From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc1272.txt | 1067 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1067 insertions(+) create mode 100644 doc/rfc/rfc1272.txt (limited to 'doc/rfc/rfc1272.txt') diff --git a/doc/rfc/rfc1272.txt b/doc/rfc/rfc1272.txt new file mode 100644 index 0000000..fba8a10 --- /dev/null +++ b/doc/rfc/rfc1272.txt @@ -0,0 +1,1067 @@ + + + + + + +Network Working Group C. Mills +Request for Comments: 1272 BBN + D. Hirsh + Meridian Technology Corporation + G. Ruth + BBN + November 1991 + + + INTERNET ACCOUNTING: BACKGROUND + +Status of this Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard. Distribution of this memo is + unlimited. + +1. Statement of Purpose + + This document provides background information for the "Internet + Accounting Architecture" and is the first of a three document set: + + Internet Accounting Background & Status (this document) + Internet Accounting Architecture (under construction) + Internet Accounting Meter Service (under construction) + + The focus at this time is on defining METER SERVICES and USAGE + REPORTING which provide basic semantics for measuring network + utilization, a syntax, and a data reporting protocol. The intent is + to produce a set of standards that is of practical use for early + experimentation with usage reporting as an internet accounting + mechanism. + + The architecture should be expandable as additional experience is + gained. The short-term Internet Accounting solution is intended to + merge with OSI and Autonomous Network Research Group (ANRG) efforts + and be superseded by those efforts in the long term. The OSI + accounting working groups are currently defining meter syntax and + reporting protocols. The ANRG research group is currently + researching economic models and accounting tools for the Internet + environment. + + Internet Accounting as described here does not wrestle with the + applications of usage reporting, such as monitoring and enforcing + network policy; nor does it recommend approaches to billing or tackle + such thorny issues as who pays for packet retransmission. + + This document provides background and tutorial information on issues + + + +Mills, Hirsh, & Ruth [Page 1] + +RFC 1272 Internet Accounting: Background November 1991 + + + surrounding the architecture, or in a sense, an explanation of + choices made in the Internet Accounting Architecture. + +2. Goals for a Usage Reporting Architecture + + We have adopted the accounting framework and terminology used by OSI + (ISO 7498-4 OSI Reference Model Part 4: Management Framework). This + framework defines a generalized accounting management activity which + includes calculations, usage reporting to users and providers and + enforcing various limits on the use of resources. Our own ambitions + are considerably more modest in that we are defining an architecture + to be used over the short- term (until ISO and ANRG have final + pronouncement and standards) that is limited to network USAGE + REPORTING. + + The OSI accounting model defines three basic entities: + + 1) the METER, which performs measurements and aggregates the + results of those measurements; + + 2) the COLLECTOR, which is responsible for the integrity and + security of METER data in short-term storage and transit; + and + + 3) the APPLICATION, which processes/formats/stores METER + data. APPLICATIONS implicitly manage METERS. + + This working group, then, is concerned with specifying the attributes + of METERS and COLLECTORS, with little concern at this time for + APPLICATIONS. + +3. The Usage Reporting Function + +3.1. Motivation for Usage Reporting + + The dominant motivations for usage reporting are: + + o Understanding/Influencing Behavior. + Usage reporting provides feedback for the subscriber on + his use of network resources. The subscriber can better + understand his network behavior and measure the impact of + modifications made to improve performance or reduce + costs. + + o Measuring Policy Compliance. + From the perspective of the network provider, usage + reports might show whether or not a subscriber is in + compliance with the stated policies for quantity of + + + +Mills, Hirsh, & Ruth [Page 2] + +RFC 1272 Internet Accounting: Background November 1991 + + + network usage. Reporting alone is not sufficient to + enforce compliance with policies, but reports can + indicate whether it is necessary to develop additional + methods of enforcement. + + o Rational Cost Allocation/Recovery. + Economic discipline can be used to penalize inefficient + network configuration/utilization as well as to reward + the efficient. It can be used to encourage bulk transfer + at off hours. It can be used as a means to allocate + operating costs in a zero-sum budget, and even be used as + the basis for billing in a profit-making fee-for-service + operation. + + The chief deterrent to usage reporting is the cost of measuring + usage, which includes: + + o Reporting/collection overhead. + This offers an additional source of computational load + and network traffic due to