draft-ietf-forces-applicability-08.txt   draft-ietf-forces-applicability-09.txt 
forces A. Crouch ForCES Working Group A. Crouch
Internet-Draft H. Khosravi Internet-Draft H. Khosravi
Intended status: Informational Intel Intended status: Informational Intel
Expires: August 26, 2010 A. Doria Expires: December 29, 2010 A. Doria (ed.)
LTU LTU
X. Wang X. Wang
Huawei Huawei
K. Ogawa K. Ogawa
NTT Corporation NTT Corporation
February 22, 2010 June 27, 2010
ForCES Applicability Statement ForCES Applicability Statement
draft-ietf-forces-applicability-08 draft-ietf-forces-applicability-09
Abstract Abstract
The ForCES protocol defines a standard framework and mechanism for The ForCES protocol defines a standard framework and mechanism for
the interconnection between Control Elements and Forwarding Elements the interconnection between Control Elements and Forwarding Elements
in IP routers and similar devices. In this document we describe the in IP routers and similar devices. In this document we describe the
applicability of the ForCES model and protocol. We provide example applicability of the ForCES model and protocol. We provide example
deployment scenarios and functionality, as well as document deployment scenarios and functionality, as well as document
applications that would be inappropriate for ForCES. applications that would be inappropriate for ForCES.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on December 29, 2010.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 26, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
skipping to change at page 2, line 15 skipping to change at page 2, line 10
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this 10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Applicability to IP Networks . . . . . . . . . . . . . . . . . 4 4. Applicability to IP Networks . . . . . . . . . . . . . . . . . 5
4.1. Applicable Services . . . . . . . . . . . . . . . . . . . 5 4.1. Applicable Services . . . . . . . . . . . . . . . . . . . 5
4.1.1. Discovery, Capability Information Exchange . . . . . . 5 4.1.1. Association, Capability Discovery and Information
Exchange . . . . . . . . . . . . . . . . . . . . . . . 5
4.1.2. Topology Information Exchange . . . . . . . . . . . . 6 4.1.2. Topology Information Exchange . . . . . . . . . . . . 6
4.1.3. Configuration . . . . . . . . . . . . . . . . . . . . 6 4.1.3. Configuration . . . . . . . . . . . . . . . . . . . . 6
4.1.4. Routing Exchange . . . . . . . . . . . . . . . . . . . 6 4.1.4. Routing Exchange . . . . . . . . . . . . . . . . . . . 6
4.1.5. QoS Exchange . . . . . . . . . . . . . . . . . . . . . 6 4.1.5. QoS Capabilities Exchange and Configuration . . . . . 6
4.1.6. Security Exchange . . . . . . . . . . . . . . . . . . 6 4.1.6. Security Exchange . . . . . . . . . . . . . . . . . . 7
4.1.7. Filtering Exchange and Firewalls . . . . . . . . . . . 7 4.1.7. Filtering Exchange and Firewalls . . . . . . . . . . . 7
4.1.8. Encapsulation, Tunneling Exchange . . . . . . . . . . 7 4.1.8. Encapsulation, Tunneling Exchange . . . . . . . . . . 7
4.1.9. NAT and Application-level Gateways . . . . . . . . . . 7 4.1.9. NAT and Application-level Gateways . . . . . . . . . . 7
4.1.10. Measurement and Accounting . . . . . . . . . . . . . . 7 4.1.10. Measurement and Accounting . . . . . . . . . . . . . . 7
4.1.11. Diagnostics . . . . . . . . . . . . . . . . . . . . . 7 4.1.11. Diagnostics . . . . . . . . . . . . . . . . . . . . . 7
4.1.12. Redundancy and Failover . . . . . . . . . . . . . . . 7 4.1.12. Redundancy and Failover . . . . . . . . . . . . . . . 7
4.2. CE-FE Link Capability . . . . . . . . . . . . . . . . . . 8 4.2. CE-FE Link Capability . . . . . . . . . . . . . . . . . . 8
4.3. CE/FE Locality . . . . . . . . . . . . . . . . . . . . . . 8 4.3. CE/FE Locality . . . . . . . . . . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9
6. ForCES Manageability . . . . . . . . . . . . . . . . . . . . . 9 6. ForCES Manageability . . . . . . . . . . . . . . . . . . . . . 9
6.1. NE as an atomic element . . . . . . . . . . . . . . . . . 9 6.1. NE as an Atomic Element . . . . . . . . . . . . . . . . . 9
6.2. NE as composed of manageable elements . . . . . . . . . . 9 6.2. NE as Composed of Manageable Elements . . . . . . . . . . 10
