| rfc7594v8.txt | rfc7594.txt | |||
|---|---|---|---|---|
| skipping to change at page 13, line 48 | skipping to change at page 13, line 48 | |||
| 1. What problem is the protocol trying to address? | 1. What problem is the protocol trying to address? | |||
| 2. What messages are being transmitted and what do they mean? | 2. What messages are being transmitted and what do they mean? | |||
| 3. What are the important, but not obvious [sic], features of the | 3. What are the important, but not obvious [sic], features of the | |||
| protocol? | protocol? | |||
| An LMAP system goes through the following phases: | An LMAP system goes through the following phases: | |||
| o a bootstrapping process before the MA can take part in the other | o a Bootstrapping process before the MA can take part in the other | |||
| three phases. | three phases. | |||
| o a Control Protocol, which delivers Instruction Messages from a | o a Control Protocol, which delivers Instruction Messages from a | |||
| Controller to an MA (amongst other things). | Controller to an MA (amongst other things). | |||
| o the actual Measurement Tasks, which measure some performance or | o the actual Measurement Tasks, which measure some performance or | |||
| reliability parameter(s) associated with the transfer of packets. | reliability parameter(s) associated with the transfer of packets. | |||
| o a Report Protocol, which delivers Reports containing the | o a Report Protocol, which delivers Reports containing the | |||
| Measurement Results from an MA to a Collector. | Measurement Results from an MA to a Collector. | |||
| skipping to change at page 14, line 39 | skipping to change at page 14, line 39 | |||
| 5.1. Bootstrapping Process | 5.1. Bootstrapping Process | |||
| The primary purpose of bootstrapping is to enable an MA to be | The primary purpose of bootstrapping is to enable an MA to be | |||
| integrated into a Measurement System. The MA retrieves information | integrated into a Measurement System. The MA retrieves information | |||
| about itself (like its identity in the Measurement System) and about | about itself (like its identity in the Measurement System) and about | |||
| the Controller, the Controller learns information about the MA, and | the Controller, the Controller learns information about the MA, and | |||
| they learn about security information to communicate (such as | they learn about security information to communicate (such as | |||
| certificates and credentials). | certificates and credentials). | |||
| Whilst this memo considers the bootstrapping process, it is beyond | Whilst this memo considers the Bootstrapping process, it is beyond | |||
| the scope of initial LMAP work to define a Bootstrap mechanism, as it | the scope of initial LMAP work to define a Bootstrap mechanism, as it | |||
| depends on the type of device and access. | depends on the type of device and access. | |||
| As a result of the bootstrapping process, the MA learns the following | As a result of the Bootstrapping process, the MA learns the following | |||
| information ([LMAP-INFO] defines the consequent list of information | information ([LMAP-INFO] defines the consequent list of information | |||
| elements): | elements): | |||
| o its identifier, either its MA-ID or a device identifier such as | o its identifier, either its MA-ID or a device identifier such as | |||
| one of its Media Access Controls (MACs) addresses or both. | one of its Media Access Controls (MACs) addresses or both. | |||
| o (optionally) a Group-ID, shared by several MAs and could be useful | o (optionally) a Group-ID, shared by several MAs and could be useful | |||
| for privacy reasons. For instance, reporting the Group-ID and not | for privacy reasons. For instance, reporting the Group-ID and not | |||
| the MA-ID could hinder tracking of a mobile device. | the MA-ID could hinder tracking of a mobile device. | |||
| o the Control Channel, which is defined by: | o the Control Channel, which is defined by: | |||
| * the address that identifies the Control Channel, such as the | * the address that identifies the Control Channel, such as the | |||
| Controller's FQDN (Fully Qualified Domain Name) [RFC1035]). | Controller's FQDN (Fully Qualified Domain Name) [RFC1035]). | |||
| * security information (for example, to enable the MA to decrypt | * security information (for example, to enable the MA to decrypt | |||
| the Instruction Message and encrypt messages sent to the | the Instruction Message and encrypt messages sent to the | |||
| Controller). | Controller). | |||
| The details of the bootstrapping process are device/access specific. | The details of the Bootstrapping process are device/access specific. | |||
| For example, the information could be in the firmware, manually | For example, the information could be in the firmware, manually | |||
| configured, or transferred via a protocol like that described in | configured, or transferred via a protocol like that described in | |||
