IETF69 ANCP WG 1

ANCP Multicast Handling draft-maglione-ancp-mcast-00.txt

R. Maglione, A. Garofalo - Telecom ItaliaF. Le Faucheur, T. Eckert - cisco Systems

IETF69 ANCP WG 2

Objectives

Describing ANCP Multicast use cases, protocol requirements and Message Flows

Enabling the combination of NAS and AN to functionally behave as one single black box, when replication is performed by the AN, without any loss of functionality compared to if replication was performed on NAS

Enabling the necessary information to be provided by NAS to the AN to perform multicast admission decision locally when possible and allowing the AN to query the NAS when further decisions are needed

IETF69 ANCP WG 3

Use Cases

1. Multicast Conditional Access2. Multicast Admission Control3. Multicast Accounting4. Multicast Termination

IETF69 ANCP WG 4

Multicast Conditional Access Objective: providing Network level access control for Multicast

traffic: before honoring a user request to join a new flow, conditional access validation is performed to validate that this user is allowed to access this flow

Two possible alternatives also described in Multiaaa Framework (draft-ietf-mboned-multiaaa-framework-04):

Policy push model: AAA repository pushes policies down into NAS, and then NAS pushes these policies into AN

Policy pull model: Network Service Provider AN sends an authorization query to the Content Provider mAAA server

Three Scenarios:1. Decision taken by AN2. Decision taken by NAS (or by AAA Server)3. Coarse-Grain Decision taken by NAS & Fine-Grain Decision

taken by AN

IETF69 ANCP WG 5

Multicast Conditional Access 1) Decision taken by AN

AN can be provisioned with the necessary conditional access information (white/black lists) so the AN can then perform the conditional access decisions autonomously

NAS uses ANCP to provision the necessary information in the AN so that the AN can then perform conditional access enforcement locally (Policy push model)

White Lists: identity the Multicast Flows for which the AN can autonomously start replicating multicast traffic without requesting further authorization to the NAS

Black Lists: identify the Multicast Flows for which the AN autonomously knows that is not authorized to start replicating multicast traffic

For all Multicast Flows that do not belong to white or black lists AN needs to query NAS for further decision

IETF69 ANCP WG 6

2) Decision taken by NAS or by AAA ServerApplicability: conditional access control tied to complex

policy/authorization mechanism, time of day access, or location based access or to invoke a remote authorization server for very sensitive contentsApplications like: video conferencing, over the top video, Prepaid Service, Nomadic usersScenarios where Network Service Provider and Content Service Provider are two separate entities

AN uses ANCP to query the NAS, that responds to the AN indicating whether the join is to be honored or denied (Policy-pull model)

Multicast Conditional Access

IETF69 ANCP WG 7

3) Coarse-Grain Decision taken by NAS & Fine-Grain Decision taken by AN

Multicast Flow-Group: A set of same bandwidth multicast flows sharing the same conditional access policyThe decision for multicast Flow change within a Flow-Group is

handled by the AN, and NAS only take a conditional access decision for the whole Multicast Flow-Group

AN uses ANCP to query the NAS on receipt of the join; when responding to the AN, the NAS indicates that the decision applies to the whole Multicast Flow-Group

Multicast Conditional Access

IETF69 ANCP WG 8

Multicast Admission ControlObjective: providing Access level Admission control for Multicast

traffic: before honoring a user request to join a new Flow admission control is performed to validate that there is enough bandwidth remaining on the access line to carry that flow

Three Scenarios: 1) Admission Control handled by AN

AN can be provisioned with the necessary Admission Control information (white/black lists) so the AN can then perform the admission control decisions autonomously

2) Admission Control handled by NASApplicability: multicast admission control decision needs to be

synchronized with unicast admission control that may be performed by the NAS or by a remote Policy Server

AN uses ANCP to query the NAS that responds to the AN indicating whether the join is to be honored or denied

IETF69 ANCP WG 9

Multicast Admission Control

3) Coarse-Grain Admission Control handled by NAS & Fine-Grain Admission Control handled by AN

With the notion of Flow-Groups the AN locally performs all the decisions for multicast flow change within a Flow-Group while the NAS only takes an admission control decision for the whole Multicast Flow-Group

IETF69 ANCP WG 10

Multicast Accounting

Objective: providing per-subscriber or per access-line time and/or volume Accounting records

When AN performs replication AN needs to provide NAS accurate information related to user starts/stops receiving a Multicast Flow, received volume, replication start and stop timestamps in order to allow NAS generating Accounting Records

IETF69 ANCP WG 11

Multicast Termination

Objective: providing the capability to dynamically stop Multicast replication based on external trigger

Applicability: stopping multicast replication when available prepaid

credit expires showing a "Content Preview": multicast content will be

delivered just for a fixed amount of time

NAS MUST be able to revoke the authorization previously granted to the AN to replicate the multicast flow

AN MUST stop replicating a multicast flow

IETF69 ANCP WG 12

Message Flow (1/7)

Provisioning AN with White/Black-Lists and Conditional Access with AN Decision

+-----+ +-----+ +-----+ +-----+ | CPE | | RG | | AN | | NAS | +-----+ +-----+ +-----+ +-----+ | | | Push_profile( | | | | Profile_ID) | | | DSL Synch. |<--------------------| | |--------------------->| | | | | PORT_UP(Port_ID) | | | |-------------------->| | | | | | | | PORT_MNGT(Port_ID, | | | | Profile_ID) | | | |<--------------------| | JOIN(White-Fl) | | |---------------+--------------------->| | | Mcast-Flow White-Fl1 | | |<--------------+----------------------| | | | | | | LEAVE(White-Fl) | | |---------------+--------------------->| | | | | | | JOIN(Black-Fl) | | |---------------+--------------------->| | | | | | No Flow

