summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc7975.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc7975.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc7975.txt')
-rw-r--r--doc/rfc/rfc7975.txt1963
1 files changed, 1963 insertions, 0 deletions
diff --git a/doc/rfc/rfc7975.txt b/doc/rfc/rfc7975.txt
new file mode 100644
index 0000000..b450474
--- /dev/null
+++ b/doc/rfc/rfc7975.txt
@@ -0,0 +1,1963 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) B. Niven-Jenkins, Ed.
+Request for Comments: 7975 Nokia
+Category: Standards Track R. van Brandenburg, Ed.
+ISSN: 2070-1721 TNO
+ October 2016
+
+
+ Request Routing Redirection Interface for
+ Content Delivery Network (CDN) Interconnection
+
+Abstract
+
+ The Request Routing interface comprises (1) the asynchronous
+ advertisement of footprint and capabilities by a downstream Content
+ Delivery Network (CDN) that allows an upstream CDN to decide whether
+ to redirect particular user requests to that downstream CDN; and (2)
+ the synchronous operation of an upstream CDN requesting whether a
+ downstream CDN is prepared to accept a user request and of a
+ downstream CDN responding with how to actually redirect the user
+ request. This document describes an interface for the latter part,
+ i.e., the CDNI Request Routing Redirection interface.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 7841.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc7975.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 1]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+Copyright Notice
+
+ Copyright (c) 2016 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3. Interface Function and Operation Overview . . . . . . . . . . 4
+ 4. HTTP-Based Interface for the Redirection Interface . . . . . 6
+ 4.1. Information Passed in RI Requests and Responses . . . . . 8
+ 4.2. JSON Encoding of RI Requests and Responses . . . . . . . 9
+ 4.3. MIME Media Types Used by the RI Interface . . . . . . . . 11
+ 4.4. DNS Redirection . . . . . . . . . . . . . . . . . . . . . 12
+ 4.4.1. DNS Redirection Requests . . . . . . . . . . . . . . 12
+ 4.4.2. DNS Redirection Responses . . . . . . . . . . . . . . 14
+ 4.5. HTTP Redirection . . . . . . . . . . . . . . . . . . . . 17
+ 4.5.1. HTTP Redirection Requests . . . . . . . . . . . . . . 17
+ 4.5.2. HTTP Redirection Responses . . . . . . . . . . . . . 19
+ 4.6. Cacheability and Scope of Responses . . . . . . . . . . . 22
+ 4.7. Error Responses . . . . . . . . . . . . . . . . . . . . . 24
+ 4.8. Loop Detection and Prevention . . . . . . . . . . . . . . 28
+ 5. Security Considerations . . . . . . . . . . . . . . . . . . . 29
+ 5.1. Authentication, Authorization, Confidentiality, and
+ Integrity Protection . . . . . . . . . . . . . . . . . . 29
+ 5.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 30
+ 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
+ 6.1. CDNI Payload Type Parameter Registrations . . . . . . . . 31
+ 6.1.1. CDNI RI Redirection Request Payload Type . . . . . . 31
+ 6.1.2. CDNI RI Redirection Response Payload Type . . . . . . 31
+ 6.2. RI Error Response Registry . . . . . . . . . . . . . . . 31
+ 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 32
+ 7.1. Normative References . . . . . . . . . . . . . . . . . . 32
+ 7.2. Informative References . . . . . . . . . . . . . . . . . 34
+ Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 34
+ Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 35
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 2]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+1. Introduction
+
+ A Content Delivery Network (CDN) is a system built on an existing IP
+ network that is used for large-scale content delivery, via
+ prefetching or dynamically caching content on its distributed
+ surrogates (caching servers). [RFC6707] describes the problem area
+ of interconnecting CDNs.
+
+ The CDNI Request Routing interface outlined in [RFC7336] is comprised
+ of:
+
+ 1. The asynchronous advertisement of footprint and capabilities by a
+ downstream CDN (dCDN) that allows an upstream CDN (uCDN) to
+ decide whether to redirect particular user requests to that dCDN.
+
+ 2. The synchronous operation of a uCDN requesting whether a dCDN is
+ prepared to accept a user request and of a dCDN responding with
+ how to actually redirect the user request.
+
+ This document describes an interface for the latter part, i.e., the
+ CDNI Request Routing Redirection interface (RI).
+
+2. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+ This document reuses the terminology defined in [RFC6707].
+
+ The following additional terms are introduced by this document:
+
+ Application-Level Redirection: The act of using an application-
+ specific redirection mechanism for the request routing process of
+ a CDN. The Redirection Target (RT) is the result of a CDN's
+ routing decision at the time it receives a content request via an
+ application-specific protocol response. Examples of an
+ application-level redirection are HTTP 302 Redirection and Real
+ Time Messaging Protocol (RTMP) [RTMP] 302 Redirection.
+
+ DNS Redirection: The act of using DNS name resolution for the
+ request routing process of a CDN. In DNS Redirection, the DNS
+ name server of the CDN makes the routing decision based on a local
+ policy and selects one or more Redirection Targets (RTs) and
+ redirects the User Agent (UA) to the RT(s) by returning the
+ details of the RT(s) in response to the DNS query request from the
+ User Agent's DNS resolver.
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 3]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ HTTP Redirection: The act of using an HTTP redirection response for
+ the request routing process of a CDN. The Redirection Target (RT)
+ is the result of the routing decision of a CDN at the time it
+ receives a content request via HTTP. HTTP Redirection is a
+ particular case of application-level redirection.
+
+ Redirection Target (RT): The endpoint to which the User Agent is
+ redirected. In CDNI, an RT may point to a number of different
+ components, some examples include a surrogate in the same CDN as
+ the request router, a request router in a dCDN, or a surrogate in
+ a dCDN.
+
+3. Interface Function and Operation Overview
+
+ The main function of the CDNI Redirection interface (RI) is to allow
+ the request routing systems in interconnected CDNs to communicate to
+ facilitate the redirection of User Agent requests between
+ interconnected CDNs.
+
+ The detailed requirements for the Redirection interface and their
+ relative priorities are described in Section 5 of [RFC7337].
+
+ The User Agent will make a request to a request router in the uCDN
+ using one of either DNS or HTTP. The RI is used between the uCDN and
+ one or more dCDNs. The dCDN's RI response may contain a Redirection
+ Target with a type that is compatible with the protocol used between
+ the User Agent and uCDN request router. The dCDN has control over
+ the Redirection Target it provides. Depending on the returned
+ Redirection Target, the User Agent's request may be redirected to:
+
+ o The final surrogate, which may be in the dCDN that returned the RI
+ response to the uCDN or another CDN (if the dCDN delegates the
+ delivery to another CDN); or
+
+ o A request router (in the dCDN or another CDN), which may use a
+ different redirection protocol (DNS or HTTP) than the one included
+ in the RI request.
+
+ The Redirection interface operates between the request routing
+ systems of a pair of interconnected CDNs. To enable communication
+ over the Redirection interface, the uCDN needs to know the URI
+ (endpoint) in the dCDN to send CDNI request routing queries.