the counting operations, + managing the reporting system, collecting the reported + data, and storing the resulting counts. Overhead + increases with the accuracy and reliability of the + accounting data. + + o Post-processing overhead. + Resources are required to maintain the post-processing + tasks of maintaining the accounting database, generating + reports, and, if appropriate, distributing bills, + collecting revenue, servicing subscribers. + + o Security overhead. + The use of security mechanisms will increase the overall + cost of accounting. Since accounting collects detailed + information about subscriber behavior on the network and + since these counts may also represent a flow of money, it + is necessary to have mechanisms to protect accounting + information from unauthorized disclosure or manipulation. + + The balance between cost and benefit is regulated by the GRANULARITY + of accounting information collected. This balance is policy- + dependent. To minimize costs and maximize benefit, accounting detail + is limited to the minimum amount to provide the necessary information + for the research and implementation of a particular policy. + + + + + + + +Mills, Hirsh, & Ruth [Page 3] + +RFC 1272 Internet Accounting: Background November 1991 + + +3.2. Network Policy and Usage Reporting + + Accounting requirements are driven by policy. Conversely, policy is + typically influenced by the available management/reporting tools and + their cost. This section is NOT a recommendation for billing + practices, but intended to provide additional background for + understanding the problems involved in implementing a simple, + adequate usage reporting system. + + Since there are few tools adequate for any form of cost recovery + and/or long-term monitoring there are few organizations that practice + proactive usage reporting in the Internet. Those that do have + generally invented their own. But far and away the most common + approach is to treat the cost of network operations as overhead with + network reports limited to short-term, diagnostic intervention. But + as the population and use of the Internet increases and diversifies, + the complexity of paying for that usage also increases. Subsidies + and funding mechanisms appropriate to non-profit organizations often + restrict commercial use or require that "for profit" use be + identified and billed separately from the non-profit use. Tax + regulations may require verification of network connection or usage. + Some portions of the Internet are distinctly "private", whereas other + Internet segments are treated as public, shared infrastructure. + + The number of administrations operating in some connection with the + Internet is exploding. The network "hierarchy" (backbone, regional, + enterprise, stub network) is becoming deeper (more levels), + increasingly enmeshed (more cross-connections) and more diversified + (different charters and usage patterns). Each of these + administrations has different policies and by-laws about who may use + an individual network, who pays for it, and how the payment is + determined. Also, each administration balances the OVERHEAD costs of + accounting (metering, reporting, billing, collecting) against the + benefits of identifying usage and allocating costs. + + Some members of the Internet community are concerned that the + introduction of usage reporting will encourage new billing policies + which are detrimental to the current Internet infrastructure (though + it is also reasonable to assert that the current lack of usage + reporting may be detrimental as well). Caution and experimentation + must be the watch words as usage reporting is introduced. Well + before meters are used for active BILLING and ENFORCEMENT, they + should first be used to: + + o UNDERSTAND USER BEHAVIOR + (learn to quantify and/or predict individual and + aggregate traffic patterns over the long term), + + + + +Mills, Hirsh, & Ruth [Page 4] + +RFC 1272 Internet Accounting: Background November 1991 + + + o QUANTIFY NETWORK IMPROVEMENTS, + (measure user and vendor efficiency in how network + resources are consumed to provide end-user data transport + service) and + + o MEASURE COMPLIANCE WITH POLICY. + + Accounting policies for network traffic already exist. But they are + usually based on network parameters which change seldom, if at all. + Such parameters require little monitoring (the line speed of a + physical connection, e.g.,Ethernet, 9600 baud, FDDI). The connection + to the network is then charged to the subscriber as a FLAT-FEE + regardless of the amount of traffic passed across the connection and + is similar to the monthly unlimited local service phone bill. + + Usage-insensitive access charges are sufficient in many cases, and + can be preferable to usage-based charging in Internet environments, + for financial, technical, and social reasons. Sample incentives for + the FLAT-FEE billing approach are: + + o FINANCIAL: + Predictable monthly charges. No overhead costs for + counting packets and preparing usage-based reports. + + o