RFC 5810
Forwarding and Control Element Separation (ForCES) Protocol Specification
9. Security Considerations
The ForCES framework document [RFC3746], Section 8, goes into extensive detail on a variety of security threats, the possible effects of those threats on the protocol, and responses to those threats. This document does not repeat that discussion; the reader is referred to the ForCES framework document [RFC3746] for those details and how the ForCES architecture addresses them. ForCES PL uses security services provided by the ForCES TML. The TML provides security services such as endpoint authentication service, message authentication service, and confidentiality service. Endpoint authentication service is invoked at the time of the pre- association connection establishment phase and message authentication is performed whenever the FE or CE receives a packet from its peer. The following are the general security mechanisms that need to be in place for ForCES PL. o Security mechanisms are session controlled -- that is, once the security is turned on depending upon the chosen security level (No Security, Authentication, Confidentiality), it will be in effect for the entire duration of the session. o An operator should configure the same security policies for both primary and backup FEs and CEs (if available). This will ensure uniform operations and avoid unnecessary complexity in policy configuration.9.1. No Security
When "No Security" is chosen for ForCES protocol communication, both endpoint authentication and message authentication service needs to be performed by ForCES PL. Both these mechanism are weak and do not involve cryptographic operation. An operator can choose "No Security" level when the ForCES protocol endpoints are within a single box, for example. In order to have interoperable and uniform implementation across various security levels, each CE and FE endpoint MUST implement this level. What is described below (in Section 9.1.1 and Section 9.1.2) are error checks and not security procedures. The reader is referred to Section 9.2 for security procedures.
9.1.1. Endpoint Authentication
Each CE and FE PL maintains a list of associations as part of its configuration. This is done via the CEM and FEM interfaces. An FE MUST connect to only those CEs that are configured via the FEM; similarly, a CE should accept the connection and establish associations for the FEs which are configured via the CEM. The CE should validate the FE identifier before accepting the connections during the pre-association phase.9.1.2. Message Authentication
When a CE or FE initiates a message, the receiving endpoint MUST validate the initiator of the message by checking the common header CE or FE identifiers. This will ensure proper protocol functioning. This extra processing step is recommended even when the underlying TML layer security services exist.9.2. ForCES PL and TML Security Service
This section is applicable if an operator wishes to use the TML security services. A ForCES TML MUST support one or more security services such as endpoint authentication service, message authentication service, and confidentiality service, as part of TML security layer functions. It is the responsibility of the operator to select an appropriate security service and configure security policies accordingly. The details of such configuration are outside the scope of the ForCES PL and are dependent on the type of transport protocol and the nature of the connection. All these configurations should be done prior to starting the CE and FE. When certificates-based authentication is being used at the TML, the certificate can use a ForCES-specific naming structure as certificate names and, accordingly, the security policies can be configured at the CE and FE. The reader is asked to refer to specific TML documents for details on the security requirements specific to that TML.9.2.1. Endpoint Authentication Service
When TML security services are enabled, the ForCES TML performs endpoint authentication. Security association is established between CE and FE and is transparent to the ForCES PL.
9.2.2. Message Authentication Service
This is a TML-specific operation and is transparent to the ForCES PL. For details, refer to Section 5.9.2.3. Confidentiality Service
This is a TML-specific operation and is transparent to the ForCES PL. For details, refer to Section 5.10. Acknowledgments
The authors of this document would like to acknowledge and thank the ForCES Working Group and especially the following: Furquan Ansari, Alex Audu, Steven Blake, Shuchi Chawla, Alan DeKok, Ellen M. Deleganes, Xiaoyi Guo, Yunfei Guo, Evangelos Haleplidis, Zsolt Haraszti, Fenggen Jia, John C. Lin, Alistair Munro, Jeff Pickering, T. Sridhlar, Guangming Wang, Chaoping Wu, and Lily L. Yang, for their contributions. We would also like to thank David Putzolu and Patrick Droz for their comments and suggestions on the protocol and for their infinite patience. We would also like to thank Sue Hares and Alia Atlas for extensive reviews of the document. Alia Atlas did a wonderful job of shaping the document to make it more readable by providing the IESG feedback. Ross Callon was instrumental in getting us over major humps to getting this document published. The editors have used the xml2rfc [RFC2629] tools in creating this document and are very grateful for the existence and quality of these tools. The editor is also grateful to Elwyn Davies for his help in correcting the XML source of this document.11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2914] Floyd, S., "Congestion Control Principles", BCP 41, RFC 2914, September 2000. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
[RFC5390] Rosenberg, J., "Requirements for Management of Overload in the Session Initiation Protocol", RFC 5390, December 2008. [RFC5811] Hadi Salim, J. and K. Ogawa, "SCTP-Based Transport Mapping Layer (TML) for the Forwarding and Control Element Separation (ForCES) Protocol", RFC 5811, March 2010. [RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control Element Separation (ForCES) Forwarding Element Model", RFC 5812, March 2010.11.2. Informative References
[2PCREF] Gray, J., "Notes on database operating systems", in "Operating Systems: An Advanced Course" Lecture Notes in Computer Science, Vol. 60, pp. 394-481, Springer-Verlag, 1978. [ACID] Haerder, T. and A. Reuter, "Principles of Transaction- Orientated Database Recovery", 1983. [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. [RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation of IP Control and Forwarding", RFC 3654, November 2003. [RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal, "Forwarding and Control Element Separation (ForCES) Framework", RFC 3746, April 2004.