+
+ The Redirection interface URI may be statically preconfigured,
+ dynamically discovered via the CDNI Control interface, or discovered
+ via other means. However, such discovery mechanisms are not
+ specified in this document, as they are considered out of the scope
+ of the Redirection interface specification.
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 4]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The Redirection interface is only relevant in the case of Recursive
+ Request Redirection, as Iterative Request Redirection does not invoke
+ any interaction over the Redirection interface between interconnected
+ CDNs. Therefore, the scope of this document is limited to Recursive
+ Request Redirection.
+
+ In the case of Recursive Request Redirection, in order to perform
+ redirection of a request received from a User Agent, the uCDN queries
+ the dCDN so that the dCDN can select and provide a Redirection
+ Target. In cases where a uCDN has a choice of dCDNs, it is up to the
+ uCDN to decide (for example, via configured policies) which dCDN(s)
+ to query and in which order to query them. A number of strategies
+ are possible, including selecting a preferred dCDN based on local
+ policy, possibly falling back to querying an alternative dCDN(s) if
+ the first dCDN does not return a Redirection Target or otherwise
+ rejects the uCDN's RI request. A more complex strategy could be to
+ query multiple dCDNs in parallel before selecting one and using the
+ Redirection Target provided by that dCDN.
+
+ The uCDN->User Agent redirection protocols addressed in this document
+ are: DNS redirection and HTTP redirection. Other types of
+ application-level redirection will not be discussed further in this
+ document. However, the Redirection interface is designed to be
+ extensible and could be extended to support additional application-
+ level redirection protocols.
+
+ For both DNS and HTTP redirection, either HTTP or HTTPS could be used
+ to connect to the Redirection Target. When HTTPS is used to connect
+ to the uCDN, if the uCDN uses DNS redirection to identify the RT to
+ the User Agent, then the new target domain name may not match the
+ domain in the URL dereferenced to reach the uCDN; without operational
+ precautions, and in the absence of DNSSEC, this can make a legitimate
+ redirection look like a DNS-based attack to a User Agent and trigger
+ security warnings. When DNS-based redirection with HTTPS is used,
+ this specification assumes that any RT can complete the necessary
+ Transport Layer Security (TLS) handshake with the User Agent. Any
+ operational mechanisms this requires, e.g., private key distribution
+ to surrogates and request routers in dCDNs, are outside the scope of
+ this document.
+
+ This document also defines an RI loop prevention and detection
+ mechanism as part of the Redirection interface.
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 5]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4. HTTP-Based Interface for the Redirection Interface
+
+ This document defines a simple interface for the Redirection
+ interface based on HTTP [RFC7230], where the attributes of a User
+ Agent's requests are encapsulated along with any other data that can
+ aid the dCDN in processing the requests. The RI response
+ encapsulates the attributes of the RT(s) that the uCDN should return
+ to the User Agent (if it decides to utilize the dCDN for delivery)
+ along with the policy for how the response can be reused. The
+ examples of RI requests and responses below do not contain a complete
+ set of HTTP headers for brevity; only the pertinent HTTP headers are
+ shown.
+
+ The RI between the uCDN and dCDN uses the same HTTP interface to
+ encapsulate the attributes of both DNS and HTTP requests received
+ from User Agents, although the contents of the RI requests/responses
+ contain data specific to either DNS or HTTP redirection.
+
+ This approach has been chosen because it enables CDN operators to
+ only have to deploy a single interface for the RI between their CDNs,
+ regardless of the User Agent redirection method. In this way, from
+ an operational point of view, there is only one interface to monitor,
+ manage, develop troubleshooting tools for, etc.
+
+ In addition, having a single RI where the attributes of the User
+ Agent's DNS or HTTP request are encapsulated along with the other
+ data required for the dCDN to make a request routing decision, avoids
+ having to both 1) try to encapsulate or proxy DNS/HTTP/RTMP/
+ etc. requests and 2) find ways to somehow embed the additional CDNI
+ Request Routing Redirection interface properties/data within those
+ end-user DNS/HTTP/RTMP/etc. requests.
+
+ Finally, the RI is easily extendable to support other User Agent
+ request redirection methods (e.g., RTMP 302 redirection) by defining
+ additional protocol-specific keys for RI requests and responses along
+ with a specification about how to process them.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 6]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The generic Recursive Request Redirection message flow between
+ Request Routing systems in a pair of interconnected CDNs is as
+ follows:
+
+ User Agent CDN B RR CDN A RR
+ |UA Request (DNS or HTTP) | |
+ |-------------------------------------------------->| (1)
+ | | |
+ | |HTTP POST to CDN B's RI |
+ | |URI encapsulating UA |
+ | |request attributes |
+ | |<------------------------| (2)
+ | | |
+ | |HTTP Response with body |
+ | |containing RT attributes |
+ | |of the protocol-specific |
+ | |response to return to UA |
+ | |------------------------>| (3)
+ | | |
+ | Protocol-specific response (redirection)|
+ |<--------------------------------------------------| (4)
+ | | |
+
+ Figure 1: Generic Recursive Request Redirection Message Flow
+
+ 1. The User Agent sends its (DNS or HTTP) request to CDN A. The
+ Request Routing System of CDN A processes the request and,
+ through local policy, recognizes that the request is best served
+ by another CDN, specifically CDN B (or that CDN B may be one of a
+ number of candidate dCDNs it could use).
+
+ 2. The Request Routing System of CDN A sends an HTTP POST to CDN B's
+ RI URI containing the attributes of the User Agent's request.
+
+ 3. The Request Routing System of CDN B processes the RI request and,
+ assuming the request is well-formed, responds with an HTTP "200"
+ response with a message body containing the RT(s) to return to
+ the User Agent as well as parameters that indicate the properties
+ of the response (cacheability and scope).
+
+ 4. The Request Routing System of CDN A sends a protocol-specific
+ response (containing the returned attributes) to the User Agent,
+ so that the User Agent's request will be redirected to the RT(s)
+ returned by CDN B.
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 7]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.1. Information Passed in RI Requests and Responses
+
+ The information passed in RI requests splits into two basic
+ categories:
+
+ 1. The attributes of the User Agent's request to the uCDN.
+
+ 2. Properties/parameters that the uCDN can use to control the dCDN's
+ response or that can help the dCDN make its decision.
+
+ Generally, dCDNs can provide better routing decisions given
+ additional information about the content request, e.g., the URI of
+ the requested content or the User Agent's IP address or subnet. The
+ information required to base a routing decision on can be highly
+ dependent on the type of content delivered. A uCDN SHOULD only
+ include information that is absolutely necessary for delivering that
+ type of content. Cookies in particular are especially sensitive from
+ a security/privacy point of view and in general SHOULD NOT be
+ conveyed in the RI Requests to the dCDN. The information necessary
+ to be conveyed for a particular type of request is expected to be
+ conveyed out of band between the uCDN and dCDN. See Section 5.2 for
+ more detail on the privacy aspects of using RI Requests to convey
+ information about UA requests.
+
+ In order for the dCDN to determine whether it is capable of
+ delivering any requested content, it requires CDNI metadata related
+ to the content the User Agent is requesting. That metadata will
+ describe the content and any policies associated with it. It is
+ expected that the RI request contains sufficient information for the
+ Request Router in the dCDN to be able to retrieve the required CDNI
+ Metadata via the CDNI Metadata interface.
