Obtaining the QoS You Need From Windows Hosts and Attached

Download Report

Transcript Obtaining the QoS You Need From Windows Hosts and Attached 

Diff Serv and QoS
Support in Microsoft Hosts
Peter S. Ford
[email protected]
NANOG, 8 June 1998
Agenda
 Why QoS?
 Role of Hosts in providing QoS
 Microsoft NT QoS Components
NANOG, 8 June 1998
Slide 2
Diff Serv WG Observation
 “100s of Bald Men arguing
over 8 Combs” - An Internet Wag
NANOG, 8 June 1998
Slide 3
What Needs QoS?
 VPNs over the Internet
 High value traffic - branch offices and
telecommuters
 Easy to do with static config of filter lists
 Current focus of Industry Buzz
 Applications sensitive to packet loss




SAP, SQL, RPC, SNA, DEC LAT, …
Web “RPC” - HTTP get
Audio over RTP/UDP - Voice over IP
Many of these are harder to do with static
configurations based on layer 3 filters
NANOG, 8 June 1998
Slide 4
Hosts and QoS
 QoS, Diff Serv, etc. enhance carriage of
application bits over the network
 In many cases only the hosts/apps
have knowledge of QoS needs
 Certain web pages have priority
 ports are not enough to classify traffic
 End to end IP security
 there are no ports to look at
 Hosts have an important role in the
evolving QoS landscape
NANOG, 8 June 1998
Slide 5
Managing Resource
Allocation In The Network
 Current IP networks are “Best Effort” (BE) Standby Model w/in-flight bumping
 “QoS Enabled Networks” - Network
Resources allocated btw BE and “more
important” traffic (e.g. queue, priority,
bandwidth, etc.)
 Hosts signal network and request resource
for entitled users/applications subject to
Network Admission Control
 Net Admins Authorize and Prioritize access
to resources based on user application
NANOG, 8 June 1998
Slide 6
QoS Mechanisms Exploited
 Precedence/Priority
 IP TOS/Precedence bits (layer 3)
 tracking where differentiated
services ends up ...
 IEEE 802.1p (layer2)
 Application Flows can be isolated,
prioritized and scheduled by the
Stack
 Signaling into Network (RSVP, ATM)
 Network Admins configure QoS
Policy on hosts and in the network
NANOG, 8 June 1998
Slide 7
Microsoft QoS Components
LDAP for
Policies
QoS-aware Network mgmt.
application
application
QoS SP
TCI API
TCP/IP
Packet
Scheduler
ACS/SBM
Netcards
Packet classifier
Directory
Services for WinSock2 QoS
QoS Policy API
Storage
Routers/Switches
NANOG, 8 June 1998
Slide 8
DS based QoS Networking
Receiver
FTP
Netmeeting
RSVP
Traffic
control
802.1p
Priority
Prio=5
DS
RSVP PATH
1 Mbps
controlled load
\\redmond\userx
ISP
w/Diff Serv
Check
\\redmond\userx
ACS
Router
Packets Rescheduled
Prio=1
NANOG, 8 June 1998
Slide 9
Microsoft QoS Components
 WinSock 2 Generic QoS API
 Allows applications to request the QoS
they need, regardless of the
underlying mechanisms (RSVP, IP Priority, ...)
 QoS Signaling - End System to Network
 Explicit - RSVP with Policy Objects (e.g. user id)
 integrated with IPSEC
 Implicit - IP Diff Serv /IEEE 802.1p
 Traffic Control API w/Kernel Stack Support
 Kernel based queueing of traffic flows
 IP, IEEE 802.1P precedence/priority
 Admission Control Service
 QoS Directory Console for Network Admins
 In network policy enforcement
 Also adds L2 shared media management
NANOG, 8 June 1998
Slide 10
ACS Management Model
 Network Admin Administers QoS
Policies in the Directory Service
 User Object is extended to permit a
mapping from a User to a Group Profile
 e.g. Redmond\Bob -> Programmers
 Default policies at Organization Level
 “All users can reserve up to 500 Kbps”
 “Programmers get 100 Kbps”
 Enterprise-wide User, Profile policies
 Per Subnetwork Policies
 Individual Users and Group Profiles
NANOG, 8 June 1998
Slide 11
ACS Policy Operation
 Host RSVP service provider inserts RSVP
policy objects in RSVP messages
 Contains User Identity represented as an
encrypted DN {dc=com, dc=microsoft,
ou=redmond, n=bob}Ksession
 Security token to prove identity (kerberos ticket
for ACS service)
 Ticket encrypted in private key of ACS service
 Session Key (Ksession) is in Ticket
 Digital signature over RSVP message to avoid
policy object reuse (cut and paste)
 ACS servers in network authorize requests
 Crack ticket to get identity of requestor
 Check User’s Policy in the Directory
NANOG, 8 June 1998
Slide 12
In Summary
 Need many pieces of QoS picture to
satisfy customer requirements
 Diff Serv for ISPs and large networks
 Fine grain policy control
 Centralized management for QoS Policies
 both Diff Serv and RSVP signaled flows
 Use of Directory services
 RSVP may prove useful in many ways
 Internal provisioning of QoS - PASTE (Li
and Rehkter)
 Customer to ISP - dynamic signaling
instead of the desert of pre- provisioning
NANOG, 8 June 1998
Slide 13
Admission Control Services
Policy Functionality

Admission Control Servers
 part of RSVP process on a network server (NT, switch, router, etc.)
 implements RSVP and SBM
 ACS takes requests and tests against policy and/or resource limits

Hosts can use RSVP signaling
 Hosts on LANs also participate in SBM

Policies are maintained in the Directory (DS)





ACS uses LDAP to retrieve Policy Information from DS
ACS Policy is per subnetwork/per user
Can be abstracted to “per Enterprise/Per Group”
Enables approval/denial of resources based on user ID, time of day,
resource limits (bandwidth, priority, ...), etc.
Can Aggregate requests into priority groups at ISP/WAN
interfaces
 can “re-write” user id to corp id at ISP boundaries
NANOG, 8 June 1998
Slide 14
Extensibility of ACS Policy
Framework
 Can add new policy objects to RSVP
messages
 Can add new policy interpretation
modules to ACS servers
 API to call out to policy module
 Can extend ACS policy objects in the
Directory
 End Systems can pull policy down from
Directory to configure QoS
NANOG, 8 June 1998
Slide 15