Appendix A. IANA Considerations
Following the policies outlined in "Guidelines for Writing an IANA Considerations Section in RFCs" (RFC 5226 [RFC5226]), the following namespaces are defined in ForCES. o Message Type Namespace, Section 7 o Operation Type Namespace, Section 7.1.6 o Header Flags, Section 6.1 o TLV Type, Section 7 o TLV Result Values, Section 7.1.7 o LFB Class ID, Section 7.1.5 (resolved by model document, [RFC5812]. o Result: Association Setup Response, Section 7.5.2 o Reason: Association Teardown Message, Section 7.5.3A.1. Message Type Namespace
The Message Type is an 8-bit value. The following is the guideline for defining the Message Type namespace: Message Types 0x00 - 0x1F Message Types in this range are part of the base ForCES protocol. Message Types in this range are allocated through an IETF consensus action [RFC5226]. Values assigned by this specification: 0x00 Reserved 0x01 AssociationSetup 0x02 AssociationTeardown 0x03 Config 0x04 Query 0x05 EventNotification 0x06 PacketRedirect 0x07 - 0x0E Reserved 0x0F Hearbeat 0x11 AssociationSetupResponse 0x12 Reserved 0x13 ConfigResponse 0x14 QueryResponse
Message Types 0x20 - 0x7F
Message Types in this range are Specification Required [RFC5226].
Message Types using this range MUST be documented in an RFC or
other permanent and readily available reference.
Message Types 0x80 - 0xFF
Message Types in this range are reserved for vendor private
extensions and are the responsibility of individual vendors. IANA
management of this range of the Message Type namespace is
unnecessary.
A.2. Operation Selection
The Operation Selection (OPER-TLV) namespace is 16 bits long. The
following is the guideline for managing the OPER-TLV namespace.
OPER-TLV Type 0x0000-0x0FF
OPER-TLV Types in this range are allocated through an IETF
consensus process [RFC5226].
Values assigned by this specification:
0x0000 Reserved
0x0001 SET
0x0002 SET-PROP
0x0003 SET-RESPONSE
0x0004 SET-PROP-RESPONSE
0x0005 DEL
0x0006 DEL-RESPONSE
0x0007 GET
0x0008 GET-PROP
0x0009 GET-RESPONSE
0x000A GET-PROP-RESPONSE
0x000B REPORT
0x000C COMMIT
0x000D COMMIT-RESPONSE
0x000E TRCOMP
OPER-TLV Type 0x0100-0x7FFF
OPER-TLV Types using this range MUST be documented in an RFC or
other permanent and readily available reference [RFC5226].
OPER-TLV Type 0x8000-0xFFFF
OPER-TLV Types in this range are reserved for vendor private
extensions and are the responsibility of individual vendors. IANA
management of this range of the OPER-TLV Type namespace is
unnecessary.
A.3. Header Flags
The Header flag field is 32 bits long. Header flags are part of the ForCES base protocol. Header flags are allocated through an IETF consensus action [RFC5226].A.4. TLV Type Namespace
The TLV Type namespace is 16 bits long. The following is the guideline for managing the TLV Type namespace. TLV Type 0x0000-0x01FF TLV Types in this range are allocated through an IETF consensus process [RFC5226]. Values assigned by this specification: 0x0000 Reserved 0x0001 REDIRECT-TLV 0x0010 ASResult-TLV 0x0011 ASTreason-TLV 0x1000 LFBselect-TLV 0x0110 PATH-DATA-TLV 0x0111 KEYINFO-TLV 0x0112 FULLDATA-TLV 0x0113 SPARSEDATA-TLV 0x0114 RESULT-TLV 0x0115 METADATA-TLV 0x0116 REDIRECTDATA-TLV TLV Type 0x0200-0x7FFF TLV Types using this range MUST be documented in an RFC or other permanent and readily available reference [RFC5226]. TLV Type 0x8000-0xFFFF TLV Types in this range are reserved for vendor private extensions and are the responsibility of individual vendors. IANA management of this range of the TLV Type namespace is unnecessary.
