Extensible Property Maps for the ALTO ProtocolNokia Bell Labs600 Mountain Ave, Rm 3B-324Murray HillNJ07974USA+1-908-582-7974wendy.roome@nokia-bell-labs.comYale University51 Prospect StreetNew HavenCT06511USA+1-203-432-6400yry@cs.yale.edu
Networks
ALTO WGALTO
This document extends the Application-Layer Traffic
Optimization (ALTO) Protocol
by generalizing the concept of "endpoint properties"
to other entity domains, and by presenting those properties
as maps, similar to the network and cost maps in ALTO.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.The ALTO protocol introduced the concept
of "properties" attached to "endpoint addresses,"
and defined the Endpoint Property Service (EPS)
to allow clients to retrieve those properties.
While useful, the EPS, as defined in RFC7285, has at least two limitations.First, it
only allows properties to be associated with a particular domain of entities,
namely individual IP addresses. It is reasonable to think that collections
of endpoints, as defined by CIDRs or PIDs, may also have properties.
Furthermore, recent proposals
(
and )
have suggested new classes of entities with properties.
The EPS cannot be extended to new entity domains.
Instead, new services, with new request and response
messages, would have to be defined for each new entity domain.Second, the EPS is only defined as a POST-mode service.
Clients must request the properties for an explicit set of addresses.
By contrast, defines a GET-mode Cost Map resource
which returns all available costs, so a client can get the full set of costs once,
and then lookup costs without querying the ALTO server.
RFC7285 does not define an equivalent service for endpoint properties.
Granted, it is not be practical to enumerate the properties for every
possible internet address. But it is unlikely a property will be defined
for every possible address. It is very likely that properties will only
be defined for a subset of addresses, and that subset would be small enough
to enumerate. This is particularly true if blocks of addresses with a
common prefix (e.g., a CIDR) have the same value for a property.
Furthermore, entities in other domains may very well be enumerable.This document proposes a new approach to ALTO properties.
Specifically, it defines two new resource types, namely Property Maps and
Filtered Property Maps. The former are GET-mode resources which return
the property values for all entities in a domain, and are analogous the
ALTO's Network Map and Cost Map resources. The latter are POST-mode
resources which return the values for a set of properties and entities
requested by the client, and are analogous to ALTO's Filtered Network
Maps and Filtered Cost Maps.Entity domains and property names are extensible, so that new
domains can be defined without revising the messages defined in this
document, in the same way that new cost metrics and new endpoint
properties can be defined without revising the messages defined
by the ALTO protocol.This proposal would subsume the Endpoint Property Service defined in
RFC7285, although that service may be retained for legacy clients
(see ).An entity is an object with a (possibly empty) set of
properties. Every entity is in a domain, such as the
IPv4 and IPv6 domains, and has a unique address.A domain is a family of entities. Examples are the
internet address and PID domains
(see and ).
Another example is the proposed
domain of Abstract Network Elements associated with topology and
routing, as suggested by .Each entity has a unique name of the form:Examples from the IP domain
include individual addresses
such as "ipv4:192.0.2.14" and "ipv6:2001:db8::12",
as well as address blocks such as
"ipv4:192.0.2.0/26" and "ipv6:2001:db8:1/48".The type EntityAddr denotes
a JSON string with an entity address in this format.The format of the second part of an entity address
depends on the domain,
and must be specified when registering a new domain.
Addresses may be hierarchical, and properties may be inherited
based on that hierarchy. Again, the rules defining any
hierarchy or inheritance must be defined when the
domain is registered.Note that entity addresses do NOT have a unique textual representation.
For example, the strings "ipv6:2001:db8::1" and "ipv6:2001:db8:0:0:0:0:0:1" refer
to the same entity.Each domain has a unique name. A domain name MUST
be no more than 32 characters, and MUST NOT contain characters
other than US-ASCII alphanumeric characters (U+0030-U+0039,
U+0041-U+005A, and U+0061-U+007A), hyphen (’-’, U+002D),
and low line (’_’, U+005F).
For example, the names "ipv4" and "ipv6" identify
objects in the internet address domain ().The type DomainName denotes
a JSON string with a domain name in this format.Domain names must be registered with the IANA,
and the format of the entity addresses
in that domain, as well as any hierarchical or inheritance
rules for those entities, must be specified at the same time.The space of property names associated with entities
defined by this document is the same as,
and is shared with, the endpoint property names
defined by .
