QoS Signaling for IP QoS Support and Sender Authentication

This document updates TIA-1039 protocol which provides a Quality of Service (QoS) signaling standard for use within IPv4 and IPv6 network-layer protocols. It also adds a security capability which allows authentication of the sender to greatly increase the network security. The TIA-1039A signaling scheme is designed to work “in-band”, and requires hardware or microcode support in the participating network elements. To accomplish this, the QoS is setup in real time across the network without a separate, out of- band, software signaling structure like Reservation Protocol (RSVP). The resource “request” and the “response” messages for TCP are incorporated into the initial packets in the actual data flow, allowing the QoS requirements to be setup in parallel with the initial network traversal from sender to receiver and back. This signaling scheme can be used to set the rate, burst tolerance, preference priority, and delay priority.

TIA-1039 was introduced into the ITU many years ago and is now progressing as Q.Flowstatesig. However, the marking of signaling packets with a DCSP code has been rejected as creating a potential incompatibility with other IP systems. In order to avoid any impact on current IP practices, the revised approach is to encapsulate all packets with a GRE protocol packet header using a IEEE assigned Ethertype code, making the TIA-1039A traffic all appear as a new protocol. An Ethertype code (0x22EF) has been obtained for the revised protocol. As all the packets are now unique to this protocol, signaling can easily be marked with no conflict with other IP traffic. Also, since TIA-1039 has been extensively tested under two DARPA programs, there are other simplifications and some changes to avoid possible error conditions. Lastly, this version has a new addition; the addition of a security structure to allow secure authentication of the sender. The network uses this to obtain the current maximum priority allocated to the sender, and the receiver may also obtain certain limited information about the sender. This addition allows the new protocol to be safely used for Emergency Services to give priority to designated personnel during an Emergency. It also is designed to support a wide priority range for use in a military network. It is designed to provide a new, much higher level of network security where it is used.

The QoS defined within this signaling structure can support four general types of service. The first is a fully guaranteed rate service flow, which implies no oversubscription of network resources. The second is a maximum rate service flow, which allows some oversubscription but virtually no packet loss. The third is a variable rate service flow, where available rate is combined with a minimum rate guarantee. The fourth is an available rate service flow, one that can jumpstart the Transmission Control Protocol (TCP) to the highest rate the network can support, eliminating slow-start problems. In the available rate service case the capacity available based on network congestion is fed back to the sender very rapidly at all times. This will help to differentiate congestion problems from channel errors (measured in bit error rates), permitting the sender to then optimize his packet error control without confusing it with congestion. For premium services like voice and video maximum rate service sets up a low delay, low loss path with a minimum of effort.

This version of TIA-1039A adds a new capability to improve network security through session authentication. Security against cyber crime has thus far been mainly focused on the computer but this battle is being lost; more software holes are found each month than can be patched. This goal of this new capability is to have the network help in this battle by authenticating the user and the computers attached. The session authentication is optional and the attributes of one’s identity which are provided to the network or the receiver are under the sender’s control. However, legal investigation of a cyber crime may have access to the user’s identity and transaction history, thus allowing, finally, the ability to track down and stop most all cyber crime.