From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc8895.txt | 2561 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2561 insertions(+) create mode 100644 doc/rfc/rfc8895.txt (limited to 'doc/rfc/rfc8895.txt') diff --git a/doc/rfc/rfc8895.txt b/doc/rfc/rfc8895.txt new file mode 100644 index 0000000..cd18790 --- /dev/null +++ b/doc/rfc/rfc8895.txt @@ -0,0 +1,2561 @@ + + + + +Internet Engineering Task Force (IETF) W. Roome +Request for Comments: 8895 Nokia Bell Labs +Category: Standards Track Y. Yang +ISSN: 2070-1721 Yale University + November 2020 + + +Application-Layer Traffic Optimization (ALTO) Incremental Updates Using + Server-Sent Events (SSE) + +Abstract + + The Application-Layer Traffic Optimization (ALTO) protocol (RFC 7285) + provides network-related information, called network information + resources, to client applications so that clients can make informed + decisions in utilizing network resources. This document presents a + mechanism to allow an ALTO server to push updates to ALTO clients to + achieve two benefits: (1) updates can be incremental, in that if only + a small section of an information resource changes, the ALTO server + can send just the changes and (2) updates can be immediate, in that + the ALTO server can send updates as soon as they are available. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc8895. + +Copyright Notice + + Copyright (c) 2020 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction + 2. Terms + 2.1. Requirements Language + 3. Background + 3.1. Incremental Encoding: JSON Merge Patch + 3.1.1. JSON Merge Patch Encoding + 3.1.2. JSON Merge Patch ALTO Messages + 3.2. Incremental Encoding: JSON Patch + 3.2.1. JSON Patch Encoding + 3.2.2. JSON Patch ALTO Messages + 3.3. Multiplexing and Server Push: HTTP/2 + 3.4. Server Push: Server-Sent Event + 4. Overview of Approach and High-Level Protocol Message Flow + 4.1. Update Stream Service Message Flow + 4.2. Stream Control Service Message Flow + 4.3. Service Announcement and Management Message Flow + 5. Update Messages: Data Update and Control Update Messages + 5.1. Generic ALTO Update Message Structure + 5.2. ALTO Data Update Message + 5.3. ALTO Control Update Message + 6. Update Stream Service + 6.1. Media Type + 6.2. HTTP Method + 6.3. Capabilities + 6.4. Uses + 6.5. Request: Accept Input Parameters + 6.6. Response + 6.7. Additional Requirements on Update Stream Service + 6.7.1. Event Sequence Requirements + 6.7.2. Cross-Stream Consistency Requirements + 6.7.3. Multipart Update Requirements + 6.8. Keep-Alive Messages + 7. Stream Control Service + 7.1. URI + 7.2. Media Type + 7.3. HTTP Method + 7.4. IRD Capabilities & Uses + 7.5. Request: Accept Input Parameters + 7.6. Response + 8. Examples + 8.1. Example: IRD Announcing Update Stream Services + 8.2. Example: Simple Network and Cost Map Updates + 8.3. Example: Advanced Network and Cost Map Updates + 8.4. Example: Endpoint Property Updates + 8.5. Example: Multipart Message Updates + 9. Operation and Processing Considerations + 9.1. Considerations for Choosing Data Update Messages + 9.2. Considerations for Client Processing Data Update Messages + 9.3. Considerations for Updates to Filtered Cost Maps + 9.4. Considerations for Updates to Ordinal Mode Costs + 9.5. Considerations for SSE Text Formatting and Processing + 10. Security Considerations + 10.1. Update Stream Server: Denial-of-Service Attacks + 10.2. ALTO Client: Update Overloading or Instability + 10.3. Stream Control: Spoofed Control Requests and Information + Breakdown + 11. Requirements on Future ALTO Services to Use This Design + 12. IANA Considerations + 12.1. application/alto-updatestreamparams+json Media Type + 12.2. application/alto-updatestreamcontrol+json Media Type + 13. Appendix: Design Decision: Not Allowing Stream Restart + 14. References + 14.1. Normative References + 14.2. Informative References + Acknowledgments + Contributors + Authors' Addresses + +1. Introduction + + The Application-Layer Traffic Optimization (ALTO) protocol [RFC7285] + provides network-related information, called network information + resources, to client applications so that clients may make informed + decisions in utilizing network resources. For example, an ALTO + server provides network and cost maps, where a network map partitions + the set of endpoints into a manageable number of sets each defined by + a Provider-Defined Identifier (PID) and a cost map provides directed + costs between PIDs. Given network and cost maps, an ALTO client can + obtain costs between endpoints by first using the network map to get + the PID for each endpoint and then using the cost map to get the + costs between those PIDs. Such costs can be used by the client to + choose communicating endpoints with low network costs. + + The ALTO protocol defines only an ALTO client pull model without + defining a mechanism to allow an ALTO client to obtain updates to + network information resources, other than by periodically re-fetching + them. In settings where an information resource may be large but + only parts of it may change frequently (e.g., some entries of a cost + map), complete re-fetching can be inefficient. + + This document presents a mechanism to allow an ALTO server to push + incremental updates to ALTO clients. Integrating server push and + incremental updates provides two benefits: (1) updates can be small, + in that if only a small section of an information resource changes, + the ALTO server can send just the changes and (2) updates can be + immediate, in that the ALTO server can send updates as soon as they + are available. + + While primarily intended to provide updates to GET-mode network and + cost maps, the mechanism defined in this document can also provide + updates to POST-mode ALTO services, such as the ALTO endpoint + property and endpoint cost services. The mechanism can also support + new ALTO services to be defined by future extensions, but a future + service needs to satisfy requirements specified in Section 11. + + The rest of this document is organized as follows. Section 3 gives + background on the basic techniques used in this design: (1) JSON + merge patch and JSON patch to allow incremental updates and (2) + Server-Sent Events (SSE) [SSE] to allow server push. With the + background, Section 4 gives a non-normative overview of the design. + Section 5 defines individual messages in an update stream. Section 6 + defines the update stream service. Section 7 defines the stream + control service. Section 8 gives several examples to illustrate the + two types of services. Section 9 describes operation and processing + considerations by both ALTO servers and clients. Section 13 + discusses a design feature that is not supported. Section 10 + discusses security issues. Sections 11 and 12 review the + requirements for future ALTO services to use SSE and IANA + considerations, respectively. + +2. Terms + + Besides the terminologies as defined in [RFC7285], this document also + uses additional terminologies defined as follows: + + Update Stream: + A reliable, in-order connection compatible with HTTP/1.x between + an ALTO client and an ALTO server so that the server can push a + sequence of update messages using [SSE] to the client. + + Update Stream Server: + This document refers to an ALTO server providing an update stream + as an ALTO update stream server, or update stream server for + short. Note that the ALTO server mentioned in this document + refers to a general server that provides various kinds of + services; it can be an update stream server or stream control + server (see below). It can also be a server providing ALTO + Information Resource Directory (IRD). + + Update Message: + A message that is either a data update message or a control update + message. + + Data Update Message: + An update message that is for a single ALTO information resource + and sent from the update stream server to the ALTO client when the + resource changes. A data update message can be either a full- + replacement message or an incremental-change message. Full + replacement is a shorthand for a full-replacement message, and + incremental change is a shorthand for an incremental-change + message. + + Full Replacement: + A data update message for a resource that encodes the content of + the resource in its original ALTO encoding. + + Incremental Change: + A data update message that specifies only the difference between + the new content and the previous version. An incremental change + can be encoded using either JSON merge patch or JSON patch in this + document. + + Stream Control Service: + A service that provides an HTTP URI so that the ALTO client of an + update stream can use it to send stream control requests to the + ALTO server on the addition or removal of resources receiving + update messages from the update stream. The ALTO server creates a + new stream control resource for each update stream instance, + assigns a unique URI to it, and sends the URI to the client as the + first event in the stream. (Note that the stream control service + in ALTO has no association with the similarly named Stream Control + Transmission Protocol [RFC4960].) + + Stream Control: + A shorthand for stream control service. + + Stream Control Server: + An ALTO server providing the stream control service. + + Substream-ID: + An ALTO client can assign a unique substream-id when requesting + the addition of a resource receiving update messages from an + update stream. The server puts the substream-id in each update + event for that resource. The substream-id allows a client to use + one update stream to receive updates to multiple requests for the + same resource (i.e., with the same resource-id in an ALTO IRD), + for example, for a POST-mode resource with different input + parameters. + + Data-ID: + A subfield of the "event" field of [SSE] to identify the ALTO data + (object) to be updated. For an ALTO resource returning a + multipart response, the data-id to identify the data (object) is + the substream-id, in addition to the Content-ID of the object in + the multipart response. The data-id of a single-part response is + just the substream-id. + + Control Update Message: + An update message for the update stream server to notify the ALTO + client of related control information of the update stream. A + control update message may be triggered by an internal event at + the server, such as server overloading and hence the update stream + server will no longer send updates for an information resource, or + as a result of a client sending a request through the stream + control service. The first message of an update stream is a + control update message that provides a control URI to the ALTO + client. The ALTO client can use the URI to send stream control + requests to the stream control server. + +2.