draft-ietf-forces-model-00.txt   draft-ietf-forces-model-01.txt 
Internet Draft L. Yang Internet Draft L. Yang
Expiration: February 2004 Intel R&D Expiration: April 2004 Intel Labs
File: draft-ietf-forces-model-00.txt J. Halpern File: draft-ietf-forces-model-01.txt J. Halpern
Working Group: ForCES Megisto Systems Working Group: ForCES Megisto Systems
R. Gopal R. Gopal
Nokia Nokia
A. DeKok A. DeKok
IDT Inc. IDT Inc.
August 2003 Z. Haraszti
S. Blake
Ericsson
October 2003
ForCES Forwarding Element Functional Model ForCES Forwarding Element Model
draft-ietf-forces-model-00.txt draft-ietf-forces-model-01.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are all provisions of Section 10 of RFC2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), working documents of the Internet Engineering Task Force (IETF),
its areas, and its working groups. Note that other groups may also its areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
skipping to change at page 2, line ? skipping to change at page 2, line ?
progress.'' progress.''
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
This document defines a functional model for forwarding elements This document defines the forwarding element (FE) model used in the
(FEs) used in the Forwarding and Control Plane Separation (ForCES) Forwarding and Control Plane Separation (ForCES) protocol. The
protocol. This model is used to describe the capabilities, model represents the capabilities, state and configuration of
capacities, state and configuration of ForCES forwarding elements forwarding elements within the context of the ForCES protocol, so
within the context of the ForCES protocol, so that ForCES control that control elements (CEs) can control the FEs accordingly. More
elements (CEs) can control the FEs accordingly. The model is to specifically, the model describes the logical functions that are
specify what logical functions are present in the FEs, what present in an FE, what capabilities these functions support, and
capabilities these functions support, and how these functions are how these functions are or can be interconnected. This FE model is
or can be interconnected. The forwarding element model defined intended to satisfy the model requirements specified in the ForCES
herein is intended to satisfy the requirements specified in the requirements draft [1]. A list of the basic logical functional
ForCES requirements draft [FORCES-REQ]. Using this model, blocks (LFBs) is also defined in the LFB class library to aid the
predefined or vendor specific logical functions can be expressed effort in defining individual LFBs.
and configured. However, the definition of these individual
functions are not described and defined in this document.
Table of Contents Table of Contents
Abstract.........................................................1 Abstract.........................................................1
1. Definitions...................................................3 1. Definitions...................................................3
2. Motivation and Requirements of FE model.......................4 2. Introduction..................................................5
3. State Model versus Capability Model...........................4 2.1. Requirements on the FE model.............................6
4. FE Model Concepts: FE Block and FE Block Topology.............7 2.2. The FE Model in Relation to FE Implementations...........6
4.1. FE Blocks................................................7 2.3. The FE Model in Relation to the ForCES Protocol..........6
4.2. FE Block Topology........................................9 2.4. Modeling Language for FE Model...........................7
4.2.1. Configuring FE Block Topology......................11 2.5. Document Structure.......................................8
4.2.2. Modeling FE Block Topology.........................16 3. FE Model Concepts.............................................8
5. Logical FE Block Library.....................................21 3.1. State Model and Capability Model.........................8
5.1. FE Input/Output Block Characterization..................21 3.2. LFB Modeling............................................11
5.1.1. Source Block.......................................21 3.2.1. LFB Input and Input Group..........................13
5.1.2. Sink Block.........................................22 3.2.2. LFB Output and Output Group........................15
5.1.3. Port Block.........................................22 3.2.3. Packet Type........................................16
5.1.4. Dropper Block......................................22 3.2.4. Metadata...........................................16
5.1.5. MUX Block..........................................23 3.2.5. LFB Versioning.....................................18
5.1.6. Redirector (de-MUX) Block..........................23 3.2.6. LFB Inheritance....................................18
5.1.7. Shaper Block.......................................23 3.3. FE Datapath Modeling....................................19
5.2. FE Processing Blocks....................................23 3.3.1. Alternative Approaches for Modeling FE Datapaths...19
5.2.1. Counter Block......................................24 3.3.2. Configuring the LFB Topology.......................23
5.2.2. Meter Block........................................24 4. LFB Model -- LFB and Associated Data Definitions.............27
5.2.3. Filter Block.......................................24 4.1. General Data Type Definitions...........................28
5.2.4. Classifier Block...................................24 4.1.1. Arrays.............................................29
5.2.5. Redirecting Classifier Block.......................25 4.1.2. Structures.........................................29
5.2.6. Modifier Block.....................................25 4.1.3. Augmentations......................................30
5.2.7. Packet Header Rewriter Block.......................26 4.2. Metadata Definitions....................................30
5.2.8. Packet Compression/Decompression Block.............26 4.3. Frame Format Definitions................................30
5.2.9. Packet Encryption/Decryption Block.................26 4.4. LFB Class Definitions...................................31
5.2.10. Packet Encapsulation/Decapsulation Block..........26 4.4.1. LFB Inheritance....................................31
6. Minimal Set of Logical Functions Required for FE Model.......27 4.4.2. LFB Inputs.........................................31
6.1. QoS Functions...........................................27 4.4.3. LFB Outputs........................................32
6.1.1. Classifier.........................................27 4.4.4. LFB Attributes.....................................33
6.1.2. Meter..............................................28 4.4.5. LFB Operational Specification......................34
6.1.3. Marker.............................................28 5. LFB Topology Model (To be written)...........................34
6.1.4. Dropper............................................28 6. FE Level Attributes (To be written)..........................35
6.1.5. Counter............................................28 7. LFB Class Library............................................35
6.1.6. Queue and Scheduler (?)............................28 7.1. Port LFB................................................35
6.1.7. Shaper.............................................28 7.2. Dropper LFB.............................................36
6.2. Generic Filtering Functions.............................28 7.3. Redirector (de-MUX) LFB.................................36
6.3. Vendor Specific Functions...............................29 7.4. Scheduler LFB...........................................36
6.4. Port Functions..........................................29 7.5. Queue LFB...............................................36
6.5. Forwarding Functions....................................29 7.6. Counter LFB.............................................37
6.6. High-Touch Functions....................................30 7.7. Meter LFB and Policer LFB...............................37
6.7. Security Functions......................................31 7.8. Classifier LFB..........................................37
6.8. Off-loaded Functions....................................31 7.9. Modifier LFB............................................38
7. Cascading Multiple FEs.......................................31 7.10. Packet Header Rewriter LFB.............................38
8. Data Modeling and Representation.............................32 8. Satisfying the Requirements on FE Model......................39
9. Security Considerations......................................33 8.1. Port Functions..........................................39
10. Intellectual Property Right.................................33 8.2. Forwarding Functions....................................40
11. IANA consideration..........................................34 8.3. QoS Functions...........................................41
12. Normative References........................................34 8.4. Generic Filtering Functions.............................41
13. Informative References......................................34 8.5. Vendor Specific Functions...............................42
14. Acknowledgments.............................................35 8.6. High-Touch Functions....................................42
15. Authors' Addresses..........................................35 8.7. Security Functions......................................42
8.8. Off-loaded Functions....................................43
8.9. IPFLOW/PSAMP Functions..................................43
9. Using the FE model in the ForCES Protocol....................43
9.1. FE Topology Query.......................................45
9.2. FE Capability Declarations..............................46
9.3. LFB Topology and Topology Configurability Query.........47
9.4. LFB Capability Declarations.............................47
9.5. State Query of LFB Attributes...........................48
9.6. LFB Attribute Manipulation..............................48
9.7. LFB Topology Re-configuration...........................49
10. Acknowledgments.............................................49
11. Security Considerations.....................................49
12. Normative References........................................49
13. Informative References......................................50
14. Authors' Addresses..........................................50
15. Intellectual Property Right.................................51
16. IANA consideration..........................................51
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC-2119]. this document are to be interpreted as described in [RFC-2119].
1. Definitions 1. Definitions
A set of terminology associated with the ForCES requirements is A set of terminology associated with the ForCES requirements is
defined in [FORCES-REQ] and is not copied here. The following list defined in [1] and is not copied here. The following list of
of terminology is relevant to the FE model defined in this terminology is relevant to the FE model defined in this document.
document.
FE Model -- The FE model is designed to model the logical
processing functions of an FE. The FE model proposed in this
document includes three components: the modeling of individual
logical functional blocks (LFB model), the logical interconnection
between LFBs (LFB topology) and the FE level attributes including
FE capabilities. The FE model provides the basis to define the
information elements exchanged between the CE and the FE in the
ForCES protocol.
Datapath -- A conceptual path taken by packets within the Datapath -- A conceptual path taken by packets within the
forwarding plane, inside an FE. There might exist more than one forwarding plane, inside an FE. There might exist more than one
datapath within an FE. datapath within an FE.
Forwarding Element (FE) Block -- An abstraction of the basic packet LFB (Logical Function Block) class (or type) -- A template
processing logical functions in the datapath. It is the building representing a fine-grained, logically separable and well-defined
block of FE functionality. This concept abstracts away packet processing operation in the datapath. LFB classes are the
implementation details from the parameters of interest for basic building blocks of the FE model.
configuration, control and management by CE.
Forwarding Element (FE) Stage -- Representation of an FE block LFB (Logical Function Block) Instance -- As a packet flows through
instance in a FE's datapath. As a packet flows through an FE along an FE along a datapath, it flows through one or multiple LFB
a datapath, it flows through one or multiple distinct stages, with instances, with each implementing an instance of a certain LFB
each stage implementing an instance of a certain logical function class. There may be multiple instances of the same LFB in an FE's
block. There may be multiple instances of the same functional datapath. Note that we often refer to LFBs without distinguishing
block in a FE's datapath. between LFB class and LFB instance when we believe the implied
reference is obvious for the given context.
LFB Model -- The LFB model describes the content and structures in
LFB and associated data definition. There are four types of
information defined in the LFB model. The core part of the LFB
model is LFB class definitions while the other three are to define
the associated data including common data types, supported frame
formats and metadata.
LFB Metadata -- Metadata is used to communicate per-packet state
from one LFB to another, but is not sent across the network. The
FE model defines how such metadata is identified, produced and
consumed by the LFBs, but not how metadata is encoded within an
implementation.
LFB Attribute -- Operational parameters of the LFBs that must be
visible to the CEs are conceptualized in the FE model as the LFB
attributes. The LFB attributes include, for example, flags, single
parameter arguments, complex arguments, and tables that the CE can
read or/and write via the ForCES protocol.
LFB Topology -- Representation of how the LFB instances are
logically interconnected and placed along the datapath within one
FE. Sometimes it is also called intra-FE topology, to be
distinguished from inter-FE topology. LFB topology is outside of
the LFB model, but part of the FE model.
FE Topology -- Representation of how the multiple FEs in a single FE Topology -- Representation of how the multiple FEs in a single
NE are interconnected. Sometimes it is called inter-FE topology, NE are interconnected. Sometimes it is called inter-FE topology,
to be distinguished from intra-FE (block) topology. to be distinguished from intra-FE topology (i.e., LFB topology).
Individual FE may not have the global knowledge of full FE
topology, but the local view of its connectivity with other FEs are
considered part of the FE model. FE topology is discovered by the
ForCES base protocol or some other means.
FE Block Topology -- Representation of how the FE stages are Inter-FE Topology -- See FE Topology.
interconnected and placed along the datapath within one FE.
Sometimes it is also called intra-FE topology, to be distinguished
from inter-FE topology.
Inter-FE Topology ű See FE Topology. Intra-FE Topology -- See LFB Topology.
Intra-FE Topology ű See FE Block Topology. LFB class library -- A set of LFB classes that are identified as
the most common functions found in most FEs and hence should be
defined first by the ForCES Working Group.
2. Motivation and Requirements of FE model 2. Introduction
The ForCES architecture allows Forwarding Elements (FEs) of varying [2] specifies a framework by which control elements (CEs) can
functionality to participate in a ForCES network element (NE). The configure and manage one or more separate forwarding elements (FEs)
within a networking element (NE) using the ForCES protocol. The
ForCES architecture allows Forwarding Elements of varying
functionality to participate in a ForCES network element. The
implication of this varying functionality is that CEs can make only implication of this varying functionality is that CEs can make only
minimal assumptions about the functionality provided by its FEs. minimal assumptions about the functionality provided by FEs in a
Before CEs can configure and control the forwarding behavior of NE. Before CEs can configure and control the forwarding behavior
FEs, CEs need to query and discover the capabilities and states of of FEs, CEs need to query and discover the capabilities and states
their FEs. [FORCES-REQ] mandates that this capabilities and states of their FEs. [1] mandates that the capabilities, states and
information be expressed in the form of an FE model, and this model configuration information be expressed in the form of an FE model.
will be used as the basis for CEs to control and manipulate FEs'
behavior via ForCES protocol.
[FORCES-REQ] describes all the requirements placed on the FE model RFC 3444 [11] made the observation that information models (IMs)
in detail. We provide a brief summary here to highlight some of the and data models (DMs) are different because they serve different
design issues we face. purposes. "The main purpose of an IM is to model managed objects
. The FE model MUST express what logical functions can be at a conceptual level, independent of any specific implementations
applied to packets as they pass through an FE. or protocols used". "DMs, conversely, are defined at a lower level
. The FE model MUST be capable of supporting/allowing variations of abstraction and include many details. They are intended for
in the way logical functions are implemented on an FE. implementors and include protocol-specific constructs." Sometimes
. The model MUST be capable of describing the order in which it is difficult to draw a clear line between the two. The FE model
these logical functions are applied in a FE. described in this document is first and foremost an information
. The FE model SHOULD be extendable and should have provision to model, but it also has a flavor of a data model as it contains
express new or vendor specific logical functions. explicit definition of the LFB class schema and other data
. The FE model SHOULD be able to support minimal set of logical structures. It is expected that this FE model will be used as the
functions that are already identified, such as port functions, basis to define the payload for information exchange between the CE
forwarding functions, QoS functions, filtering functions, and FE in the ForCES protocol.
high-touch functions, security functions, vendor-specific
functions and off-loaded functions.
3. State Model versus Capability Model 2.1. Requirements on the FE model
Since the motivation of an FE model is to allow the CEs later to [1] defines requirements which must be satisfied by a ForCES FE
control and configure the FEs' behavior via ForCES protocol, it model. To summarize, an FE model must define:
becomes essential to examine and understand what kind of control . Logically separable and distinct packet forwarding operations
and configuration the CEs might do to the FEs. It is also equally in an FE datapath (logical functional blocks or LFBs);
essential to understand how configurable or programmable FEs are . The possible topological relationships (and hence the sequence
today and will be in the near future. of packet forwarding operations) between the various LFBs;
. The possible operational capabilities (e.g., capacity limits,
constraints, optional features, granularity of configuration)
of each type of LFB;
. The possible configurable parameters (i.e., attributes) of
each type of LFB;
. Metadata that may be exchanged between LFBs.
To understand the issue better, it is helpful to make a distinction 2.2. The FE Model in Relation to FE Implementations
between two different kinds of FE models ű an FE state model and FE
capability model.
An FE state model describes the current state of the FE, that is, The FE model proposed here is based on an abstraction of distinct
the instantaneous values or operational behavior of the FE. The FE logical functional blocks (LFBs), interconnected in a directed
state model presents the snapshot view of the FE to the CE. For graph, and receiving, processing, modifying, and transmitting
example, using an FE state model, an FE may be described to its CE packets along with metadata. Note that a real forwarding datapath
as the following: implementation should not be constrained by the model. On the
- on a given port the packets are classified using a given contrary, the FE model should be designed such that different
classification filter; implementations of the forwarding datapath can all be logically
- the given classifier results in packets being metered in a mapped onto the model with the functionality and sequence of
certain way, and then marked in a certain way; operations correctly captured. However, the model itself does not
- the packets coming from specific markers are delivered into a directly address the issue of how a particular implementation maps
shared queue for handling, while other packets are delivered to a to an LFB topology. This is left to the forwarding plane vendors
different queue; as to how the FE functionality is represented using the FE model.
- a specific scheduler with specific behavior and parameters will Nevertheless, we do strive to design the FE model such that it is
service these collected queues. flexible enough to accommodate most common implementations.
On the other hand, the FE capability model describes the The LFB topology model for a particular datapath implementation
configurable capabilities and capacities of an FE in terms of MUST correctly capture the sequence of operations on the packet.
variations of functions supported or limitations contained. Metadata generation (by certain LFBs) must always precede any use
Conceptually FE capability model presents the many possible states of that metadata (by subsequent LFBs in the topology graph); this
allowed on an FE with capacity information indicating certain is required for logically consistent operation. Further,
quantitative limits or constraints. For example, an FE capability modifications of packet fields that are subsequently used as inputs
model may describe the FE at a coarse level such as: for further processing must occur in the order specified in the
- this FE can handle IPv4 and IPv6 forwarding; model for that particular implementation to ensure correctness.
- this FE can perform classification on the following fields:
2.3. The FE Model in Relation to the ForCES Protocol
The ForCES base protocol is used by the CEs and FEs to maintain the
communication channel between the CEs and FEs. The ForCES protocol
may be used to query and discover the inter-FE topology. The
details of a particular datapath implementation inside an FE
including the LFB topology, along with the operational capabilities
and attributes of each individual LFB, are conveyed to the CE
within information elements in the ForCES protocol. The model of
an LFB class should define all of the information that would need
to be exchanged between an FE and a CE for the proper configuration
and management of that LFB.
Definition of the various payloads of ForCES messages (irrespective
of the transport protocol ultimately selected) cannot proceed in a
systematic fashion until a formal definition of the objects being
configured and managed (the FE and the LFBs within) is undertaken.
The FE Model document defines a set of classes and attributes for
describing and manipulating the state of the LFBs of an FE. These
class definitions themselves will generally not appear in the
Forces protocol. Rather, Forces protocol operations will
references classes defined in this model, including relevant
attributes (and operations if such are defined).
