| draft-ietf-dime-group-signaling-10.txt | draft-ietf-dime-group-signaling-11.txt | |||
|---|---|---|---|---|
| Diameter Maintenance and Extensions (DIME) M. Jones | Diameter Maintenance and Extensions (DIME) M. Jones | |||
| Internet-Draft | Internet-Draft | |||
| Intended status: Standards Track M. Liebsch | Intended status: Standards Track M. Liebsch | |||
| Expires: July 12, 2018 | Expires: December 13, 2018 | |||
| L. Morand | L. Morand | |||
| January 8, 2018 | June 11, 2018 | |||
| Diameter Group Signaling | Diameter Group Signaling | |||
| draft-ietf-dime-group-signaling-10.txt | draft-ietf-dime-group-signaling-11.txt | |||
| Abstract | Abstract | |||
| In large network deployments, a single Diameter node can support over | In large network deployments, a single Diameter node can support over | |||
| a million concurrent Diameter sessions. Recent use cases have | a million concurrent Diameter sessions. Recent use cases have | |||
| revealed the need for Diameter nodes to apply the same operation to a | revealed the need for Diameter nodes to apply the same operation to a | |||
| large group of Diameter sessions concurrently. The Diameter base | large group of Diameter sessions concurrently. The Diameter base | |||
| protocol commands operate on a single session so these use cases | protocol commands operate on a single session so these use cases | |||
| could result in many thousands of command exchanges to enforce the | could result in many thousands of command exchanges to enforce the | |||
| same operation on each session in the group. In order to reduce | same operation on each session in the group. In order to reduce | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 12, 2018. | This Internet-Draft will expire on December 13, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 49 ¶ | skipping to change at page 2, line 49 ¶ | |||
| 6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 16 | 6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 16 | |||
| 7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 17 | 7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 17 | |||
| 7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . 17 | 7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . 17 | |||
| 7.2. Session-Group-Control-Vector AVP . . . . . . . . . . . . 18 | 7.2. Session-Group-Control-Vector AVP . . . . . . . . . . . . 18 | |||
| 7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . 18 | 7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . 18 | |||
| 7.4. Group-Response-Action AVP . . . . . . . . . . . . . . . . 19 | 7.4. Group-Response-Action AVP . . . . . . . . . . . . . . . . 19 | |||
| 7.5. Session-Group-Capability-Vector AVP . . . . . . . . . . . 19 | 7.5. Session-Group-Capability-Vector AVP . . . . . . . . . . . 19 | |||
| 8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . 19 | 8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 20 | 9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 9.2. New Registries . . . . . . . . . . . . . . . . . . . . . 20 | ||||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 12. Normative References . . . . . . . . . . . . . . . . . . . . 21 | 12. Normative References . . . . . . . . . . . . . . . . . . . . 21 | |||
| Appendix A. Session Management -- Exemplary Session State | Appendix A. Session Management -- Exemplary Session State | |||
| Machine . . . . . . . . . . . . . . . . . . . . . . 21 | Machine . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| A.1. Use of groups for the Authorization Session State Machine 21 | A.1. Use of groups for the Authorization Session State Machine 22 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 1. Introduction | 1. Introduction | |||
| In large network deployments, a single Diameter node can support over | In large network deployments, a single Diameter node can support over | |||
| a million concurrent Diameter sessions. Recent use cases have | a million concurrent Diameter sessions. Recent use cases have | |||
| revealed the need for Diameter nodes to apply the same operation to a | revealed the need for Diameter nodes to apply the same operation to a | |||
| large group of Diameter sessions concurrently. For example, a policy | large group of Diameter sessions concurrently. For example, a policy | |||
| decision point may need to modify the authorized quality of service | decision point may need to modify the authorized quality of service | |||
| for all active users having the same type of subscription. The | for all active users having the same type of subscription. The | |||
| skipping to change at page 8, line 35 ¶ | skipping to change at page 8, line 35 ¶ | |||
