RserPool Working Group J. Loughney (ed.) INTERNET DRAFT M. Stillman Nokia Q. Xie Motorola R. Stewart Cisco Issued:
June 30,November 4, 2002 Expires: December 30, 2002May 4, 2003 Comparison of Protocols for Reliable Server Pooling <draft-ietf-rserpool-comp-04.txt><draft-ietf-rserpool-comp-05.txt> Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Distribution of this memo is unlimited. Copyright (C) The Internet Society 2002. All Rights Reserved. Abstract This document compares protocols that may be applicable for the Reliable Server Pooling problem space. This document discusses the usage and applicability of these protocols for the Reliable Server Pooling. Abstract..............................................................1Pooling architecture. Abstract.............................................................1 1 Introduction.......................................................3 1.1 Overview........................................................3 1.2 Terminology.....................................................3 2 Relation to Other Solutions........................................4 2.1 CORBA...........................................................4 2.2 DNS.............................................................4 2.2.1 Requirements.................................................5 2.2.2 Technical Issues.............................................5 2.2.3 Name/Address Resolution......................................7 2.3 Service Location Protocol (SLP).................................8 2.3.1 Introduction.................................................8 2.3.2 What to Use..................................................8 2.3.3 Summary......................................................9 3 ASAP and ENRP.....................................................10 3.1 ASAP...........................................................10 3.2 ENRP...........................................................11 4 Comparison Against Requirements...................................11 5 Security Concerns.................................................12 6 Acknowledgements..................................................12 7 References........................................................12 8 Authors' Addresses................................................13 Full Copyright Statement............................................13 1 Introduction 1.1 Overview In creating a solution to provide reliable server pools [RSER-ARCH], there are a number of existing protocols, which appear to have similar properties as to what RSerPool is trying to accomplish. This document discusses the applicability of these protocols in meeting the requirements of Reliable Server Pooling [RFC3237]. This study does not intend to be complete, rather intends to highlight several protocols which working group members have suggested. 1.2 Terminology This document uses the following terms: Operation Scope The part of the network visible to pool users by a specific instance of the reliable server pooling protocols. Pool A collection of servers providing the same application functionality. Also called a Server Pool. Pool Handle A logical pointer to a pool. Each server pool will be identifiable in the operation scope of the system by a unique pool handle or "name". Also called a Pool Name. Pool Element A server entity having registered to a pool. Pool User A server pool user. Pool Element Handle A logical pointer to a particular pool element in a pool, consisting of the name of the pool and a destination transport address of the pool element. Also called an Endpoint Handle. Name Space A cohesive structure of pool names and relations that may be queried by an internal or external agent. Name Server Entity which the responsible for managing and maintaining the name space within the RSerPool operation scope. 1.3 Abbreviations DA: Directory Agent in SLP. DPE: Distributed Processing Environment CORBA: Common Object Request Broker Architecture. OMG: Object Management Group PE: Pool element PU: Pool user SA: Service Agent in SLP. SLP: Service Location Protocol. UA: User Agent in SLP. 2 Relation to Other Solutions This section is intended to discuss the applicability of some existing solutions with regards to Reliable Server Pooling requirements [RFC3237]. The protocols discussed have been suggested as possibly overlapping with the problems space of RSerPool. 2.1 CORBA Often referred to as a Distributed Processing Environment (DPE), CORBA was mainly designed to provide location transparency for distributed applications. CORBA's distribution model encourages an object-based view, i.e., each communication endpoint is normally an object. CORBA has a number of variants, such as fault-tolerant CORBA, Real- time CORBA, etc. CORBA has been used in a number of situations, for example, Real-time CORBA has been used in fighter aircraft and weapon systems. Additionally, CORBA has been implentented in a wide range of devices, from attack submarines to Palm Pilots - the MICO open source ORB has been ported to the Palm Pilot, and the client- only application is 45 KB.KB in size. Currently, the applicability of CORBA for reliable server pooling is unclear, and interaction with other Internet protocols, such as AAA, IPsec and IPv6 may be problematic. 2.2 DNS This section will answer the question why DNS is not appropriate as the sole solution for RSerPool. In addition, it highlights specific technical differences between RSerPool and DNS. During the 49th IETF December 13, 2000 plenary meeting Randy Bush presented a talk entitled "The DNS Today: Are we overloading the Saddlebags on an Old Horse?" This talk underlined the issue that DNS is currently overloaded with extraneous tasks and has the potential to break down entirely due to a growing number of feature enhancements. One requirement to any solution proposed by RSerPool would be to avoid any additional requirements for DNS in order to support Reliable Server Pooling. Interworking between DNS and RSerPool will be considered so that additional burdens to DNS will not be added. 