Home   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  

A Two-bit Differentiated Services Architecture for the Internet :: RFC2638








Network Working Group                                          K. Nichols
Request for Comments: 2638                                    V. Jacobson
Category: Informational                                             Cisco
                                                                 L. Zhang
                                                                     UCLA
                                                                July 1999


    A Two-bit Differentiated Services Architecture for the Internet

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document was originally submitted as an internet draft in
   November of 1997. As one of the documents predating the formation of
   the IETF's Differentiated Services Working Group, many of the ideas
   presented here, in concert with Dave Clark's subsequent presentation
   to the December 1997 meeting of the IETF Integrated Services Working
   Group, were key to the work which led to RFCs 2474 and 2475 and the
   section on allocation remains a timely proposal. For this reason, and
   to provide a reference, it is being submitted in its original form.
   The forwarding path portion of this document is intended as a record
   of where we were at in late 1997 and not as an indication of future
   direction.

   The postscript version of this document includes Clark's slides as an
   appendix. The postscript version of this document also includes many
   figures that aid greatly in its readability.

1. Introduction

   This document presents a differentiated services architecture for the
   internet. Dave Clark and Van Jacobson each presented work on
   differentiated services at the Munich IETF meeting [2,3]. Each
   explained how to use one bit of the IP header to deliver a new kind
   of service to packets in the internet. These were two very different
   kinds of service with quite different policy assumptions. Ensuing
   discussion has convinced us that both service types have merit and
   that both service types can be implemented with a set of very similar



Nichols, et al.              Informational                      [Page 1]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   mechanisms. We propose an architectural framework that permits the
   use of both of these service types and exploits their similarities in
   forwarding path mechanisms. The major goals of this architecture are
   each shared with one or both of those two proposals: keep the
   forwarding path simple, push complexity to the edges of the network
   to the extent possible, provide a service that avoids assumptions
   about the type of traffic using it, employ an allocation policy that
   will be compatible with both long-term and short-term provisioning,
   make it possible for the dominant Internet traffic model to remain
   best-effort.

   The major contributions of this document are to present two distinct
   service types, a set of general mechanisms for the forwarding path
   that can be used to implement a range of differentiated services and
   to propose a flexible framework for provisioning a differentiated
   services network. It is precisely this kind of architecture that is
   needed for expedient deployment of differentiated services: we need a
   framework and set of primitives that can be implemented in the
   short-term and provide interoperable services, yet can provide a
   "sandbox" for experimentation and elaboration that can lead in time
   to more levels of differentiation within each service as needed.

   At the risk of belaboring an analogy, we are motivated to provide
   services tiers in somewhat the same fashion as the airlines do with
   first class, business class and coach class. The latter also has
   tiering built in due to the various restrictions put on the purchase.
   A part of the analogy we want to stress is that best effort traffic,
   like coach class seats on an airplane, is still expected to make up
   the bulk of internet traffic. Business and first class carry a small
   number of passengers, but are quite important to the economics of the
   airline industry. The various economic forces and realities combine
   to dictate the relative allocation of the seats and to try to fill
   the airplane. We don't expect that differentiated services will
   comprise all the traffic on the internet, but we do expect that new
   services will lead to a healthy economic and service environment.

   This document is organized into sections describing service
   architecture, mechanisms, the bandwidth allocation architecture, how
   this architecture might interoperate with RSVP/int-serv work, and
   gives recommendations for deployment.











Nichols, et al.              Informational                      [Page 2]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


2. Architecture

2.1 Background

   The current internet delivers one type of service, best-effort, to
   all traffic. A number of proposals have been made concerning the
   addition of enhanced services to the Internet. We focus on two
   particular methods of adding a differentiated level of service to IP,
   each designated by one bit [1,2,3]. These services represent a
   radical departure from the Internet's traditional service, but they
   are also a radical departure from traditional "quality of service"
   architectures which rely on circuit-based models. Both these
   proposals seek to define a single common mechanism that is used by
   interior network routers, pushing most of the complexity and state of
   differentiated services to the network edges. Both use bandwidth as
   the resource that is being requested and allocated. Clark and
   Wroclawski defined an "Assured" service that follows "expected
   capacity" usage profiles that are statistically provisioned [3]. The
   assurance that the user of such a service receives is that such
   traffic is unlikely to be dropped as long as it stays within the
   expected capacity profile. The exact meaning of "unlikely" depends on
   how well provisioned the service is. An Assured service traffic flow
   may exceed its Profile, but the excess traffic is not given the same
   assurance level. Jacobson defined a "Premium" service that is
   provisioned according to peak capacity Profiles that are strictly not
   oversubscribed and that is given its own high-priority queue in
   routers [2]. A Premium service traffic flow is shaped and hard-
   limited to its provisioned peak rate and shaped so that bursts are
   not injected into the network. Premium service presents a "virtual
   wire" where a flow's bursts may queue at the shaper at the edge of
   the network, but thereafter only in proportion to the indegree of
   each router. Despite their many similarities, these two approaches
   result in fundamentally different services. The former uses buffer
   management to provide a "better effort" service while the latter
   creates a service with little jitter and queueing delay and no need
   for queue management on the Premium packets's queue.

   An Assured service was introduced in [3] by Clark and Wroclawski,
   though we have made some alterations in its specification for our
   architecture. Further refinements and an "Expected Capacity"
   framework are given in Clark and Fang [10].  This framework is
   focused on "providing different levels of best-effort service at
   times of network congestion" but also mentions that it is possible to
   have a separate router queue to implement a "guaranteed" level of
   assurance.  We believe this framework and our Two-bit architecture
   are compatible but this needs further exploration.  As Premium
   service has not been documented elsewhere, we describe it next and
   follow this with a description of the two-bit architecture.



Nichols, et al.              Informational                      [Page 3]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


2.2 Premium service

   In [2], a Premium service was presented that is fundamentally
   different from the Internet's current best effort service. This
   service is not meant to replace best effort but primarily to meet an
   emerging demand for a commercial service that can share the network
   with best effort traffic. This is desirable economically, since the
   same network can be used for both kinds of traffic. It is expected
   that Premium traffic would be allocated a small percentage of the
   total network capacity, but that it would be priced much higher. One
   use of such a service might be to create "virtual leased lines",
   saving the cost of building and maintaining a separate network.
   Premium service, not unlike a standard telephone line, is a capacity
   which the customer expects to be there when the receiver is lifted,
   although it may, depending on the household, be idle a good deal of
   the time.  Provisioning Premium traffic in this way reduces the
   capacity of the best effort internet by the amount of Premium
   allocated, in the worst case, thus it would have to be priced
   accordingly. On the other hand, whenever that capacity is not being
   used it is available to best effort traffic. In contrast to normal
   best effort traffic which is bursty and requires queue management to
   deal fairly with congestive episodes, this Premium service by design
   creates very regular traffic patterns and small or nonexistent
   queues.

