CDNI Footprint & Capabilities Advertisement InterfaceEricsson43 Nagog ParkActonMA01720USA+1 978-844-5100kevin.j.ma@ericsson.comNECKurfuerstenanlage 3669115HeidelbergGermany+49 6221 4342 221+49 6221 4342 155seedorf@neclab.euContent Distribution Network Interconnection (CDNI) is
predicated on the ability of downstream CDNs (dCDNs) to handle end-user
requests in a functionally equivalent manner to the upstream CDN (uCDN).
The uCDN must be able to assess the ability of the dCDN to handle
individual requests. The CDNI Footprint & Capabilities Advertisement
interface (FCI) is provided for the advertisement of capabilities and
the footprints to which they apply by the dCDN to the uCDN. This
document describes an approach to implementing the CDNI FCI.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.The need for footprint and capabilities advertisement in
Content Distribution Network Interconnection (CDNI) is
described in the CDNI
requirements document. Requirements FCI-1 and FCI-2 describe the
need to allow dCDNs to communicate capabilities to the uCDN. Requirement
FCI-3 describes how a uCDN may aggregate the footprint and capabilities
information for all cascaded dCDNs and use the aggregated information in
advertisements to CDNs further upstream.
This concept of aggregation can apply to both organizationally different
dCDNs (e.g., other CDN providers, or different business units within a
larger organization) or logical entities within the same CDN (e.g., using
multiple request routers for scalability reasons, to segregate
surrogates based on specific protocol support, or to segregate
surrogates based on software version or feature level, etc.). contains more detailed descriptions of
different footprint and capabilities management scenarios, but it
is important to note that it is the ability of the dCDN to service each
request in a functionally equivalent manner as the uCDN that is
important, not the physical layout of resources through which it
services the request. The aggregation of resource knowledge by the dCDN
into a simple set of capabilities and their affective footprints, that is
then advertised to the uCDN, enables efficient decision making at each
delegation point in the CDN interconnection hierarchy.It is assumed that an authoritative request router in each CDN will
be responsible for aggregating and advertising capabilities
information in a dCDN and/or receiving and aggregating capabilities
information in the uCDN. The CDNI Footprint & Capabilities
Advertisement interface (FCI) along with the CDNI Request Routing
Redirection interface (RI)
make up the CDNI Request Routing Interface.
As there is no other centralized CDNI controller, the authoritative
request router seems the most logical place for capabilities aggregation
to occur, as it is the request router that needs such information to make
delegation decisions. The protocol defined herein may be implemented as
part of an entity other than an authoritative request router, but for the
purposes of this discussion, the authoritative request router is assumed
to be the centralized capabilities aggregation point.Though there is an obvious need for the ability to exchange and
update footprint and capability information in real-time, it is assumed
that capabilities do not change very often. It is also assumed that the
capabilities are not by themselves useful for making delegation decisions.
Capability information is assumed to be input into business logic. It is
the business logic which provides the algorithms for delegation decision
making. The definition of business logic occurs outside the scope of
CDNI and outside the timescale of footprint and capability
advertisement
.
It may be the case that the business logic anticipates
and reacts to changes in dCDN capabilities, however, it may also be the
case that business logic is tailored through offline processes as dCDN
capabilities change. The FCI is agnostic to the business processes
employed by any given uCDN. The footprints and capabilities that are
advertised over the FCI may be used by the uCDN at its discretion, to
implement delegation rules. Setting proper defaults in the business
logic should prevent any unwanted delegation from occurring when dCDN
capabilities change, however, that is beyond the scope of this
discussion.This document uses the terminology defined in section 1.1 of the
CDNI Framework
document.The FCI is implemented as an
ALTO Service. The
ALTO protocol defines an HTTP-based transport through which ALTO
service information may be retrieved using either a GET or POST
method. The uCDN request router may at any time query the dCDN
ALTO FCI Service for the full set of dCDN capability
information. The uCDN may use a separate FCI Filter Service to retrieve a subset of the dCDN capability information.[Ed.: Need to update this with ALTO asynchronous update support.][Ed.: Need to update this with ALTO incremental update support.]In lieu of any out-of-band pre-configured capability information,
when the FCI is first brought up between a uCDN and a dCDN, the uCDN
SHOULD assume that the dCDN has no CDNI capabilities. If an out-of-band
capability baseline has been exchanged, the uCDN MAY use that
information to initialize its capabilities database. In either case,
the uCDN SHOULD verify the initial state of the dCDN (as a temporary
outage may affect availability in the dCDN).The dCDN MUST support sending its entire set of capabilities to the
uCDN through the ALTO service interfaceAs described in Requirement FCI-2, there is a basic set of capabilities
that must be supported by the FCI for the uCDN to be able to determine if
the dCDN is functionally able to handle a given request.