6.3. ForCES Protocol MIB . . . . . . . . . . . . . . . . . . . 10 6.3. ForCES Protocol MIB . . . . . . . . . . . . . . . . . . . 10
6.3.1. MIB Management of an FE . . . . . . . . . . . . . . . 10 6.3.1. MIB Management of an FE . . . . . . . . . . . . . . . 10
6.4. The FEM and CEM . . . . . . . . . . . . . . . . . . . . . 11 6.4. The FEM and CEM . . . . . . . . . . . . . . . . . . . . . 11
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
1. Purpose 1. Purpose
The purpose of the ForCES Applicability Statement is to capture the The purpose of the ForCES Applicability Statement is to capture the
intent of the ForCES protocol [I-D.ietf-forces-protocol] designers as intent of the ForCES protocol [RFC5810] designers as to how the
to how the protocol could be used (in conjunction with the ForCES protocol could be used in conjunction with the ForCES model [RFC5812]
model [I-D.ietf-forces-model]). and a Transport Mapping Layer [RFC5811].
2. Overview 2. Overview
The ForCES protocol defines a standard framework and mechanism for The ForCES protocol defines a standard framework and mechanism for
the exchange of information between the logically separate the exchange of information between the logically separate
functionality of the control and data forwarding planes of IP routers functionality of the control and data forwarding planes of IP routers
and similar devices. It focuses on the communication necessary for and similar devices. It focuses on the communication necessary for
separation of control plane functionality such as routing protocols, separation of control plane functionality such as routing protocols,
signaling protocols, and admission control from data forwarding plane signaling protocols, and admission control from data forwarding plane
per-packet activities such as packet forwarding, queuing, and header per-packet activities such as packet forwarding, queuing, and header
editing. editing.
This document defines the applicability of the ForCES mechanisms. It This document defines the applicability of the ForCES mechanisms. It
describes types of configurations and settings where ForCES is most describes types of configurations and settings where ForCES is most
appropriately applied. This document also describes scenarios and appropriately applied. This document also describes scenarios and
configurations where ForCES would not be appropriate for use. configurations where ForCES would not be appropriate for use.
3. Terminology 3. Terminology
A set of terminology associated with ForCES is defined in [3, 4]. A set of concepts associated with ForCES was introduced in
That terminology is reused here and the reader is directed to [3, 4] Requirements for Separation of IP Control and Forwarding[RFC3654] and
for the following definitions: in Forwarding and Control Element Separation (ForCES)
Framework[RFC3746]. The terminology associated with these concepts
o CE: Control Element. and the protocol elements in ForCES is defined in the Forwarding and
Control Element Separation (ForCES) Protocol Specification[RFC5810].
o FE: Forwarding Element.
o ForCES: ForCES protocol. The reader is directed to these documents for the conceptual
introduction and the definitions including of the following acronyms:
o TML: Transport Mapping Layer. o CE: Control Element
o CEM: Control element manager
o FE: Forwarding Element
o FEM: Forwarding element manager
o ForCES: Forwarding and Control Element Separation protocol
o LFB: Logical Function Block
o NE: ForCES network element
o TML: Transport Mapping Layer
4. Applicability to IP Networks 4. Applicability to IP Networks
The purpose of this section is to list the areas of ForCES This section lists the areas of ForCES applicability in IP network
applicability in IP network devices. Relatively low end routing devices. Some relatively low-end routing systems may be implemented
systems may be implemented on simple hardware which performs both on simple hardware which performs both control and packet forwarding
control and packet forwarding functionality. ForCES may not make functionality. ForCES may not be useful for such devices.
sense for such devices.