   Premium service levels are specified as a desired peak bit-rate for a
   specific flow (or aggregation of flows). The user contract with the
   network is not to exceed the peak rate. The network contract is that
   the contracted bandwidth will be available when traffic is sent.
   First-hop routers (or other edge devices) filter the packets entering
   the network, set the Premium bit of those that match a Premium
   service specification, and perform traffic shaping on the flow that
   smooths all traffic bursts before they enter the network. This
   approach requires no changes in hosts. A compliant router along the
   path needs two levels of priority queueing, sending all packets with
   the Premium bit set first. Best-effort traffic is unmarked and queued
   and sent at the lower priority. This results in two "virtual
   networks": one which is identical to today's Internet with buffers
   designed to absorb traffic bursts; and one where traffic is limited
   and shaped to a contracted peak-rate, but packets move through a
   network of queues where they experience almost no queueing delay.

   In this architecture, forwarding path decisions are made separately
   and more simply than the setting up of the service agreements and
   traffic profiles. With the exception of policing and shaping at
   administrative or "trust" boundaries, the only actions that need to
   be handled in the forwarding path are to classify a packet into one
   of two queues on a single bit and to service the two queues using



Nichols, et al.              Informational                      [Page 4]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   simple priority. Shaping must include both rate and burst parameters;
   the latter is expected to be small, in the one or two packet range.
   Policing at boundaries enforces rate compliance, and may be
   implemented by a simple token bucket. The admission and set-up
   procedures are expected to evolve, in time, to be dynamically
   configurable and fairly complex while the mechanisms in the
   forwarding path remain simple.

   A Premium service built on this architecture can be deployed in a
   useful way once the forwarding path mechanisms are in place by making
   static allocations. Traffic flows can be designated for special
   treatment through network management configuration. Traffic flows
   should be designated by the source, the destination, or any
   combination of fields in the packet header. First-hop (of leaf)
   routers will filter flows on all or part of the header tuple
   consisting of the source IP address, destination IP address, protocol
   identifier, source port number, and destination port number. Based on
   this classification, a first-hop router performs traffic shaping and
   sets the designated Premium bit of the precedence field. End-hosts
   are thus not required to be "differentiated services aware", though
   if and when end-systems become universally "aware", they might do
   their own shaping and first-hop routers merely police.

   Adherence to the subscribed rate and burst size must be enforced at
   the entry to the network, either by the end-system or by the first-
   hop router. Within an intranet, administrative domain, or "trust
   region" the packets can then be classified and serviced solely on the
   Premium bit. Where packets cross a boundary, the policing function is
   critical. The entered region will check the prioritized packet flow
   for conformance to a rate the two regions have agreed upon,
   discarding packets that exceed the rate. It is thus in the best
   interests of a region to ensure conformance to the agreed-upon rate
   at the egress. This requirement means that Premium traffic is burst-
   free and, together with the no oversubscription rule, leads directly
   to the observation that Premium queues can easily be sized to prevent
   the need to drop packets and thus the need for a queue management
   policy. At each router, the largest queue size is related to the in-
   degree of other routers and is thus quite small, on the order of ten
   packets.

   Premium bandwidth allocations must not be oversubscribed as they
   represent a commitment by the network and should be priced
   accordingly. Note that, in this architecture, Premium traffic will
   also experience considerably less delay variation than either best
   effort traffic or the Assured data traffic of [3]. Premium rates
   might be configured on a subscription basis in the near-term, or on-
   demand when dynamic set-up or signaling is available.




Nichols, et al.              Informational                      [Page 5]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   Figure 1 shows how a Premium packet flow is established within a
   particular administrative domain, Company A, and sent across the
   access link to Company A's ISP. Assume that the host's first-hop
   router has been configured to match a flow from the host's IP address
   to a destination IP address that is reached through ISP. A Premium
   flow is configured from a host with a rate which is both smaller than
   the total Premium allocation Company A has from the ISP, r bytes per
   second, and smaller than the amount of that allocation has been
   assigned to other hosts in Company A. Packets are not marked in any
   special way when they leave the host. The first-hop router clears the
   Premium bit on all arriving packets, sets the Premium bit on all
   packets in the designated flow, shapes packets in the Premium flow to
   a configured rate and burst size, queues best-effort unmarked packets
   in the low priority queue and shaped Premium packets in the high
   priority queue, and sends packets from those two queues at simple
   priority. Intermediate routers internal to Company A enqueue packets
   in one of two output queues based on the Premium bit and service the
   queues with simple priority. Border routers perform quite different
   tasks, depending on whether they are processing an egress flow or an
   ingress flow. An egress border router may perform some reshaping on
   the aggregate Premium traffic to conform to rate r, depending on the
   number of Premium flows aggregated. Ingress border routers only need
   to perform a simple policing function that can be implemented with a
   token bucket. In the example, the ISP accepts all Premium packets
   from A as long as the flow does not exceed r bytes per second.

   Figure 1. Premium traffic flow from end-host to organization's ISP

2.3 Two-bit differentiated services architecture

   Clark's and Jacobson's proposals are markedly similar in the location
   and type of functional blocks that are needed to implement them.
   Furthermore, they implement quite different services which are not
   incompatible in a network. The Premium service implements a
   guaranteed peak bandwidth service with negligible queueing delay that
   cannot starve best effort traffic and can be allocated in a fairly
   straightforward fashion. This service would seem to have a strong
   appeal for commercial applications, video broadcasts, voice-over-IP,
   and VPNs. On the other hand, this service may prove both too
   restrictive (in its hard limits) and overdesigned (no overallocation)
   for some applications. The Assured service implements a service that
   has the same delay characteristics as (undropped) best effort packets
   and the firmness of its guarantee depends on how well individual
   links are provisioned for bursts of Assured packets. On the other
   hand, it permits traffic flows to use any additional available
   capacity without penalty and occasional dropped packets for short
   congestive periods may be acceptable to many users. This service
   might be what an ISP would provide to individual customers who are



Nichols, et al.              Informational                      [Page 6]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   willing to pay a bit more for internet service that seems unaffected
   by congestive periods. Both services are only as good as their
   admission control schemes, though this can be more difficult for
   traffic which is not peak-rate allocated.

   There may be some additional benefits of deploying both services. To
   the extent that Premium service is a conservative allocation of
   resources, unused bandwidth that had been allocated to Premium might
   provide some "headroom" for underallocated or burst periods of
   Assured traffic or for best effort. Network elements that deploy both
   services will be performing RED queue management on all non-Premium
   traffic, as suggested in [4], and the effects of mixing the Premium
   streams with best effort might serve to reduce burstiness in the
   latter. A strength of the Assured service is that it allows bursts to
   happen in their natural fashion, but this also makes the
   provisioning, admission control and allocation problem more difficult
   so it may take more time and experimentation before this admission
   policy for this service is completely defined. A Premium service
   could be deployed that employs static allocations on peak rates with
   no statistical sharing.

