rfc1125.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   federal agencies.  In any event, transit policies will be critical
   for campus and private networks to flexibly control access to lateral
   links and private wide area networks, respectively. For example, a
   small set of university and private laboratories may provide access
   to special gigabit links for particular classes of researchers.  On
   the other hand, source/destination policies should not be used in
   place of network level access controls for these end ADs.





Estrin                                                         [Page 16]

RFC 1125                  Policy Requirements              November 1989


6.3.4  COMMERCIAL SERVICES

   Currently commercial communication services play a low level role in
   most parts of today's Research Internet; they provide the
   transmission media, i.e.,leased lines. In the future we expect
   commercial carriers to provide increasingly higher level and enhanced
   services such as high speed packet switched backbone services.
   Because such services are not yet part of the Research Internet
   infrastructure there exist no policy statements.

   Charging and accounting are certain to be an important policy type in
   this context.  Moreover, we anticipate the long haul services market
   to be highly competitive. This implies that competing service
   providers will engage in significant gaming in terms of packaging and
   pricing of services. Consequently, the ability to express varied and
   dynamic charging policies will be critical for these ADs.

7  PROBLEMATIC REQUIREMENTS

   Most of this paper has lobbied for articulation of relatively
   detailed policy statements in order to help define the technical
   mechanisms needed for enforcement.  We promoted a top down design
   process beginning with articulation of desired policies.  Now we feel
   compelled to mention requirements that are clearly problematic from
   the bottom up perspective of technical feasibility.

   *  Non-interference policies are of the form "I will provide
      access for principals x to resources y so long as it does not
      interfere with my internal usage." The problem with such policies
      is that access to an AD at any point in time is contingent upon a
      local, highly dynamic, parameter that is not globally available.
      Therefore such a policy term could well result in looping,
      oscillations, and excessive route (re)computation overhead,
      both unacceptable. Consequently, this is one type of policy that
      routing experts suggest would be difficult to support in a very
      large decentralized internetwork.

   *  Granularity can also be problematic, but not as devistating as
      highly dynamic PR contingencies. Here the caution is less specific.
      Very fine grain policies, which restrict access to particular
      hosts, or are contingent upon very fine grain user class
      identification, may be achieved more efficiently with network
      level access control [11] or end system controls instead of
      burdening the inter-AD routing mechanism.

   *  Security  is expensive, as always. Routing protocols are subject
      to fraud through impersonation, data substitution, and denial of
      service. Some of the proposed mechanisms provide some means for



Estrin                                                         [Page 17]

RFC 1125                  Policy Requirements              November 1989


      detection and non-repudiation. However, to achieve a priori
      prevention of resource misuse is expensive in terms of per
      connection or per packet cryptographic overhead. For some
      environments we firmly believe that this will be necessary and
      we would prefer an architecture that would accommodate such
      variability [12].

   In general, it is difficult to predict the impact of any particular
   policy term. Tools will be needed to assist people in writing and
   validating policy terms.

8  PROPOSED MECHANISMS

   Previous routing protocols have addressed a narrower definition of
   PR, as appropriate for the internets of their day. In particular, EGP
   [3], DGP[13], and BGP[6] incorporate a notion of policy restrictions
   as to where routing database information travels. None are intended
   to support policy based routing of packets as described here.  More
   recent routing proposals such as Landmark [14] and Cartesian [15]
   could be used to restrict packet forwarding but are not suited to
   source/destination, and some of the condition-oriented, policies. We
   feel these policy types are critical to support. We note that for
   environments (e.g., within an AD substructure) in which the simple-
   AD-topology conjecture holds true, these alternatives may be
   suitable.

   RFC 1104 [5] provides a good description of shorter term policy
   routing requirements. Braun classifies three types of mechanisms,
   policy based distribution of route information, policy based packet
   forwarding, and policy based dynamic allocation of network resources.
   The second class is characterized by Dave Clark's PR architecture,
   RFC 1102 [4]. With respect to the longer term requirements laid out
   in this document, only this second class is expressive and flexible
   enough to support the multiplicity of stub and transit policies. In
   other words, the power of the PR approach (e.g., RFC1102) is not just
   in the added granularity of control pointed out by Braun, i.e., the
   ability to specify particular hosts and user classes. Its power is in
   the ability to express and enforce many types of stub and transit
   policies and apply them on a discriminatory basis to different ADs.
   In addition, this approach provides explicit support for stub ADs to
   control routes via the use of source routing.  (FOOTNOTE 12:
   Moreover, the source routing approach loosens the requirements for
   every AD to share a complete view of the entire internet by allowing
   the source to detect routing loops.)  (FOOTNOTE 13:  The match
   between RFC1102 and the requirements specified in this document is
   hardly a coincidence since Clark's paper and discussions with him
   contributed to the requirements formulation presented here. His work
   is currently being evaluated and refined by the ANRG and ORWG.)