Section 9 provides more detailed discussion on how the FE model
should be used by the ForCES protocol.
2.4. Modeling Language for FE Model
Even though not absolutely required, it is beneficial to use a
formal data modeling language to represent the conceptual FE model
described in this document and a full specification will be written
using such a data modeling language. Using a formal language can
help in enforcing consistency and logical compatibility among LFBs.
In addition, formal definition of the LFB classes has the potential
to facilitate the eventual automation of some part of the code
generation process and the functional validation of arbitrary LFB
topologies.
The modeling language is used for writing the specification but not
necessarily for encoding the data over-the-wire between FEs and
CEs. When selecting the specification language, human readability
is very important, while there are no performance requirements on
the language for encoding, decoding, and transmission on the
language. XML is used as the specification language in this
document, because XML has the advantage of being human and machine
readable with widely available tools support.
The encoding method for over the wire transport is an issue
independent of the specification language chosen here. It is
outside the scope of this document and up to the ForCES protocol to
define.
2.5. Document Structure
Section 3 provides conceptual overview of the FE model, laying the
foundation for the more detailed discussion and specifications in
the sections that follow. Section 4, 5, and 6 together constitute
the core of the FE model, detailing the three major components in
the FE model: LFB model, LFB topology, and FE level attributes
including capability. Section 7 presents a list of LFB classes in
the LFB class library that will be further specified according to
the FE model presented in earlier Sections (4, 5 and 6). Section 8
directly addresses the model requirements imposed by the ForCES
requirement draft [1] while Section 9 explains how the FE model
should be used in the ForCES protocol.
3. FE Model Concepts
Some of the most important concepts used throughout this document
are introduced in this section. Section 3.1 explains the
difference between a state model and a capability model, and how
the two can be combined in the FE model. Section 3.2 introduces
the concept of LFBs (Logical Functional Blocks) as the basic
functional building blocks in the FE model. Section 3.3 discusses
the logical inter-connection and ordering between LFB instances
within an FE, that is, the LFB topology.
The FE model proposed in this document is comprised of these three
components: LFB model, LFB topology and FE attributes including FE
capabilities. The LFB model provides the content and data
structures to define each individual LFB class; LFB topology
provides a mean to express the logical inter-connection between the
LFB instances along the datapath(s) within the FE; and FE
attributes provide information at the FE level and the capabilities
about what the FE can or cannot do at a coarse level. Details on
each of the three components are described in Section 4, 5 and 6,
respectively. The intention of this section is to discuss these
concepts at the high level and lay the foundation for the detailed
description in the following sections.
3.1. State Model and Capability Model
The FE capability model describes the capabilities and capacities
of an FE in terms of variations of functions supported or
limitations contained. Conceptually, the FE capability model
presents the many possible states allowed on an FE with capacity
information indicating certain quantitative limits or constraints.
For example, an FE capability model may describe the FE at a coarse
level such as:
. this FE can handle IPv4 and IPv6 forwarding;
. this FE can perform classification on the following fields:
source IP address, destination IP address, source port number, source IP address, destination IP address, source port number,
destination port number, etc; destination port number, etc;
- this FE can perform metering; . this FE can perform metering;
- this FE can handle up to N queues (capacity); . this FE can handle up to N queues (capacity);
- this FE can add and remove encapsulating headers of types . this FE can add and remove encapsulating headers of types
including IPSec, GRE, L2TP. including IPSec, GRE, L2TP.
On the other hand, an FE state model describes the current state of
the FE, that is, the instantaneous values or operational behavior
of the FE. The FE state model presents the snapshot view of the FE
to the CE. For example, using an FE state model, an FE may be
described to its CE as the following:
. on a given port the packets are classified using a given
classification filter;
. the given classifier results in packets being metered in a
certain way, and then marked in a certain way;
. the packets coming from specific markers are delivered into a
shared queue for handling, while other packets are delivered
to a different queue;
. a specific scheduler with specific behavior and parameters
will service these collected queues.
The information on the capabilities and capacities of the FE helps The information on the capabilities and capacities of the FE helps
the CE understand the flexibility of the FE functions. Where it the CE understand the flexibility and limitations of the FE
gets more complicated is for the capability model to cope with the functions, so that the CE knows at a coarse level what
detailed limits, issues such as how many classifiers the FE can configurations are applicable to the FEs and what are not. Where
it gets more complicated is for the capability model to cope with
the detailed limits, issues such as how many classifiers the FE can
handle, how many queues, and how many buffer pools the FE can handle, how many queues, and how many buffer pools the FE can
support, how many meters the FE can provide. support, how many meters the FE can provide.
While one could try to build an object model for representing While one could try to build an object model for representing
capabilities in full, other efforts have found this to be a capabilities in full, other efforts have found this to be a
significant undertaking. A middle of the road approach is to define significant undertaking. A middle of the road approach is to define
coarse-grained capabilities and simple capacity measures. Then, if coarse-grained capabilities and simple capacity measures. Then, if
the CE attempts to instruct the FE to set up some specific behavior the CE attempts to instruct the FE to set up some specific behavior
it is not capable of, the FE will return an error indicating the it is not capable of, the FE will return an error indicating the
problem. Such an approach is taken by RFC3318 in defining a set of problem. Examples of such approach include Framework Policy
Provisioning Classes (PRCs) for Framework Policy Information Base Information Base (PIB) [RFC3318) and Differentiated Services QoS
(PIB). For example, in Section 4.1 of RFC3318, a ˘Component Policy Information Base [4]. The capability reporting classes in
Limitations Table÷ is described so that ˘the PEP can report some the DiffServ and Framework PIBs are all meant to allow the device
limitations of attribute values and/or classes and possibly to indicate some general guidelines about what it can or cannot do,
guidance values for the attribute÷. Similar approach is also taken but do not necessarily allow it to indicate every possible
in Differentiated Services QoS Policy Information Base [RFC3317]. configuration that it can or cannot support. If a device receives
The DiffServ QoS PIB includes capability reporting classes for a configuration that it cannot implement, it can reject such
individual devices, like classification capabilities, metering configuration by replying with a failure report.
capabilities, etc. Two additional classes are also defined to allow
specification of the element linkage capabilities of the PEP: the
dsIfElmDepthCaps PRC indicates the maximum number of functional
datapath elements that can be linked consecutively in a datapath;
while the dsIfElmLinkCaps PRC indicates what functional datapath
elements may follow a specific type of element in a datapath. Such
capability reporting classes in the DiffServ and Framework PIB are
all meant to allow the PEP to indicate some general guidelines
about what the device can do. They are intended to be an aid to
the PDP when it constructs policy for the PEP. These classes do
not necessarily allow the PEP to indicate every possible
configuration that it can or cannot support. If a PEP receives a
policy that it cannot implement, it must notify the PDP with a
failure report.
Figure 1 shows the concepts of FE state, capabilities, capacities Figure 1 shows the concepts of FE state, capabilities and
and configuration in the context of CE-FE communication via ForCES configuration in the context of CE-FE communication via ForCES
protocol. protocol.
It is clear to us that in the context of ForCES, a state model is
definitely necessary but not sufficient. A simple state model
without any capability flavor will severely limit ForCESĂs ability
to take advantage of the flexibility offered by programmable FEs.
The question is how much of the capability model is needed in
addition to the state model. As we discussed previously, a
detailed capability model is difficult to develop and may impose
unnecessary overhead for those FEs that donĂt have much flexibility
in their capability. We believe that a good balance between
simplicity and flexibility can be achieved for ForCES FE model by
taking the similar approach as demonstrated by DiffServ
PIB[RFC3317] and Framework PIB[RFC3318] ű that is, by combining the
coarse level capability reporting mechanism for both the individual
FE functions and linkage constraints with the error reporting
mechanism.
+-------+ +-------+ +-------+ +-------+
| | FE capabilities/capacity: what it can be.| | | | FE capabilities: what it can/cannot do. | |
| |<-------------------------------------- --| | | |<-----------------------------------------| |
| | | | | | | |
| CE | FE state: what it is now. | FE | | CE | FE state: what it is now. | FE |
| |<-----------------------------------------| | | |<-----------------------------------------| |
| | | | | | | |
| | FE configuration: what it should be. | | | | FE configuration: what it should be. | |
| |----------------------------------------->| | | |----------------------------------------->| |
+-------+ +-------+ +-------+ +-------+
Figure 1. Illustration of FE state, capabilities, capacities and Figure 1. Illustration of FE state, capabilities and configuration
configuration in the context of CE-FE communication via ForCES. exchange in the context of CE-FE communication via ForCES.
4. FE Model Concepts: FE Block and FE Block Topology The ForCES FE model must include both a state model and some flavor
of a capability model. We believe that a good balance between
simplicity and flexibility can be achieved for the FE model by
combining the coarse level capability reporting with the error
reporting mechanism. Examples of similar approach include DiffServ
PIB [4] and Framework PIB [5].
Conceptually, the FE model presents two levels of information about The concepts of LFB and LFB topology will be discussed in the rest
the FE. At the first level are the individual FE functions. We of this section. It will become clear that some flavor of
call these individual FE functions FE blocks. The second level of capability model is needed at both the FE level and LFB level.
information that the FE model should present is about how these
individual function are ordered and placed along the datapath to
deliver a complete forwarding plane service. The interconnection
of the FE functions is called ˘FE block topology÷.
4.1. FE Blocks Capability information at the LFB level is an integral part of the
LFB model, and is modeled the same way as the other operational
parameters inside an LFB. For example, certain features of an LFB
class may be optional, in which case it must be possible for the CE
to determine if an optional feature is supported by a given LFB
instance or not. Such capability information can be modeled as a
read-only attribute in the LFB instance. See Section 4.4.4 for
more details on LFB attributes.
A new terminology ˘FE Functional Block÷ is used to refer to the Capability information at the FE level may describe what LFB
individual FE functions that constitute the very basic units for FE classes the FE can instantiate; how many instances of each can be
models. Each FE functional block performs a well-defined action or created; the topological (i.e., linkage) limitations between these
computation on the packets passing through it. Upon completion of LFB instances, etc. Section 6 defines the FE level attributes
such function, either the packets are modified in certain ways including capability information.
Once the FE capability is described to the CE, the FE state
information can be represented by two levels. The first level is
the logically separable and distinctive packet processing
functions, and we call these individual functions Logical
Functional Blocks (LFBs). The second level of information is about
how these individual LFBs are ordered and placed along the datapath
to deliver a complete forwarding plane service. The
interconnection and ordering of the LFBs is called LFB Topology.
Section 3.2 discuss high level concepts around LFBs while Section
3.3 discuss issues around LFB topology.
3.2. LFB Modeling
Each LFB (Logical Functional Block) performs a well-defined action
or computation on the packets passing through it. Upon completion
of such function, either the packets are modified in certain ways
(like decapsulator, marker), or some results are generated and (like decapsulator, marker), or some results are generated and
stored, probably in the form of meta-data (like classifier). Each stored, probably in the form of metadata (like classifier). Each
FE Block typically does one thing and one thing only. Classifiers, LFB typically does one thing and one thing only. Classifiers,
shapers, meters are all examples of FE blocks. Modeling FE blocks shapers, meters are all examples of LFB. Modeling LFB at such fine
at such fine granularity allows us to use a small number of FE granularity allows us to use a small number of LFBs to create the
blocks to create the higher-order FE functions (like Ipv4 higher-order FE functions (like IPv4 forwarder) precisely, which in
forwarder) precisely, which in turn can describe more complex turn can describe more complex networking functions and vendor
networking functions and vendor implementations of software and implementations of software and hardware.
hardware.
+----------+ (Editor's note: We need to revisit the granularity issue around LFB
later and provide a practical design guideline as how to partition
the FE functions into LFB classes. We will gain more insight on
the subject once we debate and settle on the LFB list in the LFB
class library, described in Section 7. So the text around
granularity here might be revised to reflect the lessons we learn.)
An LFB has one or more inputs, each of which takes a packet P, and
optionally metadata M; and produces one or more outputs, each of
which carries a packet P', and optionally metadata M'. Metadata is
data associated with the packet in the network processing device
(router, switch, etc.) and passed between one LFB to the next, but
not sent across the network. It is most likely that there are
multiple LFBs within one FE, as shown in Figure 2, and all the LFBs
share the same ForCES protocol termination point that implements
the ForCES protocol logic and maintains the communication channel
to and from the CE.
An LFB, as shown in Figure 2, has inputs, outputs and attributes
that can be queried and manipulated by the CE indirectly via Fp
reference point (defined in [2]) and the ForCES protocol
termination point. The horizontal axis is in the forwarding plane
for connecting the inputs and outputs of LFBs within the same FE.
The vertical axis between the CE and the FE denotes the Fp
reference point where bidirectional communication between the CE
and FE happens: the CE to FE communication is for configuration,
control and packet injection while the FE to CE is for packet re-
direction to the control plane, monitoring and accounting
information, errors, etc. Note that the interaction between the CE
and the LFB is only abstract and indirect. The result of such
interaction is for the CE to indirectly manipulate the attributes
of the LFB instances.
+-----------+
| CE | | CE |
+----------+ +-----------+
| ^ ^
| Fp reference point
|
+--------------------------|-----------------------------------+
| FE | |
| v |
| +----------------------------------------------------------+ |
| | ForCES protocol | |
| | termination point | |
| +----------------------------------------------------------+ |
| ^ ^ |
| : : Internal control |
| : : |
| +---:----------+ +---:----------+ |
| | :LFB1 | | : LFB2 | |
| =====>| v |============>| v |======>...|
| Inputs| +----------+ |Outputs | +----------+ | |
| (P,M) | |Attributes| |(P',M') | |Attributes| |(P",M") |
| | +----------+ | | +----------+ | |
| +--------------+ +--------------+ |
| | | |
v | +--------------------------------------------------------------+
+----------+
Inputs ---> | FE Block | ---> Outputs
(P,M) | | (PĂ,MĂ)
| S |
+----------+
Figure 2. Generic FE Block Layout Figure 2. Generic LFB Diagram
An FE Block has inputs, outputs, and a connection to and from the A namespace is used to associate a unique name or ID with each LFB
CE, as shown in Figure 2. The horizontal axis is in the forwarding class. The namespace must be extensible so that new LFB class can
plane, and the vertical axis denotes interaction between the also be added later to accommodate future innovation in the
forwarding and control planes. An FE block contains internal state forwarding plane.
S, composed of one or both CE->FE configuration; and data created
and managed by the FE itself. An FE Block also has one or more
inputs, each of which takes a packet P, and optionally metadata M;
and produces one or more outputs, each of which carries a packet
PĂ, and optionally metadata MĂ.
Meta-data is data which is associated with the packet in the LFB operation must be specified in the model to allow the CE to
network processing device (router, switch, etc), but which is not understand the behavior of the forwarding datapath. For instance,
sent across the network. CE to FE communication is for the CE must understand at what point in the datapath the IPv4
configuration, control and packet injection while FE to CE is for header TTL is decremented (i.e., it needs to know if a control
packet re-direction to the control plane, rmon, accounting packet could be delivered to the CE either before or after this
information, errors, etc. point in the datapath). In addition, the CE must understand where
and what type of header modifications (e.g., tunnel header append
or strip) are performed by the FEs. Further, the CE must verify
that various LFB along a datapath within an FE are compatible to
link together.
The FE model defines a generic FE block akin to an abstract base There is value to vendors if the operation of LFB classes can be
class in object-oriented terminology. The generic FE block contains expressed in sufficient detail so that physical devices
basic information like block type and textual description of the implementing different LFB functions can be integrated easily into
block function. A namespace is used to associate a unique name or a FE design. Therefore, semi-formal specification is needed; that
ID with each type of FE block. The namespace must be extensible so is, a text description of the LFB operation (human readable), but
that new logical functions can also be added later to accommodate sufficiently specific and unambiguous to allow conformance testing
future innovation in the forwarding plane. and efficient design (i.e., eliminate guess-work), so that
interoperability between different CEs and FEs can be achieved.
Based on this generic FE block, each FE logical function is defined The LFB class model specifies information like:
with additional state and capability information pertinent to each . number of inputs and outputs (and whether they are
specific function. Typically it is important to specify configurable)
information such as: . metadata read/consumed from inputs;
- how many inputs it takes and what kinds of packets and meta data . metadata produced at the outputs;
it takes for each input; . packet type(s) accepted at the inputs and emitted at the
- how many outputs it produces and what kind of packets and meta outputs;
data it emits for each output; . packet content modifications (including encapsulation or
- the packet processing (such as modification) behavior; decapsulation);
- what information is programmed into it (e.g., LPM list, next hop . packet routing criteria (when multiple outputs on an LFB are
list, WRED parameters, etc.) and what parameters among them are present);
configurable; . packet timing modifications;
- what statistics it keeps (e.g., drop count, CRC error count, . packet flow ordering modifications;
etc.); . LFB capability information;
- what events it can throw (e.g., table miss, port down, etc.). . LFB operational attributes, etc.
These parameters are further described in Section 5, below.
4.2. FE Block Topology Section 5 of this document provides detailed discussion on the LFB
model with a formal specification of LFB class schema. The rest of
Section 3.2 here only intends to provide conceptual overview of
some important issues in LFB modeling, without covering all the
specific details.
Packets coming into the FE from ingress ports generally flow 3.2.1. LFB Input and Input Group
through multiple functional blocks before leaving out of the egress
ports. Different packets (or packets from different flows) may take
different datapath inside the same FE and hence perform different
sequences of FE blocks. Such interconnection of the FE blocks as
traversed by the packets is referred to as FE block topology.
It is important to point out that the FE block topology here is the An LFB input is a conceptual port of the LFB where the LFB can
logical topology that the packets flow through, not the physical receive information from other LFBs. The information is typically a
topology as determined by how the FE hardware is laid out. Figure packet (or frame in general) and associated metadata, although in
3(a) shows part of the block topology of one simple FE example. some cases it might consist of only metadata, i.e., with a Null-
Three ingress ports are present in the FE and these ports may be of packet.
different type with different characteristics. If we model a
single ingress port function as an FE block, clearly we need a way
to model multiple instances of one FE block with each instance
having separate set of parameters allowed for independent
configuration.