   As there appear to be a number of advantages to an architecture that
   permits these two types of service and because, as we shall see, they
   can be made to share many of the same mechanisms, we propose
   designating two bit-patterns from the IP header precedence field. We
   leave the explicit designation of these bit-patterns to the standards
   process thus we use the shorthand notation of denoting each pattern
   by a bit, one we will call the Premium or P-bit, the other we call
   the assurance or A-bit. It is possible for a network to implement
   only one of these services and to have network elements that only
   look at the one applicable bit, but we focus on the two service
   architecture. Further, we assume the case where no changes are made
   in the hosts, appropriate packet marking all being done in the
   network, at the first-hop, or leaf, router. We describe the
   forwarding path architecture in this section, assuming that the
   service has been allocated through mechanisms we will discuss in
   section 4.

   In a more general sense, Premium service denotes packets that are
   enqueued at a higher priority than the ordinary best-effort queue.
   Similarly, Assured service denotes packets that are treated
   preferentially with respect to the dropping probability within the
   "normal" queue. There are a number of ways to add more service levels
   within each of these service types [7], but this document takes the
   position of specifying the base-level services of Premium and
   Assured.





Nichols, et al.              Informational                      [Page 7]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   The forwarding path mechanisms can be broken down into those that
   happen at the input interface, before packet forwarding, and those
   that happen at the output interface, after packet forwarding.
   Intermediate routers only need to implement the post packet
   forwarding functions, while leaf and border routers must perform
   functions on arriving packets before forwarding. We describe the
   mechanisms this way for illustration; other ways of composing their
   functions are possible.

   Leaf routers are configured with a traffic profile for a particular
   flow based on its packet header. This functionality has been defined
   by the RSVP Working Group in RFC 2205. Figure 2 shows what happens to
   a packet that arrives at the leaf router, before it is passed to the
   forwarding engine. All arriving packets must have both the A-bit and
   the P-bit cleared after which packets are classified on their header.
   If the header does not match any configured values, it is immediately
   forwarded. Matched flows pass through individual Markers that have
   been configured from the usage profile for that flow: service class
   (Premium or Assured), rate (peak for Premium, "expected" for
   Assured), and permissible burst size (may be optional for Premium).
   Assured flow packets emerge from the Marker with their A-bits set
   when the flow is in conformance to its Profile, but the flow is
   otherwise unchanged. For a Premium flow, the Marker will hold packets
   when necessary to enforce their configured rate. Thus Premium flow
   packets emerge from the Marker in a shaped flow with their P-bits
   set. (It is possible for Premium flow packets to be dropped inside of
   the Marker as we describe below.) Packets are passed to the
   forwarding engine when they emerge from Markers. Packets that have
   either their P or A bits set we will refer to as Marked packets.

   Figure 2. Block diagram of leaf router input functionality

   Figure 3 shows the inner workings of the Marker. For both Assured and
   Premium packets, a token bucket "fills" at the flow rate that was
   specified in the usage profile. For Assured service, the token bucket
   depth is set by the Profile's burst size. For Premium service, the
   token bucket depth must be limited to the equivalent of only one or
   two packets. (We suggest a depth of one packet in early deployments.)
   When a token is present, Assured flow packets have their A-bit set to
   one, otherwise the packet is passed to the forwarding engine. For
   Premium-configured Marker, arriving packets that see a token present
   have their P-bits set and are forwarded, but when no token is
   present, Premium flow packets are held until a token arrives. If a
   Premium flow bursts enough to overflow the holding queue, its packets
   will be dropped. Though the flow set up data can be used to configure
   a size limit for the holding queue (this would be the meaning of a
   "burst" in Premium service), it is not necessary. Unconfigured
   holding queues should be capable of holding at least two bandwidth-



Nichols, et al.              Informational                      [Page 8]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   delay products, adequate for TCP connections. A smaller value might
   be used to suit delay requirements of a specific application.

   Figure 3. Markers to implement the two different services

   In practice, the token bucket should be implemented in bytes and a
   token is considered to be present if the number of bytes in the
   bucket is equal or larger to the size of the packet. For Premium, the
   bucket can only be allowed to fill to the maximum packet size; while
   Assured may fill to the configured burst parameter. Premium traffic
   is held until a sufficient byte credit has accumulated and this
   holding buffer provides the only real queue the flow sees in the
   network. For Assured, traffic, we just test if the bytes in the
   bucket are sufficient for the packet size and set A if so. If not,
   the only difference is that A is not set. Assured traffic goes into a
   queue following this step and potentially sees a queue at every hop
   along its path.

   Each output interface of a router must have two queues and must
   implement a test on the P-bit to select a packet's output queue. The
   two queues must be serviced by simple priority, Premium packets
   first. Each output interface must implement the RED-based RIO
   mechanism described in [3] on the lower priority queue. RIO uses two
   thresholds for when to begin dropping packets, a lower one based on
   total queue occupancy for ordinary best effort traffic and one based
   on the number of packets enqueued that have their A-bit set. This
   means that any action preferential to Assured service traffic will
   only be taken when the queue's capacity exceeds the threshold value
   for ordinary best effort service. In this case, only unmarked packets
   will be dropped (using the RED algorithm) unless the threshold value
   for Assured service is also reached. Keeping an accurate count of the
   number of A-bit packets currently in a queue requires either testing
   the A-bit at both entry and exit of the queue or some additional
   state in the router. Figure 4 is a block diagram of the output
   interface for all routers.

   Figure 4. Router output interface for two-bit architecture

   The packet output of a leaf router is thus a shaped stream of packets
   with P-bits set mingled with an unshaped best effort stream of
   packets, some of which may have A-bits set. Premium service clearly
   cannot starve best effort traffic because it is both burst and
   bandwidth controlled. Assured service might rely only on a
   conservative allocation to prevent starvation of unmarked traffic,
   but bursts of Assured traffic might then close out best-effort
   traffic at bottleneck queues during congestive periods.





Nichols, et al.              Informational                      [Page 9]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   After [3], we designate the forwarding path objects that test flows
   against their usage profiles "Profile Meters". Border routers will
   require Profile Meters at their input interfaces. The bilateral
   agreement between adjacent administrative domains must specify a peak
   rate on all P traffic and a rate and burst for A traffic (and
   possibly a start time and duration). A Profile Meter is required at
   the ingress of a trust region to ensure that differentiated service
   packet flows are in compliance with their agreed-upon rates. Non-
   compliant packets of Premium flows are discarded while non-compliant
   packets of Assured flows have their A-bits reset. For example, in
   figure 1, if the ISP has agreed to supply Company A with r bytes/sec
   of Premium service, P-bit marked packets that enter the ISP through
   the link from Company A will be dropped if they exceed r. If instead,
   the service in figure 1 was Assured service, the packets would simply
   be unmarked, forwarded as best effort.