+
+ The information passed in RI responses splits into two basic
+ categories:
+
+ 1. The attributes of the RT to return to the User Agent in the DNS
+ response or HTTP response.
+
+ 2. Parameters/policies that indicate the properties of the response,
+ such as, whether it is cacheable, the scope of the response, etc.
+
+ In addition to details about how to redirect the User Agent, the dCDN
+ may wish to return additional policy information to the uCDN. For
+ example, the dCDN may wish to return a policy that expresses "this
+ response can be reused without requiring an RI request for 60 seconds
+ provided the User Agent's IP address is in the range 198.51.100.0 --
+ 198.51.100.255".
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 8]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ These additional policies split into two basic categories:
+
+ o Cacheability information signaled via the HTTP response headers of
+ the RI response (to reduce the number of subsequent RI requests
+ the uCDN needs to make).
+
+ o The scope of a cacheable response signaled in the HTTP response
+ body of the RI response, for example, whether the response applies
+ to a wider range of IP addresses than what was included in the RI
+ request.
+
+ The cacheability of the response is indicated using the standard HTTP
+ Cache-Control mechanisms.
+
+4.2. JSON Encoding of RI Requests and Responses
+
+ The body of RI requests and responses is a JSON object [RFC7159] that
+ contains a dictionary of key:value pairs that MUST conform to
+ [RFC7493]. Senders MUST encode all (top-level object and sub-object)
+ keys specified in this document in lowercase. Receivers MUST ignore
+ any keys that are unknown or invalid.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 9]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The following table defines the top-level keys and indicates whether
+ they are applicable to RI requests, RI responses, or both:
+
+ +----------+------------------+-------------------------------------+
+ | Key | Request/Response | Description |
+ +----------+------------------+-------------------------------------+
+ | dns | Both | The attributes of the UA's DNS |
+ | | | request or the attributes of the |
+ | | | RT(s) to return in a DNS response. |
+ | | | |
+ | http | Both | The attributes of the UA's HTTP |
+ | | | request or the attributes of the RT |
+ | | | to return in an HTTP response. |
+ | | | |
+ | scope | Response | The scope of the response (if it is |
+ | | | cacheable). For example, whether |
+ | | | the response applies to a wider |
+ | | | range of IP addresses than what was |
+ | | | included in the RI request. |
+ | | | |
+ | error | Response | Additional details if the response |
+ | | | is an error response. |
+ | | | |
+ | cdn-path | Both | A List of Strings. Contains a list |
+ | | | of the CDN Provider IDs of previous |
+ | | | CDNs that have participated in the |
+ | | | request routing for the associated |
+ | | | User Agent request. On RI requests, |
+ | | | it contains the list of previous |
+ | | | CDNs that this RI request has |
+ | | | passed through. On RI responses, it |
+ | | | contains the list of CDNs that were |
+ | | | involved in obtaining the final |
+ | | | redirection included in the RI |
+ | | | response. See Section 4.8. |
+ | | | |
+ | max-hops | Request | Integer specifying the maximum |
+ | | | number of hops (CDN Provider IDs) |
+ | | | this request is allowed to be |
+ | | | propagated along. This allows the |
+ | | | uCDN to coarsely constrain the |
+ | | | latency of the request routing |
+ | | | chain. |
+ +----------+------------------+-------------------------------------+
+
+ Table 1: Top-Level Keys in RI Requests/Responses
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 10]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ A single request or response MUST contain only one of the dns or http
+ keys. Requests MUST contain a cdn-path key and responses MAY contain
+ a cdn-path key. If the max-hops key is not present, then there is no
+ limit on the number of CDN hops that the RI request can be propagated
+ along. If the first uCDN does not wish the RI request to be
+ propagated beyond the dCDN it is making the request to, then the uCDN
+ MUST set max-hops to 1.
+
+ The cdn-path MAY be reflected back in RI responses, although doing so
+ could expose information to the uCDN that a dCDN may not wish to
+ expose (for example, the existence of business relationships between
+ a dCDN and other CDNs).
+
+ If the cdn-path is reflected back in the RI response, it MUST contain
+ the value of cdn-path received in the associated RI request with the
+ final dCDN's CDN Provider ID appended. Transit CDNs MAY remove the
+ cdn-path from RI responses but MUST NOT modify the cdn-path in other
+ ways.
+
+ The presence of an error key within a response that also contains
+ either a dns or http key does not automatically indicate that the RI
+ request was unsuccessful as the error key MAY be used for
+ communicating additional (e.g., debugging) information. When a
+ response contains an error key as well as either a dns or http key,
+ the error-code SHOULD be 1xx (e.g., 100). See Section 4.7 for more
+ details about encoding error information in RI responses.
+
+ All implementations that support IPv4 addresses MUST support the
+ encoding specified by the 'IPv4address' rule in Section 3.2.2 of
+ [RFC3986]. Likewise, implementations that support IPv6 addresses
+ MUST support all IPv6 address formats specified in [RFC4291]. Server
+ implementations SHOULD use IPv6 address formats specified in
+ [RFC5952].
+
+4.3. MIME Media Types Used by the RI Interface
+
+ RI requests MUST use a MIME media type of application/cdni as
+ specified in [RFC7736], with the Payload Type (ptype) parameter set
+ to 'redirection-request'.
+
+ RI responses MUST use a MIME media type of application/cdni as
+ specified in [RFC7736], with the Payload Type (ptype) parameter set
+ to 'redirection-response'.
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 11]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.4. DNS Redirection
+
+ The following sections provide detailed descriptions of the
+ information that should be passed in RI requests and responses for
+ DNS redirection.
+
+4.4.1. DNS Redirection Requests
+
+ For DNS-based redirection, the uCDN needs to pass the following
+ information to the dCDN in the RI request:
+
+ o The IP address of the DNS resolver that made the DNS request to
+ the uCDN.
+
+ o The type of DNS query made (usually either A or AAAA).
+
+ o The class of DNS query made (usually IN).
+
+ o The fully qualified domain name for which DNS redirection is being
+ requested.
+
+ o The IP address or prefix of the User Agent (if known to the uCDN).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 12]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The preceding information is encoded as a set of key:value pairs
+ within the dns dictionary as follows:
+
+ +-------------+---------+-----------+-------------------------------+
+ | Key | Value | Mandatory | Description |
+ +-------------+---------+-----------+-------------------------------+
+ | resolver-ip | String | Yes | The IP address of the UA's |
+ | | | | DNS resolver. |
+ | | | | |
+ | qtype | String | Yes | The type of DNS query made by |
+ | | | | the UA's DNS resolvers in |
+ | | | | uppercase. The value of this |
+ | | | | field SHALL be set to either |
+ | | | | 'A' or 'AAAA'. |
+ | | | | |
+ | qclass | String | Yes | The class of DNS query made |
+ | | | | in uppercase (IN, etc.). |
+ | | | | |
+ | qname | String | Yes | The fully qualified domain |
+ | | | | name being queried. |
+ | | | | |
+ | c-subnet | String | No | The IP address (or prefix) of |
+ | | | | the UA in Classless Inter- |
+ | | | | Domain Routing (CIDR) format. |
+ | | | | |
+ | dns-only | Boolean | No | If True, then dCDN MUST only |
+ | | | | use DNS redirection and MUST |
+ | | | | include RTs to one or more |
+ | | | | surrogates in any successful |
+ | | | | RI response. CDNs MUST |
+ | | | | include the dns-only property |
+ | | | | set to True on any cascaded |
+ | | | | RI requests. Defaults to |
+ | | | | False. |
+ +-------------+---------+-----------+-------------------------------+
+
+ Table 2
+
+ An RI request for DNS-based redirection MUST include a dns
+ dictionary. This dns dictionary MUST contain the following keys:
+ resolver-ip, qtype, qclass, and qname; the value of each MUST be the
+ value of the appropriate part of the User Agent's DNS query/request.
