University of Duisburg-Essen, Institute for Experimental Mathematics

Ellernstrasse 29 45326 Essen Nordrhein-Westfalen Germany +49-201-1837637 +49-201-1837673 dreibh@iem.uni-due.de http://www.iem.uni-due.de/~dreibh/

Nokia Siemens Networks

Atealaan 32 Herentals 2200 Belgium +32-14-252081 lode.coene@nsn.com

University of Delaware

103 Smith Hall Newark DE 19716 USA +1 302 831 8622 conrad@acm.org

Internet-Draft This document describes the applicability of the Reliable Server Pooling architecture to the IP Flow Information Exchange using the Aggregate Server Access Protocol (ASAP) functionality of RSerPool only. Data exchange in IPFIX between the router and the data collector can be provided by a limited retransmission protocol.

Reliable Server Pooling provides protocols for providing highly available services. The services are located in a pool of redundant servers and if a server fails, another server will take over. The only requirement put on these servers belonging to the pool is that if state is maintained by the server, this state must be transferred to the other server taking over. The goal is to provide server-based redundancy. Transport and network level redundancy are handle by the transport and network layer protcols. The application may choose to distribute its traffic over the servers of the pool conforming to a certain policy. The application wishing to make use of RSerPool protocols may use different transport layers (such as UDP, TCP and SCTP). However, some transport layers may have restrictions build in in the way they might be operating in the RSerPool architecture and its protocols.

The scope of this document is to explain the way that a minimal version of Reliable Server Pooling protocols have to be used in order to provide a highly available service towards IP Flow Information Exchange (IPFIX) protocols.

The terms are commonly identified in related work and can be found in the Aggregate Server Access Protocol and Endpoint Handlespace Redundancy Protocol Common Parameters document

IP flow information is exchanged between observation points and collector points. The observation points may try to find out via the Aggregate Server Access Protocol (ASAP, see ) which collector point(s) are active. Both the observation and the collector point may have limitations for exchanging the information (observation point may have limited buffer space and collectors points may be overburdened with receiving lots of flow information from different observation points). The observation point will query the ENRP server for resolution of a particular collector pool name and the ENRP server will return a list of one or more collector points to the observation point. The observation point will use its own transport protocols (TCP, UDP, SCTP, SCTP with PR-SCTP extension) for exchanging the IPFIX data between the observation point and the collector point. If a collector point would fail, then the observation point will send its data towards a different collector point, belonging to the same collector pool. Collector points will announce themselves to the ENRP server and will be monitored for their availability. The observation point will only query the ENRP server for server pool name resolution.

The exchange of IP flow information data between an observation point and a collection point consists of massive amounts of data. One collection point can service many observation points, therefore transport protocols must do congestion control (example: modifying the receive buffer space, thus reducing the incoming flow of data), so that the collection point is not overburdened by its observation points. Some data must arrive at the collector while other data might arrive (if it gets lost: no problem). The choice of reliable or partial reliable delivery has to be made by the observation point These requirements demand a protocol which provides variable transport reliability of its data: it should be able to chose the reliability by the IPFIX protocols on a a per-message base. SCTP with PR-SCTP extension is the only know protocol which allows the choice of full, partial or unreliable delivery of the message to its peer node. TCP will only allow fully reliable delivery, while UDP only provides unreliable delivery and NO congestion control.

The protocols used in the Reliable Server Pooling architecture only try to increase the availability of the servers in the network. RSerPool protocols do not contain any protocol mechanisms which are directly related to user message authentication, integrity and confidentiality functions. For such features, it depends on the IPSEC protocols or on Transport Layer Security (TLS) protocols for its own security and on the architecture and/or security features of its user protocols. The RSerPool architecture allows the use of different transport protocols for its application and control data exchange. These transport protocols may have mechanisms for reducing the risk of blind denial-of-service attacks and/or masquerade attacks. If such measures are required by the applications, then it is advised to check the SCTP applicability statement RFC2057 for guidance on this issue.

The RSerPool reference implementation RSPLIB can be found at . It supports the functionalities defined by , , , and as well as the options , and . An introduction to this implementation is provided in .

Security considerations for RSerPool systems are described by .

This document introduces no additional considerations for IANA.

The authors wish to thank Maureen Stillman and many others for their invaluable comments.