| TR-069 [TR-069]. There may be a multi-stage process where the MA | TR-069 [TR-069]. There may be a multi-stage process where the MA | |||
| contacts a 'hard-coded' address, which replies with the bootstrapping | contacts a 'hard-coded' address, which replies with the bootstrapping | |||
| information. | information. | |||
| The MA must learn its MA-ID before getting an Instruction, either | The MA must learn its MA-ID before getting an Instruction, either | |||
| during Bootstrapping or via Configuration (Section 5.2.1). | during Bootstrapping or via Configuration (Section 5.2.1). | |||
| 5.2. Control Protocol | 5.2. Control Protocol | |||
| skipping to change at page 15, line 39 | skipping to change at page 15, line 39 | |||
| Measurement Results (Section 5.2.2). The Measurement Agent then acts | Measurement Results (Section 5.2.2). The Measurement Agent then acts | |||
| on the Instruction autonomously. The Control Protocol also enables | on the Instruction autonomously. The Control Protocol also enables | |||
| the MA to inform the Controller about its Capabilities and any | the MA to inform the Controller about its Capabilities and any | |||
| Failure and Logging Information (Section 5.2.3). Finally, the | Failure and Logging Information (Section 5.2.3). Finally, the | |||
| Control Protocol allows the Controller to update the MA's | Control Protocol allows the Controller to update the MA's | |||
| Configuration. | Configuration. | |||
| 5.2.1. Configuration | 5.2.1. Configuration | |||
| Configuration allows the Controller to update the MA about some or | Configuration allows the Controller to update the MA about some or | |||
| all of the information that it obtained during the bootstrapping | all of the information that it obtained during the Bootstrapping | |||
| process: the MA-ID, the (optional) Group-ID, and the Control Channel. | process: the MA-ID, the (optional) Group-ID, and the Control Channel. | |||
| Figure 2 outlines the Configuration process. The Measurement System | Figure 2 outlines the Configuration process. The Measurement System | |||
| might use Configuration for several reasons. For example, the | might use Configuration for several reasons. For example, the | |||
| bootstrapping process could 'hard code' the MA with details of an | Bootstrapping process could 'hard code' the MA with details of an | |||
| initial Controller, and then the initial Controller could configure | initial Controller, and then the initial Controller could configure | |||
| the MA with details about the Controller that sends Instruction | the MA with details about the Controller that sends Instruction | |||
| Messages. (Note that an MA only has one Control Channel, so it is | Messages. (Note that an MA only has one Control Channel, so it is | |||
| associated with only one Controller, at any moment.) | associated with only one Controller, at any moment.) | |||
| Note that an implementation may choose to combine Configuration | Note that an implementation may choose to combine Configuration | |||
| information and an Instruction Message into a single message. | information and an Instruction Message into a single message. | |||
| +-----------------+ +-------------+ | +-----------------+ +-------------+ | |||
| | | | Measurement | | | | | Measurement | | |||
| skipping to change at page 19, line 23 | skipping to change at page 19, line 23 | |||
| o if the Suppression information includes neither a set of | o if the Suppression information includes neither a set of | |||
| Measurement Tasks nor a set of Measurement Schedules, then the MA | Measurement Tasks nor a set of Measurement Schedules, then the MA | |||
| does not begin new Measurement Tasks that have the boolean flag | does not begin new Measurement Tasks that have the boolean flag | |||
| set to suppress; however, the MA does begin new Measurement Tasks | set to suppress; however, the MA does begin new Measurement Tasks | |||
| that have the flag set to do-not-suppress. | that have the flag set to do-not-suppress. | |||
| o a start time, at which Suppression begins. If absent, then | o a start time, at which Suppression begins. If absent, then | |||
| Suppression begins immediately. | Suppression begins immediately. | |||
| o an end time, at which Suppression ends. If absent, then | o an end time, at which Suppression ends. If absent, then | |||
| Suppression continues until the MA receives an un-suppress | Suppression continues until the MA receives an Un-suppress | |||
| message. | message. | |||
| o a demand that the MA immediately end on-going Measurement Task(s) | o a demand that the MA immediately end on-going Measurement Task(s) | |||
| that are tagged for Suppression. (Most likely it is appropriate | that are tagged for Suppression. (Most likely it is appropriate | |||
| to delete the associated partial Measurement Result(s).) This | to delete the associated partial Measurement Result(s).) This | |||
| could be useful in the case of a network emergency so that the | could be useful in the case of a network emergency so that the | |||