TECHNICAL: + Easing the sharing of resources. Eliminating the + headaches of needing another layer of accounting in proxy + servers which associate their usage with their clients'. + Examples of proxy servers which generate network traffic + on behalf of the actual user or subscriber are mail + daemons, network file servers, and print spoolers. + + o SOCIAL: + Treating the network as an unregulated public + infrastructure with equal access and information sharing. + Encouraging public-spirited behavior -- contributing to + public mailing lists, information distribution, etc. + + In other cases USAGE-SENSITIVE charges may be preferred or required + by a local administration's policy. Government regulations or the + wishes of subscribers with low or intermittent traffic patterns may + force the issue (note: FLAT FEES are beneficial for heavy network + users. USAGE SENSITVE charges generally benefit the low-volume + user). Where usage-sensitive accounting is used, cost ceilings and + floors may still be established by static parameters, such as "pipe + size" for fixed connections or "connection time" for dial-up + connection, to satisfy the need for some predictability. + + + + +Mills, Hirsh, & Ruth [Page 5] + +RFC 1272 Internet Accounting: Background November 1991 + + + Different billing schemes may be employed depending on network + measures of distance. For example, local network traffic may be + flat-rate and remote internet traffic may be usage-based, analogous + to the local and long distance billing policies adopted by the + telephone companies. + + The ANRG is independently investigating policy models and + infrastructure economics for billing and cost recovery. + +3.3. The Nature of Usage Accounting + + Although the exact requirements for internet usage accounting will + vary from one network administration to the next and will depend on + policies and cost trade-offs, it is possible to characterize the + problem in some broad terms and thereby bound it. Rather than try to + solve the problem in exhaustive generality (providing for every + imaginable set of accounting requirements), some assumptions about + usage accounting are posited in order to make the problem tractable + and to render implementations feasible. Since these assumptions form + the basis for our architectural and design work, it is important to + make them explicit from the outset and hold them up to the scrutiny + of the Internet community. + +3.3.1. A Model for Internet Accounting + + We begin with the assumption that there is a "network administrator" + or "network administration" to whom internet accounting is of + interest. He "owns" and operates some subset of the internet (one or + more connected networks)that may be called his "administrative + domain". This administrative domain has well defined boundaries. + + + our domain X + ------------------- + / | | | | + / | C + / ------ / + Network A / | \ / + ----- (diagonals \___/____ + | | | cross admin. domain B + boundaries) + + + The network administrator is interested in 1) traffic within his + boundaries and 2) traffic crossing his boundaries. Within his + boundaries he may be interested in end-system to end-system + accounting or accounting at coarser granularities (e.g., department + to department). + + + +Mills, Hirsh, & Ruth [Page 6] + +RFC 1272 Internet Accounting: Background November 1991 + + + The network administrator is usually not interested in accounting for + end-systems outside his administrative domain; his primary concern is + accounting to the level of other ADJACENT (directly connected) + administrative domains. Consider the viewpoint of the administrator + for domain X of the internet. The idea is that he will send each + adjacent administrative domain a bill (or other statement of + accounting) for its use of his resources and it will send him a bill + for his use of its resources. When he receives an aggregate bill + from Network A, if he wishes to allocate the charges to end users or + subsystems within his domain, it is HIS responsibility to collect + accounting data about how they used the resources of Network A. If + the "user" is in fact another administrative domain, B, (on whose + behalf X was using A's resources) the administrator for X just sends + his counterpart in B a bill for the part of X's bill attributable to + B's usage. If B was passing traffic for C, them B bills C for the + appropriate portion X's charges, and so on, until the charges + percolate back to the original end user, say G. Thus, the + administrator for X does not have to account for G's usage; he only + has to account for the usage of the administrative domains directly + adjacent to himself. + + This paradigm of recursive accounting may, of course, be used WITHIN + an administrative domain that is (logically) comprised of sub- + administrative domains. + + The discussion of the preceding paragraphs applies to a general mesh + topology, in which any Internet constituent domain may act as a + service provider for any connected domain. Although the Internet + topology is in fact such a mesh, there is a general hierarchy to its + structure and hierarchical routing (when implemented) will make it + logically hierarchical as far as traffic flow is concerned. This + logical hierarchy permits a simplification of the usage accounting + perspective. + + At the bottom of the service hierarchy a service-consuming host sits + on one of many "stub" networks. These are interconnected into an + enterprise-wide extended LAN, which in turn receives Internet + service, typically from a single attachment to a regional backbone. + Regional backbones receive national transport services from national + backbones such as NSFnet, Alternet, PSInet, CERFnet, NSInet, or + Nordunet. In this scheme each level in the hierarchy has a + constituency, a group for which usage reporting is germane, in the + level underneath it. In the case of the NSFnet the natural + constituency, for accounting purposes at least, is the regional nets + (MIDnet, SURAnet,...). For the regionals it will be their member + institutions; for the institutions, their stub networks; and for the + stubs, their individual hosts. + + + + +Mills, Hirsh, & Ruth [Page 7] + +RFC 1272 Internet Accounting: Background November 1991 + + +3.3.2. Implications of the Model + + The significance of the model sketched above is that Internet + accounting must be able to support accounting for adjacent + (intermediate) systems, as well as end-system accounting. Adjacent + system accounting information cannot be derived from end-system + accounting (even if complete end-system accounting were feasible) + because traffic from an end-system may reach the administrative + domain of interest through different adjacent domains, and it is the + adjacent domain through which it passes that is of interest. + + The need to support accounting for adjacent intermediate systems + means that internet accounting will require information not present + in internet protocol headers (these headers contain source and + destination addresses of end-systems only). This information may + come from lower layer protocols (network or link layer) or from + configuration information for boundary components (e.g., "what system + is connected to port 5 of this IP router"). + +4. Meters + + A METER is a process which examines a stream of packets on a + communications medium or between a pair of media. The meter records + aggregate counts of packets belonging to FLOWs between communicating + entities (hosts/processes or aggregations of communicating hosts + (domains)). The assignment of packets to flows may be done by + executing a series of rules. Meters can reasonably be implemented in + any of three environments -- dedicated monitors, in routers or in + general-purpose systems. + + Meter location is a critical decision in internet accounting. An + important criterion for selecting meter location is cost, i.e., + REDUCING ACCOUNTING OVERHEAD and MINIMIZING THE COST OF + IMPLEMENTATION. + + In the trade-off between overhead (cost of accounting) and detail, + ACCURACY and RELIABILITY play a decisive role. Full accuracy and + reliability for accounting purposes require that EVERY packet must be + examined. However, if the requirement for accuracy and reliability + is relaxed, statistical sampling may be more practical and + sufficiently accurate, and DETAILED ACCOUNTING is not required at + all. Accuracy and reliability requirements may be less stringent + when the purpose of usage-reporting is solely to understand network + behavior, for network design and performance tuning, or when usage + reporting is used to approximate cost allocations to users as a + percentage of total fees. + + Overhead costs are minimized by accounting at the coarsest acceptable + + + +Mills, Hirsh, & Ruth [Page 8] + +RFC 1272 Internet Accounting: Background November 1991 + + + GRANULARITY, i.e., using the greatest amount of AGGREGATION possible + to limit the number of accounting records generated, their size, and + the frequency with which they are transmitted across the network or + otherwise stored. + + The other cost factor lies in implementation. Implementation will + necessitate the development and introduction of hardware and software + components into the internet. It is important to design an + architecture that tends to minimize the cost of these new components. + +4.1. Meter Placement + + In the model developed above, the Internet may be viewed as a + hierarchical system of service providers and their corresponding + constituencies. In this scheme the service provider accounts for the + activity of the constituents or service consumers. Meters should be + placed to allow for optimal data collection for the relevant + constituency and technology. Meters are most needed at + administrative boundaries and data collected such that service + provider and consumer are able to reconcile their activities. + + Routers (and/or bridges) are by definition and design placed + (topologically) at these boundaries and so it follows that the most + generally convenient place to