2.2.1 Requirements Any solution for RSerPool should meet certain requirements [RFC3237]. These requirements are related to DNS. Servers"Servers should be able to register to (become PEs) and deregister from a server pool transparently without an interruption in service. The RSerPool mechanisms must be able to support different server selection mechanisms. These are called server pool policies. The RSerPool architecture must be able to detect server failure quickly and be able to perform failover without service interruption. Server pools are identified by pool handles. These pool handles are only valid inside the operation scope. Interoperability between different namespaces has to be provided by other mechanisms.mechanisms." 2.2.2 Technical Issues This section discusses the relationship between DNS and the requirements for RserPool. 22.214.171.124 Host Resolver Problems A major issue that prevents the use of DNS as part of the RSerPool solution the issue is the architecture of host resolvers. These are stub resolvers - which means that they require their local DNS servers to do recursion for them. In turn, this implies that setting TTL low or 0 will dramatically increase the load not only on the authoritative DNS servers - but also on these third party servers. A secondary effect of this is that the authoritative DNS will not know the IP address of the DNS client - only the IP address of the local DNS. This affects the ability to do global load balancing correctly. There is no way to get around these issues unless you require all hosts wouldto be full resolvers. Putting full resolvers on newer hosts isn't sufficient because the issues would still exist for all the legacy systems, which will form the bulk of the host population for years to come. The solution is not to use third party servers. Additionally, if the client can contact the server directly, then the server knows the real IP address of the client. Since there is no third party involved, the caching TTL can be set as low as desired (even to zero). That will increase load on the server, but nowhere else. Finally, DNS is based on a recursion. This recursion presents certain difficulties for RSerPool. Even if a host resolver is not a stub resolver, it has to go to another full resolver where 2 possibilities exists: either the mapping name-IP address is found or it has to do another recursive resolution of the name, staring from that intermediate resolver, until there is a cache hit in one of the intermediate resolvers or it is resolved by its root resolver (or home DNS server). This process of recursion means that there is no end-to-end communication between the host and its server where the name-to-IP mapping resides. That also means that a lot of timers are running in intermediate systems. Any updating of the transient status of the pool element or of the pool may need to be propagated through the DNS. 126.96.36.199 Dynamic Registration Registration / de-registration of servers is needed. It can be done with DNS by NOTIFY/IXFR. However, frequent updates and replication are incompatible. This is not a DNS problem per se, but it has an effect on DNS as it is deployed. RSerPool MUST allow software server entities to register themselves with a name server dynamically. They can also de-register themselves for purposes of preventative maintenance or can be de-registered by a name server that believes the server entity is no longer operational. This is a dynamic approach, which is coordinated through servers in the pool and among RSerPool name servers. 188.8.131.52 Load Balancing RFC 2782 itself points out some of the limitations of using DNS SRV for load balancing between servers. Weight is only intended for static, not dynamic, server selection. Using SRV weight for dynamic server selection would require assigning unreasonably short TTLs to the SRV RRs, which would limit the usefulness of the DNS caching mechanism, thus increasing overall network load and decreasing overall reliability. Based on this, DNS can only really support stochastic load balancing, redirecting clients to servers randomly as various caches in various resolvers expire at random (although small) intervals. DNS offers excellent network scalability but poor control over load balance. As mentioned previously, the issue of doing DNS-based dynamic load balancing on short time scales will have impacts on third parties, due to the presence of stub resolvers. 184.108.40.206 Heartbeating & Status Monitoring DNS does not incorporate an application layer heartbeat. Heartbeating would dramatically boost traffic levels, and given the unavoidable third party dependencies of DNS, the resulting loading would be unacceptable. It is passive in the sense that it does not monitor or store information on the state of the host such as whether the host is up or down or what kind of load it is currently experiencing. RSerPool SHOULD monitor the state of each server entity on various hosts on a continual basis and can collect several state variables including up/down state and current load. If a server is no longer operational, eventually it will be dropped from the list of available servers maintained by the name server, so that subsequent application name queries will not resolve to this server address. 