Transcript COPS

COPS
Common Open Policy Service
Vemuri Namratha
Kandaswamy Balasubramanian
Venreddy Nireesha
COPS
Introduction
 Architecture
 Models
 Operations
 Applications
 Event flows, message formats
 Issues
 Questions

Introduction
COPS is a simple query and response protocol,
used to exchange information between PDP and
PEP
PDP : Policy Enforcement Point
Routers
PDP : Policy Decision Point
Servers containing policy statements
What are Policies
The Basic regulations negotiated for
ensuring Qos to the users.
 Like allocation of Resources, Priorities and
hierarchal authorization.etc

COPS
Client and Server model.
 Allocation of resources to desired
priorities of services.
 COPS with RSVP
 Uses TCP as transport protocol for
message passing.

ARCHITECTURE
Human network
manager
PEP
COPS
COPS
Policy editor
PDP
Policy
Mgmt
Tool
Policy
console
PEP
PEP
COPS
Policy
repository
PURPOSE

COPS allows the router (PEP) to communicate
with PDP about the allocation of requested
resources for different kinds of traffic

Admission control: Sees if there are enough
resources to satisfy the request

Policy control: Whether the request should be
considered. Considers priority.
Client Types
COPS-PR
"COPS Usage for Policy Provisioning" is the protocol that
is used when policy decisions are "pushed" from the
PDP to PEPs. In this provisioning model PDP can send
policy decisions to PEPs without having specific request
from PEP.
COPS_RSVP
"COPS Usage for RSVP" is the protocol that is used
when policy decision is "pulled" from PDP. When an
RSVP message requiring a policy decision is received by
PEP the relevant RSVP objects from the message are
put into a COPS Request message, which is sent to
PDP. The PDP determines what to do with RSVP
message and sends a COPS Decision message back to
the PEP,
MODELS
Outsourcing:




The PEP always explicitly asks the PDP for a
given amount of resources
Flexibility and Efficiency
Resource allocation requests are properly
aggregated
Aggregate state information is kept in PDP/BB
Provisioning model



More scalable
Inflexibility : difficult to handle modification of
configuration.
Not explicitly customized to handle dynamic QoS
COPS The way it works..
PEP is responsible for initiating a
persistent TCP connection to a PDP.
 The PEP uses this TCP connection to
send requests
 Communication between the PEP and
remote PDP is mainly a request/decision
exchange.
 Sometimes unsolicited decision

PEP’S Responsibilities
The PEP has to report to the PDP about
successful enforcement of the decision.
 The PEP is responsible for notifying the
PDP when a request state has changed.
 In simple words….it needs to keep things
synchronized i.e keep the PDP informed.
 And also local policy decision via its Local
Policy Decision Point (LPDP)

Messages/Requests/Decisions
request states
 the type of request
 previously installed requests
 policy decisions
 error reports
 client information.

The Context of Request
The context of each request corresponds
to the type of event that triggered it .
 COPS identifies three types of events:
(1) the arrival of an incoming message
(2) allocation of local resources
(3) the forwarding of an outgoing message.

Message Format

Each COPS message consists of the
COPS header followed by a number of
typed objects.
The fields in the header are:
Version: 4 bits COPS version number.
Current version is 1.
 Flags: 0x1 Solicited Message Flag Bit 0
otherwise.
 Op Code: 8 bits (Explained in next slide).
 Client-type: 16 bits
 Message Length: 32 bits

Op Code: 8 bits The COPS
operations:










1 = Request (REQ)
2 = Decision (DEC)
3 = Report State (RPT)
4 = Delete Request State (DRQ)
5 = Synchronize State Req (SSQ)
6 = Client-Open (OPN)
7 = Client-Accept (CAT)
8 = Client-Close (CC)
9 = Keep-Alive (KA)
10= Synchronize Complete (SSC)
Better Explained with an
application
IP-Telephony VOIP
 We need to assure Qos to the users.

Now lets look at the message flow.
APPLICATION (IP-TELEPHONY)
MESSAGE FLOW
MESSAGE FLOWS









Client Open (CO)
Client Accept (CA)
Client Close (CC)
Request (REQ)
Decision (DEC)
Report State (RPT)
Synchronize State Request (SSQ)
Synchronize State Complete (SSC)
Keep Alive (KA)
PEP->PDP
PEP->PDP
PEP<->PDP
PEP->PDP
PDP->PEP
PEP->PDP
PDP->PEP
PEP->PDP
PEP<->PDP
EVENT FLOW
CALL FLOW EXPLAINED
PDPAgent: The functional unit which
supports PDP threads.
 PDPThread:Currently Excuted PDP
program, on the state of execution
 COSPIntf: COPS and OSP interface
 OSP: Open Settlement Protocol

STATE DIAGRAM
Issues and Extensions
Issues related to COPS
Scalability issues in heterogenous
networks
 PDP only control limited number of PEP
devices within a domain
 Inter vendor COPS compatibility is less.
 Not directly transferable among PDPs
 No load sharing and balancing
mechanisms at PDP

Good Thing??! About COPS
According to RFC 2748 and net archives.
 So far No vulnerability has been listed.
 There have been claims for Denial of
Service attacks….but no authenticate
reports.

Extension to COPS protocol
COPS-ODRA is a Outsourcing
Differentiated Resource Allocation
 COPS-DRA is Differentiated Resource
Allocation

COPS-ODRA
ODRA stands for Outsourcing Diffserv
Resource Allocation .
 Dynamic Admission Control and resource
Management in a Differentiated Services
network.
 COPS ODRA protocol is used on
interface between the Edge Router and
the admission / policy control server

COPS vs COPS-ODRA:
COPS
 allocation made by the PEP based on local
resources, the PDP is in charge to authorize or
deny.
 specific for RSVP
COPS-ODRA
 resource allocation refers to domain-wide
resources .
 PDP is in control of these resources
 This allows Dynamic Allocation.
COPS-DRA
COPS DRA (Diffserv Resource Allocation)
 Dynamic Admission Just like ODRA but
has additional flexibility. (Explained later)
 COPS DRA protocol is also used on
interface between the Edge Router and
the admission / policy control server.

COPS-DRA Architecture
Important Use of COPS-DRA
COPS has two different models
1. Outsourcing
2. Provisioning
 COPS-DRA can exploit both the models
easily and can be set to follow either way.
While ODRA is specifically meant for
Outsourcing model.

Questions
1.

2.
3.

Where is the policy configuration information
stored and maintained?
(Explanations about Policy server, Policy
repositoty and network administrator).
What is the protocol used in conjunction with
which COPS outsources the policy decisions
from a router to the server?
(Explanation about COPS and RSVP)
What is meant by ‘State-sharing’ in COPS?
As long as PDP and PEP are connected,TCP
messages are being sent, no other process
can make changes to PEP configuration.
REFERENCES

http://www.ietf.org/proceedings/99mar/slides/rap
-cops-99mar/sld002.htm

http://www.coritel.it/publications/IP_download/icc
2001.pdf

http://www.coritel.it/projects/copsbb/Download/cops-dra-2.PDF

http://www.coritel.it/projects/copsbb/Download/draft-salsano-issll-cops-odra-00.txt
QUESTIONS?
THANKYOU