Upload
christine-burke
View
224
Download
0
Embed Size (px)
DESCRIPTION
IETF69 ANCP WG3 Use Cases 1.Multicast Conditional Access 2.Multicast Admission Control 3.Multicast Accounting 4.Multicast Termination
Citation preview
IETF69 ANCP WG 1
ANCP Multicast Handling draft-maglione-ancp-mcast-00.txt
R. Maglione, A. Garofalo - Telecom ItaliaF. Le Faucheur, T. Eckert - cisco Systems
IETF69 ANCP WG 2
Objectives
Describing ANCP Multicast use cases, protocol requirements and Message Flows
Enabling the combination of NAS and AN to functionally behave as one single black box, when replication is performed by the AN, without any loss of functionality compared to if replication was performed on NAS
Enabling the necessary information to be provided by NAS to the AN to perform multicast admission decision locally when possible and allowing the AN to query the NAS when further decisions are needed
IETF69 ANCP WG 3
Use Cases
1. Multicast Conditional Access2. Multicast Admission Control3. Multicast Accounting4. Multicast Termination
IETF69 ANCP WG 4
Multicast Conditional Access Objective: providing Network level access control for Multicast
traffic: before honoring a user request to join a new flow, conditional access validation is performed to validate that this user is allowed to access this flow
Two possible alternatives also described in Multiaaa Framework (draft-ietf-mboned-multiaaa-framework-04):
Policy push model: AAA repository pushes policies down into NAS, and then NAS pushes these policies into AN
Policy pull model: Network Service Provider AN sends an authorization query to the Content Provider mAAA server
Three Scenarios:1. Decision taken by AN2. Decision taken by NAS (or by AAA Server)3. Coarse-Grain Decision taken by NAS & Fine-Grain Decision
taken by AN
IETF69 ANCP WG 5
Multicast Conditional Access 1) Decision taken by AN
AN can be provisioned with the necessary conditional access information (white/black lists) so the AN can then perform the conditional access decisions autonomously
NAS uses ANCP to provision the necessary information in the AN so that the AN can then perform conditional access enforcement locally (Policy push model)
White Lists: identity the Multicast Flows for which the AN can autonomously start replicating multicast traffic without requesting further authorization to the NAS
Black Lists: identify the Multicast Flows for which the AN autonomously knows that is not authorized to start replicating multicast traffic
For all Multicast Flows that do not belong to white or black lists AN needs to query NAS for further decision
IETF69 ANCP WG 6
2) Decision taken by NAS or by AAA ServerApplicability: conditional access control tied to complex
policy/authorization mechanism, time of day access, or location based access or to invoke a remote authorization server for very sensitive contentsApplications like: video conferencing, over the top video, Prepaid Service, Nomadic usersScenarios where Network Service Provider and Content Service Provider are two separate entities
AN uses ANCP to query the NAS, that responds to the AN indicating whether the join is to be honored or denied (Policy-pull model)
Multicast Conditional Access
IETF69 ANCP WG 7
3) Coarse-Grain Decision taken by NAS & Fine-Grain Decision taken by AN
Multicast Flow-Group: A set of same bandwidth multicast flows sharing the same conditional access policyThe decision for multicast Flow change within a Flow-Group is
handled by the AN, and NAS only take a conditional access decision for the whole Multicast Flow-Group
AN uses ANCP to query the NAS on receipt of the join; when responding to the AN, the NAS indicates that the decision applies to the whole Multicast Flow-Group
Multicast Conditional Access
IETF69 ANCP WG 8
Multicast Admission ControlObjective: providing Access level Admission control for Multicast
traffic: before honoring a user request to join a new Flow admission control is performed to validate that there is enough bandwidth remaining on the access line to carry that flow
Three Scenarios: 1) Admission Control handled by AN
AN can be provisioned with the necessary Admission Control information (white/black lists) so the AN can then perform the admission control decisions autonomously
2) Admission Control handled by NASApplicability: multicast admission control decision needs to be
synchronized with unicast admission control that may be performed by the NAS or by a remote Policy Server
AN uses ANCP to query the NAS that responds to the AN indicating whether the join is to be honored or denied
IETF69 ANCP WG 9
Multicast Admission Control
3) Coarse-Grain Admission Control handled by NAS & Fine-Grain Admission Control handled by AN
With the notion of Flow-Groups the AN locally performs all the decisions for multicast flow change within a Flow-Group while the NAS only takes an admission control decision for the whole Multicast Flow-Group
IETF69 ANCP WG 10
Multicast Accounting
Objective: providing per-subscriber or per access-line time and/or volume Accounting records
When AN performs replication AN needs to provide NAS accurate information related to user starts/stops receiving a Multicast Flow, received volume, replication start and stop timestamps in order to allow NAS generating Accounting Records
IETF69 ANCP WG 11
Multicast Termination
Objective: providing the capability to dynamically stop Multicast replication based on external trigger
Applicability: stopping multicast replication when available prepaid
credit expires showing a "Content Preview": multicast content will be
delivered just for a fixed amount of time
NAS MUST be able to revoke the authorization previously granted to the AN to replicate the multicast flow
AN MUST stop replicating a multicast flow
IETF69 ANCP WG 12
Message Flow (1/7)
