Transcript Introduction

Differentiated Service
國立清華大學資訊工程學系 黃能富教授
E-mail: [email protected]
 All rights reserved. No part of this publication and file may be reproduced,
stored in a retrieval system, or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise, without prior
written permission of Professor Nen-Fu Huang (E-mail:
[email protected]).
Differentiated Service - 1
Outline
Introduction
Architecture for DS
Services
Per-Hub Behaviors (PHB’s)
Interoperability with legacy and
IntServ networks
Multicast issues
Security issues
Differentiated Service - 2
Existing Internet Services
Best-effort service
is insufficient from many perspectives
Multimedia applications require some sort of
delay and bandwidth guarantees
 Some VIP users can pay more for better service

Packet forwarding
routers are bottleneck
advanced switching technique

layer 3, layer 4, and higher?
Differentiated Service - 3
Integrated Service (IntServ)
Support per-flow end-to-end QoS
Guaranteed service
Controlled-load service
RSVP
Signaling protocol
Soft state
Receiver initiated reservation
Differentiated Service - 4
Some Concerns with IntServ
RSVP per-flow signaling and state
is too much.
Can core routers do switching ?
How to integrate with ATM ?
Differentiated Service - 5
What is Differentiated Service ?
Provide different levels of service with
scalability
Mark packets according to their service
requirement (DS codepoint)
Based on the mark, core routers apply
differentiated per-hop forwarding behavior
(PHB) (active queue management)
Only a limited number of PHB’s is defined, so
traffic aggregation is required
Edge routers do the heavy job: traffic
classification (marking), conditioning, ...
Differentiated Service - 6
Traffic Aggregates
Differentiated Service - 7
What is Differentiated Service ?
Features
 Keep the forwarding simple
Push complexity to edges of network
 Provide differentiated services
 Provide service without assumption of traffic
using it
 Provide service long-term and short-term
provision
 Allow the best effort traffic dominates the
Internet
Differentiated Service - 8
RSVP vs DiffServ
Source: Ben Teitelbaum, QBone Architecture
Differentiated Service - 9
Why Differentiated Service
Simpler than RSVP/IntServ
no per-flow signaling or state
More efficient core routers
limited number of service classes
Range of different packet handling
services and mapping possible
Supports VPNs
Ipsec ESP leaves the IP header un-encrypted
Differentiated Service - 10
Why Differentiated Service
Source: Chris Metz
Differentiated Service - 11
Quality of Service Approaches
Source: Chris Metz
Differentiated Service - 12
DiffServ Architecture
Source: Ben Teitelbaum, QBone Architecture
Differentiated Service - 13
DiffServ Architecture
Components
Packet classifier (BA, MF)
PHB (AF, EF)
Traffic conditioner (meter, marker, shaper,
policer, dropper)
Service provision, resource management
Service Level Agreement (SLA), Traffic
Conditioning Agreement (TCA)
Differentiated Service - 14
DiffServ Architecture Model
DiffServ Domain
A contiguous set of DS nodes which operate
with a common service provisioning policy
and set of PHB groups implemented on each
node.
DiffServ Region
A set of one or more contiguous DS domains.
Differentiated Service - 15
DiffServ Architecture Model
DS Region
Egress node
Interior node
Ingress node
Boundary node
DS Domain
Differentiated Service - 16
DiffServ Architecture Model
DS boundary nodes
interconnect the DS domain to other DS or
non-DS domains
perform traffic conditioning functions
Interior nodes
connect to other DS interior or boundary nodes
perform limited traffic conditioning functions
Differentiated Service - 17
DiffServ Architecture Model
DS ingress node
responsible for ensuring that the traffic
entering the DS domain conforms to any TCA
between it and the other domain
DS egress node
perform traffic conditioning functions to make
sure the forwarded traffic conforms to the TCA
DS boundary nodes act both as a DS ingress
node and as a DS egress node.
Differentiated Service - 18
DiffServ Architecture Model
Service
the overall treatment of a defined subset of a
customer’s traffic within a DS-domain or endto-end.
service providers combine PHB
implementations with traffic conditioners,
provisioning strategies and billing models
which enable them to offer services.
Providers and customers negotiate service level
agreements (SLA).
Differentiated Service - 19
Service Level Agreement (SLA)
SLA is a service contract between a customer and
a service provider
 a customer may be a user or DS domain
An important subset of SLA is Traffic
conditioning agreement (TCA)
SLA may also includes packet classification rules,
traffic conditioning, availability/ reliability,
encryption, routing constraints, authentication,
monitoring and auditing, pricing and billing, ….
Differentiated Service - 20
TCA
Specifies detailed service parameters for
each service level
performance parameters (delay, throughput, …)
traffic profiles
disposition of non-conforming traffic
marking
shaping
Differentiated Service - 21
Traffic Classifiers
Select packets based on the header
BA (Behavior Aggregate) Classifier