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +3. Background + + The design requires two basic techniques: encoding of incremental + changes and server push. For incremental changes, existing + techniques include JSON merge patch and JSON patch; this design uses + both. For server push, existing techniques include HTTP/2 and [SSE]; + this design adopts some design features of HTTP/2 but uses [SSE] as + the basic server-push design. The rest of this section gives a non- + normative summary of JSON merge patch, JSON patch, HTTP/2, and [SSE]. + +3.1. Incremental Encoding: JSON Merge Patch + + To avoid always sending complete data, a server needs mechanisms to + encode incremental changes, and JSON merge patch is one mechanism. + [RFC7396] defines the encoding of incremental changes (called JSON + merge patch objects) to be used by the HTTP PATCH method [RFC5789]. + From [RFC7396], this document adopts only the JSON merge patch object + encoding and does not use the HTTP PATCH method, as the updates are + sent as events instead of HTTP methods; also, the updates are server + to client, and PATCH semantics are more for client to server. Below + is a non-normative summary of JSON merge patch objects; see [RFC7396] + for the normative definition. + +3.1.1. JSON Merge Patch Encoding + + Informally, a JSON merge patch message consists of a JSON merge patch + object (referred to as a patch in [RFC7396]), which defines how to + transform one JSON value into another using a recursive merge patch + algorithm. Specifically, the patch is computed by treating two JSON + values (first one being the original and the second being the + updated) as trees of nested JSON objects (dictionaries of name/value + pairs), where the leaves are values (e.g., JSON arrays, strings, and + numbers), other than JSON objects, and the path for each leaf is the + sequence of keys leading to that leaf. When the second tree has a + different value for a leaf at a path or adds a new leaf, the patch + has a leaf, at that path, with the new value. When a leaf in the + first tree does not exist in the second tree, the JSON merge patch + tree has a leaf with a JSON "null" value. Hence, in the patch, null + as the value of a name/value pair will delete the element with "name" + in the original JSON value. The patch does not have an entry for any + leaf that has the same value in both versions. See the MergePatch + pseudocode at the beginning of Section 2 of [RFC7396] for the formal + specification of how to apply a given patch. As a result, if all + leaf values are simple scalars, JSON merge patch is a quite efficient + representation of incremental changes. It is less efficient when + leaf values are arrays, because JSON merge patch replaces arrays in + their entirety, even if only one entry changes. + +3.1.2. JSON Merge Patch ALTO Messages + + To provide both examples of JSON merge patch and a demonstration of + the feasibility of applying JSON merge patch to ALTO, the sections + below show the application of JSON merge patch to two key ALTO + messages. + +3.1.2.1. JSON Merge Patch Network Map Messages + + Section 11.2.1.6 of [RFC7285] defines the format of an ALTO network + map message. Assume a simple example ALTO message sending an initial + network map: + + { + "meta" : { + "vtag": { + "resource-id" : "my-network-map", + "tag" : "da65eca2eb7a10ce8b059740b0b2e3f8eb1d4785" + } + }, + "network-map" : { + "PID1" : { + "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25" ] + }, + "PID2" : { + "ipv4" : [ "198.51.100.128/25" ] + }, + "PID3" : { + "ipv4" : [ "0.0.0.0/0" ], + "ipv6" : [ "::/0" ] + } + } + } + + Consider the following JSON merge patch update message, which (1) + adds an ipv4 prefix "203.0.113.0/25" and an ipv6 prefix + "2001:db8:8000::/33" to "PID1", (2) deletes "PID2", and (3) assigns a + new "tag" to the network map: + + { + "meta" : { + "vtag" : { + "tag" : "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + } + }, + "network-map": { + "PID1" : { + "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25", + "203.0.113.0/25" ], + "ipv6" : [ "2001:db8:8000::/33" ] + }, + "PID2" : null + } + } + + Applying the JSON merge patch update to the initial network map is + equivalent to the following ALTO network map: + + { + "meta" : { + "vtag": { + "resource-id" : "my-network-map", + "tag" : "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + } + }, + "network-map" : { + "PID1" : { + "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25", + "203.0.113.0/25" ], + "ipv6" : [ "2001:db8:8000::/33" ] + }, + "PID3" : { + "ipv4" : [ "0.0.0.0/0" ], + "ipv6" : [ "::/0" ] + } + } + } + +3.1.2.2. JSON Merge Patch Cost Map Messages + + Section 11.2.3.6 of [RFC7285] defines the format of an ALTO cost map + message. Assume a simple example ALTO message for an initial cost + map: + + { + "meta" : { + "dependent-vtags" : [ + {"resource-id": "my-network-map", + "tag": "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + } + ], + "cost-type" : { + "cost-mode" : "numerical", + "cost-metric": "routingcost" + }, + "vtag": { + "resource-id" : "my-cost-map", + "tag" : "3ee2cb7e8d63d9fab71b9b34cbf764436315542e" + } + }, + "cost-map" : { + "PID1": { "PID1": 1, "PID2": 5, "PID3": 10 }, + "PID2": { "PID1": 5, "PID2": 1, "PID3": 15 }, + "PID3": { "PID1": 20, "PID2": 15 } + } + } + + The following JSON merge patch message updates the example cost map + so that (1) the "tag" field of the cost map is updated, (2) the cost + of PID1->PID2 is 9 instead of 5, (3) the cost of PID3->PID1 is no + longer available, and (4) the cost of PID3->PID3 is defined as 1. + + { + "meta" : { + "vtag": { + "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d" + } + } + "cost-map" : { + "PID1" : { "PID2" : 9 }, + "PID3" : { "PID1" : null, "PID3" : 1 } + } + } + + Hence, applying the JSON merge patch to the initial cost map is + equivalent to the following ALTO cost map: + + { + "meta" : { + "dependent-vtags" : [ + {"resource-id": "my-network-map", + "tag": "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + } + ], + "cost-type" : { + "cost-mode" : "numerical", + "cost-metric": "routingcost" + }, + "vtag": { + "resource-id": "my-cost-map", + "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d" + } + }, + "cost-map" : { + "PID1": { "PID1": 1, "PID2": 9, "PID3": 10 }, + "PID2": { "PID1": 5, "PID2": 1, "PID3": 15 }, + "PID3": { "PID2": 15, "PID3": 1 } + } + } + +3.2. Incremental Encoding: JSON Patch + +3.2.1. JSON Patch Encoding + + One issue of JSON merge patch is that it does not handle array + changes well. In particular, JSON merge patch considers an array as + a single object and hence can only replace an array in its entirety. + When the change is to make a small change to an array, such as the + deletion of an element from a large array, whole-array replacement is + inefficient. Consider the example in Section 3.1.2.1. To add a new + entry to the ipv4 array for PID1, the server needs to send a whole + new array. Another issue is that JSON merge patch cannot change a + value to be null, as the JSON merge patch processing algorithm + (MergePatch in Section 3.1.1) interprets a null as a removal + instruction. On the other hand, some ALTO resources can have null + values, and it is possible that the update will want to change the + new value to be null. + + JSON patch [RFC6902] can address the preceding issues. It defines a + set of operators to modify a JSON object. See [RFC6902] for the + normative definition. + +3.2.2. JSON Patch ALTO Messages + + To provide both examples of JSON patch and a demonstration of the + difference between JSON patch and JSON merge patch, the sections + below show the application of JSON patch to the same updates shown in + Section 3.1.2. + +3.2.2.1. JSON Patch Network Map Messages + + First, consider the same update as in Section 3.1.2.1 for the network + map. Below is the encoding using JSON patch: + + [ + { + "op": "replace", + "path": "/meta/vtag/tag", + "value": "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + }, + { + "op": "add", + "path": "/network-map/PID1/ipv4/2", + "value": "203.0.113.0/25" + } + { + "op": "add", + "path": "/network-map/PID1/ipv6", + "value": ["2001:db8:8000::/33"] + }, + { + "op": "remove", + "path": "/network-map/PID2" + } + ] + +3.2.2.2. JSON Patch Cost Map Messages + + Compared with JSON merge patch, JSON patch does not encode cost map + updates efficiently. Consider the cost map update shown in + Section 3.1.2.2, the encoding using JSON patch is: + + [ + { + "op": "replace", + "path": "/meta/vtag/tag", + "value": "c0ce023b8678a7b9ec00324673b98e54656d1f6d" + }, + { + "op": "replace", + "path": "/cost-map/PID1/PID2", + "value": 9 + }, + { + "op": "remove", + "path": "/cost-map/PID3/PID1" + }, + { + "op": "replace", + "path": "/cost-map/PID3/PID3", + "value": 1 + } + ] + +3.3. Multiplexing and Server Push: HTTP/2 + + HTTP/2 [RFC7540] provides two related features: multiplexing and + server push. In particular, HTTP/2 allows a client and a server to + multiplex multiple HTTP requests and responses over a single TCP + connection. The requests and responses can be interleaved on a block + (frame) by block (frame) basis, by indicating the requests and + responses in HTTP/2 messages, avoiding the head-of-line blocking + problem encountered with HTTP/1.1. To achieve the same goal, this + design introduces substream-id to allow a client to receive updates + to multiple resources. HTTP/2 also provides a server-push facility + to allow a server to send asynchronous updates. + + Despite the two features of HTTP/2, this design chooses a design + compatible with HTTP/1.x for the simplicity of HTTP/1.x. A design + based on HTTP/2 may more likely need to be implemented using a more + complex HTTP/2 client library. In such a case, one approach for + using server push for updates is for the update stream server to send + each data update message as a separate server-push item and let the + client apply those updates as they arrive. An HTTP/2 client library + may not necessarily inform a client application when the server + pushes a resource. Instead, the library might cache the pushed + resource and only deliver it to the client when the client explicitly + requests that URI. Further, it is more likely that a design based on + HTTP/2 may encounter issues with a proxy between the client and the + server, in that server push is optional and can be disabled by any + proxy between the client and the server. This is not a problem for + the intended use of server push; eventually, the client will request + those resources, so disabling server push just adds a delay. But + this means that Server Push is not suitable for resources that the + client does not know to request. + + Thus, this design leaves a design based on HTTP/2 as a future work + and focuses on ALTO updates on HTTP/1.x and [SSE]. + +3.4. Server Push: Server-Sent Event + + Server-Sent Events (SSE) are techniques that can work with HTTP/1.1. + The following is a non-normative summary of SSE; see [SSE] for its + normative definition. + + SSE enable a server to send new data to a client by "server push". + The client establishes an HTTP [RFC7230] [RFC7231] connection to the + server and keeps the connection open. The server continually sends + messages. Each message has one or more lines, where a line is + terminated by a carriage return immediately followed by a new line, a + carriage return not immediately followed by a new line, or a new line + not immediately preceded by a carriage return. A message is + terminated by a blank line (two line terminators in a row). + + Each line in a message is of the form "field-name: string value". + Lines with a blank field name (that is, lines that start with a + colon) are ignored, as are lines that do not have a colon. The + protocol defines three field names: event, id, and data. If a + message has more than one "data" line, the value of the data field is + the concatenation of the values on those lines. There can be only + one "event" and "id" line per message. The "data" field is required; + the others are optional. + + Figure 1 is a sample SSE stream, starting with the client request. + The server sends three events and then closes the stream. + + (Client request) + GET /stream HTTP/1.1 + Host: example.com + Accept: text/event-stream + + (Server response) + HTTP/1.1 200 OK + Connection: keep-alive + Content-Type: text/event-stream + + event: start + id: 1 + data: hello there + + event: middle + id: 2 + data: let's chat some more ... + data: and more and more and ... + + event: end + id: 3 + data: goodbye + + Figure 1: A Sample SSE Stream + +4. Overview of Approach and High-Level Protocol Message Flow + + With the preceding background, this section now gives a non-normative + overview of the update mechanisms and message flow to be defined in + later sections of this document. Figure 2 gives the main components + and overall message flow. + + ------------------------------------------------------------------- + | | + | +-------+ +-------+ 1. init request +------+ | + | | | | | <-------------- | | | + | | | | | --------------> | | | + | 3.add/ | | | | 1'. control URI | | | + | remove | | | | | | | + | resource |Stream | |Update | | | | + -------->|Control| private |Stream | 2a. data update |Client| -- + |Server |<------->|Server | messages | | + -------- | | | | ---------------> | | <- + | response | | | | ---------------> | | | + | | | | | 2b. control update| | | + | +-------+ +-------+ messages +------+ | + | | + ------------------------------------------------------------------- + + Figure 2: ALTO SSE Architecture and Message Flow + +4.1. Update Stream Service Message Flow + + The building block of the update mechanism defined in this document + is the update stream service (defined in Section 6), where each + update stream service is a POST-mode service that provides update + streams. + + Note that the lines of the format "** ... **" are used to describe + message flows in this section and the following sections. + + ** Initial request: client -> update server **: + When an ALTO client requests an update stream service, the ALTO + client establishes a persistent connection to the update stream + server and submits an initial update-stream request (defined in + Section 6.5), creating an update