Upload
fiorenza-gorman
View
39
Download
8
Tags:
Embed Size (px)
DESCRIPTION
COPS Common Open Policy Service. Vemuri Namratha Kandaswamy Balasubramanian Venreddy Nireesha. COPS. Introduction Architecture Models Operations Applications Event flows, message formats Issues Questions. Introduction. - PowerPoint PPT Presentation
Citation preview
COPSCOPSCommon Open Policy ServiceCommon Open Policy Service
Vemuri NamrathaVemuri Namratha
Kandaswamy BalasubramanianKandaswamy Balasubramanian
Venreddy NireeshaVenreddy Nireesha
COPSCOPS IntroductionIntroductionArchitectureArchitectureModelsModelsOperationsOperationsApplicationsApplicationsEvent flows, message formatsEvent flows, message formats IssuesIssuesQuestionsQuestions
IntroductionIntroduction
COPS is a simple query and response protocol, COPS is a simple query and response protocol, used to exchange information between used to exchange information between PDPPDP and and PEPPEP
PDP : Policy Enforcement PointPDP : Policy Enforcement Point RoutersRouters PDP : Policy Decision Point PDP : Policy Decision Point Servers containing policy statementsServers containing policy statements
What are PoliciesWhat are Policies
The Basic regulations negotiated for The Basic regulations negotiated for ensuring Qos to the users.ensuring Qos to the users.
Like allocation of Resources, Priorities and Like allocation of Resources, Priorities and hierarchal authorization.etchierarchal authorization.etc
COPSCOPSClient and Server model.Client and Server model.Allocation of resources to desired Allocation of resources to desired
priorities of services.priorities of services.COPS with RSVPCOPS with RSVPUses TCP as transport protocol for Uses TCP as transport protocol for
message passing.message passing.
ARCHITECTUREARCHITECTURE
Policy Mgmt
Tool
PEP
PEP
PEP
PDPCOPS
COPS
COPS
Human networkmanager
Policyconsole
Policy editor
Policyrepository
PURPOSEPURPOSE COPS allows the router (PEP) to communicate COPS allows the router (PEP) to communicate
with PDP about the allocation of requested with PDP about the allocation of requested resources for different kinds of trafficresources for different kinds of traffic
Admission control: Sees if there are enough Admission control: Sees if there are enough resources to satisfy the requestresources to satisfy the request
Policy control: Whether the request should be Policy control: Whether the request should be considered. Considers priority.considered. Considers priority.
Client TypesClient Types
COPS-PR
"COPS Usage for Policy Provisioning" is the protocol that
is used when policy decisions are "pushed" from the PDP to PEPs. In this provisioning model PDP can send policy decisions to PEPs without having specific request from PEP.
COPS_RSVPCOPS_RSVP
"COPS Usage for RSVP" is the protocol that is used when policy decision is "pulled" from PDP. When an RSVP message requiring a policy decision is received by PEP the relevant RSVP objects from the message are put into a COPS Request message, which is sent to PDP. The PDP determines what to do with RSVP message and sends a COPS Decision message back to the PEP,
MODELSMODELS
OutsourcingOutsourcing::
The PEP always explicitly asks the PDP for a The PEP always explicitly asks the PDP for a given amount of resourcesgiven amount of resources
Flexibility and Efficiency Flexibility and Efficiency Resource allocation requests are properly Resource allocation requests are properly
aggregatedaggregated Aggregate state information is kept in PDP/BBAggregate state information is kept in PDP/BB
Provisioning modelProvisioning model
More scalableMore scalable Inflexibility : difficult to handle modification of Inflexibility : difficult to handle modification of
configuration.configuration. Not explicitly customized to handle dynamic QoSNot explicitly customized to handle dynamic QoS
COPS The way it works.. COPS The way it works..
PEP is responsible for initiating a PEP is responsible for initiating a persistent TCP connection to a PDP. persistent TCP connection to a PDP.
The PEP uses this TCP connection to The PEP uses this TCP connection to send requests send requests
Communication between the PEP and Communication between the PEP and remote PDP is mainly a request/decision remote PDP is mainly a request/decision exchange.exchange.
Sometimes unsolicited decisionSometimes unsolicited decision
PEP’S ResponsibilitiesPEP’S Responsibilities
The PEP has to report to the PDP about The PEP has to report to the PDP about successful enforcement of the decision.successful enforcement of the decision.