A.5. RESULT-TLV Result Values
The RESULT-TLV RTesult Value is an 8-bit value. 0x00 E_SUCCESS 0x01 E_INVALID_HEADER 0x02 E_LENGTH_MISMATCH 0x03 E_VERSION_MISMATCH 0x04 E_INVALID_DESTINATION_PID 0x05 E_LFB_UNKNOWN 0x06 E_LFB_NOT_FOUND 0x07 E_LFB_INSTANCE_ID_NOT_FOUND 0x08 E_INVALID_PATH 0x09 E_COMPONENT_DOES_NOT_EXIST 0x0A E_EXISTS 0x0B E_NOT_FOUND 0x0C E_READ_ONLY 0x0D E_INVALID_ARRAY_CREATION 0x0E E_VALUE_OUT_OF_RANGE 0x0F E_CONTENTS_TOO_LONG 0x10 E_INVALID_PARAMETERS 0x11 E_INVALID_MESSAGE_TYPE 0x12 E_E_INVALID_FLAGS 0x13 E_INVALID_TLV 0x14 E_EVENT_ERROR 0x15 E_NOT_SUPPORTED 0x16 E_MEMORY_ERROR 0x17 E_INTERNAL_ERROR 0x18-0xFE Reserved 0xFF E_UNSPECIFIED_ERROR All values not assigned in this specification are designated as Assignment by Expert Review.A.6. Association Setup Response
The Association Setup Response namespace is 32 bits long. The following is the guideline for managing the Association Setup Response namespace. Association Setup Response 0x0000-0x00FF Association Setup Responses in this range are allocated through an IETF consensus process [RFC5226].
Values assigned by this specification:
0x0000 Success
0x0001 FE ID Invalid
0x0002 Permission Denied
Association Setup Response 0x0100-0x0FFF
Association Setup Responses in this range are Specification
Required [RFC5226]. Values using this range MUST be documented in
an RFC or other permanent and readily available reference
[RFC5226].
Association Setup Response 0x1000-0xFFFF
Association Setup Responses in this range are reserved for vendor
private extensions and are the responsibility of individual
vendors. IANA management of this range of the Association Setup
Response namespace is unnecessary.
A.7. Association Teardown Message
The Association Teardown Message namespace is 32 bits long. The
following is the guideline for managing the Association Teardown
Message namespace.
Association Teardown Message 0x00000000-0x0000FFFF
Association Teardown Messages in this range are allocated through
an IETF consensus process [RFC5226].
Values assigned by this specification:
0x00000000 Normal - teardown by administrator
0x00000001 Error - loss of heartbeats
0x00000002 Error - loss of bandwidth
0x00000003 Error - out of Memory
0x00000004 Error - application crash
0x000000FF Error - unspecified
Association Teardown Message 0x00010000-0x7FFFFFFF
Association Teardown Messages in this range are Specification
Required [RFC5226]. Association Teardown Messages using this
range MUST be documented in an RFC or other permanent and readily
available references. [RFC5226].
Association Teardown Message 0x80000000-0xFFFFFFFFF
Association Teardown Messages in this range are reserved for
vendor private extensions and are the responsibility of individual
vendors. IANA management of this range of the Association
Teardown Message namespace is unnecessary.
Appendix B. ForCES Protocol LFB Schema
The schema described below conforms to the LFB schema described in
the ForCES model [RFC5812].
Section 7.3.1 describes the details of the different components
defined in this definition.
<LFBLibrary xmlns="urn:ietf:params:xml:ns:forces:lfbmodel:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
provides="FEPO">
<!-- XXX -->
<dataTypeDefs>
<dataTypeDef>
<name>CEHBPolicyValues</name>
<synopsis>
The possible values of CE heartbeat policy
</synopsis>
<atomic>
<baseType>uchar</baseType>
<specialValues>
<specialValue value="0">
<name>CEHBPolicy0</name>
<synopsis>
The CE heartbeat policy 0
</synopsis>
</specialValue>
<specialValue value="1">
<name>CEHBPolicy1</name>
<synopsis>
The CE heartbeat policy 1
</synopsis>
</specialValue>
</specialValues>
</atomic>
</dataTypeDef>
<dataTypeDef>
<name>FEHBPolicyValues</name>
<synopsis>
The possible values of FE heartbeat policy
</synopsis>
<atomic>
<baseType>uchar</baseType>
<specialValues>
<specialValue value="0">
<name>FEHBPolicy0</name>
<synopsis>
The FE heartbeat policy 0
</synopsis>
</specialValue>
<specialValue value="1">
<name>FEHBPolicy1</name>
<synopsis>
The FE heartbeat policy 1
</synopsis>
</specialValue>
</specialValues>
</atomic>
</dataTypeDef>
<dataTypeDef>
<name>FERestartPolicyValues</name>
<synopsis>
The possible values of FE restart policy
</synopsis>
<atomic>
<baseType>uchar</baseType>
<specialValues>
<specialValue value="0">
<name>FERestartPolicy0</name>
<synopsis>
The FE restart policy 0
</synopsis>
</specialValue>
</specialValues>
</atomic>
</dataTypeDef>
<dataTypeDef>
