus avoid,
will be faced by the multiple regional and long haul carriers
providing the services. The carriers' charging and resource control
policies will be complex enough to require routing mechanisms similar
to ones being proposed for the complex AD topology case described
here. Whether the network structure is based on private or
commercial services, the goal is to construct policy sensitive
mechanisms that will be transparent to end users (i.e., the
mechanisms are part of the routing infrastructure at the network
level, and not an end to end concern).
6 POLICY TYPES
This section outlines a taxonomy of internet policies for inter-AD
topologies that allow lateral and bypass links. The taxonomy is
intended to cover a wide range of ADs and internets. Any particular
PR architecture we design should support a significant subset of
these policy types but may not support all of them due to technical
complexity and performance considerations. The general taxonomy is
important input to a functional specification for PR. Moreover, it
can be used to evaluate and compare the suitability and completeness
of existing routing architectures and protocols for PR; see Section
8.
Estrin [Page 9]
RFC 1125 Policy Requirements November 1989
We provide examples from the Research Internet of the different
policy types in the form of resource usage policy statements. These
statements were collected through interviews with agency
representatives, but they do not represent official policy. These
sample policy statements should not} be interpreted as agency policy,
they are provided here only as examples.
Internet policies fall into two classes, access and charging. Access
policies specify who can use resources and under what conditions.
Charging policies specify the metering, accounting, and billing
implemented by a particular AD.
6.1 TAXONOMY OF ACCESS POLICIES
We have identified the following types of access policies that ADs
may wish to enforce. Charging policies are described in the
subsequent section. Section 6.3 provides more specific examples of
both access and charging policies using FRICC policy statements.
Access policies typically are expressed in the form: principals of
type x can have access to resources of type y under the following
conditions, z. The policies are categorized below according to the
definition of y and z. In any particular instance, each of the
policy types would be further qualified by definition of legitimate
principals, , x, i.e., what characteristics x must have in order to
access the resource in question.
We refer to access policies described by stub and transit ADs. The
two roles imply different motivations for resource control, however
the types of policies expressed are similar; we expect the supporting
mechanisms to be common as well.
Stub and transit access policies may specify any of the following
parameters:
* SOURCE/DESTINATION
Source/Destination policies prevent or restrict communication
originated by or destined for particular ADs (or hosts or user
classes within an AD).
* PATH
Path sensitive policies specify which ADs may or may not be passed
through en route to a destination. The most general path sensitive
policies allow stub and transit ADs to express policies that depend
on any component in the AD path. In other words, a stub AD could
reject a route based on any AD (or combination of ADs) in the route.
Similarly, a transit AD could express a packet forwarding policy that
behaves differently depending upon which ADs a packet has passed
Estrin [Page 10]
RFC 1125 Policy Requirements November 1989
through, and is going to pass through, en route to the destination.
Less ambitious (and perhaps more reasonable) path sensitive policies
might only discriminate according to the immediate neighbor ADs
through which the packet is traveling (i.e., a stub network could
reject a route based on the first transit AD in the route, and a
transit AD could express a packet forwarding policy that depends upon
the previous, and the subsequent, transit ADs in the route.)
* QUALITY/TYPE OF SERVICE(QOS OR TOS)
This type of policy restricts access to special resources or
services. For example, a special high throughput, low delay link may
be made available on a selective basis.
* RESOURCE GUARANTEE
These policies provide a guaranteed percentage of a resource on a
selective, as needed basis. In other words, the resource can be used
by others if the preferred-AD's offered load is below the guaranteed
level of service. The guarantee may be to always carry intra-AD
traffic or to always carry inter-AD traffic for a specific AD.
* TEMPORAL
Temporal policies restrict usage based on the time of day or other
time related parameters.
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?