Higher end routing systems typically distribute work amongst Higher end routing systems typically distribute work amongst several
interface processing elements, and these devices (FEs) therefore need interface processing elements, and these devices (FEs) therefore need
to communicate with the control element(s) to perform their job. to communicate with the control element(s) to perform their job. A
ForCES provides a standard way to do this communication. higher end router may also distribute control processing amongst
several processing elements (CEs). ForCES provides a standard way to
do this communication. ForCES also provides support for High
Availability configurations that include a primary CE and one or more
secondary CEs.
The remainder of this section lists the applicable services which The remainder of this section lists the applicable services which
ForCES may support, applicable FE functionality, applicable CE-FE ForCES may support, applicable FE functionality, applicable CE-FE
link scenarios, and applicable topologies in which ForCES may be link scenarios, and applicable topologies in which ForCES may be
deployed. deployed.
4.1. Applicable Services 4.1. Applicable Services
In this section we describe the applicability of ForCES for the In this section we describe the applicability of ForCES for the
following control-forwarding plane services: following control-forwarding plane services:
o Discovery, Capability Information Exchange o Association, Capability discovery and Information Exchange
o Topology Information Exchange
o Topology Information Exchange o Configuration
o Routing Exchange
o Configuration o QoS Exchange
o Security Exchange
o Routing Exchange o Filtering Exchange
o Encapsulation/Tunneling Exchange
o QoS Exchange o NAT and Application-level Gateways
o Measurement and Accounting
o Security Exchange o Diagnostics
o CE Redundancy or CE Failover
o Filtering Exchange
o Encapsulation/Tunneling Exchange
o NAT and Application-level Gateways
o Measurement and Accounting
o Diagnostics
o CE Redundancy or CE Failover
4.1.1. Discovery, Capability Information Exchange 4.1.1. Association, Capability Discovery and Information Exchange
Discovery is the process by which CEs and FEs learn of each other's Association is the first step of the ForCES protocol exchange in
existence. ForCES assumes that CEs and FEs already know sufficient which capability discovery and exchange happens between one or more
information to begin communication in a secure manner. The ForCES CEs and the FEs. ForCES assumes that CEs and FEs already have
protocol is only applicable after CEs and FEs have found each other. sufficient information to begin communication in a secure manner.
ForCES makes no assumption about whether discovery was performed The ForCES protocol is only applicable after CEs and FEs have
using a dynamic protocol or merely static configuration. discovered each other. ForCES makes no assumption about whether
discovery was performed using a dynamic protocol or merely static
configuration. Some discussion about how this can occur can be found
later in this document in Section 6.4.
During the discovery phase, CEs and FEs exchange capability During the association phase, CEs and FEs exchange capability
information with each other. For example, the FEs express the number information with each other. For example, the FEs express the number
of interface ports they provide, as well as the static and of interface ports they provide, as well as the static and
configurable attributes of each port. configurable attributes of each port.
In addition to initial configuration, the CEs and FEs also exchange In addition to initial configuration, the CEs and FEs also exchange
dynamic configuration changes using ForCES. For example, FEs dynamic configuration changes using ForCES. For example, FEs
asynchronously inform the CE of an increase/decrease in available asynchronously inform the CEs of an increase/decrease in available
resources or capabilities on the FE. resources or capabilities on the FE.
4.1.2. Topology Information Exchange 4.1.2. Topology Information Exchange
In this context, topology information relates to how the FEs are In this context, topology information relates to how the FEs are
interconnected with each other with respect to packet forwarding. interconnected with each other with respect to packet forwarding.
Topology discovery is outside the scope of the ForCES protocol. An Topology discovery is outside the scope of the ForCES protocol. An
implementation can choose its own method of topology discovery (for implementation can choose its own method of topology discovery (for
example use a standard topology discovery protocol like LLDP, BFD; or example use a standard topology discovery protocol; or apply a static
apply a static topology configuration policy). Once the topology is topology configuration policy). Once the topology is established,
established, ForCES protocol may be used to transmit the resulting ForCES protocol may be used to transmit the resulting information to
information to the CE. the CEs.