stream. This initial request + creating the update stream is labeled "1. init request" in + Figure 2. + + An update stream can provide updates to both GET-mode resources, + such as ALTO network and cost maps, and POST-mode resources, such + as ALTO endpoint property service. Also, to avoid creating too + many update streams, this design allows an ALTO client to use one + update stream to receive updates to multiple requests. In + particular, the client may request to receive updates for the same + resource but with different parameters for a POST-mode resource, + in addition to being able to consolidate updates for multiple + resources into a single stream. The updates for each request is + called a substream and hence the update server needs an identifier + to indicate the substream when sending an update. To achieve this + goal, the client assigns a unique substream-id when requesting + updates to a resource in an update stream, and the server puts the + substream-id in each update. + + ** Data updates: update server -> client **: + The objective of an update stream is to continuously push (to an + ALTO client) the data value changes for a set of resources, where + the set of resources is specified by the ALTO client's requests. + This document refers to messages sending such data-value changes + as data update messages (defined in Section 5.2). Although an + update stream may update one or more requests, each data update + message updates only one request and is sent as a Server-Sent + Event (SSE), as defined by [SSE]. A data update message is + encoded either as a full replacement or as an incremental change. + A full replacement uses the JSON message format defined by the + ALTO protocol. There can be multiple encodings for incremental + changes. The current design supports incremental changes using + JSON merge patch [RFC7396] or JSON patch [RFC6902] to describe the + changes of the resource. Future documents may define additional + mechanisms for incremental changes. The update stream server + decides when to send data update messages and whether to send full + replacements or incremental changes. These decisions can vary + from resource to resource and from update to update. Since the + transport is a design compatible with HTTP/1.x, data update + messages are delivered reliably and in order, and the lossless, + sequential delivery of its messages allows the server to know the + exact state of the client to compute the correct incremental + updates. Figure 2 shows examples of data update messages (labeled + "2a. data update messages") in the overall message flow. + + ** Control updates: update server -> client **: + An update stream can run for a long time and hence there can be + status changes at the update stream server side during the + lifetime of an update stream; for example, the update stream + server may encounter an error or need to shut down for + maintenance. To support a robust, flexible protocol design, this + document allows the update stream server to send control update + messages (defined in Section 5.3) in addition to data update + messages to the ALTO client. Figure 2 shows that both data + updates and control updates can be sent by the server to the + client (labeled "2b. control update messages"). + +4.2. Stream Control Service Message Flow + + ** Stream control: client -> stream control server **: + In addition to control changes triggered from the update stream + server side, in a flexible design, an ALTO client may initiate + control changes as well, in particular, by adding or removing ALTO + resources receiving updates. An ALTO client initiates such + changes using the stream control service (defined in Section 7). + Although one may use a design that the client uses as the same + HTTP connection to send the control requests, it requires stronger + server support, such as HTTP pipeline. For more flexibility, this + document introduces stream control service. In particular, the + update stream server of an update stream uses the first message to + provide the URI of the stream control service (labeled "1': + control URI" in Figure 2). + + The ALTO client can then use the URI to ask the stream control + server specified in the URI to request the update stream server to + (1) send data update messages for additional resources, (2) stop + sending data update messages for previously requested resources, + or (3) gracefully stop and close the update stream altogether. + +4.3. Service Announcement and Management Message Flow + + ** Service announcements: IRD server -> client **: + An update server may provide any number of update stream services, + where each update stream may provide updates for a given subset of + the ALTO server's resources. An ALTO server's Information + Resource Directory (IRD) defines the update stream services and + declares the set of resources for which each update stream service + provides updates. The ALTO server selects the resource set for + each update stream service. It is recommended that if a resource + depends on one or more other resource(s) (indicated with the + "uses" attribute defined in [RFC7285]), these other resource(s) + should also be part of that update stream. Thus, the update + stream for a cost map should also provide updates for the network + map on which that cost map depends. + + ** Service management (server) **: + An ALTO client may request any number of update streams + simultaneously. Because each update stream consumes resources on + the update stream server, an update stream server may require + client authorization and/or authentication, limit the number of + open update streams, close inactive streams, or redirect an ALTO + client to another update stream server. + +5. Update Messages: Data Update and Control Update Messages + + This section defines the format of update messages sent from the + server to the client. It first defines the generic structure of + update messages (Section 5.1). It then defines the details of the + data update messages (Section 5.2) and the control update messages + (Section 5.3). These messages will be used in the next two sections + to define the update stream service (Section 6) and the stream + control service (Section 7). + +5.1. Generic ALTO Update Message Structure + + Both data update and control update messages from the server to the + client have the same basic structure. Each message includes a data + field to provide data information, which is typically a JSON object, + and an event field preceding the data field, to specify the media + type indicating the encoding of the data field. + + A data update message needs additional information to identify the + ALTO data (object) to which the update message applies. To be + generic, this document uses a data-id to identify the ALTO data + (object) to be updated; see below. + + Hence, the event field of ALTO update message can include two + subfields (media-type and data-id), where the two subfields are + separated by a comma (',', U+002C): + + media-type [ ',' data-id ] + + According to Section 4.2 of [RFC6838], the comma character is not + allowed in a media-type name so there is no ambiguity when decoding + of the two subfields. + + Note that an update message does not use the SSE "id" field. + +5.2. ALTO Data Update Message + + A data update message is sent when a monitored resource changes. As + discussed in the preceding section, the event field of a data update + message includes two subfields: 'media-type' and 'data-id'. + + The 'media-type' subfield depends on whether the data update is a + complete specification of the identified data or an incremental patch + (e.g., a JSON merge patch or JSON patch), if possible, describing the + changes from the last version of the data. This document refers to + these as full replacement and incremental change, respectively. The + encoding of a full replacement is defined by its defining document + (e.g., network and cost map messages by [RFC7285]) and uses the media + type defined in that document. The encoding of JSON merge patch is + defined by [RFC7396], with the media type "application/merge- + patch+json"; the encoding of JSON patch is defined by [RFC6902], with + media type "application/json-patch+json". + + The 'data-id' subfield identifies the ALTO data to which the data + update message applies. + + First, consider the case that the resource contains only a single + JSON object. For example, since an ALTO client can request data + updates for both a cost map resource (object) and its dependent + network map resource (object) in the same update stream, to + distinguish the updates, the client assigns a substream-id for each + resource receiving data updates. Substream-ids MUST be unique within + an update stream but need not be globally unique. A substream-id is + encoded as a JSON string with the same format as that of the type + ResourceID (Section 10.2 of [RFC7285]). The type SubstreamID is used + in this document to indicate a string of this format. The substream- + id of a single JSON object is the 'data-id'. + + As an example, assume that the ALTO client assigns substream-id "1" + in its request to receive updates to the network map and substream-id + "2" to the cost map. Then, the substream-ids are the data-ids + indicating which objects will be updated. Figure 3 shows some + examples of ALTO data update messages: + + event: application/alto-networkmap+json,1 + data: { ... full network map message ... } + + event: application/alto-costmap+json,2 + data: { ... full cost map message ... } + + event: application/merge-patch+json,2 + data: { ... JSON merge patch update for the cost map ... } + + Figure 3: Examples of ALTO Data Update Messages + + Next, consider the case that a resource may include multiple JSON + objects. This document considers the case that a resource may + contain multiple components (parts), and they are encoded using the + media type "multipart/related" [RFC2387]. Each part of this + multipart response MUST be an HTTP message including a Content-ID + header and a JSON object body. Each component requiring the update + stream service (defined in Section 6) MUST be identified by a unique + Content-ID to be defined in its defining document. + + For a resource using the media type "multipart/related", the 'data- + id' subfield MUST be the concatenation of the substream-id, the '.' + separator (U+002E), and the unique Content-ID, in order. + +5.3. ALTO Control Update Message + + Control update messages have the media type "application/alto- + updatestreamcontrol+json", and the data is of type + UpdateStreamControlEvent: + + object { + [String control-uri;] + [SubstreamID started<1..*>;] + [SubstreamID stopped<1..