Thus entity property names are as defined
in Section 10.8.2 of that document,
and must be registered with the "ALTO Endpoint Property Type Registry"
defined in Section 14.3 of that document.The type PropertyName denotes
a JSON string with a property name in this format.Property names are not specific to a domain, although some properties
may only be applicable for particular domains, and the interpretation
of the value may depend on the domain. For example, suppose
the "geo-location" property is defined as the coordinates of a point,
encoded as (say) "latitude longitude [altitude]."
When applied to an entity that represents a specific host computer,
such as an internet address, the property defines the host's location.
When applied to an entity that represents a set of computers,
such as a CIDR, the property would be the location of the center
of that set. If it is necessary to represent the bounding box
of a set of hosts, another property, such as "geo-region",
should be defined. recognizes that some properties
may be specific to another ALTO resource, such as a network map.
Accordingly defines the concept of
"resource-specific endpoint properties"
(Section 10.8.1), and indicates that dependency
by prefixing the property name with the ID
of the resource on which it depends. That document defines one
resource-specific property, namely the "pid" property,
whose value is the name of the name of the PID containing that endpoint
in the associated network map.This document takes a different approach. Instead of defining the
dependency by qualifying the property name, this document attaches
the dependency to the property map as a whole. Thus all properties
in a given property map depend on the same resource.
Furthermore, entity addresses may depend on a network map
(for example, the Abstract Network Elements suggested by
).
Associating the dependency with the property map
handles any entity address dependencies as well.The "uses" field in an IRD entry defines the dependencies
of a property map resource, and the "dependent-vtags" field
in a property map response defines the dependencies of that map.
These fields are defined in Sections 9.1.5 and 11.1
of , respectively.This is similar to how RFC7285 handles dependencies between
cost metrics and network maps. Recall that cost maps present the
costs between PIDs, and PID names depend on a network map. If an ALTO server
provides the "routingcost" metric for the network maps "net1"
and "net2", then the server defines two separate cost maps,
one for "net1" and the other for "net2".According to , an ALTO server
with two network maps, with resource IDs "net1" and "net2",
could offer a single Endpoint Property Service
for the two properties "net1.pid" and "net2.pid".
Instead, an ALTO server which supports the extensions
in this document would offer two different property maps
for the "pid" property, one depending on "net1",
the other on "net2".This document defines the following entity domains.The domain of internet addresses consists of two domains (IPv4 and IPv6).
Both domains include individual addresses and blocks of addresses.ipv4Individual addresses are strings as specified
by the IPv4Addresses rule of Section 3.2.2 of .
Blocks of addresses are prefix-match strings as specified in Section 3.1
of .For the purpose of defining properties, an individual
internet address and the corresponding full-length
prefix are considered aliases for the same entity. Thus
"ipv4:192.0.2.0" and "ipv4:192.0.2.0/32" are equivalent, and
have the same set of properties, as are "ipv6:2001:db8::"
and "ipv6:2001:db8::/128".ipv6Individual addresses are strings as specified
by Section 4 of .
Blocks of addresses are prefix-match strings as specified in Section 7
of .For the purpose of defining properties, an individual internet address
and the corresponding 128-bit prefix are considered aliases for the same
entity. That is, "ipv6:2001:db8::1" and "ipv:2001:db8::1/128" are equivalent,
and have the same set of properties.Both domains allow property values to be inherited.
Specifically, if a property P is not defined for a specific internet address IP,
but P is defined for some block C which prefix-matches IP,
then the address IP inherits the value of P defined for block C.
If more than one such block defines a value for P,
IP inherits the value of P in the block with the longest prefix.Address blocks can also inherit properties:
if property P is not defined for a block C,
but is defined for some block C' prefix-matches C,
and C' has a shorter mask than C,
then block C inherits the property from C'.
If there are several such blocks C', C inherits
from the block with the longest prefix.As an example, suppose that a server defines the property P
for the following entities:Then the following entities have the indicated values:An internet address domain may or may not be associated
with an ALTO network map resource. Logically, there is a map
of internet address entities to property values
for each network map defined by the ALTO server,
plus an additional property map for internet address entities
which are not associated with a network map.
These maps are separate from each other. The prefixes in the
property map do not have to correspond to the prefixes
defining the network map's PIDs. For example, the property map
for a network map may assign properties to "ipv4:192.0.2.0/24"
even if that prefix is not associated with any PID in the network map.The PID domain associates property values with the PIDs
in a network map. Accordingly, this domain always depends on a network map.pidThe entity addresses are the PID names of the associated network map.There is no hierarchy or inheritance for properties
associated with PIDs.The PID domain and the internet address domains
are completely independent; the properties associated with a PID
have no relation to the properties associated
with the prefixes or endpoint addresses in that PID.