2.2.3 Name/Address Resolution The technical requirement for DNS name/address resolution is that given a name, find a host associated with this name and return its IP address(es). In other words, in DNS we have the following mapping: Name a host machine Address(es) IP address(es) to reach a (hardware) host machine The technical requirement for RSerPool name/address resolution is that given a name (or pool handle), find a server pool associated with this name and return a list of transport addresses (i.e., IP addresses plus port numbers) for reaching a set of currently operational servers inside the pool. In other words, in RSerPool we have the following mapping: Name a handle to a server pool, which is often distributed across multiple host machines Address IP addresses and port numbers to reach a set of functionally identical (software) server entities. 2.3 Service Location Protocol (SLP) 2.3.1 Introduction SLP is comprised of three components: User Agents (UA), Service Agents (SA) and Directory Agents (DA). User agents work on the user's behalf to contact a service. The UA retrieves service information from service agents or directory agents. A service agent works on behalf of one or more services to advertise services. A directory agent collects service advertisements. The directory agent of SLP functionssimply acts as a cache and is passive in this regard. The directory agent is optional and SLP can function without it. It is incumbent upon the servers to update the cache as necessary by reregistering. The directory server is not required in small networks as the user agents can contact service agents directly using multicast. Unicast queries to SAs are possible subsequent to the UA having discovered them. User agents are encouraged to locate a directory at regular intervals if they can't find one initially, otherwise they can detect DAs by listening passively for DA advertisements. 2.3.2 What to Use Figure 1 shows how SLP might be realized to provide ENR services: Pool User (PU) ENR Service Pool Endpoint (PE) +-------------+ +---------+ | APPLICATION | | SERVICE | +-+-------------+-+ +---+---------+---+ |ASAP/RSERPOOL API| <--------------------> |ASAP/RSERPOOL API| +-+----+--------+-+ +----------+ +-+--------+----+-+ | | SLP UA | <----> | SLP DA | <----> | SLP SA | | | +----+---+ +------+---+ +--------+ | |SCTP |UDP| | SCTP |UDP| |UDP| SCTP | +---------+---+ +------+---+ +---+---------+ / \ / mesh \ +----+ +----+ | DA |--------| DA | +----+ +----+ Figure 1: RSERPOOL entities employing SLP for ENR services Notes: * Each box constitutes a host (running a PU, PE or ENR server 'stack'), though one host could support more than one of these functions. * As far as the Application is concerned, it is using a framework for exchanging messages with services reliably. * As far as the Service is concerned, it is making itself available to a reliable server pool by interacting with the framework API. * The ASAP/RSERPOOL API obtains endpoint name resolution data in a timely and robust manner and uses it to determine how to route PU requests to PEs. * The ENR service function is performed using SLP. The PU employs a SLP UA to obtain information from a SLP DA. * The ENR service function is performed using SLP. The PU employs a SLP UA to obtain information from a SLP DA. * The PE employs a SLP SA to register information with a SLP DA. As the SLP SA is 'mesh-enhanced,' it only registers with one DA of this type (as long as it detects that this DA is alive & responsive & returns 'OK' results). * The SLP DA is part of a mesh. It will forward PE state to other DAs in the mesh. For example, it will forward the registrations the SLP SA made on behalf of the PE on right of Figure 1. * SCTP is used for communication between entities. Multicast UDP is used by SLP entities for active and passive discovery. While the RSERPOOL architecture cannot rely upon multicast mechanisms, it can profit from them when these are present in the network SLPv2 will be needed, but SLPv2 alone does not fulfill RSERPOOL update requirements for timeliness. This is achieved through mesh- enhancements to the Service Location Protocol (mSLP) [MSLP]. These enhancements make it possible for SAs to know of only a subset of all DAs. Mesh-enhanced SAs need only forward their registrations to only one mesh-enhanced DA. The mesh takes care of forwarding the message to the other DAs. 2.3.3 Summary The most fundamental difference between SLP and RSerPool is that SLP is service-oriented while RSerPool is communication-oriented. More specifically, what SLP provides to its user is a mapping function from a name of a service to the location of the service provider, in the form of a URL string. The availability of the service provider is outside of the scope of SLP. How a service is accessable can be described by the SLP attribute list associated with the service URL. SLP is essentially a discovery protocol, not a transport protocol. Therefore, the granularity of SLP operation is at application service level. In contrast, RSerPool provides to its user is a mapping function from a communication destination name to a set of routable and reachable transport addresses that leads to a group of distributed software server entities registered under that name that collectively represent the named communication destination. With respect to SLP, this information could be represented in SLP attributes. RserPool, however, also has the responsibility of reliably delivering a user message to one of these server entities. Currently, mSLP would need changes, for example it was designed to scale to ~10 DAs not ~100 DAs. Additionally, SLP is currently designed to run on top of UDP and TCP. If SCTP support wasis needed, some additional specification work would be needed. SLP security makes no attempt to address the confidentiality of data transmitted between SLP agents. To properly address this concern, SLP agents would need to establish secure communication with each other. This would be achieved through the use of IPSec Encapsulating Security Payload. Server discovery, however, is something which SLP does well, and if used for RserPool, this would be useful. 