+ For internationalized domain names containing non-ASCII characters,
+ the value of the qname field MUST be the ASCII-compatible encoded
+ (ACE) representation (A-label) of the domain name [RFC5890].
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 13]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ An example RI request (uCDN->dCDN) for DNS-based redirection is as
+ follows:
+
+ POST /dcdn/ri HTTP/1.1
+ Host: rr1.dcdn.example.net
+ Content-Type: application/cdni; ptype=redirection-request
+ Accept: application/cdni; ptype=redirection-response
+
+ {
+ "dns" : {
+ "resolver-ip" : "192.0.2.1",
+ "c-subnet" : "198.51.100.0/24",
+ "qtype" : "A",
+ "qclass" : "IN",
+ "qname" : "www.example.com"
+ },
+ "cdn-path": ["AS64496:0"],
+ "max-hops": 3
+ }
+
+4.4.2. DNS Redirection Responses
+
+ For a successful DNS-based redirection, the dCDN needs to return one
+ of the following to the uCDN in the RI response:
+
+ o The IP address(es) of (or the CNAME of) RTs that are dCDN
+ surrogates (if the dCDN is performing DNS-based redirection
+ directly to a surrogate); or
+
+ o The IP address(es) of (or the CNAME of) RTs that are Request
+ Routers (if the dCDN will perform request redirection itself). A
+ dCDN MUST NOT return an RT that is a Request Router if the dns-
+ only key is set to True in the RI request.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 14]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The preceding information is encoded as a set of key:value pairs
+ within the dns dictionary as follows:
+
+ +-------+-----------+-----------+-----------------------------------+
+ | Key | Value | Mandatory | Description |
+ +-------+-----------+-----------+-----------------------------------+
+ | rcode | Integer | Yes | DNS response code (see |
+ | | | | [RFC6895]). |
+ | | | | |
+ | name | String | Yes | The fully qualified domain name |
+ | | | | the response relates to. |
+ | | | | |
+ | a | List of | No | Set of IPv4 Addresses of RT(s). |
+ | | String | | |
+ | | | | |
+ | aaaa | List of | No | Set of IPv6 Addresses of RT(s). |
+ | | String | | |
+ | | | | |
+ | cname | List of | No | Set of fully qualified domain |
+ | | String | | names of RT(s). |
+ | | | | |
+ | ttl | Integer | No | TTL in seconds of DNS response. |
+ | | | | Default is 0. |
+ +-------+-----------+-----------+-----------------------------------+
+
+ Table 3
+
+ A successful RI response for DNS-based redirection MUST include a dns
+ dictionary and MAY include an error dictionary (see Section 4.7). An
+ unsuccessful RI response for DNS-based redirection MUST include an
+ error dictionary. If a dns dictionary is included in the RI
+ response, it MUST include the rcode and name keys and it MUST include
+ at least one of the following keys: a, aaaa, or cname. The dns
+ dictionary MAY include both a and aaaa keys. If the dns dictionary
+ contains a cname key, it MUST NOT contain either an a or aaaa key.
+ For internationalized domain names containing non-ASCII characters,
+ the value of the cname field MUST be the ACE representation (A-label)
+ of the domain name.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 15]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ An example of a successful RI response (dCDN->uCDN) for DNS-based
+ redirection with both a and aaaa keys is listed below:
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+
+ {
+ "dns" : {
+ "rcode" : 0,
+ "name" : "www.example.com",
+ "a" : ["203.0.113.200", "203.0.113.201", "203.0.113.202"],
+ "aaaa" : ["2001:DB8::C8", "2001:DB8::C9"],
+ "ttl" : 60
+ }
+ }
+
+ A further example of a successful RI response (dCDN->uCDN) for DNS-
+ based redirection is listed below, in this case with a cname key
+ containing the FQDN of the RT.
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+
+ {
+ "dns" : {
+ "rcode" : 0,
+ "name" : "www.example.com",
+ "cname" : ["rr1.dcdn.example"],
+ "ttl" : 20
+ }
+ }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 16]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.5. HTTP Redirection
+
+ The following sections provide detailed descriptions of the
+ information that should be passed in RI requests and responses for
+ HTTP redirection.
+
+ The dictionary keys used in HTTP Redirection requests and responses
+ use the following conventions for their prefixes:
+
+ o c- is prefixed to keys for information related to the Client (User
+ Agent).
+
+ o cs- is prefixed to keys for information passed by the Client (User
+ Agent) to the Server (uCDN).
+
+ o sc- is prefixed to keys for information to be passed by the Server
+ (uCDN) to the Client (User Agent).
+
+4.5.1. HTTP Redirection Requests
+
+ For HTTP-based redirection, the uCDN needs to pass the following
+ information to the dCDN in the RI request:
+
+ o The IP address of the User Agent.
+
+ o The URI requested by the User Agent.
+
+ o The HTTP method requested by the User Agent.
+
+ o The HTTP version number requested by the User Agent.
+
+ The uCDN may also decide to pass the presence and value of particular
+ HTTP headers included in the User Agent request to the dCDN.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 17]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The preceding information is encoded as a set of key:value pairs
+ within the http dictionary as follows:
+
+ +-------------------+--------+-----------+--------------------------+
+ | Key | Value | Mandatory | Description |
+ +-------------------+--------+-----------+--------------------------+
+ | c-ip | String | Yes | The IP address of the |
+ | | | | UA. |
+ | | | | |
+ | cs-uri | String | Yes | The Effective Request |
+ | | | | URI [RFC7230] requested |
+ | | | | by the UA. |
+ | | | | |
+ | cs-method | String | Yes | The method part of the |
+ | | | | request-line as defined |
+ | | | | in Section 3.1.1 of |
+ | | | | [RFC7230]. |
+ | | | | |
+ | cs-version | String | Yes | The HTTP-version part of |
+ | | | | the request-line as |
+ | | | | defined in Section 3.1.1 |
+ | | | | of [RFC7230]. |
+ | | | | |
+ | cs-(<headername>) | String | No | The field-value of the |
+ | | | | HTTP header field named |
+ | | | | <HeaderName> as a |
+ | | | | string, for example, |
+ | | | | cs-(cookie) would |
+ | | | | contain the value of the |
+ | | | | HTTP Cookie header from |
+ | | | | the UA request. |
+ +-------------------+--------+-----------+--------------------------+
+
+ Table 4
+
+ An RI request for HTTP-based redirection MUST include an http
+ dictionary. This http dictionary MUST contain the following keys:
+ c-ip, cs-method, cs-version, and cs-uri; the value of each MUST be
+ the value of the appropriate part of the User Agent's HTTP request.
