differentiated service - 1 differentiated service all rights reserved. no part of this publication...

Differentiated Service - 1

Differentiated Service

All rights reserved. No part of this publication and file may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of Professor Nen-Fu Huang (E-mail: [email protected]).

國立清華大學資訊工程學系黃能富教授E-mail: [email protected]


Outline

IntroductionArchitecture for DSServicesPer-Hub Behaviors (PHB’s)Interoperability with legacy and IntS

erv networksMulticast issuesSecurity issues


Existing Internet Services

Best-effort serviceis insufficient from many perspectives

Multimedia applications require some sort of delay and bandwidth guarantees

Some VIP users can pay more for better service

Packet forwardingrouters are bottleneckadvanced switching technique

layer 3, layer 4, and higher?


Integrated Service (IntServ)

Support per-flow end-to-end QoSGuaranteed serviceControlled-load service

RSVPSignaling protocolSoft stateReceiver initiated reservation


Some Concerns with IntServ

RSVP per-flow signaling and state is too much.

Can core routers do switching ?

How to integrate with ATM ?


What is Differentiated Service ?

Provide different levels of service with scalabilityMark packets according to their service requirement

(DS codepoint)Based on the mark, core routers apply differentiated

per-hop forwarding behavior (PHB) (active queue management)

Only a limited number of PHB’s is defined, so traffic aggregation is required

Edge routers do the heavy job: traffic classification (marking), conditioning, ...


Traffic Aggregates


What is Differentiated Service ?

Features Keep the forwarding simplePush complexity to edges of network Provide differentiated services Provide service without assumption of traffic using it

Provide service long-term and short-term provision

Allow the best effort traffic dominates the Internet


RSVP vs DiffServ

Source: Ben Teitelbaum, QBone Architecture


Why Differentiated Service

Simpler than RSVP/IntServno per-flow signaling or state

More efficient core routerslimited number of service classes

Range of different packet handling services and mapping possible

Supports VPNsIpsec ESP leaves the IP header un-encrypt

ed


Why Differentiated Service

Source: Chris Metz


Quality of Service Approaches

Source: Chris Metz


DiffServ Architecture

Source: Ben Teitelbaum, QBone Architecture


DiffServ Architecture

ComponentsPacket classifier (BA, MF)PHB (AF, EF)Traffic conditioner (meter, marker, shaper

, policer, dropper)Service provision, resource managementService Level Agreement (SLA), Traffic Con

ditioning Agreement (TCA)


DiffServ Architecture Model

DiffServ DomainA contiguous set of DS nodes which operat

e with a common service provisioning policy and set of PHB groups implemented on each node.

DiffServ RegionA set of one or more contiguous DS domai

ns.



DS Domain

DS RegionIngress nodeEgress node

Boundary nodeInterior node



DS boundary nodes interconnect the DS domain to other DS or non-DS domains

perform traffic conditioning functionsInterior nodes

connect to other DS interior or boundary nodes

perform limited traffic conditioning functions



DS ingress noderesponsible for ensuring that the traffic entering the DS domain conforms to any TCA between it and the other domain

DS egress nodeperform traffic conditioning functions to make sure the forwarded traffic conforms to the TCA

DS boundary nodes act both as a DS ingress node and as a DS egress node.


DiffServ Architecture ModelService

the overall treatment of a defined subset of a customer’s traffic within a DS-domain or end-to-end.

service providers combine PHB implementations with traffic conditioners, provisioning strategies and billing models which enable them to offer services.

Providers and customers negotiate service level agreements (SLA).


Service Level Agreement (SLA)

SLA is a service contract between a customer and a service providera customer may be a user or DS domain

An important subset of SLA is Traffic conditioning agreement (TCA)

SLA may also includes packet classification rules, traffic conditioning, availability/ reliability, encryption, routing constraints, authentication, monitoring and auditing, pricing and billing, ….


TCA

Specifies detailed service parameters for each service levelperformance parameters (delay, throughput, …)

traffic profilesdisposition of non-conforming trafficmarkingshaping


Traffic Classifiers

Select packets based on the headerBA (Behavior Aggregate) Classifier

Classify packets based on DS codepoint only.MF (Multi-Field) Classifier

Classify packets based on a combination of one or more header fields (source/destination address, DS field, protocol, source/destination port).

Fragment is an issue if classify based on transport layer header.


DS CodepointIPv4 TOS

IPv6 uses the Traffic Class field (8-bit)

(1349)


DS Codepoint (DSCP)

Specify the service (PHB) a packet receives at a node

CU: Currently UnusedDefault(BE): 000000xxx000 defined for backward compatibility

with IP precedence bits


Traffic Profiles

Specifies the temporal properties of a traffic stream selected by a classifier

codepoint = x, use token bucket r, bIn-profile packets may be allowed to enter the

DS domain without further conditioning Out-of-profile packets may be queued until the

y are in-profile (shaped), discarded (policed), marked with a new codepoint (remarked), or forwarded unchanged while triggering some accounting procedure.