<name>CEFailoverPolicyValues</name>
<synopsis>
The possible values of CE failover policy
</synopsis>
<atomic>
<baseType>uchar</baseType>
<specialValues>
<specialValue value="0">
<name>CEFailoverPolicy0</name>
<synopsis>
The CE failover policy 0
</synopsis>
</specialValue>
<specialValue value="1">
<name>CEFailoverPolicy1</name>
<synopsis>
The CE failover policy 1
</synopsis>
</specialValue>
</specialValues>
</atomic>
</dataTypeDef>
<dataTypeDef>
<name>FEHACapab</name>
<synopsis>
The supported HA features
</synopsis>
<atomic>
<baseType>uchar</baseType>
<specialValues>
<specialValue value="0">
<name>GracefullRestart</name>
<synopsis>
The FE supports Graceful Restart
</synopsis>
</specialValue>
<specialValue value="1">
<name>HA</name>
<synopsis>
The FE supports HA
</synopsis>
</specialValue>
</specialValues>
</atomic>
</dataTypeDef>
</dataTypeDefs>
<LFBClassDefs>
<LFBClassDef LFBClassID="2">
<name>FEPO</name>
<synopsis>
The FE Protocol Object
</synopsis>
<version>1.0</version>
<components>
<component componentID="1" access="read-only">
<name>CurrentRunningVersion</name>
<synopsis>Currently running ForCES version</synopsis>
<typeRef>uchar</typeRef>
</component>
<component componentID="2" access="read-only">
<name>FEID</name>
<synopsis>Unicast FEID</synopsis>
<typeRef>uint32</typeRef>
</component>
<component componentID="3" access="read-write">
<name>MulticastFEIDs</name>
<synopsis>
the table of all multicast IDs
</synopsis>
<array type="variable-size">
<typeRef>uint32</typeRef>
</array>
</component>
<component componentID="4" access="read-write">
<name>CEHBPolicy</name>
<synopsis>
The CE Heartbeat Policy
</synopsis>
<typeRef>CEHBPolicyValues</typeRef>
</component>
<component componentID="5" access="read-write">
<name>CEHDI</name>
<synopsis>
The CE Heartbeat Dead Interval in millisecs
</synopsis>
<typeRef>uint32</typeRef>
</component>
<component componentID="6" access="read-write">
<name>FEHBPolicy</name>
<synopsis>
The FE Heartbeat Policy
</synopsis>
<typeRef>FEHBPolicyValues</typeRef>
</component>
<component componentID="7" access="read-write">
<name>FEHI</name>
<synopsis>
The FE Heartbeat Interval in millisecs
</synopsis>
<typeRef>uint32</typeRef>
</component>
<component componentID="8" access="read-write">
<name>CEID</name>
<synopsis>
The Primary CE this FE is associated with
</synopsis>
<typeRef>uint32</typeRef>
</component>
<component componentID="9" access="read-write">
<name>BackupCEs</name>
<synopsis>
The table of all backup CEs other than the primary
</synopsis>
<array type="variable-size">
<typeRef>uint32</typeRef>
</array>
</component>
<component componentID="10" access="read-write">
<name>CEFailoverPolicy</name>
<synopsis>
The CE Failover Policy
</synopsis>
<typeRef>CEFailoverPolicyValues</typeRef>
</component>
<component componentID="11" access="read-write">
<name>CEFTI</name>
<synopsis>
The CE Failover Timeout Interval in millisecs
</synopsis>
<typeRef>uint32</typeRef>
</component>
<component componentID="12" access="read-write">
<name>FERestartPolicy</name>
<synopsis>
The FE Restart Policy
</synopsis>
<typeRef>FERestartPolicyValues</typeRef>
</component>
<component componentID="13" access="read-write">
<name>LastCEID</name>
<synopsis>
The Primary CE this FE was last associated with
</synopsis>
<typeRef>uint32</typeRef>
</component>
</components>
<capabilities>
<capability componentID="30">
<name>SupportableVersions</name>
<synopsis>
the table of ForCES versions that FE supports
</synopsis>
<array type="variable-size">
<typeRef>uchar</typeRef>
</array>
</capability>
<capability componentID="31">
<name>HACapabilities</name>
<synopsis>
the table of HA capabilities the FE supports
</synopsis>
<array type="variable-size">
<typeRef>FEHACapab</typeRef>
</array>
</capability>
</capabilities>
<events baseID="61">
<event eventID="1">
<name>PrimaryCEDown</name>
<synopsis>
The pimary CE has changed
</synopsis>
<eventTarget>
<eventField>LastCEID</eventField>
</eventTarget>
<eventChanged/>
<eventReports>
<eventReport>
<eventField>LastCEID</eventField>
</eventReport>
</eventReports>
</event>
</events>
</LFBClassDef>
</LFBClassDefs>
</LFBLibrary>
B.1. Capabilities
Supportable Versions enumerates all ForCES versions that an FE supports. FEHACapab enumerates the HA capabilities of the FE. If the FE is not capable of graceful restarts or HA, then it will not be able to participate in HA as described in Section 8.1.B.2. Components
All components are explained in Section 7.3.1.