*>;] + [String description;] + } UpdateStreamControlEvent; + + control-uri: + the URI providing stream control for this update stream (see + Section 7). The server sends a control update message notifying + the client of the control-uri. This control update message + notifying the control-uri will be sent once and MUST be the first + event in an update stream. If the URI value is NULL, the update + stream server does not support stream control for this update + stream; otherwise, the update stream server provides stream + control through the given URI. + + started: + a list of substream-ids of resources. It notifies the ALTO client + that the update stream server will start sending data update + messages for each resource listed. + + stopped: + a list of substream-ids of resources. It notifies the ALTO client + that the update stream server will no longer send data update + messages for the listed resources. There can be multiple reasons + for an update stream server to stop sending data update messages + for a resource, including a request from the ALTO client using + stream control (Section 6.7.1) or an internal server event. + + description: + a non-normative, human-readable text providing an explanation for + the control event. When an update stream server stops sending + data update messages for a resource, it is RECOMMENDED that the + update stream server use the description field to provide details. + There can be multiple reasons that trigger a "stopped" event; see + above. The intention of this field is to provide a human-readable + text for the developer and/or the administrator to diagnose + potential problems. + +6. Update Stream Service + + An update stream service returns a stream of update messages, as + defined in Section 5. An ALTO server's IRD (Information Resource + Directory) MAY define one or more update stream services, which ALTO + clients use to request new update stream instances. An IRD entry + defining an update stream service MUST define the media type, HTTP + method, and capabilities and uses as follows. + +6.1. Media Type + + The media type of an ALTO update stream service is "text/event- + stream", as defined by [SSE]. + +6.2. HTTP Method + + An ALTO update stream service is requested using the HTTP POST + method. + +6.3. Capabilities + + The capabilities are defined as an object of type + UpdateStreamCapabilities: + + object { + IncrementalUpdateMediaTypes incremental-change-media-types; + Boolean support-stream-control; + } UpdateStreamCapabilities; + + object-map { + ResourceID -> String; + } IncrementalUpdateMediaTypes; + + If this update stream can provide data update messages with + incremental changes for a resource, the "incremental-change-media- + types" field has an entry for that resource-id, and the value is the + supported media types of the incremental change separated by commas. + Normally, this will be "application/merge-patch+json", "application/ + json-patch+json", or "application/merge-patch+json,application/json- + patch+json", because, as described in Section 5, they are the only + incremental change types defined by this document. However, future + extensions may define other types of incremental changes. + + When choosing the media types to encode incremental changes for a + resource, the update stream server MUST consider the limitations of + the encoding. For example, when a JSON merge patch specifies that + the value of a field is null, its semantics are that the field is + removed from the target and hence the field is no longer defined + (i.e., undefined); see the MergePatch algorithm in Section 3.1.1 on + how null value is processed. This, however, may not be the intended + result for the resource, when null and undefined have different + semantics for the resource. In such a case, the update stream server + MUST choose JSON patch over JSON merge patch if JSON patch is + indicated as a capability of the update stream server. If the server + does not support JSON patch to handle such a case, the server then + need to send a full replacement. + + The "support-stream-control" field specifies whether the given update + stream supports stream control. If the "support-stream-control" + field is "true", the update stream server will use the stream control + specified in this document; otherwise, the update stream server may + use other mechanisms to provide the same functionality as stream + control. + +6.4. Uses + + The "uses" attribute MUST be an array with the resource-ids of every + resource for which this update stream can provide updates. Each + resource specified in the "uses" MUST support full replacement; the + update stream server can always send full replacement, and the ALTO + client MUST accept full replacement. + + This set may be any subset of the ALTO server's resources and may + include resources defined in linked IRDs. However, it is RECOMMENDED + that the ALTO server selects a set that is closed under the resource + dependency relationship. That is, if an update stream's "uses" set + includes resource R1 and resource R1 depends on ("uses") resource R0, + then the update stream's "uses" set SHOULD include R0 as well as R1. + For example, an update stream for a cost map SHOULD also provide + updates for the network map upon which that cost map depends. + +6.5. Request: Accept Input Parameters + + An ALTO client specifies the parameters for the new update stream by + sending an HTTP POST body with the media type "application/alto- + updatestreamparams+json". That body contains a JSON object of type + UpdateStreamReq, where: + + object { + [AddUpdatesReq add;] + [SubstreamID remove<0..*>;] + } UpdateStreamReq; + + object-map { + SubstreamID -> AddUpdateReq; + } AddUpdatesReq; + + object { + ResourceID resource-id; + [JSONString tag;] + [Boolean incremental-changes;] + [Object input;] + } AddUpdateReq; + + add: + Specifies the resources (and the parameters for the resources) for + which the ALTO client wants updates. In the scope of the same + update stream, the ALTO client MUST assign a substream-id that is + unique in the scope of the update stream (Section 5.2) for each + entry and use those substream-ids as the keys in the "add" field. + + resource-id: + The resource-id of an ALTO resource and MUST be in the update + stream's "uses" list (Section 6.4). If the resource-id is a GET- + mode resource with a version tag (or "vtag"), as defined in + Sections 6.3 and 10.3 of [RFC7285], and the ALTO client has + previously retrieved a version of that resource from the update + stream server, the ALTO client MAY set the "tag" field to the tag + part of the client's version of that resource. If that version is + not current, the update stream server MUST send a full replacement + before sending any incremental changes, as described in + Section 6.7.1. If that version is still current, the update + stream server MAY omit the initial full replacement. + + incremental-changes: + The ALTO client specifies whether it is willing to receive + incremental changes from the update stream server for this + substream. If the "incremental-changes" field is "true", the + update stream server MAY send incremental changes for this + substream. In this case, the client MUST support all incremental + methods from the set announced in the server's capabilities for + this resource; see Section 6.3 for the server's announcement of + potential incremental methods. If a client does not support all + incremental methods from the set announced in the server's + capabilities, the client can set "incremental-changes" to "false", + and the update stream server then MUST NOT send incremental + changes for that substream. The default value for "incremental- + changes" is "true", so to suppress incremental changes, the ALTO + client MUST explicitly set "incremental-changes" to "false". An + alternative design of incremental-changes control is a more fine- + grained control, by allowing a client to select a subset of + incremental methods from the set announced in the server's + capabilities. But this alternative design is not adopted in this + document, because it adds complexity to the server, which is more + likely to be the bottleneck. Note that the ALTO client cannot + suppress full replacement. When the ALTO client sets + "incremental-changes" to "false", the update stream server MUST + send a full replacement instead of an incremental change to the + ALTO client. The update stream server MAY wait until more changes + are available and send a single full replacement with those + changes. Thus, an ALTO client that declines to accept incremental + changes may not get updates as quickly as an ALTO client that + does. + + input: + If the resource is a POST-mode service that requires input, the + ALTO client MUST set the "input" field to a JSON object with the + parameters that the resource expects. + + remove: + It is used in update stream control requests (Section 7) and is + not allowed in the update stream request. The update stream + server SHOULD ignore this field if it is included in the request. + + If a request has any errors, the update stream server MUST NOT create + an update stream. Also, the update stream server will send an error + response to the ALTO client, as specified in Section 6.6. + +6.6. Response + + If the update stream request has any errors, the update stream server + MUST return an HTTP "400 Bad Request" to the ALTO client; the body of + the response follows the generic ALTO error response format specified + in Section 8.5.2 of [RFC7285]. Hence, an example ALTO error response + has the format: + + HTTP/1.1 400 Bad Request + Content-Length: 131 + Content-Type: application/alto-error+json + Connection: Closed + + { + "meta":{ + "code": "E_INVALID_FIELD_VALUE", + "field": "add/my-network-map/resource-id", + "value": "my-networkmap/#" + } + } + + Note that "field" and "value" are optional fields. If the "value" + field exists, the "field" field MUST exist. + + * If an update stream request does not have an "add" field + specifying one or more resources, the error code of the error + message MUST be E_MISSING_FIELD and the "field" field SHOULD be + "add". The update stream server MUST close the stream without + sending any events. + + * If the "resource-id" field is invalid or is not associated with + the update stream, the error code of the error message MUST be + E_INVALID_FIELD_VALUE. The "field" field SHOULD be the full path + of the "resource-id" field, and the "value" field SHOULD be the + invalid resource-id. If there are more than one invalid resource- + ids, the update stream server SHOULD pick one and return it. The + update stream server MUST close the stream (i.e., TCP connection) + without sending any events. + + * If the resource is a POST-mode service that requires input, the + client MUST set the "input" field to a JSON object with the + parameters that that resource expects. If the "input" field is + missing or invalid, the update stream server MUST return the same + error response that that resource would return for missing or + invalid input (see [RFC7285]). In this case, the update stream + server MUST close the update stream without sending any events. + If the input for several POST-mode resources is missing or + invalid, the update stream server MUST pick one and return it. + + The response to a valid request is a stream of update messages. + Section 5 defines the update messages, and [SSE] defines how they are + encoded into a stream. + + An update stream server SHOULD send updates only when the underlying + values change. However, it may be difficult for an update stream + server to guarantee that in all circumstances. Therefore, a client + MUST NOT assume that an update message represents an actual change. + +6.7. Additional Requirements on Update Stream Service + +6.7.1. Event Sequence Requirements + + * The first event MUST be a control update message with the URI of + the update stream control service (see Section 7) for this update + stream. Note that the value of the control-uri can be "null", + indicating that there is no control stream service. + + * As soon as possible, after the ALTO client initiates the + connection, the update stream server checks the "tag" field for + each added update request. If the "tag" field is not specified in + an added update request, the update stream server MUST first send + a full replacement for the request. If the "tag" field is + specified, the client can accept incremental changes, and the + server can compute an incremental update based on the "tag" (the + server needs to ensure that for a POST resource with input, the + "tag" should indicate the correct result for different inputs); + the update stream server MAY omit the initial full replacement. + + * If this update stream provides updates for resource-ids R0 and R1 + and if R1 depends on R0, then the update stream server MUST send + the update for R0 before sending the related updates for R1. For + example, suppose an update stream provides updates to a network + map and its dependent cost maps. When the network map changes, + the update stream server MUST send the network map update before + sending the cost map updates. + + * When the ALTO client uses the stream control service to stop + updates for one or more resources (Section 7), the ALTO client + MUST send a stream control request. The update stream server MUST + send a control update message whose "stopped" field has the + substream-ids of all stopped resources. + +6.7.2. Cross-Stream Consistency Requirements + + If multiple ALTO clients create multiple update streams from the same + update stream resource and with the same update request parameters + (i.e., same resource and same input), the update stream server MUST + send the same updates to all of them. However, the update stream + server MAY pack data items into different patch events, as long as + the net result of applying those updates is the same. + + For example, suppose two different ALTO clients create two different + update streams for the same cost map, and suppose the update stream + server processes three separate cost point updates with a brief pause + between each update. The server MUST send all three new cost points + to both clients. But the update stream server MAY send a single + patch event (with all three cost points) to one ALTO client while + sending three separate patch events (with