4.1.3. Configuration 4.1.3. Configuration
ForCES is used to perform FE configuration. For example, CEs set ForCES is used to perform FE configuration. For example, CEs set
configurable FE attributes such as IP addresses, etc. for their configurable FE attributes such as IP addresses, etc. for their
interfaces. interfaces.
4.1.4. Routing Exchange 4.1.4. Routing Exchange
ForCES may be used to deliver packet forwarding information resulting ForCES may be used to deliver packet forwarding information resulting
from CE routing calculations. For example, CEs may send forwarding from CE routing calculations. For example, CEs may send forwarding
table updates to the FEs, so that they can make forwarding decisions. table updates to the FEs, so that they can make forwarding decisions.
FEs may inform the CE in the event of a forwarding table miss. FEs may inform the CEs in the event of a forwarding table miss.
ForCES may also be used to configure ECMP capability.
4.1.5. QoS Exchange 4.1.5. QoS Capabilities Exchange and Configuration
ForCES may be used to exchange QoS capabilities between CEs and FEs. ForCES may be used to exchange QoS capabilities between CEs and FEs.
For example, an FE may express QoS capabilities to the CE. Such For example, an FE may express QoS capabilities to the CE. Such
capabilities might include metering, policing, shaping, and queuing capabilities might include metering, policing, shaping, and queuing
functions. The CE may use ForCES to configure these capabilities. functions. The CE may use ForCES to configure these capabilities.
4.1.6. Security Exchange 4.1.6. Security Exchange
ForCES may be used to exchange Security information between CEs and ForCES may be used to exchange Security information between a CE and
FEs. For example, the FE may use ForCES to express the types of the FEs it controls. For example, the FE may use ForCES to express
encryption that it is capable of using in an IPsec tunnel. The CE the types of encryption that it is capable of using in an IPsec
may use ForCES to configure such a tunnel. tunnel. The CE may use ForCES to configure such a tunnel. The CEs
would be responsible for the NE dynamic key exchanges and updates.
4.1.7. Filtering Exchange and Firewalls 4.1.7. Filtering Exchange and Firewalls
ForCES may be used to exchange filtering information. For example, ForCES may be used to exchange filtering information. For example,
FEs may use ForCES to express the filtering functions such as FEs may use ForCES to express the filtering functions such as
classification and action that they can perform, and the CE may classification and action that they can perform, and the CE may
configure these capabilities. configure these capabilities.
4.1.8. Encapsulation, Tunneling Exchange 4.1.8. Encapsulation, Tunneling Exchange
skipping to change at page 7, line 31 skipping to change at page 7, line 39
the configuration of application-level gateway functionality, this the configuration of application-level gateway functionality, this
may be in scope for some types of application-level gateways. may be in scope for some types of application-level gateways.
4.1.10. Measurement and Accounting 4.1.10. Measurement and Accounting
ForCES may be used to exchange configuration information regarding ForCES may be used to exchange configuration information regarding
traffic measurement and accounting functionality. In this area, traffic measurement and accounting functionality. In this area,
ForCES may overlap somewhat with functionality provided by ForCES may overlap somewhat with functionality provided by
alternative network management mechanisms such as SNMP. In some alternative network management mechanisms such as SNMP. In some
cases ForCES may be used to convey information to the CE to be cases ForCES may be used to convey information to the CE to be
reported externally using SNMP. reported externally using SNMP. A further discussion of this
capability is covered in Section 6 of this document.
4.1.11. Diagnostics 4.1.11. Diagnostics
ForCES may be used for CEs and FEs to exchange diagnostic ForCES may be used for CEs and FEs to exchange diagnostic
information. For example, an FE can send self-test results to the information. For example, an FE can send self-test results to a CE.
CE.