Classify packets based on DS codepoint only.
MF (Multi-Field) Classifier
 Classify packets based on a combination of one or
more header fields (source/destination address, DS
field, protocol, source/destination port).
 Fragment is an issue if classify based on transport
layer header.
Differentiated Service - 22
DS Codepoint
IPv4 TOS
(1349)
IPv6 uses the Traffic Class field (8-bit)
Differentiated Service - 23
DS Codepoint (DSCP)
Specify the service (PHB) a packet receives at a
node
CU: Currently Unused
Default(BE): 000000
xxx000 defined for backward compatibility with
IP precedence bits
Differentiated Service - 24
Traffic Profiles
Specifies the temporal properties of a traffic
stream selected by a classifier
codepoint = x, use token bucket r, b
In-profile packets may be allowed to enter the DS
domain without further conditioning
Out-of-profile packets may be queued until they
are in-profile (shaped), discarded (policed),
marked with a new codepoint (remarked), or
forwarded unchanged while triggering some
accounting procedure.
Differentiated Service - 25
Traffic Conditioners
Possible elements
 meter

measure temporal properties of a traffic stream against its
traffic profile specified by TCA
 marker


Set the DS field of a packet to a codepoint
codepoint is used to map to a PHB in the core network
 shaper

delay packets to bring the stream into compliance with
profile
 dropper

discard packets in a traffic stream to bring the stream into
compliance with profile
Differentiated Service - 26
Classifier and Conditioner
Meter
Classifier
Marker
Shaper/
Dropper
Differentiated Service - 27
Service Taxonomy
Qualitative services (質化）
 assurances offered are relative and can only be
verified by comparison.
 e.g., delivered with low latency or low loss
Quantitative services (量化）
 provide concrete guarantees and could be measured
irrespective of any other services
 e.g., 90% of in-profile traffic will be delivered with
no more than 50msec latency.
Differentiated Service - 28
Service Taxonomy
Relative quantification service
Traffic offered at service level E will be allotted
twice the bandwidth of traffic delivered at
service level F.
Traffic with drop precedence AF12 has a higher
probability of delivery than traffic with drop
precedence AF13.
It will be necessary to specify quantitative
policing profiles for quantitative service.
Differentiated Service - 29
Scope of Service
Topological extent over which the service
is offered
 all traffic from ingress point A to any egress point.
 all traffic between ingress point A and egress point B.
 all traffic from ingress point A to a set of egress points.
Scope of service is part of the SLA governing
ingress point A.
Several issues on services governing received
traffic (all traffic between any ingress point and
egress point B).
Differentiated Service - 30
Dynamic vs. Static SLAs
Static SLA
 norm at the present time
 specify a period of time when the SLA is valid
(may be periodically renegotiated)
Dynamic SLA
may change due to traffic load fluctuations
SLA is applied to aggregates of traffic, should
not be changed just due to flows added or
deleted.
Differentiated Service - 31
Functionality at DiffServ Routers
Source: Chris Metz
Differentiated Service - 32
Functionality at Provider’s Ingress
Police traffic according to TCA
DS-Mark : Profile : Disposition of nonconforming traffic
Disposition
 remark to a lower service level
 delay in shaper
 drop
BA Classifier
 each class is metered for conformance
 following the profiler, dropper, shaper or remarker may be employed.
Differentiated Service - 33
Functionality at Customer’s Egress
Marking
It is preferable for the customer to mark
(called pre-mark) its own traffic