Provisioning AN with White/Black-Lists and Conditional Access with AN Decision
+-----+ +-----+ +-----+ +-----+ | CPE | | RG | | AN | | NAS | +-----+ +-----+ +-----+ +-----+ | | | Push_profile( | | | | Profile_ID) | | | DSL Synch. |<--------------------| | |--------------------->| | | | | PORT_UP(Port_ID) | | | |-------------------->| | | | | | | | PORT_MNGT(Port_ID, | | | | Profile_ID) | | | |<--------------------| | JOIN(White-Fl) | | |---------------+--------------------->| | | Mcast-Flow White-Fl1 | | |<--------------+----------------------| | | | | | | LEAVE(White-Fl) | | |---------------+--------------------->| | | | | | | JOIN(Black-Fl) | | |---------------+--------------------->| | | | | | No Flow
IETF69 ANCP WG 13
Message Flow (2/7)
Provisioning AN with Multicast Flow-Groups
+-----+ +-----+ +-----+ +-----+ | CPE | | RG | | AN | | NAS | +-----+ +-----+ +-----+ +-----+ | | | Push_Membership( | | | | FGid, Fl i, Fl j) | | | |<-----------------------|
IETF69 ANCP WG 14
Message Flow (3/7)
Multicast Flow with NAS decision, without accounting, without Policy Server Synchronization
+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) |Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------| | | | | | | | | | | Leave(Fl1) |Admission | | | |-----------+------ --->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | | | | | | | | | | | Join(Fl2) |Admission | | | |-----------+---------->|Request(Fl2,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | |Admission | | | | | | Response | | | | Mcast-Flow Fl2 |<-----------| | | |<----------+-----------| | | | | | | | | | | | | | | | | Leave(Fl2) |Admission | | | |-----------+---------->|Release(Fl2,| | | | | | Port_Id) | | | | | |----------->| | |
IETF69 ANCP WG 15
Message Flow (4/7)
Multicast Flow with NAS decision, with accounting, without Policy Server Synchronization
+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response(A)| | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| Start Accounting | | | | | (Port_Id,Fl 1) | | Leave(Fl1) | Admission |-----------+----------->| |-----------+---------->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| Stop Accounting | | | | | (Port_Id,Fl 1) | | | | |-----------+----------->| | | | | | | | Join(Fl2) | Admission | | | |-----------+---------->|Request(Fl2,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response(A)| | | | Mcast-Flow Fl2 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl2)| | | | | |----------->| Start Accounting | | | | | Port_Id,Fl 2 | | Leave(Fl2) | Admission |-----------+----------->| |-----------+---------->|Release(Fl2,| | | | | | Port_Id) | | | | | |----------->| Stop Accounting | | | | | (Port_Id,Fl 2) | | | | |-----------+----------->| (A) = Accounting_Required flag set
IETF69 ANCP WG 16
Message Flow (5/7)
Multicast Flow with NAS decision, without accounting, without Policy Server Synchronization, with AAA Server Multicast Authorization
+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id) | | | | | |----------->| AAA Authorization | | | | | (Port_Id,Fl 1) | | | | |------------+---------->| | | | Admission | AAA Response | | | | Response |<-----------+-----------| | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| | | | Leave(Fl1) | Admission | | | |-----------+---------->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | | | | | | | | | |
IETF69 ANCP WG 17
Message Flow (6/7)
Multicast Flow Replication Stop with accounting without Policy Server Synchronization
+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl 1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | |Response(A) | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| Start Accounting | | | | | (Port_Id,Fl 1) | | | | |-----------+----------->| | | | | | | | | | | | | | | | | | | | | | |Quota Expired(PortId,Fl1| | | | |<----------+------------| | | | Admission | | | | | | Teardown() | | | | | |<-----------| | | | | |Replication | | | | | |Stop(Port_Id| | | | | | ,Fl1)| | | | | |----------->| | |
IETF69 ANCP WG 18
Message Flow (7/7)Multicast Flow-Group with NAS decision, without accounting, without Policy Server
Synchronization +-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl 1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | |Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | |Response(FG1| | | | | | | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------| | | | | | | | | | | | | | | | | Leave(Fl 1) | | | | |-----------+---------->| | | | | | | | | | | Join(Fl 2) | | | | |-----------+---------->| | | | | Mcast-Flow 2 | | | | | | | | | | |<----------+-----------| | | | | Leave(Fl 2) | | | | |-----------+---------->| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |Reservation | | | | | |Release(FG1)| | | | | |----------->| | | | | | | | | | | | | | | | | | | | |
IETF69 ANCP WG 19
Proposals
• Incorporate Multicast use cases and Protocol Requirements in ANCP Framework Internet Draft
• Incorporate Message Flow in ANCP Protocol Internet Draft
IETF69 ANCP WG 20
Questions/Discussion
Thanks!
IETF69 ANCP WG 21
Multiaaa Framework
+-------------------------------+ | user | |+- - - - - - - - - - - - - - -+| || CPE || || || |+- - - - - | - - - - - - - - -+| +-----------|-------------------+ | -------|------ IFa | +-----------|-----------------------+ |+- - - - - |- - _+ + - - - - - + | ||TS | | | | | | | +------|-+ | +--------+ | || | AN | | | | | mRACF || | | | | | | | | || +------|-+ | | | +---|----+| | | | | | | | | | | | IFd----- | | | | | IFb | | | || +------|---+ | | | +---|----+| | | | |---|---| mAAA | | || | NAS | | | | |(CAPCF*)|| | | +----------+ | +--------+ | ||+- - - - - - - -+ - - |- - - - -+ | +-----------------------|-----------+ | -------|------ IFc | +-----------------------|-------+ | CP +---------+ | | | CP-AAA | | | +---------+ | +-------------------------------+