4.1.12. Redundancy and Failover 4.1.12. Redundancy and Failover
The ForCES architecture includes mechanisms which allow for multiple The ForCES architecture includes mechanisms which allow for multiple
redundant CEs and FEs in a ForCES NE. The ForCES model LFB redundant CEs and FEs in a ForCES NE. The ForCES model LFB
definitions provide sufficient component details via component definitions provide sufficient component details via component
identifiers to be universally unique within an NE. The ForCES identifiers to be universally unique within an NE. The ForCES
protocol includes mechanisms to facilitate transactions as well as protocol includes mechanisms to facilitate transactions as well as
atomicity across the NE. atomicity across the NE.
skipping to change at page 8, line 21 skipping to change at page 8, line 26
sufficiently future-proof to be applicable in scenarios where routing sufficiently future-proof to be applicable in scenarios where routing
tables grow to several orders of magnitude greater than their current tables grow to several orders of magnitude greater than their current
size. However, we also note that not all IP routers need full size. However, we also note that not all IP routers need full
routing tables. routing tables.
4.3. CE/FE Locality 4.3. CE/FE Locality
ForCES is intended for environments where one of the following ForCES is intended for environments where one of the following
applies: applies:
o The control interconnect is some form of local bus, switch, or LAN, o The control interconnect is some form of local bus, switch, or
where reliability is high, closely controlled, and not susceptible to LAN, where reliability is high, closely controlled, and not
external disruption that does not also affect the CEs and/or FEs. susceptible to external disruption that does not also affect the
CEs and/or FEs.
o The control interconnect shares fate with the FE's forwarding o The control interconnect shares fate with the FE's forwarding
function. Typically this is because the control connection is also function. Typically this is because the control connection is
the FE's primary packet forwarding connection, and so if that link also the FE's primary packet forwarding connection, and so if that
goes down, the FE cannot forward packets anyway. link goes down, the FE cannot forward packets anyway.
The key guideline is that the reliability of the device should not be The key guideline is that the reliability of the device should not be
significantly reduced by the separation of control and forwarding significantly reduced by the separation of control and forwarding
functionality. functionality.
Taking this into account, ForCES is applicable in the following CE/FE Taking this into account, ForCES is applicable in the following CE/FE
localities: localities:
o single box NE: chassis with multiple CEs and FEs setup. ForCES is Single Box NE: chassis with multiple CEs and FEs setup. ForCES is
applicable in localities consisting of control and forwarding applicable in localities consisting of control and forwarding
elements which are components in the same physical box. elements which are components in the same physical box.
Example: a network element with a single control blade, and one or Example: a network element with a single control blade, and one or
more forwarding blades, all present in the same chassis and sharing more forwarding blades, all present in the same chassis and
an interconnect such as Ethernet or PCI. In this locality, the sharing an interconnect such as Ethernet or PCI. In this
majority of the data traffic being forwarded typically does not locality, the majority of the data traffic being forwarded
traverse the same links as the ForCES control traffic. typically does not traverse the same links as the ForCES control
traffic.
o multiple boxes: separated CE and FE where physical locality could Multiple Box NE: separated CE and FE where physical locality could
be same rack, room, building, or long distance which could span be same rack, room, building, or long distance which could span
across continents and oceans. ForCES is applicable in localities across continents and oceans. ForCES is applicable in localities
consisting of control and forwarding elements which are separated by consisting of control and forwarding elements which are separated
a single hop or multiple hops in the network. by a single hop or multiple hops in the network.
5. Security Considerations 5. Security Considerations
The ForCES architecture allows for a variety of security levels[6]. The ForCES protocol allows for a variety of security levels
When operating under a secured physical environment, or for other [RFC5810]. When operating under a secured physical environment, or
operational concerns (in some cases performance issues) the operator for other operational concerns (in some cases performance issues) the
may turn off all the security functions between CE and FE. When the operator may turn off all the security functions between CEs and FEs.
