Network Working Group U. Bodin Internet-Draft Operax Expires: December 21, 2006 A. Doria LTU June 19, 2006 Requirement for the addition of Auditing Functionality to Diameter draft-bodin-dime-auditing-reqs-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 21, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Diameter is being increasingly included in the work of other standards organizations and has become a key protocol in many architectures. One of the uses of Diameter includes setting and maintaining hard state. Often there is a need to query for information on active sessions for backup or synchronization purposes. Bodin & Doria Expires December 21, 2006 [Page 1] Internet-Draft Auditing with Diameter June 2006 1. Terminology and Conventions The key words MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 2. Auditing as a requirement Diameter has been widely adopted as a base protocol for different interfaces of next generation network (NGN) architectures developed by 3GPP, ETSI TISPAN and the ITU-T. Some of these interfaces are used to support hard state as well as to support soft state. For example, in the ETSI TISPAN NGN architecture the service policy decision function (SPDF) offers a Diameter based interface facing application functions over which they can issue resource reservation requests for various media flows. Such an application function can, e.g., be a SIP based soft-switch or a portal for media streaming. The interface between the SPDF and applications functions must support both hard and soft state. Two use cases would benefit from an auditing function; failover, with and without and replication. 2.1. In the case of failover without replication In cases where hard state is used over a Diameter interface in an environment where nodes have backups in case of failure, client nodes need a mechanism to audit their server for active sessions. That is, in case a Diameter client node crashes, its backup needs to audit the server node for active sessions. Otherwise the backup node cannot know which states are active and can't terminate them when they are no longer needed. 2.1.1. In the case of failover with replication A Diameter client, server, or both may replicate session state information over several database instances at different nodes to facilitate seamless node failovers. Replication of data over several database instances are often done asynchronously to keep response times low. That is, with asynchronous replication a Diameter server can answer immediately to a client request instead of waiting for data to be properly replicated before answering. When using hard state Diameter clients and their server face the risk of getting out of sync after a failover. As a consequence of asynchronous replication, session state requested and established in a Diameter server node may not have been properly replicated before the server crashes and is seamlessly replaced by its backup (e.g. through IP takeover or SCTP multi-homing). The Bodin & Doria Expires December 21, 2006 [Page 2] Internet-Draft Auditing with Diameter June 2006 server may, however, have responded to the request before crashing. The Diameter client could, therefore, record that lost (hard) session state is still active in the server when it is not. On the other hand, in case the client is terminating an active session and the server fails in replicating the state removal before crashing the backup server node will maintain a hard session state of which the client is unaware and which is invalid. These cases show that an auditing mechanism is needed to support hard state whenever session information is replicated for resilience purposes. It is also clear that the auditing mechanisms needs to be symmetrical in order to support both the client auditing for session information in the server and the server auditing the client. These cases also show that auditing mechanisms need to support both queries for a list of active sessions and specific queries for detailed session information kept by the queried node (i.e. either the client or the server node). 3. Proposal In keeping with the charter goal of updating Diameter in support with its current uses, the DIME WG is requested to add support of a two step approach to its list of work items. After the requirements have been discussed, updated and verified as being of interest to enough of the participants, the DIME WG is then requested to make the necessary changes to the base protocol to support auditing functionality. It is also suggested the DIME WG coordinate with other SDOs, especially those who have integrated Diameter into their architectures, in establishing the auditing functionality requirements. 3.1. Existing work A two step approach to retrieving state information was recommended by draft-calhoun-diameter-res-mgmt-08.txt [id-res-mgmt] which was last updated in 2002. If the requirements are accepted by the WG it is recommended that this might be good starting point for work on adding auditing to Diameter. 4. References 4.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Bodin & Doria Expires December 21, 2006 [Page 3] Internet-Draft Auditing with Diameter June 2006 4.2. Informational References [id-res-mgmt] Pat, P., "Diameter - Resource Management Extensions", 2001. Appendix A. IANA considerations None at this time. Bodin & Doria Expires December 21, 2006 [Page 4] Internet-Draft Auditing with Diameter June 2006 Authors' Addresses Ulf Bodin Operax Lulea S-977 75 Sweden Email: Ulf.Bodin@operax.com URI: www.operax.com Avri Doria LTU Providence 02906 USA Email: avri@acm.org URI: psg.com/~avri Bodin & Doria Expires December 21, 2006 [Page 5] Internet-Draft Auditing with Diameter June 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Bodin & Doria Expires December 21, 2006 [Page 6]