+-------------------------------------------+ It is inevitable that there will be LFB instances that will receive
packets from more than one other LFB instances (fan-in). If these
fan-in links all carry the same type of information (packet type
and set of metadata) and require the same processing within the
LFB, then one input should be sufficient. If, however, the LFB
class can receive two or more very different types of input, and
the processing of these inputs are also very distinct, then that
may justify the definition of multiple inputs. But in these cases
splitting the LFB class into two LFB classes should always be
considered as an alternative. In intermediate cases, e.g., where
the inputs are somewhat different but they require very similar
processing, the shared input solution should be preferred. For
example, if an Ethernet framer LFB is capable of receiving IPv4 and
IPv6 packets, these can be served by the same LFB input.
Note that we assume the model allows for connecting more than one
LFB output to a single LFB input directly. There is no restriction
on the number of up-stream LFBs connecting their outputs to the
same input of a single LFB instance. Note that the behavior of the
system when multiple packets arrive at such an input simultaneously
is not defined by the model. If such behavior needs to be
described, it can be done either by separating the single input to
become multiple inputs (one per output), or by inserting other
appropriate LFBs (such as Queues and possibly Schedulers) between
the multiple outputs and the single input.
If there are multiple inputs with the same input type, we model
them as an input group, that is, multiple instances of the same
input type. In general, an input group is useful to allow an LFB
to differentiate packet treatment based on where the packet came
from.
+----+ +----+
|LFB1+---+ |LFB1+---+
+----+ | +---------+ +----+ | +-----------+
+--->|in LFB3 | input / +--->|in:1 LFB3 |
+----+ | +---------+ group \ +--->|in:2 |
|LFB2+---+ +----+ | +-----------+
+----+ |LFB2+---+
+----+
(a) without input group (b) with input group
Figure 3. An example of using input group.
Consider the following two cases in Figure 3(a) and (b). In Figure
3(a), the output from two LFBs are directly connected into one
input of LFB3, assuming that it can be guaranteed no two packets
arrive at the same time instance. If LFB3 must do something
different based on the source of the packet (LFB1 or LFB2), the
only way to model that is to make LFB1 and LFB2 to pass some
metadata with different values so that LFB3 can make the
differentiation based on the metadata. In Figure 3(b), that
differentiation can be elegantly expressed within LFB3 using the
input group concept where the instance id can server as the
differentiating key. For example, a scheduler LFB can potentially
use an input group consisting of a variable number of inputs to
differentiate the queues from which the packets are coming.
3.2.2. LFB Output and Output Group
An LFB output is a conceptual port of the LFB where it can send
information to some other LFBs. The information is typically a
packet (or frame in general) and associated metadata, although in
some cases it might emit only metadata,, i.e., with a Null-packet.
We assume that a single LFB output can be connected to only one LFB
input (this is required to make the packet flow through the LFB
topology unambiguous). Therefore, to allow any non-trivial
topology, multiple outputs must be allowed for an LFB class. If
there are multiple outputs with the same output type, we model them
as output group, that is, multiple instances of the same output
type. For illustration of output group, consider the hypothetical
LFB in Figure 4. The LFB has two types of outputs, one of which
can be instantiated to form an output group.
+------------------+
| UNPROC +-->
| | | |
+-----------+ | +-----------+ +--------+ | | PKTOUT:1 +--> \
| | v | |if IP-in-IP | | | --> PKTIN PKTOUT:2 +--> |
---->| ingress |--------->|classifier |----------->|Decap. |-->+ | . + . | Output group
| ports | | |----+ | | | . + . |
+-----------+ +-----------+ |others +--------+ | PKTOUT:N +--> /
| +------------------+
V
(a) The FE block topology example with a logical loop
instance tables Figure 4. An example of an LFB with output group.
=================
ingress port classifier Decapsulator
+---+--------+--+ +---+--------+--+ +---+-----------+
|id |IP Addr |Ó | |id |#filters|Ó | |id | Ó |
+---+--------+--+ +---+--------+--+ +---+-----------+
|1 |x.x.x.x |Ó | |1 |10 |Ó | |1 | Ó |
+---+--------+--+ +---+--------+--+ +---+-----------+
|2 |x.x.x.x |Ó | |2 |10 |Ó |
+---+--------+--+ +---+--------+--+
|3 |x.x.x.x |Ó |
+---+--------+--+
(b) The block instance tables used for such an FE block Multiple outputs should mainly be used for functional separation
topology where the outputs are connected to very different types of LFBs.
For example, an IPv4 LPM (Longest-Prefix-Matching) LFB may have one
default output to send those packets for which look-up was
successful (passing a META_ROUTEID as metadata); and have another
output for sending packets for which the look-up failed. The
former output may be connected to a route handler LFB, while the
latter can be connected to an ICMP response generator LFB or to a
packet handler LFB that passes the packet up to the CE.
+-------+ +-----------+ +------+ +-----------+ 3.2.3. Packet Type
| | | |if IP-in-IP | | | |
--->|ingress|-->|classifier1|----------->|Decap.|-->+classifier2|->
| ports | | |----+ | | | |
+-------+ +-----------+ |others +------+ +-----------+
|
V
(c) The FE block topology equivalent of (a) without the loop
Figure 3. An FE block topology example with block instance When LFB classes are defined, the input and output packet formats
tables. (e.g., IPv4, IPv6, Ethernet, etc.) must be specified: these are the
types of packets a given LFB input is capable of receiving and
processing, or a given LFB output is capable of producing. This
requires that distinct frame types be uniquely labeled with a
symbolic name and/or ID.
Figure 3(a) also shows that it is possible for a packet to flow Note that each LFB has a set of packet types that it operates on,
through a certain function more than once and hence create a but it does not care about whether the underlying implementation is
logical loop in the FE block topology. For example, an IP-in-IP passing a greater portion of the packets. For example, an IPv4 LFB
packet from an IPSec application like VPN may go to the classifier might only operate on IPv4 packets, but the underlying
first and have the classification done based on the outer IP implementation may or may not be stripping the L2 header before
header; upon being classified as an IP-in-IP packet, the packet is handing it over -- whether that is happening or not is opaque to
then sent to a decapsulator to strip off the outer IP header, the CE.
followed by the classifier again to perform classification on the
inner IP header. It is clear from Figure 3(a) that such a logical
loop is sometimes necessary and must be properly modeled in the FE
block topology.
To represent the FE block instances, we define an ˘FE block 3.2.4. Metadata
instance table÷ associated with each FE block ű each row of the
table corresponds to one instance of the block. An instance ID is
needed to distinguish different instances of one block. Multiple
instances of the same block can be configured independently with
different parameters. Figure 3(b) shows the FE block instance
tables for the FE block topology in (a). The instance table of the
ingress ports has 3 rows because there are 3 ingress ports. The
classifier block has two rows, one corresponding to the classifier
instance after the ingress port, while the other row corresponding
to the instance after the decapsulator. The decapsulator has only
one row in its instance table since only one instance of
decapsulator is used. Each row in the instance table has its own
parameters and so each instance can be configured independently.
A way to model the logical loop to the classifier in Figure 3(a) is Metadata is used to communicate per-packet state from one LFB to
to treat it as if there are two different instances of classifier, another. To ensure inter-operability among LFBs, the LFB class
as shown in Figure 3(c). specification must define what metadata the LFB class "reads" or
"consumes" on its input(s) and what metadata it "produces" on its
output(s). For that purpose, metadata types must be identified.
For example, an META_IFID, passed from a port LFB to an IPv4
processing LFB (with the IP packet) can be one of the defined
metadata types.
While there is little doubt that the individual FE blocks must be Symbolic names can be assigned for common metadata types. In
configurable, the configurability question becomes complicated and addition, additional information such as numeric data type, maximum
controversial for FE block topology. To discuss the issue further, and minimum accepted values, and special values should be defined
we need to answer the following questions: for each metadata value. Some of these constraints will be defined
1) Is the FE block topology configurable at all? Is that feasible in the LFB class model, and some of them may be specific
with todayĂs forwarding plane technology? Even if the CE can capabilities of a particular LFB instance.
dynamically configure an FE block topology, how can the CE
interpret an arbitrary FE block topology and know what to do
with it?
2) If the FE block topology can be configured by the CE, how do we
model the FE block topology?
LetĂs discuss these questions in the rest of the section.
4.2.1. Configuring FE Block Topology While it is important to define the metadata passing between LFB in
terms of its name, value and interpretation, it is not necessary to
define the exact encoding mechanism used by LFBs for metadata.
Different implementations are allowed to use different encoding
mechanisms for metadata. For example, one implementation may store
metadata in registers or shared memory, while another
implementation may encode metadata in-band as preamble in the
packets.
We believe that the FE block topology should be configurable with A given LFB may require a certain metadata at its inputs for its
ForCES model because even todayĂs forwarding plane technology can internal processing. What should happen with the metadata after it
potentially allow that. As network processors are being used is read by the LFB? In particular, should the metadata be
increasingly in the forwarding plane, much of the packet processing propagated along with the packet when the packet is forwarded from
functions on the FE is implemented in software. As such, the FE the LFB to the next LFB, or should it be removed (consumed) by the
can afford much flexibility and programmability of its LFB?
functionality by configuring the software either at runtime or
compile time. It is conceivably feasible for the FE to change its
FE block topology by recompiling the set of the software components
and their chaining order along the datapath. It might be possible
to achieve some of the reconfiguration at runtime. Therefore, we
argue that it is necessary for ForCES to allow FE block topology
configurable in its FE model since it is technically feasible.
For example, a NAT-enabled router may have several line cards (FEs) In certain cases, passing the metadata along is desirable. For
that are capable of both NAT (Network Address Translator) functions example, a META_CLASSID metadata may denote the result of a
and IPv4 Forwarding. Such an FE contain two FE blocks in it: NAT classification LFB and used in more than one downstream LFBs to
and IPv4 Forwarder. Depends on where on the network this router is trigger the proper operation on the packet. In this case the first
deployed, the network administrator may decide on different LFB that uses the META_CLASSID should also allow the META_CLASSID
configuration for the CE to configure the FEs. If the router sits to be passed with the packet to the next LFB, and so on. On the
on the edge of a private address domain, the CE may want to other hand, it is easy to see that if metadata is never consumed by
configure the FEs to perform NAT first and IPv4 Forwarder later so LFBs, then as the packet trickles through the datapath, a large
that the forwarding is done with the correct address space. On the number of metadata will potentially be accumulated by the packet.
other hand, if the router sits inside the private address domain,
the CE may want to configure the FEs to perform only the IPv4
forwarding function and bypass the NAT because the address space is
already translated by the edge router. Therefore, the FEs might be
asked to configure the NAT block as an optional stage in the FE
topologies to accommodate the two deployment scenarios. This is a
very simple example and the switch between these two topologies
could be easily done with a runtime flag in the FE software.
However simple as it is, it does demonstrate the need to allow for
FE block topology configuration.
+-------------+ +--------------+ We believe that one way to accommodate both scenarios is to specify
| | | | the propagation mode for each element of metadata utilized by an
------->| NAT |-------->|IPv4 Forwarder|------> LFB class. Metadata elements which are not propagated are
| | | | specified with the CONSUME mode, while elements which are
+-------------+ +--------------+ propagated are specified with the PROPAGATE mode.
(a) NAT followed by IPv4 Forwarder However, whether a metadata is useful beyond an LFB may depend on
the actual LFB topology, i.e., what other LFBs are placed
downstream. So the propagation mode of metadata should be
configurable.
+-------------+ +--------------+ A packet may arrive to an LFB with metadata that is not meaningful
| | | | to that LFB, but may be important to some other downstream LFBs.
--->-+ | NAT | +---->|IPv4 Forwarder|------> To cater to such cases it should be the assumed (default) behavior
| | | | | | of all LFB classes that they transparently propagate any metadata
| +-------------+ | +--------------+ elements that they do not utilize internally.
Actual implementations of LFBs in hardware may have limitations on
how much metadata they can pass through. The limitation may be
expressed in terms of total framesize (packet + metadata), metadata
total size, number of metadata elements, or a combination of these.
The limitation may be on the FE level or may be specific to LFBs
within an FE. The pass-through capabilities of LFB instances and
FEs can be queried as part of the capability discovery process.
(Editor's note: The definition of metadata here is only preliminary
and the authors intend to work on the subject in more detail.
Input is most welcome.)
3.2.5. LFB Versioning
LFB class versioning is a method to enable incremental evolution of
LFB classes. Unlike inheritance (discussed next in Section 3.2.6),
where it assumed that an FE datapath model containing an LFB
instance of a particular class C could also simultaneously contain
an LFB instance of a class C' inherited from class C; with
versioning, an FE would not be allowed to contain an LFB instance
for more than one version of a particular class.
LFB class versioning is supported by requiring a version string in
the class definition. CEs may support backwards compatibility
between multiple versions of a particular LFB class, but FEs are
not allowed to support more than one single version of a particular
class.
3.2.6. LFB Inheritance
LFB class inheritance is supported in the FE model as a means of
defining new LFB classes. This also allows FE vendors to add
vendor-specific extensions to standardized LFBs. An LFB class
specification MUST specify the base class (with version number) it
inherits from (with the default being the base LFB class).
Multiple-inheritance is not allowed, though, to avoid the
unnecessary complexity.
Inheritance should be used only when there is significant reuse of
the base LFB class definition. A separate LFB class should be
defined if there is not enough reuse between the derived and the
base LFB class.
An interesting issue related to class inheritance is backward
compatibility (between a descendant and an ancestor class).
Consider the following hypothetical scenario where there exists a
standardized LFB class "L1". Vendor A builds an FE that implements
LFB "L1" and vendors B builds a CE that can recognize and operate
on LFB "L1". Suppose that a new LFB class, "L2", is defined based
on the existing "L1" class (for example, by extending its
capabilities in some incremental way). Lets first examine the FE
backward compatibility issue by considering what would happen if
vendor B upgrades its FE from "L1" to "L2" while vendor C's CE is
not changed. The old L1-based CE can interoperate with the new L2-
based FE if the derived LFB class "L2" is indeed backward
compatible with the base class "L1".
The reverse scenario is a much less problematic case, i.e., when CE
vendor B upgrades to the new LFB class "L2", but the FE is not
upgraded. Note that as long as the CE is capable of working with
older LFB classes, this problem does not affect the model; hence we
will use the term "backward compatibility" to refer to the first
scenario concerning FE backward compatibility.
Inheritance can be designed into the model with backward
compatibility support by constraining the LFB inheritance such that
the derived class is always a functional superset of the base
class, i.e., the derived class can only grow on top of the base
class, but not shrink from it. Additionally, the following
mechanisms are required to support FE backward compatibility:
1) When detecting an LFB instance of an LFB type that is
unknown to the CE, the CE MUST be able to query the base
class of such an LFB from the FE.
2) The LFB instance on the FE SHOULD support a backward
compatibility mode (meaning the LFB instance reverts itself
back to the base class instance), and the CE SHOULD be able
to configure the LFB to run in such mode.
3.3. FE Datapath Modeling
Packets coming into the FE from ingress ports generally flow
through multiple LFBs before leaving out of the egress ports. How
an FE treats a packet depends on many factors, such as type of the
packet (e.g., IPv4, IPv6 or MPLS), actual header values, time of
arrival, etc. The result of the operation of an LFB may have an
impact on how the packet is to be treated in further (downstream)
LFBs and this differentiation of packet treatment downstream can be
conceptualized as having alternative datapaths in the FE. For
example, the result of a 6-tuple classification (performed by a
classifier LFB) controls what rate meter is applied to the packet
(by a rate meter LFB) in a later stage in the datapath.
LFB topology is a directed graph representation of the logical
datapaths within an FE, with the nodes representing the LFB
instances and the directed link the packet flow direction from one
LFB to the next. Section 3.3.1 discusses how the FE datapaths can
be modeled as LFB topology; while Section 3.3.2 focuses on issues
around LFB topology reconfiguration.
3.3.1. Alternative Approaches for Modeling FE Datapaths
There are two basic ways to express the differentiation in packet
treatment within an FE, one representing the datapath directly and
graphically (topological approach) and the other utilizing metadata
(the encoded state approach).
. Topological Approach
Using this approach, differential packet treatment is expressed
via actually splitting the LFB topology into alternative paths.
In other words, if the result of an LFB must control how the
packet is further processed, then such an LFB will have separate
output ports (one for each alternative treatment) connected to
separate sub-graphs (each expressing the respective treatment
downstream).
. Encoded State Approach
An alternative way of expressing differential treatment is using
metadata. The result of the operation of an LFB can be encoded
in a metadata which is passed along with the packet to
downstream LFBs. A downstream LFB, in turn, can use the
metadata (and its value, e.g., as an index into some table) to
decide how to treat the packet.
Theoretically, the two approaches can substitute for each other, so
one may consider using purely one (or the other) approach to
describe all datapaths in an FE. However, neither model by itself
is very useful for practically relevant cases. For a given FE with
certain logical datapaths, applying the two different modeling
approaches would result in very different looking LFB topology
graphs. A model using purely the topological approach may require
a very large graph with many links (i.e., paths) and nodes (i.e.,
LFB instances) to express all alternative datapaths. On the other
hand, a model using purely the encoded state model would be
restricted to a string of LFBs, which would make it very
unintuitive to describe very different datapaths (such as MPLS and
IPv4). Therefore, a mix of these two approaches will likely be
used for a practical model. In fact, as we illustrate it below,
the two approaches can be mixed even within the same LFB.