position accounting meters is in or + near the router. But again this depends on the underlying transport. + Whenever the service-providing network is broadcast (e.g., bus- + based), not extended (i.e., without bridging or routing), then meter + placement is of no particular consequence. If one were generating + usage reports for a stub LAN, meters could reasonably be placed in a + router, a dedicated monitor, or a host at any point on the LAN. + Where an enterprise-wide network is a LAN, the same observation + holds. At the boundary between an enterprise and a regional network, + however, in or near a router is an appropriate location for meters + that will measure the enterprise's network activity. + + Meters are placed in (or near) routers to count packets at the + Internet Protocol Level. All traffic flows through two natural + metering points: hosts and routers (Internet packet switches). Hosts + are the ultimate source and sink of all traffic. Routers monitor all + traffic which passes IN or OUT of each network. Motivations for + selecting the routers as the metering points are: + + o Minimization of cost and overhead. + (by concentrating the accounting function). Centralize + and minimize in terms of number of geographical or + administrative regions, number of protocols monitored, + and number of separate implementations modified. (Hosts + are too diverse and numerous for easy standardization. + + + +Mills, Hirsh, & Ruth [Page 9] + +RFC 1272 Internet Accounting: Background November 1991 + + + Routers concentrate traffic and are more homogeneous.) + + o Traffic control. + When and if usage sensitive quotas are involved, changes + in meter status (e.g., exceeding a quota) would result in + an active influence on network traffic (the router starts + denying access). A passive measuring device cannot + control network access in response to detecting state. + + o Intermediate system accounting. + As discussed above, internet accounting includes both + end-system and intermediate system accounting. Hosts see + only end-system traffic; routers see both the end-systems + (internet source and destination) and the adjacent + intermediate systems. + + Therefore, meters should be placed at: + + o administrative boundaries + only for measuring inter-domain traffic; + + o stub networks + for measuring intra-domain traffic. For intra-domain + traffic, the requirement for performing accounting at + almost every router is a disincentive for implementing a + usage-based charging policy. + +4.2. Meter Types + + Four possible types of metering technology are: + + o Network monitors: + These measure only traffic WITHIN a single network. They + include LAN monitors, X.25 call accounting systems and + traffic monitors in bridges. + + o Line monitors: + These count packets flowing across a circuit. They would + be placed on inter-router trunks and on router ports. + + o Router-integral meters: + These are meters located within a router, implemented in + software. They count packets flowing through the router. + + o Router spiders: + This is a set of line monitors that surround a router, + measure traffic on all of its ports and coordinate the + results. + + + +Mills, Hirsh, & Ruth [Page 10] + +RFC 1272 Internet Accounting: Background November 1991 + + +4.3. Meter Structure + + While topology argues in favor of meters in routers, granularity and + security favor dedicated monitors. The GRANULARITY of the + accountable entity (and its attributes) affects the amount of + overhead incurred for accounting. Each entity/attribute/reporting + interval combination is a separate meter. Each individual meter + takes up local memory and requires additional memory or network + resources when the meter reports to the application. Memory is a + limited resource, and there are cost implications to expanding memory + significantly or increasing the frequency of reporting. The number + of concurrent flows open in a router is controlled by + + o the granularity of the accountable entity + + o the granularity of the attributes and sub-categories of + packets + + o memory + (the number of flows that can be stored concurrently, a + limit which can also be expressed as the average number + of flows existing at this granularity plus some delta, + e.g., peak hour average plus one standard deviation, or + ...) + + o the reporting interval + (the lifetime of an individual meter) + + There is a spectrum of granularity control which ranges across + the following dimensions. (Most administrations will probably + choose a granularity somewhere in the middle of the spectrum.) + + ENTITY: Entities range across the spectrum from the coarsest + granularity, PORT (a local view with a unique designation for the + subscriber port through which packets enter and exit "my" + network) through NETWORK and HOST to USER (not defined here). + The port is the minimum granularity of accounting. HOST is the + finest granularity defined here. Where verification is required, + a network should be able to perform accounting at the granularity + its subscribers