| operator can eliminate all inessential traffic as rapidly as | operator can eliminate all inessential traffic as rapidly as | |||
| possible. If absent, the MA completes on-going Measurement Tasks. | possible. If absent, the MA completes on-going Measurement Tasks. | |||
| An un-suppress message instructs the MA to no longer suppress, | An Un-suppress message instructs the MA to no longer suppress, | |||
| meaning that the MA once again begins new Measurement Tasks, | meaning that the MA once again begins new Measurement Tasks, | |||
| according to its Measurement Schedule. | according to its Measurement Schedule. | |||
| Note that Suppression is not intended to permanently stop a | Note that Suppression is not intended to permanently stop a | |||
| Measurement Task (instead, the Controller should send a new | Measurement Task (instead, the Controller should send a new | |||
| Measurement Schedule), nor to permanently disable an MA (instead, | Measurement Schedule), nor to permanently disable an MA (instead, | |||
| some kind of management action is suggested). | some kind of management action is suggested). | |||
| +-----------------+ +-------------+ | +-----------------+ +-------------+ | |||
| | | | Measurement | | | | | Measurement | | |||
| | Controller |==============================| Agent | | | Controller |==============================| Agent | | |||
| +-----------------+ +-------------+ | +-----------------+ +-------------+ | |||
| Suppress: | Suppress: | |||
| [(Measurement Task), -> | [(Measurement Task), -> | |||
| (Measurement Schedule), | (Measurement Schedule), | |||
| (start time), | (start time), | |||
| (end time), | (end time), | |||
| (on-going suppressed?)] | (on-going suppressed?)] | |||
| un-suppress -> | Un-suppress -> | |||
| Figure 4: Outlines of Suppression | Figure 4: Outline of Suppression | |||
| 5.2.3. Capabilities, Failure, and Logging Information | 5.2.3. Capabilities, Failure, and Logging Information | |||
| The Control Protocol also enables the MA to inform the Controller | The Control Protocol also enables the MA to inform the Controller | |||
| about various information, such as its Capabilities and any Failures. | about various information, such as its Capabilities and any Failures. | |||
| Figure 5 outlines the process for Capabilities, Failure, and Logging | Figure 5 outlines the process for Capabilities, Failure, and Logging | |||
| Information. It is also possible to use a device-specific mechanism, | Information. It is also possible to use a device-specific mechanism, | |||
| which is beyond the scope of the initial LMAP work. | which is beyond the scope of the initial LMAP work. | |||
| Capabilities are information about the MA that the Controller needs | Capabilities are information about the MA that the Controller needs | |||
| skipping to change at page 22, line 17 | skipping to change at page 22, line 17 | |||
| | Controller |==================================| Agent | | | Controller |==================================| Agent | | |||
| +-----------------+ +-------------+ | +-----------------+ +-------------+ | |||
| (Request Capabilities), | (Request Capabilities), | |||
| (Request Failure Information), | (Request Failure Information), | |||
| (Request Logging Information), | (Request Logging Information), | |||
| (Request Instruction) -> | (Request Instruction) -> | |||
| <- (Capabilities), | <- (Capabilities), | |||
| (Failure Information), | (Failure Information), | |||
| (Logging Information), | (Logging Information), | |||
| (Instruction) | (Instruction) | |||
| Figure 5: Outline of Capabilities, Failure, and Logging Information | Figure 5: Outline of Capabilities, Failure, and Logging Information | |||
| 5.3. Operation of Measurement Tasks | 5.3. Operation of Measurement Tasks | |||
| This LMAP framework is neutral to what the actual Measurement Task | This LMAP framework is neutral to what the actual Measurement Task | |||
| is. It does not define Metrics and Measurement Methods; these are | is. It does not define Metrics and Measurement Methods; these are | |||
| defined elsewhere. | defined elsewhere. | |||
| The MA carries out the Measurement Tasks as instructed, unless it | The MA carries out the Measurement Tasks as instructed, unless it | |||
| skipping to change at page 41, line 46 | skipping to change at page 41, line 46 | |||
| been compromised. Likewise, all devices on the paths used for | been compromised. Likewise, all devices on the paths used for | |||
| control, reporting, and measurement are also observers. | control, reporting, and measurement are also observers. | |||
| 8.4.1. MA Bootstrapping | 8.4.1. MA Bootstrapping | |||
| Section 5.1 provides the communication model for the Bootstrapping | Section 5.1 provides the communication model for the Bootstrapping | |||
| process. | process. | |||
| Although the specification of mechanisms for bootstrapping the MA are | Although the specification of mechanisms for bootstrapping the MA are | |||
