230 likes | 331 Views
TCP/IP based TML (Transport Mapping Layer) for ForCES Protocol. Hormuzd Khosravi Shuchi Chawla Furquan Ansari Jon Maloy 62 nd IETF Meeting, Minneapolis. Topics. TCP/IP TML Overview CE-FE Communication Channels Unicast and Multicast Messaging TML Messaging TML Service Interface
E N D
TCP/IP based TML (Transport Mapping Layer) for ForCES Protocol Hormuzd Khosravi Shuchi Chawla Furquan Ansari Jon Maloy 62nd IETF Meeting, Minneapolis
Topics • TCP/IP TML Overview • CE-FE Communication Channels • Unicast and Multicast Messaging • TML Messaging • TML Service Interface • TML Service Interface Usage • Channel Setup • Multicast Support • Opens • Summary
TCP/IP TML Overview • Reliability: TCP/IP as transport provides reliability • Congestion Control: TCP/IP as transport provides congestion control • Security: Use of TLS provides desired security • Addressing: • Unicast: standard use of TCP/IP channels • Multicast: simulated over unicast channels
TCP/IP TML Overview (contd.) • Prioritization: • Scheduling within TML over a channel • Use of separate data and control channels • Encapsulations: Propose use of a TML header for PL messages and messages it generates [requirement for a TML header under investigation] • High Availability: • TML Heartbeats [under investigation, may not be required if PL heartbeat exists] • Channels setup between active and standby CEs to an FE • Protection (Mitigation) Against DoS Attacks: • Separation of data and control messaging via use of separate channels • Prioritization of control messages
CE-FE Communication Channels CE PL CE TML (Server) TCP Data Channel (Cd) TCP Control Channel (Cc) FE TML (Client) FE TML (Client) FE TML (Client) FE PL FE PL FE PL FEN FE1 FE2 TCP Control Channel TCP Data Channel
CE-FE Communication Channels (contd.) • Separate control and data channels • CE listens for channel setup by FE on well-defined (server) port • Channel setup initiated by FE (client) • Channel shutdown may be initiated by either CE or FE • Control and data channels between each CE (active/standby) and each FE • Prioritization of messages over the channels
Unicast and Multicast Messaging • Unicast and multicast messaging supported over unicast communication channels • Simulated Multicast Support: • Multicast join/leave messages sent over control channel [under investigation: model may change from receiver initiated to CE configured] • Using multiple unicast channels • Mimic behavior of Traditional Multicast: • Multicast group information obtained through configuration • Receiver initiated multicast tree setup [under investigation: model may change from receiver initiated to CE configured] • CE: root/source of multicast tree • FE: leaf/receiver of multicast tree
Unicast and Multicast Messaging • Unicast versus multicast message distinguished via the channel/group descriptor used when sending message
TML Messaging • TML transports: • PL control messages • PL data messages • TML control messages [under investigation if any control messages are required – may be transported over a separate TML control channel] • Minimal/Shim TML Header used for de-multiplexing messages [under investigation if TML header is required] • Flag: Protocol flag for de-muxing PL/TML messages • Version: TML Version • Message Type: Different TML Messages (e.g. Join/Leave) • Message length: Length of TML message only (not of entire payload)
TML Service Interface • Provides a service interface to an upper layer protocol (PL) • Support for: • Channel setup and shutdown • Multicast group join and leave • Write/send message (unicast or multicast) • Read/receive message
TML Service Interface (contd.) • tmlInit: Enable establishment of channels. [CE] • tmlOpen: Set up a unicast channel. [FE] • tmlClose: Shut down a unicast channel. [CE or FE] • tmlWrite: Send a message over a channel. [CE or FE] • tmlRead: Read a message over a channel. [CE or FE] • tmlMulticastGroupJoin: Join a multicast group. [FE] • tmlMulticastGroupLeave: Leave a multicast group joined previously. [FE]
TML Service Interface Usage: Channel Setup FE PL FE TML CE TML CE PL tmlInit (Cc) CE init/ boot up tmlInit (Cd) tmlOpen(Cc) Setup control channel TCP ctrl chan (Cc) setup tmlEvent (CcUp) tmlEvent (CcUp) CcDes CcDes tmlOpen(Cd) TCP data chan (Cd) setup Setup data channel tmlEvent (CdUp) tmlEvent (CdUp) CdDes CdDes Association, capability, topology info STEADY STATE OPERATION tmlWrite (CcDes) tmlRead(CcDes)
