draft-conta-ipv6-flow-label-02.txt

IPv6协议中flow_label的相关RFC

   1. For the Differentiated Services M-F Classification rules to
   include the IPv6 flow label classifer:

   (i) Write a document that defines a flow label based classifier. This
   is going to be a separate document, a Differentiated Services
   specification.

   (ii)Make a slight change to the flow label definition, by introducing
   the Diffserv flow label format.

   (iii)Rules in Appendix A of [IPv6], do not apply to Diffserv IPv6
   flow labels.

   2. For the Diffserv IPv6 flow labels:

   (i) Redefine characteristics or rules (a), (b), (c), (i), (j) for
   Diffserv IPv6 Flow Labels.




Conta & Carpenter         Expires in six months    [Page 14]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


   (ii) Remove characteristics (e), (f), (g) for Diffserv IPv6 flow
   labels. They prevent certain ways of aggregating flows into one flow.

   The following section, contains the text that specifies the newly
   suggested IPv6 flow label definition and rules. They would apply to
   Diffserv flows, and to the use of flow label based non-QoS filtering.
   They could also apply to Intserv flows, since there is no technical
   reason that would prevent that.


7. IPv6 Flow Label Definition and Characteristics

   The IPv6 Flow Label is a 20 bit field in the IPv6 header which may be
   used to label packets of the same packet flow, or aggregation of
   flows. This labeling can be used by IPv6 Quality of Service engines
   in routers, for packet classification, policing, and scheduling. It
   can also be used by IPv6 filtering engines in routers, that use
   filtering for various purposes. Documenting such filtering purposes
   is beyond the scope of this document.

   The flow label values can be communicated to routers through a
   resource reservation protocol, by a flow label distribution protocol,
   or by information within the flow's packets themselves, e.g., in a
   hop-by-hop option. They can also be configured in routers, manually,
   or by ways of some automated procedures, or simply uploaded through
   management or policy control procedures.

   The characteristics of IPv6 flows and flow labels are further defined
   as:



   (a)  A flow is uniquely identified by the combination of source
        address, destination address and a non-zero flow label. Diffserv
        flows MAY be aggregated by specifying a range of addresses
        and/or a range of flow labels (see further in (e)).


   (b)  A flow label of zero means that the flow label has no
        significance, the field is unused, and therefore has no effect
        on, or for the packet processing by forwarding, QOS, or
        filtering engines.


   (c)  A flow label is assigned to a flow by the flow's source node. It
        can be changed en-route, with the condition that its original
        significance be maintained, or restored, when necessary. For
        instance if the source of the flow intended that the flow label



Conta & Carpenter         Expires in six months    [Page 15]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


        has a certain significance to the destination end-node, than the
        nodes en-route, that process and eventually change the value of
        the flow label, should make sure, in conjunction with the
        destination end-node, that even when the value or significance
        has changed en-route, the original information and significance
        is restored when or before the packet arrives to its
        destination.

        If the action to be performed on a particular flow label is not
        known, a router MUST not change the value of that flow label.


   (d)  The flow label must have a value between 1 and FFFFF in hex. It
        identifies a flow. It is a preset value. No particular method is
        preferred for choosing the value. However, the value MUST
        satisfy the following requirements:

        (i) It can be communicated to all routers on the path of the
        flow to the final destination, as well as the destination node,
        by ways of a resource reservation protocol, a flow label
        distribution protocol, a signaling mechanism, or by any other
        means. The first method is typical for the Integrated Services
        model.

        (ii) It can be configured, uploaded, or transmitted to a router
        or a group of routers in any other possible way, as long as it
        can be stored in the classification rules tables of the
        forwarding engines of routers along the path of the flow to the
        final destination. If the flow label is used within a
        Differentiated Services framework, the values of the flow labels
        are preset or agreed upon, and specified in a Service Level
        Agreement (SLA), Service Level Specification (SLS), Traffic
        Conditioning Agreement (TCA), or Traffic Conditioning
        Specification (TCS) [Diffserv]. This model is typical of
        Differentiated Services.


