--- 1/draft-ietf-cdni-request-routing-extensions-02.txt 2019-05-21 01:13:11.993026596 -0700 +++ 2/draft-ietf-cdni-request-routing-extensions-03.txt 2019-05-21 01:13:12.017027202 -0700 @@ -1,19 +1,19 @@ Network Working Group O. Finkelman Internet-Draft Qwilt Intended status: Standards Track S. Mishra -Expires: October 2, 2019 Verizon - March 31, 2019 +Expires: November 22, 2019 Verizon + May 21, 2019 CDNI Request Routing Extensions - draft-ietf-cdni-request-routing-extensions-02 + draft-ietf-cdni-request-routing-extensions-03 Abstract The Open Caching working group of the Streaming Video Alliance is focused on the delegation of video delivery requests from commercial CDNs to a caching layer at the ISP. In that aspect, Open Caching is a specific use case of CDNI, where the commercial CDN is the upstream CDN (uCDN) and the ISP caching layer is the downstream CDN (dCDN). The extensions specified in this document to the CDNI Metadata and FCI interfaces are derived from requirements raised by Open Caching @@ -33,56 +33,59 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 2, 2019. + This Internet-Draft will expire on November 22, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Redirect Target Address Capability Object . . . . . . . . . . 3 - 2.1. DnsTarget . . . . . . . . . . . . . . . . . . . . . . . . 5 - 2.2. HttpTarget . . . . . . . . . . . . . . . . . . . . . . . 6 - 3. Fallback Target Address Metadata . . . . . . . . . . . . . . 7 + 2. Redirect Target Capability Object . . . . . . . . . . . . . . 3 + 2.1. Properties of Redirect Target Capability Object . . . . . 4 + 2.2. DnsTarget . . . . . . . . . . . . . . . . . . . . . . . . 6 + 2.3. HttpTarget . . . . . . . . . . . . . . . . . . . . . . . 6 + 3. Fallback Target Address Metadata . . . . . . . . . . . . . . 8 + 3.1. Properties Fallback Target Address Metadata Object . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 4.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 9 - 4.1.1. CDNI FCI RedirectTarget Payload Type . . . . . . . . 9 - 4.1.2. CDNI MI FallbackTarget Payload Type . . . . . . . . . 9 + 4.1.1. CDNI FCI RedirectTarget Payload Type . . . . . . . . 10 + 4.1.2. CDNI MI FallbackTarget Payload Type . . . . . . . . . 10 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 + 5.1. Confidentiality and Privacy . . . . . . . . . . . . . . . 10 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 - 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 + 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 11 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 8.2. Informative References . . . . . . . . . . . . . . . . . 11 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction This document defines objects needed for Open Caching request routing. For that purpose it extends CDNI metadata [RFC8006] and CDNI Footprint and Capabilities [RFC8008]. For consistency, this document follows the CDNI notation of uCDN (the commercial CDN) and dCDN (the ISP caching layer). This document also registers CDNI Payload Types [RFC7736] for the @@ -99,173 +102,180 @@ This document reuses the terminology defined in [RFC6707], [RFC8006], [RFC8007], and [RFC8008]. Additionally, the following terms are used throughout this document and are defined as follows: o RR - Request Router o CP - Content Provider -2. Redirect Target Address Capability Object +2. Redirect Target Capability Object Iterative request redirect as defined in section 1.1 of [RFC7336] requries the provisioning of a redirect target address to be used by the uCDN in order to redirect to the dCDN. Redirect target addresses - can vary between different footprints, for example between different - regions, and they may also change over time, for example due to - scaling issues a dCDN may need to split different regions over - multiple targets, or due to network problems the dCDN may have to - change the target address. Due to this variable and dynamic nature - of the redirect target, it may not be suitable to advertise it during - bootstrap, and a more dynamic, and footprint oriented interface is + can vary between different footprints, for example, between different + regions, and they may also change over time, for example as a result + of network problems. Given this variable and dynamic nature of the + redirect target, it may not be suitable to advertise it during + bootstrap. A more dynamic and footprint oriented interface is required. Therefore, we have chosen to use the CDNI Footprint and Capabilities interface for redirect target advertisement. Use cases o Footprint: The dCDN may want to have a different target per footprint. Note that a dCDN may spread