use. Hosts are ultimately responsible for + identifying the end user, since only the hosts have unambiguous + access to user identification. This information could be shared + with the network, but it is the host's responsibility to do so, + and there is no mechanism in place at this time (e.g., an IP + option, discussed in section 4.). + + ATTRIBUTE: Each new attribute requires that an additional flow + be maintained for each entity. The coarsest granularity is NO + + + +Mills, Hirsh, & Ruth [Page 11] + +RFC 1272 Internet Accounting: Background November 1991 + + + categorization of packets. The finest granularity would be to + maintain state information about the higher-levels protocols or + type of service being used by communicating processes across the + network. + + VALUES: Values are the information which is recorded for each + entity/attribute grouping. Usually values are counters, such as + packet counts and byte counts. They may also be time stamps - + start time and stop time, or reasons for starting or stopping + reporting. + + REPORTING INTERVAL: At the very finest level of granularity, + each data packet might generate a separate accounting record. To + report traffic at this level of detail would require + approximately one packet of accounting information for every data + packet sent. The reporting interval is then zero and no memory + will be needed for flow record storage. For a non-zero reporting + interval flow records must be maintained in memory. Storage for + stale (old, infrequent) flows may be recycled when their data has + been reported. As the reporting interval increases, more and + more stale records accumulate. + + The feasibility of a particular group of granularities varies + with the PERFORMANCE characteristics of the network (link speed, + link bandwidth, router processing speed, router memory), as well + as the COST of accounting balanced against the requirement for + DETAIL. Since technological advances can quickly obsolete + current technical limitations, and since the policy structure and + economics of the Internet are in flux, meters will be defined + with VARYING GRANULARITY which is regulated according to the + traffic requirements of the individual network or administration + and technical limitations. + +4.4. Collection Issues + + There are two implicit assumptions about the nature of meters and + traffic sources that they measure, both of which have substantial + bearing on collectors. + + 1. The matrix of communicating entity pairs is large but + sparse and, moreover, network traffic exhibits considerable + source, destination and attribute coherence - so that lists + can be quite compact. + + 2. Meters can be configured to generate either a static set + of variables whose values are incremented, or a stream of + records that must be periodically transferred and removed + from the meter's memory. + + + +Mills, Hirsh, & Ruth [Page 12] + +RFC 1272 Internet Accounting: Background November 1991 + + + Meters can generate large, unstructured amounts of information + and the essential collection issue revolves around mapping + collection activities into an SNMP framework (or, to the extent + that this is not successful, specifying other collection + paradigms). + + There are three major collection concerns: + + o data confidentiality + + o data integrity + + o local and remote collection control + + The prime security concern is preserving the confidentiality of usage + data. (See ISO 7498 Part 2, "Security Architecture," for security + terminology used herein.) Given that accounting data are sensitive, + the collector should be able (or may be required) to provide + confidentiality for accounting data at the point of collection, + through transmission and up to the point where the data is delivered. + The delivery function may also require authentication of the origin + and destination and provision for connection integrity (if + connections are utilized). Other security services (e.g., measures + to counter denial of service attacks) are not deemed necessary for + internet accounting at this time. It is assumed that security + services can be provided by SNMP and its mechanisms. (This will + require further investigation.) + + In order to have an accurate monitoring system, reliable delivery of + data should be assured through one or more of: + + o an acknowledgement retransmission scheme; + + o redundant reporting to multiple collectors; + + o having backup storage located at the meter. + + There is a place for both application polling and meter traps within + this scheme, but there are significant trade-offs associated with + each. + + Polling means that the collection point has some control over when + accounting data is sent, so that not all meters flood the collector + at once. However, polling messages, particularly when structured + with SNMP's GET-NEXT operator, add considerable overhead to the + network. Meter traps are required in any case (whether or not + polling is the preferred collection method), so that a meter may rid + itself of data