| client sends a service specific request, e.g. NASREQ AA-Request | client sends a service specific request, e.g. NASREQ AA-Request | |||
| [RFC7155], containing one or more session group identifiers. Each of | [RFC7155], containing one or more session group identifiers. Each of | |||
| these groups MUST be identified by a unique Session-Group-Id | these groups MUST be identified by a unique Session-Group-Id | |||
| contained in a separate Session-Group-Info AVP as specified in | contained in a separate Session-Group-Info AVP as specified in | |||
| Section 7. | Section 7. | |||
| The client may choose one or multiple session groups from a list of | The client may choose one or multiple session groups from a list of | |||
| existing session groups. Alternatively, the client may decide to | existing session groups. Alternatively, the client may decide to | |||
| create a new group to which the session is assigned and identify | create a new group to which the session is assigned and identify | |||
| itself in the <DiameterIdentity> portion of the Session-Group-Id AVP | itself in the <DiameterIdentity> portion of the Session-Group-Id AVP | |||
| as per Section 7.3 | as per Section 7.3. For all assignments of a session to an active | |||
| session group made by the client or the server, the | ||||
| SESSION_GROUP_STATUS_IND flag in the Session-Group-Info AVP, which | ||||
| identifies the session group, MUST be set. A set | ||||
| SESSION_GROUP_STATUS_IND flag indicates that the identified session | ||||
| group has just been created or is still active. | ||||
| The client MUST set the SESSION_GROUP_ALLOCATION_ACTION flag of the | The client MUST set the SESSION_GROUP_ALLOCATION_ACTION flag of the | |||
| Session-Group-Control-Vector AVP in each appended Session-Group-Info | Session-Group-Control-Vector AVP in each appended Session-Group-Info | |||
| AVP to indicate that the session contained in the request should be | AVP to indicate that the session contained in the request should be | |||
| assigned to the identified session group. | assigned to the identified session group. | |||
| The client may also indicate in the request that the server is | The client may also indicate in the request that the server is | |||
| responsible for the assignment of the session in one or multiple | responsible for the assignment of the session in one or multiple | |||
| sessions owned by the server. In such a case, the client MUST | sessions owned by the server. In such a case, the client MUST | |||
| include the Session-Group-Info AVP in the request including the | include the Session-Group-Info AVP in the request including the | |||
| skipping to change at page 13, line 42 ¶ | skipping to change at page 13, line 46 ¶ | |||
| the command applies, a Session-Group-Info AVP including the Session- | the command applies, a Session-Group-Info AVP including the Session- | |||
| Group-Id AVP to identify the associated session group. Both, the | Group-Id AVP to identify the associated session group. Both, the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag as well as the | SESSION_GROUP_ALLOCATION_ACTION flag as well as the | |||
| SESSION_GROUP_STATUS_IND flag MUST be set. | SESSION_GROUP_STATUS_IND flag MUST be set. | |||
| If the CCF of the request mandates a Session-Id AVP, the Session-Id | If the CCF of the request mandates a Session-Id AVP, the Session-Id | |||
| AVP MUST identify one of the single sessions which is assigned to at | AVP MUST identify one of the single sessions which is assigned to at | |||
| least one of the groups being identified in the appended Session- | least one of the groups being identified in the appended Session- | |||
| Group-Id AVPs. | Group-Id AVPs. | |||
| The sender of the request MUST indicate to the receiver how follow up | The sender of the request MUST indicate to the receiver how multiple | |||
| message exchanges should be performed by appending a single instance | resulting transactions associated with a group command are to be | |||
| of the Group-Response-Action AVP. Even if the request includes | treated by appending a single instance of a Group-Response-Action | |||
| multiple instances of a Session-Group-Info AVP, the request MUST NOT | AVP. When a server sends, as example, a Re-Authorization Request | |||
| comprise more than a single instance of a Group-Response-Action AVP. | (RAR) or a service-specific server-initiated request to the client, | |||
| If the sender wants the receiver to perform follow up exchanges with | it can indicate to the client whether to process the request, after | |||
| a single command for all impacted groups, the sender sets the value | having sent the RAA to the server, with either sending a single RAR | |||
