draft-ietf-dime-group-signaling-07.txt   draft-ietf-dime-group-signaling-08.txt 
Diameter Maintenance and Extensions (DIME) M. Jones Diameter Maintenance and Extensions (DIME) M. Jones
Internet-Draft Internet-Draft
Intended status: Standards Track M. Liebsch Intended status: Standards Track M. Liebsch
Expires: August 21, 2017 Expires: September 14, 2017
L. Morand L. Morand
February 17, 2017 March 13, 2017
Diameter Group Signaling Diameter Group Signaling
draft-ietf-dime-group-signaling-07.txt draft-ietf-dime-group-signaling-08.txt
Abstract Abstract
In large network deployments, a single Diameter node can support over In large network deployments, a single Diameter node can support over
a million concurrent Diameter sessions. Recent use cases have a million concurrent Diameter sessions. Recent use cases have
revealed the need for Diameter nodes to apply the same operation to a revealed the need for Diameter nodes to apply the same operation to a
large group of Diameter sessions concurrently. The Diameter base large group of Diameter sessions concurrently. The Diameter base
protocol commands operate on a single session so these use cases protocol commands operate on a single session so these use cases
could result in many thousands of command exchanges to enforce the could result in many thousands of command exchanges to enforce the
same operation on each session in the group. In order to reduce same operation on each session in the group. In order to reduce
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 21, 2017. This Internet-Draft will expire on September 14, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 42 skipping to change at page 2, line 42
4.4. Performing Group Operations . . . . . . . . . . . . . . . 13 4.4. Performing Group Operations . . . . . . . . . . . . . . . 13
4.4.1. Sending Group Commands . . . . . . . . . . . . . . . 13 4.4.1. Sending Group Commands . . . . . . . . . . . . . . . 13
4.4.2. Receiving Group Commands . . . . . . . . . . . . . . 14 4.4.2. Receiving Group Commands . . . . . . . . . . . . . . 14
4.4.3. Error Handling for Group Commands . . . . . . . . . . 14 4.4.3. Error Handling for Group Commands . . . . . . . . . . 14
4.4.4. Single-Session Fallback . . . . . . . . . . . . . . . 15 4.4.4. Single-Session Fallback . . . . . . . . . . . . . . . 15
5. Operation with Proxy Agents . . . . . . . . . . . . . . . . . 15 5. Operation with Proxy Agents . . . . . . . . . . . . . . . . . 15
6. Commands Formatting . . . . . . . . . . . . . . . . . . . . . 16 6. Commands Formatting . . . . . . . . . . . . . . . . . . . . . 16
6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 16 6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 16
7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 17 7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 17
7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . 17 7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . 17
7.2. Session-Group-Control-Vector AVP . . . . . . . . . . . . 17 7.2. Session-Group-Control-Vector AVP . . . . . . . . . . . . 18
7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . 18 7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . 18
7.4. Group-Response-Action AVP . . . . . . . . . . . . . . . . 18 7.4. Group-Response-Action AVP . . . . . . . . . . . . . . . . 19
7.5. Session-Group-Capability-Vector AVP . . . . . . . . . . . 19 7.5. Session-Group-Capability-Vector AVP . . . . . . . . . . . 19
8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . 19 8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . 19
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 19 9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 20
10. Security Considerations . . . . . . . . . . . . . . . . . . . 19 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
12. Normative References . . . . . . . . . . . . . . . . . . . . 21 12. Normative References . . . . . . . . . . . . . . . . . . . . 21
Appendix A. Session Management -- Exemplary Session State Appendix A. Session Management -- Exemplary Session State
Machine . . . . . . . . . . . . . . . . . . . . . . 21 Machine . . . . . . . . . . . . . . . . . . . . . . 21
A.1. Use of groups for the Authorization Session State Machine 21 A.1. Use of groups for the Authorization Session State Machine 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
In large network deployments, a single Diameter node can support over In large network deployments, a single Diameter node can support over
a million concurrent Diameter sessions. Recent use cases have a million concurrent Diameter sessions. Recent use cases have
revealed the need for Diameter nodes to apply the same operation to a revealed the need for Diameter nodes to apply the same operation to a
large group of Diameter sessions concurrently. For example, a policy large group of Diameter sessions concurrently. For example, a policy
decision point may need to modify the authorized quality of service decision point may need to modify the authorized quality of service
for all active users having the same type of subscription. The for all active users having the same type of subscription. The
Diameter base protocol commands operate on a single session so these Diameter base protocol commands operate on a single session so these
skipping to change at page 15, line 5 skipping to change at page 15, line 5
request. In such case, the sender of the request MUST fall back to request. In such case, the sender of the request MUST fall back to
single-session processing and the session groups, which have been single-session processing and the session groups, which have been
identified in the group command, MUST be deleted according to the identified in the group command, MUST be deleted according to the
procedure described in Section 4.3. procedure described in Section 4.3.
When a Diameter node receives a request to process a command for one When a Diameter node receives a request to process a command for one
or more session groups and the result of processing the command or more session groups and the result of processing the command
succeeds for some sessions identified in one or multiple session succeeds for some sessions identified in one or multiple session
groups, but fails for one or more sessions, the Result-Code AVP in groups, but fails for one or more sessions, the Result-Code AVP in
the response message SHOULD indicate DIAMETER_LIMITED_SUCCESS as per the response message SHOULD indicate DIAMETER_LIMITED_SUCCESS as per
Section 7.1.2 of [RFC6733]. In case of limited success, the Section 7.1.2 of [RFC6733].
sessions, for which the processing of the group command failed, MUST
be identified using a Failed-AVP AVP as per Session 7.5 of [RFC6733]. In case of limited success, the sessions, for which the processing of
the group command failed, MUST be identified using a Failed-AVP AVP
as per Section 7.5 of [RFC6733]. The sender of the request MUST fall
back to single-session operation for each of the identified sessions,
for which the group command failed. In addition, each of these
sessions MUST be removed from all session groups to which the group
command applied. To remove sessions from a session group, the
Diameter client performs the procedure described in Section 4.2.2.