+
+ The http dictionary of an RI request MUST contain a maximum of one
+ cs-(<headername>) key for each unique header field-name (HTTP header
+ field). <headername> MUST be identical to the equivalent HTTP header
+ field-name encoded in all lowercase.
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 18]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ In the case where the User Agent request includes multiple HTTP
+ header fields with the same field-name, it is RECOMMENDED that the
+ uCDN combine these different HTTP headers into a single value
+ according to Section 3.2.2 of [RFC7230]. However, because of the
+ plurality of already defined HTTP header fields and the inconsistency
+ of some of these header fields concerning the combination mechanism
+ defined in RFC 7230, the uCDN MAY have to deviate from using the
+ combination mechanism where appropriate. For example, it might only
+ send the contents of the first occurrence of the HTTP Headers
+ instead.
+
+ An example RI request (uCDN->dCDN) for HTTP-based redirection is as
+ follows:
+
+ POST /dcdn/rrri HTTP/1.1
+ Host: rr1.dcdn.example.net
+ Content-Type: application/cdni; ptype=redirection-request
+ Accept: application/cdni; ptype=redirection-response
+
+ {
+ "http": {
+ "c-ip": "198.51.100.1",
+ "cs-uri": "http://www.example.com",
+ "cs-version": "HTTP/1.1",
+ "cs-method": "GET"
+ },
+ "cdn-path": ["AS64496:0"],
+ "max-hops": 3
+ }
+
+4.5.2. HTTP Redirection Responses
+
+ For a successful HTTP-based redirection, the dCDN needs to return one
+ of the following to the uCDN in the RI response:
+
+ o A URI pointing to an RT that is the selected dCDN surrogate(s) (if
+ the dCDN is performing HTTP-based redirection directly to a
+ surrogate); or
+
+ o A URI pointing to an RT that is a Request Router (if the dCDN will
+ perform request redirection itself).
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 19]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The preceding information is encoded as a set of key:value pairs
+ within the http dictionary as follows:
+
+ +-------------------+---------+-----------+-------------------------+
+ | Key | Value | Mandatory | Description |
+ +-------------------+---------+-----------+-------------------------+
+ | sc-status | Integer | Yes | The status-code part of |
+ | | | | the status-line as |
+ | | | | defined in Section |
+ | | | | 3.1.2 of [RFC7230] to |
+ | | | | return to the UA |
+ | | | | (usually set to 302). |
+ | | | | |
+ | sc-version | String | Yes | The HTTP-version part |
+ | | | | of the status-line as |
+ | | | | defined in Section |
+ | | | | 3.1.2 of [RFC7230] to |
+ | | | | return to the UA. |
+ | | | | |
+ | sc-reason | String | Yes | The reason-phrase part |
+ | | | | of the status-line as |
+ | | | | defined in Section |
+ | | | | 3.1.2 of [RFC7230] to |
+ | | | | return to the UA. |
+ | | | | |
+ | cs-uri | String | Yes | The URI requested by |
+ | | | | the UA/client. |
+ | | | | |
+ | sc-(location) | String | Yes | The contents of the |
+ | | | | Location header to |
+ | | | | return to the UA (i.e., |
+ | | | | a URI pointing to the |
+ | | | | RT(s)). |
+ | | | | |
+ | sc-(<headername>) | String | No | The field-value of the |
+ | | | | HTTP header field named |
+ | | | | <HeaderName> to return |
+ | | | | to the UA. For example, |
+ | | | | sc-(expires) would |
+ | | | | contain the value of |
+ | | | | the HTTP Expires |
+ | | | | header. |
+ +-------------------+---------+-----------+-------------------------+
+
+ Table 5
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 20]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ Note: The sc-(location) key in the preceding table is an example of
+ sc-(<headername>) that has been called out separately as its presence
+ is mandatory in RI responses.
+
+ A successful RI response for HTTP-based redirection MUST include an
+ http dictionary and MAY include an error dictionary (see
+ Section 4.7). An unsuccessful RI response for HTTP-based redirection
+ MUST include an error dictionary. If an http dictionary is included
+ in the RI response, it MUST include at least the following keys:
+ sc-status, sc-version, sc-reason, cs-uri, and sc-(location).
+
+ The http dictionary of an RI response MUST contain a maximum of one
+ sc-(<headername>) key for each unique header field-name (HTTP header
+ field). <headername> MUST be identical to the equivalent HTTP header
+ field-name encoded in all lowercase.
+
+ The uCDN MAY decide to not return, override, or alter any or all of
+ the HTTP headers defined by sc-(<headername>) keys before sending the
+ HTTP response to the UA. It should be noted that in some cases,
+ sending the HTTP Headers indicated by the dCDN transparently on to
+ the UA might result in, for the uCDN, undesired behavior. As an
+ example, the dCDN might include sc-(cache-control),
+ sc-(last-modified), and sc-(expires) keys in the http dictionary,
+ through which the dCDN may try to influence the cacheability of the
+ response by the UA. If the uCDN would pass these HTTP headers on to
+ the UA, this could mean that further requests from the uCDN would go
+ directly to the dCDN, bypassing the uCDN and any logging it may
+ perform on incoming requests. Therefore, the uCDN is recommended to
+ carefully consider which HTTP headers to pass on, and which to either
+ override or not pass on at all.
+
+ An example of a successful RI response (dCDN->uCDN) for HTTP-based
+ redirection is a follows:
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+
+ {
+ "http": {
+ "sc-status": 302,
+ "sc-version": "HTTP/1.1",
+ "sc-reason": "Found",
+ "cs-uri": "http://www.example.com"
+ "sc-(location)":
+ "http://sur1.dcdn.example/ucdn/example.com",
+ }
+ }
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 21]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.6. Cacheability and Scope of Responses
+
+ RI responses may be cacheable. As long as a cached RI response is
+ not stale according to standard HTTP Cache-Control or other
+ applicable mechanisms, it may be reused by the uCDN in response to
+ User Agent requests without sending another RI request to the dCDN.
+
+ An RI response MUST NOT be reused unless the request from the User
+ Agent would generate an identical RI request to the dCDN as the one
+ that resulted in the cached RI response (except for the c-ip field
+ provided that the User Agent's c-ip is covered by the scope in the
+ original RI response, as elaborated upon below).
+
+ Additionally, although RI requests only encode a single User Agent
+ request to be redirected, there may be cases where a dCDN wishes to
+ indicate to the uCDN that the RI response can be reused for other
+ User Agent requests without the uCDN having to make another request
+ via the RI. For example, a dCDN may know that it will always select
+ the same surrogates for a given set of User Agent IP addresses and in
+ order to reduce request volume across the RI or to remove the
+ additional latency associated with an RI request, the dCDN may wish
+ to indicate that set of User Agent IP addresses to the uCDN in the
+ initial RI response. This is achieved by including an optional scope
+ dictionary in the RI response.