Appendix C. Data Encoding Examples
In this section a few examples of data encoding are discussed. These example, however, do not show any padding. ========== Example 1: ========== Structure with three fixed-lengthof, mandatory fields. struct S { uint16 a uint16 b uint16 c } (a) Describing all fields using SPARSEDATA-TLV PATH-DATA-TLV Path to an instance of S ... SPARSEDATA-TLV ComponentIDof(a), lengthof(a), valueof(a) ComponentIDof(b), lengthof(b), valueof(b) ComponentIDof(c), lengthof(c), valueof(c) (b) Describing a subset of fields PATH-DATA-TLV Path to an instance of S ... SPARSEDATA-TLV ComponentIDof(a), lengthof(a), valueof(a) ComponentIDof(c), lengthof(c), valueof(c) Note: Even though there are non-optional components in structure S, since one can uniquely identify components, one can selectively send components of structure S (e.g., in the case of an update from CE to FE). (c) Describing all fields using a FULLDATA-TLV PATH-DATA-TLV Path to an instance of S ... FULLDATA-TLV valueof(a) valueof(b) valueof(c)
==========
Example 2:
==========
Structure with three fixed-lengthof fields, one mandatory, two
optional.
struct T {
uint16 a
uint16 b (optional)
uint16 c (optional)
}
This example is identical to example 1, as illustrated below.
(a) Describing all fields using SPARSEDATA-TLV
PATH-DATA-TLV
Path to an instance of S ...
SPARSEDATA-TLV
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(b), lengthof(b), valueof(b)
ComponentIDof(c), lengthof(c), valueof(c)
(b) Describing a subset of fields using SPARSEDATA-TLV
PATH-DATA-TLV
Path to an instance of S ...
SPARSEDATA-TLV
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(c), lengthof(c), valueof(c)
(c) Describing all fields using a FULLDATA-TLV
PATH-DATA-TLV
Path to an instance of S ...
FULLDATA-TLV
valueof(a)
valueof(b)
valueof(c)
Note: FULLDATA-TLV _cannot_ be used unless all fields are being
described.
==========
Example 3:
==========
Structure with a mix of fixed-lengthof and variable-lengthof fields,
some mandatory, some optional. Note in this case, b is variable
sized.
struct U {
uint16 a
string b (optional)
uint16 c (optional)
}
(a) Describing all fields using SPARSEDATA-TLV
Path to an instance of U ...
SPARSEDATA-TLV
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(b), lengthof(b), valueof(b)
ComponentIDof(c), lengthof(c), valueof(c)
(b) Describing a subset of fields using SPARSEDATA-TLV
Path to an instance of U ...
SPARSEDATA-TLV
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(c), lengthof(c), valueof(c)
(c) Describing all fields using FULLDATA-TLV
Path to an instance of U ...
FULLDATA-TLV
valueof(a)
FULLDATA-TLV
valueof(b)
valueof(c)
Note: The variable-length field requires the addition of a FULLDATA-
TLV within the outer FULLDATA-TLV as in the case of component b
above.
==========
Example 4:
==========
Structure containing an array of another structure type.
struct V {
uint32 x
uint32 y
struct U z[]
}
(a) Encoding using SPARSEDATA-TLV, with two instances of z[], also
described with SPARSEDATA-TLV, assuming only the 10th and 15th
subscripts of z[] are encoded.
path to instance of V ...
SPARSEDATA-TLV
ComponentIDof(x), lengthof(x), valueof(x)
ComponentIDof(y), lengthof(y), valueof(y)
ComponentIDof(z), lengthof(all below)
ComponentID = 10 (i.e index 10 from z[]), lengthof(all below)
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(b), lengthof(b), valueof(b)
ComponentID = 15 (index 15 from z[]), lengthof(all below)
ComponentIDof(a), lengthof(a), valueof(a)
ComponentIDof(c), lengthof(c), valueof(c)
Note the holes in the components of z (10 followed by 15). Also note
the gap in index 15 with only components a and c appearing but not b.
