COPS Common Open Policy Service Vemuri Namratha Kandaswamy Balasubramanian Venreddy Nireesha

COPS Introduction Introduction Architecture Architecture Models Models Operations Operations Applications Applications Event flows, message formats Event flows, message formats Issues Issues Questions Questions

Introduction COPS is a simple query and response protocol, used to exchange information between PDP and PEP COPS is a simple query and response protocol, used to exchange information between PDP and PEP PDP : Policy Enforcement Point PDP : Policy Enforcement Point Routers Routers PDP : Policy Decision Point PDP : Policy Decision Point Servers containing policy statements Servers containing policy statements

What are Policies The Basic regulations negotiated for ensuring Qos to the users. The Basic regulations negotiated for ensuring Qos to the users. Like allocation of Resources, Priorities and hierarchal authorization.etc Like allocation of Resources, Priorities and hierarchal authorization.etc

COPS Client and Server model. Client and Server model. Allocation of resources to desired priorities of services. Allocation of resources to desired priorities of services. COPS with RSVP COPS with RSVP Uses TCP as transport protocol for message passing. Uses TCP as transport protocol for message passing.

ARCHITECTURE Policy Mgmt Tool PEP PDP COPS Human network manager Policy console Policy editor Policy repository

PURPOSE COPS allows the router (PEP) to communicate with PDP about the allocation of requested resources for different kinds of traffic COPS allows the router (PEP) to communicate with PDP about the allocation of requested resources for different kinds of traffic Admission control: Sees if there are enough resources to satisfy the request Admission control: Sees if there are enough resources to satisfy the request Policy control: Whether the request should be considered. Considers priority. Policy control: Whether the request should be considered. Considers priority.

Client Types COPS-PR "COPS Usage for Policy Provisioning" is the protocol that is used when policy decisions are "pushed" from the PDP to PEPs. In this provisioning model PDP can send policy decisions to PEPs without having specific request from PEP.

COPS_RSVP COPS_RSVP "COPS Usage for RSVP" is the protocol that is used when policy decision is "pulled" from PDP. When an RSVP message requiring a policy decision is received by PEP the relevant RSVP objects from the message are put into a COPS Request message, which is sent to PDP. The PDP determines what to do with RSVP message and sends a COPS Decision message back to the PEP,

MODELS

Outsourcing: The PEP always explicitly asks the PDP for a given amount of resources The PEP always explicitly asks the PDP for a given amount of resources Flexibility and Efficiency Flexibility and Efficiency Resource allocation requests are properly aggregated Resource allocation requests are properly aggregated Aggregate state information is kept in PDP/BB Aggregate state information is kept in PDP/BB

Provisioning model More scalable More scalable Inflexibility : difficult to handle modification of configuration. Inflexibility : difficult to handle modification of configuration. Not explicitly customized to handle dynamic QoS Not explicitly customized to handle dynamic QoS

COPS The way it works.. PEP is responsible for initiating a persistent TCP connection to a PDP. PEP is responsible for initiating a persistent TCP connection to a PDP. The PEP uses this TCP connection to send requests The PEP uses this TCP connection to send requests Communication between the PEP and remote PDP is mainly a request/decision exchange. Communication between the PEP and remote PDP is mainly a request/decision exchange. Sometimes unsolicited decision Sometimes unsolicited decision

PEP’S Responsibilities The PEP has to report to the PDP about successful enforcement of the decision. The PEP has to report to the PDP about successful enforcement of the decision. The PEP is responsible for notifying the PDP when a request state has changed. The PEP is responsible for notifying the PDP when a request state has changed. In simple words….it needs to keep things synchronized i.e keep the PDP informed. In simple words….it needs to keep things synchronized i.e keep the PDP informed. And also local policy decision via its Local Policy Decision Point (LPDP) And also local policy decision via its Local Policy Decision Point (LPDP)

Messages/Requests/Decisions request states request states the type of request the type of request previously installed requests previously installed requests policy decisions policy decisions error reports error reports client information. client information.

The Context of Request The context of each request corresponds to the type of event that triggered it. The context of each request corresponds to the type of event that triggered it. COPS identifies three types of events: COPS identifies three types of events: (1) the arrival of an incoming message (2) allocation of local resources (3) the forwarding of an outgoing message.

Message Format Each COPS message consists of the COPS header followed by a number of typed objects. Each COPS message consists of the COPS header followed by a number of typed objects.

The fields in the header are: Version: 4 bits COPS version number. Current version is 1. Version: 4 bits COPS version number. Current version is 1. Flags: 0x1 Solicited Message Flag Bit 0 otherwise. Flags: 0x1 Solicited Message Flag Bit 0 otherwise. Op Code: 8 bits (Explained in next slide). Op Code: 8 bits (Explained in next slide). Client-type: 16 bits Client-type: 16 bits Message Length: 32 bits Message Length: 32 bits

Op Code: 8 bits The COPS operations: 1 = Request (REQ) 1 = Request (REQ) 2 = Decision (DEC) 2 = Decision (DEC) 3 = Report State (RPT) 3 = Report State (RPT) 4 = Delete Request State (DRQ) 4 = Delete Request State (DRQ) 5 = Synchronize State Req (SSQ) 5 = Synchronize State Req (SSQ) 6 = Client-Open (OPN) 6 = Client-Open (OPN) 7 = Client-Accept (CAT) 7 = Client-Accept (CAT) 8 = Client-Close (CC) 8 = Client-Close (CC) 9 = Keep-Alive (KA) 9 = Keep-Alive (KA) 10= Synchronize Complete (SSC) 10= Synchronize Complete (SSC)

Better Explained with an application IP-Telephony VOIP IP-Telephony VOIP We need to assure Qos to the users. We need to assure Qos to the users. Now lets look at the message flow.

