A Policy Management Framework for Flow Distribution on Multihomed - - PowerPoint PPT Presentation

A Policy Management Framework for Flow Distribution

• n Multihomed End Nodes

Koshiro Mitsuya <mitsuya@sfc.wide.ad.jp> Romain Kuntz <kuntz@lsiit.u-strasbg.fr> Shinta Sugimoto <shinta@sfc.wide.ad.jp> Ryuji Wakikawa <ryuji@sfc.wide.ad.jp> Jun Murai <jun@wide.ad.jp>

1

Table of Contents

• Motivations
• Scenario
• Requirements
• Current Situation
• New Framework
• Conclusion

2

Motivations

Contemplated multihomed environment

• Node equipped with multiple (wireless)

network accesses

• Especially true in mobile environment
• multiple communication paths,
• Maintained by one or multiple multihoming

protocols (MIP6/MCoA, SHIM6, SCTP , etc.)

• Each has multiple goals and benefits,
• Ubiquitous access, fault tolerance, load sharing, ...
• Flow Distribution: distribute flow via multiple

available paths

3

Motivations

How to achieve flow distribution

• User/Application creates its desired policies,
• Described in term of cost, bandwidth, delay,

jitter, etc.

• The policy management framework confronts

them to the characteristics of each available path

• Resulting the filter rules,
• Filter rules used as input to the OS-specific

filtering framework,

• Filter rules exchanged among peer hosts.

4

Example Scenario

5

reque ster reque ster reque ster ow dist. mpro mpro mpro ow dist. mpro ow dist. mpro mpro mutihomed node anchor node correspondent reque ster mpro = multihoming protocol stack policy policy policy policy filter rule filter rule filter rule paths with different characteristics step-1 step-2 step-3

node

Legend:

functional entity ow dist. = ow distribution mechanism

Requirements

for the policy management framework

R1: Policy description: language definition R1.1 Makes the relation between flow and path characteristics, R1.2 Multihoming protocol independent. R2: Multiple requesters (local or remote) management R3: Policy resolution to filter rules and error management R4: Filter rules description, R5: Filter rules transport, R6: Multiple filter rules processing, R7: Transport security

6

Current Situation

Summary of existing specifications

7

Multihoming protocol principles

Multihoming Protocol specifications

Flow distribution in implementations

Mobile-IPv6 based

(MIPv6, NEMO) Multiple CoA binded to a single HoA MCoA, Flow Binding, Flow distribution Ipfilter, PF, Netfilter

SHIM6 based

Upper Layer ID (ULID) mapped to one or more locators

Policy DB in the SHIM6 IP sub-layer, Multihoming SHIM API

SHIM6 API, Netfilter

HIP based

Host ID (HI, public key) mapped to one or several IP addresses

Multihoming SHIM API impossible

SCTP based

Transport layer protocol SCTP socket API Socket API, library

Current Situation

Main Principles

• Identifier/locator separation concept,
• Flow Distribution achieved by choosing proper

locator,

• Locator set by configuring filter rules (via

Socket API, OS-specific framework, etc.),

8

Current Situation

Main Issues

• Usually associates the flow to a system or protocol-
• riented path ID (eg: BID for MCoA),
• Protocol-dependent
• Usually do not exchange filter rules among

hosts (HIP , SHIM6, SCTP).

• Cannot specify e.g. round-trip path
• Flow distribution tightly depends on the OS on

which the implementation is running

• Hard to define a generic flow distribution

architecture.

9

New Framework

Main Principles

➡Unified Policy management framework

• n top of the various flow distribution

mechanisms,

➡Using the existing mechanisms given by the

OS.

10

New Framework

Main Principles

• Policy Data Set:
• Describes flow in terms of costs, bandwidth,

delay, jitter, etc.

• Policy Management Framework:
• Confront the policy data set against the

interfaces’ characteristics,

• Produce filter rules,
• Install / send filter rules to peer hosts.

11

New Framework

The Policy Data Set

• Generic language to define a common policy

data set whatever the multihoming protocol or OS is running on the node (R1.2),

• Set of Policy Rules:
• Tells which policy (flow + action) to apply

when some conditions are met (R1.1).

12

New Framework

The Policy Data Set

13

policy data set

policy rule policy rule conditions conditions = expected network characteristics policy = selector + action target host policy policy policy target host policy policy policy rule policy policy target host policy policy policy target host policy policy policy target host conditions conditions

New Framework

Policy Management Framework

• Processes the Policy Data Sets from multiple

sources (R2),

• Confront the user policies with the actual

path’s characteristics to produce filter rules (R3, R4),

• Uses the existing filtering framework to install

the rules on local host (R6),

• Send the filter rules for remote host (R5, R7)

14

15

• A. path

maintainer

• B. path

characteristics examiner C. condition decision list of available paths list of available network resources D. path decision Set of policies lter rules (ow ID, path ID) (path ID, characteristics) Policy data set Policy data set

• E. policy

exchanger Policy data set Policy data set local G.protocol- dependent ltering framework remote host

• F. lter rule

encoder

• F. lter rule encoder

local lter rules lter rules for remote host e.g. PF conguration le e.g. Netlter conguration le

• X. lter rule exchanger

G.protocol- dependent ltering framework Multihoming Protocol Multihoming Protocol G.protocol- dependent ltering framework Multihoming Protocol G.protocol- dependent ltering framework Multihoming Protocol

• X. lter rule

exchanger

Conclusion

• Defined requirements for a policy management

framework,

• Draft framework working on top of several

multihoming protocols,

• Next steps:
• Grammar definition for the Policy Data Set,
• draft-mitsuya-monami6-flow-distribution-policy
• Framework implementation and evaluation.

16

Thank you, Any questions?

Romain Kuntz <kuntz@lsiit.u-strasbg.fr>