📄 rfc1125.txt
字号:
and provides evidence to third parties (i.e., non-repudiation). Accountability mechanisms can also be used to provide feedback to users as to consumption of resources. Internally an AD often decides to do away with such feedback under the premise that communication is a global good and should not be inhibited. There is not necessarily a "global good" across AD boundaries. Therefore, it becomes more appropriate to have resource usage visible to users, whether or not actual charging for usage takes place. Another motivation that drives the need for accountability across AD boundaries is the greater variability in implementations. Different implementations of a single network protocol can vary greatly as to their efficiency [8]. We can not assume control over implementation across AD boundaries. Feedback mechanisms such as metering (and charging in some cases) would introduce a concrete incentive for ADs to employ efficient and correct implementations. PR should allow an AD to advertise and apply such accounting measures to inter-AD traffic. In summary, the lack of global authority, the need to support network resource sharing as well as network interconnection, the complex and dynamic mapping of users to ADs and rights, and the need for accountability across ADs, are characteristics of inter-AD communications which must be taken into account in the design of both policies and supporting technical mechanisms.5 TOPOLOGY MODEL OF INTERNET Before discussing policies per se, we outline our model of inter-AD topology and how it influences the type of policy support required. Most members of the Internet community agree that the future Internet will connect on the order of 150,000,000 termination points and 100,000 ADs. However, there are conflicting opinions as to the AD topology for which we must design PR mechanisms. The informal argument is described here. SIMPLE AD TOPOLOGY AND POLICY MODEL Some members of the Internet community believe that the current complex topology of interconnected ADs is a transient artifact resulting from the evolutionary nature of the Research Internet's history. (FOOTNOTE 9: David Cheriton of Stanford University articulated this side of the argument at anEstrin [Page 6]
RFC 1125 Policy Requirements November 1989 Internet workshop in Santa Clara, January, 1989). The critical points of this argument relate to topology and policy. They contend that in the long term the following three conditions will prevail: * The public carriers will provide pervasive, competitively priced, high speed data services. * The resulting topology of ADs will be stub (not transit) ADs connected to regional backbones, which in turn interconnect via multiple, overlapping long haul backbones, i.e., a hierarchy with no lateral connections between stub-ADs or regionals, and no vertical bypass links. * The policy requirements of the backbone and stub-ADs will be based only on charging for resource usage at the stub-AD to backbone-AD boundary, and to settling accounts between neighboring backbone providers (regional to long haul, and long haul to long haul). Under these assumptions, the primary requirement for general AD interconnect is a metering and charging protocol. The routing decision can be modeled as a simple least cost path with the metric in dollars and cents. In other words, restrictions on access to transit services will be minimal and the functionality provided by the routing protocol need not be changed significantly from current day approaches. COMPLEX AD TOPOLOGY AND POLICY MODEL The counter argument is that a more complex AD topology will persist. (FOOTNOTE 10: Much of the remainder of this paper attempts to justify and provide evidence for this statement.) The different assumptions about AD topology lead to the significantly different assumptions about AD policies. This model assumes that the topology of ADs will in many respects agree with the previous model of increased commercial carrier participation and resulting hierarchical structure. However, we anticipate unavoidable and persistent exceptions to the hierarchy. We assume that there will be a relatively small number of long haul transit ADs (on the order of 100), but that there may be tens of thousands of regional ADs and hundreds of thousands of stub ADs (e.g., campuses, laboratories, and private companies). The competing long haul offerings will differ, both in the services provided and in their packaging and pricing. Regional networks will overlap less and will connect campus and private company networks. However, many stub-ADs will retain some private lateral links for political, technical, and reliability reasons. For example, political incentives cause organizations to invest in bypass links that are notEstrin [Page 7]
RFC 1125 Policy Requirements November 1989 always justifiable on a strict cost comparison basis; specialized technical requirements cause organizations to invest in links that have characteristics (e.g., data rate, delay, error, security) not available from public carriers at a competitive rate; and critical requirements cause organizations to invest in redundant back up links for reliability reasons. These exceptions to the otherwise regular topology are not dispensible. They will persist and must be accommodated, perhaps at the expense of optimality; see Section 5 for more detail. In addition, many private companies will retain their own private long haul network facilities. (FOOTNOTE 11: While private voice networks also exist, private data networks are more common. Voice requirements are more standardized because voice applications are more uniform than are data applications, and therefore the commercial services more often have what the voice customer wants at a price that is competitive with the private network option. Data communication requirements are still more specialized and dynamic. Thus, there is less opportunity for economy of scale in service offerings and it is harder to keep up to date with customer demand. For this reason we expect private data networks to persist for the near future. As the telephone companies begin to introduce the next generation of high speed packet switched services, the scenario should change. However, we maintain that the result will be a predominance, but not complete dominance, of public carrier use for long haul communication. Therefore, private data networks will persist and the routing architecture must accommodate controlled interconnection.) Critical differences between the two models follow from the difference in assumptions regarding AD topology. In the complex case, lateral connections must be supported, along with the means to control the use of such connections in the routing protocols. The different topologies imply different policy requirements. The first model assumes that all policies can be expressed and enforced in terms of dollars and cents and distributed charging schemes. The second model assumes that ADs want more varied control over their resources, control that can not be captured in a dollars and cents metric alone. We describe the types of policies to be supported and provide examples in the following section, Section 6. In brief, given private lateral links, ADs must be able to express access and charging related restrictions and privileges that discriminate on an AD basis. These policies will be diverse, dynamic, and new requirements will emerge over time, consequently support must be extensible. For example, the packaging and charging schemes of any single long haul service will vary over time and may be relatively elaborate (e.g., many tiers of service, special package deals, to achieve price discrimination). Note that these assumptions about complexity do not preclude someEstrin [Page 8]