Traffic Conditioners

Possible elementsmeter

measure temporal properties of a traffic stream against its traffic profile specified by TCA

marker Set the DS field of a packet to a codepoint codepoint is used to map to a PHB in the core network

shaper delay packets to bring the stream into compliance with

profiledropper

discard packets in a traffic stream to bring the stream into compliance with profile


Classifier and Conditioner

Classifier MarkerShaper/Dropper

Meter


Service Taxonomy

Qualitative services ( 質化）assurances offered are relative and can only be v

erified by comparison.e.g., delivered with low latency or low loss

Quantitative services ( 量化）provide concrete guarantees and could be meas

ured irrespective of any other servicese.g., 90% of in-profile traffic will be delivered wit

h no more than 50msec latency.


Service Taxonomy

Relative quantification serviceTraffic offered at service level E will be allotted twice the bandwidth of traffic delivered at service level F.

Traffic with drop precedence AF12 has a higher probability of delivery than traffic with drop precedence AF13.

It will be necessary to specify quantitative policing profiles for quantitative service.


Scope of Service

Topological extent over which the service is offeredall traffic from ingress point A to any egress

point.all traffic between ingress point A and egress

point B.all traffic from ingress point A to a set of

egress points.Scope of service is part of the SLA

governing ingress point A.Several issues on services governing

received traffic (all traffic between any ingress point and egress point B).


Dynamic vs. Static SLAsStatic SLA

norm at the present time specify a period of time when the SLA is valid (may be periodically renegotiated)

Dynamic SLAmay change due to traffic load fluctuations

SLA is applied to aggregates of traffic, should not be changed just due to flows added or deleted.


Functionality at DiffServ Routers

Source: Chris Metz


Functionality at Provider’s Ingress

Police traffic according to TCA DS-Mark : Profile : Disposition of non-conforming traffic

Disposition remark to a lower service level delay in shaper drop

BA Classifier each class is metered for conformance following the profiler, dropper, shaper or re- marker may be employed.


Functionality at Customer’s EgressMarking

It is preferable for the customer to mark (called pre-mark) its own traffic

mark by source host or intermediate nodes in the source domain

Shapingshape per service level at egress to avoid undesirable policing consequences at provider’s ingress.

May want to do per-flow shaping to avoid misbehaving flows


Functionality at Provider’s Egress

May have a peer DS domain connected to the egress may be required to remark, police, and/or shape the traffic.

May provide value added functions, such as per-flow policing.


Functionality at Interior Nodes

Should be simple classification plus queuing management.

Complex classification and traffic conditioning functions are not precluded.Due to restrictive access policies on a link, MF classifier and traffic conditioning functions may be required at the upstream node of the link.

This will not scale up !


Per-Hop Behaviors (PHB)

A description of externally observable forwarding behavior of a DS node applied to a particular DS behavior aggregate.

The PHB is the means by which a node allocates resources to behavior aggregates.

PHBs may be specified in terms of their resource priority to other PHBs, or their relative observable traffic characteristics.

PHBs may also be specified in minimum bandwidth allocation.


Assured Forwarding PHB Group

PHB groupA set of one or more PHBs that can only be meani

ngfully specified and implemented simultaneously.

Assured Forwarding (AF) PHB groupMeans for a provider DS domain to offer different

levels of forwarding assurances for IP packets received from a customer DS domain.

Qualitative serviceFour AF classes are defined.



AF PHB group providesN (4) independent AF classes

packets of class x do not have smaller forwarding time (delay) than class y if x<y (the larger the better)

Within each class, there are M (3) different levels of drop precedence.

A packet with drop precedence p must not be forwarded with smaller probability than a packet with drop precedence q, if p<q (the smaller the better)

An IP packet that belongs to an AF class I and has drop precedence j is marked with the AF codepoint AFij.



Traffic conditioning actionsA DS domain may control the amount of AF traffic that enters or exists the domain.

traffic conditioning actions may include shaping, discarding, increasing or decreasing the drop precedence, reassigning packets to other AF class.

traffic conditioning actions must not cause reordering of packet of the same micro-flow.



Queuing and discard behavior A DS node should implement all AF classes. Within each AF class, a DS node must accept all

three drop precedence codepoints and they must yield at least two different levels of loss probability.

If two loss probability is provided, AFx1 must yield the lower loss probability and AFx2 and AFx3 yield the higher loss probability.

It is recommended that the discard algorithm is based on RED-like algorithm.



Recommended codepointsAF1 AF2 AF3 AF4

low

mid

high

010000

010010

010100

011000 100000 101000

011010

011100 100100

100010

101100

101010

11x000 is reserved for conventional network control traffic00x000 is reserved for conventional precedence forwarding


Queue Scheduling/ Management

DiffServ requires routers to support queue scheduling and management to prioritize outbound packets and control queue depth (minimize congestion)

Source: Chris Metz


Importance of Queue Management

Full Queues are problematic - New connections cannot get through (called Lock- Out) - All packets from existing flows are dropped resulting in across- the- board TCP slow- starts (called Global Synchronization) -Can't handle bursts of traffic

Source: Chris Metz


RED Algorithm

Source: Chris Metz


AF Example Service

Olympic service Service classes

bronze (AF1), silver (AF2), gold (AF3) Precedence

AF11~AF13, AF21~AF23, AF31~AF33 Drop precedence level could be assigned by using

a leaky bucket traffic policer with a rate and two burst sizes

less than the committed burst: low between two burst levels: medium greater than excess burst: high


Expedited Forwarding PHB

Expedited Forwarding (EF)Can be used to build a low loss, low latency, low jitter, assured bandwidth, end-to-end service through DS domains.

