1 Open Pluggable Open Pluggable Edge Services Edge Services OPES OPES Abbie Barbir, Ph.D. Abbie Barbir, Ph.D. [email protected] [email protected]
Jan 16, 2016
1
Open Pluggable Edge Open Pluggable Edge ServicesServicesOPESOPES
Abbie Barbir, Ph.D. Abbie Barbir, Ph.D. [email protected]@nortelnetworks.com
2
SummarySummary Presents an overview of OPES model and
architecture Core Model Elements are
OPES Intermediary OPES Admin Server Remote Call-out Server
Introduce Content Services Overlay Networks Current Issues of OPES in IETF
3
Some DefinitionsSome DefinitionsDELEGATEDELEGATE
A 'caching proxy' located near or at the network access point of the 'user agent', delegated the authority to operate on behalf of, and typically working in close co-operation with a group of 'user agents‘.
SURROGATESURROGATE A gateway co-located with an origin server, or at a different point in the
network, delegated the authority to operate on behalf of, and typically working in close co-operation with, one or more origin servers. Responses are typically delivered from an internal cache.
OUT-OF-PATH Out-of-Path Content Services are not natively in the transport path of an
application. In other words, they are not necessarily resident (or co-resident) on entities that are natively in the path of application flows.
In-PATHIn-PATH In-Path Content Services are naturally within the message path of the
application they are associated with. This may be an application proxy, gateway, or in the extreme case, one of the end-hosts, that is party to the application
4
Some DefinitionsPOLICY DECISION POINTPOLICY DECISION POINT
A logical entity that makes policy decisions for itself or for other network elements that request such decisions.
POLICY ENFORCEMENT POINTPOLICY ENFORCEMENT POINT A logical entity that enforces policy decisions.
CONTENT SERVICE NETWORKCONTENT SERVICE NETWORK An overlay network of 'intermediaries' layered onto an
underlying network that incorporate 'content services' that operate on messages flowing through the 'content path'
CONTENT PATHCONTENT PATH Describes the path that content requests and responses
take through the network. Typically, Requests/Responses flow between a client, an 'OPES
intermediary', and a 'content server‘
5
OPES System ModelOPES System Model
Local Exec.Local Exec. Env.Env.
Remote Exec.Remote Exec. Env.Env.
OPES Engine/PEPOPES Engine/PEP
OPESOPESIntermediaryIntermediary
ClientClientContentContentServerServer
AuthenticationAuthenticationAuthorization/PDPAuthorization/PDP
AccountingAccounting
OPES AdminOPES AdminServerServer
Remote Call-outRemote Call-outServerServer
ProvisionProvisionOPESOPES
ContentContentServicesServices
6
OPES Engine ComponentsOPES Engine Components
Rule ModuleRule Module Rule ModuleRule Module
Rule ProcessorRule ProcessorMessage ParserMessage Parser
ProxyletProxylet ProxyletProxyletProxylet LibraryProxylet Library
RemoteRemoteCall-outCall-out
StubStub
RemoteRemoteCall-outCall-out
StubStubRemote Call-outRemote Call-out
SystemSystem
Local Exec. Env.Local Exec. Env. Remote Exec. Env.Remote Exec. Env.
OPES EngineOPES Engine
Remote Call-out Protocol(s)Remote Call-out Protocol(s)
Proxylet Run-timeProxylet Run-timeSystemSystem
ClientsClientsContentContentServersServers(1)(1)
(4)(4)(2)(2)(3)(3)
7
Surrogate Authoritative DomainSurrogate Authoritative Domain
OPESOPESIntermediaryIntermediary
Remote Call-outRemote Call-outServerServer
OPES AdminOPES AdminServerServer
Origin Origin ServerServer
AuthoritativeAuthoritativeDomainDomain
ClientClient
8
Delegate Authoritative DomainDelegate Authoritative Domain
OPESOPESIntermediaryIntermediary
Remote Call-outRemote Call-outServerServer
OPES AdminOPES AdminServerServer
Origin Origin ServerServer
AuthoritativeAuthoritativeDomainDomain
ClientClient
9
Content Service Overlay NetworksContent Service Overlay Networks
OriginServer
Client
Client
Client
Packet Network
Content Network Overlay
Edge Node
Content Services Network Overlay
OPES Engine
Remote Call-outServer
OPES AdminServer
10
Relation to other WorkRelation to other Work
Proxy cache
iCAP ClientOrigin Server
Client
OPESOPES
iCAP Server
P3PP3PWhat I will letWhat I will letsomeone else someone else do with which infodo with which info
P3PP3PSpecify what I doSpecify what I dowith info I collectwith info I collect
CC/PPCC/PPClient device capabilitiesClient device capabilitiesUser preferences………User preferences………
TCN
iCAP
UPIP
ContentContentEdgeEdge
DIWGDIWGDevice CapabilitiesDevice Capabilities
ESIESIObject Level CacheObject Level Cache
11
OPES Complementary effortsOPES Complementary efforts IETF
Transparent Content Negotiation (TCN)
W3C P3P CC/PP DIWG ESI
ICAP Org ICAP
ITU Content Description
(MPEG-21)
Others DRM Policy Audit, Log, Performance,
Fault mgmt Security
12
OPES Issues in IETFOPES Issues in IETF OPES services should be traceable by the application OPES services should be traceable by the application
endpoints of an OPES-involved transaction, endpoints of an OPES-involved transaction, Both service providers and end-users should detect and Both service providers and end-users should detect and
respond to inappropriate behavior by OPES componentsrespond to inappropriate behavior by OPES components Services provided in the OPES framework should be Services provided in the OPES framework should be
reversible by mutual agreement of the application endpointsreversible by mutual agreement of the application endpoints OPES protocol must include authorization as one if its steps, OPES protocol must include authorization as one if its steps,
and this must be by at least one of the of the application-layer and this must be by at least one of the of the application-layer endpoints (i.e. either the content provider or the content endpoints (i.e. either the content provider or the content consumer).consumer).
13
OPES Status in IETFOPES Status in IETF WG status just approvedWG status just approved New CharterNew Charter
Define a framework and protocols to both authorize and invoke Define a framework and protocols to both authorize and invoke distributed application services while maintaining the network's distributed application services while maintaining the network's robustness and end-to-end data integrityrobustness and end-to-end data integrity
Server-centric (administrative domain that includes Server-centric (administrative domain that includes the origin server)the origin server)
client-centric (administrative domain that includes the client-centric (administrative domain that includes the user agent)user agent)
Investigate whether the developed architecture must be to be compatible Investigate whether the developed architecture must be to be compatible with the use of end-to-end integrity and encryptionwith the use of end-to-end integrity and encryption
May need to examine the requirements for both authorization and May need to examine the requirements for both authorization and invocation of application services inside the networkinvocation of application services inside the network
Create an architecture for OPES services applied to application Create an architecture for OPES services applied to application messages, and specify the protocol for HTTP and RTP/RTSPmessages, and specify the protocol for HTTP and RTP/RTSP
Define methods for specification of policies, as well as the rules that Define methods for specification of policies, as well as the rules that enable application endpoints to control execution of such services enable application endpoints to control execution of such services
14
Q&AQ&A