TML Service Interface Usage: Multicast Support [under investigation] FE1 PL FE1 TML CE TML CE PL STEADY STATE OPERATION tmlMcGrpJoin 1st join req. for McGrp. Create grp. Multicast group join Join multicast group Join upcall Join ok Grp X = {FE1} Write to McGrp X msg sent to FE1 only tmlWrite (X) FE2 PL FE2 TML CE TML CE PL tmlMcGrpJoin 2nd join req. for McGrp X. Update grp. members Multicast group join Join multicast group Join upcall Join ok Grp X = {FE1, FE2} Write to McGrp X msg sent to FE1 and FE2 tmlWrite (X)
TML Service Interface Usage: Multicast Support (contd.) [under investigation] FE2 PL FE2 TML CE TML CE PL STEADY STATE OPERATION tmlMcGrpLeave Update grp. members Multicast group leave Leave multicast group Leave upcall Leave ok Grp X = {FE1} Write to McGrp X msg sent to FE1 only tmlWrite (X)
Opens/Under investigation • Broadcast messaging model • Detailed High Availability model • Details on message prioritization • TML Messaging/Encapsulations: Are TML control messages required? • Multicast Model: Receiver initiated versus CE configured
Summary • TCP/IP based TML for ForCES protocol: • TCP/IP is widely deployed and meets TML requirements • Provides a Service Interface for PL • Areas missing in previous draft that have been addressed in this version: • Connection setup • Uni/Multicast support • TML messaging/encapsulations • Service Interface • Request: “TCP/IP based TML for ForCES Protocol” be made a Working Group draft
Problem Statement • Requirements RFC 3654 – “Protection against Denial of Service Attacks (based on CPU overload or queue overflow) -Systems utilizing the ForCES protocol can be attacked using denial of service attacks based on CPU overload or queue overflow. The ForCES protocol could be exploited by such attacks to cause the CE to become unable to control the FE or appropriately communicate with other routers and systems. The ForCES protocol MUST therefore provide mechanisms for controlling FE capabilities that can be used to protect against such attacks. FE capabilities that MUST be manipulated via ForCES include the ability to install classifiers and filters to detect and drop attack packets, as well as to be able to install rate limiters that limit the rate of packets which appear to be valid but may be part of an attack (e.g., bogus BGP packets).”
Possible Solutions • Basic Idea – Separation of data and control messages • Data messages are control protocol packets such as RIP, OSPF, BGP packets. All other messages considered control messages • Solution 1 – Different Transport connections • Use different congestion aware transport protocol connections for data and control messages • Solution 2 – Different Prioritization • Assign higher priority to control messages and use scheduling mechanisms in protocol to differentiate
Experimental Setup • Used IXIA box as packet generator and Linux PCs as CE, FE connected using 100 Mbps Ethernet links • Basic implementation consisting of multi-threaded client/server on Linux using pthreads (RR scheduling for threads) • Increased data connection rate to simulate DoS Attack
Experimental Results • Using TCP for control and UDP for data messages (with and without prioritization for control) • Results show UDP (data) overwhelms TCP (control) traffic during DoS attack, prioritization of No help With Prioritization
Experimental Results (contd..) • Using TCP for control and TCP for data messages (with and without prioritization for control • Results show control traffic is not overwhelmed by data traffic during DoS attack, prioritization helps improve the performance (by 5%) With Prioritization
Protocol for Data Channel • May need further investigation • Other options: • Datagram Congestion Control Protocol (DCCP) • Provides congestion control but not reliable (which satisfies requirements for data channel) • Experimented with this but no stable implementation available at this point • Generic Routing Encapsulation (GRE) Tunneling • Encapsulate data packets in a GRE header data channel is a GRE tunnel • Rate limiting may be done by the FE to provide support for congestion control • Consider other tunneling protocols