   The simplest border router input interface is a Profile Meter
   constructed from a token bucket configured with the contracted rate
   across that ingress link (see figure 5). Each type, Premium or
   Assured, and each interface must have its own profile meter
   corresponding to a particular class across a particular boundary.
   (This is in contrast to models where every flow that crosses the
   boundary must be separately policed and/or shaped.) The exact
   mechanisms required at a border router input interface depend on the
   allocation policy deployed; a more complex approach is presented in
   section 4.

   Figure 5. Border router input interface Profile Meters

3. Mechanisms

3.1 Forwarding Path Primitives

   Section 2.3 introduced the forwarding path objects of Markers and
   Profile Meters. In this section we specify the primitive building
   blocks required to compose them. The primitives are: general
   classifier, bit-pattern classifier, bit setter, priority queues,
   policing token bucket and shaping token bucket. These primitives can
   compose a Marker (either a policing or a shaping token bucket plus a
   bit setter) and a Profile Meter (a policing token bucket plus a
   dropper or bit setter).

   General Classifier: Leaf or first-hop routers must perform a
   transport-level signature matching based on a tuple in the packet
   header, a functionality which is part of any RSVP-capable router.  As
   described above, packets whose tuples match one of the configured
   flows are conformance tested and have the appropriate service bit
   set.  This function is memory- and processing-intensive, but is kept



Nichols, et al.              Informational                     [Page 10]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   at the edges of the network where there are fewer flows.

   Bit-pattern classifier: This primitive comprises a simple two-way
   decision based on whether a particular bit-pattern in the IP header
   is set or not. As in figure 4, the P-bit is tested when a packet
   arrives at a non-leaf router to determine whether to enqueue it in
   the high priority output queue or the low priority packet queue. The
   A-bit of packets bound for the low priority queue is tested to 1)
   increment the count of Assured packets in the queue if set and 2)
   determine which drop probability will be used for that packet.
   Packets exiting the low priority queue must also have the A-bit
   tested so that the count of enqueued Assured packets can be
   decremented if necessary.

   Bit setter: The A-bits and P-bits must be set or cleared in several
   places. A functional block that sets the appropriate bits of the IP
   header to a configured bit-pattern would be the most general.

   Priority queues: Every network element must include (at least) two
   levels of simple priority queueing. The high priority queue is for
   the Premium traffic and the service rule is to send packets in that
   queue first and to exhaustion. Recall that Premium traffic must never
   be oversubscribed, thus Premium traffic should see little or no
   queue.

   Shaping token bucket:This is the token bucket required at the leaf
   router for Premium traffic and shown in figure 3. As we shall see,
   shaping is also useful at egress points of a trust region. An
   arriving packet is immediately forwarded if there is a token present
   in the bucket, otherwise the packet is enqueued until the bucket
   contains tokens sufficient to send it. Shaping requires clocking
   mechanisms, packet memory, and some state block for each flow and is
   thus a memory and computation-intensive process.

   Policing token bucket: This is the token bucket required for Profile
   Meters and shown in figure 5. Policing token buckets never hold
   arriving packets, but check on arrival to see if a token is available
   for the packet's service class. If so, the packet is forwarded
   immediately. If not, the policing action is taken, dropping for
   Premium and reclassifying or unmarking for Assured.

3.2 Passing configuration information

    Clearly, mechanisms are required to communicate the information
   about the request to the leaf router. This configuration information
   is the rate, burst, and whether it is a Premium or Assured type.
   There may also need to be a specific field to set or clear this
   configuration. This information can be passed in a number of ways,



Nichols, et al.              Informational                     [Page 11]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   including using the semantics of RSVP, SNMP, or directly set by a
   network administrator in some other way. There must be some
   mechanisms for authenticating the sender of this information. We
   expect configuration to be done in a variety of ways in early
   deployments and a protocol and mechanism for this to be a topic for
   future standards work.

3.3 Discussion

   The requirements of shapers motivate their placement at the edges of
   the network where the state per router can be smaller than in the
   middle of a network. The greatest burden of flow matching and shaping
   will be at leaf routers where the speeds and buffering required
   should be less than those that might be required deeper in the
   network. This functionality is not required at every network element
   on the path. Routers that are internal to a trust region will not
   need to shape traffic. Border routers may need or desire to shape the
   aggregate flow of Marked packets at their egress in order to ensure
   that they will not burst into non-compliance with the policing
   mechanism at the ingress to the other domain (though this may not be
   necessary if the in-degree of the router is low). Further, the
   shaping would be applied to an aggregation of all the Premium flows
   that exit the domain via that path, not to each flow individually.

   These mechanisms are within reach of today's technology and it seems
   plausible to us that Premium and Assured services are all that is
   needed in the Internet. If, in time, these services are found
   insufficient, this architecture provides a migration path for
   delivering other kinds of service levels to traffic. The A- and P-
   bits would continue to be used to identify traffic that gets Marked
   service, but further filter matching could be done on packet headers
   to differentiate service levels further. Using the bits this way
   reduces the number of packets that have to have further matching done
   on them rather than filtering every incoming packet. More queue
   levels and more complex scheduling could be added for P-bit traffic
   and more levels of drop priority could be added for A-bit traffic if
   experience shows them to be necessary and processing speeds are
   sufficient. We propose that the services described here be considered
   as "at least" services. Thus, a network element should at least be
   capable of mapping all P-bit traffic to Premium service and of
   mapping all A-bit traffic to be treated with one level of priority in
   the "best effort" queue (it appears that the single level of A-bit
   traffic should map to a priority that is equivalent to the best level
   in a multi-level element that is also in the path).

   On the other hand, what is the downside of deploying an architecture
   for both classes of service if later experience convinces us that
   only one of them is needed? The functional blocks of both service



Nichols, et al.              Informational                     [Page 12]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   classes are similar and can be provided by the same mechanism,
   parameterized differently. If Assured service is not used, very
   little is lost. A RED-managed best effort queue has been strongly
   recommended in [4] and, to the extent that the deployment of this
   architecture pushes the deployment of RED-managed best effort queues,
   it is clearly a positive. If Premium service goes unused, the two-
   queues with simple priority service is not required and the shaping
   function of the Marker may be unused, thus these would impose an
   unnecessary implementation cost.