| beyond the scope of the initial LMAP work, designers should recognise | beyond the scope of the initial LMAP work, designers should recognise | |||
| that the bootstrapping process is extremely powerful and could cause | that the Bootstrapping process is extremely powerful and could cause | |||
| an MA to join a new or different LMAP system with a different | an MA to join a new or different LMAP system with a different | |||
| Controller and Collector, or simply install new Metrics with | Controller and Collector, or simply install new Metrics with | |||
| associated Measurement Methods (for example, to record DNS queries). | associated Measurement Methods (for example, to record DNS queries). | |||
| A Bootstrap attack could result in a breach of the LMAP system with | A Bootstrap attack could result in a breach of the LMAP system with | |||
| significant sensitive information exposure depending on the | significant sensitive information exposure depending on the | |||
| capabilities of the MA, so sufficient security protections are | capabilities of the MA, so sufficient security protections are | |||
| warranted. | warranted. | |||
| The bootstrapping process provides sensitive information about the | The Bootstrapping process provides sensitive information about the | |||
| LMAP system and the organisation that operates it, such as | LMAP system and the organisation that operates it, such as | |||
| o the MA's identifier (MA-ID) | o the MA's identifier (MA-ID) | |||
| o the address that identifies the Control Channel, such as the | o the address that identifies the Control Channel, such as the | |||
| Controller's FQDN | Controller's FQDN | |||
| o Security information for the Control Channel | o Security information for the Control Channel | |||
| During the Bootstrap process for an MA located at a single | During the Bootstrap process for an MA located at a single | |||
| skipping to change at page 44, line 9 | skipping to change at page 44, line 9 | |||
| the Measurement Peer to MA, MA to Measurement Peer, or both. | the Measurement Peer to MA, MA to Measurement Peer, or both. | |||
| Similarly, a second (or more) MAs may be involved. (Note: For | Similarly, a second (or more) MAs may be involved. (Note: For | |||
| simplicity, Figure 11 and the description don't show the non-LMAP | simplicity, Figure 11 and the description don't show the non-LMAP | |||
| functionality that is associated with the transfer of the Measurement | functionality that is associated with the transfer of the Measurement | |||
| Traffic and is located at the devices with the MA and MP.) | Traffic and is located at the devices with the MA and MP.) | |||
| _________________ _________________ | _________________ _________________ | |||
| | | | | | | | | | | |||
| |Measurement Peer |=========== NAT ? ==========|Measurement Agent| | |Measurement Peer |=========== NAT ? ==========|Measurement Agent| | |||
| |_________________| |_________________| | |_________________| |_________________| | |||
| <- (Key Negotiation & | <- (Key Negotiation & | |||
| Encryption Setup) | Encryption Setup) | |||
| (Encrypted Channel -> | (Encrypted Channel -> | |||
| Established) | Established) | |||
| (Announce capabilities -> | (Announce capabilities -> | |||
| & status) | & status) | |||
| <- (Select capabilities) | <- (Select capabilities) | |||
| ACK -> | ACK -> | |||
| <- (Measurement Request | <- (Measurement Request | |||
| (MA+MP IPAddrs,set of | (MA+MP IPAddrs,set of | |||
| Metrics, Schedule)) | Metrics, Schedule)) | |||
| ACK -> | ACK -> | |||
| Measurement Traffic <> Measurement Traffic | Measurement Traffic <> Measurement Traffic | |||
| (may/may not be encrypted) (may/may not be encrypted) | (may/may not be encrypted) (may/may not be encrypted) | |||
| <- (Stop Measurement Task) | <- (Stop Measurement Task) | |||
| Measurement Results -> | Measurement Results -> | |||
| (if applicable) | (if applicable) | |||
| <- ACK, Close | <- ACK, Close | |||
| Figure 11: Interactions between Measurement Peer and Measurement | Figure 11: Interactions between Measurement Peer and Measurement | |||
| Agent | Agent | |||
| This exchange primarily exposes the IP addresses of measurement | This exchange primarily exposes the IP addresses of measurement | |||
| devices and the inference of measurement participation from such | devices and the inference of measurement participation from such | |||
| traffic. There may be sensitive information on key points in a | traffic. There may be sensitive information on key points in a | |||
| service provider's network included. There may also be access to | service provider's network included. There may also be access to | |||
| measurement-related information of interest such as the Metrics, | measurement-related information of interest such as the Metrics, | |||
| Schedule, and intermediate results carried in the Measurement Traffic | Schedule, and intermediate results carried in the Measurement Traffic | |||
| End of changes. 17 change blocks. | ||||
| 18 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||