when its cache is full. + + + +Mills, Hirsh, & Ruth [Page 13] + +RFC 1272 Internet Accounting: Background November 1991 + + + The fundamental collection trade-off will be between primary and + secondary storage at the meter, coupled with an efficient bulk- + transfer protocol, versus minimal storage at the meter and a + network-bandwidth-consuming collection discipline. + + A final collection concern is whether packets should be counted on + entry into a router or upon exit from a router. It is the nature of + IP that not every packet received by a router is actually passed to + an output port. The Internet Protocol allows routers to discard + packets (e.g., in times of congestion when the router cannot handle + the offered load); it is presumed that higher level protocols (e.g., + TCP) will provide whatever reliable delivery service the user deems + necessary (by detecting non- delivery and retransmitting). + + The question arises, therefore, whether an internet accounting system + should count all packets offered to a router (since each packet + offered consumes some router resources) or just those that are + finally passed by the router to a network (why should a user pay for + undelivered packets?) Since there are good arguments for either + position, we do not attempt to resolve this issue here. (It should + be noted, however, that SMDS has chosen to count on exit only.) + Rather, we require that an internet accounting should provide ability + for counting packets either way -- on entry to or on exit from a + router. + +5. Examples + + Here follows a series of examples to illustrate what data may be of + interest to service providers and consumers in a number of different + scenarios. In the illustrations that follow straight lines are + interpreted as some sort of LAN. Diagonals are point- to-point + links. Diamonds are routers. We assume that we are in a homogeneous + protocol environment (IP). + +5.1 A Single Segment LAN + + Consumers and providers on a single LAN service can utilize the same + set of data: the contribution of individual hosts to total network + load. A network accounting system measures flows between individual + host pairs. (On a broadcast LAN, e.g., an Ethernet, this can be + accomplished by a single meter placed anywhere on the LAN.) Using + this data, costs for the network management activity can be + apportioned to individual hosts or the departments that own/manage + the hosts. + + Alternately, flows can be kept by source only, rather than source- + destination pairs. + + + + +Mills, Hirsh, & Ruth [Page 14] + +RFC 1272 Internet Accounting: Background November 1991 + + +5.2 An Extended (Campus or Facility-Wide) LAN + + 128.252.100.X 128.252.150.X 128.253.220.X + +----------------+ +----------------+ +----------------+ + | | | + | | | + / \ / \ / \ + 128.252.100.10 128.252.150.10 128.253.220.10 + \ / \ / \ / + | | | + +--+-+----------------------+-+----------------------+-+-+ + | | | + / \ / \ / \ + 128.252.130.10 128.252.120.10 128.253.140.10 + \ / \ / \ / + | | | + | | | + +-----------------+ +-----------------+ +----------------+ + 128.252.130.X 128.252.120.X 128.253.140.X + + This is the first example in which the information that is germane + for service provider and consumer are not identical. The service + consumers are now the individual subnets and the service provider is + the facility-wide backbone. A service provider is interested in + knowing the contribution of individual subnets to the total traffic + of the backbone. In order to ascertain this, a meter on the backbone + (the longest line in the center of the illustration) can keep track + of flows between subnet pairs. Now the communications between + individual hosts on adjacent subnets are aggregated into a single + flow that measures activity between subnets. + + The service consumers, or subnets, might in turn want to keep track + of the communications between individual hosts that use the services + of the backbone. An accounting system on the backbone could be + configured to monitor traffic among individual host pairs. + Alternately an accounting system on each individual subnet could keep + track of local and "non-local" traffic. The observed data of the two + sets of meters (one for the service provider and one for the service + consumers) should have reconcilable data. + + + + + + + + + + + + +Mills, Hirsh, & Ruth [Page 15] + +RFC 1272 Internet Accounting: Background November 1991 + + +5.3 A Regional Network + + 116.125 + +-----------------+ + | + + + / \ + 116.125.10.10 + \ / + / + \ + / \ + / \ + / \ + | + + | + | / \ / \ | + 128.242 |----- 128.242.10.10 128.252.10.10 -----| 128.252 + | \ / \ / | + | + + | + \ / + \ / + \ / + \ + / + / \ + 124.110.10.10 + \ / + + + +-----------------+ + | + 124.110 + + In this example we have a regional network consisting of a ring of + point-to-point links that interconnect a collection of campus-wide + LANs. Again service provider and consumer have differing interests + and needs for accounting data. The service provider, the regional + network, again