An ALTO server MAY choose to assign some or all properties of a PID
to the prefixes in that PID, but is not required to do so.For example, suppose "PID1" consists of the prefix "ipv4:192.0.2.0/24",
and has the property "P" with value "v1". The internet address
entities "ipv4:192.0.2.0" and "ipv4:192.0.2.0/24"
may or may not have a value for the property "P",
and if they do, it is not necessarily "v1".Because the internet address and PID domains are completely separate,
the question may arise as to which domain is best for a property.
In general, the internet address domain is best
for properties that are closely related
to the internet address, or which are associated with,
and inherited through, blocks of addresses.The PID domain is best for properties that arise from the
definition of the PID, rather than from the internet address prefixes
in that PID.For example, because internet addresses are allocated
to server providers by blocks of prefixes, an "ISP" property
would be best associated with the internet address domain.
On the other hand, a property that explains why a PID
was formed, or how it relates the a provider's network,
would best be associated with the PID domain.A Property Map returns the properties defined
for all entities in one of more domains. gives an example
of a property map request and response.
The media type of an ALTO Property Map resource is
"application/alto-propmap+json".
An ALTO Property Map resource is requested using the HTTP GET method.
None.
The capabilities are defined by an object of type PropertyMapCapabilities:
where "domain-types" is an array with the domains
of the entities in this property map,
and "prop-types" is an array with the names
of the properties returned for entities in those domains.An array with the resource ID(s) of resource(s)
with which the domains in this map are associated.
In most cases, this array will have at most one ID,
and it will be for a network map resource.If the domains in this property map depend on
other resources, the "dependent-vtags" field
in the "meta" field of the response MUST be an array
that includes the version tags of those resources.The data component of a Property Map response
is named "property-map", which is a JSON object
of type PropertyMapData, where:The ResponseEntityBase type is defined
in Section 8.4 of .Specifically, a PropertyMapData object has one member for
each entity in the Property Map. The entity's properties are
encoded in the corresponding EntityProps object. EntityProps
encodes one name/value pair for each property, where the
property names are encoded as strings of type
PropertyName. A protocol implementation SHOULD assume
that the property value is either a JSONString
or a JSON "null" value, and fail to parse if
it is not, unless the implementation is using an extension
to this document that indicates when and how property values
of other data types are signaled.For each entity in the Property Map, the ALTO Server returns the
value defined for each of the properties specified in
this resource's "capabilities" list. For efficiency, the
ALTO Server SHOULD omit property values that are inherited
rather than explicitly defined; if a client needs inherited values,
the client SHOULD use the domain's inheritance rules
to deduce those values.An ALTO Server MAY explicitly define a property as not having
a value for a particular entity.
That is, a server may say that a property is "defined to have no value",
as opposed to the property being "undefined".
If that entity would inherit a value for that property,
then the ALTO server MUST return a "null" value for that property,
and an ALTO client MUST recognize a "null" value means "do not
apply the inheritance rules for this property."
If the entity would not inherit a value, the ALTO server
MAY return "null" or MAY just omit the property.If the ALTO Server does not define any properties for an entity,
then the server MAY omit that entity from the response.A Filtered Property Map returns the values of a set of properties
for a set of entities selected by the client.,
and
give examples of filtered property map requests and responses.
The media type of an ALTO Property Map resource is
"application/alto-propmap+json".
An ALTO Property Map resource is requested using the HTTP POST method.
The input parameters for a Filtered Property Map request are
supplied in the entity body of the POST request. This
document specifies the input parameters with a data format
indicated by the media type
"application/alto-propmapparams+json", which is a JSON
object of type ReqFilteredPropertyMap:
with fields:
List of entity addresses for
which the specified properties are to be returned. The
ALTO server MUST interpret entries appearing multiple
times as if they appeared only once.
The domain of each entity MUST be included
in the list of domains in this resource's "capabilities" field
().List of properties to be
returned for each entity. Each specified property MUST
be included in the list of properties
in this resource's "capabilities" field
(). The ALTO
server MUST interpret entries appearing multiple times as
if they appeared only once.
Note that the "entities" and "properties" fields
MUST have at least one entry each.
The capabilities are defined by an object of type PropertyMapCapabilities,
as defined in .
An array with the resource ID(s) of resource(s)
with which the domains in this map are associated.
In most cases, this array will have at most one ID,
and it will be for a network map resource.
The response is the same as for the property map
(),
except that it only includes the entities and properties
requested by the client.
