Agenda

Diff Serv and QoS Diff Serv and QoS Support in Microsoft HostsSupport in Microsoft Hosts

Peter S. FordPeter S. [email protected]@microsoft.com

NANOG, 8 June 1998NANOG, 8 June 1998

NANOG, 8 June 1998 Slide NANOG, 8 June 1998 Slide 22

AgendaAgenda

Why QoS?Why QoS? Role of Hosts in providing QoSRole of Hosts in providing QoS Microsoft NT QoS ComponentsMicrosoft NT QoS Components


Diff Serv WG ObservationDiff Serv WG Observation

““100s of Bald Men arguing 100s of Bald Men arguing over 8 Combs” - over 8 Combs” - An Internet WagAn Internet Wag


What Needs QoS?What Needs QoS? VPNs over the InternetVPNs over the Internet

High value traffic - branch offices and High value traffic - branch offices and telecommuterstelecommuters

Easy to do with static config of filter listsEasy to do with static config of filter lists Current focus of Industry BuzzCurrent focus of Industry Buzz

Applications sensitive to packet lossApplications sensitive to packet loss SAP, SQL, RPC, SNA, DEC LAT, …SAP, SQL, RPC, SNA, DEC LAT, … Web “RPC” - HTTP getWeb “RPC” - HTTP get Audio over RTP/UDP - Voice over IPAudio over RTP/UDP - Voice over IP Many of these are harder to do with static Many of these are harder to do with static

configurations based on layer 3 filtersconfigurations based on layer 3 filters


Hosts and QoSHosts and QoS QoS, Diff Serv, etc. enhance carriage of QoS, Diff Serv, etc. enhance carriage of

application bits over the networkapplication bits over the network In many cases In many cases onlyonly the hosts/apps the hosts/apps

have knowledge of QoS needshave knowledge of QoS needs Certain web pages have priorityCertain web pages have priority

ports are not enough to classify trafficports are not enough to classify traffic End to end IP security End to end IP security

there are no ports to look atthere are no ports to look at

Hosts have an important role in the Hosts have an important role in the evolving QoS landscapeevolving QoS landscape


Managing Resource Managing Resource Allocation In The NetworkAllocation In The Network

Current IP networks are “Best Effort” (BE) - Current IP networks are “Best Effort” (BE) - Standby Model w/in-flight bumping Standby Model w/in-flight bumping

““QoS Enabled Networks” - Network QoS Enabled Networks” - Network Resources allocated btw BE and “more Resources allocated btw BE and “more important” traffic (e.g. queue, priority, important” traffic (e.g. queue, priority, bandwidth, etc.)bandwidth, etc.)

Hosts signal network and request resource Hosts signal network and request resource for entitled users/applications subject to for entitled users/applications subject to Network Admission ControlNetwork Admission Control

Net Admins Authorize and Prioritize access Net Admins Authorize and Prioritize access to resources based on user applicationto resources based on user application


QoS Mechanisms ExploitedQoS Mechanisms Exploited Precedence/PriorityPrecedence/Priority

IP TOS/Precedence bits (layer 3)IP TOS/Precedence bits (layer 3) tracking where differentiated tracking where differentiated

services ends up ...services ends up ... IEEE 802.1p (layer2)IEEE 802.1p (layer2)

Application Flows can be isolated, Application Flows can be isolated, prioritized and scheduled by the prioritized and scheduled by the StackStack

Signaling into Network (RSVP, ATM)Signaling into Network (RSVP, ATM) Network Admins configure QoS Network Admins configure QoS

Policy on hosts and in the networkPolicy on hosts and in the network


QoS-aware QoS-aware applicationapplication

QoS SPQoS SP

TCP/IPTCP/IP

Packet Packet SchedulerScheduler

NetcardsNetcards

Network mgmt. Network mgmt. applicationapplication

WinSock2 QoSWinSock2 QoS APIAPI

TCI APITCI API

Pa

cke

t cl

ass

ifie

rP

ack

et

cla

ssif

ier

ACS/SBMACS/SBM

Microsoft QoS ComponentsMicrosoft QoS ComponentsDirectory

Services for QoS Policy

Storage

LDAP forPolicies

Routers/Switches


Traffic Traffic controlcontrol

FTPFTP NetmeetingNetmeeting

ACSACS

RSVP PATHRSVP PATH1 Mbps1 Mbps

controlled loadcontrolled load\\redmond\userx\\redmond\userx

CheckCheck\\redmond\userx\\redmond\userx

DSDS

RouterRouter

RSVPRSVP ISPISPw/Diff Servw/Diff Serv

Prio=5Prio=5

Prio=1Prio=1

802.1p802.1pPriorityPriority

ReceiverReceiver

DS based QoS NetworkingDS based QoS Networking

Packets Rescheduled


Microsoft QoS ComponentsMicrosoft QoS Components WinSock 2 Generic QoS API WinSock 2 Generic QoS API

Allows applications to request the QoS Allows applications to request the QoS they need, regardless of the they need, regardless of the underlying mechanisms (RSVP, IP Priority, ...) underlying mechanisms (RSVP, IP Priority, ...)