Forwarding rate for a traffic aggregate must equal or exceed a configurable rate, independent of other aggregates.

This service is also called Premium service, or Virtual Leased Line (VLL) service.

It is a quantitative service.


Expedited Forwarding PHB

Recommended codepoint: 101110Traffic conditioner

police all EF marked packets to a rate negotiated with the adjacent upstream domain.

Packets in excess of the negotiated rate must be dropped.

Higher priority over AF packets. Two priority queues


Handling AF & EF at Interior Nodes

P-bit set?P-bit set? High-priorityHigh-priority

If A-bit set,inc a_cnt

If A-bit set,inc a_cnt Low-priorityLow-priority

Packetsout

RIO queuemanagementRIO queue

managementIf A-bit set,dec a_cnt

If A-bit set,dec a_cnt


Handling AF & EF at Border Node


Provision and Configuration

Provision the determination and allocation of the resources needed at various points in the network

dictate addition or removal of resourcesdictate the operating parameters

Configuration distribution of the appropriate operating parameters to network equipment to realize the provisioning objectives.


Bandwidth Broker

Agent for automatic service provision can be configured with organizational policies. keep track of current allocation of marked

traffic. interpret new requests to mark traffic

according to policies and current allocation. allocate bandwidth for end-to-end connections

with less state and simpler trust relationships. parcel out marked traffic allocations and set up

lead routers. manage messages across boundaries

adjacent regions only (bilateral not multi-lateral)


Bandwidth BrokerOperation sequence

Host sends a request to BB service type, target rate, max. burst, time period

used

BB authenticates the credentialsCheck available bandwidth

If the destination is outside the region, send message to “next hop” region’s BB (bilateral agreement)

Configures the appropriate leaf routerPeriodically refresh the configuration (soft

state)Sends messages to edge devices using

COPS protocolruns on a reliable TCP connection


Bandwidth Broker

DS Region

InterDomain Protocol

COPS

BB BBRAR

* RAR: Resource Allocation Request


Bandwidth Broker

Bandwidth Broker

COPS clientCOPS client

DiffServManager

DiffServManager

ClassificationPolicingMarking

...

ClassificationPolicingMarking

...

1. COPS clientregisters with BB

3. BB adds/removes flow filters

2. BB sends configured policy to edge device

PriorityQueuingbyTOS

queue1

queue2

queueN

...

...

4. flows in 5. Filter match

6. Flows go to diff. queue


Bandwidth Broker Architectureadjacent BB adjacent BB

User/AppInterface

applicationserver

user/host

networkoperator

Inter-DomainInterface

Intra-DomainInterface

edgerouters

edgerouters

DataRepository

RoutingInformation

Policy ManagerInterface

Network ManagementInterface


Bandwidth Broker Architecture

User/Application interfacerequests directly from user/app on end host (via GUI)

Inter-domain communication interfacenegotiating SLA information between BBs in adjacent domain

s Intra-domain communication interface

setting edge device parameters for QoS/policy enforcement between edge router and BB

Routing table interfaceBGP routing information for inter-domainInternal routing information for intra-domainQoS-based routing in the future


Bandwidth Broker Architecture

Data Repositorydata used by all components

Policy Manager interfaceutilize complex QoS/policy management functional

ity in policy managercoordination of SLAs and network resourcesprovide admission control processing

Network Management interfacecoordination of network provision and monitoring


Configuration

Top down distribution of configuration information information is pushed in a top down manner, from a domain’s logically centralized point of administration

Bandwidth brokerDistribution via signaling

From edges via signaling (RSVP)Supports dynamic TCA


Configuration

Measurement-based configuration less necessary for quantitative provi

sion (predictable)enhance efficiency with which qualit

ative provision can be achieved.Likely that measurement based for q

ualitative service would be used in conjunct with signalling.


MulticastMajor issues

Single ingress point with multiple egress nodes Difficult to predict in advance the amount of resource

s required Dynamic membership join and leave even harder Due to capability of router and routing protocol, dupli

cate packets may appear on a link May be necessary to use separate codepoints and PH

Bs for multicast and unicast services.Selection of DS codepoint

Different egress nodes to different peer domains may have different SLAs and codepoints


SecurityTheft

adversary may be able to obtain better service by modifying the DS field to codepoints indicating behaviors used for enhanced services

Denial of serviceadversary may inject packets with the DS field set t

o a particular codepoints to cause unpredictable traffic conditioning

IPsec and tunnelingIPsec ESP does not include IP header for encryption

differentiated service - 1 differentiated service all rights reserved. no part of this publication...

Documents