lists mandatory capabilities types:Delivery ProtocolAcquisition ProtocolRedirection ModeCDNI Logging CapabilitiesCDNI Metadata CapabilitiesTo be consistent with the base ALTO service definitions,
we use the JSON object definition notation as specified in the
ALTO protocol.The media type of CDNI FCI Map is
"application/alto-cdni-fcimap+json"A CDNI FCI Map resource is requested using the
HTTP GET method.None.None.None.The data component of a CDNI FCI Map resource is named
"fcimap" which is a JSON object of type FCIMapData:The FCIMapData object contains a CDNI Payload Type
"ptype" which
identifies the capability and a "value" object containing the
associated Capability Advertisement Object (e.g.,
delivery-protocols, acquisition-protocols, or
redirection-modes, as defined in
).
The FCIMapData object may also contain an optional list of
FCIFootprint objects "footprints". The FCIFootprint object specifies a
"footprint-type" (as defined by the CDNI Metadata Footprint
Types registry, e.g., ipv4cidr, ipv6cidr, asn, or
countrycode )
which identifies the contents and encoding of the individual
footprint entries contained in the associated "footprint-value" array.The "footprints" list MUST NOT contain multiple FCIFootprint
objects of the same type. Footprint restriction information MAY be
specified using multiple different footprint-types. If no footprint
restriction list is specified (or an empty list is
specified), it SHALL be understood that all footprint types
MUST be reset to "global" coverage.Note: Further optimization of the footprint object to provide
quality information for a given footprint is certainly possible,
however, it is not necessary for the basic interconnection of
CDNs. The ability to transfer quality information in
capabilities advertisements may be desirable and is noted
here for completeness, however, the specifics of such
mechanisms are outside the scope of this document.Multiple FCIMapData objects with the same capability type are
allowed within a given CDNI FCI Map response as long as the capability
option footprint-value do not overlap, i.e., a given capability option
value MUST NOT show up in multiple FCIMapData objects within a
single CDNI FCI Map response. If multiple FCIMapData objects
for a given capability type exist, those capability objects
MUST have different footprint restrictions. Capability objects
of a given capability type with identical footprint restrictions
MUST be combined into a single capability object.The delivery protocol refers to the protocol over which
an end user (EU) has requested content. If a dCDN does
not support the protocol requested by the client, then the
dCDN is not a viable candidate for delegation.Though the delivery protocol is specified in the URI scheme (as
defined in ) of the
client request URL, protocol feature subsets or augmented
protocol feature sets MAY be defined and SHOULD correspond
with the protocols listed in the CDNI Metadata Protocol
Types registry, e.g., http1.1 or https1.1
.The
following example shows two lists of delivery protocols with different
footprints.In the above example, the HTTP/1.1 protocol is supported
globally, while the HTTP/1.1 over TLS protocol is only supported in
a restricted footprint (in this case, specified by
IPv4 prefix).A given protocol MUST NOT appear in multiple FCIMapData
FCI.DeliveryProtocol object values.The acquisition protocol refers to the protocol over which
an end user (EU) has requested content. If a dCDN does
not support the protocol requested by the client, then the
dCDN is not a viable candidate for delegation.Though the acquisition protocol is specified in the URI scheme (as
defined in ) of the
client request URL, protocol feature subsets or augmented
protocol feature sets MAY be defined and SHOULD correspond
with the protocols listed in the CDNI Metadata Protocol
Types registry, e.g., http1.1 or https1.1
.The
following example shows two lists of acquisition protocols with different
footprints.In the above example, the HTTP/1.1 protocol is supported
globally, while the HTTP/1.1 over TLS protocol is only supported in
a restricted footprint (in this case, specified by