one cost point per event) + to the other ALTO client. + + An update stream server MAY offer several different update stream + resources that provide updates to the same underlying resource (that + is, a resource-id may appear in the "uses" field of more than one + update stream resource). In this case, those update stream resources + MUST return the same update. + +6.7.3. Multipart Update Requirements + + This design allows any valid media type for full replacement. Hence, + it supports ALTO resources using multipart to contain multiple JSON + objects. This realizes the push benefit but not the incremental + encoding benefit of SSE. + + JSON patch and merge patch provide the incremental encoding benefit + but can be applied to only a single JSON object. If an update stream + service supports a resource providing a multipart media type, which + we refer to as a multipart resource, then the update stream service + needs to handle the issue that the message of a full multipart + resource can include multiple JSON objects. To address the issue, + when an update stream service specifies that it supports JSON patch + or merge patch incremental updates for a multipart resource, the + service MUST ensure that (1) each part of a multipart message is a + single JSON object, (2) each part is specified by a static Content-ID + in the initial full message, (3) each data update event applies to + only one part, and (4) each data update specifies substream- + id.content-id as the "event" field of the event, to identify the part + to be updated. + +6.8. Keep-Alive Messages + + In an SSE stream, any line that starts with a colon (U+003A) + character is a comment, and an ALTO client MUST ignore that line + [SSE]. As recommended in [SSE], an update stream server SHOULD send + a comment line (or an event) every 15 seconds to prevent ALTO clients + and proxy servers from dropping the HTTP connection. Note that + although TCP also provides a Keep-Alive function, the interval + between TCP Keep-Alive messages can depend on the OS configuration + and varies. The preceding recommended SSE Keep-Alive allows the SSE + client to detect the status of the update stream server with more + certainty. + +7. Stream Control Service + + A stream control service allows an ALTO client to remove resources + from the set of resources that are monitored by an update stream or + add additional resources to that set. The service also allows an + ALTO client to gracefully shut down an update stream. + + When an update stream server creates a new update stream and if the + update stream server supports stream control for the update stream, + the update stream server creates a stream control service for that + update stream. An ALTO client uses the stream control service to + remove resources from the update stream instance or to request + updates for additional resources. An ALTO client cannot obtain the + stream control service through the IRD. Instead, the first event + that the update stream server sends to the ALTO client has the URI + for the associated stream control service (see Section 5.3). + + Each stream control request is an individual HTTP request. The ALTO + client MAY send multiple stream control requests to the stream + control server using the same HTTP connection. + +7.1. URI + + The URI for a stream control service, by itself, MUST uniquely + specify the update stream instance that it controls. The stream + control server MUST NOT use other properties of an HTTP request, such + as cookies or the client's IP address, to determine the update + stream. Furthermore, an update stream server MUST NOT reuse a + control service URI once the associated update stream has been + closed. + + The ALTO client MUST evaluate a relative control URI reference + [RFC3986] (for example, a URI reference without a host or with a + relative path) in the context of the URI used to create the update + stream. The stream control service's host MAY be different from the + update stream's host. + + It is expected that there is an internal mechanism to map a stream + control URI to the unique update stream instance to be controlled. + For example, the update stream service may assign a unique, internal + stream id to each update stream instance. However, the exact + mechanism is left to the update stream service provider. + + To prevent an attacker from forging a stream control URI and sending + bogus requests to disrupt other update streams, the service should + consider two security issues. First, if http, not https, is used, + the stream control URI can be exposed to an on-path attacker. To + address this issue, in a setting where the path from the server to + the client can traverse such an attacker, the server SHOULD use + https. Second, even without direct exposure, an off-path attacker + may guess valid stream control URIs. To address this issue, the + server SHOULD choose stream control URIs with enough randomness to + make guessing difficult; the server SHOULD introduce mechanisms that + detect repeated guesses indicating an attack (e.g., keeping track of + the number of failed stream control attempts). Please see the W3C's + "Good Practices for Capability URLs" . + +7.2. Media Type + + An ALTO stream control response does not have a specific media type. + +7.3. HTTP Method + + An ALTO update stream control resource is requested using the HTTP + POST method. + +7.4. IRD Capabilities & Uses + + None (Stream control services do not appear in the IRD). + +7.5. Request: Accept Input Parameters + + A stream control service accepts the same input media type and input + parameters as the update stream service (Section 6.5). The only + difference is that a stream control service also accepts the "remove" + field. + + If specified, the "remove" field is an array of substream-ids the + ALTO client previously added to this update stream. An empty + "remove" array is equivalent to a list of all currently active + resources; the update stream server responds by removing all + resources and closing the stream. + + An ALTO client MAY use the "add" field to add additional resources. + The ALTO client MUST assign a unique substream-id to each additional + resource. Substream-ids MUST be unique over the lifetime of this + update stream; an ALTO client MUST NOT reuse a previously removed + substream-id. The processing of an "add" resource is the same as + discussed in Sections 6.5 and 6.6. + + If a request has any errors, the update stream server MUST NOT add or + remove any resources from the associated update stream. Also, the + stream control server will return an error response to the client, as + specified in Section 7.6. + +7.6. Response + + The stream control server MUST process the "add" field before the + "remove" field. If the request removes all active resources without + adding any additional resources, the update stream server MUST close + the update stream. Thus, an update stream cannot have zero + resources. + + If the request has any errors, the stream control server MUST return + an HTTP "400 Bad Request" to the ALTO client. The body part of the + response follows the generic ALTO error response format specified in + Section 8.5.2 of [RFC7285]. An error response has the same format as + specified in Section 6.6. Detailed error code and error information + are specified as below. + + * If the "add" request does not satisfy the requirements in + Section 6.5, the stream control server MUST return the ALTO error + message defined in Section 6.6. + + * If any substream-id in the "remove" field was not added in a prior + request, the error code of the error message MUST be + E_INVALID_FIELD_VALUE, the "field" field SHOULD be "remove", and + the "value" field SHOULD be an array of the invalid substream-ids. + Thus, it is illegal to "add" and "remove" the same substream-id in + the same request. However, it is legal to remove a substream-id + twice. To support the preceding checking, the update stream + server MUST keep track of previously used but now closed + substream-ids. + + * If any substream-id in the "add" field has been used before in + this stream, the error code of the error message MUST be + E_INVALID_FIELD_VALUE, the "field" field SHOULD be "add", and the + "value" field SHOULD be an array of invalid substream-ids. + + * If the request has a non-empty "add" field and a "remove" field + with an empty list of substream-ids (to replace all active + resources with a new set, the client MUST explicitly enumerate the + substream-ids to be removed), the error code of the error message + MUST be E_INVALID_FIELD_VALUE, the "field" field SHOULD be + "remove", and the "value" field SHOULD be an empty array. + + If the request is valid but the associated update stream has been + closed, then the stream control server MUST return an HTTP "404 Not + Found". + + If the request is valid and the stream control server successfully + processes the request without error, the stream control server should + return either an HTTP "202 Accepted" response or an HTTP "204 No + Content" response. The difference is that for the latter case, the + stream control server is sure that the update stream server has also + processed the request. Regardless of a 202 or 204 HTTP response, the + final updates of related resources will be notified by the update + stream server using its control update message(s), due to the modular + design. + +8. Examples + +8.1. Example: IRD Announcing Update Stream Services + + Below is an example IRD announcing three update stream services. The + first, which is named "update-my-costs", provides updates for the + network map, the "routingcost" and "hopcount" cost maps, and a + Filtered Cost Map resource. The second, which is named "update-my- + prop", provides updates to the endpoint properties service. The + third, which is named "update-my-pv", provides updates to a + nonstandard ALTO service returning a multipart response. + + Note that in the "update-my-costs" update stream shown in the example + IRD, the update stream server uses JSON patch for network map, and it + uses JSON merge patch to update the other resources. Also, the + update stream will only provide full replacements for "my-simple- + filtered-cost-map". + + Also, note that this IRD defines two Filtered Cost Map resources. + They use the same cost types, but "my-filtered-cost-map" accepts cost + constraint tests, while "my-simple-filtered-cost-map" does not. To + avoid the issues discussed in Section 9.3, the update stream provides + updates for the second but not the first. + + This IRD also announces a nonstandard ALTO service, which is named + "my-pv". This service accepts an extended endpoint cost request as + an input and returns a multipart response, including an endpoint cost + resource and a property map resource. This document does not rely on + any other design details of this new service. In this document, the + "my-pv" service is only used to illustrate how the update stream + service provides updates to an ALTO resource returning a multipart + response. + + "my-network-map": { + "uri": "https://alto.example.com/networkmap", + "media-type": "application/alto-networkmap+json", + }, + "my-routingcost-map": { + "uri": "https://alto.example.com/costmap/routingcost", + "media-type": "application/alto-costmap+json", + "uses": ["my-networkmap"], + "capabilities": { + "cost-type-names": ["num-routingcost"] + } + }, + "my-hopcount-map": { + "uri": "https://alto.example.com/costmap/hopcount", + "media-type": "application/alto-costmap+json", + "uses": ["my-networkmap"], + "capabilities": { + "cost-type-names": ["num-hopcount"] + } + }, + "my-filtered-cost-map": { + "uri": "https://alto.example.com/costmap/filtered/constraints", + "media-type": "application/alto-costmap+json", + "accepts": "application/alto-costmapfilter+json", + "uses": ["my-networkmap"], + "capabilities": { + "cost-type-names": ["num-routingcost", "num-hopcount"], + "cost-constraints": true + } + }, + "my-simple-filtered-cost-map": { + "uri": "https://alto.example.com/costmap/filtered/simple", + "media-type": "application/alto-costmap+json", + "accepts": "application/alto-costmapfilter+json", + "uses": ["my-networkmap"], + "capabilities": { + "cost-type-names": ["num-routingcost", "num-hopcount"], + "cost-constraints": false + } + }, + "my-props": { + "uri": "https://alto.example.com/properties", + "media-type": "application/alto-endpointprops+json", + "accepts": "application/alto-endpointpropparams+json", + "capabilities": { + "prop-types": ["priv:ietf-bandwidth"] + } + }, + "my-pv": { + "uri": "https://alto.example.com/endpointcost/pv", + "media-type": "multipart/related; + type=application/alto-endpointcost+json", + "accepts": "application/alto-endpointcostparams+json", + "capabilities": { + "cost-type-names": [ "path-vector" ], + "ane-properties": [ "maxresbw", "persistent-entities" ] + } + }, + "update-my-costs": { + "uri": "https://alto.example.com/updates/costs", + "media-type": "text/event-stream", + "accepts": "application/alto-updatestreamparams+json", + "uses": [ + "my-network-map", + "my-routingcost-map", + "my-hopcount-map", + "my-simple-filtered-cost-map" + ], + "capabilities": { + "incremental-change-media-types": { + "my-network-map": "application/json-patch+json", + "my-routingcost-map": "application/merge-patch+json", + "my-hopcount-map": "application/merge-patch+json" + }, + "support-stream-control": true + } + }, + "update-my-props": { + "uri": "https://alto.example.com/updates/properties", + "media-type": "text/event-stream", + "uses": [ "my-props" ], + "accepts": "application/alto-updatestreamparams+json", + "capabilities": { + "incremental-change-media-types": { + "my-props": "application/merge-patch+json" + }, + "support-stream-control": true + } + }, + "update-my-pv": { + "uri": "https://alto.example.com/updates/pv", + "media-type": "text/event-stream", + "uses": [ "my-pv" ], + "accepts": "application/alto-updatestreamparams+json", + "capabilities": { + "incremental-change-media-types": { + "my-pv": "application/merge-patch+json" + }, + "support-stream-control": true + } + } + +8.2. Example: Simple Network and Cost Map Updates + + Given the update streams announced in the preceding example IRD, the + section below shows an example of an ALTO client's request and the + update stream server's immediate response, using the update stream + resource "update-my-costs". In the example, the ALTO client requests + updates for the network map and "routingcost" cost map but not for + the "hopcount" cost map. The ALTO client uses the ALTO server's + resource-ids as the substream-ids. Because the client does not + provide a "tag" for the network map, the update stream server must + send a full replacement for the network map as well as for the cost + map. The ALTO client does not set "incremental-changes" to "false", + so it defaults to "true". Thus, the update stream server will send + patch updates for the cost map and the network map. + + POST /updates/costs HTTP/1.1 + Host: alto.example.com + Accept: text/event-stream,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 155 + + { "add": { + "my-network-map": { + "resource-id": "my-network-map" + }, + "my-routingcost-map": { + "resource-id": "my-routingcost-map" + } + } + } + + HTTP/1.1 200 OK + Connection: keep-alive + Content-Type: text/event-stream + + event: application/alto-updatestreamcontrol+json + data: {"control-uri": + data: "https://alto.example.com/updates/streams/3141592653589"} + + event: application/alto-networkmap+json,my-network-map + data: { + data: "meta" : { + data: "vtag": { + data: "resource-id" : "my-network-map", + data: "tag" : "da65eca2eb7a10ce8b059740b0b2e3f8eb1d4785" + data: } + data: }, + data: "network-map" : { + data: "PID1" : { + data: "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25" ] + data: }, + data: "PID2" : { + data: "ipv4" : [ "198.51.100.128/25" ] + data: }, + data: "PID3" : { + data: "ipv4" : [ "0.0.0.0/0" ], + data: "ipv6" : [ "::/0" ] + data: } + data: } + data: } + data: } + + event: application/alto-costmap+json,my-routingcost-map + data: { + data: "meta" : { + data: "dependent-vtags" : [{ + data: "resource-id": "my-network-map", + data: "tag": "da65eca2eb7a10ce8b059740b0b2e3f8eb1d4785" + data: }], + data: "cost-type" : { + data: "cost-mode" : "numerical", + data: "cost-metric": "routingcost" + data: }, + data: "vtag": { + data: "resource-id" : "my-routingcost-map", + data: "tag" : "3ee2cb7e8d63d9fab71b9b34cbf764436315542e" + data: } + data: }, + data: "cost-map" : { + data: "PID1": { "PID1": 1, "PID2": 5, "PID3": 10 }, + data: "PID2": { "PID1": 5, "PID2": 1, "PID3": 15 }, + data: "PID3": { "PID1": 20, "PID2": 15 } + data: } + data: } + + After sending those events immediately, the update stream server will + send additional events as the maps change. For example, the + following represents a small change to the cost map. PID1->PID2 is + changed to 9 from 5, PID3->PID1 is no longer available, and + PID3->PID3 is now defined as 1: + + event: application/merge-patch+json,my-routingcost-map + data: { + data: "meta" : { + data: "vtag": { + data: "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d" + data: } + data: }, + data: "cost-map": { + data: "PID1" : { "PID2" : 9 }, + data: "PID3" : { "PID1" : null, "PID3" : 1 } + data: } + data: } + + As another example, the following represents a change to the network + map: an ipv4 prefix "203.0.113.0/25" is added to PID1. It triggers + changes to the cost map. The update stream server chooses to send an + incremental change for the network map and send a full replacement + instead of an incremental change for the cost map: + + event: application/json-patch+json,my-network-map + data: { + data: { + data: "op": "replace", + data: "path": "/meta/vtag/tag", + data: "value" :"a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + data: }, + data: { + data: "op": "add", + data: "path": "/network-map/PID1/ipv4/2", + data: "value": "203.0.113.0/25" + data: } + data: } + + event: application/alto-costmap+json,my-routingcost-map + data: { + data: "meta" : { + data: "vtag": { + data: "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d" + data: } + data: }, + data: "cost-map" : { + data: "PID1": { "PID1": 1, "PID2": 3, "PID3": 7 }, + data: "PID2": { "PID1": 12, "PID2": 1, "PID3": 9 }, + data: "PID3": { "PID1": 14, "PID2": 8 } + data: } + data: } + +8.3. Example: Advanced Network and Cost Map Updates + + This example is similar to the previous one, except that the ALTO + client requests updates for the "hopcount" cost map as well as the + "routingcost" cost map and provides the current version tag of the + network map, so the update stream server is not required to send the + full network map data update message at the beginning of the stream. + In this example, the client uses the substream-ids "net", "routing", + and "hops" for those resources. The update stream server sends the + stream control URI and the full cost maps, followed by updates for + the network map and cost maps as they become available: + + POST /updates/costs HTTP/1.1 + Host: alto.example.com + Accept: text/event-stream,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 244 + + { "add": { + "net": { + "resource-id": "my-network-map", + "tag": "a10ce8b059740b0b2e3f8eb1d4785acd42231bfe" + }, + "routing": { + "resource-id": "my-routingcost-map" + }, + "hops": { + "resource-id": "my-hopcount-map" + } + } + } + + HTTP/1.1 200 OK + Connection: keep-alive + Content-Type: text/event-stream + + event: application/alto-updatestreamcontrol+json + data: {"control-uri": + data: "https://alto.example.com/updates/streams/2718281828459"} + + event: application/alto-costmap+json,routing + data: { ... full routingcost cost map message ... } + + event: application/alto-costmap+json,hops + data: { ... full hopcount cost map message ... } + + (pause) + + event: application/merge-patch+json,routing + data: {"cost-map": {"PID2" : {"PID3" : 31}}} + + event: application/merge-patch+json,hops + data: {"cost-map": {"PID2" : {"PID3" : 4}}} + + If the ALTO client wishes to stop receiving updates for the + "hopcount" cost map, the ALTO client can send a "remove" request on + the stream control URI: + + POST /updates/streams/2718281828459 HTTP/1.1 + Host: alto.example.com + Accept: text/plain,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 24 + + { + "remove": [ "hops" ] + } + + + HTTP/1.1 204 No Content + Content-Length: 0 + + (stream closed without sending data content) + + The update stream server sends a "stopped" control update message on + the original request stream to inform the ALTO client that updates + are stopped for that resource: + + event: application/alto-updatestreamcontrol+json + data: { + data: "stopped": ["hops"] + data: } + + Below is an example of an invalid stream control request. The + "remove" field of the request includes an undefined substream-id, and + the stream control server will return an error response to the ALTO + client. + + POST /updates/streams/2718281828459 HTTP/1.1 + Host: alto.example.com + Accept: text/plain,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 31 + { + "remove": [ "properties" ] + } + + HTTP/1.1 400 Bad Request + Content-Length: 89 + Content-Type: application/alto-error+json + + { + "meta":{ + "code": "E_INVALID_FIELD_VALUE", + "field": "remove", + "value": "properties" + } + + If the ALTO client no longer needs any updates and wishes to shut the + update stream down gracefully, the client can send a "remove" request + with an empty array: + + POST /updates/streams/2718281828459 HTTP/1.1 + Host: alto.example.com + Accept: text/plain,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 17 + + { + "remove": [ ] + } + + + HTTP/1.1 204 No Content + Content-Length: 0 + + (stream closed without sending data content) + + The update stream server sends a final control update message on the + original request stream to inform the ALTO client that all updates + are stopped and then closes the stream: + + event: application/alto-updatestreamcontrol+json + data: { + data: "stopped": ["net", "routing"] + data: } + + (server closes stream) + +8.4. Example: Endpoint Property Updates + + As another example, here is how an ALTO client can request updates + for the property "priv:ietf-bandwidth" for one set of endpoints and + "priv:ietf-load" for another. The update stream server immediately + sends full replacements with the property values for all endpoints. + After that, the update stream server sends data update messages for + the individual endpoints as their property values change. + + POST /updates/properties HTTP/1.1 + Host: alto.example.com + Accept: text/event-stream + Content-Type: application/alto-updatestreamparams+json + Content-Length: 511 + + { "add": { + "props-1": { + "resource-id": "my-props", + "input": { + "properties" : [ "priv:ietf-bandwidth" ], + "endpoints" : [ + "ipv4:198.51.100.1", + "ipv4:198.51.100.2", + "ipv4:198.51.100.3" + ] + } + }, + "props-2": { + "resource-id": "my-props", + "input": { + "properties" : [ "priv:ietf-load" ], + "endpoints" : [ + "ipv6:2001:db8:100::1", + "ipv6:2001:db8:100::2", + "ipv6:2001:db8:100::3" + ] + } + } + } + } + + HTTP/1.1 200 OK + Connection: keep-alive + Content-Type: text/event-stream + + event: application/alto-updatestreamcontrol+json + data: {"control-uri": + data: "https://alto.example.com/updates/streams/1414213562373"} + + event: application/alto-endpointprops+json,props-1 + data: { "endpoint-properties": { + data: "ipv4:198.51.100.1" : { "priv:ietf-bandwidth": "13" }, + data: "ipv4:198.51.100.2" : { "priv:ietf-bandwidth": "42" }, + data: "ipv4:198.51.100.3" : { "priv:ietf-bandwidth": "27" } + data: } } + + event: application/alto-endpointprops+json,props-2 + data: { "endpoint-properties": { + data: "ipv6:2001:db8:100::1" : { "priv:ietf-load": "8" }, + data: "ipv6:2001:db8:100::2" : { "priv:ietf-load": "2" }, + data: "ipv6:2001:db8:100::3" : { "priv:ietf-load": "9" } + data: } } + + (pause) + + event: application/merge-patch+json,props-1 + data: { "endpoint-properties": + data: {"ipv4:198.51.100.1" : {"priv:ietf-bandwidth": "3"}} + data: } + + (pause) + + event: application/merge-patch+json,props-2 + data: { "endpoint-properties": + data: {"ipv6:2001:db8:100::3" : {"priv:ietf-load": "7"}} + data: } + + If the ALTO client needs the "priv:ietf-bandwidth" property and the + "priv:ietf-load" property for additional endpoints, the ALTO client + can send an "add" request on the stream control URI: + + POST /updates/streams/1414213562373" HTTP/1.1 + Host: alto.example.com + Accept: text/plain,application/alto-error+json + Content-Type: application/alto-updatestreamparams+json + Content-Length: 448 + + { "add": { + "props-3": { + "resource-id": "my-props", + "input": { + "properties" : [ "priv:ietf-bandwidth" ], + "endpoints" : [ + "ipv4:198.51.100.4", + "ipv4:198.51.100.5" + ] + } + }, + "props-4": { + "resource-id": "my-props", + "input": { + "properties" : [ "priv:ietf-load" ], + "endpoints" : [ + "ipv6:2001:db8:100::4", + "ipv6:2001:db8:100::5" + ] + } + } + } + } + + + HTTP/1.1 204 No Content + Content-Length: 0 + + (stream closed without