operator makes a decision to secure the path between the FE and CE When the operator makes a decision to secure the path between the FEs
then the operator chooses from one of the options provided by the and CEs then the operator chooses from one of the options provided by
TML. Security choices provided by the TML take effect during the the TML. Security choices provided by the TML take effect during the
pre-association phase of the ForCES protocol. An operator may choose pre-association phase of the ForCES protocol. An operator may choose
to use all, some or none of the security services provided by the TML to use all, some or none of the security services provided by the TML
in a CE-FE connection. A ForCES NE is required to provide CE/FE node in a CE-FE connection. A ForCES NE is required to provide CE/FE node
authentication services, and may provide message integrity and authentication services, and may provide message integrity and
confidentially services. The NE may provide these services by confidentially services. The NE may provide these services by
employing IPSEC or TLS depending on the choice of TML used in the employing IPsec or TLS depending on the choice of TML used in the
deployment of the NE. deployment of the NE.
6. ForCES Manageability 6. ForCES Manageability
From one perspective, it is a single network element; as an example From the architectural perspective, the ForCES NE is a single network
if the ForCES NE is specifically a router that needs to be managed element; as an example if the ForCES NE is specifically a router that
then it is managed in essentially the same way any router is managed. needs to be managed, then it should be managed in essentially the
From another perspective element management can view the individual same way any router should be managed. From another perspective
entities and interfaces that make up a ForCES NE. element management could view the individual entities and interfaces
that make up a ForCES NE but this may cause risk on the control
relationship between the CEs and the FEs unless it has been accounted
for in the model used by the NE.
6.1. NE as an atomic element 6.1. NE as an Atomic Element
From the ForCES requirements RFC 3654, Section 4, point 4: From the ForCES requirements [RFC3654] Section 4, point 4:
A NE must support the appearance of a single functional device. A NE must support the appearance of a single functional device.
As a single functional device a ForCES NE runs protocols and each of As a single functional device a ForCES NE runs protocols and each of
the protocols has it own existing manageability aspects that are the protocols has it own existing manageability aspects that are
documented elsewhere. As an example, router would also have a documented elsewhere. As an example, router would also have a
configuration interface. When viewed in this manner, the NE is configuration interface. When viewed in this manner, the NE is
controlled as a single routing entity and no new management beyond controlled as a single routing entity and no new management beyond
what is already available for routers and routing protocols would be what is already available for routers and routing protocols would be
required for a ForCES NE. required for a ForCES NE. Management commands on a management
interface to the NE will arrive at the CE and may require ForCES
interactions between the CE and FEs to complete. This may impact the
atomicity of such commands and may require careful implementation by
the CE.
6.2. NE as composed of manageable elements 6.2. NE as Composed of Manageable Elements
When viewed as a decomposed set of elements from the management When viewed as a decomposed set of elements from the management
perspective, the ForCES NE is divided into a set of one of more perspective, the ForCES NE is divided into a set of one of more
Control Elements, Forwarding Elements and the interfaces between Control Elements, Forwarding Elements and the interfaces between
them. The interface functionality between the CE and the FE is them. The interface functionality between the CE and the FE is
provided by the ForCES protocol. As with all IETF protocols a MIB is provided by the ForCES protocol. A MIB module is provided for the
provided for the purposes of managing the protocol. purpose of gaining management information on the operation of the
protocol describe in Section 6.3 of this document.
Additionally the architecture makes provision for configuration Additionally the architecture makes provision for configuration
control of the individual CEs and FEs. This is handled by elements control of the individual CEs and FEs. This is handled by elements
named FE manager (FEM) and the CE manager (CEM). Specifically from named FE manager (FEM) and the CE manager (CEM). Specifically from
the ForCES requirements RFC [RFC 3654], Section 4, point 4: the ForCES requirements RFC [RFC3654], Section 4, point 4:
However, external entities (e.g., FE managers and CE managers) may However, external entities (e.g., FE managers and CE managers) may
have direct access to individual ForCES protocol elements for have direct access to individual ForCES protocol elements for
providing information to transition them from the pre-association to providing information to transition them from the pre-association to
post-association phase. post-association phase.
6.3. ForCES Protocol MIB 6.3. ForCES Protocol MIB
The ForCES MIB [I-D.ietf-forces-mib] is a primarily read-only MIB The ForCES MIB [RFC5813] defines a primarily read-only MIB module
that captures information related to the ForCES protocol. This that captures information related to the ForCES protocol. This
includes state information about the associations between CE(s) and includes state information about the associations between CE(s) and
FE(s) in the NE. FE(s) in the NE.