Autonomous System number).A given protocol MUST NOT appear in multiple FCIMapData
FCI.AcquisitionProtocol value objects.The redirection mode refers to the method(s) employed by request
routers to perform request redirection. The
CDNI framework
document describes four possible request routing modes:DNS iterative (DNS-I)DNS recursive (DNS-R)HTTP iterative (HTTP-I)HTTP recursive (HTTP-R)
defines the "CDNI
Capabilities Redirection Modes" registry and the initial
supported redirection mode values shown in parentheses
above.If a dCDN supports only a specific mode or subset of
modes that does not overlap with the modes supported by
the uCDN, then the dCDN might not be a viable candidate for
delegation.The following example shows two
lists of redirection modes with different footprints.In the above example, iterative redirection is supported
globally, while recursive redirection is only supported in a
restricted footprint (in this case, specified by both
Country Code and IPv6 prefix).A given mode MUST NOT appear in multiple FCIMapData
FCI.RedirectionMode object values.
describes the "cdni_http_request_v1" logging record-types
and optional vs. mandatory-to-implement logging fields
for that record-type. It also allows new logging
record-types and logging fields to be defined
which would be optional for a dCDN to implement.If a dCDN does not support certain logging
parameters which may affect billing agreements or legal
requirements of the uCDN, then the dCDN is not a viable
candidate for delegation.The following shows an example of CDNI Logging Capability
Object Serialization, for a CDN that supports the optional Content
Collection ID logging field (but not the optional Session ID
logging field) for the "cdni_http_request_v1" record type.The next example shows the CDNI Logging Capability
Object Serialization, for a CDN that supports all
optional fields for the "cdni_http_request_v1" record type.
describes GenericMetadata types
which may be optional for a dCDN to implement, but which,
if present, are mandatory-to-enforce.
It also allows for new GenericMetadata to be defined
which would be optional for a dCDN to implement.If a dCDN does not
support certain GenericMetadata types which are designated
mandatory-to-enforce and may affect the correctness or
security of the content being delivered, then the dCDN is
not a viable candidate for delegation.The following shows an example of CDNI Metadata Capability
Object Serialization, for a CDN that supports only the
SourceMetadata GenericMetadata type (i.e., it can
acquire and deliver content, but cannot enforce and
security policies, e.g., time, location, or protocol ACLs).The next example shows the CDNI Metadata Capability
Object Serialization, for a CDN that supports only
structural metadata (i.e., it can parse metadata as a
transit CDN, but cannot enforce security policies or
deliver content).Since a Filtered CDNI FCI Map is still a CDNI FCI Map, it
uses the media type defined for CDNI FCI Map (see
).A Filtered CDNI FCI Map is requested using the
HTTP POST method.TBD.None.TBD.The format is the same as unfiltered CDNI FCI Map (see
).TBD.The ALTO Protocol offers an information service "ALTO map
service" that provides information to ALTO clients in the form
of Network Map and Cost Map. As
an alternative to the explicit definition of a CDNI Footprint Type
(e.g., ipv4cidr, ipv6cidr, as, countrycode), a reference to an
ALTO network map can be used to define an FCI footprint. To
enable such referencing to ALTO network maps, a new CDNI
Footprint Type "altonetworkmap" is defined (see also ).The first altonetworkmap entry must be a URI for accessing
the ALTO server that hosts the ALTO network map (as defined in the ALTO protocol specification). All
subsequent altonetworkmap entries must be of type PIDName (as
defined in , where the PIDName
corresponds to a PID in the ALTO network map referenced by the
preceding URI. Parsing and processing of an
ALTO network map follows the ALTO protocol specification.An ALTO client can retrieve a network map of media type
'application/alto-networkmap+json' under a given URI
(e.g., 'http://alto.example.com/fcifootprint001') with a GET