+
+ Scope is encoded as a set of key:value pairs within the scope
+ dictionary as follows:
+
+ +---------+--------+-----------+------------------------------------+
+ | Key | Value | Mandatory | Description |
+ +---------+--------+-----------+------------------------------------+
+ | iprange | List | No | A List of IP subnets in CIDR |
+ | | of | | notation that this RI response can |
+ | | String | | be reused for, provided the RI |
+ | | | | response is still considered |
+ | | | | fresh. |
+ +---------+--------+-----------+------------------------------------+
+
+ Table 6
+
+ If a uCDN has multiple cached responses with overlapping scopes and a
+ UA request comes in for which the User Agent's IP matches with the IP
+ subnets in multiple of these cached responses, the uCDN SHOULD use
+ the most recent cached response when determining the appropriate RI
+ response to use.
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 22]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The following is an example of a DNS redirection response from
+ Section 4.4.2 that is cacheable by the uCDN for 30 seconds and can be
+ returned to any User Agent with an IPv4 address in 198.51.100.0/24.
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+ Cache-Control: public, max-age=30
+
+ {
+ "dns" : {
+ "rcode" : 0,
+ "name" : "www.example.com",
+ "a" : ["203.0.113.200", "203.0.113.201"],
+ "aaaa" : ["2001:DB8::C8", "2001:DB8::C9"],
+ "ttl" : 60
+ }
+ "scope" : {
+ "iprange" : ["198.51.100.0/24"]
+ }
+ }
+
+ The following is an example of an HTTP redirection response from
+ Section 4.5.2 that is cacheable by the uCDN for 60 seconds and can be
+ returned to any User Agent with an IPv4 address in 198.51.100.0/24.
+
+ Note: The response to the UA is only valid for 30 seconds, whereas
+ the uCDN can cache the RI response for 60 seconds.
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+ Cache-Control: public, max-age=60
+
+ {
+ "http": {
+ "sc-status": 302,
+ "cs-uri": "http://www.example.com"
+ "sc-(location)":
+ "http://sur1.dcdn.example/ucdn/example.com",
+ "sc-(cache-control)" : "public, max-age=30"
+ }
+ "scope" : {
+ "iprange" : ["198.51.100.0/24"]
+ }
+ }
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 23]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.7. Error Responses
+
+ From a uCDN perspective, there are two types of errors that can be
+ the result of the transmission of an RI request to a dCDN:
+
+ 1. An HTTP protocol error signaled via an HTTP status code,
+ indicating a problem with the reception or parsing of the RI
+ request or the generation of the RI response by the dCDN, and
+
+ 2. An RI-level error specified in an RI response message.
+
+ This section deals with the latter type. The former type is outside
+ the scope of this document.
+
+ There are numerous reasons for a dCDN to be unable to return an
+ affirmative RI response to a uCDN. Reasons may include both dCDN
+ internal issues such as capacity problems, as well as reasons outside
+ the influence of the dCDN, such as a malformed RI request. To aid
+ with diagnosing the cause of errors, RI responses SHOULD include an
+ error dictionary to provide additional information to the uCDN as to
+ the reason/cause of the error. The intention behind the error
+ dictionary is to aid with either manual or automatic diagnosis of
+ issues. The resolution of such issues is outside the scope of this
+ document; this document does not specify any consequent actions a
+ uCDN should take upon receiving a particular error-code.
+
+ Error information (if present) is encoded as a set of key:value pairs
+ within a JSON-encoded error dictionary as follows:
+
+ +------------+---------+-----------+--------------------------------+
+ | Key | Value | Mandatory | Description |
+ +------------+---------+-----------+--------------------------------+
+ | error-code | Integer | Yes | A three-digit numeric code |
+ | | | | defined by the server to |
+ | | | | indicate the error(s) that |
+ | | | | occurred. |
+ | | | | |
+ | reason | String | No | A string providing further |
+ | | | | information related to the |
+ | | | | error. |
+ +------------+---------+-----------+--------------------------------+
+
+ Table 7
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 24]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The first digit of the error-code defines the class of error. There
+ are 5 classes of errors distinguished by the first digit of the
+ error-code:
+
+ 1xx: Informational (no error): The response should not be
+ considered an error by the uCDN, which may proceed by redirecting
+ the UA according to the values in the RI response. The error-code
+ and accompanying description may be used for informational
+ purposes, e.g., for logging.
+
+ 2xx: Reserved.
+
+ 3xx: Reserved.
+
+ 4xx: uCDN error: The dCDN cannot or will not process the request
+ due to something that is perceived to be a uCDN error, for
+ example, the RI request could not be parsed successfully by the
+ dCDN. The last two-digits may be used to more specifically
+ indicate the source of the problem.
+
+ 5xx: dCDN error: Indicates that the dCDN is aware that it has
+ erred or is incapable of satisfying the RI request for some
+ reason, for example, the dCDN was able to parse the RI request but
+ encountered an error for some reason. Examples include the dCDN
+ not being able to retrieve the associated metadata or the dCDN
+ being out of capacity.
+
+ The following error-codes are defined and maintained by IANA (see
+ Section 6).
+
+ Error-codes with a "Reason" of "<reason>" do not have a defined value
+ for their 'reason'-key. Depending on the error-code semantics, the
+ value of this field may be determined dynamically.