4. The Architectural Framework for Marked Traffic Allocation

   Thus far we have focused on the service definitions and the
   forwarding path mechanisms. We now turn to the problem of allocating
   the level of Marked traffic throughout the Internet. We observe that
   most organizations have fixed portions of their budgets, including
   data communications, that are determined on an annual or quarterly
   basis. Some additional monies might be attached to specific projects
   for discretionary costs that arise in the shorter term. In turn,
   service providers (ISPs and NSPs) must do their planning on annual
   and quarterly bases and thus cannot be expected to provide
   differentiated services purely "on call". Provisioning sets up static
   levels of Marked traffic while call set-up creates an allocation of
   Marked traffic for a single flow's duration. Static levels can be
   provisioned with time-of-day specifications, but cannot be changed in
   response to a dynamic message. We expect both kinds of bandwidth
   allocation to be important. The purchasers of Marked services can
   generally be expected to work on longer-term budget cycles where
   these services will be accounted for similarly to many information
   services today. A mail-order house may wish to purchase a fixed
   allocation of bandwidth in and out of its web-server to give
   potential customers a "fast" feel when browsing their site. This
   allocation might be based on hit rates of the previous quarter or
   some sort of industry-based averages. In addition, there needs to be
   a dynamic allocation capability to respond to particular events, such
   as a demonstration, a network broadcast by a company's CEO, or a
   particular network test. Furthermore, a dynamic capability may be
   needed in order to meet a precommitted service level when the
   particular source or destination is allowed to be "anywhere on the
   Internet". "Dynamic" covers the range from a telephoned or e-mailed
   request to a signalling type model. A strictly statically allocated
   scenario is expected to be useful in initial deployment of
   differentiated services and to make up a major portion of the Marked
   traffic for the forseeable future.

   Without a "per call" dynamic set up, the preconfiguring of usage
   profiles can always be construed as "paying for bits you don't use"
   whether the type of service is Premium or Assured. We prefer to think



Nichols, et al.              Informational                     [Page 13]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   of this as paying for the level of service that one expects to have
   available at any time, for example paying for a telephone line. A
   customer might pay an additional flat fee to have the privilege of
   calling a wide local area for no additional charge or might pay by
   the call. Although a customer might pay on a "per call" basis for
   every call made anywhere, it generally turns out not to be the most
   economical option for most customers. It's possible similar pricing
   structures might arise in the internet.

   We use Allocation to refer to the process of making Marked traffic
   commitments anywhere along this continuum from strictly preallocated
   to dynamic call set-up and we require an Allocation architecture
   capable of encompassing this entire spectrum in any mix. We further
   observe that Allocation must follow organizational hierarchies, that
   is each organization must have complete responsibility for the
   Allocation of the Marked traffic resource within its domain. Finally,
   we observe that the only chance of success for incremental deployment
   lies in an Allocation architecture that is made up of bilateral
   agreements, as multilateral agreements are much too complex to
   administer. Thus, the Allocation architecture is made up of
   agreements across boundaries as to the amount of Marked traffic that
   will be allowed to pass. This is similar to "settlement" models used
   today.

4.1 Bandwidth Brokers: Allocating and Controlling Bandwidth Shares

   The goal of differentiated services is controlled sharing of some
   organization's Internet bandwidth. The control can be done
   independently by individuals, i.e., users set bit(s) in their packets
   to distinguish their most important traffic, or it can be done by
   agents that have some knowledge of the organization's priorities and
   policies and allocate bandwidth with respect to those policies.
   Independent labeling by individuals is simple to implement but
   unlikely to be sufficient since it's unreasonable to expect all
   individuals to know all their organization's priorities and current
   network use and always mark their traffic accordingly.  Thus this
   architecture is designed with agents called bandwidth brokers (BB)
   [2], that can be configured with organizational policies, keep track
   of the current allocation of marked traffic, and interpret new
   requests to mark traffic in light of the policies and current
   allocation.

   We note that such agents are inherent in any but the most trivial
   notions of sharing.  Neither individuals nor the routers their
   packets transit have the information necessary to decide which
   packets are most important to the organization.  Since these agents
   must exist, they can be used to allocate bandwidth for end-to-end
   connections with far less state and simpler trust relationships than



Nichols, et al.              Informational                     [Page 14]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   deploying per flow or per filter guarantees in all network elements
   on an end-to-end path. BBs make it possible for bandwidth allocation
   to follow organizational hierarchies and, in concert with the
   forwarding path mechanisms discussed in section 3, reduce the state
   required to set up and maintain a flow over architectures that
   require checking the full flow header at every network element.
   Organizationally, the BB architecture is motivated by the observation
   that multilateral agreements rarely work and this architecture allows
   end-to-end services to be constructed out of purely bilateral
   agreements. BBs only need to establish relationships of limited trust
   with their peers in adjacent domains, unlike schemes that require the
   setting of flow specifications in routers throughout an end-to-end
   path. In practical technical terms, the BB architecture makes it
   possible to keep state on an administrative domain basis, rather than
   at every router and the service definitions of Premium and Assured
   service make it possible to confine per flow state to just the leaf
   routers.

   BBs have two responsibilities. Their primary one is to parcel out
   their region's Marked traffic allocations and set up the leaf routers
   within the local domain. The other is to manage the messages that are
   sent across boundaries to adjacent regions' BBs. A BB is associated
   with a particular trust region, one per domain. A BB has a policy
   database that keeps the information on who can do what when and a
   method of using that database to authenticate requesters. Only a BB
   can configure the leaf routers to deliver a particular service to
   flows, crucial for deploying a secure system. If the deployment of
   Differentiated Services has advanced to the stage where dynamically
   allocated, marked flows are possible between two adjacent domains,
   BBs also provide the hook needed to implement this. Each domain's BB
   establishes a secure association with its peer in the adjacent domain
   to negotiate or configure a rate and a service class (Premium or
   Assured) across the shared boundary and through the peer's domain. As
   we shall see, it is possible for some types of service and
   particularly in early implementations, that this "secure association"
   is not automatic but accomplished through human negotiation and
   subsequent manual configuration of the adjacent BBs according to the
   negotiated agreement. This negotiated rate is a capability that a BB
   controls for all hosts in its region.

   When an allocation is desired for a particular flow, a request is
   sent to the BB. Requests include a service type, a target rate, a
   maximum burst, and the time period when service is required. The
   request can be made manually by a network administrator or a user or
   it might come from another region's BB. A BB first authenticates the
   credentials of the requester, then verifies there exists unallocated
   bandwidth sufficient to meet the request. If a request passes these
   tests, the available bandwidth is reduced by the requested amount and



Nichols, et al.              Informational                     [Page 15]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   the flow specification is recorded. In the case where the flow has a
   destination outside this trust region, the request must fall within
   the class allocation through the "next hop" trust region that was
   established through a bilateral agreement of the two trust regions.
   The requester's BB informs the adjacent region's BB that it will be
   using some of this rate allocation. The BB configures the appropriate
   leaf router with the information about the packet flow to be given a
   service at the time that the service is to commence. This
   configuration is "soft state" that the BB will periodically refresh.
   The BB in the adjacent region is responsible for configuring the
   border router to permit the allocated packet flow to pass and for any
   additional configurations and negotiations within and across its
   borders that will allow the flow to reach its final destination.