will be interested in the contribution of each + individual network to the total traffic on the regional network. + This interest might extend to include measure of individual link + utilization, and not just total offered load to the network as a + whole. In this latter case the service provider will require that + meters be placed at one end or the other on each link. For the + service consumer, the individual campus, relevant measures would + include the contribution of individual subnets or hosts to the total + "outbound" traffic. Meter(s) placed in (or at) the router that + connects the campus- network to the regional network can perform the + necessary measurement. + + + + + + +Mills, Hirsh, & Ruth [Page 16] + +RFC 1272 Internet Accounting: Background November 1991 + + +5.4 A National Backbone + + __________ + | + + + | / \ | + |--+ 1 +--| + | \ / | + + + / \ + \ / + / + \ + / \ + _______ / \ _______ + | / \ | + + + + + + | / \ / \ / \ / \ | + |--+ 4 +----\ / 5 \ /-----+ 2 +-| + | \ / + + \ / | + + \ / + + ___|____ \ / ___|____ + \ / + \ + / + / \ + \ / + + + | / \ | + |--+ 3 +--| + | \ / | + + + ____|____ + + In this last case, the data that the service provider will want to + collect is the traffic between regional networks. The flow that + measures a regional network, or regional network pairs, is defined as + the union of all member-campus network address spaces. This can be + arrived at by keeping multiple individual network address flows and + developing the regional network contribution as post-processing + activity, or by defining a flow that is the union of all the relevant + addresses. (This is a cpu cycles for memory trade-off.) Note that + if the service provider measures individual network contributions, + then this data is, in large + measure, the data that the service consumers would require. + +6. Future Issues + + This last section is the collector for ancillary issues that are as + yet undefined or out of current scope. + + + +Mills, Hirsh, & Ruth [Page 17] + +RFC 1272 Internet Accounting: Background November 1991 + + + APPLICATIONS standards: Recommendations for storage, processing and + reporting are left out for the moment. Storage and processing of + accounting information is dependent on individual network policy. + Recommendations for standardizing billing schemes would be premature. + + QUOTAS are a form of closed loop feedback that represent an + interesting extension of usage reporting. But they will have to wait + until the basic accounting technology is reasonably defined and has + been the subject of a reasonable amount of experimentation. + + SESSION ACCOUNTING: Detailed auditing of individual sessions across + the internet (at level four or higher) will not be addressed by + internet accounting. Internet accounting deals only with measuring + traffic at the IP level. + + APPLICATION LEVEL ACCOUNTING: Service hosts and proxy agents have to + do their own accounting for services, since the network cannot + distinguish on whose behalf they are acting. Alternately, TCP/UDP + port numbers could become an optional field in a meter, since the + conjunction of a pair of IP addresses and port numbers occurring at a + particular time uniquely identifies a pair of communicating + processes. + + The USER has not yet been defined, since an IP option would have to + be added to the IP header to provide for this. This option would + probably contain two parts - a subscriber identification and a user + sub-identification - to allow for the later introduction of quota + mechanisms which have both group and individual quotas. The + subscriber is the fiscally responsible entity, for example the + manager of a research group. In any case, routers must be able to + fall back to accounting by host, since there will most certainly be + hosts on the network which do not implement a new IP option in a + timely fashion. + +7. References + + International Standards Organization (ISO), "Management + Framework," Part 4 of Information Processing Systems Open Systems + Interconnection Basic Reference Model,ISO 7498-4, 1984. + + International Standards Organization (ISO), "Security + Architecture," Part 2 of Information Processing Systems Open + Systems Interconnection Basic Reference Model,ISO 7498-2, 1984. + + + + + + + + +Mills, Hirsh, & Ruth [Page 18] + +RFC 1272 Internet Accounting: Background November 1991 + + +Security Considerations + + Security issues are discussed in sections 2, 3 and 4. + +Authors' Addresses + + Cyndi Mills + Bolt, Beranek, and Newman + 150 Cambridge Park Drive + Cambridge, MA 02140 + + Phone: 617-873-4143 + Email: cmills@bbn.com + + + Donald Hirsh + Meridian Technology Corporation + 11 McBride Corporate Center Drive + Suite 250 + Chesterfield, MO 63005 + + Phone: 314-532-7708 + Email: hirsh@meridian.uucp + + + Gregory Ruth + Bolt, Beranek, and Newman + 150 Cambridge Park Drive + Cambridge, MA 02140 + + Phone: 617-873-3150 + Email: gruth@bbn.com + + + + + + + + + + + + + + + + + + + +Mills, Hirsh, & Ruth [Page 19] + \ No newline at end of file -- cgit v1.2.3