across multiple geographies. This makes it easier to route client requests to a nearby request router. Though this can be achieved using a single canonical name and Geo DNS, that approach has limitations; for - example a client may be using third party DNS resolver, making it - impossible for the redirector to detect where the client is + example a client may be using a third party DNS resolver, making + it impossible for the redirector to detect where the client is located, or Geo DNS granularity may be too rough for the requirement of the application. o Scaling: The dCDN may choose to scale its request routing service by deploying more request routers in new locations and advertise them via an updatable interface like the FCI. The Redirect Target capability object is used to indicate the target address the uCDN should use in order to redirect a client to the dCDN. A target may be attached to a specific uCDN host, a list of - uCDN hosts, or it can be set globally for all the hosts of the uCDN. + uCDN hosts, or used globally for all the hosts of the uCDN. - When dCDN is attaching the redirect target to a specific uCDN host or - a list of uCDN hosts, the dCDN MUST advertise the hosts within the - Redirect Target Capability object as "redirecting-hosts". In that + When a dCDN is attaching the redirect target to a specific uCDN host + or a list of uCDN hosts, the dCDN MUST advertise the hosts within the + Redirect Target capability object as "redirecting-hosts". In that case, the uCDN can redirect to that dCDN address, only if the request - was directed to one of these uCDN hosts. + was directed to one of those uCDN hosts. A redirect target for DNS redirection is an IP address used as an A record response or a FQDN used as an alias in a CNAME record response - (see [RFC1034]) of the uCDN DNS router. Note that DNS routers take + (see [RFC1034]) of the uCDN DNS router. Note that DNS routers make routing decisions based on either the DNS resolver's IP address or the client IP address when EDNS0 client-subnet is used (see [RFC7871]). The dCDN may choose to advertise redirect targets and footprints to cover both cases. A uCDN DNS router implemenation SHOULD prefer routing based on client IP address when it is available. - A redirect target for HTTP redirection is the URI to be used as a - value of the Location header of a HTTP redirect 3xx response, + A redirect target for HTTP redirection is the URI to be used as the + value for the Location header of a HTTP redirect 3xx response, typically a 302 (Found) (see section 7.1.2 of [RFC7231] and section 6.4 of [RFC7231]). +2.1. Properties of Redirect Target Capability Object + + The Redirect Target capability object consists of the following + properties: + Property: redirecting-hosts Description: One or more uCDN hosts to which this redirect target is attached. A redirecting host SHOULD be a host that was published in a HostMatch object by the uCDN as defined in section 4.1.2 of [RFC8006]. Type: A list of Endpoint objects (see section 4.3.3 of [RFC8006]) Mandatory-to-Specify: No. If not present, or empty, the redirect target applies to all hosts of the redirecting uCDN. Property: dns-target - Description: Target address for DNS A record or CNAME record. + Description: Target address for a DNS A record or CNAME record. - Type: DnsTarget object (see Section 2.1) + Type: DnsTarget object (see Section 2.2) Mandatory-to-Specify: No. but at least one of "dns-target" or "http-target" MUST be present and non empty. Property: http-target - Description: Target URI for HTTP redirect. - Type: HttpTarget object (see Section 2.2) + Description: Target URI for a HTTP redirect. - Mandatory-to-Specify: No. but at least one of "dns-target" or + Type: HttpTarget object (see Section 2.3) + + Mandatory-to-Specify: No, but at least one of "dns-target" or "http-target" MUST be present and non empty. - Example of Redirect Target Capability object that advertises a dCDN - target address that is attached to a specific list of uCDN - "redirecting-hosts". A uCDN host that is included in that list can - redirect to the advertised dCDN redirect target. + The following is an example of a Redirect Target capability object + serialization that advertises a dCDN target address that is attached + to a specific list of uCDN "redirecting-hosts". A uCDN host that is + included in that list can redirect to the advertised dCDN redirect + target. { "capabilities": [ { "capability-type": "FCI.RedirectTarget", "capability-value": { "redirecting-hosts": [ "a.service123.ucdn.example.com", "b.service123.ucdn.example.com" - ] + ], "dns-target": { "host": "service123.ucdn.example.dcdn.com" - } + }, "http-target": { - + "host": "us-east1.dcdn.com", + "path-prefix": "/cache/1/", + "include-redirecting-host": true } }, "footprints": [ ] } ] } -2.1. DnsTarget +2.2. DnsTarget - The DnsTarget object gives the instructions to construct the target - address for the DNS response for delegation from the uCDN to the - dCDN. + The DnsTarget object gives the target address for the DNS response to + delegate from the uCDN to the dCDN. Property: host Description: The host property is a hostname or an IP address, without a port number. Type: Endpoint object as defined in section 4.3.3 of [RFC8006] - with the limitation that it MUST NOT include a port number. + with the limitation that it SHOULD NOT include a port number + and, in case a port number is present, the uCDN MUST ignore it. Mandatory-to-Specify: Yes. - Example of DnsTarget object: + The following is an example of DnsTarget object: { "host": "service123.ucdn.example.dcdn.com" } - Example of a DNS query for uCDN address + The following is an example of a DNS query for uCDN address "a.service123.ucdn.example.com" and the corresponding CNAME redirection response: Query: a.service123.ucdn.example.com: type A, class IN Response: a.service123.ucdn.example.com: type CNAME, class IN, cname service123.ucdn.example.dcdn.com -2.2. HttpTarget +2.3. HttpTarget - The HttpTarget object gives the instructions to construct the target - Location URI for http redirection from the uCDN to the dCDN. + The HttpTarget object gives the necessary information to construct + the target Location URI for HTTP redirection. Property: host Description: Hostname or IP address and an optional port, i.e., the host and port of the authority component of the URI as described in section 3.2 of [RFC3986]. Type: Endpoint object as defined in section 4.3.3 of [RFC8006]. Mandatory-to-Specify: Yes. @@ -274,33 +284,33 @@ Description: A path prefix for the HTTP redirect Location header. The original path is appended after this prefix. Type: A prefix of a path-absolute as defined in section 3.3 of [RFC3986]. The prefix MUST end with a trailing slash, to indicate the end of the last path segment in the prefix. Mandatory-to-Specify: No. If this property is absent or empty, the uCDN MUST NOT prepend a path prefix to the original content - path, i.e. the original path MUST appear in the location URI + path, i.e., the original path MUST appear in the location URI right after the authority component. Property: include-redirecting-host Description: A flag indicating whether or not to include the redirecting host as the first path segment after the path- - prefix. In case this flag is true and a "path-prefix" is used, - the uCDN redirecting host MUST be added as a separate path - segment after the path-prefix and before the original URL path. - In case this flag is true and there is no path-prefix, the uCDN - redirecting host MUST be prepended as the first path segment in - the redirect URL. + prefix. If set to true and a "path-prefix" is used, the uCDN + redirecting host MUST be added as a separate path segment after + the path-prefix and before the original URL path. If set to + true and there is no path-prefix, the uCDN redirecting host + MUST be prepended as the first path segment in the redirect + URL. Type: Boolean. Mandatory-to-Specify: No. Default value is False. Example of HttpTarget object with a path-prefix and include- redirecting-host: { "host": "us-east1.dcdn.com", @@ -317,125 +327,145 @@ GET /vod/1/movie.mp4 HTTP/1.1 Host: a.service123.ucdn.example.com Response: HTTP/1.1 302 Found Location: http://us-east1.dcdn.com/cache/1/ a.service123.ucdn.example.com/vod/1/movie.mp4 3. Fallback Target Address Metadata - Open Caching requires that the uCDN should provide fallback target - server to the dCDN to be used in cases where the dCDN cannot properly + Open Caching requires that the uCDN provide a fallback target server + to the dCDN, to be used in cases where the dCDN cannot properly handle the request. To avoid redirect loops, the fallback target - server's address at the uCDN MUST be differnet than the original - address at the uCDN from which the client was redirected to the dCDN. - The uCDN MUST avoid further redirection when receiving the client - request at the fallback target. The fallback target is defined as a - generic metadata object (see section 3.2 of [RFC8006]) + server's address at the uCDN MUST be differnet from the original uCDN + address from which the client was redirected to the dCDN. The uCDN + MUST avoid further redirection when receiving the client request at + the fallback target. The fallback target is defined as a generic + metadata