+
+ +------+--------------+---------------------------------------------+
+ | Code | Reason | Description |
+ +------+--------------+---------------------------------------------+
+ | 100 | <reason> | Generic informational error-code meant for |
+ | | (see | carrying a human-readable string |
+ | | Description) | |
+ | | | |
+ | 400 | <reason> | Generic error-code for uCDN errors where |
+ | | (see | the dCDN cannot or will not process the |
+ | | Description) | request due to something that is perceived |
+ | | | to be a uCDN error. The reason field may |
+ | | | be used to provide more details about the |
+ | | | source of the error. |
+ | | | |
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 25]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ | 500 | <reason> | Generic error-code for dCDN errors where |
+ | | (see | the dCDN is aware that it has erred or is |
+ | | Description) | incapable of satisfying the RI request for |
+ | | | some reason. The reason field may be used |
+ | | | to provide more details about the source of |
+ | | | the error. |
+ | | | |
+ | 501 | Unable to | The dCDN is unable to retrieve the metadata |
+ | | retrieve | associated with the content requested by |
+ | | metadata | the UA. This may indicate a configuration |
+ | | | error or that the content requested by the |
+ | | | UA does not exist. |
+ | | | |
+ | 502 | Loop | The dCDN detected a redirection loop (see |
+ | | detected | Section 4.8). |
+ | | | |
+ | 503 | Maximum hops | The dCDN detected the maximum number of |
+ | | exceeded | redirection hops exceeding max-hops (see |
+ | | | Section 4.8). |
+ | | | |
+ | 504 | Out of | The dCDN does not currently have sufficient |
+ | | capacity | capacity to handle the UA request. |
+ | | | |
+ | 505 | Delivery | The dCDN does not support the (set of) |
+ | | protocol not | delivery protocols indicated in the CDNI |
+ | | supported | Metadata of the content requested by the |
+ | | | UA. |
+ | | | |
+ | 506 | Redirection | The dCDN does not support the requested |
+ | | protocol not | redirection protocol. This error-code is |
+ | | supported | also used when the RI request has the dns- |
+ | | | only flag set to True and the dCDN is not |
+ | | | supported or is not prepared to return an |
+ | | | RT of a surrogate directly. |
+ +------+--------------+---------------------------------------------+
+
+ Table 8
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 26]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The following is an example of an unsuccessful RI response
+ (dCDN->uCDN) for a DNS-based User Agent request:
+
+ HTTP/1.1 500 Internal Server Error
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+ Cache-Control: private, no-cache
+
+ {
+ "error" : {
+ "error-code" : 504,
+ "description" : "Out of capacity"
+ }
+ }
+
+ The following is an example of a successful RI response (dCDN->uCDN)
+ for an HTTP-based User Agent request containing an error dictionary
+ for informational purposes:
+
+ HTTP/1.1 200 OK
+ Date: Mon, 06 Aug 2012 18:41:38 GMT
+ Content-Type: application/cdni; ptype=redirection-response
+ Cache-Control: private, no-cache
+
+ {
+ "http": {
+ "sc-status": 302,
+ "sc-version": "HTTP/1.1",
+ "sc-reason": "Found",
+ "cs-uri": "http://www.example.com"
+ "sc-(location)":
+ "http://sur1.dcdn.example/ucdn/example.com",
+ },
+ "error" : {
+ "error-code" : 100,
+ "description" :
+ "This is a human-readable message meant for debugging purposes"
+ }
+ }
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 27]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+4.8. Loop Detection and Prevention
+
+ In order to prevent and detect RI request loops, each CDN MUST insert
+ its CDN Provider ID into the cdn-path key of every RI request it
+ originates or cascades. When receiving RI requests, a dCDN MUST
+ check the cdn-path and reject any RI requests that already contain
+ the dCDN's Provider ID in the cdn-path. Transit CDNs MUST NOT
+ propagate to any downstream CDNs if the number of CDN Provider IDs in
+ cdn-path (before adding its own Provider ID) is equal to or greater
+ than max-hops.
+
+ The CDN Provider ID uniquely identifies each CDN Provider during the
+ course of request routing redirection. It consists of the characters
+ AS followed by the CDN Provider's AS number, then a colon (':') and
+ an additional qualifier that is used to guarantee uniqueness in case
+ a particular AS has multiple independent CDNs deployed; for example,
+ "AS64496:0".
+
+ If a dCDN receives an RI request whose cdn-path already contains that
+ dCDN's Provider ID, the dCDN MUST send an RI error response that
+ SHOULD include an error-code of 502.
+
+ If a dCDN receives an RI request where the number of CDN Provider IDs
+ in cdn-path is greater than max-hops, the dCDN MUST send an RI error
+ response that SHOULD include an error-code of 503.
+
+ It should be noted that the loop detection and prevention mechanisms
+ described above only cover preventing and detecting loops within the
+ RI itself. Besides loops within the RI itself, there is also the
+ possibility of loops in the data plane; for example, if the IP
+ address(es) or URI(s) returned in RI responses do not resolve
+ directly to a surrogate in the final dCDN, there is the possibility
+ that a User Agent may be continuously redirected through a loop of
+ CDNs. The specification of solutions to address data-plane request
+ redirection loops between CDNs is outside of the scope of this
+ document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 28]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+5. Security Considerations
+
+ Information passed over the RI could be considered personal or
+ sensitive, for example, RI requests contain parts of a User Agent's
+ original request and RI responses reveal information about the dCDN's
+ policy for which surrogates should serve which content/user
+ locations.
+
+ The RI interface also provides a mechanism whereby a uCDN could probe
+ a dCDN and infer the dCDN's edge topology by making repeated RI
+ requests for different content and/or UA IP addresses and correlating
+ the responses from the dCDN. Additionally, the ability for a dCDN to
+ indicate that an RI response applies more widely than the original
+ request (via the scope dictionary) may significantly reduce the
+ number of RI requests required to probe and infer the dCDN's edge
+ topology.
+
+ The same information could be obtained in the absence of the RI
+ interface, but it could be more difficult to gather as it would
+ require a distributed set of machines with a range of different IP
+ addresses, each making requests directly to the dCDN. However, the
+ RI facilitates easier collection of such information as it enables a
+ single client to query the dCDN for a redirection/surrogate selection
+ on behalf of any UA IP address.
+
+5.1. Authentication, Authorization, Confidentiality, and Integrity
+ Protection
+
+ An implementation of the CDNI Redirection interface MUST support TLS
+ transport as per [RFC2818] and [RFC7230]. The use of TLS for
+ transport of the CDNI Redirection interface messages allows the dCDN
+ and uCDN to authenticate each other. Once they have mutually
+ authenticated each other, it allows:
+
+ o The dCDN and uCDN to authorize each other (to ensure they are
+ transmitting/receiving CDNI Redirection messages to/from an
+ authorized CDN);
+
+ o CDNI Redirection interface messages to be transmitted with
+ confidentiality; and
+
+ o The integrity of the CDNI Redirection interface messages to be
+ protected during the exchange.
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 29]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ In an environment where any such protection is required, mutually
+ authenticated encrypted transport MUST be used to ensure
+ confidentiality of the redirection information; to do so, TLS MUST be
+ used (including authentication of the remote end) by the server side
+ (dCDN) and the client side (uCDN) of the CDNI Redirection interface.
+
+ When TLS is used, the general TLS usage guidance in [RFC7525] MUST be
+ followed.
+
+5.2. Privacy
+
+ Information passed over the RI ought to be considered personal and
+ sensitive. In particular, parts of a User Agent's original request,
+ most notably the UA's IP address and requested URI, are transmitted
+ over the RI to the dCDN. The use of mutually authenticated TLS, as
+ described in the previous section, prevents any other party than the
+ authorized dCDN from gaining access to this information.
+
+ Regardless of whether the uCDN and dCDN use the RI, a successful
+ redirect from a uCDN to a dCDN will make that dCDN aware of the UA's
+ IP address. As such, the fact that this information is transmitted
+ across the RI does not allow the dCDN to learn new information. On
+ the other hand, if a uCDN uses the RI to check with multiple
+ candidate dCDNs, those candidates that do not end up getting
+ redirected to do obtain information regarding end-user IP addresses
+ and requested URIs that they would not have if the RI not been used.
+
+ While it is technically possible to mask some information in the RI
+ Request, such as the last bits of the UA IP address, it is important
+ to note that this will reduce the effectiveness of the RI in certain
+ cases. CDN deployments need to strike a balance between end-user
+ privacy and the features impacted by such masking. This balance is
+ likely to vary from one deployment to another. As an example, when
+ the UA and its DNS resolver is behind a Carrier-grade NAT, and the RI
+ is used to find an appropriate delivery node behind the same NAT, the
+ full IP address might be necessary. Another potential issue when
+ using IP anonymization is that it is no longer possible to correlate
+ an RI Request with a subsequent UA request.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 30]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+6. IANA Considerations
+
+6.1. CDNI Payload Type Parameter Registrations
+
+ IANA has registered the following two new Payload Types in the
+ "Content Delivery Network Interconnection (CDNI) Parameters" registry
+ for use with the application/cdni MIME media type.