Appendix D. Use Cases
Assume LFB with the following components for the following use cases. foo1, type u32, ID = 1 foo2, type u32, ID = 2 table1: type array, ID = 3 components are: t1, type u32, ID = 1 t2, type u32, ID = 2 // index into table2 KEY: nhkey, ID = 1, V = t2 table2: type array, ID = 4 components are: j1, type u32, ID = 1 j2, type u32, ID = 2 KEY: akey, ID = 1, V = { j1,j2 } table3: type array, ID = 5 components are: someid, type u32, ID = 1 name, type string variable sized, ID = 2 table4: type array, ID = 6 components are: j1, type u32, ID = 1 j2, type u32, ID = 2 j3, type u32, ID = 3 j4, type u32, ID = 4 KEY: mykey, ID = 1, V = { j1} table5: type array, ID = 7 components are: p1, type u32, ID = 1 p2, type array, ID = 2, array components of type-X Type-X: x1, ID 1, type u32 x2, ID2 , type u32 KEY: tkey, ID = 1, V = { x1} All examples will use valueof(x) to indicate the value of the referenced component x. In the case where F_SEL** are missing (bits equal to 00) then the flags will not show any selection.
All the examples only show use of FULLDATA-TLV for data encoding; although SPARSEDATA-TLV would make more sense in certain occasions, the emphasis is on showing the message layout. Refer to Appendix C for examples that show usage of both FULLDATA-TLV and SPARSEDATA-TLV. 1. To get foo1 OPER = GET-TLV PATH-DATA-TLV: IDCount = 1, IDs = 1 Result: OPER = GET-RESPONSE-TLV PATH-DATA-TLV: flags=0, IDCount = 1, IDs = 1 FULLDATA-TLV L = 4+4, V = valueof(foo1) 2. To set foo2 to 10 OPER = SET-TLV PATH-DATA-TLV: flags = 0, IDCount = 1, IDs = 2 FULLDATA-TLV: L = 4+4, V=10 Result: OPER = SET-RESPONSE-TLV PATH-DATA-TLV: flags = 0, IDCount = 1, IDs = 2 RESULT-TLV 3. To dump table2 OPER = GET-TLV PATH-DATA-TLV: IDCount = 1, IDs = 4 Result: OPER = GET-RESPONSE-TLV PATH-DATA-TLV: flags = 0, IDCount = 1, IDs = 4 FULLDATA-TLV: L = XXX, V= a series of: index, valueof(j1), valueof(j2) representing the entire table Note: One should be able to take a GET-RESPONSE-TLV and convert it to a SET-TLV. If the result in the above example is sent back in a SET-TLV (instead of a GET-RESPONSE_TLV), then the entire contents of the table will be replaced at that point.
4. Multiple operations example. To create entry 0-5 of table2
(Error conditions are ignored)
OPER = SET-TLV
PATH-DATA-TLV:
flags = 0 , IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
FULLDATA-TLV valueof(j1), valueof(j2) of entry 0
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV valueof(j1), valueof(j2) of entry 1
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV valueof(j1), valueof(j2) of entry 2
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV valueof(j1), valueof(j2) of entry 3
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 4
FULLDATA-TLV valueof(j1), valueof(j2) of entry 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
FULLDATA-TLV valueof(j1), valueof(j2) of entry 5
Result:
OPER = SET-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0 , IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 4
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
RESULT-TLV
5. Block operations (with holes) example. Replace entry 0,2 of
table2.
OPER = SET-TLV
PATH-DATA-TLV:
flags = 0 , IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
FULLDATA-TLV containing valueof(j1), valueof(j2) of 0
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV containing valueof(j1), valueof(j2) of 2
Result:
OPER = SET-TLV
PATH-DATA-TLV:
flags = 0 , IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
6. Getting rows example. Get first entry of table2.
OPER = GET-TLV
PATH-DATA-TLV:
IDCount = 2, IDs = 4.0
Result:
OPER = GET-RESPONSE-TLV
PATH-DATA-TLV:
IDCount = 2, IDs = 4.0
FULLDATA-TLV containing valueof(j1), valueof(j2)
7. Get entry 0-5 of table2.
OPER = GET-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
Result:
OPER = GET-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 1, IDs = 4
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 0
FULLDATA-TLV containing valueof(j1), valueof(j2)
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV containing valueof(j1), valueof(j2)
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV containing valueof(j1), valueof(j2)
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV containing valueof(j1), valueof(j2)
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 4
FULLDATA-TLV containing valueof(j1), valueof(j2)
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
FULLDATA-TLV containing valueof(j1), valueof(j2)
8. Create a row in table2, index 5.
OPER = SET-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 2, IDs = 4.5
FULLDATA-TLV containing valueof(j1), valueof(j2)
Result:
OPER = SET-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 1, IDs = 4.5
RESULT-TLV
9. Dump contents of table1.
OPER = GET-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 1, IDs = 3
Result:
OPER = GET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX
(depending on size of table1)
index, valueof(t1),valueof(t2)
index, valueof(t1),valueof(t2)
.
.
.
10. Using keys. Get row entry from table4 where j1=100. Recall, j1
is a defined key for this table and its KeyID is 1.