Also, the Filtered Property Map response MUST include
all inherited property values for the specified entities
(unlike the Full Property Map, the Filtered Property Map response
does not include enough information for the client to calculate
the inherited values).
The property maps defined in this document provide the
same functionality as the Endpoint Property Service (EPS)
defined in Section 11.4 of .
Accordingly, it is RECOMMENDED that the
EPS be deprecated in favor of property maps.
However, ALTO servers MAY provide an EPS
for the benefit of legacy clients.Section 10.8 of defines
two categories of endpoint properties:
"resource-specific" and "global".
Resource-specific property names
are prefixed with the ID of the resource they depended upon,
while global property names have no such prefix.
The property map resources defined in this document
do not distinguish between those two types of properties.
Instead, if there is a dependency, it is indicated by
the "uses" capability of a property map, and is shared
by all properties and entity domains in that map.
Accordingly, it is RECOMMENDED that resource-specific
endpoint properties be deprecated, and no new
resource-specific endpoint properties be defined.Section 7.1.1 of defines
the resource-specific endpoint property "pid",
whose value is the name of the PID containing that endpoint.
For compatibility with legacy clients, an ALTO server which provides
the "pid" property via the Endpoint Property Service
MUST use that definition, and that syntax, in the EPS resource.However, when used with property maps, this document
amends the definition of the "pid" property as follows.First, the name of the property is simply "pid";
the name is not prefixed with the resource ID of a network map.
The "uses" capability of the property map resource
indicates the associated network map. This implies that a property map
can only return the "pid" property for one network map;
if an ALTO server provides several network maps,
it must provide a property map resource for each one.Second, a client MAY request the "pid" property
for a block of addresses. An ALTO server determines
the value of "pid" for an address block C as follows.
Let CS be the set of all address blocks in the network map.
If C is in CS, then the value of "pid" is the name of the PID
associated with C. Otherwise, find the longest block C' in CS
such that C' prefix-matches C, but is shorter than C.
If there is such a block C', the value
of "pid" is the name of the PID associated with C'.
If not, then "pid" has no value for block C.Note that although an ALTO server MAY provide a GET-mode property map
resource which returns the entire map for the "pid" property,
there is no need to do so, because that map is simply the
inverse of the network map.In general, there should be little or no impact on other
previously defined properties. The only consideration
is that properties can now be defined on blocks of addresses,
rather than just individual addresses, which might change
the semantics of a property.The examples in this section use a very simple default network map:The examples in this section use four additional properties,
"ISP", "ASN", "country" and "state",
with the following values:The following IRD defines the relevant resources
of the ALTO server. It provides two Property Map resources,
one for the "ISP" and "ASN" properties,
and another for the "country" and "state" properties.
The server could have provided a Property Map resource
for all four properties, but did not,
presumably because the organization that runs the ALTO server
believes any given client is not interested in all four properties.The server provides two Filtered Property Maps.
The first returns all four properties,
and the second just returns the "pid" property for the default network map.The Property Maps for the "ISP", "ASN", "country" and "state"
properties do not depend on the default network map (they do
not have a "uses" capability), because the definitions
of those properties do not depend on the default network map.
The Filtered Property Map for the "pid" property does
have a "uses" capability for the default network map,
because that defines the values of the "pid" property.Note that for legacy clients, the ALTO server
provides an Endpoint Property Service
for the "pid" property for the default network map.
The following example uses the properties and IRD
defined above to retrieve a property map for entities
with the "ISP" and "ASN" properties. Note that the response
does not include the entity "ipv4:192.0.2.0", because
it does not have a value for either of those properties.
Also note that the entities "ipv4:192.0.2.0/28"
and "ipv4:192.0.2.16/28" are refinements of "ipv4:192.0.2.0/24",
and hence inherit its value for "ISP" property.
But because that value is inherited, it is not
explicitly listed in the property map.
The following example uses the Filtered Property Map resource
to request the "ISP", "ASN" and "state" properties
for several IPv4 addresses. Note that the value of "state" for
"ipv4:192.0.2.0" is the only explicitly defined property;
the other values are all derived by the inheritance rules
for internet address entities.The following example uses the Filtered Property Map resource
to request the "ASN", "country" and "state" properties
for several IPv4 prefixes. Note that none of
the returned property values were explicitly defined;
all values are derived by the inheritance rules
for internet address entities.Also note the "ASN" property has the value "12345"
for both the blocks "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28",
so every address in the block "ipv4:192.0.2.0/27" has that property value.
