Service Description

From ResiliNetsWiki
Jump to: navigation, search

In order to be able to define failures we need to define the expected behaviour of our system on all levels. This is part of the Resilinets Architecture.

Please note that this approach is not layer driven as the OSI RM approach. The descriptions can be mapped to a layer model but are not limited to.


SD Service Description (generic)

SD1. Service Instance

A service instance must provide the specified service for its assigned provisioning time up to the number of specified clients concurrently. The service instance is reachable via its service address.

A service instance can be stateless or state-full – a state-full service instance provides a service dependent on its historic usage. In case of a state-full service instance the state can be setup as hard-state or soft-state.

SD1.1. Quality of Service

Network applications can require quality guarantees of the provided service such as:

  • Resilience
  • Security
  • Performance
    • Guaranteed bandwidth
    • Maximum delay of transmission
    • Maximum jitter
    • Maximum packet loss rate

SD.PE Physical Entities

Physical entities are nodes, links, and networks composed thereof


A network node has one or more interfaces via which it can send or receive data as long as a link to an other node is established.

A node can be an end system or an intermediate system.

Physical Link

As long as a link between two network nodes is established data can be transferred over the link at datarate speed.

Point to Point Link

Two nodes are connected by a physical link.

Shared Medium

Two or more nodes have access to a shared medium and can freely send data over the physical link. All nodes attached to the shared medium receive the sent data if their interface is up and running.

Realm or Compartment

A realm or physical compartment is a set of nodes interconnected by links. A compartment service provides a mechanism to enable communication amongst the compartment members and defines a common policy and trust model.

Note: an ANA physical compartment is equivalent to a NewArch or PostModern realm.


A set of one or more interconnected realms (network compartments)

SD.DT Data Transfer Service

The data transfer service is a data-plane service to move data through the network.

framing and multiplexing

error control: open (FEC) vs closed (ARQ) [related to the reliability category below]

transmission rate control: open (rate control) vs. closed (window flow control)

SD.DT[<scope>]: Scope

The scope of the data transfer service refers to the entities through which the data moves.

  • SD.DT[HBH] – A hop-by-hop data transfer service moves data across a link between adjacent nodes.
  • SD.DT[forward] – A data forwarding service moves data from an ingress interface to an egress interface through a node.
  • SD.DT[edge-to-edge]S – An edge-to-edge transfer service moves data between communication entities within a compartment or realm along a path of one or more HBH links.
  • SD.DT[end-to-end] – An end-to-end data transfer service moves data between communication entities along a path of one or more HBH links between nodes.

A node with two or more link transport service instances can forward data received by one link transport service to an other link transport service. The knowledge which node can be reached via which link transport service can be statically configured or dynamically learned. Various learning schemes have been proposed:

  • Broadcast and learn: spanning tree algorithm, on demand routing algorithms
  • Exchange of topology information: Dijkstra algorithm, proactive routing algorithms
  • Out of band path establishment: RSVP or LDP

Depending on the routing protocol a node can either discover the route on demand or has to drop the packet if it has to forward data to an unknown node.

SD.DT[<directionality>]: Directionality

  • SD.DT[unidirectional]
  • SD.DT[asymmetric]
  • SD.DT[bidirectional]

SD.DT[<connectivity>]: Connectivity

  • SD.DT[strong] – A strongly connected service is one that remains connected, providing the quality of service specified by SD.DT[<QoS>].
  • SD.DT[weak]
  • SD.DT[episodic] – An episodically connected service is one that alternates between a disconnected state and a connected state (strong or weak).
  • SD.DT[disconnected]

Note that the connectivity service parameters are higher level and longer granularity than QoS service parameters.

SD.DT[<QoS>]: QoS

  • SD.DT[bandwidth] – The bandwidth data transfer service specification consists of a rate or capacity tuple, commonly <peak, average, burstiness>.
  • SD.DT[delay] – The delay data transfer service specification defines a maximal acceptable communication delay.
  • SD.DT[jitter] – The jitter data transfer service specification defines a maximal acceptable communication inter-packet delay.

SD.DT[<association-mode>]: Association Mode

A data transfer can either be connection-oriented or connectionless, depending on the state required for the communication association, and optionally further categorized as a transaction or media stream.

  • SD.DT[connectionless] – A connectionless data transfer service moves datagram PDUs through a flow between communication endpoints. Each datagram has a header that fully describes all information necessary to forward toward the destination.
  • SD.DT[connection] – A connection-oriented data transfer service moves PDUs through a connection between communication endpoints, for which explicit connection state has been established and must be subsequently removed (or timed-out).
  • SD.DT[connectionless.transaction] and SD.DT[connection.transaction] – A connectionless or connection-oriented data transfer may be further categorized as a transaction, in which a request from a client to server is generally followed by a response from server to client. Note that a transaction requires a bidirectional data transfer service SD.DT[bidirectional].
  • SD.DT[] and SD.DT[] – A connectionless or connection-oriented data transfer may be further categorized as a stream, in which media is streamed with time synchronization and optional in-band or out-of-band stream manipulation control.

SD.DT[<group>]: Group Communication

The group attribute of the data transfer service describes the number of participants in the communication association, and in some cases places requirements on the

  • SD.DT[unicast] – A Unicast Data Transfer transfers data to exactly one receiver.
  • SD.DT[k-cast] – A k-cast Data Transfer Service transfers data to exactly k receivers
  • SD.DT[anycast] – An Anycast Data Transfer Service transfers data to a specified group of receivers of which only one processes the data.
  • SD.DT[multicast] – A Multicast Data Transfer Service transfers data to a specified group of receivers and all of them process the data.
  • SD.DT[broadcast] – A Broadcast Data Transfer Service transfers data to an unspecified group of receivers and all of them process the data.
  • SD.DT[concast] – A Concast Data Transfer Service transfers data from many sources to a single receiver.