   (e)  In general, all packets belonging to the same flow are sent with
        the same source address, destination address, and flow label.
        However, flows can be trunked, or aggregated in macro-flows. The
        flows, members of a macro-flow, may have different source or
        destination addresses. The trunking, or aggregation of flows is
        achieved by simply wildcarding some bits or all bits in some of
        the fields of the multi-field classification rules, which
        contain source address, destination address, and flow label. In
        other words range addresses and/or flow labels can be used.





Conta & Carpenter         Expires in six months    [Page 16]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


   (f)  The routers or destinations are permitted, but not required, to
        verify that these conditions are satisfied.  If a violation is
        detected, it should be reported to the source by an ICMP
        Parameter Problem message, Code 0, pointing to the high-order
        octet of the Flow Label field (i.e., offset 1 within the IPv6
        packet).


   (g)  The Diffserv flow labels to not have a time to live rule.
        However, changes to the value of a flow label of a flow, and/or
        the correspondent flow label classifier values MUST be
        synchronized. When the flow label value of a flow is changed,
        the change must be reflected in the change of the value of the
        flow label in the multi-Field flow label classifier.



7.1  IPv6 Flow Label Format


   In order to preserve compatibility with the random number method of
   selecting a flow label value defined in [IPv6], but relax that
   definition to allow a flow label format that would work with
   Diffserv, the following new format of the flow label could be used:

         0                   1
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |0|       Pseudo-Random Value           |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


         0                   1
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |1|     Diffserv IPv6 Flow Label        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


7.1.1  Diffserv IPv6 Flow Label Format

   The Diffserv IPv6 Flow Label is a number that is constructed based on
   the Differentiated Services "Per Hop Behavior Identification Code"
   (PHB ID) [PHB ID]:







Conta & Carpenter         Expires in six months    [Page 17]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


         0                   1
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |1| Per Hop Behavior Ident. Code  | Res |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The "Res" bits  are reserved.

   Conforming to [PHB ID], the PHB ID is either directly derived from a
   standard differentiated services code point [DSCP-Def], or it is an
   "IANA Assigned Value". In either case, it captures the differentiated
   services treatment intended to be applied to the packet. Unlike the
   value of the traffic class field, it is not locally mapped and is
   therefore suitable for use in an end to end header field. Although it
   captures less specific information than the port numbers and protocol
   number normally used in an MF classifier, it nevertheless allows for
   MF classification at a differentiated service domain ingress.


7.1.2  Other Possible IPv6 Flow Label Formats

   There are various other ways in which a Flow Label can be encoded,
   each way with its advantages and disadvantages. Several ideas of flow
   label encoding are enumerated in Appendix A.


7.2  Conceptual Model for Diffserv use of IPv6 Flow Label

   Diffserv can be used in IPv6 access networks for IPv6 QoS of
   individual flows of traffic between users and the access networks.
   The nature of the contractual agreements between the users and the
   access network providers create an environment in which Diffserv with
   Multi-Field (M-F) classifiers could be easier to use, more efficient,
   and more practical as an alternative to Intserv and RSVP.

   The IPv6 flow label classifier is basically a 3 element tuple -
   source and destination IPv6 addresses, and the IPv6 flow label
   [Diffserv-Flow-Label]. It is an alternative to the 5 element tuple
   (addresses, ports, and protocol).  It helps the IPv6 flow label to
   achieve, as it is supposed,  a more efficient processing of packets
   in quality of service engines in IPv6 forwarding devices.