| of the Group-Response-Action AVP to ALL_GROUPS (1). If follow up | message for all identified groups (server sets the Group-Response- | |||
| message exchanges should be performed on a per-group basis in case | Action AVP to ALL_GROUPS (1)), or sending a single RAR message for | |||
| multiple groups are identified in the group command, the value of the | each identified group individually (server sets the Group-Response- | |||
| Group-Response-Action AVP is set to PER_GROUP (2). A value set to | Action AVP to PER_GROUP (1)). The server may also request the client | |||
| PER_SESSION (3) indicates to the receiver that all follow up | to follow-up with a single RAR message per impacted session (server | |||
| exchanges should be performed using a single message for each | sets the Group-Response-Action AVP to PER_SESSION). In such case, | |||
| impacted session. | the client sends only one RAR message for an impacted session in case | |||
| the session is included in more than one of the identified session | ||||
| groups. | ||||
| If the sender sends a request including the Group-Response-Action AVP | If the sender sends a request including the Group-Response-Action AVP | |||
| set to ALL_GROUPS (1) or PER_GROUP (2), it MUST expect some delay | set to ALL_GROUPS (1) or PER_GROUP (2), it MUST expect some delay | |||
| before receiving the corresponding answer(s) as the answer(s) will | before receiving the corresponding answer(s) as the answer(s) will | |||
| only be sent back when the request is processed for all the sessions | only be sent back when the request is processed for all the sessions | |||
| or all the session of a session group. If the process of the request | or all the session of a session group. If the process of the request | |||
| is delay-sensitive, the sender SHOULD NOT set the Group-Response- | is delay-sensitive, the sender SHOULD NOT set the Group-Response- | |||
| Action AVP to ALL_GROUPS (1) or PER_GROUP (2). If the answer can be | Action AVP to ALL_GROUPS (1) or PER_GROUP (2). If the answer can be | |||
| sent before the complete process of the request for all the sessions | sent before the complete process of the request for all the sessions | |||
| or if the request timeout timer is high enough, the sender MAY set | or if the request timeout timer is high enough, the sender MAY set | |||
| skipping to change at page 18, line 11 ¶ | skipping to change at page 18, line 11 ¶ | |||
| < Session-Group-Control-Vector > | < Session-Group-Control-Vector > | |||
| [ Session-Group-Id ] | [ Session-Group-Id ] | |||
| * [ AVP ] | * [ AVP ] | |||
| 7.2. Session-Group-Control-Vector AVP | 7.2. Session-Group-Control-Vector AVP | |||
| The Session-Group-Control-Vector AVP (AVP Code TBD2) is of type | The Session-Group-Control-Vector AVP (AVP Code TBD2) is of type | |||
| Unsigned32 and contains a 32-bit flags field to control the group | Unsigned32 and contains a 32-bit flags field to control the group | |||
| assignment at session-group aware nodes. | assignment at session-group aware nodes. | |||
| The following capabilities are defined in this document: | The following control flags are defined in this document: | |||
| SESSION_GROUP_ALLOCATION_ACTION (0x00000001) | SESSION_GROUP_ALLOCATION_ACTION (0x00000001) | |||
| This flag indicates the action to be performed for the identified | This flag indicates the action to be performed for the identified | |||
| session. When this flag is set, it indicates that the identified | session. When this flag is set, it indicates that the identified | |||
| Diameter session is to be assigned to the session group as | Diameter session is to be assigned to the session group as | |||
| identified by the Session-Group-Id AVP or the session's assignment | identified by the Session-Group-Id AVP or the session's assignment | |||
| to the session group identified in the Session-Group-Id AVP is | to the session group identified in the Session-Group-Id AVP is | |||
| still valid. When the flag is cleared, the identified Diameter | still valid. When the flag is cleared, the identified Diameter | |||
| session is to be removed from at least one session group. When | session is to be removed from at least one session group. When | |||
| skipping to change at page 19, line 11 ¶ | skipping to change at page 19, line 11 ¶ | |||
| recommended for a Session-Id, as defined in the section 8.8 of the | recommended for a Session-Id, as defined in the section 8.8 of the | |||
| [RFC6733]. The <DiameterIdentity> portion of the Session-Group-Id | [RFC6733]. The <DiameterIdentity> portion of the Session-Group-Id | |||