   At DMZs, there must be an unambiguous way to determine the local
   source of a packet. An interface's source could be determined from
   its MAC address which would then be used to classify packets as
   coming across a logical link directly from the source domain
   corresponding to that MAC address. Thus with this understanding we
   can continue to use figures illustrating a single pipe between two
   different domains.

   In this way, all agreements and negotiations are performed between
   two adjacent domains. An initial request might cause communication
   between BBs on several domains along a path, but each communication
   is only between two adjacent BBs. Initially, these agreements will be
   prenegotiated and fairly static. Some may become more dynamic as the
   service evolves.

4.2 Examples

   This section gives examples of BB transactions in a non-trivial,
   multi-transit-domain Internet. The BB framework allows operating
   points across a spectrum from "no signalling across boundaries" to
   "each flow set up dynamically". We might expect to move across this
   spectrum over time, as the necessary mechanisms are ubiquitously
   deployed and BBs become more sophisticated, but the statically
   allocated portions of the spectrum should always have uses. We
   believe the ability to support this wide spectrum of choices
   simultaneously will be important both in incremental deployment and
   in allowing ISPs to make a wide range of offerings and pricings to
   users. The examples of this section roughly follow the spectrum of
   increasing sophistication. Note that we assume that domains contract
   for some amount of Marked traffic which can be requested as either
   Assured or Premium in each individual flow setup transaction. The
   examples say "Marked" although actual transactions would have to
   specify either Assured or Premium.




Nichols, et al.              Informational                     [Page 16]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   A statically configured example with no BB messages exchanged: Here
   all allocations are statically preallocated through purely bilateral
   agreements between users (individual TCPs, individual hosts, campus
   networks, or whole ISPs) [6]. The allocations are in the form of
   usage profiles of rate, burst, and a time during which that profile
   is to be active. Users and providers negotiate these Profiles which
   are then installed in the user domain BB and in the provider domain
   BB. No BB messages cross the boundary; we assume this negotiation is
   done by human representatives of each domain. In this case, BBs only
   have to perform one of their two functions, that of allocating this
   Profile within their local domain. It is even possible to set all of
   this suballocations up in advance and then the BB only needs to set
   up and tear down the Profile at the proper time and to refresh the
   soft state in the leaf routers. From the user domain BB, the Profile
   is sent as soft state to the first hop router of the flow during the
   specified time. These Profiles might be set using RSVP, a variant of
   RSVP, SNMP, or some vendor-specific mechanism. Although this static
   approach can work for all Marked traffic, due to the strictly not
   oversubscribed requirement, it is only appropriate for Premium
   traffic as long as it is kept to a small percentage of the bottleneck
   path through a domain or is otherwise constrained to a well-known
   behavior. Similar restrictions might hold for Assured depending on
   the expectation associated with the service.

   In figure 6, we show an example of setting a Profile in a leaf
   router. A usage profile has been negotiated with the ISP for the
   entire domain and the BB parcels it out among individual flows as
   requested. The leaf router mechanism is that shown in figure 3, with
   the token bucket set to the parameters from the usage profile. The
   ISP's BB would configure its own Profile Meter at the ingress router
   from that customer to ensure the Profile was maintained. This
   mechanism was shown in figure 5. We assume that the time duration and
   start times for any Profile to be active are maintained in the BB.
   The Profile is sent to the ingress device or cleared from the ingress
   device by messages sent from the BB. In this example, we assume that
   van@lbl wants to talk to ddc@mit. The LBL-BB is sent a request from
   Van asking that premium service be assigned to a flow that is
   designated as having source address "V:4" and going to destination
   address "D:8". This flow should be configured for a rate of 128kb/sec
   and allocated from 1pm to 3pm. The request must be "signed" in a
   secure, verifiable manner. The request might be sent as data to the
   LBL-BB, an e-mail message to a network administrator, or in a phone
   call to a network administrator. The LBL-BB receives this message,
   verifies that there is 128kb/sec of unused Premium service for the
   domain from 1-3pm, then sends a message to Leaf1 that sets up an
   appropriate Profile Meter. The message to Leaf1 might be an RSVP
   message, or SNMP, or some proprietary method. All the domains passed
   must have sufficient reserve capacity to meet this request.



Nichols, et al.              Informational                     [Page 17]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   Figure 6. Bandwidth Broker setting Profiles in leaf routers

   A statically configured example with BB messages exchanged: Next we
   present an example where all allocations are statically preallocated
   but BB messages are exchanged for greater flexibility. Figure 7 shows
   an end-to-end example for Marked traffic in a statically allocated
   internet. The numbers at the trust region boundaries indicate the
   total statically allocated Marked packet rates that will be accepted
   across those boundaries. For example, 100kbps of Marked traffic can
   be sent from LBL to ESNet; a Profile Meter at the ESNet egress
   boundary would have a token bucket set to rate 100kbps. (There MAY be
   a shaper set at LBL's egress to ensure that the Marked traffic
   conforms to the aggregate Profile.) The tables inside the transit
   network "bubbles" show their policy databases and reflect the values
   after the transaction is complete. In Figure 7, V wants to transmit a
   flow from LBL to D at MIT at 10 Kbps. As in figure 6, a request for
   this profile is made of LBL's BB. LBL's BB authenticates the request
   and checks to see if there is 10kbps left in its Marked allocation
   going in that direction. There is, so the LBL-BB passes a message to
   the ESNet-BB saying that it would like to use 10kbps of its Marked
   allocation for this flow. ESNet authenticates the message, checks its
   database and sees that it has a 10kbps Marked allocation to NEARNet
   (the next region in that direction) that is being unused. The policy
   is that ESNet-BB must always inform ("ask") NEARNet-BB when it is
   about to use part of its allocation. NEARNET-BB authenticates the
   message, checks its database and discovers that 20kbps of the
   allocation to MIT is unused and the policy at that boundary is to not
   inform MIT when part of the allocation is about to be used ("<50 ok"
   where the total allocation is 50). The dotted lines indicate the
   "implied" transaction, that is the transaction that would have
   happened if the policy hadn't said "don't ask me". Now each BB can
   pass an "ok" message to this request across its boundary. This allows
   V to send to D, but not vice versa. It would also be possible for the
   request to originate from D.

   Figure 7. End-to-end example with static allocation.

   Consider the same example where the ESNet-BB finds all of its Marked
   allocation to NEARNet, 10 kbps, in use. With static allocations,
   ESNet must transmit a "no" to this request back to the LBL-BB.
   Presumably, the LBL-BB would record this information to complain to
   ESNet about the overbooking at the end of the month! One solution to
   this sort of "busy signal" is for ESNet to get better at anticipating
   its customers needs or require long advance bookings for every flow,
   but it's also possible for bandwidth brokerage decisions to become
   dynamic.