request for a network map as specified in the ALTO protocol. The following
network map would convey to a uCDN that the given dCDN (which
would provide the map) has three footprints called
"south-france" and "germany", and provides the corresponding
IPv4 address ranges for these footprints.To reference an ALTO network map as an FCI footprint, set
the footprint-type to "altonetworkmap", and set the first entry
in the footprint-value to the URI of the ALTO server hosting
the network map, followed by a list of PID names contained in
the network map.The following example shows two lists of delivery protocols
(see ), with the second having
an ALTO network map footprint.In the above example, the HTTP/1.1 protocol is supported
globally, while the HTTP/1.1 over TLS protocol is only supported in
a restricted footprint (in this case, specified by
an ALTO network map for Germany and Southern France).This document requests the registration of the following
media types:TypeSubtypeapplicationalto-cdni-fcimap+jsonapplicationalto-cdni-fcimapfilter+jsonType name: applicationSubtype name: alto-cdni-fcimap+jsonRequired parameters: noneOptional parameters: noneEncoding considerations:Encoding considerations are identical to
those specified for the "application/json" media type. See
.Security considerations:Security considerations relating to the
generation and consumption of ALTO Protocol messages are discussed
in Section 15 of . Additional
security considerations for the CDNI Footprint &
Capabilities Advertisement interface are discussed in
.Interoperability considerations: and RFCthis specify the format of
conforming messages and the interpretation thereof. [RFC Editor: Please
replace RFCthis with the published RFC number for this document.]Published specification: RFCthis [RFC Editor: Please
replace RFCthis with the published RFC number for this document.]Applications that use this media type:ALTO servers and ALTO clients
either stand alone or are embedded within other applications.Fragment identifier considerations: N/AAdditional information: N/ADeprecated alias names for this type: N/AMagic number(s): N/AFile extension(s): N/AMacintosh file type code(s): N/APerson & email address to contact for further
information:Kevin Ma <kevin.j.ma@ericsson.com>Intended usage: LIMITED USERestrictions on usage:This media type is intended only for use in CDNI
Footprint & Capabilities Advertisement interface protocol
message exchanges.Author: IETF CDNI working groupChange controller: IETF CDNI working groupProvisional registration: noType name: applicationSubtype name: alto-cdni-fcimapfilter+jsonRequired parameters: noneOptional parameters: noneEncoding considerations:Encoding considerations are identical to
those specified for the "application/json" media type. See
.Security considerations:Security considerations relating to the
generation and consumption of ALTO Protocol messages are discussed
in Section 15 of . Additional
security considerations for the CDNI Footprint &
Capabilities Advertisement interface are discussed in
.Interoperability considerations: and RFCthis specify the format of
conforming messages and the interpretation thereof. [RFC Editor: Please
replace RFCthis with the published RFC number for this document.]Published specification: RFCthis [RFC Editor: Please
replace RFCthis with the published RFC number for this document.]Applications that use this media type:ALTO servers and ALTO clients
either stand alone or are embedded within other applications.Fragment identifier considerations: N/AAdditional information: N/ADeprecated alias names for this type: N/AMagic number(s): N/AFile extension(s): N/AMacintosh file type code(s): N/APerson & email address to contact for further
information:Kevin Ma <kevin.j.ma@ericsson.com>Intended usage: LIMITED USERestrictions on usage:This media type is intended only for use in CDNI
Footprint & Capabilities Advertisement interface protocol
message exchanges.Author: IETF CDNI working groupChange controller: IETF CDNI working groupProvisional registration: noThis document requests the following addition to the "CDNI