   Whether using algorithmic mapping of port numbers and protocol, IANA
   values, or just a number randomly chosen, the key for the flow label
   to work with Diffserv is that the "flow_label value" or range of
   values MUST be known, and agreed by two sides: the network client and
   the network provider. The "flow label value" is captured in SLAs,
   SLSs, TCAs, TCSs. For the mechanism to work several things have to



Conta & Carpenter         Expires in six months    [Page 18]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


   happen:


(1.) Packets leaving the client networks carry the correct flow label
     value.  This can be achieved in several ways:

     a. end-node IPv6 protocol stacks, and/or IPv6 applications can be
     configured with the flow label "value". The flow label "value" is
     set first by an application. If the application has not set a flow
     label "value", then the "value" is set by the protocol stack. The
     default values would be hard-coded in applications and protocol
     stacks, or could result from "algorithmic mapping", if such
     mappings exists. The default value could be zero, in which case the
     flow label would have no significance. According to this model,
     when packets are transmitted, end-nodes will force the correct flow
     label in the IPv6 headers of outgoing packets.

             if a. is not TRUE, then

      b. the first hop routers would have to force the correct flow
      label on packets leaving the network. To accomplish this role,
      these routers would be configured with MF classifiers. These
      routers would classify the traffic that is forwarded downstream
      from, and away from the originating end-nodes. The action
      subsequent to the classification would be to set the correct flow
      label in each packet.  Classification on such a router's input
      line card, or interface would result, for the matching packets, in
      a correct flow label being forced in the IPv6 headers of packets
      when they are transmitted on the output interface or line card.

   while it is likely that "b." would not be needed,  "a." or "b." would
   provide the correct flow label in packets leaving the client's
   network.


(2.) Packets coming into the provider network can be policed based on
     flow label. The provider, based on the SLAs, SLSs, TCAs, TCSs
     agreed with the client, configures MF classifiers that look like:

       C = (SA, SAPrefix, DA, DAPrefix, Flow-Label)

     or

       C' = (SA, SAPrefix, DA, DAPrefix, Flow-label-Min:FLow-label-Max)

     Another representation of the classifier for example is:





Conta & Carpenter         Expires in six months    [Page 19]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


           Flow-label-classifier:
           Type:                   IPv6-3-tuple
           IPv6DestAddrValue:      1:2:3:4:5:6:7:8::1
           IPv6DestPrefixLength:   128
           IPv6SrcAddrValue:       8:7:6:5:4:3:2:1::2
           IPv6SrcPrefixLength:    128
           IPv6FlowLabel:          57

     or

           Flow-label-classifier:
           Type:                   IPv6-3-tuple
           IPv6DestAddrValue:      1:2:3:4:5:6:7:8::1
           IPv6DestPrefixLength:   128
           IPv6SrcAddrValue:       8:7:6:5:4:3:2:1::2
           IPv6SrcPrefixLength:    128
           IPv6FlowLabelMin:       1
           IPv6FlowLabelMax:      57

     and

           Flow-label-classifier:
           Type:                   IPv6-4-tuple
           IPv6DestAddrValue:      1:2:3:4:5:6:7:8::1
           IPv6DestPrefixLength:   128
           IPv6SrcAddrValue:       8:7:6:5:4:3:2:1::2
           IPv6SrcPrefixLength:    128
           IPv6FlowLabel:          57
           IPv6DSCP:               28

     or

           Flow-label-classifier:
           Type:                   IPv6-4-tuple
           IPv6DestAddrValue:      1:2:3:4:5:6:7:8::1
           IPv6DestPrefixLength:   128
           IPv6SrcAddrValue:       8:7:6:5:4:3:2:1::2
           IPv6SrcPrefixLength:    128
           IPv6FlowLabelMin:       1
           IPv6FlowLabelMax:       57
           IPv6DSCP:               28

     The classifiers are configured in the network provider's edge
     routers, etc...

     The classification engines in those routers would match packet
     header information to classification rules as follows:




Conta & Carpenter         Expires in six months    [Page 20]




INTERNET-DRAFT        Proposal for IPv6 Flow Label         July 13, 2001


             Incoming packet header (SA, DA, Flow Label)
           Match
             Classification rules table entry (C or C')

   From this step, the Diffserv processing continues the same way as for
   any other MF Classifier [Diffserv-Model].



8. Security Considerations

   This document introduces no new security concerns when the pseudo-
   random flow label format is used. In the case of a diffserv flow
   label, the security concerns are essentially identical to those