]> Simula Metropolitan Centre for Digital Engineering

Pilestredet 52 0167 Oslo Norway dreibh@simula.no https://www.simula.no/people/dreibh

Nokia Siemens Networks

Atealaan 32 Herentals 2200 Belgium +32-14-252081 lode.coene@nsn.com

University of Delaware

103 Smith Hall Newark DE 19716 USA +1-302-831-8622 conrad@acm.org

Internet-Draft This document describes the applicability of the Reliable Server Pooling architecture to the IP Flow Information Exchange using the Aggregate Server Access Protocol (ASAP) functionality of RSerPool only. Data exchange in IPFIX between the router and the data collector can be provided by a limited retransmission protocol.

Introduction Reliable Server Pooling provides protocols for providing highly available services. The services are located in a pool of redundant servers and if a server fails, another server will take over. The only requirement put on these servers belonging to the pool is that if state is maintained by the server, this state must be transferred to the other server taking over. The goal is to provide server-based redundancy. Transport and network level redundancy are handle by the transport and network layer protcols. The application may choose to distribute its traffic over the servers of the pool conforming to a certain policy. The application wishing to make use of RSerPool protocols may use different transport layers (such as UDP, TCP and SCTP). However, some transport layers may have restrictions build in in the way they might be operating in the RSerPool architecture and its protocols.

Scope The scope of this document is to explain the way that a minimal version of Reliable Server Pooling protocols have to be used in order to provide a highly available service towards IP Flow Information Exchange (IPFIX) protocols.

Terminology The terms are commonly identified in related work and can be found in the Aggregate Server Access Protocol and Endpoint Handlespace Redundancy Protocol Common Parameters document

IPFIX using RSerPool

Architecture IP flow information is exchanged between observation points and collector points. The observation points may try to find out via the Aggregate Server Access Protocol (ASAP, see ) which collector point(s) are active. Both the observation and the collector point may have limitations for exchanging the information (observation point may have limited buffer space and collectors points may be overburdened with receiving lots of flow information from different observation points). The observation point will query the ENRP server for resolution of a particular collector pool name and the ENRP server will return a list of one or more collector points to the observation point. The observation point will use its own transport protocols (TCP, UDP, SCTP, SCTP with PR-SCTP extension) for exchanging the IPFIX data between the observation point and the collector point. If a collector point would fail, then the observation point will send its data towards a different collector point, belonging to the same collector pool. Collector points will announce themselves to the ENRP server and will be monitored for their availability. The observation point will only query the ENRP server for server pool name resolution.

Transport protocols suitable for IPFIX The exchange of IP flow information data between an observation point and a collection point consists of massive amounts of data. One collection point can service many observation points, therefore transport protocols must do congestion control (example: modifying the receive buffer space, thus reducing the incoming flow of data), so that the collection point is not overburdened by its observation points. Some data must arrive at the collector while other data might arrive (if it gets lost: no problem). The choice of reliable or partial reliable delivery has to be made by the observation point These requirements demand a protocol which provides variable transport reliability of its data: it should be able to chose the reliability by the IPFIX protocols on a a per-message base. SCTP with PR-SCTP extension is the only know protocol which allows the choice of full, partial or unreliable delivery of the message to its peer node. TCP will only allow fully reliable delivery, while UDP only provides unreliable delivery and NO congestion control.

Security considerations The protocols used in the Reliable Server Pooling architecture only try to increase the availability of the servers in the network. RSerPool protocols do not contain any protocol mechanisms which are directly related to user message authentication, integrity and confidentiality functions. For such features, it depends on the IPSEC protocols or on Transport Layer Security (TLS) protocols for its own security and on the architecture and/or security features of its user protocols. The RSerPool architecture allows the use of different transport protocols for its application and control data exchange. These transport protocols may have mechanisms for reducing the risk of blind denial-of-service attacks and/or masquerade attacks. If such measures are required by the applications, then it is advised to check the SCTP applicability statement RFC2057 for guidance on this issue.

Reference Implementation The RSerPool reference implementation RSPLIB can be found at . It supports the functionalities defined by , , , and as well as the options , and . An introduction to this implementation is provided in .

Testbed Platform A large-scale and realistic Internet testbed platform with support for the multi-homing feature of the underlying SCTP protocol is NorNet. A description of NorNet is provided in , some further information can be found on the project website .

Security Considerations Security considerations for RSerPool systems are described by .

IANA Considerations This document introduces no additional considerations for IANA.

Acknowledgments The authors wish to thank Maureen Stillman and many others for their invaluable comments.