RFC 1125 Policy Requirements November 1989 collection of ADs from "negotiating away" their policy differences, i.e., forming a federation, and coordinating a simplified inter-AD configuration in order to reduce the requirements for inter-AD mechanisms. However, we maintain that there will persist collections of ADs that will not and can not behave as a single federation; both in the research community and, even more predominantly, in the broader commercial arena. Moreover, when it comes to interconnecting across these federations, non-negotiable differences will arise eventually. It is our goal to develop mechanisms that are applicable in the broader arena. The Internet community developed its original protocol suite with only minimal provision for resource control [9]. This was appropriate at the time of development based on the assumed community (i.e., researchers) and the ground breaking nature of the technology. The next generation of network technology is now being designed to take advantage of high speed media and to support high demand traffic generated by more powerful computers and their applications [10]. As with TCP/IP we hope that the technology being developed will find itself applied outside of the research community. This time it would be inexcusable to ignore resource control requirements and not to pay careful attention to their specification. Finally, we look forward to the Internet structure taking advantage of economies of scale offered by enhanced commercial services. However, in many respects the problem that stub-ADs may thus avoid, will be faced by the multiple regional and long haul carriers providing the services. The carriers' charging and resource control policies will be complex enough to require routing mechanisms similar to ones being proposed for the complex AD topology case described here. Whether the network structure is based on private or commercial services, the goal is to construct policy sensitive mechanisms that will be transparent to end users (i.e., the mechanisms are part of the routing infrastructure at the network level, and not an end to end concern).6 POLICY TYPES This section outlines a taxonomy of internet policies for inter-AD topologies that allow lateral and bypass links. The taxonomy is intended to cover a wide range of ADs and internets. Any particular PR architecture we design should support a significant subset of these policy types but may not support all of them due to technical complexity and performance considerations. The general taxonomy is important input to a functional specification for PR. Moreover, it can be used to evaluate and compare the suitability and completeness of existing routing architectures and protocols for PR; see Section 8.Estrin [Page 9]
RFC 1125 Policy Requirements November 1989 We provide examples from the Research Internet of the different policy types in the form of resource usage policy statements. These statements were collected through interviews with agency representatives, but they do not represent official policy. These sample policy statements should not} be interpreted as agency policy, they are provided here only as examples. Internet policies fall into two classes, access and charging. Access policies specify who can use resources and under what conditions. Charging policies specify the metering, accounting, and billing implemented by a particular AD.6.1 TAXONOMY OF ACCESS POLICIES We have identified the following types of access policies that ADs may wish to enforce. Charging policies are described in the subsequent section. Section 6.3 provides more specific examples of both access and charging policies using FRICC policy statements. Access policies typically are expressed in the form: principals of type x can have access to resources of type y under the following conditions, z. The policies are categorized below according to the definition of y and z. In any particular instance, each of the policy types would be further qualified by definition of legitimate principals, , x, i.e., what characteristics x must have in order to access the resource in question. We refer to access policies described by stub and transit ADs. The two roles imply different motivations for resource control, however the types of policies expressed are similar; we expect the supporting mechanisms to be common as well. Stub and transit access policies may specify any of the following parameters: * SOURCE/DESTINATION Source/Destination policies prevent or restrict communication originated by or destined for particular ADs (or hosts or user classes within an AD). * PATH Path sensitive policies specify which ADs may or may not be passed through en route to a destination. The most general path sensitive policies allow stub and transit ADs to express policies that depend on any component in the AD path. In other words, a stub AD could reject a route based on any AD (or combination of ADs) in the route. Similarly, a transit AD could express a packet forwarding policy that behaves differently depending upon which ADs a packet has passedEstrin [Page 10]
RFC 1125 Policy Requirements November 1989 through, and is going to pass through, en route to the destination. Less ambitious (and perhaps more reasonable) path sensitive policies might only discriminate according to the immediate neighbor ADs through which the packet is traveling (i.e., a stub network could reject a route based on the first transit AD in the route, and a transit AD could express a packet forwarding policy that depends upon the previous, and the subsequent, transit ADs in the route.) * QUALITY/TYPE OF SERVICE(QOS OR TOS) This type of policy restricts access to special resources or services. For example, a special high throughput, low delay link may be made available on a selective basis. * RESOURCE GUARANTEE These policies provide a guaranteed percentage of a resource on a selective, as needed basis. In other words, the resource can be used by others if the preferred-AD's offered load is below the guaranteed level of service. The guarantee may be to always carry intra-AD traffic or to always carry inter-AD traffic for a specific AD. * TEMPORAL Temporal policies restrict usage based on the time of day or other time related parameters.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -