DTNMA Asynchronous Management Protocol (AMP)The Johns Hopkins University Applied Physics Laboratory11100 Johns Hopkins Rd.LaurelMD20723United States of America+1 443 778 7423Edward.Birrane@jhuapl.eduThe Johns Hopkins University Applied Physics Laboratorybrian.sipos+ietf@gmail.com
Transport
Delay-Tolerant NetworkingDTNNetwork ManagementAutonomy
This document defines a messaging protocol for the Delay-Tolerant Networking (DTN) Management Architecture (DTNMA) Asynchronous Management Model (AMM) and a transport mapping for exchanging those messages over a network.
This Asynchronous Management Protocol (AMP) does not require transport-layer sessions, operates over unidirectional links, and seeks to reduce the energy and compute power necessary for performing network management of resource constrained devices and over challenged networks.
Introduction
Network management in challenged and resource constrained networks must be accomplished differently than the network management methods in low-delay, high-rate, high-availability networks.
The Delay-Tolerant Networking (DTN) Management Architecture (DTNMA), as defined in , provides an overview and justification of an alternative to "synchronous" management services such as those provided by SNMP or NETCONF (and its derivatives RESTCONF and CORECONF ).
In particular, the DTNMA defines the need for a flexible, robust, and efficient autonomy engine to handle decisions when operators cannot be active in the network.
The logical description of that DTNMA Application Management Model (AMM), and its realization in static Application Data Models (ADMs) and dynamic Operational Data Models (ODMs), is in .
The AMM presents an efficient and expressive model for the asynchronous management of a network node, but does not specify any particular message structure or encoding.
This document, the DTNMA Asynchronous Management Protocol (AMP), specifies an encoding of messages related to AMM objects using ARI values as protocol data units (PDUs) in and a transport of these PDUs within Bundle Protocol version 7 (BPv7) payloads in .
This AMP specification provides an enveloping of ARIs necessary to support the AMM as described in .
As such, AMP defines very few structures of its own.
Scope
The AMP provides data monitoring, administration, and configuration for applications operating above the data link layer of the OSI networking model.
While the AMP may be configured to support the management of network layer protocols, it also uses these protocol stacks to encapsulate and communicate its own messages.
It is assumed that the transport(s) used to carry AMP messages provide addressing, confidentiality, integrity, security, fragmentation/reassembly, and other network functions.
Therefore, these items are outside of the scope of this document.
This document describes the format of messages used to exchange data models between managing and managed devices in a network.
The rationale for this type of exchange is outside of the scope of this document and is covered in .
The description and explanation of the data models exchanged is also outside of the scope of this document and is covered in .
This document does not address specific configurations of AMP-enabled devices or any ADMs or ODMs available on such devices.
This also does not discuss the interface, if any, between AMP and other management protocols.
Use of CDDL
This document defines Concise Binary Object Representation (CBOR) structure using the Concise Data Definition Language (CDDL) of .
The entire CDDL structure can be extracted from the XML version of this document using the XPath expression:
'//sourcecode[@type="cddl"]'
The following initial fragment defines the top-level symbols of this document's CDDL, which includes the example CBOR content.
start = amp-adu
From the document the definitions are taken for ari, lit-execset, and lit-rptset.
Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
The terms "Agent", "Application Data Model", "Externally Defined Data", "Variable", "Control", "Literal", "Macro", "Manager", "Report Template", "Report", "Table", "Constant", "Operator", "Time-Based Rule" and "State-Based Rule" are used without modification from the definitions provided in .
Constraints and Assumptions
The desirable properties of an asynchronous management protocol, as specified in the DTNMA, are summarized here to represent design constraints on the AMP specification.
Intelligent Push of Information:
Nodes in a challenged network cannot guarantee concurrent, bi-directional communications.
Some links between nodes may be strictly unidirectional.
In the DTNMA, Agents "push" data to Managers rather than Managers "pulling" data from Agents.
Small Message Sizes:
Smaller messages require smaller periods of viable transmission for communication, incur less retransmission cost, and consume fewer resources when persistently stored en route in the network.
The AMP minimizes message size wherever practical, to include binary data representations and predefined data definitions and templates.
Static and Dynamic Identification:
All data in the system must be uniquely addressable, to include operator-specified information.
AMP provides a compact encoding for identifiers based on the Application Resource Identifier (ARI) of .
Stateless Operation:
There is no reliable concept of session establishment or round-trip data exchange in challenged networks.
AMP is designed to be stateless and ADM controls are specified to be idempotent when executed.
Where helpful, AMP provides mechanisms for ordering of execution within a single AMP protocol data unit, but otherwise degrades gracefully when nodes in the network diverge in their configuration.
Independence from ADMs:
Although some portions of the AMP structure share concepts and capabilities of AMM semantic types, the AMP operates independently from any specific ADMs or ODMs which would use the AMP for messaging between entities.
This avoids the need for an AMP processor to have information about those specific ADMs or ODMs, similarly to how the ARI syntax processing is independent from specific ADMs or ODMs.
The interpreting of ARIs, however, does require the use of specific referenced ADMs and ODMs.
All AMP encodings are self-terminating, based on Concise Binary Object Representation (CBOR).
This means that, given an indefinite-length octet stream, each encoding can be unambiguously decoded from the stream without requiring additional information such as a length field separate from the data type definition.
CBOR also provides a layer of well-formed data coding separate from valid AMP structure coding.
Message Structure and Sequencing
The function of the AMP is to deliver Execution-Set (EXECSET) and Reporting-Set (RPTSET) values to a DTNMA Agent and a Manager respectively.
Together these support the needs described in .
Each AMP message consists of a version number followed by any number of binary form ARI values, as defined in .
All AMP messages conforming to this specification SHALL contain version number 1.
Any AMP messages received with an unknown version number SHALL be ignored.
Each of the contained ARIs SHALL be either an EXECSET or a RPTSET.
The EXECSET is used to communicate from Manager to Agent and cause execution activities within the Agent as defined in .
The RPTSET is used to communicate from Agent to Manager, which includes reports and (specific) execution results from the Agent, as defined in .
Each AMP message has the following CDDL definition.
amp-msg = [
version: 1,
*amp-ari
]
amp-ari = (lit-execset / lit-rptset) .within ari
Execution-Set Values
When received by an Agent, an EXECSET value SHALL result in immediate execution activities based on the message contents.
Each item in the target list SHALL be executed independently (i.e., failures on one item do not affect other items).
Each item in the target list MAY be executed in any order or concurrently.
This is not the same behavior as execution of a macro (see ), where execution of items is ordered and a failure of any execution causes subsequent items to not be executed.
When possible, Managers SHOULD coalesce multiple execution targets into a single EXECSET value.
This avoids the overhead of processing multiple messages on an Agent to cause multiple executions, but it does require that all or none of the executions are associated with a nonce value.
Reporting-Set Values
When received by a Manager, each report within a RPTSET value SHALL be correlated to its ADM or ODM object used to interpret its source-specific data.
Each report in the Report List SHALL be processed independently (i.e., failures on one report do not affect other items).
Each report in the Report List MAY be processed in any order or concurrently.
When associated to the same nonce value, Agents SHOULD coalesce multiple reports into a single RPTSET value.
The coalescing MAY be based on a time interval or an event (e.g. power-saving wake-up).
This avoids the overhead of processing multiple RPTSET values on a Manager and improves timestamp compression in the items, but it does require that all or none of the items are associated with the same nonce value.
Bundle Protocol Transport
When embedded as block type-specific data (BTSD) within a BPv7 payload block in accordance with , the application data unit (ADU) SHALL consist of an AMP message (see ) as a CBOR sequence.
The payload BTSD has the following CDDL definition.
amp-adu = bstr .cborseq amp-msg
When Agents and Managers register endpoints on a BPA, they SHOULD use the well-known service numbers defined in .
Using well-known identifiers simplifies configuration and troubleshooting but is not necessary for correct AMP operation.
When BPv7 is used as transport for AMP, the primary and payload blocks SHALL be authenticated by a BPSec mechanism traceable to the message source.
This can be either block integrity block (BIB) or block confidentiality block (BCB) using an authenticated encryption algorithm, either using an authenticated public key of the source directly or via some security association derived from an authenticated public key or from a security gateway and delegated for the bundle source.
It is an network policy and configuration issue to determine the correct use of BPSec for any particular Manager and Agent.
When processing an AMP ADU, the processing context SHALL include the following:
The bundle Source Node ID
An indication of the authenticity of the primary and payload blocks, along with the Security Source Node ID used to authenticate them
IANA Considerations
This section provides guidance to the Internet Assigned Numbers Authority (IANA) regarding registration of schema and namespaces related to the Application Resource Identifier (ARI), in accordance with BCP 26 .
URI Schemes
This document defines entries in the registry "'ipn' Scheme URI Well-known Service Numbers for BPv7" within the "URI Schemes" registry group containing the following.
RFC Editor: The values for TBA1 and TBA2 below should be assigned from the range 128-255.
'ipn' Scheme URI Well-known Service Numbers for BPv7
Value
Description
Reference
TBA1
DTNMA Agent role
[This document]
TBA2
DTNMA Manager role
[This document]
Security Considerations
Security within the AMP exists in two distinct layers as follows:
Transport Security:
Transport security addresses the questions of authentication, integrity, and confidentiality associated with the transport of messages between Managers and Agents.
This security is applied before any particular entity in the system receives data and, therefore, its specifics are outside of the scope of this document.
The BP transport specified in does require some authentication which covers the AMP payload, but details are network- and implementation-specific.
Access Control:
Fine grained object-level security is provided and enforced by Agents via access control lists (ACLs) which are part of an Agent's configuration.
An Agent's ACLs could be managed via an ADM using AMP itself, but such details are also outside the scope of this document.
ReferencesNormative ReferencesUniform Resource Identifier (URI) SchemesIANAInformative ReferencesExample Messages
The examples in this section use the well-known organization "example" (65535) with a single model "adm-a" (1) for simplicity.
An example of an Execution-Set being sent to an Agent has the following ARI text representation (with newlines and spaces inserted for readability).
ari:/EXECSET/n=1234;(
//example/adm-a/CTRL/dothing,
//example/adm-a/CONST/amacro)
Assuming some enumeration values for the ADM and objects results in the following transformed ARI.
ari:/EXECSET/n=1234;(//65535/1/-3/18,//65535/1/-2/43)
This is embedded into an AMP message with the following CBOR sequence.
1,
[20, [1234, [65535, 1, -3, 18], [65535, 1, -2, 43]]]
Which is encoded to the following binary string.
0x018214831904D28419FFFF0122128419FFFF0121182B
An example of a corresponding Reporting-Set being sent to a Manager has the following ARI text representation (with newlines and spaces inserted for readability).
ari:/RPTSET/n=1234;r=/TP/20230102T030405Z;
(t=/TD/PT0S;s=//example/adm-a/CTRL/dothing;(null))
(t=/TD/PT5S;s=//example/adm-a/CTRL/other;(567))
Which results in the following transformed ARI (with newlines and spaces inserted for readability).
ari:/RPTSET/n=1234;r=/TP/725943845;
(t=/TD/0;s=//65535/1/-3/18;(null))
(t=/TD/5;s=//65535/1/-3/6;(567)))
This is embedded into an AMP message with the following CBOR sequence.
1,
[21, 1234, 725943845,
[0, [65535, 1, -3, 18], null],
[5, [65535, 1, -3, 6], 567]]
Which is encoded to the following binary string.
0x0185151904D21A2B45062583008419FFFF012212F683058419FFFF012206190237
Implementation Notes
A reference implementation of an earlier revision of the AMP is available in the 3.6.2 release of the ION open source code base available from the ION-DTN Sourceforge project.
An extraction of the same AMP Agent and Manager from ION into a stand-alone project is available in the DTNMA Tools GitHub project.
This project also contains an updated Wireshark AMP dissector for the corresponding earlier revision of this draft.
Acknowledgments
The following participants contributed technical material, use cases, and useful thoughts on the overall approach to this protocol specification: Jeremy Pierce-Mayer of INSYEN AG contributed the concept of the typed data collection and early type checking in the protocol.
David Linko and Evana DiPietro of the Johns Hopkins University Applied Physics Laboratory contributed appreciated review and type checking of various elements of this specification.