Using a simple example of a classifier with N classification
outputs followed by some other LFBs, Figure 5(a) shows what the LFB
topology looks like by using the purely topological approach. Each
output from the classifier goes to one of the N LFBs followed and
no metadata is needed here. The topological approach is simple,
straightforward and graphically intuitive. However, if N is large
and the N nodes followed the classifier (LFB#1, LFB#2, ..., LFB#N)
all belong to the same LFB type (for example, meter) but each with
its own independent attributes, the encoded state approach gives a
much simpler topology representation, as shown in Figure 5(b). The
encoded state approach requires that a table of N rows of meter
attributes is provided in the Meter node itself, with each row
representing the attributes for one meter instance. A metadata M
is also needed to pass along with the packet P from the classifier
to the meter, so that the meter can use M as a look-up key (index)
to find the corresponding row of the attributes that should be used
for any particular packet P.
Now what if all the N nodes (LFB#1, LFB#2, ..., LFB#N) are not of
the same type? For example, if LFB#1 is a queue while the rest are
all meters, what is the best way to represent such datapaths?
While it is still possible to use either the pure topological
approach or the pure encoded state approach, the natural
combination of the two seems the best by representing the two
different functional datapaths using topological approach while
leaving the N-1 meter instances distinguished by metadata only, as
shown in Figure 5(c).
+----------+
P | LFB#1 |
+--------->|(Attrib-1)|
+-------------+ | +----------+
| 1|------+ P +----------+
| 2|---------------->| LFB#2 |
| classifier 3| |(Attrib-2)|
| ...|... +----------+
| N|------+ ...
+-------------+ | P +----------+
+--------->| LFB#N |
|(Attrib-N)|
+----------+
5(a) Using pure topological approach
+-------------+ +-------------+
| 1| | Meter |
| 2| (P, M) | (Attrib-1) |
| 3|---------------->| (Attrib-2) |
| ...| | ... |
| N| | (Attrib-N) |
+-------------+ +-------------+
5(b) Using pure encoded state approach to represent the LFB
topology in 5(a), if LFB#1, LFB#2, ..., and LFB#N are of the
same type (e.g., meter).
+-------------+
+-------------+ (P, M) | queue |
| 1|------------->| (Attrib-1) |
| 2| +-------------+
| 3| (P, M) +-------------+
| ...|------------->| Meter |
| N| | (Attrib-2) |
+-------------+ | ... |
| (Attrib-N) |
+-------------+
5(c) Using a combination of the two, if LFB#1, LFB#2, ..., and
LFB#N are of different types (e.g., queue and meter).
Figure 5. An example of how to model FE datapaths
From this example, we demonstrate that each approach has distinct
advantage for different situations. Using the encoded state
approach, fewer connections are typically needed between a fan-out
node and its next LFB instances of the same type, because each
packet carries metadata with it so that the following nodes can
interpret and hence invoke a different packet treatment. For those
cases, a pure topological approach forces one to build elaborate
graphs with a lot more connections and often results in an unwieldy
graph. On the other hand, a topological approach is intuitive and
most useful for representing functionally very different datapaths.
For complex topologies, a combination of the two is the most useful
and flexible. Here we provide a general design guideline as to
what approach is best used for what situation. The topological
approach should primarily be used when the packet datapath forks
into areas with distinct LFB classes (not just distinct
parameterizations of the same LFB classes), and when the fan-outs
do not require changes (adding/removing LFB outputs) at all or
require only very infrequent changes. Configuration information
that needs to change frequently should preferably be expressed by
the internal attributes of one or more LFBs (and hence using the
encoded state approach).
+---------------------------------------------+
| | | |
+----------->--------+ +----------+ V +----------+ +------+ |
| | | | |if IP-in-IP| | |
---->| ingress |->+----->|classifier|---------->|Decap.|---->---+
| ports | | |----+ | |
+----------+ +----------+ |others+------+
|
V
(a) The LFB topology with a logical loop
(b) NAT is skipped and only the forwarder is used +-------+ +-----------+ +------+ +-----------+
| | | |if IP-in-IP | | | |
--->|ingress|-->|classifier1|----------->|Decap.|-->+classifier2|->
| ports | | |----+ | | | |
+-------+ +-----------+ |others +------+ +-----------+
|
V
(b) The LFB topology without the loop utilizing two
independent classifier instances.
Figure 4. A simple example to configure different FE Figure 6. An LFB topology example.
topologies.
We want to point out that allowing configurable FE block topology It is important to point out that the LFB topology here is the
in FE model does not mandate that all FEs must have such logical topology that the packets flow through, not the physical
capability. Even if the FE elects to support block topology topology as determined by how the FE hardware is laid out.
reconfiguration, it is entirely up to the FE designers to decide Nevertheless, the actual implementation may still influence how the
how the FE actually implements such reconfiguration. Whether it is functionality should be mapped into the LFB topology. Figure 6
only a simple runtime switch to allow a few choices like in Figure shows one simple FE example. In this example, an IP-in-IP packet
4, or a much more elaborate reconfiguration as shown later in from an IPSec application like VPN may go to the classifier first
Figure 5 possibly supported by recompilation is all implementation and have the classification done based on the outer IP header; upon
details internal to the FE but outside the scope of FE model. The being classified as an IP-in-IP packet, the packet is then sent to
purpose of this discussion is to justify the motivation and a decapsulator to strip off the outer IP header, followed by a
necessity of supporting FE block topology configuration in the FE classifier again to perform classification on the inner IP header.
model, but not to dictate how this should be done inside the FEs. If the same classifier hardware or software is used for both outer
and inner IP header classification with the same set of filtering
rules, a logical loop is naturally present in the LFB topology, as
shown in Figure 6(a). However, if the classification is
implemented by two different pieces of hardware or software with
different filters (i.e., one set of filters for outer IP header
while another set for inner IP header), then it is more natural to
model them as two different instances of classifier LFB, as shown
in Figure 6(b).
WeĂve just answered the questions of ˘Is it possible to configure To distinguish multiple instances of the same LFB class, each LFB
the FE block topology with todayĂs forwarding plane technology÷. instance has its own LFB instance ID. One way to encode the LFB
Now it is time to look at the other related question: ˘Even if it instance ID is to encode it as x.y where x is the LFB class ID
is feasible to configure an FE block topology, how can the CE while y is the instance ID within each LFB class.
interpret an arbitrary FE block topology (presented to it by the
FE) and know what to do with it? Alternatively, how does the CE
know what kind of FE block topology it should use to implement a
particular NE service or application?÷
The example in Figure 4 is too trivial to require much intelligence 3.3.2. Configuring the LFB Topology
at the CE. Figure 5 shows a more comlex example where a QoS- While there is little doubt that the individual LFB must be
enabled router has several line cards that have a few ingress ports configurable, the configurability question is more complicated for
and egress ports, a specialized classification chip, a network LFB topology. Since LFB topology is really the graphic
processor containing codes for FE blocks like meter, marker, representation of the datapaths within FE, configuring the LFB
dropper, counter, mux, queue, scheduler and Ipv4 forwarder. Some of topology means dynamically changing the datapaths including changes
the FE block topology is already fixed and has to remain static due to the LFBs along the datapaths on an FE, e.g., creating (i.e.,
to the physical layout of the line cards. For example, all the instantiating) or deleting LFBs, setting up or deleting
ingress ports might be already hard wired into the classification interconnections between outputs of upstream LFBs to inputs of
chip and so all packets must follow from the ingress port into the downstream LFBs.
classification engine. On the other hand, the blocks on the network
processor are programmable and the order of these blocks can be
changed by recompilation of the codes. There might exist certain
capacity limits and linkage constraints between these blocks.
Examples of the capacity limits might be: there can be no more than
8 meters; there can be no more than 16 queues in one FE; the
scheduler can handle at most up to 16 queues; etc. The linkage
constraints might dictate that classification engine may be
followed by meter, marker, dropper, counter, queue or Ipv4
forwarder, but not scheduler; queues can only be followed by
scheduler; scheduler must be followed by the Ipv4 forwarder; the
last block in the datapath before going into the egress ports must
be the Ipv4 forwarder, etc.
Once the FE reports such capability and capacity to the CE, it is Why would the datapaths on an FE ever change dynamically? The
now up to the CE to translate the QoS policy into the desirable datapaths on an FE is set up by the CE to provide certain data
configuration for the FE. Now the question arises as to whether or plane services (e.g., DiffServ, VPN, etc.) to the NE's customers.
not the CE has the ultimate intelligence to translate high level The purpose of reconfiguring the datapaths is to enable the CE to
QoS policy into the configuration data for the FEs. We argue that customize the services the NE is delivering at run time. The CE
this question is outside of the scope of FE model itself. It is needs to change the datapaths when the service requirements change,
possible that some human intervention is still necessary. For e.g., when adding a new customer, or when an existing customer
example, the network administrator might be called upon to changes their service. However, note that not all datapath changes
translate the high level QoS policy into the configurable FE data result in changes in the LFB topology graph, and that is determined
(including the block topology) that the CE uses to configure the by the approach we use to map the datapaths into LFB topology. As
line cards. It is also conceivable that within a given network discussed in 3.3.1, the topological approach and encoded state
service domain (like DiffServ), certain amount of intelligence can approach can result in very different looking LFB topologies for
be programmed into the CE such that the CE has a general the same datapaths. In general, an LFB topology based on a pure
understanding of the FE blocks involved and so the translation from topological approach is likely to experience more frequent topology
high level QoS policy to the low level FE configuration can be done reconfiguration than one based on an encoded state approach.
automatically. In any event, this is considered implementation However, even an LFB topology based entirely on an encoded state
issue internal to the control plane only and outside the scope of approach may have to change the topology at times, for example, to
the FE model. Therefore, it is not discussed any further in this totally bypass some LFBs or insert new LFBs. Since a mix of these
draft. two approaches is used to model the datapaths, LFB topology
reconfiguration is considered an important aspect of the FE model.
Figure 5(a) depicts the FE capability while 4(b) and 4(c) depict We want to point out that allowing a configurable LFB topology in
two different topologies that the FE might be asked to configure the FE model does not mandate that all FEs must have such
into. Note that both ingress and egress are omitted in (b) and (c) capability. Even if an FE supports configurable LFB topology, it
for simplicity in the figures. The topology in (b) is considerably is expected that there will be FE-specific limitations on what can
more complex than (c) but both are feasible with the FE actually be configured. Performance-optimized hardware
capabilities, and so the FE should accept either configuration implementation may have zero or very limited configurability, while
request from the CE. FE implementations running on network processors may provide more
flexibility and configurability. It is entirely up to the FE
designers to decide whether or not the FE actually implements such
reconfiguration and how much. Whether it is a simple runtime
switch to enable or disable (i.e., bypass) certain LFBs, or more
flexible software reconfiguration is all implementation detail
internal to the FE but outside of the scope of FE model. In either
case, the CE(s) must be able to learn the FE's configuration
capabilities. Therefore, the FE model must provide a mechanism for
describing the LFB topology configuration capabilities of an FE.
These capabilities may include (see Section 6 for details):
. What LFB classes can the FE instantiate?
. How many instances of the same LFB class can be created?
. What are the topological limitations? For example:
o How many instances of the same class or any class can be
created on any given branch of the graph?
o Ordering restrictions on LFBs (e.g., any instance of LFB
class A must be always downstream of any instance of LFB
class B).
As demonstrated in the example shown in Figure 5, many variants of Even if the CE is allowed to configure LFB topology for an FE, how
the FE block topology come directly from the configuration of the can the CE interpret an arbitrary LFB topology (presented to the CE
individual FE blocks. For example, the number of datapath branches by the FE) and know what to do with it? In another word, how does
from the classifier is determined by the number of filters used by the CE know the mapping between an LFB topology and a particular NE
the classifier. Figure 5(b) uses four filters so there are four service or application (e.g., VPN, DiffServ, etc.)? We argue that
main datapath branches fan out from the classifier while 4(c) uses first of all, it is unlikely that an FE can support any arbitrary
only two filters resulting two datapath fan-out. Each datapath is LFB topology; secondly, once the CE understands the coarse
further configured by configuring the FE blocks along the path. capability of an FE, it is up to the CE to configure the LFB
topology according to the network service the NE is supposed to
provide. So the more important mapping that the CE has to
understand is from the high level NE service to a specific LFB
topology, not the other way around. Do we expect the CE has the
ultimate intelligence to translate any high level service policy
into the configuration data for the FEs? No, but it is conceivable
that within a given network service domain (like DiffServ), a
certain amount of intelligence can be programmed into the CE such
that the CE has a general understanding of the LFBs involved and so
the translation from a high level service policy to the low level
FE configuration can be done automatically. In any event, this is
considered an implementation issue internal to the control plane
and outside the scope of the FE model. Therefore, it is not
discussed any further in this draft.
+----------+ +-----------+ +----------+ +-----------+
| | | |
---->| Ingress |---->|classifier |--------------+ ---->| Ingress |---->|classifier |--------------+
| | |chip | | | | |chip | |
+----------+ +-----------+ | +----------+ +-----------+ |
|
v v
+-------------------------------------------+ +-------------------------------------------+
| Network Processor | +--------+ | Network Processor |
+--------+ | | <----| Egress | | +------+ +------+ +-------+ |
<----| Egress | | +------+ +------+ +-------+ +---+ | +--------+ | |Meter | |Marker| |Dropper| |
+--------+ | |Meter | |Marker| |Dropper| |Mux| | ^ | +------+ +------+ +-------+ |
^ | +------+ +------+ +-------+ +---+ |
| | | | | |
+----------+-------+ | +----------+-------+ |
| | | | | |
| +---------+ +---------+ +------+ +---------+ | | +---------+ +---------+ +------+ +---------+ |
| |Forwarder|<------|Scheduler|<--|Queue | |Counter | | | |Forwarder|<------|Scheduler|<--|Queue | |Counter | |
| +---------+ +---------+ +------+ +---------+ | | +---------+ +---------+ +------+ +---------+ |
| |
|--------------------------------------------------------------+ |--------------------------------------------------------------+
(a) The Capability of the FE, reported to the CE (a) The Capability of the FE, reported to the CE
+-----+ +-------+ +---+
| A|--->|Queue1 |--------------------->| |
------>| | +-------+ | | +---+
| | | | | |
| | +-------+ +-------+ | | | |
| B|--->|Meter1 |----->|Queue2 |------>| |->| |
| | | | +-------+ | | | |
| | | |--+ | | | |
+-----+ +-------+ | +-------+ | | +---+
classifier +-->|Dropper| | | IPv4
+-------+ +---+ Fwd.
Scheduler
(b) One LFB topology as configured by the CE and
accepted by the FE
Queue1 Queue1
+---+ +--+ +---+ +--+
| A|------------------->| |--+ | A|------------------->| |--+
+->| | | | | +->| | | | |
| | B|--+ +--+ +--+ +--+ | | | B|--+ +--+ +--+ +--+ |
| +---+ | | | | | | | +---+ | | | | | |
| Meter1 +->| |-->| | | | Meter1 +->| |-->| | |
| | | | | | | | | | | |
| +--+ +--+ | Ipv4 | +--+ +--+ | Ipv4
| Counter1 Dropper1 Queue2| +--+ Fwd. | Counter1 Dropper1 Queue2| +--+ Fwd.
+---+ | +--+ +--->|A | +-+ +---+ | +--+ +--->|A | +-+
| A|---+ | |------>|B | | | | A|---+ | |------>|B | | |
------>| B|------------------------------>| | +--->|C |->| |-> ------>| B|------------------------------>| | +--->|C |->| |->
| C|---+ +--+ | +->|D | | | | C|---+ +--+ | +->|D | | |
| D|-+ | | | +--+ +-+ | D|-+ | | | +--+ +-+
+---+ | | +---+ +---+ Queue3| | Scheduler +---+ | | +---+ Queue3| | Scheduler
Classifier1 | | | A|------------>|A | +--+ | | Classifier1 | | | A|------------> +--+ | |
| +->| | | |->| |--+ | | +->| | | |--+ |
| | B|--+ +--+ +->|B | | | | | | B|--+ +--+ +-------->| | |
| +---+ | | | | +---+ +--+ | | +---+ | | | | +--+ |
| Meter2 +->| |-+ Mux1 | | Meter2 +->| |-+ |
| | | | | | | |
| +--+ Queue4 | | +--+ Queue4 |
| Marker1 +--+ | | Marker1 +--+ |
+---------------------------->| |----+ +---------------------------->| |----+
| | | |
+--+ +--+
(c) Another LFB topology as configured by the CE and
(b) One FE block topology as configured by the CE and
accepted by the FE accepted by the FE
+-----+ +-------+ +---+ Figure 7. An example of configuring LFB topology.
| A|--->|Queue1 |--------------------->| |
------>| | +-------+ | | +---+
| | | | | |
| | +-------+ +-------+ | | | |
| B|--->|Meter1 |----->|Queue2 |------>| |->| |
| | | | +-------+ | | | |
| | | |--+ | | | |
+-----+ +-------+ | +-------+ | | +---+
classifier +-->|Dropper| | | IPv4
+-------+ +---+ Fwd.
scheduler
(c) Another FE block topology as configured by the CE
and accepted by the FE
Figure 5. Another example of configuring FE block topology.
4.2.2. Modeling FE Block Topology
Now that weĂve seen some examples of how FE block topology can be
configured, we need to focus on the question as how to model the FE
block topology traversed by the packets. As discussed below, there
exist two different approaches in modeling the FE block topology.
. Directed Graph Topological Approach
An FE stage is simply an instance of an FE block within an FE's
datapath. As a packet flows through an FE along a datapath, it
flows through one or multiple distinct stages, with each stage
instantiating a certain FE logical function. So an FE stage is
simply a row in the ˘FE block instance tables÷ corresponding to the
block type of the stage. Each FE allocates an FE-unique stage ID
to each of its stages. One way to assign the stage ID is to
combine both the block-type namespace and the instance ID in the
instance table.
