Agenda
-
Upload
echo-guerrero -
Category
Documents
-
view
22 -
download
0
description
Transcript of Agenda
Diff Serv and QoS Diff Serv and QoS Support in Microsoft HostsSupport in Microsoft Hosts
Peter S. FordPeter S. [email protected]@microsoft.com
NANOG, 8 June 1998NANOG, 8 June 1998
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 22
AgendaAgenda
Why QoS?Why QoS? Role of Hosts in providing QoSRole of Hosts in providing QoS Microsoft NT QoS ComponentsMicrosoft NT QoS Components
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 33
Diff Serv WG ObservationDiff Serv WG Observation
““100s of Bald Men arguing 100s of Bald Men arguing over 8 Combs” - over 8 Combs” - An Internet WagAn Internet Wag
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 44
What Needs QoS?What Needs QoS? VPNs over the InternetVPNs over the Internet
High value traffic - branch offices and High value traffic - branch offices and telecommuterstelecommuters
Easy to do with static config of filter listsEasy to do with static config of filter lists Current focus of Industry BuzzCurrent focus of Industry Buzz
Applications sensitive to packet lossApplications sensitive to packet loss SAP, SQL, RPC, SNA, DEC LAT, …SAP, SQL, RPC, SNA, DEC LAT, … Web “RPC” - HTTP getWeb “RPC” - HTTP get Audio over RTP/UDP - Voice over IPAudio over RTP/UDP - Voice over IP Many of these are harder to do with static Many of these are harder to do with static
configurations based on layer 3 filtersconfigurations based on layer 3 filters
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 55
Hosts and QoSHosts and QoS QoS, Diff Serv, etc. enhance carriage of QoS, Diff Serv, etc. enhance carriage of
application bits over the networkapplication bits over the network In many cases In many cases onlyonly the hosts/apps the hosts/apps
have knowledge of QoS needshave knowledge of QoS needs Certain web pages have priorityCertain web pages have priority
ports are not enough to classify trafficports are not enough to classify traffic End to end IP security End to end IP security
there are no ports to look atthere are no ports to look at
Hosts have an important role in the Hosts have an important role in the evolving QoS landscapeevolving QoS landscape
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 66
Managing Resource Managing Resource Allocation In The NetworkAllocation In The Network
Current IP networks are “Best Effort” (BE) - Current IP networks are “Best Effort” (BE) - Standby Model w/in-flight bumping Standby Model w/in-flight bumping
““QoS Enabled Networks” - Network QoS Enabled Networks” - Network Resources allocated btw BE and “more Resources allocated btw BE and “more important” traffic (e.g. queue, priority, important” traffic (e.g. queue, priority, bandwidth, etc.)bandwidth, etc.)
Hosts signal network and request resource Hosts signal network and request resource for entitled users/applications subject to for entitled users/applications subject to Network Admission ControlNetwork Admission Control
Net Admins Authorize and Prioritize access Net Admins Authorize and Prioritize access to resources based on user applicationto resources based on user application
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 77
QoS Mechanisms ExploitedQoS Mechanisms Exploited Precedence/PriorityPrecedence/Priority
IP TOS/Precedence bits (layer 3)IP TOS/Precedence bits (layer 3) tracking where differentiated tracking where differentiated
services ends up ...services ends up ... IEEE 802.1p (layer2)IEEE 802.1p (layer2)
Application Flows can be isolated, Application Flows can be isolated, prioritized and scheduled by the prioritized and scheduled by the StackStack
Signaling into Network (RSVP, ATM)Signaling into Network (RSVP, ATM) Network Admins configure QoS Network Admins configure QoS
Policy on hosts and in the networkPolicy on hosts and in the network
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 88
QoS-aware QoS-aware applicationapplication
QoS SPQoS SP
TCP/IPTCP/IP
Packet Packet SchedulerScheduler
NetcardsNetcards
Network mgmt. Network mgmt. applicationapplication
WinSock2 QoSWinSock2 QoS APIAPI
TCI APITCI API
Pa
cke
t cl
ass
ifie
rP
ack
et
cla
ssif
ier
ACS/SBMACS/SBM
Microsoft QoS ComponentsMicrosoft QoS ComponentsDirectory
Services for QoS Policy
Storage
LDAP forPolicies
Routers/Switches
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 99
Traffic Traffic controlcontrol
FTPFTP NetmeetingNetmeeting
ACSACS
RSVP PATHRSVP PATH1 Mbps1 Mbps
controlled loadcontrolled load\\redmond\userx\\redmond\userx
CheckCheck\\redmond\userx\\redmond\userx
DSDS
RouterRouter
RSVPRSVP ISPISPw/Diff Servw/Diff Serv
Prio=5Prio=5
Prio=1Prio=1
802.1p802.1pPriorityPriority
ReceiverReceiver
DS based QoS NetworkingDS based QoS Networking
Packets Rescheduled
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1010
Microsoft QoS ComponentsMicrosoft QoS Components WinSock 2 Generic QoS API WinSock 2 Generic QoS API
Allows applications to request the QoS Allows applications to request the QoS they need, regardless of the they need, regardless of the underlying mechanisms (RSVP, IP Priority, ...) underlying mechanisms (RSVP, IP Priority, ...)