OPER = GET-TLV
PATH-DATA-TLV:
flags = F_SELKEY IDCount = 1, IDs = 6
KEYINFO-TLV = KeyID=1, KEY_DATA=100
Result:
If j1=100 was at index 10
OPER = GET-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0, IDCount = 1, IDs = 6.10
FULLDATA-TLV containing
valueof(j1), valueof(j2),valueof(j3),valueof(j4)
11. Delete row with KEY match (j1=100, j2=200) in table2. Note that
the j1,j2 pair is a defined key for the table2.
OPER = DEL-TLV
PATH-DATA-TLV:
flags = F_SELKEY IDCount = 1, IDs = 4
KEYINFO-TLV: {KeyID =1 KEY_DATA=100,200}
Result:
If (j1=100, j2=200) was at entry 15:
OPER = DELETE-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0 IDCount = 2, IDs = 4.15
RESULT-TLV
12. Dump contents of table3. It should be noted that this table has
a column with a component name that is variable sized. The
purpose of this use case is to show how such a component is to
be encoded.
OPER = GET-TLV
PATH-DATA-TLV:
flags = 0 IDCount = 1, IDs = 5
Result:
OPER = GET-RESPONSE-TLV
PATH-DATA-TLV:
flags = 0 IDCount = 1, IDs = 5
FULLDATA-TLV, Length = XXXX
index, someidv, TLV: T=FULLDATA-TLV, L = 4+strlen(namev),
V = valueof(v)
index, someidv, TLV: T=FULLDATA-TLV, L = 4+strlen(namev),
V = valueof(v)
index, someidv, TLV: T=FULLDATA-TLV, L = 4+strlen(namev),
V = valueof(v)
index, someidv, TLV: T=FULLDATA-TLV, L = 4+strlen(namev),
V = valueof(v)
.
.
.
13. Multiple atomic operations.
Note 1: This emulates adding a new nexthop entry and then
atomically updating the L3 entries pointing to an old NH to
point to a new one. The assumption is that both tables are
in the same LFB.
Note: Observe the two operations on the LFB instance; both are
SET operations.
//Operation 1: Add a new entry to table2 index #20.
OPER = SET-TLV
Path-TLV:
flags = 0, IDCount = 2, IDs = 4.20
FULLDATA-TLV, V= valueof(j1),valueof(j2)
// Operation 2: Update table1 entry which
// was pointing with t2 = 10 to now point to 20
OPER = SET-TLV
PATH-DATA-TLV:
flags = F_SELKEY, IDCount = 1, IDs = 3
KEYINFO-TLV = KeyID=1 KEY_DATA=10
PATH-DATA-TLV
flags = 0 IDCount = 1, IDs = 2
FULLDATA-TLV, V= 20
Result:
//first operation, SET
OPER = SET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0 IDCount = 3, IDs = 4.20
RESULT-TLV code = success
FULLDATA-TLV, V = valueof(j1),valueof(j2)
// second operation SET - assuming entry 16 was updated
OPER = SET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0 IDCount = 2, IDs = 3.16
PATH-DATA-TLV
flags = 0 IDCount = 1, IDs = 2
RESULT-TLV code = success
FULLDATA-TLV, Length = XXXX v=20
14. Selective setting. On table4 -- for indices 1, 3, 5, 7, and 9.
Replace j1 to 100, j2 to 200, j3 to 300. Leave j4 as is.
PER = SET-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 6
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV, Length = XXXX, V = {100}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV, Length = XXXX, V = {200}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX, V = {300}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV, Length = XXXX, V = {100}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV, Length = XXXX, V = {200}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX, V = {300}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV, Length = XXXX, V = {100}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV, Length = XXXX, V = {200}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX, V = {300}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 7
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV, Length = XXXX, V = {100}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV, Length = XXXX, V = {200}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX, V = {300}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 9
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
FULLDATA-TLV, Length = XXXX, V = {100}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
FULLDATA-TLV, Length = XXXX, V = {200}
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
FULLDATA-TLV, Length = XXXX, V = {300}
response:
OPER = SET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 6
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 5
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 7
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 9
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 1
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 2
RESULT-TLV
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs = 3
RESULT-TLV
15. Manipulation of table of table examples. Get x1 from table10
row with index 4, inside table5 entry 10.
operation = GET-TLV
PATH-DATA-TLV
flags = 0 IDCount = 5, IDs=7.10.2.4.1
Results:
operation = GET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0 IDCount = 5, IDs=7.10.2.4.1
FULLDATA-TLV: L=XXXX, V = valueof(x1)
16. From table5's row 10 table10, get X2s based on the value of x1
equaling 10 (recall x1 is KeyID 1).