The PEP is responsible for notifying the The PEP is responsible for notifying the PDP when a request state has changed.PDP when a request state has changed.
In simple words….it needs to keep things In simple words….it needs to keep things synchronized i.e keep the PDP informed.synchronized i.e keep the PDP informed.
And also local policy decision via its Local And also local policy decision via its Local Policy Decision Point (LPDP) Policy Decision Point (LPDP)
Messages/Requests/DecisionsMessages/Requests/Decisions
request statesrequest states the type of requestthe type of requestpreviously installed requestspreviously installed requestspolicy decisionspolicy decisions error reportserror reports client information. client information.
The Context of RequestThe Context of Request
The context of each request corresponds The context of each request corresponds to the type of event that triggered it .to the type of event that triggered it .
COPS identifies three types of events: COPS identifies three types of events:
(1) the arrival of an incoming message (1) the arrival of an incoming message
(2) allocation of local resources (2) allocation of local resources
(3) the forwarding of an outgoing message. (3) the forwarding of an outgoing message.
Message FormatMessage Format
Each COPS message consists of the Each COPS message consists of the COPS header followed by a number of COPS header followed by a number of typed objects.typed objects.
The fields in the header are: The fields in the header are:
Version: 4 bits COPS version number. Version: 4 bits COPS version number. Current version is 1. Current version is 1.
Flags: 0x1 Solicited Message Flag Bit 0 Flags: 0x1 Solicited Message Flag Bit 0 otherwise.otherwise.
Op Code: 8 bits (Explained in next slide).Op Code: 8 bits (Explained in next slide).Client-type: 16 bits Client-type: 16 bits Message Length: 32 bits Message Length: 32 bits
Op Code: 8 bits The COPS Op Code: 8 bits The COPS operations:operations:
1 = Request (REQ) 1 = Request (REQ) 2 = Decision (DEC) 2 = Decision (DEC) 3 = Report State (RPT) 3 = Report State (RPT) 4 = Delete Request State (DRQ) 4 = Delete Request State (DRQ) 5 = Synchronize State Req (SSQ) 5 = Synchronize State Req (SSQ) 6 = Client-Open (OPN) 6 = Client-Open (OPN) 7 = Client-Accept (CAT) 7 = Client-Accept (CAT) 8 = Client-Close (CC) 8 = Client-Close (CC) 9 = Keep-Alive (KA) 9 = Keep-Alive (KA) 10= Synchronize Complete (SSC) 10= Synchronize Complete (SSC)
Better Explained with an applicationBetter Explained with an application
IP-Telephony VOIPIP-Telephony VOIPWe need to assure Qos to the users.We need to assure Qos to the users.
Now lets look at the message flow.Now lets look at the message flow.
APPLICATION (IP-TELEPHONY)APPLICATION (IP-TELEPHONY)
MESSAGE FLOWMESSAGE FLOW
MESSAGE FLOWSMESSAGE FLOWS Client Open (CO) PEP->PDPClient Open (CO) PEP->PDP Client Accept (CA) PEP->PDP Client Accept (CA) PEP->PDP Client Close (CC) PEP<->PDPClient Close (CC) PEP<->PDP Request (REQ) PEP->PDPRequest (REQ) PEP->PDP Decision (DEC) PDP->PEPDecision (DEC) PDP->PEP Report State (RPT) PEP->PDPReport State (RPT) PEP->PDP Synchronize State Request (SSQ) PDP->PEPSynchronize State Request (SSQ) PDP->PEP Synchronize State Complete (SSC) PEP->PDPSynchronize State Complete (SSC) PEP->PDP Keep Alive (KA) PEP<->PDP Keep Alive (KA) PEP<->PDP
EVENT FLOWEVENT FLOW
CALL FLOW EXPLAINEDCALL FLOW EXPLAINED
PDPAgent: The functional unit which PDPAgent: The functional unit which supports PDP threads.supports PDP threads.