Nichols, et al.              Informational                     [Page 18]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   Figure 8. End-to-end static allocation example with no remaining
   allocation

   Dynamic Allocation and additional mechanism: As we shall see, dynamic
   allocation requires more complex BBs as well as more complex border
   policing, including the necessity to keep more state. However, it
   enables an important service with a small increase in state.

   The next set of figures (starting with figure 9) show what happens in
   the case of dynamic allocation. As before, V requests 10kbps to talk
   to D at MIT. Since the allocation is dynamic, the border policers do
   not have a preset value, instead being set to reflect the current
   peak value of Marked traffic permitted to cross that boundary. The
   request is sent to the LBL-BB.

   Figure 9. First step in end-to-end dynamic allocation example.

   In figure 10, note that ESNet has no allocation set up to NEARNet.
   This system is capable of dynamic allocations in addition to static,
   so it asks NEARNet if it can "add 10" to its allocation from ESNet.
   As in the figure 7 example, MIT's policy is set to "don't ask" for
   this case, so the dotted lines represent "implicit transactions"
   where no messages were exchanged. However, NEARNet does update its
   table to indicate that it is now using 20kbps of the Marked
   allocation to MIT.

   Figure 10. Second step in end-to-end dynamic allocation example

   In figure 11, we see the third step where MIT's "virtual ok" allows
   the NEARNet-BB to tell its border router to increase the Marked
   allocation across the ESNet-NEARNet boundary by 10 kbps.

   Figure 11. Third step in end-to-end dynamic allocation example

   Figure 11 shows NEARNet-BB's "ok" for that request transmitted back
   to ESNet-BB. This causes ESNet-BB to send its border router a message
   to create a 10 kbps subclass for the flow "V->D". This is required in
   order to ensure that the 10kpbs that has just been dynamically
   allocated gets used only for that connection. Note that this does
   require that the per flow state be passed from LBL-BB to ESNet-BB,
   but this is the only boundary that needs that level of flow
   information and this further classification will only need to be done
   at that one boundary router and only on packets coming from LBL. Thus
   dynamic allocation requires more complex Profile Metering than that
   shown in figure 5.

   Figure 12. Fourth step in end-to-end dynamic allocation example.




Nichols, et al.              Informational                     [Page 19]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   In figure 12, the ESNet border router gives the "ok" that a subclass
   has been created, causing the ESNet-BB to send an "ok" to the LBL-BB
   which lets V know the request has been approved.

   Figure 13. Final step in end-to-end dynamic allocation example

   For dynamic allocation, a basic version of a CBQ scheduler [5] would
   have all the required functionality to set up the subclasses. RSVP
   currently provides a way to move the TSpec for the flow.

   For multicast flows, we assume that packets that are bound for at
   least one egress can be carried through a domain at that level of
   service to all egress points. If a particular multicast branch has
   been subscribed to at best-effort when upstream branches are Marked,
   it will have its bit settings cleared before it crosses the boundary.
   The information required for this flow identification is used to
   augment the existing state that is already kept on this flow because
   it is a multicast flow. We note that we are already "catching" this
   flow, but now we must potentially clear the bit-pattern.

5. RSVP/int-serv and this architecture

   Much work has been done in recent years on the definition of related
   integrated services for the internet and the specification of the
   RSVP signalling protocol. The two-bit architecture proposed in this
   work can easily interoperate with those specifications. In this
   section we first discuss how the forwarding mechanisms described in
   section 3 can be used to support integrated services. Second, we
   discuss how RSVP could interoperate with the administrative structure
   of the BBs to provide better scaling.

5.1 Providing Controlled-Load and Guaranteed Service

   We believe that the forwarding path mechanisms described in section 3
   are general enough that they can also be used to provide the
   Controlled-Load service [8] and a version of the Guaranteed Quality
   of Service [9], as developed by the int-serv WG. First note that
   Premium service can be thought of as a constrained case of
   Controlled-Load service where the burst size is limited to one packet
   and where non-conforming packets are dropped. A network element that
   has implemented the mechanisms to support premium service can easily
   support the more general controlled-load service by making one or
   more minor parameter adjustments, e.g. by lifting the constraint on
   the token bucket size, or configuring the Premium service rate with
   the peak traffic rate parameter in the Controlled-Load specification,
   and by changing the policing action on out-of-profile packets from
   dropping to sending the packets to the Best-effort queue.




Nichols, et al.              Informational                     [Page 20]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   It is also possible to implement Guaranteed Quality of Service using
   the mechanisms of Premium service. From RFC 2212 [9]: "The definition
   of guaranteed service relies on the result that the fluid delay of a
   flow obeying a token bucket (r, b) and being served by a line with
   bandwidth R is bounded by b/R as long as R is no less than r.
   Guaranteed service with a service rate R, where now R is a share of
   bandwidth rather than the bandwidth of a dedicated line approximates
   this behavior." The service model of Premium clearly fits this model.
   RFC 2212 states that "Non-conforming datagrams SHOULD be treated as
   best-effort datagrams." Thus, a policing Profile Meter that drops
   non-conforming datagrams would be acceptable, but it's also possible
   to change the action for non-compliant packets from a drop to sending
   to the best-effort queue.

5.2 RSVP and BBs

   In this section we discuss how RSVP signaling can be used in
   conjunction with the BBs described in section 4 to deliver a more
   scalable end-to-end resource set up for Integrated Services. First we
   note that the BB architecture has three major differences with the
   original RSVP resource set up model:

   1. There exist apriori bilateral business relations between BBs of
   adjacent trust regions before one can set up end-to-end resource
   allocation; real-time signaling is used only to activate/confirm the
   availability of pre-negotiated Marked bandwidth, and to dynamically
   readjust the allocation amount when necessary. We note that this
   real-time signaling across domains is not required, but depends on
   the nature of the bilateral agreement (e.g., the agreement might
   state "I'll tell you whenever I'm going to use some of my allocation"
   or not).

   2. A few bits in the packet header, i.e. the P-bit and A-bit, are
   used to mark the service class of each packet, therefore a full
   packet classification (by checking all relevant fields in the header)
   need be done only once at the leaf router; after that packets will be
   served according to their class bit settings.

   3. RSVP resource set up assumes that resources will be reserved hop-
   by-hop at each router along the entire end-to-end path.