QoS Signaling - End System to NetworkQoS Signaling - End System to Network Explicit - RSVP with Policy Objects (e.g. user id)Explicit - RSVP with Policy Objects (e.g. user id)

integrated with IPSECintegrated with IPSEC Implicit - IP Diff Serv /IEEE 802.1p Implicit - IP Diff Serv /IEEE 802.1p

Traffic Control API w/Kernel Stack SupportTraffic Control API w/Kernel Stack Support Kernel based queueing of traffic flowsKernel based queueing of traffic flows IP, IEEE 802.1P precedence/priorityIP, IEEE 802.1P precedence/priority

Admission Control ServiceAdmission Control Service QoS Directory Console for Network AdminsQoS Directory Console for Network Admins In network policy enforcementIn network policy enforcement Also adds L2 shared media managementAlso adds L2 shared media management


ACS Management ModelACS Management Model Network Admin Administers QoS Network Admin Administers QoS

Policies in the Directory ServicePolicies in the Directory Service User Object is extended to permit a User Object is extended to permit a

mapping from a User to a Group Profilemapping from a User to a Group Profile e.g. Redmond\Bob -> Programmerse.g. Redmond\Bob -> Programmers

Default policies at Organization LevelDefault policies at Organization Level ““All users can reserve up to 500 Kbps”All users can reserve up to 500 Kbps” ““Programmers get 100 Kbps”Programmers get 100 Kbps” Enterprise-wide User, Profile policiesEnterprise-wide User, Profile policies

Per Subnetwork PoliciesPer Subnetwork Policies Individual Users and Group ProfilesIndividual Users and Group Profiles


ACS Policy OperationACS Policy Operation Host RSVP service provider inserts RSVP Host RSVP service provider inserts RSVP

policy objects in RSVP messagespolicy objects in RSVP messages Contains User Identity represented as an Contains User Identity represented as an

encrypted DN {dc=com, dc=microsoft, encrypted DN {dc=com, dc=microsoft, ou=redmond, n=bob}Ksessionou=redmond, n=bob}Ksession

Security token to prove identity (kerberos ticket Security token to prove identity (kerberos ticket for ACS service)for ACS service) Ticket encrypted in private key of ACS serviceTicket encrypted in private key of ACS service Session Key (Ksession) is in TicketSession Key (Ksession) is in Ticket

Digital signature over RSVP message to avoid Digital signature over RSVP message to avoid policy object reuse (cut and paste)policy object reuse (cut and paste)

ACS servers in network authorize requestsACS servers in network authorize requests Crack ticket to get identity of requestorCrack ticket to get identity of requestor Check User’s Policy in the DirectoryCheck User’s Policy in the Directory


In SummaryIn Summary Need many pieces of QoS picture to Need many pieces of QoS picture to

satisfy customer requirementssatisfy customer requirements Diff Serv for ISPs and large networksDiff Serv for ISPs and large networks Fine grain policy control Fine grain policy control Centralized management for QoS PoliciesCentralized management for QoS Policies

both Diff Serv and RSVP signaled flowsboth Diff Serv and RSVP signaled flows Use of Directory servicesUse of Directory services

RSVP may prove useful in many waysRSVP may prove useful in many ways Internal provisioning of QoS - PASTE (Li Internal provisioning of QoS - PASTE (Li

and Rehkter)and Rehkter) Customer to ISP - dynamic signaling Customer to ISP - dynamic signaling

instead of the desert of pre- provisioninginstead of the desert of pre- provisioning


Admission Control Services Admission Control Services Policy FunctionalityPolicy Functionality

Admission Control Servers Admission Control Servers part of RSVP process on a network server (NT, switch, router, etc.)part of RSVP process on a network server (NT, switch, router, etc.) implements RSVP and SBMimplements RSVP and SBM ACS takes requests and tests against policy and/or resource limitsACS takes requests and tests against policy and/or resource limits

Hosts can use RSVP signalingHosts can use RSVP signaling Hosts on LANs also participate in SBMHosts on LANs also participate in SBM

Policies are maintained in the Directory (DS)Policies are maintained in the Directory (DS) ACS uses LDAP to retrieve Policy Information from DSACS uses LDAP to retrieve Policy Information from DS ACS Policy is per subnetwork/per userACS Policy is per subnetwork/per user Can be abstracted to “per Enterprise/Per Group”Can be abstracted to “per Enterprise/Per Group” Enables approval/denial of resources based on user ID, time of day, Enables approval/denial of resources based on user ID, time of day,

resource limits (bandwidth, priority, ...), etc. resource limits (bandwidth, priority, ...), etc.

Can Aggregate requests into priority groups at ISP/WAN Can Aggregate requests into priority groups at ISP/WAN interfacesinterfaces can “re-write” user id to corp id at ISP boundariescan “re-write” user id to corp id at ISP boundaries


Extensibility of ACS Policy Extensibility of ACS Policy FrameworkFramework

Can add new policy objects to RSVP Can add new policy objects to RSVP messagesmessages

Can add new policy interpretation Can add new policy interpretation modules to ACS serversmodules to ACS servers API to call out to policy moduleAPI to call out to policy module

Can extend ACS policy objects in the Can extend ACS policy objects in the DirectoryDirectory

End Systems can pull policy down from End Systems can pull policy down from Directory to configure QoSDirectory to configure QoS

Agenda

Documents

Transcript of Agenda