The ForCES MIB does not include information that is specified in The ForCES MIB does not include information that is specified in
other MIBs, such as packet counters for interfaces, etc. other MIB modules, such as packet counters for interfaces, etc.
More specifically, the information in the ForCES MIB relative to
associations includes:
- identifiers of the elements in the association
- state of the association
- configuration parameters of the association More specifically, the information in the ForCES MIB module relative
to associations includes:
- statistics of the association o identifiers of the elements in the association
o state of the association
o configuration parameters of the association
o statistics of the association
6.3.1. MIB Management of an FE 6.3.1. MIB Management of an FE
While it is possible to manage a FE from a element manager, several While it is possible to manage a FE from an element manager, several
requirements relating to this have been included in the ForCES requirements relating to this have been included in the ForCES
Requirements. Requirements.
From the ForCES Requirements [RFC 3654], Section 4, point 14: From the ForCES Requirements [RFC3654], Section 4, point 14:
1. The ability for a management tool (e.g., SNMP) to be used to read 1. The ability for a management tool (e.g., SNMP) to be used to read
(but not change) the state of FE should not be precluded. (but not change) the state of FE should not be precluded.
2. It must not be possible for management tools (e.g., SNMP, etc) to 2. It must not be possible for management tools (e.g., SNMP, etc) to
change the state of a FE in a manner that affects overall NE behavior change the state of a FE in a manner that affects overall NE
without the CE being notified. behavior without the CE being notified.
The ForCES Requirements [RFC 3654], Section 5.7, goes further in The ForCES Requirements [RFC3654], Section 5.7, goes further in
discussing the manner in which FEs should handle management requests discussing the manner in which FEs should handle management requests
that are specifically directed to the FE: that are specifically directed to the FE:
For a ForCES NE that is an IP router, RFC 1812 [2] also dictates that For a ForCES NE that is an IP router, [RFC1812] also dictates that
"Routers must be manageable by SNMP". In general, for the post- "Routers must be manageable by SNMP". In general, for the post-
association phase, most external management tasks (including SNMP) association phase, most external management tasks (including SNMP)
should be done through interaction with the CE in order to support should be done through interaction with the CE in order to support
the appearance of a single functional device. Therefore, it is the appearance of a single functional device. Therefore, it is
recommended that an SNMP agent be implemented by CEs and that the recommended that an SNMP agent be implemented by CEs and that the
SNMP messages received by FEs be redirected to their CEs. AgentX SNMP messages received by FEs be redirected to their CEs. AgentX
framework defined in RFC 2741 ([6]) may be applied here such that CEs framework defined in [RFC2741]) may be applied here such that CEs act
act in the role of master agent to process SNMP protocol messages in the role of master agent to process SNMP protocol messages while
while FEs act in the role of subagent to provide access to the MIB FEs act in the role of sub-agent to provide access to the MIB objects
objects residing on FEs. AgentX protocol messages between the master residing on FEs. AgentX protocol messages between the master agent
agent (CE) and the subagent (FE) are encapsulated and transported via (CE) and the sub-agent (FE) are encapsulated and transported via
ForCES, just like data packets from any other application layer ForCES, just like data packets from any other application layer
protocols. protocols.
6.4. The FEM and CEM 6.4. The FEM and CEM
Though out of scope for the initial ForCES specification effort, the Though out of scope for the initial ForCES specification effort, the
ForCES architecture include two entities, the CE Manager (CEM) and ForCES architecture include two entities, the CE Manager (CEM) and
the FE Manager (FEM). From the ForCES Protocols Specification the FE Manager (FEM). From the ForCES Protocols Specification
[I-D.ietf-forces-protocol]. [RFC5810].
CE Manager (CEM) - A logical entity responsible for generic CE
management tasks. It is particularly used during the pre-association
phase to determine with which FE(s) a CE should communicate.