mark by source host or intermediate nodes in the
source domain
Shaping
shape per service level at egress to avoid
undesirable policing consequences at
provider’s ingress.
May want to do per-flow shaping to avoid
misbehaving flows
Differentiated Service - 34
Functionality at Provider’s Egress
May have a peer DS domain connected to
the egress
 may be required to remark, police,
and/or shape the traffic.
 May provide value added functions,
such as per-flow policing.
Differentiated Service - 35
Functionality at Interior Nodes
Should be simple classification plus queuing
management.
Complex classification and traffic
conditioning functions are not precluded.
Due to restrictive access policies on a link, MF
classifier and traffic conditioning functions may
be required at the upstream node of the link.
This will not scale up !
Differentiated Service - 36
Per-Hop Behaviors (PHB)
A description of externally observable forwarding
behavior of a DS node applied to a particular DS
behavior aggregate.
The PHB is the means by which a node allocates
resources to behavior aggregates.
PHBs may be specified in terms of their resource
priority to other PHBs, or their relative
observable traffic characteristics.
PHBs may also be specified in minimum
bandwidth allocation.
Differentiated Service - 37
Assured Forwarding PHB Group
PHB group
A set of one or more PHBs that can only be
meaningfully specified and implemented
simultaneously.
Assured Forwarding (AF) PHB group
Means for a provider DS domain to offer
different levels of forwarding assurances for IP
packets received from a customer DS domain.
Qualitative service
Four AF classes are defined.
Differentiated Service - 38
Assured Forwarding PHB Group
AF PHB group provides
N (4) independent AF classes

packets of class x do not have smaller forwarding
time (delay) than class y if x<y (the larger the
better)
Within each class, there are M (3) different
levels of drop precedence.

A packet with drop precedence p must not be
forwarded with smaller probability than a packet
with drop precedence q, if p<q (the smaller the
better)
An IP packet that belongs to an AF class I and
has drop precedence j is marked with the AF
codepoint AFij.
Differentiated Service - 39
Assured Forwarding PHB Group
Traffic conditioning actions
A DS domain may control the amount of AF
traffic that enters or exists the domain.
traffic conditioning actions may include
shaping, discarding, increasing or decreasing
the drop precedence, reassigning packets to
other AF class.
traffic conditioning actions must not cause
reordering of packet of the same micro-flow.
Differentiated Service - 40
Assured Forwarding PHB Group
Queuing and discard behavior
 A DS node should implement all AF classes.
 Within each AF class, a DS node must accept
all three drop precedence codepoints and they
must yield at least two different levels of loss
probability.

If two loss probability is provided, AFx1 must yield
the lower loss probability and AFx2 and AFx3 yield
the higher loss probability.
It is recommended that the discard algorithm is
based on RED-like algorithm.
Differentiated Service - 41
Assured Forwarding PHB Group
Recommended codepoints
AF1
AF2
AF3
AF4
low
010000
011000
100000
101000
mid
010010
011010
100010
101010
high
010100
011100
100100
101100
11x000 is reserved for conventional network control traffic
00x000 is reserved for conventional precedence forwarding
Differentiated Service - 42
Queue Scheduling/
Management
Source: Chris Metz
DiffServ requires routers to support queue
scheduling and management to prioritize
outbound packets and control queue depth
(minimize congestion)
Differentiated Service - 43
Importance of Queue Management
Source: Chris Metz
Full Queues are problematic
- New connections cannot get through (called Lock- Out)
- All packets from existing flows are dropped resulting in
across- the- board TCP slow- starts (called Global
Synchronization)
-Can't handle bursts of traffic
Differentiated Service - 44
RED Algorithm
Source: Chris Metz
Differentiated Service - 45
AF Example Service
Olympic service
 Service classes

bronze (AF1), silver (AF2), gold (AF3)
 Precedence
 AF11~AF13, AF21~AF23, AF31~AF33
 Drop precedence level could be assigned by
using a leaky bucket traffic policer with a rate
and two burst sizes
less than the committed burst: low
 between two burst levels: medium
 greater than excess burst: high
Differentiated Service - 46

Expedited Forwarding PHB
Expedited Forwarding (EF)
Can be used to build a low loss, low latency,
low jitter, assured bandwidth, end-to-end
service through DS domains.
Forwarding rate for a traffic aggregate must
equal or exceed a configurable rate,
independent of other aggregates.
This service is also called Premium service, or
Virtual Leased Line (VLL) service.
It is a quantitative service.
Differentiated Service - 47
Expedited Forwarding PHB
Recommended codepoint: 101110
Traffic conditioner
police all EF marked packets to a rate
negotiated with the adjacent upstream
domain.
Packets in excess of the negotiated rate
must be dropped.
Higher priority over AF packets.