+
+ +----------------------+---------------+
+ | Payload Type | Specification |
+ +----------------------+---------------+
+ | redirection-request | RFC 7975 |
+ | | |
+ | redirection-response | RFC 7975 |
+ +----------------------+---------------+
+
+ Table 9
+
+6.1.1. CDNI RI Redirection Request Payload Type
+
+ Purpose: The purpose of this payload type is to distinguish RI
+ request messages.
+
+ Interface: RI
+
+ Encoding: See Section 4.4.1 and Section 4.5.1
+
+6.1.2. CDNI RI Redirection Response Payload Type
+
+ Purpose: The purpose of this payload type is to distinguish RI
+ response messages.
+
+ Interface: RI
+
+ Encoding: See Section 4.4.2 and Section 4.5.2
+
+6.2. RI Error Response Registry
+
+ IANA has created a new "CDNI RI Error response code" subregistry
+ within the "Content Delivery Network Interconnection (CDNI)
+ Parameters" registry. The "CDNI RI Error response code" namespace
+ defines the valid values for the error-code key in RI error
+ responses. The CDNI RI Error response code MUST be a three-digit
+ integer.
+
+ Additions to the "RI Error response registry" will be made via
+ "Specification Required" as defined in [RFC5226].
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 31]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ The Designated Expert will verify that new error-code registrations
+ do not duplicate existing error-code definitions (in name or
+ functionality), ensure that the new error-code is in accordance with
+ the error classes defined in Section 4.7 of this document, prevent
+ gratuitous additions to the namespace, and prevent any additions to
+ the namespace that would impair the interoperability of CDNI
+ implementations.
+
+ New registrations are required to provide the following information:
+
+ Code: A three-digit numeric error-code, in accordance with the
+ error classes defined in Section 4.7 of this document.
+
+ Reason: A string that provides further information related to the
+ error that will be included in the JSON error dictionary with the
+ 'reason'-key. Depending on the error-code semantics, the value of
+ this field may be determined dynamically. In that case, the
+ registration should set this value to '<reason>' and define its
+ semantics in the description field.
+
+ Description: A brief description of the error-code semantics.
+
+ Specification: Reference to the specification that defines the
+ error-code in more detail.
+
+ The entries in Table 8 are registered by this document, with the
+ value of the 'Specification' field set to RFC 7975 (this document).
+
+7. References
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <http://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+ Resource Identifier (URI): Generic Syntax", STD 66,
+ RFC 3986, DOI 10.17487/RFC3986, January 2005,
+ <http://www.rfc-editor.org/info/rfc3986>.
+
+ [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
+ Architecture", RFC 4291, DOI 10.17487/RFC4291, February
+ 2006, <http://www.rfc-editor.org/info/rfc4291>.
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 32]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
+ Address Text Representation", RFC 5952,
+ DOI 10.17487/RFC5952, August 2010,
+ <http://www.rfc-editor.org/info/rfc5952>.
+
+ [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
+ Protocol (HTTP/1.1): Message Syntax and Routing",
+ RFC 7230, DOI 10.17487/RFC7230, June 2014,
+ <http://www.rfc-editor.org/info/rfc7230>.
+
+ [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
+ Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
+ 2014, <http://www.rfc-editor.org/info/rfc7159>.
+
+ [RFC6895] Eastlake 3rd, D., "Domain Name System (DNS) IANA
+ Considerations", BCP 42, RFC 6895, DOI 10.17487/RFC6895,
+ April 2013, <http://www.rfc-editor.org/info/rfc6895>.
+
+ [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
+ DOI 10.17487/RFC7493, March 2015,
+ <http://www.rfc-editor.org/info/rfc7493>.
+
+ [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
+ "Recommendations for Secure Use of Transport Layer
+ Security (TLS) and Datagram Transport Layer Security
+ (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
+ 2015, <http://www.rfc-editor.org/info/rfc7525>.
+
+ [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
+ IANA Considerations Section in RFCs", BCP 26, RFC 5226,
+ DOI 10.17487/RFC5226, May 2008,
+ <http://www.rfc-editor.org/info/rfc5226>.
+
+ [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
+ Distribution Network Interconnection (CDNI) Problem
+ Statement", RFC 6707, DOI 10.17487/RFC6707, September
+ 2012, <http://www.rfc-editor.org/info/rfc6707>.
+
+ [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
+ DOI 10.17487/RFC2818, May 2000,
+ <http://www.rfc-editor.org/info/rfc2818>.
+
+ [RFC5890] Klensin, J., "Internationalized Domain Names for
+ Applications (IDNA): Definitions and Document Framework",
+ RFC 5890, DOI 10.17487/RFC5890, August 2010,
+ <http://www.rfc-editor.org/info/rfc5890>.
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 33]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+ [RTMP] Adobe Systems Incorporated, "Real-Time Messaging Protocol
+ (RTMP) specification", December 2012,
+ <http://www.adobe.com/go/spec_rtmp>.
+
+7.2. Informative References
+
+ [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution
+ Network Interconnection (CDNI) Requirements", RFC 7337,
+ DOI 10.17487/RFC7337, August 2014,
+ <http://www.rfc-editor.org/info/rfc7337>.
+
+ [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed.,
+ "Framework for Content Distribution Network
+ Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336,
+ August 2014, <http://www.rfc-editor.org/info/rfc7336>.
+
+ [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI)
+ Media Type Registration", RFC 7736, DOI 10.17487/RFC7736,
+ December 2015, <http://www.rfc-editor.org/info/rfc7736>.
+
+Acknowledgements
+
+ The authors would like to thank Taesang Choi, Francois Le Faucheur,
+ Matt Miller, Scott Wainner, and Kevin J. Ma for their valuable
+ comments and input to this document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 34]
+
+RFC 7975 Request Routing Redirection October 2016
+
+
+Contributors
+
+ The following persons have participated as co-authors to this
+ document:
+
+ Wang Danhua
+ Huawei
+ Email: wangdanhua@huawei.com
+
+ He Xiaoyan
+ Huawei
+ Email: hexiaoyan@huawei.com
+
+ Ge Chen
+ China Telecom
+ Email: cheng@gsta.com
+
+ Ni Wei
+ China Mobile
+ Email: niwei@chinamobile.com
+
+ Yunfei Zhang
+ Email: hishigh@gmail.com
+
+ Spencer Dawkins
+ Huawei
+ Email: spencer@wonderhamster.org
+
+Authors' Addresses
+
+ Ben Niven-Jenkins (editor)
+ Nokia
+ 3 Ely Road
+ Milton, Cambridge CB24 6DD
+ United Kingdom
+
+ Email: ben.niven-jenkins@nokia.com
+
+
+ Ray van Brandenburg (editor)
+ TNO
+ Anna van Buerenplein 1
+ The Hague 2595DA
+ The Netherlands
+
+ Phone: +31-88-866-7000
+ Email: ray.vanbrandenburg@tno.nl
+
+
+
+
+Niven-Jenkins, et al. Standards Track [Page 35]
+