   RSVP messages sent to leaf routers by hosts can be intercepted and
   sent to the local domain's BB. The BB processes the message and, if
   the request is approved, forwards a message to the leaf router that
   sets up appropriate per-flow packet classification. A message should
   also be sent to the egress border router to add to the aggregate
   Marked traffic allocation for packet shaping by the Profile Meter on
   outbound traffic. (Its possible that this is always set to the full



Nichols, et al.              Informational                     [Page 21]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   allocation.) An RSVP message must be sent across the boundary to
   adjacent ISP's border router, either from the local domain's border
   router or from the local domain's BB. If the ISP is also implementing
   the RSVP with a BB and diff-serv framework, its border router
   forwards the message to the ISP's local BB. A similar process (to
   what happened in the first domain) can be carried out in the ISP
   domain, then an RSVP message gets forwarded to the next ISP along the
   path. Inside a domain, packets are served solely according to the
   Marked bits. The local BB knows exactly how much Premium traffic is
   permitted to enter at each border router and from which border router
   packets exit.

6. Recommendations

   This document has presented a reference architecture for
   differentiated services. Several variations can be envisioned,
   particularly for early and partial deployments, but we do not
   enumerate all of these variations here. There has been a great market
   demand for differentiated services lately. As one of the many efforts
   to meet that demand this memo sketches out the framework of a
   flexible architecture for offering differential services, and in
   particular defines a simple set of packet forwarding path mechanisms
   to support two basic types of differential services. Although there
   remain a number of issues and parameters that need further
   exploration and refinement, we believe it is both possible and
   feasible at this time to start deployment of differentiated services
   incrementally. First, given that the basic mechanisms required in the
   packet forwarding path are clearly understood, both Assured and
   Premium services can be implemented today with manually configured
   BBs and static resource allocation. Initially we recommend
   conservative choices on the amount of Marked traffic that is admitted
   into the network. Second, we plan to continue the effort started with
   this memo and the experimental work of the authors to define and
   deploy increasingly sophisticated BBs. We hope to turn the experience
   gained from in-progress trial implementations on ESNet and CAIRN into
   future proposals to the IETF.

   Future revisions of this memo will present the receiver-based and
   multicast flow allocations in detail.    After this step is finished,
   we believe the basic picture of an scalable, robust, secure resource
   management and allocation system will be completed. In this memo, we
   described how the proposed architecture supports two services that
   seem to us to provide at least a good starting point for trial
   deployment of differentiated services. Our main intent is to define
   an architecture with three services, Premium, Assured, and Best
   effort, that can be determined by specific bit- patterns, but not to
   preclude additional levels of differentiation within each service. It
   seems that more experimentation and experience is required before we



Nichols, et al.              Informational                     [Page 22]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   could standardize more than one level per service class. Our base-
   level approach says that everyone has to provide "at least" Premium
   service and Assured service as documented. We feel rather strongly
   about both 1) that we should not try to define, at this time,
   something beyond the minimalist two service approach and 2) that the
   architecture we define must be open-ended so that more levels of
   differentiation might be standardized in the future. We believe this
   architecture is completely compatible with approaches that would
   define more levels of differentiation within a particular service, if
   the benefits of doing so become well understood.

7. Acknowledgments

   The authors have benefited from many discussions, both in person and
   electronically and wish to particularly thank Dave Clark who has been
   responsible for the genesis of many of the ideas presented here,
   though he does not agree with all of the content this document. We
   also thank Sally Floyd for comments on an earlier draft. A comment
   from Jon Crowcroft was partially responsible for our including
   section 5. Comments from Fred Baker made us try to make it clearer
   that we are defining two base-level services, irrespective of the bit
   patterns used to encode them.

8. Security Considerations

   There are no security considerations associated with this document.

9. References

   [1] D. Clark, "Adding Service Discrimination to the Internet",
       Proceedings of the 23rd Annual Telecommunications Policy Research
       Conference (TPRC), Solomons, MD, October 1995.

   [2] V. Jacobson, "Differentiated Services Architecture", talk in the
       Int-Serv WG at the Munich IETF, August, 1997.

   [3] Clark, D. and J. Wroclawski, "An Approach to Service Allocation
       in the Internet", Work in Progress, also talk by D. Clark in the
       Int-Serv WG at the Munich IETF, August, 1997.

   [4] Braden, et al., "Recommendations on Queue Management and
       Congestion Avoidance in the Internet", RFC 2309, April 1998.

   [4] Braden, R., Zhang, L., Berson, S., Herzog, S. and S. Jamin,
       "Resource Reservation Protocol (RSVP) - Version 1 Functional
       Specification", RFC 2205, September 1997.





Nichols, et al.              Informational                     [Page 23]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


   [5] S. Floyd and V. Jacobson, "Link-sharing and Resource Management
       Models for Packet Networks", IEEE/ACM Transactions on Networking,
       pp 365-386, August 1995.

   [6] D. Clark, private communication, October 26, 1997.

   [7] "Advanced QoS Services for the Intelligent Internet", Cisco
       Systems White Paper, 1997.

   [8] Wroclawski, J., "Specification of the Controlled-Load Network
       Element Service", RFC 2211, September 1997.

   [9] Shenker, S., Partirdge, C. and R. Guerin, "Specification of
       Guaranteed Quality of Service", RFC 2212, September 1997.

   [10] D. Clark and W. Fang, "Explicit Allocation of Best Effort packet
       Delivery Service", IEEE/ACM Transactions on Networking, August,
       1998, Vol6, No 4, pp. 362-373. also at: http://
       diffserv.lcs.mit.edu/Papers/exp-alloc-ddc-wf.pdf

Authors' Addresses

   Kathleen Nichols
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134-1706

   Phone: 408-525-4857
   EMail:   kmn@cisco.com


   Van Jacobson
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134-1706

   EMail: van@cisco.com


   Lixia Zhang
   UCLA
   4531G Boelter Hall
   Los Angeles, CA  90095

   Phone: 310-825-2695
   EMail: lixia@cs.ucla.edu





Nichols, et al.              Informational                     [Page 24]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


Appendix: A Combined Approach to Differential Service in the Internet by
          David D. Clark

   After the draft-nichols-diff-svc-00 was submitted, the co-authors had
   a discussion with Dave Clark and John Wroclawski which resulted in
   Clark's using the presentation slot for the draft at the December
   1997 IETF Integrated Services Working Group meeting. A reading of the
   slides shows that it was Clark's proposal on "mechanisms",
   "services", and "rules" and how to proceed in the standards process
   that has guided much of the process in the subsequently formed IETF
   Differentiated Services Working Group. We believe Dave Clark's talk
   gave us a solid approach for bringing quality of service to the
   Internet in a manner that is compatible with its strengths.

   The slides presented at the December 1997 IETF Integrated Services
   Working Group are included with the Postscript version.



































Nichols, et al.              Informational                     [Page 25]

RFC 2638      Two-bit Differentiated Services Architecture     July 1999


Full Copyright Statement

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Nichols, et al.              Informational                     [Page 26]


 

RFC, FYI, BCP