4.4.4. Single-Session Fallback 4.4.4. Single-Session Fallback
Either Diameter node can fall back to single session operation by Either Diameter node can fall back to single session operation by
ignoring and omitting the optional group session-specific AVPs. ignoring and omitting the optional group session-specific AVPs.
Fallback to single-session operation is performed by processing the Fallback to single-session operation is performed by processing the
Diameter command solely for the session identified in the mandatory Diameter command solely for the session identified in the mandatory
Session-Id AVP. In such case, the response to the group command MUST Session-Id AVP. In such case, the response to the group command MUST
NOT identify any group but identify solely the single session for NOT identify any group but identify solely the single session for
which the command has been processed. which the command has been processed.
5. Operation with Proxy Agents 5. Operation with Proxy Agents
In case of a present stateful Proxy Agent between a Diameter client In case of a present stateful Proxy Agent between a Diameter client
and a Diameter server, this specification assumes that the Proxy and a Diameter server, this specification assumes that the Proxy
Agent is aware of session groups and session group handling. The Agent is aware of session groups and session group handling. The
Proxy MUST update and maintain consistency of its local session Proxy MUST update and maintain consistency of its local session
states as per the result of the group commands which are operated states as per the result of the group commands which are operated
between a Diameter client and a server. In such a case, the Proxy between a Diameter client and a server. In such case, the Proxy
Agent MUST act as a Diameter server in front of the Diameter client Agent MUST act as a Diameter server in front of the Diameter client
and MUST act as a Diameter client in front of the Diameter server. and MUST act as a Diameter client in front of the Diameter server.
Therefore, the client and server behaviors described in the section 4 Therefore, the client and server behavior described in Section 4
applies respectively to the stateful Proxy Agent. applies respectively to the stateful Proxy Agent.
In case a stateful Proxy Agent manipulates session groups, it MUST In case a stateful Proxy Agent manipulates session groups, it MUST
maintain consistency of session groups between a client and a server. maintain consistency of session groups between a client and a server.
This applies to a deployment where the Proxy Agent utilizes session This applies to a deployment where the Proxy Agent utilizes session
grouping and performs group operations with, for example, a Diameter grouping and performs group operations with, for example, a Diameter
server, whereas the Diameter client is not aware of session groups. server, whereas the Diameter client is not aware of session groups.
In such case the Proxy Agent must reflect the states associated with In such case the Proxy Agent must reflect the states associated with
the session groups as individual session operations towards the the session groups as individual session operations towards the
client and ensure the client has a consistent view of each session. client and ensure the client has a consistent view of each session.
The same applies to a deployment where all nodes, the Diameter client The same applies to a deployment where all nodes, the Diameter client
and server, as well as the Proxy Agent are group-aware but the Proxy and server, as well as the Proxy Agent are group-aware but the Proxy
Agent manipulates groups, e.g. to adopt different administrative Agent manipulates groups, e.g. to adopt different administrative
policies that apply to the client's domain and the server's domain. policies that apply to the client's domain and the server's domain.
Stateless Proxy Agents do not maintain any session state (only Stateless Proxy Agents do not maintain any session state (only
transaction state are maintained). Consequently, the notion of transaction state are maintained). Consequently, the notion of
session group is transparent for any stateless Proxy Agent present session group is transparent for any stateless Proxy Agent present
between a Diameter client and a Diameter server handling session between a Diameter client and a Diameter server handling session
groups. Session group related AVPs being defined as optional AVP groups. Session group related AVPs being defined as optional AVP
should be ignored by stateless Proxy Agents and should not be removed SHOULD be ignored by stateless Proxy Agents and SHOULD NOT be removed
from the Diameter commands. If they are removed by the Proxy Agent from the Diameter commands. If they are removed by the Proxy Agent
for any reason, the Diameter client and Diameter server will discover for any reason, the Diameter client and Diameter server will discover
the absence the related session group AVPs and will fall back to the absence the related session group AVPs and will fall back to
single-session processing, as described in Section 4. single-session processing, as described in Section 4.
6. Commands Formatting 6. Commands Formatting
This document does not specify new Diameter commands to enable group This document does not specify new Diameter commands to enable group
operations, but relies on command extensibility capability provided operations, but relies on command extensibility capability provided
by the Diameter Base protocol. This section provides the guidelines by the Diameter Base protocol. This section provides the guidelines
skipping to change at page 20, line 45 skipping to change at page 21, line 19
provided by the Diameter based protocol. provided by the Diameter based protocol.
In some cases, a Diameter Proxy agent can act on behalf of a client In some cases, a Diameter Proxy agent can act on behalf of a client
or server. In such a case, the security requirements that normally or server. In such a case, the security requirements that normally
apply to a client (or a server) apply equally to the Proxy agent. apply to a client (or a server) apply equally to the Proxy agent.
11. Acknowledgments 11. Acknowledgments
The authors of this document want to thank Ben Campbell and Eric The authors of this document want to thank Ben Campbell and Eric
McMurry for their valuable comments to early versions of this draft. McMurry for their valuable comments to early versions of this draft.
Furthermore, authors thank Steve Donovan for the thorough review and Furthermore, authors thank Steve Donovan and Mark Bales for the
comments on the adopted WG document, which helped a lot to improve thorough review and comments on advanced versions of the WG document,
this specification. which helped a lot to improve this specification.
12. Normative References 12. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005, "Diameter Network Access Server Application", RFC 4005,
 End of changes. 13 change blocks. 
19 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/