APPLICATION (IP-TELEPHONY)

MESSAGE FLOW

MESSAGE FLOWS Client Open (CO) PEP->PDP Client Open (CO) PEP->PDP Client Accept (CA) PEP->PDP Client Accept (CA) PEP->PDP Client Close (CC) PEP PDP Client Close (CC) PEP PDP Request (REQ) PEP->PDP Request (REQ) PEP->PDP Decision (DEC) PDP->PEP Decision (DEC) PDP->PEP Report State (RPT) PEP->PDP Report State (RPT) PEP->PDP Synchronize State Request (SSQ) PDP->PEP Synchronize State Request (SSQ) PDP->PEP Synchronize State Complete (SSC) PEP->PDP Synchronize State Complete (SSC) PEP->PDP Keep Alive (KA) PEP PDP Keep Alive (KA) PEP PDP

EVENT FLOW

CALL FLOW EXPLAINED PDPAgent: The functional unit which supports PDP threads. PDPAgent: The functional unit which supports PDP threads. PDPThread:Currently Excuted PDP program, on the state of execution PDPThread:Currently Excuted PDP program, on the state of execution COSPIntf: COPS and OSP interface COSPIntf: COPS and OSP interface OSP: Open Settlement Protocol OSP: Open Settlement Protocol

STATE DIAGRAM

Issues and Extensions

Issues related to COPS Scalability issues in heterogenous networks Scalability issues in heterogenous networks PDP only control limited number of PEP devices within a domain PDP only control limited number of PEP devices within a domain Inter vendor COPS compatibility is less. Inter vendor COPS compatibility is less. Not directly transferable among PDPs Not directly transferable among PDPs No load sharing and balancing mechanisms at PDP No load sharing and balancing mechanisms at PDP

Good Thing??! About COPS According to RFC 2748 and net archives. According to RFC 2748 and net archives. So far No vulnerability has been listed. So far No vulnerability has been listed. There have been claims for Denial of Service attacks….but no authenticate reports. There have been claims for Denial of Service attacks….but no authenticate reports.

Extension to COPS protocol COPS-ODRA is a Outsourcing Differentiated Resource Allocation COPS-ODRA is a Outsourcing Differentiated Resource Allocation COPS-DRA is Differentiated Resource Allocation COPS-DRA is Differentiated Resource Allocation

COPS-ODRA ODRA stands for Outsourcing Diffserv Resource Allocation. ODRA stands for Outsourcing Diffserv Resource Allocation. Dynamic Admission Control and resource Management in a Differentiated Services network. Dynamic Admission Control and resource Management in a Differentiated Services network. COPS ODRA protocol is used on interface between the Edge Router and the admission / policy control server COPS ODRA protocol is used on interface between the Edge Router and the admission / policy control server

COPS vs COPS-ODRA: COPS allocation made by the PEP based on local resources, the PDP is in charge to authorize or deny. specific for RSVP COPS-ODRA resource allocation refers to domain-wide resources. PDP is in control of these resources This allows Dynamic Allocation.

COPS-DRA COPS DRA (Diffserv Resource Allocation) COPS DRA (Diffserv Resource Allocation) Dynamic Admission Just like ODRA but has additional flexibility. (Explained later) Dynamic Admission Just like ODRA but has additional flexibility. (Explained later) COPS DRA protocol is also used on interface between the Edge Router and the admission / policy control server. COPS DRA protocol is also used on interface between the Edge Router and the admission / policy control server.

COPS-DRA Architecture

Important Use of COPS-DRA COPS has two different models COPS has two different models 1. Outsourcing 1. Outsourcing 2. Provisioning 2. Provisioning COPS-DRA can exploit both the models easily and can be set to follow either way. COPS-DRA can exploit both the models easily and can be set to follow either way. While ODRA is specifically meant for Outsourcing model. While ODRA is specifically meant for Outsourcing model.

Questions 1. Where is the policy configuration information stored and maintained? (Explanations about Policy server, Policy repositoty and network administrator). (Explanations about Policy server, Policy repositoty and network administrator). 2. What is the protocol used in conjunction with which COPS outsources the policy decisions from a router to the server? (Explanation about COPS and RSVP) (Explanation about COPS and RSVP) 3. What is meant by ‘State-sharing’ in COPS? As long as PDP and PEP are connected,TCP messages are being sent, no other process can make changes to PEP configuration. As long as PDP and PEP are connected,TCP messages are being sent, no other process can make changes to PEP configuration.

REFERENCES -cops-99mar/sld002.htm -cops-99mar/sld002.htm -cops-99mar/sld002.htm -cops-99mar/sld002.htm pdf pdf pdf pdf bb/Download/cops-dra-2.PDF bb/Download/cops-dra-2.PDF bb/Download/cops-dra-2.PDF bb/Download/cops-dra-2.PDF bb/Download/draft-salsano-issll-cops-odra-00.txt bb/Download/draft-salsano-issll-cops-odra-00.txt bb/Download/draft-salsano-issll-cops-odra-00.txt bb/Download/draft-salsano-issll-cops-odra-00.txt

QUESTIONS? QUESTIONS?

THANKYOU