sending data content) + + The update stream server sends full replacements for the two new + resources, followed by incremental changes for all four requests as + they arrive: + + event: application/alto-endpointprops+json,props-3 + data: { "endpoint-properties": { + data: "ipv4:198.51.100.4" : { "priv:ietf-bandwidth": "25" }, + data: "ipv4:198.51.100.5" : { "priv:ietf-bandwidth": "31" }, + data: } } + + event: application/alto-endpointprops+json,props-4 + data: { "endpoint-properties": { + data: "ipv6:2001:db8:100::4" : { "priv:ietf-load": "6" }, + data: "ipv6:2001:db8:100::5" : { "priv:ietf-load": "4" }, + data: } } + + (pause) + + event: application/merge-patch+json,props-3 + data: { "endpoint-properties": + data: {"ipv4:198.51.100.5" : {"priv:ietf-bandwidth": "15"}} + data: } + + (pause) + + event: application/merge-patch+json,props-2 + data: { "endpoint-properties": + data: {"ipv6:2001:db8:100::2" : {"priv:ietf-load": "9"}} + data: } + + (pause) + + event: application/merge-patch+json,props-4 + data: { "endpoint-properties": + data: {"ipv6:2001:db8:100::4" : {"priv:ietf-load": "3"}} + data: } + +8.5. Example: Multipart Message Updates + + This example shows how an ALTO client can request a nonstandard ALTO + service returning a multipart response. The update stream server + immediately sends full replacements of the multipart response. After + that, the update stream server sends data update messages for the + individual parts of the response as the ALTO data (object) in each + part changes. + + POST /updates/pv HTTP/1.1 + Host: alto.example.com + Accept: text/event-stream + Content-Type: application/alto-updatestreamparams+json + Content-Length: 382 + + { + "add": { + "ecspvsub1": { + "resource-id": "my-pv", + "input": { + "cost-type": { + "cost-mode": "array", + "cost-metric": "ane-path" + }, + "endpoints": { + "srcs": [ "ipv4:192.0.2.2" ], + "dsts": [ "ipv4:192.0.2.89", "ipv4:203.0.113.45" ] + }, + "ane-properties": [ "maxresbw", "persistent-entities" ] + } + } + } + } + + HTTP/1.1 200 OK + Connection: keep-alive + Content-Type: text/event-stream + + event: application/alto-updatestreamcontrol+json + data: {"control-uri": + data: "https://alto.example.com/updates/streams/1414"} + + event: multipart/related;boundary=example-pv; + type=application/alto-endpointcost+json,ecspvsub1 + data: --example-pv + data: Content-ID: ecsmap + data: Content-Type: application/alto-endpointcost+json + data: + data: { ... data (object) of an endpoint cost map ... } + data: --example-pv + data: Content-ID: propmap + data: Content-Type: application/alto-propmap+json + data: + data: { ... data (object) of a property map ... } + data: --example-pv-- + + (pause) + + event: application/merge-patch+json,ecspvsub1.ecsmap + data: { ... merge patch for updates of ecspvsub1.ecsmap ... } + + event: application/merge-patch+json,ecspvsub1.propmap + data: { ... merge patch for updates of ecspvsub1.propmap ... } + +9. Operation and Processing Considerations + +9.1. Considerations for Choosing Data Update Messages + + The update stream server should be cognizant of the effects of its + update schedule, which includes both the choice of timing (i.e., + when/what to trigger an update) and the choice of message format + (i.e., given an update, send a full replacement or an incremental + change). In particular, the update schedule can have effects on both + the overhead and the freshness of information. To minimize overhead, + the server may choose to batch a sequence of updates for resources + that frequently change by sending cumulative updates or a full + replacement after a while. The update stream server should be + cognizant that batching reduces the freshness of information. The + server should also consider the effect of such delays on client + behaviors (see below on client timeout on waiting for updates of + dependent resources). + + For incremental updates, this design allows both JSON patch and JSON + merge patch for incremental changes. JSON merge patch is clearly + superior to JSON patch for describing incremental changes to cost + maps, endpoint costs, and endpoint properties. For these data + structures, JSON merge patch is more space efficient, as well as + simpler to apply. There is no advantage allowing a server to use + JSON patch for those resources. + + The case is not as clear for incremental changes to network maps. + + First, consider small changes, such as moving a prefix from one PID + to another. JSON patch could encode that as a simple insertion and + deletion, while JSON merge patch would have to replace the entire + array of prefixes for both PIDs. On the other hand, to process a + JSON patch update, the ALTO client would have to retain the indexes + of the prefixes for each PID. Logically, the prefixes in a PID are + an unordered set, not an array; aside from handling updates, a client + has no need to retain the array indexes of the prefixes. Hence, to + take advantage of JSON patch for network maps, ALTO clients would + have to retain additional, otherwise unnecessary, data. + + Second, consider more involved changes, such as removing half of the + prefixes from a PID. JSON merge patch would send a new array for + that PID, while JSON patch would have to send a list of remove + operations and delete the prefix one by one. + + Therefore, each update stream server may decide on its own whether to + use JSON merge patch or JSON patch according to the changes in + network maps. + +9.2. Considerations for Client Processing Data Update Messages + + In general, when an ALTO client receives a full replacement for a + resource, the ALTO client should replace the current version with the + new version. When an ALTO client receives an incremental change for + a resource, the ALTO client should apply those patches to the current + version of the resource. + + However, because resources can depend on other resources (e.g., cost + maps depend on network maps), an ALTO client MUST NOT use a dependent + resource if the resource on which it depends has changed. There are + at least two ways an ALTO client can do that. The following + paragraphs illustrate these techniques by referring to network and + cost map messages, although these techniques apply to any dependent + resources. + + Note that when a network map changes, the update stream server MUST + send the network map update message before sending the updates for + the dependent cost maps (see Section 6.7.1). + + One approach is for the ALTO client to save the network map update + message in a buffer and continue to use the previous network map and + the associated cost maps until the ALTO client receives the update + messages for all dependent cost maps. The ALTO client then applies + all network and cost map updates atomically. + + Alternatively, the ALTO client MAY update the network map + immediately. In this case, the cost maps using the network map + become invalid because they are inconsistent with the current network + map; hence, the ALTO client MUST mark each such dependent cost map as + temporarily invalid and MUST NOT use each such cost map until the + ALTO client receives a cost map update message indicating that it is + based on the new network map version tag. + + The update stream server SHOULD send updates for dependent resources + (i.e., the cost maps in the preceding example) in a timely fashion. + However, if the ALTO client does not receive the expected updates, a + simple recovery method is that the ALTO client closes the update + stream connection, discards the dependent resources, and + reestablishes the update stream. The ALTO client MAY retain the + version tag of the last version of any tagged resources and give + those version tags when requesting the new update stream. In this + case, if a version is still current, the update stream server will + not resend that resource. + + Although not as efficient as possible, this recovery method is simple + and reliable. + +9.3. Considerations for Updates to Filtered Cost Maps + + If an update stream provides updates to a Filtered Cost Map that + allows constraint tests, then an ALTO client MAY request updates to a + Filtered Cost Map request with a constraint test. In this case, when + a cost changes, the update stream server MUST send an update if the + new value satisfies the test. If the new value does not, whether the + update stream server sends an update depends on whether the previous + value satisfied the test. If it did not, the update stream server + SHOULD NOT send an update to the ALTO client. But if the previous + value did, then the update stream server MUST send an update with a + "null" value to inform the ALTO client that this cost no longer + satisfies the criteria. + + An update stream server can avoid having to handle such a complicated + behavior by offering update streams only for Filtered Cost Maps that + do not allow constraint tests. + +9.4. Considerations for Updates to Ordinal Mode Costs + + For an ordinal mode cost map, a change to a single cost point may + require updating many other costs. As an extreme example, suppose + the lowest cost changes to the highest cost. For a numerical mode + cost map, only that one cost changes. But for an ordinal mode cost + map, every cost might change. While this document allows an update + stream server to offer incremental updates for ordinal mode cost + maps, update stream server implementors should be aware that + incremental updates for ordinal costs are more complicated than for + numerical costs, and ALTO clients should be aware that small changes + may result in large updates. + + An update stream server can avoid this complication by only offering + full replacements for ordinal cost maps. + +9.5. Considerations for SSE Text Formatting and Processing + + SSE was designed for events that consist of relatively small amounts + of line-oriented text data, and SSE clients frequently read input one + line at a time. However, an update stream sends a full cost map as a + single events, and a cost map may involve megabytes, if not tens of + megabytes, of text. This has implications that the ALTO client and + the update stream server may consider. + + First, some SSE client libraries read all data for an event into + memory and then present it to the client as a character array. + However, a client may not have enough memory to hold the entire JSON + text for a large cost map. Hence, an ALTO client SHOULD consider + using an SSE library that presents the event data in manageable + chunks, so the ALTO client can parse the cost map incrementally and + store the underlying data in a more compact format. + + Second, an SSE client library may use a low-level, generic socket + read library that stores each line of an event data, just in case the + higher-level parser may need the line delimiters as part of the + protocol formatting. A server sending a complete cost map as a + single line may then generate a multi-megabyte data "line", and such + a long line may then require complex memory management at the client. + It is RECOMMENDED that an update stream server limit the lengths of + data lines. + + Third, an SSE server may use a library, which may put line breaks in + places that would have semantic consequences for the ALTO updates; + see Section 11. The update stream server implementation MUST ensure + that no line breaks are introduced to change the semantics. + +10. Security Considerations + + The security considerations (Section 15 of [RFC7285]) of the base + protocol fully apply to this extension. For example, the same + authenticity and integrity considerations (Section 15.1 of [RFC7285]) + still fully apply; the same considerations for the privacy of ALTO + users (Section 15.4 of [RFC7285]) also still fully apply. + + The additional services (addition of update streams and stream + control URIs) provided by this extension extend the attack surface + described in Section 15.1.1 of [RFC7285]. Below, we discuss the + additional risks and their remedies. + +10.1. Update Stream Server: Denial-of-Service Attacks + + Allowing persistent update stream connections enables a new class of + Denial-of-Service attacks. + + For the update stream server, an ALTO client might create an + unreasonable number of update stream connections or add an + unreasonable number of substream-ids to one update stream. + + To avoid these attacks on the update stream server, the server SHOULD + choose to limit the number of active streams and reject new requests + when that threshold is reached. An update stream server SHOULD also + choose to limit the number of active substream-ids on any given + stream or limit the total number of substream-ids used over the + lifetime of a stream and reject any stream control request that would + exceed those limits. In these cases, the update stream server SHOULD + return the HTTP status "503 Service Unavailable". + + It is important to note that the preceding approaches are not the + only possibilities. For example, it may be possible for the update + stream server to use somewhat more clever logic involving IP + reputation, rate-limiting, and compartmentalization of the overall + threshold into smaller thresholds that apply to subsets of potential + clients. + + While the preceding techniques prevent update stream DoS attacks from + disrupting an update stream server's other services, it does make it + easier for a DoS attack to disrupt the update stream service. + Therefore, an update stream server MAY prefer to restrict update + stream services to authorized clients, as discussed in Section 15 of + [RFC7285]. + + Alternatively, an update stream server MAY return the HTTP status + "307 Temporary Redirect" to redirect the client to another ALTO + server that can better handle a large number of update streams. + +10.2. ALTO Client: Update Overloading or Instability + + The availability of continuous updates can also cause overload for an + ALTO client, in particular, an ALTO client with limited processing + capabilities. The current design does not include any flow control + mechanisms for the client to reduce the update rates from the server. + Under overloading, the client MAY choose to remove the information + resources with high update rates. + + Also, under overloading, the client may no longer be able to detect + whether information is still fresh or has become stale. In such a + case, the client should be careful in how it uses the information to + avoid stability or efficiency issues. + +10.3. Stream Control: Spoofed Control Requests and Information + Breakdown + + An outside party that can read the update stream response or that can + observe stream control requests can obtain the control URI and use + that to send a fraudulent "remove" requests, thus disabling updates + for the valid ALTO client. This can be avoided by encrypting the + update stream and stream control requests (see Section 15 of + [RFC7285]). Also, the update stream server echoes the "remove" + requests on the update stream, so the valid ALTO client can detect + unauthorized requests. + + In general, as the architecture allows the possibility for the update + stream server and the stream control server to be different entities, + the additional risks should be evaluated and remedied. For example, + the private communication path between the servers may be attacked, + resulting in a risk of communications breakdown between them, as well + as invalid or spoofed messages claiming to be on that private + communications path. Proper security mechanisms, including + confidentiality, authenticity, and integrity mechanisms, should be + considered. + +11. Requirements on Future ALTO Services to Use This Design + + Although this design is quite flexible, it has underlying + requirements. + + The key requirements are that (1) each data update message is for a + single resource and (2) an incremental change can be applied only to + a resource that is a single JSON object, as both JSON merge patch and + JSON patch can apply only to a single JSON object. Hence, if a + future ALTO resource can contain multiple objects, then either each + individual object also has a resource-id or an extension to this + design is made. + + At the low-level encoding level, new line in SSE has its own + semantics. Hence, this design requires that resource encoding does + not include new lines that can be confused with SSE encoding. In + particular, the data update message MUST NOT include "event: " or + "data: " at a new line as part of data message. + + If an update stream provides updates to a Filtered Cost Map that + allows constraint tests, the requirements for such services are + stated in Section 9.3. + +12. IANA Considerations + + This document defines two new media types: "application/alto- + updatestreamparams+json", as described in Section 6.5, and + "application/alto-updatestreamcontrol+json", as described in + Section 5.3. All other media types used in this document have + already been registered, either for ALTO, JSON merge patch, or JSON + patch. + +12.1. application/alto-updatestreamparams+json Media Type + + Type name: application + + Subtype name: alto-updatestreamparams+json + + Required parameters: N/A + + Optional parameters: N/A + + Encoding considerations: Encoding considerations are identical to + those specified for the "application/json" media type. See + [RFC8259]. + + Security considerations: Security considerations relating to the + generation and consumption of ALTO Protocol messages are discussed + in Section 10 of RFC 8895 and Section 15 of [RFC7285]. + + Interoperability considerations: RFC 8895 specifies format of + conforming messages and the interpretation thereof. + + Published specification: Section 6.5 of RFC 8895. + + Applications that use this media type: ALTO servers and ALTO clients + either stand alone or are embedded within other applications. + + Fragment identifier considerations: N/A + + Additional information: + + Deprecated alias names for this type: N/A + + Magic number(s): N/A + + File extension(s): RFC 8895 uses the media type to refer to + protocol messages and thus does not require a file extension. + + Macintosh file type code(s): N/A + + Person & email address to contact for further information: See + Authors' Addresses section. + + Intended usage: COMMON + + Restrictions on usage: N/A + + Author: See Authors' Addresses section. + + Change controller: Internet Engineering Task Force + (mailto:iesg@ietf.org). + +12.2. application/alto-updatestreamcontrol+json Media Type + + Type name: application + + Subtype name: alto-updatestreamcontrol+json + + Required parameters: N/A + + Optional parameters: N/A + + Encoding considerations: Encoding considerations are identical to + those specified for the "application/json" media type. See + [RFC8259]. + + Security considerations: Security considerations relating to the + generation and consumption of ALTO Protocol messages are discussed + in Section 10 of RFC 8895 and Section 15 of [RFC7285]. + + Interoperability considerations: RFC 8895 specifies format of + conforming messages and the interpretation thereof. + + Published specification: Section 5.3 of RFC 8895. + + Applications that use this media type: ALTO servers and ALTO clients + either stand alone or are embedded within other applications. + + Fragment identifier considerations: N/A + + Additional information: + + Deprecated alias names for this type: N/A + + Magic number(s): N/A + + File extension(s): RFC 8895 uses the media type to refer to + protocol messages and thus does not require a file extension. + + Macintosh file type code(s): N/A + + Person & email address to contact for further information: See + Authors' Addresses section. + + Intended usage: COMMON + + Restrictions on usage: N/A + + Author: See Authors' Addresses section. + + Change controller: Internet Engineering Task Force + (mailto:iesg@ietf.org). + +13. Appendix: Design Decision: Not Allowing Stream Restart + + If an update stream is closed accidentally, when the ALTO client + reconnects, the update stream server must resend the full maps. This + is clearly inefficient. To avoid that inefficiency, the SSE + specification allows an update stream server to assign an id to each + event. When an ALTO client reconnects, the ALTO client can present + the id of the last successfully received event, and the update stream + server restarts with the next event. + + However, that mechanism adds additional complexity. The update + stream server must save SSE messages in a buffer in case ALTO clients + reconnect. But that mechanism will never be perfect: If the ALTO + client waits too long to reconnect or if the ALTO client sends an + invalid ID, then the update stream server will have to resend the + complete maps anyway. + + Furthermore, this is unlikely to be a problem in practice. ALTO + clients who want continuous updates for large resources, such as full + network and cost maps, are likely to be things like P2P trackers. + These ALTO clients will be well connected to the network; they will + rarely drop connections. + + Mobile devices certainly can and do drop connections and will have to + reconnect. But mobile devices will not need continuous updates for + multi-megabyte cost maps. If mobile devices need continuous updates + at all, they will need them for small queries, such as the costs from + a small set of media servers from which the device can stream the + currently playing movie. If the mobile device drops the connection + and reestablishes the update stream, the update stream server will + have to retransmit only a small amount of redundant data. + + In short, using event ids to avoid resending the full map adds a + considerable amount of complexity to avoid a situation that is very + rare. The complexity is not worth the benefit. + + The update stream service does allow the ALTO client to specify the + tag of the last received version of any tagged resource, and if that + is still current, the update stream server need not retransmit the + full resource. Hence, ALTO clients can use this to avoid + retransmitting full network maps. Cost maps are not tagged, so this + will not work for them. Of course, the ALTO protocol could be + extended by adding version tags to cost maps, which would solve the + retransmission-on-reconnect problem. However, adding tags to cost + maps might add a new set of complications. + +14. References + +14.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC2387] Levinson, E., "The MIME Multipart/Related Content-type", + RFC 2387, DOI 10.17487/RFC2387, August 1998, + . + + [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform + Resource Identifier (URI): Generic Syntax", STD 66, + RFC 3986, DOI 10.17487/RFC3986, January 2005, + . + + [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type + Specifications and Registration Procedures", BCP 13, + RFC 6838, DOI 10.17487/RFC6838, January 2013, + . + + [RFC6902] Bryan, P., Ed. and M. Nottingham, Ed., "JavaScript Object + Notation (JSON) Patch", RFC 6902, DOI 10.17487/RFC6902, + April 2013, . + + [RFC7285] Alimi, R., Ed., Penno, R., Ed., Yang, Y., Ed., Kiesel, S., + Previdi, S., Roome, W., Shalunov, S., and R. Woundy, + "Application-Layer Traffic Optimization (ALTO) Protocol", + RFC 7285, DOI 10.17487/RFC7285, September 2014, + . + + [RFC7396] Hoffman, P. and J. Snell, "JSON Merge Patch", RFC 7396, + DOI 10.17487/RFC7396, October 2014, + . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, . + + [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data + Interchange Format", STD 90, RFC 8259, + DOI 10.17487/RFC8259, December 2017, + . + + [SSE] Hickson, I., "Server-Sent Events", W3C Recommendation, + February 2015, . + +14.2. Informative References + + [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", + RFC 4960, DOI 10.17487/RFC4960, September 2007, + . + + [RFC5789] Dusseault, L. and J. Snell, "PATCH Method for HTTP", + RFC 5789, DOI 10.17487/RFC5789, March 2010, + . + + [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer + Protocol (HTTP/1.1): Message Syntax and Routing", + RFC 7230, DOI 10.17487/RFC7230, June 2014, + . + + [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer + Protocol (HTTP/1.1): Semantics and Content", RFC 7231, + DOI 10.17487/RFC7231, June 2014, + . + + [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext + Transfer Protocol Version 2 (HTTP/2)", RFC 7540, + DOI 10.17487/RFC7540, May 2015, + . + +Acknowledgments + + Thank you to Dawn Chen (Tongji University), Shawn Lin (Tongji + University), and Xiao Shi (Yale University) for their contributions + to an earlier version of this document. + +Contributors + + Sections 2, 5.1, 5.2, and 8.5 of this document are based on + contributions from Jingxuan Jensen Zhang, and he is considered an + author. + +Authors' Addresses + + Wendy Roome + Nokia Bell Labs (Retired) + 124 Burlington Rd + Murray Hill, NJ 07974 + United States of America + + Phone: +1-908-464-6975 + Email: wendy@wdroome.com + + + Y. Richard Yang + Yale University + 51 Prospect St + New Haven, CT + United States of America + + Email: yry@cs.yale.edu -- cgit v1.2.3