SD.DT[<reliability>]: Reliability

The reliability of the data transfer service describes various aspects of reliability

  • Completeness of data: No data is lost during transmission
  • Preservation of data order: the packets are received in the same order as sent
  • Avoidance of data duplicates: Every sent packet is received at most once
  • Assurance of data integrity: Data is not (unintelligent) altered on its way from the sender to the receiver

To detect packet re-ordering, packet loss, and packet duplication sequence numbers can be used. Data integrity can be assured by various kinds of checksums, i.e. Internet checksum, CRCs, parity bits, etc. Finally, ARQ (Automatic Repeat reQuest) mechanisms and a timer are needed to ensure completeness of data.

Note: to prevent data alteration by a smart attacker cryptographic mechanisms must be used.

Reliability is optional for a data transport service.

SD.DT[<security>]: Security

A secure link transport service extends a link transport service with the following three features:

  • SD.DT[confidentiality]Data transfer confidentiality service provides protection from eavesdropping, typically using encryption.
  • SD.DT[data-integrity] – A data-integer transfer service provides protection from data alteration, typically using a message-digest hash.
  • SD.DT[sender-integrity] – A sender-integer transfer service verifies the origination of data for each PDU.
  • SD.DT[time-integrity] – A time-integer transfer service protects the replay of formerly recorded PDUs.

The lifetime of a secure transport association is limited by the maximum time or the maximum amount of data transported.

SD.NC Network Control Service

SD12. Monitoring Service

If a backup service instance is set up this backup service has to actively monitor the system behavior of the primary service instance to detect service failures as early as possible.

An example is the exchange of heartbeat messages for VRRP. This message is used to see that the forwarding service on a router and the hardware interface are operational.

SD13. Congestion Avoidance Service

A congestion avoidance service makes a service self-adaptable to varying data throughput on the E2E path from sender to receiver. It thereby protects the network from overload situations by adapting the outgoing data rate to the current network throughput.

SD14. Routing Service

A routing service selects a path or a set of paths to a node from all possible paths to this nodes according to a routing metric. The routing service can proactively calculate the path to the node or on-demand (reactively).

Examples of proactive routing services are OSPF, IS-IS, and BGP. Examples of reactive routing service are OLSR and AODV

SD14.1 Path Establishment Service

After identifying along which path the data is to be forwarded from sender to receiver a path establishment service configures the nodes on the path. Therefore state is setup on each of the nodes.

Examples for a path establishment service are RSVP and LDP.

SD10. Name resolution service

On different levels of abstraction different naming scheme might be used. A name resolution service maps a destination name to an address or a path to the destination on the next lower level of abstraction.

To prevent attacks like cache poisoning a secure E2E transport service must be used with this service.

Note: DNS is not such a service, since it maps the name only to an address leaving the determination of the path to the forwarding service.

SD8.1 Network Access Control Service

To protect a network from unauthorized users a network access control service is used. It prevents a node from communicating without verifying the nodes authorization first. Often this authorisation is bound to the identity of the node or the node's user requesting access to the network.

After setting up a physical link to the network a link transport service is set up for this new node. This link transport service enables data transfer between the new node and the network access point (e.g. ethernet switch, WLAN access point, etc.). But the link transport service is not connected to the forwarding service on the network access point until the node's authorisation is verified.

Examples for such a service are 802.1x, 802.11i, PAP, CHAP, and EAP.

SD.SS Security Service

Temporary note: We need to figure out what goes here vs. the other major categories. Presumably this is about control and management plane, but some items that speciically apply to network control should probably go into SD.NC. In some cases we may want generic security services here (like access control) with specific ones placed as appropriate (e.g. network access control, which for now I moved into SD.NC) -jpgs

SD5.2 Firewalling

An administrator can set up policies to limit the data which can be forwarded via a node.

SD7. Security Association Negotiation Service

A security scheme negotiation service enables the dynamic setup of a security association. Such an association includes:

  • Mutual authentication
  • Cryptographic algorithms
  • Secret keys for each direction of communication
  • Anti-replay information
  • Association lifetime

Such a crypto-agile scheme negotiation protocol allows to disable broken or untrusted schemes as well as to integrate newly developed schemes without changing the overall protocol.

SD8. Access Control Service

Often the access to resources of the network has to be limited to authorized users. This can be accomplished either by an identity verification scheme combined with access control list or a privilege management infrastructure.

Identity verification covers digital certificates, passwords, etc.

SD9. Certificate Online Validation Service

Digital certificates can be validated by clients on their own or they can query a trusted third party which validates the correctness of the certificates for them.

Examples are SCVP and OCSP.

Sometimes this service might contradict with the network access service. The client does not yet have access to the network but wants to check the certificate of the access server with an identity verification service. One solution is to incorporate the identity verification service into the network access service. An example of this is "OCSP over EAP".

SD16. Anonymity Service

  • Sender anonymity: Sender identity is hidden from receiver

SD6. Node Configuration Service

The integration of a node into a network requires a configuration of the node, like setup addresses, forwarding information and name resolution.

Examples for such a service are DHCP, IPv6 auto-configuration, NDP, and SEND but also integration on the overlay level.

SD11. Feedback Services

A feedback service gathers information required as input to a closed control loops. A trust relation between the information provider and information consumer determines the consumer's trust in the information.

An examples feedback service is implemented by ECN which reports congestion to the data sender.

SD15. Transaction service

A transaction service guarantees that either the complete transaction is executed on all targets or none of the transactions on none of the targets. It also provides the setup of transaction points to roll back to.

Personal tools