operation = GET-TLV
PATH-DATA-TLV
flag = F_SELKEY, IDCount=3, IDS = 7.10.2
KEYINFO-TLV, KeyID = 1, KEYDATA = 10
PATH-DATA-TLV
IDCount = 1, IDS = 2 //select x2
Results:
If x1=10 was at entry 11:
operation = GET-RESPONSE-TLV
PATH-DATA-TLV
flag = 0, IDCount=5, IDS = 7.10.2.11
PATH-DATA-TLV
flags = 0 IDCount = 1, IDS = 2
FULLDATA-TLV: L=XXXX, V = valueof(x2)
17. Further example of manipulating a table of tables
Consider table6, which is defined as:
table6: type array, ID = 8
components are:
p1, type u32, ID = 1
p2, type array, ID = 2, array components of type type-A
type-A:
a1, type u32, ID 1,
a2, type array ID2 ,array components of type type-B
type-B:
b1, type u32, ID 1
b2, type u32, ID 2
If for example one wanted to set by replacing:
table6.10.p1 to 111
table6.10.p2.20.a1 to 222
table6.10.p2.20.a2.30.b1 to 333
in one message and one operation.
There are two ways to do this:
a) using nesting
b) using a flat path data
A. Method using nesting
in one message with a single operation
operation = SET-TLV
PATH-DATA-TLV
flags = 0 IDCount = 2, IDs=6.10
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs=1
FULLDATA-TLV: L=XXXX,
V = {111}
PATH-DATA-TLV
flags = 0 IDCount = 2, IDs=2.20
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs=1
FULLDATA-TLV: L=XXXX,
V = {222}
PATH-DATA-TLV :
flags = 0, IDCount = 3, IDs=2.30.1
FULLDATA-TLV: L=XXXX,
V = {333}
Result:
operation = SET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0 IDCount = 2, IDs=6.10
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs=1
RESULT-TLV
PATH-DATA-TLV
flags = 0 IDCount = 2, IDs=2.20
PATH-DATA-TLV
flags = 0, IDCount = 1, IDs=1
RESULT-TLV
PATH-DATA-TLV :
flags = 0, IDCount = 3, IDs=2.30.1
RESULT-TLV
B. Method using a flat path data in
one message with a single operation
operation = SET-TLV
PATH-DATA-TLV :
flags = 0, IDCount = 3, IDs=6.10.1
FULLDATA-TLV: L=XXXX,
V = {111}
PATH-DATA-TLV :
flags = 0, IDCount = 5, IDs=6.10.1.20.1
FULLDATA-TLV: L=XXXX,
V = {222}
PATH-DATA-TLV :
flags = 0, IDCount = 7, IDs=6.10.1.20.1.30.1
FULLDATA-TLV: L=XXXX,
V = {333}
Result:
operation = SET-TLV
PATH-DATA-TLV :
flags = 0, IDCount = 3, IDs=6.10.1
RESULT-TLV
PATH-DATA-TLV :
flags = 0, IDCount = 5, IDs=6.10.1.20.1
RESULT-TLV
PATH-DATA-TLV :
flags = 0, IDCount = 7, IDs=6.10.1.20.1.30.1
RESULT-TLV
18. Get a whole LFB (all its components, etc.).
For example: At startup a CE might well want the entire FE
Object LFB. So, in a request targeted at class 1, instance
1, one might find:
operation = GET-TLV
PATH-DATA-TLV
flags = 0 IDCount = 0
result:
operation = GET-RESPONSE-TLV
PATH-DATA-TLV
flags = 0 IDCount = 0
FULLDATA-TLV encoding of the FE Object LFB
Authors' Addresses
Avri Doria (editor) Lulea University of Technology Rainbow Way Lulea SE-971 87 Sweden Phone: +46 73 277 1788 EMail: avri@ltu.se Jamal Hadi Salim (editor) Znyx Ottawa, Ontario Canada Phone: EMail: hadi@mojatatu.com Robert Haas (editor) IBM Saumerstrasse 4 8803 Ruschlikon Switzerland Phone: EMail: rha@zurich.ibm.com Hormuzd M Khosravi (editor) Intel 2111 NE 25th Avenue Hillsboro, OR 97124 USA Phone: +1 503 264 0334 EMail: hormuzd.m.khosravi@intel.com
Weiming Wang (editor) Zhejiang Gongshang University 18, Xuezheng Str., Xiasha University Town Hangzhou 310018 P.R. China Phone: +86-571-28877721 EMail: wmwang@zjgsu.edu.cn Ligang Dong Zhejiang Gongshang University 18, Xuezheng Str., Xiasha University Town Hangzhou 310018 P.R. China Phone: +86-571-28877751 EMail: donglg@zjgsu.edu.cn Ram Gopal Nokia 5, Wayside Road Burlington, MA 310035 USA Phone: +1-781-993-3685 EMail: ram.gopal@nsn.com Joel Halpern P.O. Box 6049 Leesburg, VA 20178 USA Phone: +1-703-371-3043 EMail: jmh@joelhalpern.com