The FE block topology can then be modeled by a directed graph
interconnecting all the FE stages present in the FE, with each node
in the graph corresponding to an FE stage, and the direction
between two nodes coinciding with the packet flow direction. In
order to represent the directed interconnection between two
consecutive nodes along a datapath, each stage contains a field
called ˘number of downstream stages÷ and an array of ˘downstream
stage IDs÷ that point to the set of downstream nodes following this
stage. Such a modeling approach directly models the datapath
topological graph of the FE stages and so we refer to it as the
directed graph topological approach.
For such a directed graph topological approach, the following
information needs to be specified for each FE stage in the graph:
- stage identifier which uniquely identifies the node within this
FE graph;
- block type which identifies the block function that this stage is
an instance of;
- number of downstream stages which corresponds to the number of
downstream nodes connected to this stage;
- downstream stage identifiers which corresponds to the set of
downstream nodes connected to this stage.
Such information can be combined into the rows of the ˘FE block
instance table÷ for each FE block type present on the FE. With
such information defined for each row in the instance table, it is
now possible to traverse the whole graph in a node-by-node fashion
following the linked list, as long as the initial stage(s) are
known. For example, the topology model for Figure 5(c) is shown in
Figure 6. It is assumed that the FE has four ingress ports and two
egress ports. The stage id is assigned to have the format of
˘xx.yy÷ where xx being the block type name while yy being the
instance id of that stage in the instance table of type xx. The
following shorthand are used for FE block type namespace:
IG=Ingress-port; CL=classifier; EG=egress-port; QU=queue; MT=meter;
DR=dropper; SC=scheduler; and FW=Forwarder.
In Figure 6, by starting from the initial stages of {IG.1; IG.2;
IG.3; IG.4} and using the instance tables, all the datapath in the
FE block topology can be easily traversed. From this example, it is
clear that directed graph topological approach is straightforward
and graphical, and hence easy to understand and implement. DiffServ
[RFC3317] uses this approach in modeling its QoS functions and
their interconnection. However, such approach has certain
limitations. One of the limitations is that there exists an
implicit assumption within such a model that each node affects the
datapath branching only for the next immediate stage. For example,
in Figure 5(c), the classifier directs packets into either queue1
or meter1, but once the packets enter meter1, the classification
results have no impact on which of the two branches leaving meter1
(i.e., queue2 or dropper) is being taken. While this limitation
might be perfectly reasonable for many FE designs, some find it
insufficient. For example, some of the classification engine uses
the classification results to determine the full datapath, i.e.,
not just the immediate stage following the classifier, but
including all the following FE stages the packets should perform.
It is difficult to represent such FE design using the pure directed
graph topological approach. An alternative approach, encoded state
approach, is more suitable in this case because it carries meta-
data between the stages.
Instance tables:
================
IG CL QU
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|id |#next|next| |id |#next|next | |id |#next|next|
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|1 | 1 |CL.1| |1 |2 |QU.1;MT.1| |1 |1 |SC.1|
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|2 | 1 |CL.1| |2 |1 |SC.1|
+---+-----+----+ +---+-----+----+
|3 | 1 |CL.1|
+---+-----+----+
|4 | 1 |CL.1|
+---+-----+----+
DR MT EG
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|id |#next|next| |id |#next|next | |id |#next|next|
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|1 | 0 | | |1 |2 |QU.2;DR.1| |1 |0 | |
+---+-----+----+ +---+-----+---------+ +---+-----+----+
|2 |0 | |
+---+-----+----+
SC FW
+---+-----+----+ +---+-----+---------+
|id |#next|next| |id |#next|next |
+---+-----+----+ +---+-----+---------+
|1 | 1 |FW.1| |1 |2 |EG.1;EG.2|
+---+-----+----+ +---+-----+---------+
Directed Graph:
===============
Traverse the graph by starting from {IG.1;IG.2;IG.3;IG.4}.
*Notes:
1) The fields shown in the instance tables are only the fields
common to all: id (instance ID); #next (number of immediate next
stages); next (the instance IDs of all the immediate next
stages). The parameters pertinent to each block type are not
shown in the instance tables because they do not affect the
topology modeling.
2) The stage id is assigned to have the format of ˘xx.yy÷ where xx
being the block type name while yy being the instance id of that
stage in the instance table of type xx.
3) The following shorthand are used for FE block type namespace:
IG=Ingress-port; CL=classifier; EG=egress-port; QU=queue;
MT=meter; DR=dropper; SC=scheduler; and FW=Forwarder.
Figure 6. Using the directed graph approach to model the FE
block topology in Figure 5(c).
. Encoded State Approach
In addition to the topological approach, the QDDIM model also
adopts the encoded state approach so that information about the
treatment that a packet received on an ingress interface is allowed
to be communicated along with the packet to the egress interface
(see [QDDIM] Section 3.8.3). QDDIM model represents this
information transfer in terms of a packet preamble.
+----------------+
| Meter-A |
| |
----->| In -|-----PM-1--->
| |
| Out -|-----PM-2--->
+----------------+
Figure 7: Meter Followed by Two Preamble Markers
Figure 7 shows an example used in [QDDIM] (section 3.8.3) in which
meter results are captured in a packet preamble. ˘PreamberMarker
PM-1 adds to the packet preamble an indication that the packet
exited Meter A as conforming traffic. Similarly, PreambleMarker PM-
2 adds to the preambles of packets that come through it indications
that they exited Meter A as nonconforming traffic. A PreambleMarker
appends its information to whatever is already present in a packet
preamble, as opposed to overwriting what is already there.÷ ˘To
foster interoperability, the basic format of the information
captured by a PreambleMarker is specified.÷ ˘Once a meter result
has been stored in a packet preamble, it is available for any
subsequent Classifier to use.÷
In the example of Figure 5(c), if the results from classifier are
to impact all the following stages, even beyond the immediate next
stage, encoded state approach should be used so that meta-data is
inserted representing the results from classifier and is made
available to all following stages.
+------------+ +------------+ +------------+
input | Ethernet | | | | Ethernet |output
------->| Ingress |-->| IPv4 L3 LPM|-->| Egress |---->
| Port Mgr | | Forwarder | | Port Mgr |
+------------+ +------------+ +------------+
(a) using encoded state approach Figure 7 shows an example where a QoS-enabled router has several
line cards that have a few ingress ports and egress ports, a
specialized classification chip, a network processor containing
codes for FE blocks like meter, marker, dropper, counter, queue,
scheduler and Ipv4 forwarder. Some of the LFB topology is already
fixed and has to remain static due to the physical layout of the
line cards. For example, all the ingress ports might be already
hard wired into the classification chip and so all packets must
follow from the ingress port into the classification engine. On
the other hand, the LFBs on the network processor and their
execution order are programmable, even though there might exist
certain capacity limits and linkage constraints between these LFBs.
Examples of the capacity limits might be: there can be no more than
8 meters; there can be no more than 16 queues in one FE; the
scheduler can handle at most up to 16 queues; etc. The linkage
constraints might dictate that classification engine may be
followed by a meter, marker, dropper, counter, queue or IPv4
forwarder, but not scheduler; queues can only be followed by a
scheduler; a scheduler must be followed by the IPv4 forwarder; the
last LFB in the datapath before going into the egress ports must be
the IPv4 forwarder, etc.
Input +------------+ +------------+ output Once the FE reports such capability and capacity to the CE, it is
------->|Ingr-Port #1|-->| | now up to the CE to translate the QoS policy into the desirable
+------------+ | | +------------+ configuration for the FE. Figure 7(a) depicts the FE capability
------->|Ingr-Port #2|-->| |-->|EgressPort#1|-----> while 7(b) and 7(c) depict two different topologies that the FE
+------------+ | | +------------+ might be asked to configure to. Note that both the ingress and
------->|Ingr-Port #3|-->|IPv4 L3 LPM |-->|EgressPort#2|-----> egress are omitted in (b) and (c) for simple representation. The
+------------+ |Forwarder | +------------+ topology in 7(c) is considerably more complex than 7(b) but both
------->|Ingr-Port #4|-->| |-->|EgressPort#3|-----> are feasible within the FE capabilities, and so the FE should
+------------+ | | +------------+ accept either configuration request from the CE.
------->|Ingr-Port #5|-->| |-->|EgressPort#4|----->
+------------+ | | +------------+
------->|Ingr-Port #6|-->| |
+------------+ +------------+
(b) using directed graph topological approach 4. LFB Model -- LFB and Associated Data Definitions
Figure 8. A simple example using two different approaches. The main goal of the FE model is to provide an abstract, generic,
modular, implementation independent representation of the FEs. This
is facilitated using the concept of LFBs which are instantiated
from LFB classes. The LFB model is defined in this section to
describe the content and structures in LFB and associated data type
definition.
Using the topological approach as exemplified by DiffServ model, The core part of the model is the definition of LFB classes.
there are N connections between a fan-out node of 1:N (e.g., a Section 4.4 provides more discussion on what will be part of an LFB
classifier) and its next stages. Using the encoded state approach, class definition.
fewer connections are typically needed between the same fan-out
node and its next stages, because each packet carries some state
information as metadata that the next stage nodes can interpret and
invoke different packet treatment. Pure topological approaches can
be overly complex to represent because they force on to build
elaborate topologies with a lot more connections. An encoded state
approach is nicer in that it allows one to simplify the graph and
represent the functional blocks with more clarity. But it does
require extra metadata to be carried along with the packet, like
the preamble in the QDDIM model.
For example in Figure 8(a), IPv4 L3 LPM forwarder generates some Operational parameters of the LFBs that must be visible to the CEs
metadata at its output to carry information on which port the are conceptualized in the model as the LFB attributes. These
packets should go to, and #3 (Enet-Egress-port-Manager) uses this include, for example, flags, single parameter arguments, complex
meta data to direct the packets to the right egress port. Figure arguments, and tables. The definition of the attributes of an LFB
8(b) shows how the FE graph looks like when using the pure MUST be part of the LFB class definition. To promote consistent and
topological approach instead, assuming six ingress and four egress terse definitions of the attributes of LFB classes, commonly used
ports. It is clear that (b) is unwieldy compared to (a). attribute types SHOULD be defined in the model outside of the LFB
class definitions, so that LFB class definitions can "share" these
type definitions by simply referring to the types. What will
comprise a data type definition is further discussed in Section
4.1.
Note that the FE graph can represent largely arbitrary topologies LFBs form a directed graph with each other by sending and receiving
of the stages, regardless which approach (topological or encoded packets and associated metadata. To provide consistency and logical
state) is taken. Clearly the two approaches are not exclusive. inter-operability among LFB classes, packet types (generic frame
For complex topologies, a combination of the two is most useful and types) and metadata types MUST BE specified outside of the LFB
flexible. Therefore, we recommend that the ForCES FE model adopt class definitions (but part of the LFB model), so that the LFB
both approaches. More specifically, the directed graph topological class definitions can simply refer to these types. These blocks are
approach should be used as the basic model, while the encoded state further discussed in Section 4.3 and Section 4.2, respectively.
approach can be used as optional, when meta-data is needed between In summary, the LFB model will consist of the following four
stages beyond the immediate next neighbors. categories of definitions:
1) Common data type definitions (Section 4.1)
2) Metadata definitions (Section 4.2);
3) Frame format definitions (Section 4.3);
4) LFB class definitions (Section 4.4).
5. Logical FE Block Library It is not expected that the above information is exchanged between
FEs and CEs "over-the-wire". But the model will serve as an
important reference for the design and development of the CEs
(software) and FEs (mostly the software part).
A small set of fine-grained FE blocks can be identified as the very 4.1. General Data Type Definitions
basic units from which all other FE functions can be built upon.
Such a set of FE blocks can be viewed as a FE block library. This
section defines such a library.
Several working groups in the IETF have already done some relevant Data types will be used to describe the LFB attributes (see Section
work in modeling the provisioning policy data for some of the 4.4.4). This is similar to the concept of having a common header
functions we are interested in, for example, DiffServ file for shared data types. Data types will include atomic data
(Differentiated Services) PIB [RFC3317], IPSec PIB [IPSEC-PIB]. types (e.g. integer, ASCII string), as well as compound or derived
Whenever possible, we should try to reuse the work done elsewhere data types (such as arrays and structures). Given that the FORCES
instead of reinventing the wheel. protocol will be getting and setting attribute values, all atomic
data types used here must be able to be conveyed in the FORCES
protocol. Further, the FORCES protocol will need a mechanism to
convey compound data types. Details of such representation are for
the protocol document, not the model documents.
FE blocks may be characterized into two general classes: Compound data types can build on atomic data types and other
input/output oriented blocks, and processing blocks. Each class is compound data types. There are three ways that compound data types
composed of a number of sub-blocks, and the combination of classes can be defined. They may be defined as an array of elements of
and sub-blocks can completely characterize FE functions. some compound or atomic data type. They may be a structure of
named elements of compound or atomic data types (ala C structures).
They may also be defined as augmentations (explained below in
4.1.3) of existing compound data types.
The FE input/output blocks are characterized by their inputs and In addition, any data type may be used to define a new type by
outputs, and they generally do not modify or further process the restricting the range of values that an instance of the data type
data that they handle. The FE processing blocks are characterized can take on, and specifying specific semantics that go with that.
by the manner in which they modify the packet, metadata, or This is similar to the SNMP notion of a textual convention.
internal state, independent of how that information is input into
the block.
5.1. FE Input/Output Block Characterization For each data type the following information MUST be provided:
. Symbolic name of data type. Example: "T_IPV4ADDRESS".
. Actual type declaration.
The FE input/output blocks are characterized by the following In addition, a data type definition MAY include the following:
elements: . Range restrictions.
. A set of symbolic names for special values. Example:
"IPV4ADDR_LOOPBACK".
- number of inputs Note that not all attributes will exist at all times in all
- number of outputs implementations. While the capabilities will frequently indicate
this non-existence, CEs may attempt to reference non-existent or
non-permitted attributes anyway. The FORCES protocol mechanisms
should include appropriate error indicators for this case.
These blocks do not modify or examine the packet in any way. 4.1.1. Arrays
5.1.1. Source Block Compound data types can be defined as arrays of compound or atomic
data types. Arrays can only be subscripted by integers, and will
be presumed to start with subscript 0. The mechanism defined above
for non-supported attributes can also apply to attempts to
reference non-existent array elements or to set non-permitted
elements. The valid range of the subscripts of the array must be
defined either in the definition of the array or in the LFB class
which uses the compound type definition.
A source block has no inputs, and one output. It ˘sources÷ events 4.1.2. Structures
from the external world into the FE model.
The purpose of the source block is to allow the model to explicitly A structure is comprised of a collection of data elements. Each
interact with objects that are outside of the model. That is, an data element has a data type (either an atomic type or an existing
Ethernert port that injects packets into the FE may be modeled as a compound type.) and is assigned a name unique within the scope of
˘source÷ block, as from the point of view of the model, it creates the compound data type being defined. These serve the same
packets out of the ˘ether÷, and outside of the scope of the model. function as "struct" in C, etc.
See also the FE Port block below, in Section 5.1.3.
5.1.2. Sink Block 4.1.3. Augmentations
A sink block has one input, and no outputs. It ˘sinks÷ events from Compound types can also be defined as augmentations of existing
the FE model into the external world. compound types. If the existing compound type is a structure,
augmentation may add new elements to the type. They may replace
the type of an existing element with an augmentation derived from
the current type. They may not delete an existing element, nor may
they replace the type of an existing element with one that is not
an augmentation of the type that the element has in the basis for
the augmentation. If the existing compound type is an array,
augmentation means augmentation of the array element type.
The purpose of the sink block is to allow the model to explicitly One consequence of this is that augmentations are compatible with
interact with objects that are outside of the model. That is, and the compound type from which they are derived. As such,
Ethernet port that sends packets from an FE may be modeled as a augmentations are useful in defining attributes for LFB subclasses
˘sink÷ block, as from the point of view of the model, it sends with backward compatibility. In addition to adding new attributes
packets into the ˘ether÷, and outside of the scope of the model. to a class, the data type of an existing attribute may be replaced
See also the FE Port block below, in Section 5.1.3. by an augmentation of that attribute, and still meet the
compatibility rules for subclasses.
5.1.3. Port Block For example, consider a simple base LFB class A that has only one
attribute (attr1) of type X. One way to derive class A1 from A can
be simply adding a second attribute (of any type). Another way to
derive a class A2 from A can be replacing the original attribute
(attr1) in A of type X with one of type Y, where Y is an
augmentation of X. Both classes A1 and A2 are backward compatible
with class A.
An FE Port Block is used to describe specific sinks or sources. An 4.2. Metadata Definitions
FE Source Block may source events other than packets, such as TCP
timers. An FE Source block may also not require complex
configuration. In addition, the model should be able to map both
sources and sinks onto one logical block which models a port that
implements those functions. For these reasons, it is useful to
define a Port Block separately from the previously defined Source
and Sink blocks, even though there is some overlap between them.
The FE Port Block contains a number of configurable parameters, For each metadata type, the following MUST be specified:
which may include, but are not limited to, the following items: . Metadata symbolic name. Used to refer to the metadata type in
LFB type specifications. Example: META_CLASSID.
. Brief synopsis of the metadata. Example: "Result of
classification (0 means no match)".
. Data type and valid range.
- the number of ports on the FE; In addition, the following information MAY BE part of the metadata
- the sub-interfaces if any; definition:
- the static attributes of each port (e.g., port type, direction, . Symbolic definitions for frequently used or special values of
link speed); the metadata.
- the configurable attributes of each port (e.g., IP address,
administrative status);
- the statistics collected on each port (e.g., number of packets
received);
- the current status (up or down).
5.1.4. Dropper Block 4.3. Frame Format Definitions
This part of the LFB model will list packet types (frame types in
general) that LFB classes can receive at their inputs and/or emit
at their outputs.
A dropper block has one input, and no outputs. It discards all For each distinct frame type, the following MUST be provided:
packets that it receives without any modification or examination of . Symbolic name of frame type. Example: FRAME_IPV4.
those packets. . Brief synopsis of the frame type. Example: "IPv4 packet".
The purpose of a dropper block is to allow the description of 4.4. LFB Class Definitions
˘sinks÷ within the model, where those sinks do not result in the
packet being sent into any object external to the model.
5.1.5. MUX Block Each LFB Class definition must provide the following information:
. Symbolic name of LFB class. Example: "LFB_IPV4_LPM"
. Short synopsis of LFB class. Example: "IPv4 LPM Lookup LFB"
. Version indicator
. Inheritance indicator (see discussion in Section 4.4.1)
. Inputs (see discussion in Section 4.4.2)
. Outputs (see discussion in Section 4.4.3)
. Attributes (see discussion in Section 4.4.4)
. Operational specification (see discussion in Section 4.4.5)
A mux block has N inputs, and one output. It multiplexes packets 4.4.1. LFB Inheritance
from the inputs onto its output.
5.1.6. Redirector (de-MUX) Block To support LFB class inheritance, the LFB specification must have a
place holder for indicating the base class and its version. It is
assumed that the derived class is backward compatible with the base
class.
A redirector block has one input, and N outputs. It is the inverse 4.4.2. LFB Inputs
a MUX block.
The redirector block takes an input packet P, and uses the metadata An LFB class may have zero, one, or more inputs. We assume that
M to redirect that packet to one or more of N outputs, e.g. Most most LFBs will have exactly one input. Multiple inputs with the
commonly unicast forwarding, multicast, or broadcast. same input type are modeled as one input group. The input group
should count as one entry in the input specification. The number
of inputs (including input groups) is fixed.
5.1.7. Shaper Block Multiple inputs with different input type should be avoided if
possible (see discussion in Section 3.2.1). Some special LFBs will
have no inputs at all. For example, a packet generator LFB does
not need an input.
A shaper block has one input, and one output. It takes input The LFB class definition MUST specify whether or not the number of
packets and metadata at some time t, and outputs the packet and inputs of the LFB is fixed, and the exact number if fixed. For each
(possibly updated) metadata at some other time, tĂ. The packet is LFB input (group), the following MUST be specified:
not examined or modified during this process.
The meta-data is used to determine how to shape the outgoing . Symbolic name of input. Example: "PKT_IN". Note that this
traffic. The packet and metadata are conceptually added to the symbolic name must be unique only within the scope of the LFB
internal state S of the block when the packet is received, and are class.
removed from that internal state when the packet is output from the . Brief synopsis of the input. Example: "Normal packet input".
block. . Indication of whether this input is an input group (i.e., if
it is allowed to be instantiated).
. List of allowed frame formats. Example: "{FRAME_IPV4,
FRAME_IPV6}". Note that this list should refer to symbols
specified in the frame definition of the LFB model (see
Section 4.3).
. List of required metadata. Example: {META_CLASSID, META_IFID}.
This list should refer to symbols specified in the metadata
definition of the LFB model (see Section 4.2). For each
metadata it should be specified whether the metadata is
required or optional. For each optional metadata a default
value MAY BE specified, which is used by the LFB if the
metadata is not provided at the input.
5.2. FE Processing Blocks 4.4.3. LFB Outputs
An FE processing block may be characterized by four parameters: An LFB class may have zero, one, or more outputs. If there are
multiple outputs with the same output type, we model them as output
group. Some special LFBs may have no outputs at all (e.g.,
Dropper).
P ű the packet that it is processing The number of outputs may be fixed for some LFB types and may be
t ű the time at which that packet is being processed configurable for others. The LFB Class definition MUST specify the
M ű the metadata that is associated with that packet number of outputs (or output types) of the LFB. The output group
S ű the internal state of the block should count as one entry in the output specification, but the
(including any CE->FE configuration, and any internal FE entry should indicate that instantiation of the output is
data) allowed.
We do not model or describe how any of these parameters arrive at
the block. Instead, we characterize the blocks by how they process
those parameters.
5.2.1. Counter Block For each LFB output (group) the following MUST be specified:
. Symbolic name of the output. Example: "UNPROC". In case of an
output group, the symbolic name is the prefix used to
construct unique symbols for each output instance. Example:
"PKTOUT". Note that the symbolic name must be unique only
within the scope of the LFB class.
. Brief synopsis of the output. Example: "Normal packet output".
. Indication of whether this output is an output group (i.e., if
it is allowed to be instantiated).
. List of allowed frame formats. Example: "{FRAME_IPV4,
FRAME_IPV6}". Note that this list should refer to symbols
specified in the frame definition of the LFB model (see
Section 4.3).
. List of emitted (generated) metadata. Example: {META_CLASSID,
META_IFID}. This list should refer to symbols specified in the
metadata definition of the LFB model (see Section 4.2). For
each generated metadata, it should be specified whether the
metadata is always generated or generated only in certain
conditions. This information is important when assessing
compatibility between LFBs.
A counter block updates its internal state S, by counting packets, 4.4.4. LFB Attributes
or metadata. The packet is not modified, and the metadata may, or
may not, be modified.
A counter block is independent of time ŠtĂ, in that it does not The operational state of the LFB is modeled by the variables of the
perform any time-dependent counting. The time at which a count is LFB, collectively called attributes. Note that the attributes here
made may, however, be associated with that count. refer to the operational parameters of the LFBs that must be
visible to the CEs. The other variables that are internal to LFB
implementation are not included here in the LFB attributes and are
not modeled here.
5.2.2. Meter Block Attribute types will include the following three categories:
. Capability attributes (see Section 9.4 for more on LFB
capabilities). Examples:
* Supported optional features of the LFB class;
* Maximum number of configurable outputs for an output group;
* Metadata pass-through limitations of the LFB;
* Maximum size of configurable attribute tables;
* Supported access modes of certain attributes (see below).
. Operational attributes, some of them are configurable by the
CE, while others might be internally maintained state which
are read-only for the CE and necessary for the CE to operate
properly. Examples:
* Configurable flags and switches selecting between
operational modes of the LFB;
* ARP tables;
* Number of outputs in an output group;
* Metadata CONSUME vs. PROPAGATE mode selector.
. Statistical attributes (collected by the FE and provided for
reading to the CE). Examples:
* Packet and byte counters;
* Other event counters.
A meter block is a counter block that is time dependent. That is, Some of the attributes will be generically available in all LFBs
it meters the rate over time at which packets or metadata flow while others will be specific to the LFB class. Examples of
through the block. generic LFB attributes are:
. LFB class inheritance information (see Section 4.4.1)
. Number and type of inputs (in case the LFB is self-
descriptive)
. Number and type of outputs (in case the LFB is self-
descriptive)
. Number of current outputs for each output group
. Metadata CONSUME/PROPAGATE mode selector
There may be various access permission restrictions on what the CE
can do with an LFB attribute. The following categories may be
supported:
. No-access attributes. This is useful when multiple access
modes maybe defined for a given attribute to allow some
flexibility for different implementations.
. Read-only attributes.
. Read-write attributes.
. Write-only attributes. This could be any configurable data
for which read capability is not provided to the CEs. (??? Do
we have good example???)
. Read-reset attributes. The CE can read and reset this
resource, but cannot set it to an arbitrary value. Example:
Counters.
. Firing-only attributes. A write attempt to this resource will
trigger some specific actions in the LFB, but the actual value
written is ignored. (??? Example???)
5.2.3. Filter Block The LFB class may define more than one possible access mode for a
given attribute (for example, write-only and read-write), in which
case it is left to the actual implementation to pick one of the
modes. In such cases a corresponding capability parameter must
inform the CE of which mode the actual LFB instance supports.
The attributes of the LFB class must be defined as a list. For each
attribute the following information MUST be provided:
. Reference to the data type (e.g., specified in the generic
data type block of the LFB model or in an LFB specific data
type block).
. Access permission(s).
. Additional range restrictions (i.e., beyond what is specified
by the data type definition).
. Default value. Applied when the LFB is initialized or reset.
According to [DiffServ], "a filter consists of a set of conditions The actual structuring of LFB attributes requires further study.
on the component values of a packet's classification key (the
header values, contents, and attributes relevant for
classification)÷.
That is, a filter block examines the packet without modifying it, 4.4.5. LFB Operational Specification
and uses its internal state S to make decisions about the packet.
The result of that examination is that the filter block creates new
metadata ˘match÷, or ˘no match÷ to associate with that packet,
depending on whether the packet matched, or did not match, the
conditions of the filter.
A filter block may be viewed as a special case of a classifier This section of the model should verbally describe what the LFB
block. Alternately, a classifier block may be viewed as consisting does. This will most likely be embedded in an unstructured text
of multiple filter blocks. field in the model.
5.2.4. Classifier Block 5. LFB Topology Model (To be written)
A classifier block uses its internal state S to classify the packet (Editor's note: This is a place holder to describe the details on
into one of N different logical classes. That is, it takes an how to model LFB topology.)
input packet and meta-data, and produces the same packet with new 6. FE Level Attributes (To be written)
or more meta-data. A classifier is parameterized by filters.
Classification is done by matching the contents of the incoming
packets according to the filters, and the result of classification
is produced in the form of metadata. Note that this classifier is
modeled solely based on its internal processing, and not on its
inputs and outputs. It is a single-exit classifier that does NOT
physically redirect the packet. In contrast, a DiffServ-like
classifier is a 1:N (fan-out) device: It takes a single traffic
stream as input and generate N logically separate traffic streams
as output. That kind of multi-exit classifier can be modeled by
combining this classifier with a redirector (see Section 5.1.5).
Note that other FE Blocks MAY perform simple classification on the (Editor's note: This is a place holder to describe the FE level
packet or metadata. The purpose of the FE Classifier Block is to attributes including FE capabilities, for examples:
model a block that ˘digests÷ large amounts of input data (packet, . How this FE is connected with other FEs (if known by the FE)?
metadata), to produce a ˘summary÷ of the classification results, in . What LFB classes can the FE instantiate?
the form of additional metadata. Other FE Blocks can then use this . How many instances of the same LFB class can be created?
summary information to quickly and simply perform trivial . What are the topological limitations? For example:
˘classifications÷. o How many instances of the same class or any class can be
created on any given branch of the graph?
o Ordering restrictions on LFBs (e.g., any instance of LFB
class A must be always downstream of any instance of LFB
class B).
)
The requirement for a unique and separate FE Classifier Block comes 7. LFB Class Library
about because it would not make sense to model a classifier block
inside each of every other block. Such a model would be highly
redundant. We therefore specifically model a complex
classification block, and explicitly state that other blocks may
make decisions based on the parameters S, t, and M, but not on P.
5.2.5. Redirecting Classifier Block A set of LFB classes are identified here in the LFB class library
as necessary to build common FE functions.
This block is logically a combination of the FE Classifier Block in Several working groups in the IETF have already done some relevant
Section 5.2.4, and the FE Redirector Block in Section 5.1.6. It work in modeling the provisioning policy data for some of the
uses its internal classification rules to redirect the input packet functions we are interested in, for example, DiffServ
P to one or more outputs. (Differentiated Services) PIB [4], IPSec PIB [8]. Whenever
possible, we should try to reuse the work done elsewhere instead of
reinventing the wheel.
Its purpose is to allow the ˘atomic÷ modeling of classification 7.1. Port LFB
with redirection. If this block was described as two blocks, then
the model would be required to describe the format and
interpretation of the metadata. As there is not yet consensus on
the format and interpretation of metadata, it is preferable to
define an additional block which allows us to avoid most of that
contention.
It is expected that once there is experience with using the FE A Port LFB is used to map a physical port into the LFB model.
model and blocks defined here, that we may reach consensus on the
format and interpretation of the metadata. At that time, we may
revisit the definition of this block, and may choose to remove it
due to redundancy with previously defined blocks.
5.2.6. Modifier Block The Port LFB maps sources and sinks of packets from outside the LFB
A modifier block modifies incoming packets and sends them out. This model onto one logical block which defines and models a physical
is a generic ˘catch-all÷ block for packet processing which is not port implementing those functions.
modeled in one of the other blocks. Usually the meta-data is used
to determine how to modify the packet.
This block is defined in a generic manner, and we expect that The Port LFB contains a number of configurable parameters, which
specific examples of packet and/or metadata modification will be may include, but are not limited to, the following items:
described as below, with named sub-classes of the modifier block. . the number of ports on this LFB;
. the sub-interfaces if any;
. the static attributes of each port (e.g., port type,
direction, link speed);
. the configurable attributes of each port (e.g., IP address,
administrative status);
. the statistics collected on each port (e.g., number of packets
received);
. the current status (up or down).
5.2.7. Packet Header Rewriter Block The Port LFB can have three modes of operation:
. ingress only
. egress only
. hybrid (contains ingress and egress functions)
This block is a sub-class of the Modifier Block. It is used to re- 7.2. Dropper LFB
write fields on the packet header, such as Ipv4 TTL decrementing,
checksum calculation, or TCP/IP NAT.
5.2.8. Packet Compression/Decompression Block A dropper LFB has one input, and no outputs. It discards all
packets that it receives without any modification or examination of
those packets.
This block is a sub-class of the Modifier Block. It is used to The purpose of a dropper LFB is to allow the description of "sinks"
compress or decompress packet data, such as with Ipv4 Van Jacobson within the model, where those sinks do not result in the packet
header compression. being sent into any object external to the model.
It may be useful to split this block into separate compression and 7.3. Redirector (de-MUX) LFB
decompression blocks. This decision should be made after we have
more experience with the model.
5.2.9. Packet Encryption/Decryption Block A redirector LFB has one input, and N outputs.
This block is a sub-class of the Modifier Block. It is used to The purpose of the redirector LFB is to explicitly represent a
encrypt or decrypt packet data, such as with TLS. place in the LFB Topology where the redirection process occurs, and
where it may be configured.
It may be useful to split this block into separate encryption and The redirector LFB takes an input packet P, and uses the metadata M
decryption blocks. This decision should be made after we have more to redirect that packet to one or more of N outputs, e.g. unicast
experience with the model. forwarding, multicast, or broadcast.
5.2.10. Packet Encapsulation/Decapsulation Block Note that other LFBs may also have redirecting functionality, if
they have multiple outputs.
This block is a sub-class of the Modifier Block. It is used to 7.4. Scheduler LFB
encapsulate or decapsulate packet data, such as with IP in IP.
It may be useful to split this block into separate encapsulation A Scheduler LFB has multiple inputs and one output. The purpose of
and decapsulation blocks. This decision should be made after we the Scheduler LFB is to perform time-dependent packet forwarding.
have more experience with the model. The Scheduler LFB multiplexes from its inputs onto its output(s),
based on internal configuration such as packet priority, etc. The
packet is not modified during this process.
6. Minimal Set of Logical Functions Required for FE Model 7.5. Queue LFB
A minimum set of FE functions is defined in [FORCES-REQ] that must The Queue LFB has one input and one output. It takes input packets
be supported by any proposed FE model. In this section, we and places them onto queues. These packets are later forwarded to
demonstrate how the small FE block library defined in Section 5 can the output(s) of the LFB, based on back-pressure from the next LFB
be used to model all the logical functions required in [FORCES- which typically is a scheduler LFB.
REQ].
6.1. QoS Functions 7.6. Counter LFB
The IETF community has already done some work in modeling the QoS A counter LFB updates its statistical attributes, by counting
functions in the datapath. The IETF DiffServ working group has packets, or metadata. The packet is not modified, and the metadata
defined an informal data model [RFC3290] for QoS-related functions may, or may not, be modified.
like classification, metering, marking, actions of marking,
dropping, counting and multiplexing, queueing, etc. The latest work
on DiffServ PIB (Policy Information Base) [RFC3317] defines a set
of provisioning classes to provide policy control of resources
implementing the Diferentiated Services Architecture. DiffServ PIB
also has an element of capability flavor in it. The IETF Policy
Framework working group is also defining an informational model
[QDDIM] to describe the QoS mechanisms inherent in different
network devices, including hosts. This model is intended to be used
with the QoS Policy Information Model [QPIM] to model how policies
can be defined to manage and configure the QoS mechanisms present
in the datapath of devices.
Here is a list of QoS functional blocks that should be supported The purpose of a Counter LFB is to record simple accounting of
directly in the library or indirectly via combination of the FE events on the FE.
blocks in the library:
. Classifier
. Meter
. Marker
. Dropper
. Counter
. Queue and Scheduler
. Shaper
6.1.1. Classifier A counter LFB is independent of time 't', in that it does not
perform any time-dependent counting. The time at which a count is
made may, however, be associated with that count.
There are two ways to define a classifier block: single-exit 7.7. Meter LFB and Policer LFB
classifier or multi-exit classifier.
A single-exit classifier follows the QDDIM model. It takes an input A Meter LFB is a counter LFB that is time dependent. That is, it
packet and meta-data, and produces the same packet, with new/more meters the rate over time at which packets or metadata flow through
meta-data. Such a single-exit classifier does not physically the LFB. The purpose of the Meter LFB is to record time-dependent
redirect the packets. It only decides which meta-data to associate accounting of events on the FE.
with the packet and such meta-data can be used by later blocks to
physically redirect the packets.
A multi-exit classifier, on the other hand, follows the DiffServ When a Meter LFB has multiple outputs, with one output being a
model. It is equivalent of a single-exit classifier followed by a marker, or dropping the packet, then the Meter LFB becomes a
redirector. Such a classifier directs packets to different output Policer LFB, performing a policing function.
paths.
6.1.2. Meter 7.8. Classifier LFB
Meter is directly defined in the FE Block library. A Classifier LFB uses its attributes to classify the packet into
one of N different logical classes.
6.1.3. Marker The purpose of a Classifier LFB is to logically partition packets
into one or more classes. The result of this partitioning is that
the Classifier LFB produces metadata that describes the classes
into which the packet has been partitioned. The packet is not
modified during this process.
Marker can be modeled as a special kind of FE Modifier Block. A Classifier LFB takes an input packet and metadata, and produces
the same packet with new or more metadata. A classifier is
parameterized by filters. Classification is done by matching the
contents of the incoming packets according to the filters, and the
result of classification is produced in the form of metadata. Note
that this classifier is modeled solely based on its internal
processing, and not on its inputs and outputs. The block is a
single-exit classifier that does NOT physically redirect the
packet. In contrast, a DiffServ-like classifier is a 1:N (fan-out)
device: It takes a single traffic stream as input and generate N
logically separate traffic streams as output. That kind of multi-
exit classifier can be modeled by combining this classifier with a
redirector (see Section 6.1.6).
6.1.4. Dropper A filter decides if input packets match particular criteria. That
is, it "marks" a packet as either matching, or non-matching to the
filter criteria. According to [DiffServ], "a filter consists of a
set of conditions on the component values of a packet's
classification key (the header values, contents, and attributes
relevant for classification)".
Dropper is directly defined in the FE Block library. Note that other FE LFBs MAY perform simple classification on the
packet or metadata. The purpose of the FE Classifier LFB is to
model an LFB that "digests" large amounts of input data (packet,
metadata), to produce a "summary" of the classification results, in
the form of additional metadata. Other FE LFBs can then use this
summary information to quickly and simply perform trivial
"classifications".
6.1.5. Counter The requirement for a unique and separate FE Classifier LFB comes
about because it would not make sense to model a classifier LFB
inside each of every other LFB. Such a model would be highly
redundant. We therefore specifically model a complex
classification LFB, and explicitly state that other blocks may make
decisions based on the parameters S, t, and M, but not on P.
Counter is directly defined in the FE Block library. Note that a classifier LFB may have multiple outputs. In that
case, it may redirect input packets to one (or more) of the
outputs, and may not associate any metadata with those output
packets.
6.1.6. Queue and Scheduler (?) 7.9. Modifier LFB
6.1.7. Shaper A modifier LFB modifies incoming packets and sends them out.
Usually the metadata is used to determine how to modify the packet.
Shaper is directly defined in the FE Block library. This LFB is defined in a generic manner, and we expect that
specific examples of packet and/or metadata modification will be
described as a subclass of the modifier LFB.
6.2. Generic Filtering Functions For example, we may have an explicit LFB for packet compression and
decompression, or for encryption and decryption, or for packet
encapsulation. The decision as to how best to model these
functions will be made based on further investigation of the LFB
model, and with practical experience using it.
A combination of classifier, redirector, modifier etc. can model 7.10. Packet Header Rewriter LFB
complex set of filtering functions. For example, Figure 9 This LFB is used to re-write fields on the packet header, such as
represents a filtering function that classifies packets into one of IPv4 TTL decrementing, checksum calculation, or TCP/IP NAT.
two logical classes: forward, and drop. These logical classes are
represented as meta data M1, and M2. The re-director uses this
meta data to re-direct the packet to one of two outputs. The first
sinks the packet back into the network. The second silently drops
the packets.
classifier -> redirector ---M1--- sink We may want to have multiple LFBs for different kinds of header re-
\ writing.
\-M2--- dropper
Figure 9. A filtering function example. 8. Satisfying the Requirements on FE Model
6.3. Vendor Specific Functions (Editor's Note: The text in this section is very preliminary but
we decide to leave it as is because it is too early to understand
how to model all the functions as dictated in [1] when Section 7
is still very much work in progress. This section should be
revised once Section 7 is more settled.)
New and currently unknown FE functionality can be derived (i.e., A minimum set of FE functions is defined in [1] that must be
extended) based on the generic FE Block. The name space used to supported by any proposed FE model. In this section, we
identify the FE block type must be extensible such that new logical demonstrate how the three components in FE model as described in
functions can be defined and added later to accommodate future Section 4, 5, 6 along with the LFB class library defined in Section
innovation in forwarding plane, as long as the new functions are 7 can be used to express all the logical functions required in [1].
modeled as an FE block.
6.4. Port Functions 8.1. Port Functions
Every FE contains a certain number of interfaces (ports), including Every FE contains a certain number of interfaces (ports), including
both the inter-NE interfaces and intra-NE interfaces. The inter-NE both the inter-NE interfaces and intra-NE interfaces. The inter-NE
interfaces are the external interfaces for the NE to interfaces are the external interfaces for the NE to
receive/forward packets from/to the external world. The intra-NE receive/forward packets from/to the external world. The intra-NE
interfaces are used for FE-FE or FE-CE communications. Same model interfaces are used for FE-FE or FE-CE communications. Same model
should be used for both the inter-FE and intra-FE interfaces, but should be used for both the inter-FE and intra-FE interfaces, but
it is necessary to make the distinction between the two known to it is necessary to make the distinction between the two known to
the CE so that the CE can do different configuration. the CE so that the CE can do different configuration.
Certain types of physical ports have sub-interfaces (frame relay The port LFB class is designed to model the specific physical ports
DLCIs, ATM VCs, Ethernet VLans, etc.) as virtual or logical while the source/sink LFB can be used to model the logical
interfaces. Some implementations treat tunnels (e.g., GRE, L2TP, interface.
IPSec, MPLS, etc.) as interfaces, while others do not. [FORCES-REQ]
treats tunneling as high-touch functions and so FE model does not
model tunneling as part of the port functions. Instead, tunneling
is covered in Section 6.6.
6.5. Forwarding Functions The intra-NE interfaces that are used for FE-FE communications
should be modeled just like the inter-NE interfaces. The ForCES
base protocol will include FE topology query so that the CE can
learn of how the multiple FEs are interconnected via such
interfaces. But the intra-NE interfaces that are used for FE-CE
communications are part of the ForCES protocol entity on the FE and
so it is not necessary to model them explicitly. It is assumed
that every FE will have at least one internal interface to
communicate to the CE and such interface do not have to be visible
in the FE model.
8.2. Forwarding Functions
Support for IPv4 and IPv6 unicast and multicast forwarding Support for IPv4 and IPv6 unicast and multicast forwarding
functions must be provided by the model. functions must be provided by the model.
Typically, the control plane maintains the Routing Information Base Typically, the control plane maintains the Routing Information Base
(RIB), which contains all the routes discovered by all the routing (RIB), which contains all the routes discovered by all the routing
protocols with all kinds of attributes relevant to the routes. The protocols with all kinds of attributes relevant to the routes. The
forwarding plane uses a different database, the Forwarding forwarding plane uses a different database, the Forwarding
Information Base (FIB), which contains only the active subset of Information Base (FIB), which contains only the active subset of
those routes (only the best routes chosen for forwarding) with those routes (only the best routes chosen for forwarding) with
attributes that are only relevant for forwarding. A component in attributes that are only relevant for forwarding. A component in
the control plane, termed Route Table Manager (RTM), is responsible the control plane, termed Route Table Manager (RTM), is responsible
to manage the RIB in the CE and maintain the FIB used by the FEs. to manage the RIB in the CE and maintain the FIB used by the FEs.
Therefore, the most important aspect in modeling the forwarding Therefore, the most important aspect in modeling the forwarding
functions is the data model for the FIB. The model also needs to functions is the data model for the FIB. The model also needs to
support the possibility of multiple paths. support the possibility of multiple paths.
At the very minimum, each route in the FIB needs to contain the At the very minimum, each route in the FIB needs to contain the
following layer-3 information: following layer-3 information:
- the prefix of the destination IP address; . the prefix of the destination IP address;
- the length of the prefix; . the length of the prefix;
- the number of equal-cost multi-path; . the number of equal-cost multi-path;
- the next hop IP address and the egress interface for each path. . the next hop IP address and the egress interface for each
path.
Another aspect of the forwarding functions is the method to resolve Another aspect of the forwarding functions is the method to resolve
a next hop destination IP address into the associated media a next hop destination IP address into the associated media
address. There are many ways to resolve Layer 3 to Layer 2 address address. There are many ways to resolve Layer 3 to Layer 2 address
mapping depending upon link layer. For example, in case of Ethernet mapping depending upon link layer. For example, in case of Ethernet
links, the Address Resolution Protocol (ARP, defined in RFC 826) is links, the Address Resolution Protocol (ARP, defined in RFC 826) is
used for IPv4 address resolution. used for IPv4 address resolution.
Assuming a separate table is maintained in the FEs for address Assuming a separate table is maintained in the FEs for address
resolution, the following information is necessary for each address resolution, the following information is necessary for each address
resolution entry: resolution entry:
- the next hop IP address; . the next hop IP address;
- the media address. . the media address.
Different implementation may have different ways to maintain the Different implementation may have different ways to maintain the
FIB and the resolution table. For example, a FIB may consist of two FIB and the resolution table. For example, a FIB may consist of two
separate tables, one to match the prefix to the next hop and the separate tables, one to match the prefix to the next hop and the
other to match the next hop to the egress interface. Another other to match the next hop to the egress interface. Another
implementation may use one table instead. Our approach of using implementation may use one table instead. Our approach of using
the fine-grained FE blocks to model the forwarding functions allow the fine-grained FE blocks to model the forwarding functions allow
such flexibility. such flexibility.
For example, a combination of a classifier, followed by a modifier For example, a combination of a classifier, followed by a modifier
and a redirector can model the forwarding function. and a redirector can model the forwarding function.
6.6. High-Touch Functions 8.3. QoS Functions
The IETF community has already done lots work in modeling the QoS
functions in the datapath. The IETF DiffServ working group has
defined an informal data model [3]for QoS-related functions like
classification, metering, marking, actions of marking, dropping,
counting and multiplexing, queueing, etc. The latest work on
DiffServ PIB (Policy Information Base) [4] defines a set of
provisioning classes to provide policy control of resources
implementing the Diferentiated Services Architecture. DiffServ PIB
also has an element of capability flavor to it. The IETF Policy
Framework working group is also defining an informational model [6]
to describe the QoS mechanisms inherent in different network
devices, including hosts. This model is intended to be used with
the QoS Policy Information Model [7] to model how policies can be
defined to manage and configure the QoS mechanisms present in the
datapath of devices.
Here is a list of QoS functions that should be supported by the FE
model:
. Classifier
. Meter
. Marker
. Dropper
. Counter
. Queue and Scheduler
. Shaper
LFB class library as described in Section 7 already supports most
of these functions directly.
Note that A shaper should be modeled as a queue feeding a scheduler
input that is serviced using a non-work-conserving policy. The
queue LFB would include multiple FIFO queue resources (selected by
META_QUEUE_ID) and AQManagers assigned to queues. The scheduler
LFB would include multiple input resources with associated service
policies. Queue outputs would be bound to scheduler inputs via
passing META_SCHED_ID with the packet at the output of the queue.
The metadata is only there to allow correlation in configuration
parameters between the queueing LFB and the scheduler LFB (assign
queue X to scheduler input Y by configuring queue X to emit
META_SCHED_ID Y).
8.4. Generic Filtering Functions
A combination of classifier, redirector, modifier etc. can model
complex set of filtering functions. For example, Figure 8
represents a filtering function that classifies packets into one of
two logical classes: forward, and drop. These logical classes are
represented as meta data M1, and M2. The re-director uses this
meta data to re-direct the packet to one of two outputs. The first
sinks the packet back into the network. The second silently drops
the packets.
classifier -> redirector ---M1--- sink
\
\-M2--- dropper
Figure 8. A filtering function example.
8.5. Vendor Specific Functions
New LFB class can always be defined according to the LFB model as
described in Section 7 to support vendor specific functions. New
LFB class can also be derived from an existing LFB class by
inheritance.
8.6.High-Touch Functions
High-touch functions are those that take action on the contents or High-touch functions are those that take action on the contents or
headers of a packet based on content other than what is found in headers of a packet based on content other than what is found in
the IP header. Examples of such functions include NAT, ALG, the IP header. Examples of such functions include NAT, ALG,
firewall, tunneling and L7 content recognition. firewall, tunneling and L7 content recognition.
The ForCES working group first needs to agree upon a small set of The ForCES working group first needs to agree upon a small set of
common high-touch functions with well-defined behavior to be common high-touch functions with well-defined behavior to be
included in the initial FE block library. Here is a list of included in the LFB class library. Here is a list of candidate
candidate blocks: blocks:
. NAT . NAT
. Firewall . Firewall
. Encapsulator . Encapsulator
. Decapsulator . Decapsulator
NAT, Encapsulator, Decapsulator are all different examples of the 8.7. Security Functions
modifier FE block; while firewall can be modeled as a filtering
function (Section 6.2).
6.7. Security Functions
The FE model must be able to describe the types of encryption The FE model must be able to describe the types of encryption
and/or decryption functions that an FE supports and the associated and/or decryption functions that an FE supports and the associated
attributes for such functions. In general, encyption and decryption attributes for such functions.
can be modeled by modifier.
IP Security Policy (IPSP) Working Group in the IETF has started The IP Security Policy (IPSP) Working Group in the IETF has started
work in defining the IPSec Policy Information Base [IPSEC-PIB]. work in defining the IPSec Policy Information Base [8]. Further
Further study on this is needed to determine whether it can be study on this is needed to determine whether it can be reused here
reused here and any other additional work is needed. and any other additional work is needed.
6.8. Off-loaded Functions 8.8. Off-loaded Functions
In addition to the packet processing functions that are typical to In addition to the packet processing functions that are typical to
find on the FEs, some logical functions may also be executed find on the FEs, some logical functions may also be executed
asynchronously by some FEs, according to a certain finite-state asynchronously by some FEs, according to a certain finite-state
machine, triggered not only by packet events, but by timer events machine, triggered not only by packet events, but by timer events
as well. Examples of such functions include finite-state machine as well. Examples of such functions include finite-state machine
execution required by TCP termination or OSPF Hello processing off- execution required by TCP termination or OSPF Hello processing off-
loaded from the CE. The FE model must be capable of expressing loaded from the CE. The FE model must be capable of expressing
these asynchronous functions, so that the CE may take advantage of these asynchronous functions, so that the CE may take advantage of
such off-loaded functions on the FEs. such off-loaded functions on the FEs.
The ForCES working group first needs to agree upon a small set of The ForCES working group first needs to agree upon a small set of
such off-loaded functions with well-understood behavior and such off-loaded functions with well-understood behavior and
interactions with the control plane. interactions with the control plane.
7. Cascading Multiple FEs 8.9. IPFLOW/PSAMP Functions
[9] defines architecture for IP traffic flow monitoring, measuring
and exporting. The LFB model supports statistics collection on the
LFB by including statistical attributes (Section 4.4.4) for all the
LFB class definitions, and meter LFB (Section 7.2.2) and counter
LFB (Section 7.2.1) can also be used to support accounting
functions in the FE.
[10] describes a framework to define a standard set of capabilities
for network elements to sample subsets of packets by statistical
and other methods. Time event generation, filter LFB, and
counter/meter LFB are the elements needed to support packet
filtering and sampling functions -- these elements are all included
in the FE model.
9. Using the FE model in the ForCES Protocol
The actual model of the forwarding plane in a given NE is
something the CE must learn and control via communicating with the
FEs (or by other means). Most of this communication will happen in
the post-association phase using the ForCES protocol. The
following types of information must be exchanged between CEs and
FEs via the ForCES protocol:
1) FE topology query;
2) FE capability declaration;
3) LFB topology (per FE) and configuration capabilities query;
4) LFB capability declaration;
5) State query of LFB attributes;
6) Manipulation of LFB attributes;
7) LFB topology reconfiguration.
Items 1) through 5) are query exchanges, the main flow of
information being from the FEs to the CEs. Items 1) through 4) are
typically queried by the CE(s) in the beginning of the post-
association (PA) phase, though they may be repeatedly queried at
any time in the PA phase. Item 5) (state query) will be used at
the beginning of the PA phase, and often frequently during the PA
phase (especially for the query of statistical counters).
Items 6) and 7) are "command" type of exchanges, the main flow of
information being from the CEs to the FEs. Messages in Item 6)
(the LFB re-configuration commands) are expected to be used
frequently. Item 7) (LFB topology re-configuration) is needed
only if dynamic LFB topologies are supported by the FEs and it is
expected to be used infrequently.
Among the seven types of payload information the ForCES protocol
carries between CEs and FEs, the FE model covers all of them
except item 1), which concerns the inter-FE topology. The FE
model focuses on the LFB and LFB topology within a single FE.
Since the information of item 1) requires global knowledge about
all the FEs and their inter-connection with each other, this
exchange is made part of the ForCES base protocol instead of the
FE model.
The relationship between the FE model and the seven post-
association messages are visualized in Figure 9:
+--------+
..........-->| CE |
/----\ . +--------+
\____/ FE Model . ^ |
| |................ (1),2 | | 6, 7
| | (off-line) . 3, 4, 5 | |
\____/ . | v
. +--------+
e.g. RFCs ..........-->| FE |
+--------+
Figure 9. Relationship between FE model and the ForCES protocol
messages, where (1) is part of the ForCES base protocol, and the
rest are defined by the FE model.
The actual encoding of these messages is defined by the ForCES
protocol and beyond the scope of the FE model. Their discussion is
nevertheless important here for the following reasons:
. These PA model components have considerable impact on the FE
model. For example, some of the above information can be
represented as attributes of the LFBs, in which case such
attributes must be defined in the LFB classes.
. The understanding of the type of information that must be
exchanged between the FEs and CEs can help to select the
appropriate protocol format and the actual encoding method
(such as XML, TLVs).
. Understanding the frequency of these types of messages should
influence the selection of the protocol format (efficiency
considerations).
The remaining sub-sections of this section address each of the
seven message types.
9.1. FE Topology Query
(Editor's Note: It is still an open issue where the FE topology
information query belongs -- it can be either supported as part of
FE attributes in the FE model, or it can be supported by the ForCES
protocol explicitly. Hence the text here is tentative and subject
to change per WG discussion.)
An FE may contain zero, one or more external ingress ports. An FE may contain zero, one or more external ingress ports.