Estrin                                                         [Page 18]

RFC 1125                  Policy Requirements              November 1989


9  SUMMARY

   Along with the emergence of very high speed applications and media,
   resource management has become a critical issue in the Research
   Internet and internets in general. A fundamental characteristic of
   the resource management problem is allowing administratively ADs to
   interconnect while retaining control over resource usage. However, we
   have lacked a careful articulation of the types of resource
   management policies that need to be supported.  This paper addresses
   policy requirements for the Research Internet.  After justifying our
   assumptions regarding AD topology we presented a taxonomy and
   examples of policies that must be supported by a PR protocol.

10  ACKNOWLEDGMENTS

   Members of the Autonomous Networks Research Group and Open Routing
   Working Group have contributed significantly to the ideas presented
   here, in particular, Guy Almes, Lee Breslau, Scott Brim, Dave Clark,
   Marianne Lepp, and Gene Tsudik. In addition, Lee Breslau and Gene
   Tsudik provided detailed comments on a previous draft. David Cheriton
   inadvertently caused me to write this document.  Sharon Anderson's
   contributions deserve special recognition.  The author is supported
   by research grants from National Science Foundation, AT&T, and GTE.

11   REFERENCES

   [1] J. Postel, Internet Protocol,  Network Information Center, RFC
       791, September 1981.

   [2] G. Vaudreuil, The Federal Research Internet Coordinating
       Committee and National Research Network, ACM SIG Computer
       Communications Review,April 1988.

   [3] E. Rosen, Exterior Gateway Protocol (EGP), Network Information
       Center, RFC 827, October 1982.

   [4] D. Clark, Policy Routing in Internet Protocols, Network
       Information Center, RFC 1102, May 1989.

   [5] H.W.Braun, Models of Policy Based Routing, Network Information
       Center, RFC 1104, June 1989.

   [6] K. Lougheed, Y. Rekhter, A Border Gateway Protocol, Network
       Information Center, RFC 1105, June 1989.

   [7] J. Saltzer, M. Schroeder, The Protection of Information in
       Computer Systems, Proceedings of the IEEE, 63, 9 September 1975.




Estrin                                                         [Page 19]

RFC 1125                  Policy Requirements              November 1989


   [8] V. Jacobson, Congestion Avoidance and Control.  Proceedings of
       ACM Sigcomm, pp. 106-114, August 1988, Palo Alto, CA.

   [9] David Clark, Design Philosophy of the DARPA Internet Protocols,
       Proceedings of ACM Sigcomm, pp. 106-114, August 1988, Palo Alto,
       CA.

  [10] Gigabit Networking Group, B. Leiner, Editor. Critical Issues in
       High Bandwidth Networking, Network Information Center, RFC 1077,
       November 1988.

  [11] D. Estrin, J. Mogul and G. Tsudik, Visa Protocols for Controlling
       Inter-Organizational Datagram Flow, To appear in IEEE Journal on
       Selected Areas in Communications, Spring 1989.

  [12] D. Estrin and G. Tsudik, Security Issues in Policy Routing, IEEE
       Symposium on Research in Security and Privacy, Oakland, CA.  May
       1-3 1989.

  [13]  M. Little, The Dissimilar Gateway Protocol,  Technical report

  [14] P. Tsuchiya, The Landmark Hierarchy: A new hierarchy for routing
       in very large networks, IEEE SIGCOMM 88, Palo Alto, CA. September
       1988.

  [15] G. Finn, Reducing the Vulnerability of Dynamic Computer Networks
       USC/Information Sciences Institute, Technical Report, ISI/RR-88-
       201 July 1988.

  [16] A. Nakassis Routing Algorithm for Open Routing, Unpublished
       paper, Available from the author at the National Institute of
       Standards and Technology (formerly NBS), Washington D.C.

11  SECURITY CONSIDERATIONS

       This memo does not address the security aspects of the issues
       discussed.

AUTHOR'S ADDRESS:

       Deborah Estrin
       University of Southern California
       Computer Science Department
       Los Angeles, CA 90089-0782

       Phone: (213) 743-7842

       EMail: Estrin@OBERON.USC.EDU



Estrin                                                         [Page 20]

RFC 1125                  Policy Requirements              November 1989





















































Estrin                                                         [Page 21]