PDPThread:Currently Excuted PDP PDPThread:Currently Excuted PDP program, on the state of executionprogram, on the state of execution
COSPIntf: COPS and OSP interfaceCOSPIntf: COPS and OSP interfaceOSP: Open Settlement ProtocolOSP: Open Settlement Protocol
STATE DIAGRAMSTATE DIAGRAM
Issues and ExtensionsIssues and Extensions
Issues related to COPSIssues related to COPS
Scalability issues in heterogenous Scalability issues in heterogenous networksnetworks
PDP only control limited number of PEP PDP only control limited number of PEP devices within a domaindevices within a domain
Inter vendor COPS compatibility is less.Inter vendor COPS compatibility is less.Not directly transferable among PDPsNot directly transferable among PDPsNo load sharing and balancing No load sharing and balancing
mechanisms at PDPmechanisms at PDP
Good Thing??! About COPSGood Thing??! About COPS
According to RFC 2748 and net archives.According to RFC 2748 and net archives.So far No vulnerability has been listed.So far No vulnerability has been listed.There have been claims for Denial of There have been claims for Denial of
Service attacks….but no authenticate Service attacks….but no authenticate reports.reports.
Extension to COPS protocolExtension to COPS protocol
COPS-ODRA is a Outsourcing COPS-ODRA is a Outsourcing Differentiated Resource AllocationDifferentiated Resource Allocation
COPS-DRA is Differentiated Resource COPS-DRA is Differentiated Resource AllocationAllocation
COPS-ODRACOPS-ODRA
ODRA stands for Outsourcing Diffserv ODRA stands for Outsourcing Diffserv Resource Allocation .Resource Allocation .
Dynamic Admission Control and resource Dynamic Admission Control and resource Management in a Differentiated Services Management in a Differentiated Services network. network.
COPS ODRA protocol is used on COPS ODRA protocol is used on interface between the Edge Router and interface between the Edge Router and the admission / policy control serverthe admission / policy control server
COPS vs COPS-ODRA:
COPS allocation made by the PEP based on local
resources, the PDP is in charge to authorize or deny.
specific for RSVP
COPS-ODRA resource allocation refers to domain-wide
resources . PDP is in control of these resources This allows Dynamic Allocation.
COPS-DRACOPS-DRA
COPS DRA (Diffserv Resource Allocation) COPS DRA (Diffserv Resource Allocation) Dynamic Admission Just like ODRA but Dynamic Admission Just like ODRA but
has additional flexibility. (Explained later) has additional flexibility. (Explained later) COPS DRA protocol is also used on COPS DRA protocol is also used on
interface between the Edge Router and interface between the Edge Router and the admission / policy control server. the admission / policy control server.
COPS-DRA ArchitectureCOPS-DRA Architecture
Important Use of COPS-DRAImportant Use of COPS-DRA
COPS has two different modelsCOPS has two different models
1. Outsourcing1. Outsourcing
2. Provisioning2. ProvisioningCOPS-DRA can exploit both the models COPS-DRA can exploit both the models
easily and can be set to follow either way.easily and can be set to follow either way.
While ODRA is specifically meant for While ODRA is specifically meant for Outsourcing model.Outsourcing model.
QuestionsQuestions
1.1. Where is the policy configuration information Where is the policy configuration information stored and maintained?stored and maintained?
(Explanations about Policy server, Policy (Explanations about Policy server, Policy repositoty and network administrator).repositoty and network administrator).
2.2. What is the protocol used in conjunction with What is the protocol used in conjunction with which COPS outsources the policy decisions which COPS outsources the policy decisions from a router to the server?from a router to the server?
(Explanation about COPS and RSVP)(Explanation about COPS and RSVP)3.3. What is meant by ‘State-sharing’ in COPS?What is meant by ‘State-sharing’ in COPS? As long as PDP and PEP are connected,TCP As long as PDP and PEP are connected,TCP
messages are being sent, no other process messages are being sent, no other process can make changes to PEP configuration.can make changes to PEP configuration.
REFERENCESREFERENCES http://www.ietf.org/proceedings/99mar/slides/raphttp://www.ietf.org/proceedings/99mar/slides/rap
-cops-99mar/sld002.htm-cops-99mar/sld002.htm
http://www.coritel.it/publications/IP_download/icchttp://www.coritel.it/publications/IP_download/icc2001.pdf2001.pdf
http://www.coritel.it/projects/cops-bb/Download/chttp://www.coritel.it/projects/cops-bb/Download/cops-dra-2.PDFops-dra-2.PDF
http://www.coritel.it/projects/cops-bb/Download/dhttp://www.coritel.it/projects/cops-bb/Download/draft-salsano-issll-cops-odra-00.txtraft-salsano-issll-cops-odra-00.txt
QUESTIONS?QUESTIONS?
THANKYOUTHANKYOU