410 likes | 558 Vues
COPS Common Open Policy Service. Vemuri Namratha Kandaswamy Balasubramanian Venreddy Nireesha. COPS. Introduction Architecture Models Operations Applications Event flows, message formats Issues Questions. Introduction.
 
                
                E N D
COPSCommon Open Policy Service Vemuri Namratha Kandaswamy Balasubramanian Venreddy Nireesha
COPS • Introduction • Architecture • Models • Operations • Applications • Event flows, message formats • Issues • Questions
Introduction COPS is a simple query and response protocol, used to exchange information between PDP and PEP PDP : Policy Enforcement Point Routers PDP : Policy Decision Point Servers containing policy statements
What are Policies • The Basic regulations negotiated for ensuring Qos to the users. • Like allocation of Resources, Priorities and hierarchal authorization.etc
COPS • Client and Server model. • Allocation of resources to desired priorities of services. • COPS with RSVP • Uses TCP as transport protocol for message passing.
ARCHITECTURE Human network manager Policy COPS Policy editor PEP Mgmt Tool Policy console PDP COPS PEP PEP COPS Policy repository
PURPOSE • COPS allows the router (PEP) to communicate with PDP about the allocation of requested resources for different kinds of traffic • Admission control: Sees if there are enough resources to satisfy the request • Policy control: Whether the request should be considered. Considers priority.
Client Types COPS-PR "COPS Usage for Policy Provisioning" is the protocol that is used when policy decisions are "pushed" from the PDP to PEPs. In this provisioning model PDP can send policy decisions to PEPs without having specific request from PEP.
COPS_RSVP "COPS Usage for RSVP" is the protocol that is used when policy decision is "pulled" from PDP. When an RSVP message requiring a policy decision is received by PEP the relevant RSVP objects from the message are put into a COPS Request message, which is sent to PDP. The PDP determines what to do with RSVP message and sends a COPS Decision message back to the PEP,
Outsourcing: • The PEP always explicitly asks the PDP for a given amount of resources • Flexibility and Efficiency • Resource allocation requests are properly aggregated • Aggregate state information is kept in PDP/BB
Provisioning model • More scalable • Inflexibility : difficult to handle modification of configuration. • Not explicitly customized to handle dynamic QoS
COPS The way it works.. • PEP is responsible for initiating a persistent TCP connection to a PDP. • The PEP uses this TCP connection to send requests • Communication between the PEP and remote PDP is mainly a request/decision exchange. • Sometimes unsolicited decision
PEP’S Responsibilities • The PEP has to report to the PDP about successful enforcement of the decision. • The PEP is responsible for notifying the PDP when a request state has changed. • In simple words….it needs to keep things synchronized i.e keep the PDP informed. • And also local policy decision via its Local Policy Decision Point (LPDP)
Messages/Requests/Decisions • request states • the type of request • previously installed requests • policy decisions • error reports • client information.
The Context of Request • The context of each request corresponds to the type of event that triggered it . • COPS identifies three types of events: (1) the arrival of an incoming message (2) allocation of local resources (3) the forwarding of an outgoing message.
Message Format • Each COPS message consists of the COPS header followed by a number of typed objects.
The fields in the header are: • Version: 4 bits COPS version number. Current version is 1. • Flags: 0x1 Solicited Message Flag Bit 0 otherwise. • Op Code: 8 bits (Explained in next slide). • Client-type: 16 bits • Message Length: 32 bits
Op Code: 8 bits The COPS operations: • 1 = Request (REQ) • 2 = Decision (DEC) • 3 = Report State (RPT) • 4 = Delete Request State (DRQ) • 5 = Synchronize State Req (SSQ) • 6 = Client-Open (OPN) • 7 = Client-Accept (CAT) • 8 = Client-Close (CC) • 9 = Keep-Alive (KA) • 10= Synchronize Complete (SSC)
Better Explained with an application • IP-Telephony VOIP • We need to assure Qos to the users. Now lets look at the message flow.
MESSAGE FLOWS • Client Open (CO) PEP->PDP • Client Accept (CA) PEP->PDP • Client Close (CC) PEP<->PDP • Request (REQ) PEP->PDP • Decision (DEC) PDP->PEP • Report State (RPT) PEP->PDP • Synchronize State Request (SSQ) PDP->PEP • Synchronize State Complete (SSC) PEP->PDP • Keep Alive (KA) PEP<->PDP
CALL FLOW EXPLAINED • PDPAgent: The functional unit which supports PDP threads. • PDPThread:Currently Excuted PDP program, on the state of execution • COSPIntf: COPS and OSP interface • OSP: Open Settlement Protocol
Issues related to COPS • Scalability issues in heterogenous networks • PDP only control limited number of PEP devices within a domain • Inter vendor COPS compatibility is less. • Not directly transferable among PDPs • No load sharing and balancing mechanisms at PDP
Good Thing??! About COPS • According to RFC 2748 and net archives. • So far No vulnerability has been listed. • There have been claims for Denial of Service attacks….but no authenticate reports.
Extension to COPS protocol • COPS-ODRA is a Outsourcing Differentiated Resource Allocation • COPS-DRA is Differentiated Resource Allocation
COPS-ODRA • ODRA stands for Outsourcing Diffserv Resource Allocation . • Dynamic Admission Control and resource Management in a Differentiated Services network. • COPS ODRA protocol is used on interface between the Edge Router and the admission / policy control server
COPS vs COPS-ODRA: COPS • allocation made by the PEP based on local resources, the PDP is in charge to authorize or deny. • specific for RSVP COPS-ODRA • resource allocation refers to domain-wide resources . • PDP is in control of these resources • This allows Dynamic Allocation.
COPS-DRA • COPS DRA (Diffserv Resource Allocation) • Dynamic Admission Just like ODRA but has additional flexibility. (Explained later) • COPS DRA protocol is also used on interface between the Edge Router and the admission / policy control server.
Important Use of COPS-DRA • COPS has two different models 1. Outsourcing 2. Provisioning • COPS-DRA can exploit both the models easily and can be set to follow either way. While ODRA is specifically meant for Outsourcing model.
Questions • Where is the policy configuration information stored and maintained? • (Explanations about Policy server, Policy repositoty and network administrator). • What is the protocol used in conjunction with which COPS outsources the policy decisions from a router to the server? (Explanation about COPS and RSVP) • What is meant by ‘State-sharing’ in COPS? • As long as PDP and PEP are connected,TCP messages are being sent, no other process can make changes to PEP configuration.
REFERENCES • http://www.ietf.org/proceedings/99mar/slides/rap-cops-99mar/sld002.htm • http://www.coritel.it/publications/IP_download/icc2001.pdf • http://www.coritel.it/projects/cops-bb/Download/cops-dra-2.PDF • http://www.coritel.it/projects/cops-bb/Download/draft-salsano-issll-cops-odra-00.txt