References Normative References <p>This document describes the applicability of the Stream Control Transmission Protocol (SCTP). It also contrasts SCTP with the two dominant transport protocols, User Datagram Protocol (UDP) & Transmission Control Protocol (TCP), and gives some guidelines for when best to use SCTP and when not best to use SCTP. This memo provides information for the Internet community.</p> This memo describes an extension to the Stream Control Transmission Protocol (SCTP) that allows an SCTP endpoint to signal to its peer that it should move the cumulative ack point forward. When both sides of an SCTP association support this extension, it can be used by an SCTP implementation to provide partially reliable data transmission service to an upper layer protocol. This memo describes the protocol extensions, which consist of a new parameter for INIT and INIT ACK, and a new FORWARD TSN chunk type, and provides one example of a partially reliable service that can be provided to the upper layer via this mechanism. [STANDARDS-TRACK] This document obsoletes RFC 2960 and RFC 3309. It describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport Public Switched Telephone Network (PSTN) signaling messages over IP networks, but is capable of broader applications. SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP. It offers the following services to its users: -- acknowledged error-free non-duplicated transfer of user data, -- data fragmentation to conform to discovered path MTU size, -- sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages, -- optional bundling of multiple user messages into a single SCTP packet, and -- network-level fault tolerance through supporting of multi-homing at either or both ends of an association. The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks. [STANDARDS-TRACK] The Reliable Server Pooling effort (abbreviated "RSerPool") provides an application-independent set of services and protocols for building fault-tolerant and highly available client/server applications. This document provides an overview of the protocols and mechanisms in the Reliable Server Pooling suite. This memo provides information for the Internet community. Aggregate Server Access Protocol (ASAP; RFC 5352), in conjunction with the Endpoint Handlespace Redundancy Protocol (ENRP; RFC 5353), provides a high-availability data transfer mechanism over IP networks. ASAP uses a handle-based addressing model that isolates a logical communication endpoint from its IP address(es), thus effectively eliminating the binding between the communication endpoint and its physical IP address(es), which normally constitutes a single point of failure. In addition, ASAP defines each logical communication destination as a pool, providing full transparent support for server pooling and load sharing. It also allows dynamic system scalability -- members of a server pool can be added or removed at any time without interrupting the service. ASAP is designed to take full advantage of the network level redundancy provided by the Stream Transmission Control Protocol (SCTP; RFC 4960). Each transport protocol, other than SCTP, MUST have an accompanying transport mapping document. It should be noted that ASAP messages passed between Pool Elements (PEs) and ENRP servers MUST use the SCTP transport protocol. The high-availability server pooling is gained by combining two protocols, namely ASAP and ENRP, in which ASAP provides the user interface for Pool Handle to address translation, load sharing management, and fault management, while ENRP defines the high- availability Pool Handle translation service. This memo defines an Experimental Protocol for the Internet community. The Endpoint Handlespace Redundancy Protocol (ENRP) is designed to work in conjunction with the Aggregate Server Access Protocol (ASAP) to accomplish the functionality of the Reliable Server Pooling (RSerPool) requirements and architecture. Within the operational scope of RSerPool, ENRP defines the procedures and message formats of a distributed, fault-tolerant registry service for storing, bookkeeping, retrieving, and distributing pool operation and membership information. This memo defines an Experimental Protocol for the Internet community. This document details the parameters of the Aggregate Server Access Protocol (ASAP) and Endpoint Handlespace Redundancy Protocol (ENRP) defined within the Reliable Server Pooling (RSerPool) architecture. This memo defines an Experimental Protocol for the Internet community. Reliable Server Pooling (RSerPool) is an architecture and set of protocols for the management and access to server pools supporting highly reliable applications and for client access mechanisms to a server pool. This document describes security threats to the RSerPool architecture and presents requirements for security to thwart these threats. This memo provides information for the Internet community. This document describes server pool policies for Reliable Server Pooling (RSerPool) including considerations for implementing them at Endpoint Handlespace Redundancy Protocol (ENRP) servers and pool users. This memo defines an Experimental Protocol for the Internet community. Simula Metropolitan Centre for Digital Engineering This document describes the Handle Resolution option for the ASAP protocol. Simula Metropolitan Centre for Digital Engineering Hainan University, College of Information Science and Technology This document contains the definition of a delay measurement infrastructure and a delay-sensitive Least-Used policy for Reliable Server Pooling. Simula Metropolitan Centre for Digital Engineering Hainan University, College of Information Science and Technology This document describes the Takeover Suggestion Flag for the ENRP_HANDLE_UPDATE message of the ENRP protocol. Informative References