| MUST identify the Diameter node, which owns the session group. | MUST identify the Diameter node, which owns the session group. | |||
| 7.4. Group-Response-Action AVP | 7.4. Group-Response-Action AVP | |||
| The Group-Response-Action AVP (AVP Code TBD4) is of type Unsigned32 | The Group-Response-Action AVP (AVP Code TBD4) is of type Unsigned32 | |||
| and contains a 32-bit address space representing values indicating | and contains a 32-bit address space representing values indicating | |||
| how the node SHOULD issue follow up exchanges in response to a | how the node SHOULD issue follow up exchanges in response to a | |||
| command which impacts multiple sessions. The following values are | command which impacts multiple sessions. The following values are | |||
| defined by this application: | defined by this document: | |||
| ALL_GROUPS (1) | ALL_GROUPS (1) | |||
| Follow up exchanges should be performed with a single message | Follow up message exchanges associated with a group command should | |||
| exchange for all impacted groups. | be performed with a single message exchange for all impacted | |||
| groups. | ||||
| PER_GROUP (2) | PER_GROUP (2) | |||
| Follow up exchanges should be performed with a message exchange | Follow up message exchanges associated with a group command should | |||
| for each impacted group. | be performed with a separate message exchange for each impacted | |||
| group. | ||||
| PER_SESSION (3) | PER_SESSION (3) | |||
| Follow up exchanges should be performed with a message exchange | Follow up message exchanges associated with a group command should | |||
| for each impacted session. | be performed with a separate message exchange for each impacted | |||
| session. | ||||
| 7.5. Session-Group-Capability-Vector AVP | 7.5. Session-Group-Capability-Vector AVP | |||
| The Session-Group-Capability-Vector AVP (AVP Code TBD5) is of type | The Session-Group-Capability-Vector AVP (AVP Code TBD5) is of type | |||
| Unsigned32 and contains a 32-bit flags field to indicate capabilities | Unsigned32 and contains a 32-bit flags field to indicate capabilities | |||
| in the context of session-group assignment and group operations. | in the context of session-group assignment and group operations. | |||
| The following capabilities are defined in this document: | The following capabilities are defined in this document: | |||
| BASE_SESSION_GROUP_CAPABILITY (0x00000001) | BASE_SESSION_GROUP_CAPABILITY (0x00000001) | |||
| skipping to change at page 20, line 22 ¶ | skipping to change at page 20, line 22 ¶ | |||
| o Session-Group-Control-Vector | o Session-Group-Control-Vector | |||
| o Session-Group-Id | o Session-Group-Id | |||
| o Group-Response-Action | o Group-Response-Action | |||
| o Session-Group-Capability-Vector | o Session-Group-Capability-Vector | |||
| The AVPs are defined in Section 7. | The AVPs are defined in Section 7. | |||
| 9.2. New Registries | ||||
| This specification requires IANA to create two registries: | ||||
| o Session-Group-Control-Vector AVP registry for control bits with | ||||
| two initial assignments, which are described in Section 7.2. The | ||||
| future registration assignment policy is proposed to be | ||||
| Specification Required. | ||||
| o Session-Group-Capability-Vector AVP with one initial assignment, | ||||
| which is described in Section 7.5. The future registration | ||||
| assignment policy is proposed to be Standards Action. | ||||
| The AVP names can be used as registry names. | ||||
| 10. Security Considerations | 10. Security Considerations | |||
| The security considerations of the Diameter protocol itself are | The security considerations of the Diameter protocol itself are | |||
| discussed in [RFC6733]. Use of the AVPs defined in this document | discussed in [RFC6733]. Use of the AVPs defined in this document | |||
| MUST take into consideration the security issues and requirements of | MUST take into consideration the security issues and requirements of | |||
| the Diameter base protocol. In particular, the Session-Group-Info | the Diameter base protocol. In particular, the Session-Group-Info | |||
| AVP (including the Session-group-Control-Vector and the Session- | AVP (including the Session-group-Control-Vector and the Session- | |||
| Group-Id AVPs) should be considered as a security-sensitive AVPs in | Group-Id AVPs) should be considered as a security-sensitive AVPs in | |||
| the same manner than the Session-Id AVP in the Diameter base protocol | the same manner than the Session-Id AVP in the Diameter base protocol | |||
| [RFC6733]. | [RFC6733]. | |||
| End of changes. 14 change blocks. | ||||
| 29 lines changed or deleted | 55 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||