FE Manager (FEM) - A logical entity responsible for generic FE CE Manager (CEM) - A logical entity responsible for generic CE
management tasks. It is used during pre-association phase to management tasks. It is particularly used during the pre-
determine with which CE(s) an FE should communicate. association phase to determine with which FE(s) a CE should
communicate.
FE Manager (FEM) - A logical entity responsible for generic FE
management tasks. It is used during pre-association phase to
determine with which CE(s) an FE should communicate.
7. Contributors 7. Contributors
The following are the contributors who were instrumental in the Mark Handley was an initial author involved in the earlier versions
creation of earlier releases of this document or who gave good of this document.
suggestions to this document.
Mark Handley, ICIR.
8. IANA Considerations 8. IANA Considerations
This document has no IANA actions. This document has no IANA actions.
[RFC Editor: please remove this section prior to publication.] [RFC Editor: please remove this section prior to publication.]
9. Acknowledgments 9. Acknowledgments
Many of the colleagues in our companies and participants in the Many of the participants in the ForCES as well as fellow employees of
ForCES mailing list have provided invaluable input into this work. the authors, have provided valuable input into this work. Particular
Particular thanks to Jamal Hadi Salim. thanks go to Jamal Hadi Salim, our WG chair and document shepherd and
to Adrian Farrel the AD for the area for their review, comments and
encouragement without whom this document might never have been
completed.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-forces-mib] [RFC1812] Baker, F., "Requirements for IP Version 4 Routers",
HAAS, R., "ForCES MIB", draft-ietf-forces-mib-10 (work in June 1995.
progress), September 2008.
[I-D.ietf-forces-model] [RFC5810] Doria, A., Hadi Salim, J., Haas, R., Khosravi, H., Wang,
Halpern, J. and J. Salim, "ForCES Forwarding Element W., Dong, L., Gopal, R., and J. Halpern, "Forwarding and
Model", draft-ietf-forces-model-16 (work in progress), Control Element Separation (ForCES) Protocol
October 2008. Specification", RFC 5810, March 2010.
[I-D.ietf-forces-protocol] [RFC5811] Hadi Salim, J. and K. Ogawa, "SCTP-Based Transport Mapping
Dong, L., Doria, A., Gopal, R., HAAS, R., Salim, J., Layer (TML) for the Forwarding and Control Element
Khosravi, H., and W. Wang, "ForCES Protocol Separation (ForCES) Protocol", March 2010.
Specification", draft-ietf-forces-protocol-22 (work in
progress), March 2009.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, [RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control
June 1999. Element Separation (ForCES) Forwarding Element Model",
RFC 5812, March 2010.
[RFC5813] Haas, R., "Forwarding and Control Element Separation
(ForCES) MIB", RFC 5813, March 2010.
10.2. Informative References
[RFC2741] Daniele, M., Wijnen, B., Ellison, M., and D. Francisco,
"Agent Extensibility (AgentX) Protocol Version 1",
January 2000.
[RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation [RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation
of IP Control and Forwarding", RFC 3654, November 2003. of IP Control and Forwarding", RFC 3654, November 2003.
[RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal, [RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal,
"Forwarding and Control Element Separation (ForCES) "Forwarding and Control Element Separation (ForCES)
Framework", RFC 3746, April 2004. Framework", RFC 3746, April 2004.
10.2. Informative References
[RFC3015] Cuervo, F., Greene, N., Rayhan, A., Huitema, C., Rosen,
B., and J. Segers, "Megaco Protocol Version 1.0",
RFC 3015, November 2000.
[RFC3292] Doria, A., Hellstrand, F., Sundell, K., and T. Worster,
"General Switch Management Protocol (GSMP) V3", RFC 3292,
June 2002.
Authors' Addresses Authors' Addresses
Alan Crouch Alan Crouch
Intel Intel
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
USA USA
Phone: +1 503 264 2196 Phone: +1 503 264 2196
Email: alan.crouch@intel.com Email: alan.crouch@intel.com
 End of changes. 65 change blocks. 
193 lines changed or deleted 195 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/