IETF69 ANCP WG 13

Message Flow (2/7)

Provisioning AN with Multicast Flow-Groups

+-----+ +-----+ +-----+ +-----+ | CPE | | RG | | AN | | NAS | +-----+ +-----+ +-----+ +-----+ | | | Push_Membership( | | | | FGid, Fl i, Fl j) | | | |<-----------------------|

IETF69 ANCP WG 14

Message Flow (3/7)

Multicast Flow with NAS decision, without accounting, without Policy Server Synchronization

+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) |Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------| | | | | | | | | | | Leave(Fl1) |Admission | | | |-----------+------ --->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | | | | | | | | | | | Join(Fl2) |Admission | | | |-----------+---------->|Request(Fl2,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | |Admission | | | | | | Response | | | | Mcast-Flow Fl2 |<-----------| | | |<----------+-----------| | | | | | | | | | | | | | | | | Leave(Fl2) |Admission | | | |-----------+---------->|Release(Fl2,| | | | | | Port_Id) | | | | | |----------->| | |

IETF69 ANCP WG 15

Message Flow (4/7)

Multicast Flow with NAS decision, with accounting, without Policy Server Synchronization

+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id)| | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response(A)| | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| Start Accounting | | | | | (Port_Id,Fl 1) | | Leave(Fl1) | Admission |-----------+----------->| |-----------+---------->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| Stop Accounting | | | | | (Port_Id,Fl 1) | | | | |-----------+----------->| | | | | | | | Join(Fl2) | Admission | | | |-----------+---------->|Request(Fl2,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | | Response(A)| | | | Mcast-Flow Fl2 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl2)| | | | | |----------->| Start Accounting | | | | | Port_Id,Fl 2 | | Leave(Fl2) | Admission |-----------+----------->| |-----------+---------->|Release(Fl2,| | | | | | Port_Id) | | | | | |----------->| Stop Accounting | | | | | (Port_Id,Fl 2) | | | | |-----------+----------->| (A) = Accounting_Required flag set

IETF69 ANCP WG 16

Message Flow (5/7)

Multicast Flow with NAS decision, without accounting, without Policy Server Synchronization, with AAA Server Multicast Authorization

+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id) | | | | | |----------->| AAA Authorization | | | | | (Port_Id,Fl 1) | | | | |------------+---------->| | | | Admission | AAA Response | | | | Response |<-----------+-----------| | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| | | | Leave(Fl1) | Admission | | | |-----------+---------->|Release(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | | | | | | | | | |

IETF69 ANCP WG 17

Message Flow (6/7)

Multicast Flow Replication Stop with accounting without Policy Server Synchronization

+-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl 1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | | Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | |Response(A) | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------|Replication | | | | | |Start(PortId| | | | | | ,Fl1)| | | | | |----------->| Start Accounting | | | | | (Port_Id,Fl 1) | | | | |-----------+----------->| | | | | | | | | | | | | | | | | | | | | | |Quota Expired(PortId,Fl1| | | | |<----------+------------| | | | Admission | | | | | | Teardown() | | | | | |<-----------| | | | | |Replication | | | | | |Stop(Port_Id| | | | | | ,Fl1)| | | | | |----------->| | |

IETF69 ANCP WG 18

Message Flow (7/7)Multicast Flow-Group with NAS decision, without accounting, without Policy Server

Synchronization +-----+ +-----+ +-----+ANCP +-----+ +------+ +------+ | CPE | | RG | | AN |<--->| NAS | |Policy| |Radius| +-----+ +-----+ +-----+ +-----+ +------+ +------+ | | | | | | | Join(Fl 1) | Admission | | | |-----------+---------->|Request(Fl1,| | | | | |Port_Id) | | | | | |----------->| | | | | | | | | | | | Admission | | | | | |Response(FG1| | | | | | | | | | Mcast-Flow Fl1 |<-----------| | | |<----------+-----------| | | | | | | | | | | | | | | | | Leave(Fl 1) | | | | |-----------+---------->| | | | | | | | | | | Join(Fl 2) | | | | |-----------+---------->| | | | | Mcast-Flow 2 | | | | | | | | | | |<----------+-----------| | | | | Leave(Fl 2) | | | | |-----------+---------->| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |Reservation | | | | | |Release(FG1)| | | | | |----------->| | | | | | | | | | | | | | | | | | | | |

IETF69 ANCP WG 19

Proposals

• Incorporate Multicast use cases and Protocol Requirements in ANCP Framework Internet Draft

• Incorporate Message Flow in ANCP Protocol Internet Draft

IETF69 ANCP WG 20

Questions/Discussion

Thanks!

IETF69 ANCP WG 21

Multiaaa Framework

+-------------------------------+ | user | |+- - - - - - - - - - - - - - -+| || CPE || || || |+- - - - - | - - - - - - - - -+| +-----------|-------------------+ | -------|------ IFa | +-----------|-----------------------+ |+- - - - - |- - _+ + - - - - - + | ||TS | | | | | | | +------|-+ | +--------+ | || | AN | | | | | mRACF || | | | | | | | | || +------|-+ | | | +---|----+| | | | | | | | | | | | IFd----- | | | | | IFb | | | || +------|---+ | | | +---|----+| | | | |---|---| mAAA | | || | NAS | | | | |(CAPCF*)|| | | +----------+ | +--------+ | ||+- - - - - - - -+ - - |- - - - -+ | +-----------------------|-----------+ | -------|------ IFc | +-----------------------|-------+ | CP +---------+ | | | CP-AAA | | | +---------+ | +-------------------------------+