QoS Signaling - End System to NetworkQoS Signaling - End System to Network Explicit - RSVP with Policy Objects (e.g. user id)Explicit - RSVP with Policy Objects (e.g. user id)
integrated with IPSECintegrated with IPSEC Implicit - IP Diff Serv /IEEE 802.1p Implicit - IP Diff Serv /IEEE 802.1p
Traffic Control API w/Kernel Stack SupportTraffic Control API w/Kernel Stack Support Kernel based queueing of traffic flowsKernel based queueing of traffic flows IP, IEEE 802.1P precedence/priorityIP, IEEE 802.1P precedence/priority
Admission Control ServiceAdmission Control Service QoS Directory Console for Network AdminsQoS Directory Console for Network Admins In network policy enforcementIn network policy enforcement Also adds L2 shared media managementAlso adds L2 shared media management
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1111
ACS Management ModelACS Management Model Network Admin Administers QoS Network Admin Administers QoS
Policies in the Directory ServicePolicies in the Directory Service User Object is extended to permit a User Object is extended to permit a
mapping from a User to a Group Profilemapping from a User to a Group Profile e.g. Redmond\Bob -> Programmerse.g. Redmond\Bob -> Programmers
Default policies at Organization LevelDefault policies at Organization Level ““All users can reserve up to 500 Kbps”All users can reserve up to 500 Kbps” ““Programmers get 100 Kbps”Programmers get 100 Kbps” Enterprise-wide User, Profile policiesEnterprise-wide User, Profile policies
Per Subnetwork PoliciesPer Subnetwork Policies Individual Users and Group ProfilesIndividual Users and Group Profiles
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1212
ACS Policy OperationACS Policy Operation Host RSVP service provider inserts RSVP Host RSVP service provider inserts RSVP
policy objects in RSVP messagespolicy objects in RSVP messages Contains User Identity represented as an Contains User Identity represented as an
encrypted DN {dc=com, dc=microsoft, encrypted DN {dc=com, dc=microsoft, ou=redmond, n=bob}Ksessionou=redmond, n=bob}Ksession
Security token to prove identity (kerberos ticket Security token to prove identity (kerberos ticket for ACS service)for ACS service) Ticket encrypted in private key of ACS serviceTicket encrypted in private key of ACS service Session Key (Ksession) is in TicketSession Key (Ksession) is in Ticket
Digital signature over RSVP message to avoid Digital signature over RSVP message to avoid policy object reuse (cut and paste)policy object reuse (cut and paste)
ACS servers in network authorize requestsACS servers in network authorize requests Crack ticket to get identity of requestorCrack ticket to get identity of requestor Check User’s Policy in the DirectoryCheck User’s Policy in the Directory
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1313
In SummaryIn Summary Need many pieces of QoS picture to Need many pieces of QoS picture to
satisfy customer requirementssatisfy customer requirements Diff Serv for ISPs and large networksDiff Serv for ISPs and large networks Fine grain policy control Fine grain policy control Centralized management for QoS PoliciesCentralized management for QoS Policies
both Diff Serv and RSVP signaled flowsboth Diff Serv and RSVP signaled flows Use of Directory servicesUse of Directory services
RSVP may prove useful in many waysRSVP may prove useful in many ways Internal provisioning of QoS - PASTE (Li Internal provisioning of QoS - PASTE (Li
and Rehkter)and Rehkter) Customer to ISP - dynamic signaling Customer to ISP - dynamic signaling
instead of the desert of pre- provisioninginstead of the desert of pre- provisioning
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1414
Admission Control Services Admission Control Services Policy FunctionalityPolicy Functionality
Admission Control Servers Admission Control Servers part of RSVP process on a network server (NT, switch, router, etc.)part of RSVP process on a network server (NT, switch, router, etc.) implements RSVP and SBMimplements RSVP and SBM ACS takes requests and tests against policy and/or resource limitsACS takes requests and tests against policy and/or resource limits
Hosts can use RSVP signalingHosts can use RSVP signaling Hosts on LANs also participate in SBMHosts on LANs also participate in SBM
Policies are maintained in the Directory (DS)Policies are maintained in the Directory (DS) ACS uses LDAP to retrieve Policy Information from DSACS uses LDAP to retrieve Policy Information from DS ACS Policy is per subnetwork/per userACS Policy is per subnetwork/per user Can be abstracted to “per Enterprise/Per Group”Can be abstracted to “per Enterprise/Per Group” Enables approval/denial of resources based on user ID, time of day, Enables approval/denial of resources based on user ID, time of day,
resource limits (bandwidth, priority, ...), etc. resource limits (bandwidth, priority, ...), etc.
Can Aggregate requests into priority groups at ISP/WAN Can Aggregate requests into priority groups at ISP/WAN interfacesinterfaces can “re-write” user id to corp id at ISP boundariescan “re-write” user id to corp id at ISP boundaries
NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 1515
Extensibility of ACS Policy Extensibility of ACS Policy FrameworkFramework
Can add new policy objects to RSVP Can add new policy objects to RSVP messagesmessages
Can add new policy interpretation Can add new policy interpretation modules to ACS serversmodules to ACS servers API to call out to policy moduleAPI to call out to policy module
Can extend ACS policy objects in the Can extend ACS policy objects in the DirectoryDirectory
End Systems can pull policy down from End Systems can pull policy down from Directory to configure QoSDirectory to configure QoS