3 ASAP and ENRP ASAP [ASAP] and ENRP [ENRP] are being developed the RserPool working group. Even though they are separate protocols, they are designed to work together. 3.1 ASAP ASAP uses a name-based addressing model which isolates a logical communication endpoint from its IP address(es), thus effectively eliminating the binding between the communication endpoint and its physical IP address(es) which normally constitutes a single point of failure. In addition, ASAP defines each logical communication destination as a pool, providing full transparent support for server-pooling and load sharing. It also allows dynamic system scalability - members of a server pool can be added or removed at any time without interrupting the service. ASAP is not designed to scale Internet wide. It uses a flat, peer- to-peer addressing model. Other protocols, such as DNS could be used to bridge the pools of servers. It uses a name-based addressing model to logically isolate the communication endpoint from its IP address(es). If multiple endpoints register under a the same name, a server pool is effectively created. ASAP is used to select one Pool Element, based on a number of criteria, such as load sharing. ASAP monitors the reacability of the Pool Elements in order to provide fault tolerance. 3.2 ENRP ENRP defines procedures and message formats of a distributed fault- tolerant registry service for storing, bookkeeping, retrieving, and distributing pool operation and membership information. It allows Pool Elements to be dynamically added, updated and removed from service. There are protocol mechanisms for detecting and removing unreachable Pool Elements. 4 Comparison Against Requirements This section attempts to create a comparison table to compare the protocols which have been suggested as applicable to the RserPool architecture. | CORBA | DNS | SLP | ASAP | ENRP | -----------------------------+--------+-----+-----+------+------+ Robustness | Y | Y | Y | Y | Y | -----------------------------+--------+-----+-----+------+------+ Failover Support | Y | P | P | Y | Y | -----------------------------+--------+-----+-----+------+------+ Communication Model | N | P | Y | Y | Y | -----------------------------+--------+-----+-----+------+------+ Processing Power | N | Y | Y | Y | Y | -----------------------------+--------+-----+-----+------+------+ Support of RSerPool | N | Y | N | N | N | Unaware Clients | | | | | | -----------------------------+--------+-----+-----+------+------+ Registering and | N | P | P | Y | Y | Deregistering | | | | | | -----------------------------+--------+-----+-----+------+------+ Naming | Y | Y | Y | Y | Y | -----------------------------+--------+-----+-----+------+------+ Name Resolution only to | Y | N | Y | Y | Y | Active Elements | | | | | | -----------------------------+--------+-----+-----+------+------+ Server Selection Policies | Y | P | P | P | P | -----------------------------+--------+-----+-----+------+------+ Timing Requirements and | P | N | Y | Y | Y | Scaling | | | | | | -----------------------------+--------+-----+-----+------+------+ Scalability | N | Y | Y | Y | Y | -----------------------------+--------+-----+-----+------+------+ Security - General | Y | P | P | P | P | -----------------------------+--------+-----+-----+------+------+ Security - Name Space | P | P | P | P | P | Services | | | | | | -----------------------------+--------+-----+-----+------+------+ Y = Yes, meets requirement P = Partially meets requirement N = No, does not meet requirement N/A = Not applicable 5 Security Concerns This type of non-protocol document does not directly affect the security of the Internet. 6 Acknowledgements The authors would like to thank Bernard Aboba, Erik Guttman, Matt Holdrege, Lyndon Ong, Christopher Ross, Micheal Tuexen and Werner Vogels for their invaluable comments and suggestions. 7 Normative References [ASAP] Xie, Q, Stewart, R. R., "Aggregate Server Access Protocol (ASAP)", Work in progress. [ENRP] Xie, Q, Stewart, R. R., "Endpoint Name Resolution Protocol (ENRP)", Work inprogress. [MSLP] Zhao, W., "mSLP - Mesh-enhanced Service Location Protocol" Work in progress. [RSER-ARCH] Tuexen, M. et al., "Requirements for Reliable Server Pooling" Work in Progress. [RFC3237] Tuexen, M. et al., "Requirements for Reliable Server Pooling", RFC3237, January 2002. [RFC793] J. B. Postel, "Transmission Control Protocol", RFC 793, September 1981. [RFC2026] S. Bradner, "The Internet Standards Process - Revision 3", RFC 2026, October 1996. [RFC2608] E. Guttman et al., "Service Location Protocol, Version 2", RFC 2608, June 1999. [RFC2719] L. Ong et al., "Framework Architecture for Signaling Transport", RFC 2719, October 1999. [RFC2782] A. Gulbrandsen et al., "A DNS RR for specifying the location of services (DNS SRV)", RFC 2782, February 2000. [RFC2960] R. R. Stewart et al., "Stream Control Transmission Protocol", RFC 2960, November 2000. 8 Authors' Addresses John Loughney Nokia Research Center PO Box 407 FIN-00045 Nokia Group Finland Email: firstname.lastname@example.org Maureen Stillman Nokia 127 W. State Street Ithaca, NY 14850 USA Email: email@example.com Qiaobing Xie Motorola, Inc. 1501 W. Shure Drive, #2309 Arlington Heights, Il 60004 USA Email: firstname.lastname@example.org Randall Stewart Cisco Systems, Inc. 24 Burning Bush Trail Crystal Lake, Il 60012 USA Email: email@example.com Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.