Metadata Footprint Types" registry:Footprint TypeDescriptionSpecificationaltonetworkmapURI of an ALTO Server hosting an ALTO network map, followed by a list of PID-namesRFCthis[RFC Editor: Please replace RFCthis with the published RFC number for this document.]There are a number of security concerns associated with the FCI. The
FCI essentially provides configuration information which the uCDN uses to
make request routing decisions. Injection of fake capability
advertisement messages or the interception and discard of real capability
advertisement messages may be used for denial of service (e.g., by
falsely advertising or deleting capabilities or preventing capability
advertisements from reaching the uCDN). FCI messages may also
be monitored to detect when CDN performance degrades or outages
occur. Such information may be considered private by the dCDN.dCDN capability advertisements
MUST be authenticated by the uCDN to prevent unauthorized capability
injection. uCDN FCI servers MUST be authenticated by the dCDN to prevent
unauthorized interception of ALTO messages. Encryption MUST be
used to ensure confidentiality of the dCDN's private messages.An implementation of the CDNI Footprint & Capabilities Advertisement interface MUST support TLS
transport as per and . The use of TLS for transport of the CDNI metadata
interface messages allows:The dCDN and uCDN to authenticate each other.and, once they have mutually authenticated each other, it
allows:The dCDN and uCDN to authorize each other (to ensure they are
transmitting/receiving CDNI FCI messages from
an authorized CDN);CDNI FCI messages to be
transmitted with confidentiality; andThe integrity of the CDNI FCI messages
to be protected during the exchange.In an environment where any such protection is required, TLS MUST
be used (including authentication of the remote end) by the
server-side (uCDN) and the client-side (dCDN) of the CDNI Footprint & Capabilities Advertisement
interface unless alternate methods are used for ensuring the
confidentiality of the information in the CDNI FCI messages
(such as setting up an IPsec tunnel between the
two CDNs or using a physically secured internal network between two
CDNs that are owned by the same corporate entity).When TLS is used, the general TLS usage guidance in MUST be followed.The authors would like to thank Jon Peterson, Ray van
Brandenburg, Gilles Bertrand, and Scott Wainner for their timely
reviews and invaluable comments.Jan Seedorf is partially supported by the GreenICN project (GreenICN: Architecture and Applications of Green Information Centric Networking), a research project supported jointly by the European Commission under its 7th Framework Program (contract no. 608518) and the National Institute of Information and Communications Technology (NICT) in Japan (contract no. 167). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the GreenICN project, the European Commission, or NICT.The following sections show examples of three aggregation scenarios.
In each case, CDN-U is the ultimate uCDN and CDN-P is the penultimate
CDN which must perform capabilities aggregation.Figure A1 shows five organizationally different CDNs: CDN-U, CDN-P,
and CDNS A, B, and C, the dCDNs of CDN-P which are being aggregated.
Given the setup shown in Figure A1, we can construct a number of use
cases, based on the coverage areas of each dCDN (i.e., CDNs P, A, B,
and C). Note: In all cases, the reachability of the uCDN (i.e., CDN-U)
is a don't care as it is assumed that the uCDN knows its own coverage
area and is likely to favor itself in most situations, and if it has
decided that it needs to delegate to a dCDN, then the only relevant
question is if the dCDN can handle the request.None of the four dCDNs (CDNs P, A, B, and C) have global
reachability. In this case, each CDN is likely to advertise
footprint information with its capabilities, specifying its
reachability. When CDN-P advertises capabilities to CDN-U, it may
advertise the aggregate footprint of itself and CDNs A, B, and C.
Note: CDN-P MAY exclude any dCDN, and consequently its footprint, per
its own internal aggregation decision criteria.All four dCDNs (CDNs P, A, B, and C) have global reachability.
