Presentation is loading. Please wait.

Presentation is loading. Please wait.

Diff Serv and QoS Support in Microsoft Hosts Peter S. Ford NANOG, 8 June 1998.

Published byFrancine Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Diff Serv and QoS Support in Microsoft Hosts Peter S. Ford NANOG, 8 June 1998."— Presentation transcript:

1 Diff Serv and QoS Support in Microsoft Hosts Peter S. Ford peterf@microsoft.com NANOG, 8 June 1998

2 NANOG, 8 June 1998 Slide 2 Agenda Why QoS? Why QoS? Role of Hosts in providing QoS Role of Hosts in providing QoS Microsoft NT QoS Components Microsoft NT QoS Components

3 NANOG, 8 June 1998 Slide 3 Diff Serv WG Observation “100s of Bald Men arguing over 8 Combs” - An Internet Wag “100s of Bald Men arguing over 8 Combs” - An Internet Wag

4 NANOG, 8 June 1998 Slide 4 What Needs QoS? VPNs over the Internet VPNs over the Internet  High value traffic - branch offices and telecommuters  Easy to do with static config of filter lists  Current focus of Industry Buzz Applications sensitive to packet loss Applications sensitive to packet loss  SAP, SQL, RPC, SNA, DEC LAT, …  Web “RPC” - HTTP get  Audio over RTP/UDP - Voice over IP  Many of these are harder to do with static configurations based on layer 3 filters

5 NANOG, 8 June 1998 Slide 5 Hosts and QoS QoS, Diff Serv, etc. enhance carriage of application bits over the network QoS, Diff Serv, etc. enhance carriage of application bits over the network In many cases only the hosts/apps have knowledge of QoS needs In many cases only the hosts/apps have knowledge of QoS needs  Certain web pages have priority  ports are not enough to classify traffic  End to end IP security  there are no ports to look at Hosts have an important role in the evolving QoS landscape Hosts have an important role in the evolving QoS landscape

6 NANOG, 8 June 1998 Slide 6 Managing Resource Allocation In The Network Current IP networks are “Best Effort” (BE) - Standby Model w/in-flight bumping Current IP networks are “Best Effort” (BE) - Standby Model w/in-flight bumping “QoS Enabled Networks” - Network Resources allocated btw BE and “more important” traffic (e.g. queue, priority, bandwidth, etc.) “QoS Enabled Networks” - Network Resources allocated btw BE and “more important” traffic (e.g. queue, priority, bandwidth, etc.) Hosts signal network and request resource for entitled users/applications subject to Network Admission Control Hosts signal network and request resource for entitled users/applications subject to Network Admission Control Net Admins Authorize and Prioritize access to resources based on user application Net Admins Authorize and Prioritize access to resources based on user application

7 NANOG, 8 June 1998 Slide 7 QoS Mechanisms Exploited Precedence/Priority Precedence/Priority  IP TOS/Precedence bits (layer 3)  tracking where differentiated services ends up...  IEEE 802.1p (layer2) Application Flows can be isolated, prioritized and scheduled by the Stack Application Flows can be isolated, prioritized and scheduled by the Stack Signaling into Network (RSVP, ATM) Signaling into Network (RSVP, ATM) Network Admins configure QoS Policy on hosts and in the network Network Admins configure QoS Policy on hosts and in the network

8 NANOG, 8 June 1998 Slide 8 QoS-aware application QoS SP TCP/IP Packet Scheduler Netcards Network mgmt. application WinSock2 QoS API API TCI API Packet classifier ACS/SBM Microsoft QoS Components Directory Services for QoS Policy Storage LDAP for Policies Routers/Switches

9 NANOG, 8 June 1998 Slide 9 Trafficcontrol FTPNetmeeting ACS RSVP PATH 1 Mbps controlled load \\redmond\userx Check\\redmond\userx DS Router RSVP ISP w/Diff Serv Prio=5 Prio=1 802.1pPriority Receiver DS based QoS Networking Packets Rescheduled

10 NANOG, 8 June 1998 Slide 10 Microsoft QoS Components Microsoft QoS Components WinSock 2 Generic QoS API WinSock 2 Generic QoS API  Allows applications to request the QoS they need, regardless of the underlying mechanisms (RSVP, IP Priority,...) QoS Signaling - End System to Network QoS Signaling - End System to Network  Explicit - RSVP with Policy Objects (e.g. user id)  integrated with IPSEC  Implicit - IP Diff Serv /IEEE 802.1p Traffic Control API w/Kernel Stack Support Traffic Control API w/Kernel Stack Support  Kernel based queueing of traffic flows  IP, IEEE 802.1P precedence/priority Admission Control Service Admission Control Service  QoS Directory Console for Network Admins  In network policy enforcement  Also adds L2 shared media management

11 NANOG, 8 June 1998 Slide 11 ACS Management Model Network Admin Administers QoS Policies in the Directory Service Network Admin Administers QoS Policies in the Directory Service  User Object is extended to permit a mapping from a User to a Group Profile  e.g. Redmond\Bob -> Programmers  Default policies at Organization Level  “All users can reserve up to 500 Kbps”  “Programmers get 100 Kbps”  Enterprise-wide User, Profile policies  Per Subnetwork Policies  Individual Users and Group Profiles

12 NANOG, 8 June 1998 Slide 12 ACS Policy Operation Host RSVP service provider inserts RSVP policy objects in RSVP messages Host RSVP service provider inserts RSVP policy objects in RSVP messages  Contains User Identity represented as an encrypted DN {dc=com, dc=microsoft, ou=redmond, n=bob}Ksession  Security token to prove identity (kerberos ticket for ACS service)  Ticket encrypted in private key of ACS service  Session Key (Ksession) is in Ticket  Digital signature over RSVP message to avoid policy object reuse (cut and paste) ACS servers in network authorize requests ACS servers in network authorize requests  Crack ticket to get identity of requestor  Check User’s Policy in the Directory