Two priority queues
Differentiated Service - 48
Handling AF & EF at Interior
Nodes
High-priority
P-bit set?
If A-bit set,
inc a_cnt
Packets
out
Low-priority
RIO queue
management
If A-bit set,
dec a_cnt
Differentiated Service - 49
Handling AF & EF at Border
Node
Differentiated Service - 50
Provision and Configuration
Provision
 the determination and allocation of the
resources needed at various points in the
network
dictate addition or removal of resources
dictate the operating parameters
Configuration
 distribution of the appropriate operating
parameters to network equipment to realize the
provisioning objectives.
Differentiated Service - 51
Bandwidth Broker
Agent for automatic service provision
 can be configured with organizational policies.
 keep track of current allocation of marked traffic.
 interpret new requests to mark traffic according to
policies and current allocation.
 allocate bandwidth for end-to-end connections with
less state and simpler trust relationships.
 parcel out marked traffic allocations and set up lead
routers.
 manage messages across boundaries

adjacent regions only (bilateral not multi-lateral)
Differentiated Service - 52
Bandwidth Broker
Operation sequence
 Host sends a request to BB

service type, target rate, max. burst, time period used
 BB authenticates the credentials
 Check available bandwidth

If the destination is outside the region, send message to “next
hop” region’s BB (bilateral agreement)
 Configures the appropriate leaf router
 Periodically refresh the configuration (soft state)
Sends messages to edge devices using COPS
protocol
 runs on a reliable TCP connection
Differentiated Service - 53
Bandwidth Broker
RAR
BB
DS Region
BB
InterDomain Protocol
COPS
* RAR: Resource Allocation Request
Differentiated Service - 54
Bandwidth Broker
Bandwidth Broker
1. COPS client
registers with BB
2. BB sends configured
policy to edge device
3. BB adds/removes
flow filters
COPS client
queue1
DiffServ
Manager
4. flows
in
Classification
5. Filter match
Policing
Marking
6. Flows go to diff. queue
...
Priority queue2
Queuing
...
by
TOS
...
queueN
Differentiated Service - 55
Bandwidth Broker Architecture
adjacent BB
adjacent BB
Inter-Domain
Interface
application
server
user/
host
network
operator
User/App
Interface
Data
Repository
edge
routers
Policy Manager
Interface
Network Management
Interface
Intra-Domain
Interface
Routing
Information
edge
routers
Differentiated Service - 56
Bandwidth Broker Architecture
 User/Application interface
 requests directly from user/app on end host (via GUI)
 Inter-domain communication interface
 negotiating SLA information between BBs in adjacent domains
 Intra-domain communication interface
 setting edge device parameters for QoS/policy enforcement
between edge router and BB
 Routing table interface
 BGP routing information for inter-domain
 Internal routing information for intra-domain
 QoS-based routing in the future
Differentiated Service - 57
Bandwidth Broker Architecture
Data Repository
 data used by all components
Policy Manager interface
 utilize complex QoS/policy management functionality
in policy manager
 coordination of SLAs and network resources
 provide admission control processing
Network Management interface
 coordination of network provision and monitoring
Differentiated Service - 58
Configuration
Top down distribution of configuration
information
 information is pushed in a top down manner,
from a domain’s logically centralized point of
administration
Bandwidth broker
Distribution via signaling
From edges via signaling (RSVP)
Supports dynamic TCA
Differentiated Service - 59
Configuration
Measurement-based configuration
 less necessary for quantitative provision
(predictable)
enhance efficiency with which
qualitative provision can be achieved.
Likely that measurement based for
qualitative service would be used in
conjunct with signalling.
Differentiated Service - 60
Multicast
Major issues
 Single ingress point with multiple egress
nodes
Difficult to predict in advance the amount of
resources required
 Dynamic membership join and leave even harder
 Due to capability of router and routing protocol,
duplicate packets may appear on a link
 May be necessary to use separate codepoints and
PHBs for multicast and unicast services.

Selection of DS codepoint
 Different egress nodes to different peer domains
may have different SLAs and codepoints
Differentiated Service - 61
Security
Theft
 adversary may be able to obtain better service by
modifying the DS field to codepoints indicating
behaviors used for enhanced services
Denial of service
 adversary may inject packets with the DS field set to a
particular codepoints to cause unpredictable traffic
conditioning
IPsec and tunneling
 IPsec ESP does not include IP header for encryption
Differentiated Service - 62