In this case, none of the CDNs is likely to advertise any footprint
information as none have any footprint restrictions. When CDN-P
advertises capabilities to CDN-U, the aggregate of all global
reachability is global reachability.Some of the four dCDNs (CDNs P, A, B, and C) have global
reachability and some do not. In this case, even though some dCDNs
do not have global reachability, the aggregate of some dCDNs having
global reachability and some not should still be global reachability
(for the given capability). When CDN-P advertises capabilities to
CDN-U, CDN-P may advertise capabilities for which at least one dCDN
has global reach as being supported with global reachability. It is up
to the CDN-P request router to properly select a dCDN to process
individual client requests and not choose a dCDN whose restricted
footprint makes it unsuitable for delivering the requested content.Figure A2 shows CDN-U and CDN-P where CDN-P internally has four
request routers: the authoritative request router rr0, and three other
request routers rr1, rr2, and rr3. The use of multiple request routers
may be used to distribute request routing load across resources, possibly
in different geographic regions covered by CDN-P. Similar to Figure A1,
the setup shown in Figure A2 requires the authoritative request router
rr0 in CDN-P to aggregate capabilities information from downstream
request routers rr1, rr2, and rr3. The primary difference between the
scenario is that the request routers in Figure A2 are logically within
the same CDN-P organization. The same reachability scenarios apply to
Figure A2 as with Figure A1.None of the four CDN-P request routers have global reachability.
In this case, each request router is likely to advertise footprint
information with its capabilities, specifying its reachability. When
rr0 advertises capabilities to CDN-U, it may advertise the aggregate
footprint of itself and rr1, rr2, and rr3.All four CDN-P request routers have global reachability. In this
case, none of the request routers is likely to advertise any footprint
information as none has any footprint restrictions. When rr0
advertises capabilities to CDN-U, the aggregate of all global
reachability is global reachability.Some of the four CDN-P request routers have global reachability and
some do not. In this case, even though some request routers do not
have global reachability, the aggregate of some request routers having
global reachability and some not should still be global reachability
(for the given capability). When rr0 advertises capabilities to CDN-U,
CDN-P may advertise capabilities for which at least one request router
has global reach as being supported with global reachability. It is up
to the authoritative request router rr0 to properly select from the
other request routers for any given request, and not choose a request
router whose restricted footprint makes it unsuitable for delivering
the requested content.Figure A3 shows CDN-U and CDN-P where the delivery network of CDN-P
is segregated by delivery protocol (e.g., RTSP, HTTP, and RTMP).
Figure A3 differs from Figures A1 and A2 in that request router rr0
of CDN-P is not aggregating the capabilities advertisements of multiple
other downstream request routers, but rather it is managing the disparate
capabilities across resources within its own local CDN. Though not every
delivery node has the same protocol capabilities, the aggregate delivery
protocol capabilities advertised by CDN-A may include all delivery
protocols. Note, Figure A3 should not be construed to imply anything
about the coverage areas for each delivery protocol. They may all
support the same delivery footprint, or they may have different delivery
footprints. It is the responsibility of the request router rr0 to
properly assign protocol-appropriate delivery nodes to individual content
requests. If certain protocols have limited reachability, CDN-P may
advertise footprint restrictions for each protocol.It should be noted that though the delivery protocol capability was
selected for this example, the concept of internal capability aggregation
applies to all capabilities as discussed below.Another situation in which physical footprint may not matter in an
aggregated view has to do with feature support (e.g., new CDNI metadata
features or new redirection modes). Situations often arise when phased
roll-out of software upgrades, or staging network segregation result in
only certain portions of a CDN's resources supporting the new feature
set. The dCDN has a few options in this case:Enforce atomic update: The dCDN does not advertise support for the
new capability until all resources have been upgraded to support the
new capability.Transparent segregation: The dCDN advertises support for the new
capability, and when requests are received that require the new
capability, the dCDN request router properly selects a resource
which supports that capability.Advertised segregation: The dCDN advertises support for the new
capability with a footprint restriction allowing the uCDN to make
delegation decisions based on the dCDN's limit support.The level of aggregation employed by the dCDN is likely to vary as
business relationships dictate, however, the FCI should
support all possible modes of operation.