13 NANOG, 8 June 1998 Slide 13 In Summary Need many pieces of QoS picture to satisfy customer requirements Need many pieces of QoS picture to satisfy customer requirements  Diff Serv for ISPs and large networks  Fine grain policy control  Centralized management for QoS Policies  both Diff Serv and RSVP signaled flows  Use of Directory services RSVP may prove useful in many ways RSVP may prove useful in many ways  Internal provisioning of QoS - PASTE (Li and Rehkter)  Customer to ISP - dynamic signaling instead of the desert of pre- provisioning

14 NANOG, 8 June 1998 Slide 14 Admission Control Services Policy Functionality Admission Control Servers Admission Control Servers  part of RSVP process on a network server (NT, switch, router, etc.)  implements RSVP and SBM  ACS takes requests and tests against policy and/or resource limits Hosts can use RSVP signaling Hosts can use RSVP signaling  Hosts on LANs also participate in SBM Policies are maintained in the Directory (DS) Policies are maintained in the Directory (DS)  ACS uses LDAP to retrieve Policy Information from DS  ACS Policy is per subnetwork/per user  Can be abstracted to “per Enterprise/Per Group”  Enables approval/denial of resources based on user ID, time of day, resource limits (bandwidth, priority,...), etc. Can Aggregate requests into priority groups at ISP/WAN interfaces Can Aggregate requests into priority groups at ISP/WAN interfaces  can “re-write” user id to corp id at ISP boundaries

15 NANOG, 8 June 1998 Slide 15 Extensibility of ACS Policy Framework Can add new policy objects to RSVP messages Can add new policy objects to RSVP messages Can add new policy interpretation modules to ACS servers Can add new policy interpretation modules to ACS servers  API to call out to policy module Can extend ACS policy objects in the Directory Can extend ACS policy objects in the Directory End Systems can pull policy down from Directory to configure QoS End Systems can pull policy down from Directory to configure QoS

16 NANOG, 8 June 1998 Slide 16 Barriers to Deploying QoS Customers: Customers:  Worried about  Priority Starvation  all apps will signal high priority thereby negating priority’s utility  Under Utilization (static pre-allocations go unused)  Want to audit and potentially bill for resource usage  Evolving policies of usage Lack of Easy to Administer Policy Based Control is a barrier Lack of Easy to Administer Policy Based Control is a barrier

17 NANOG, 8 June 1998 Slide 17 Picture of AUTH_METHOD Policy Object Policy Element of type AUTH_DATA Length, Policy_DATA, 1 Data Offset, Flags, 0 //Option List Len, p-type=AUTH_DATA Len, a-type=AUTH_METHOD KERBEROS Len, a-type=USER_CRED Len, a-type=USER_DN_ENCRYPT Len, a-type=DIGITAL_SIGNATURE

18 NANOG, 8 June 1998 Slide 18 QoS Road Map

19 NANOG, 8 June 1998 Slide 19 Directory Schema for ACS Schema for Policies Schema for Policies  Direction, Time_of_Day, MaxTokenRatePerFlow, MaxPeakBandwidthPerFlow, Duration, ServiceType, TotalNumberOfFlows, Priority, PermissionBits Schema Schema  Users  Profiles  Subnets  Config  Users  Default_User  UFO  Profiles

20 NANOG, 8 June 1998 Slide 20 RSVP ACS using Kerberos Host RSVP Speaker ACS subnet26 2) RSVP Path/Resv <RSVP parameters, ID = {dc=com, dc=microsoft, ou=redmond, u=bob}SessionKey, Ticket(ACS Service, redmond\bob, Session Key)> 3) ACS checks ticket. 4) If okay looks up redmond\bob in DS 6) if RSVP request is within limits then process else signal error back to Host KDC 1) Get ticket for ACS for redmond\bob DS 5) ACS lookup using LDAP as ACS service for container \\acs\subnet26\users\redmond\bob and retrieve ACS profile such as peak rate and aggregate limits 0) User logged In (has KerberosTGT)

Download ppt "Diff Serv and QoS Support in Microsoft Hosts Peter S. Ford NANOG, 8 June 1998."

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.

Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
RSVP/Diffserv Yoram Bernet - Microsoft Raj Yavatkar - Intel.

RSVP/Diffserv Yoram Bernet - Microsoft Raj Yavatkar - Intel.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
CS640: Introduction to Computer Networks Aditya Akella Lecture 20 – QoS.

CS640: Introduction to Computer Networks Aditya Akella Lecture 20 – QoS.
CSE 30264 Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.

CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Multimedia over DSL By Phil Moy. May 14, 2015 2 Agenda n DSL Forum Working Text 80 - Multiservice Architecture & Framework Requirements n DSL Forum Working.

Multimedia over DSL By Phil Moy. May 14, Agenda n DSL Forum Working Text 80 - Multiservice Architecture & Framework Requirements n DSL Forum Working.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.

Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.
ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.

ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.
CS 672 1 Summer 2003 Lecture 8. CS 672 2 Summer 2003 Populating LFIB with LDP Assigned/Learned Labels Changes in the LFIB may be triggered routing or.

CS Summer 2003 Lecture 8. CS Summer 2003 Populating LFIB with LDP Assigned/Learned Labels Changes in the LFIB may be triggered routing or.
1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.

1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.
The Role of the Host in Supporting the Full Service QoS Enabled Network Yoram Bernet, Microsoft.

The Role of the Host in Supporting the Full Service QoS Enabled Network Yoram Bernet, Microsoft.

Similar presentations

Ads by Google