object (see section 3.2 of [RFC8006]) + Use cases o Failover: A dCDN request router receives a request but has no caches to which it can route the request. This can happen in the case of failures or temporary network overload. o No coverage: A dCDN request router receives a request from a client located in an area inside the footprint but not covered by - the dCDN caches, or a client located outside the dCDN footprint - coverage. In such cases, the router may choose to redirect the - request back to the uCDN fallback address. + the dCDN caches or outside the dCDN footprint coverage. In such + cases, the router may choose to redirect the request back to the + uCDN fallback address. o Error: A cache may receive a request that it cannot properly serve, for example, some of the metadata objects for that service were not properly acquired. In this case, the cache may resolve to redirect back to uCDN. The Fallback target metadata object is used to indicate the target address the dCDN should use in order to redirect a client back to the uCDN. Fallback target is represented as endpoint objects as defined in section 4.3.3 of [RFC8006]. The uCDN fallback target address may be used as a DNS A record or - CNAME record in case of DNS redirection mode or a host name for HTTP + CNAME record in case of DNS redirection or a hostname for HTTP redirect. When using HTTP redirect to route a client request back to the uCDN, it is the dCDN's responsibility to use the original URL path as the client would have used for the original uCDN request, stripping, if - needed, the dCDN path-prefix and the uCDN host name from the redirect - URL that may have been used to request the content from the dCDN. + needed, the dCDN path-prefix and/or the uCDN hostname from the + redirect URL that may have been used to request the content from the + dCDN. + +3.1. Properties Fallback Target Address Metadata Object + + The MI.FallbackTarget Metadata object consists of the following + single property: Property: host Description: Target address to which the dCDN can redirect the client. Type: Endpoint object as defined in section 4.3.3 of [RFC8006] - with the limitation that in case of DNS delegation, it MUST NOT - include a port number. + with the limitation that in case of DNS delegation it SHOULD + NOT include a port number and, in case a port number is + present, the dCDN MUST ignore it. Mandatory-to-Specify: Yes. Example of a MI.FallbackTarget Metadata object that designates the host address the dCDN should use as fallback address to redirect back to the uCDN. { "generic-metadata-type": "MI.FallbackTarget", "generic-metadata-value": { "host": "fallback-a.service123.ucdn.example" } } 4. IANA Considerations 4.1. CDNI Payload Types This document requests the registration of the following CDNI Payload - Types under the IANA CDNI Payload Type registry defined in [RFC7736]: + Types under the IANA "CDNI Payload Types" registry defined in + [RFC7736]: +--------------------+---------------+ | Payload Type | Specification | +--------------------+---------------+ | FCI.RedirectTarget | RFCthis | | MI.FallbackTarget | RFCthis | +--------------------+---------------+ [RFC Editor: Please replace RFCthis with the published RFC number for this document.] 4.1.1. CDNI FCI RedirectTarget Payload Type Purpose: The purpose of this payload type is to distinguish RedirectTarget FCI objects Interface: FCI - Encoding: see Section 2 + Encoding: see Section 2.1 4.1.2. CDNI MI FallbackTarget Payload Type Purpose: The purpose of this payload type is to distinguish FallbackTarget MI objects (and any associated capability advertisement) Interface: MI/FCI - Encoding: see Section 3 + Encoding: see Section 3.1 5. Security Considerations This specification is in accordance with the CDNI Metadata Interface and the CDNI Request Routing: Footprint and Capabilities Semantics. - As such, it is subject to the security considerations as defined in - [RFC8006] and [RFC8008] respectively. + As such, it is subject to the security and privacy considerations as + defined in Section 8 of [RFC8006] and in Section 7 of [RFC8008] + respectively. + +5.1. Confidentiality and Privacy + + The redirect Target FCI object potentially exposes information about + the internal strcture of the dCDN network. A third party could + intercept the FCI transactions and use the information to attack the + dCDN. An implemenation of the FCI MUST therefore use strong + authentication and encryption and strictly follow the directions for + securing the interface as defined for the Metadata Interface in + Section 8.3 of [RFC8006]. 6. Acknowledgements TBD. 7. Contributors TBD. 8. References