However the block "ipv4:192.0.2.0/27" itself does not have
a value for "ASN": address blocks cannot inherit properties
from blocks with longer prefixes, even if every such block
has the same value.The following example uses the Filtered Property Map resource
to request the "pid" property for several IPv4 addresses and prefixes.Note that the value of "pid" for the prefix "ipv4:10.0.0.0/15"
is "pid1", even though all addresses in that block
are in "pid2", because "ipv4:10.0.0.0/8" is the longest prefix
in the network map which prefix-matches "ipv4:10.0.0.0/15",
and that prefix is in "pid1".As discussed in Section 15 of ,
properties may have sensitive customer-specific information.
If this is the case, an ALTO Server may limit access
to those properties by providing several
different property maps. For non-sensitive properties,
the ALTO Server would provide a URI which accepts requests from
any client. Sensitive properties, on the other hand, would only
be available via a secure URI which would require client
authentication.Also, while technically this document does not introduce
any security risks not inherent in the Endpoint Property Service
defined by ,
the GET-mode property map resource defined in this document
does make it easier for a client to download
large numbers of property values.
Accordingly, an ALTO Server should limit GET-mode
property maps for to properties which do not contain sensitive data.This document defines additional application/alto-* media types,
and extends the ALTO endpoint property registry.This document registers two additional ALTO media types, listed
in .TypeSubtypeSpecificationapplicationalto-propmap+jsonapplicationalto-propmapparams+jsonapplicationThis documents registers
multiple subtypes, as listed in
.n/an/aEncoding considerations are
identical to those specified for the "application/json" media type. See
.Security considerations relating
to the generation and consumption of ALTO Protocol messages are
discussed in Section 15 of .This document specifies
format of conforming messages and the interpretation thereof.This document is the
specification for these media types; see
for the section documenting each media
type.ALTO servers and
ALTO clients either stand alone or are embedded within other
applications.n/aThis document uses the mime type
to refer to protocol messages and thus does not require a file
extension.n/a
See Authors' Addresses section.COMMONn/aSee Authors' Addresses section.Internet Engineering Task Force (mailto:iesg@ietf.org).This document requests IANA to create and maintain
the "ALTO Entity Domain Registry",
listed in .IdentifierEntity Address EncodingHierarchy & Inheritanceipv4See See ipv6See See pidSee NoneThis registry serves two purposes. First, it ensures uniqueness of
identifiers referring to ALTO entity domains. Second, it states the requirements
for allocated domain names.New ALTO entity domains are assigned after IETF Review
to ensure that
proper documentation regarding the new ALTO entity domains and their
security considerations has been provided.
RFCs defining new entity domains
should indicate how an entity in
a registered domain is encoded as an EntityName,
and, if applicable, the rules defining the entity hierarchy and property inheritance.
Updates and deletions of ALTO entity domains follow the same procedure.Registered ALTO entity domain identifiers MUST conform to the
syntactical requirements specified in
. Identifiers are to be recorded
and displayed as strings.Requests to add a new value to the registry MUST include the following information:
Identifier: The name of the desired ALTO entity domain.Entity Address Encoding: The procedure for encoding
the address of an entity of the registered
type as an EntityAddr (see ).Hierarchy: If the entities form a hierarchy, the procedure for
determining that hierarchy.Inheritance: If entities can inherit property values from other entities,
the procedure for determining that inheritance.Security Considerations: In some usage scenarios, entity addresses carried in
ALTO Protocol messages may reveal information about an ALTO client or an ALTO service
provider. Applications and ALTO service providers using
addresses of the registered type should be made aware of how (or if) the addressing scheme
relates to private information and network proximity.This specification requests registration of the identifiers
"ipv4", "ipv6" and "pid", as shown in .The ALTO Endpoint Property Type Registry
was created by .
If possible, the name of that registry should be changed to
"ALTO Entity Property Type Registry", to indicate that it
is not restricted to Endpoint Properties.
If it is not feasible to change the name,
the description must be amended to indicate
that it registers properties in all domains,
rather than just the internet address domain.Key words for use in RFCs to Indicate Requirement LevelsUniform Resource Identifier (URI): Generic SyntaxClassless Inter-domain Routing (CIDR):
The Internet Address Assignment and Aggregation PlanGuidelines for Writing an IANA Considerations Section in RFCsA Recommendation for IPv6 Address Text RepresentationThe JavaScript Object Notation (JSON) Data Interchange FormatApplication-Layer Traffic Optimization (ALTO) ProtocolALTO Topology Extension: Path Vector as a Cost ModeALTO Topology Extensions: Node-Link Graphs