Similarly, an FE may contain zero, one or more external egress Similarly, an FE may contain zero, one or more external egress
ports. In another word, not every FE has to contain any external ports. In another word, not every FE has to contain any external
ingress or egress interfaces. For example, Figure 10 shows two ingress or egress interfaces. For example, Figure 10 shows two
cascading FEs. FE #1 contains one external ingress interface but cascading FEs. FE #1 contains one external ingress interface but
no external egress interface, while FE #2 contains one external no external egress interface, while FE #2 contains one external
egress interface but no ingress interfce. It is possible to egress interface but no ingress interfce. It is possible to
connect these two FEs together via their internal interfaces to connect these two FEs together via their internal interfaces to
achieve the complete ingress-to-egress packet processing function. achieve the complete ingress-to-egress packet processing function.
skipping to change at page 32, line 4 skipping to change at page 45, line 40
An FE may contain zero, one or more external ingress ports. An FE may contain zero, one or more external ingress ports.
Similarly, an FE may contain zero, one or more external egress Similarly, an FE may contain zero, one or more external egress
ports. In another word, not every FE has to contain any external ports. In another word, not every FE has to contain any external
ingress or egress interfaces. For example, Figure 10 shows two ingress or egress interfaces. For example, Figure 10 shows two
cascading FEs. FE #1 contains one external ingress interface but cascading FEs. FE #1 contains one external ingress interface but
no external egress interface, while FE #2 contains one external no external egress interface, while FE #2 contains one external
egress interface but no ingress interfce. It is possible to egress interface but no ingress interfce. It is possible to
connect these two FEs together via their internal interfaces to connect these two FEs together via their internal interfaces to
achieve the complete ingress-to-egress packet processing function. achieve the complete ingress-to-egress packet processing function.
This provides the flexibility to spread the functions across This provides the flexibility to spread the functions across
multiple FEs and interconnect them together later for certain multiple FEs and interconnect them together later for certain
applications. applications.
While the inter-FE communication protocol is out of scope for
ForCES, it is up to the CE to query and understand how multiple FEs
are inter-connected to perform a complete ingress-egress packet
processing function, like that described in Figure 10. The inter-
FE topology information may be provided by FEs, may be hard-coded
into CE, or may be provided by some other entity (e.g., a bus
manager) independent of the FEs. So while the ForCES protocol
supports FE topology query from FEs, it is optional for the CE to
use it, assuming the CE has other means to gather such topology
information.
+-----------------------------------------------------+ +-----------------------------------------------------+
| +---------+ +------------+ +---------+ | | +---------+ +------------+ +---------+ |
input| | | | | | output | input| | | | | | output |
---+->| Ingress |-->|Header |-->|IPv4 |---------+--->+ ---+->| Ingress |-->|Header |-->|IPv4 |---------+--->+
| | port | |Decompressor| |Forwarder| FE | | | | port | |Decompressor| |Forwarder| FE | |
| +---------+ +------------+ +---------+ #1 | | | +---------+ +------------+ +---------+ #1 | |
+-----------------------------------------------------+ V +-----------------------------------------------------+ V
| |
+-----------------------<-----------------------------+ +-----------------------<-----------------------------+
| |
| +----------------------------------------+ | +----------------------------------------+
V | +------------+ +----------+ | V | +------------+ +----------+ |
| input | | | | output | | input | | | | output |
+->--+->|Header |-->| Egress |---------+--> +->--+->|Header |-->| Egress |---------+-->
| |Compressor | | port | FE | | |Compressor | | port | FE |
| +------------+ +----------+ #2 | | +------------+ +----------+ #2 |
+----------------------------------------+ +----------------------------------------+
Figure 10. An example of two different FEs connected together. Figure 10. An example of two FEs connected together.
While inter-FE communication protocol is out of scope for ForCES, Once the inter-FE topology is discovered by the CE after this
it is up to the CE to query and understand the FE function and query, it is assumed that the inter-FE topology remains static.
inter-FE topology for multiple FEs and cascade them together when However, it is possible that an FE may go down during the NE
necessary to perform a complete ingress-egress packet processing operation, or a board may be inserted and a new FE activated, so
function, like described in Figure 10. the inter-FE topology will be affected. It is up to the ForCES
protocol to provide mechanism for the CE to detect such events and
deal with the change in FE topology. FE topology is outside the
scope of the FE model.
8. Data Modeling and Representation 9.2. FE Capability Declarations
A formal data modeling language is needed to represent the FEs will have many types of limitations. Some of the limitations
conceptual FE model described in this document and a full must be expressed to the CEs as part of the capability model. The
specification will be written using such a data modeling language. CEs must be able to query these capabilities on a per-FE basis.
It is also necessary to identify a data representation method for Examples:
over-the-wire transport of the FE model data. . Metadata passing capabilities of the FE. Understanding these
capabilities will help the CE to evaluate the feasibility of
LFB topologies, and hence to determine the availability of
certain services.
. Global resource query limitations (applicable to all LFBs of
the FE).
. LFB supported by the FE.
. LFB class instantiation limit.
The following is a list of some potential candidates for . LFB topological limitations (linkage constraint, ordering
consideration. For the moment, we intend to leave this as an open etc.)
issue and much debate is needed in the ForCES WG before a decision
can be made. Therefore, we only provide the candidate list and some
initial discussion here without drawing a conclusion yet.
- XML (Extensible Markup Language) Schema 9.3. LFB Topology and Topology Configurability Query
- ASN.1 (Abstract Syntax Notation One)
- SMI (Structure of Management Information) [RFC1155]
- SPPI (Structure of Policy Provisioning Information) [RFC3159]
- UML (Universal Modeling Language)
Most of the candidates here, with the notable exception of UML, are The ForCES protocol must provide the means for the CEs to discover
capable of representing the model in the document and over-the- the current set of LFB instances in an FE and the interconnections
wire. Of course, it is also possible to choose one data model between the LFBs within the FE. In addition, there should be
language for specification in the document and later allow several sufficient information provided on whether the FE supports any CE-
over-the-wire representations to map the model into different initiated (dynamic) changes to the LFB topology, and if so, what
implementations. are the allowed topologies. Topology configurability can also be
considered as part of the FE capability query as described in
Section 9.3.
XML has the advantage of being human and machine readable with 9.4. LFB Capability Declarations
widely available tools support. However, it is very verbose and
hence less efficient for over-the-wire transport. It also requires
XML parsing functions in both the CE and FE and hence may impose
large footprint esp. for FEs. Currently XML is not yet widely
deployed and used in network elements. XML for network
configuration in general remains an open area that still requires
substantial investigation and experiment in IETF.
ASN.1 format is human readable and widely used in network LFB class specifications will define a generic set of capabilities.
protocols. SMI is based on a subset of ASN.1 and used to define When an LFB instance is implemented (instantiated) on a vendor's
Management Information Base (MIB) for SNMP. SPPI is the adapted FE, some additional limitations may be introduced. Note that we
subset of SMI used to define Policy Information Base (PIB) for discuss here only limitations that are within the flexibility of
COPS. Substantial investment has been made in SMI/MIBs/SNMP by IETF the LFB class specification, that is, the LFB instance will remain
and the Internet community collectively has had many years of compliant with the LFB class specification despite these
design and operation experience with SMI/MIBs/SNMP. However, it is limitations. For example, certain features of an LFB class may be
also well recognized that SMI/MIBs/SNMP is not well suited for optional, in which case it must be possible for the CE to determine
configuration and so SPPI/PIBs/COPS-PR attempts to optimize for if an optional feature is supported by a given LFB instance or not.
network provisioning and configuration. Also, the LFB class definitions will probably contain very few
quantitative limits (e.g., size of tables), since these limits are
typically imposed by the implementation. Therefore, quantitative
limitations should always be expressed by capability arguments.
UML is the software industryĂs standard language for specifying, LFB instances in the model of a particular FE implementation will
visualizing, constructing and documenting the artifacts of software possess limitations on the capabilities defined in the
systems. It is a powerful tool for data modeling. However, it does corresponding LFB class. The LFB class specifications must define
not provide a data representation format for over-the-wire a set of capability arguments, and the CE must be able to query the
transport. actual capabilities of the LFB instance via querying the value of
such arguments. The capability query will typically happen when
the LFB is first detected by the CE. Capabilities need not be re-
queried in case of static limitations. In some cases, however, some
capabilities may change in time (e.g., as a result of
adding/removing other LFBs, or configuring certain attributes of
some other LFB when the LFBs share physical resources), in which
case additional mechanisms must be implemented to inform the CE
about the changes.
9. Security Considerations The following two broad types of limitations will exist:
. Qualitative restrictions. For example, a standardized multi-
field classifier LFB class may define a large number of
classification fields, but a given FE may support only a
subset of those fields.
. Quantitative restrictions, such as the maximum size of tables,
etc.
The FE model just describes the representation and organization of The capability parameters that can be queried on a given LFB class
data sets and attributes in the forwarding plane. The associated will be part of the LFB class specification. The capability
communication protocol (i.e., ForCES protocol) will be defined in parameters should be regarded as special attributes of the LFB. The
separate documents and so the security issues will be addressed actual values of these arguments may be, therefore, obtained using
there. the same attribute query mechanisms as used for other LFB
attributes.
10. Intellectual Property Right Capability attributes will typically be read-only arguments, but in
The authors are not aware of any intellectual property right issues certain cases they may be configurable. For example, the size of a
pertaining to this document. lookup table may be limited by the hardware (read-only), in other
cases it may be configurable (read-write, within some hard limits).
11. IANA consideration Assuming that capabilities will not change frequently, the
efficiency of the protocol/schema/encoding is of secondary concern.
A namespace is needed to uniquely identify the FE block type for 9.5. State Query of LFB Attributes
each FE logical function.
12. Normative References This feature must be provided by all FEs. The ForCES protocol and
the data schema/encoding conveyed by the protocol must together
satisfy the following requirements to facilitate state query of the
LFB attributes:
. Must permit FE selection. This is primarily to refer to a
single FE, but referring to a group of (or all) FEs may
optional be supported.
. Must permit LFB instance selection. This is primarily to refer
to a single LFB instance of an FE, but optionally addressing
of a group of LFBs (or all) may be supported.
. Must support addressing of individual attribute of an LFB.
. Must provide efficient encoding and decoding of the addressing
info and the configured data.
. Must provide efficient data transmission of the attribute
state over the wire (to minimize communication load on the CE-
FE link).
[RFC1812] F. Baker, ˘Requirements for IP Version 4 Routers", June 9.6. LFB Attribute Manipulation
1995.
[RFC1155] M. Rose, et. al., ˘Structure and Identification of This is a place-holder for all operations that the CE will use to
Management Informationfor TCP/IP-based Internets", May populate, manipulate, and delete attributes of the LFB instances on
1990. the FEs. This is how the CE configures an individual LFB instance.
[RFC3084] K. Chan, et. al., ˘COPS Usage for Policy Provisioning,÷ The same set of requirements as described in Section 9.5 for
March 2001. attribute query applies here for attribute manipulation as well.
[RFC3159] K. McCloghrie, et. al., ˘Structure of Policy Provisioning Support for various levels of feedback from the FE to the CE (e.g.,
Information (SPPI)", August 2001. request received, configuration completed), as well as multi-
attribute configuration transactions with atomic commit and
rollback, may be necessary in some circumstances.
[RFC3290] Y. Bernet, et. al., ˘An Informal Management Model for (Editor's note: It remains an open issue as to whether or not other
Diffserv Routers÷, May 2002. methods are needed in addition to "get attribute" and "set
attribute" (such as multi-attribute transactions). If the answer
to that question is yes, it is not clear whether such methods
should be supported by the FE model itself or the ForCES protocol.)
[FORCES-REQ] H. Khosravi, et. al., ˘Requirements for Separation of IP 9.7. LFB Topology Re-configuration
Control and Forwarding", work in progress, May 2003, <draft-ietf-
forces-requirements-09.txt>. Operations that will be needed to reconfigure LFB topology:
. Create a new instance of a given LFB class on a given FE.
. Connect a given output of LFB x to the given input of LFB y.
. Disconnect: remove a link between a given output of an LFB and
a given input of another LFB.
. Delete a given LFB (automatically removing all interconnects
to/from the LFB).
10. Acknowledgments
The authors would also like to thank the following individuals for
their invaluable technical input: David Putzolu, Hormuzd Khosravi,
Eric Johnson, David Durham, Andrzej Matejko, T. Sridhar, Jamal Hadi
Salim, Alex Audu, Gamil Cain.
11. Security Considerations
The FE model describes the representation and organization of data
sets and attributes in the FEs. ForCES framework document [2]
provides a comprehensive security analysis for the overall ForCES
architecture. For example, the ForCES protocol entities must be
authenticated per the ForCES requirements before they can access
the information elements described in this document via ForCES.
The access to the information contained in the FE model is
accomplished via the ForCES protocol which will be defined in
separate documents and so the security issues will be addressed
there.
12. Normative References
[1] Khosravi, H. et al., "Requirements for Separation of IP Control
and Forwarding", work in progress, July 2003, <draft-ietf-forces-
requirements-10.txt>.
13. Informative References 13. Informative References
[RFC3317] K. Chan, et. al., ˘Differentiated Services Quality of [2] Yang, L. et al., "Forwarding and Control Element Separation
Service Policy Information Base÷, March 2003. (ForCES) Framework", work in progress, July 2003, <draft-ietf-
forces-framework-07.txt>.
[RFC3318] R.Sahita, et. al., ˘Framework Policy Information Base÷, [3] Bernet, Y. et al., "An Informal Management Model for Diffserv
RFC 3318, March 2003. Routers", May 2002.
[QDDIM] B. Moore, et. al., ˘Information Model for Describing [4] Chan, K. et al., "Differentiated Services Quality of Service
Network Device QoS Datapath Mechanisms÷, work in Policy Information Base", March 2003.
progress, May 2002, <draft-ietf-policy-qos-device-info-
model-08.txt>.
[QPIM] Y. Snir, et. al., ˘Policy Framework QoS Information Model÷, [5] Sahita, R. et al., "Framework Policy Information Base", RFC
work in progress, Nov 2001, <draft-ietf-policy-qos- 3318, March 2003.
info-model-04.txt÷.
[IPSEC-PIB] Man. Li, et. al., ÷IPsec Policy Information Base÷, work [6] Moore, B. et al., "Information Model for Describing Network
in progress, January 2003, <draft-ietf-ipsp-ipsecpib- Device QoS Datapath Mechanisms", work in progress, May 2002,
07.txt> <draft-ietf-policy-qos-device-info-model-08.txt>.
[IPSEC-MIB] C. Madson, et. al., ˘IPsec Flow Monitoring MIB÷, work [7] Snir, Y. et al., "Policy Framework QoS Information Model", work
in progress, March 2003, <draft-ietf-ipsec-flow- in progress, Nov 2001, <draft-ietf-policy-qos-info-model-04.txt".
monitoring-mib-02.txt>
14. Acknowledgments [8] Li, M. et al., "IPsec Policy Information Base", work in
progress, January 2003, <draft-ietf-ipsp-ipsecpib-07.txt>.
The authors would also like to thank the following individuals for [9] Quittek, J. et Al., "Requirements for IP Flow Information
their invaluable technical input: David Putzolu, Hormuzd Khosravi, Export", work in progress, June 2003, <draft-ietf-ipfix-reqs-
Eric Johnson, David Durham, Andrzej Matejko, T. Sridhar, Jamal 10.txt>.
Hadi, Alex Audu.
15. Authors' Addresses [10] Duffield, N., "A Framework for Passive Packet Measurement ",
work in progress, June 2003, <draft-ietf-psamp-framework-03.txt>.
Lily L. Yang [11] Pras, A. and Schoenwaelder, J., FRC 3444 "On the Difference
between Information Models and Data Models", January 2003.
14. Authors' Addresses
L. Lily Yang
Intel Labs Intel Labs
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124, USA Hillsboro, OR 97124, USA
Phone: +1 503 264 8813 Phone: +1 503 264 8813
Email: lily.l.yang@intel.com Email: lily.l.yang@intel.com
Joel M. Halpern Joel M. Halpern
Megisto Systems, Inc. Megisto Systems, Inc.
20251 Century Blvd. 20251 Century Blvd.
Germantown, MD 20874-1162, USA Germantown, MD 20874-1162, USA
Phone: +1 301 444-1783 Phone: +1 301 444-1783
Email: jhalpern@megisto.com Email: jhalpern@megisto.com
Ram Gopal Ram Gopal
Nokia Research Center Nokia Research Center
5, Wayside Road, 5, Wayside Road,
skipping to change at page 36, line 4 skipping to change at page 51, line 21
Ram Gopal Ram Gopal
Nokia Research Center Nokia Research Center
5, Wayside Road, 5, Wayside Road,
Burlington, MA 01803, USA Burlington, MA 01803, USA
Phone: +1 781 993 3685 Phone: +1 781 993 3685
Email: ram.gopal@nokia.com Email: ram.gopal@nokia.com
Alan DeKok Alan DeKok
IDT Inc. IDT Inc.
1575 Carling Ave. 1575 Carling Ave.
Ottawa, ON K1G 0T3, Canada Ottawa, ON K1G 0T3, Canada
Phone: +1 613 724 6004 ext. 231 Phone: +1 613 724 6004 ext. 231
Email: alan.dekok@idt.com Email: alan.dekok@idt.com
Zsolt Haraszti
Ericsson
920 Main Campus Dr, St. 500
Raleigh, NC 27606, USA
Phone: +1 919 472 9949
Email: zsolt.haraszti@ericsson.com
Steven Blake
Ericsson
920 Main Campus Dr, St. 500
Raleigh, NC 27606, USA
Phone: +1 919 472 9913
Email: steven.blake@ericsson.com
15. Intellectual Property Right
The authors are not aware of any intellectual property right issues
pertaining to this document.
16. IANA consideration
A namespace is needed to uniquely identify the LFB type in the LFB
class library.
Frame type supported on input and output of LFB must also be
uniquely identified.
A set of metadata supported by the LFB model must also be uniquely
identified with names.
 End of changes. 224 change blocks. 
1156 lines changed or deleted 1893 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/