Extensible Property Maps for the ALTO Protocol

The ALTO protocol introduced the concept of "properties" attached to "endpoint addresses," and defined the Endpoint Property Service (EPS) to allow clients to retrieve those properties. While useful, the EPS, as defined in RFC7285, has at least two limitations. First, it only allows properties to be associated with a particular domain of entities, namely individual IP addresses. It is reasonable to think that collections of endpoints, as defined by CIDRs or PIDs, may also have properties. Furthermore, recent proposals ( and ) have suggested new classes of entities with properties. The EPS cannot be extended to new entity domains. Instead, new services, with new request and response messages, would have to be defined for each new entity domain. Second, the EPS is only defined as a POST-mode service. Clients must request the properties for an explicit set of addresses. By contrast, defines a GET-mode Cost Map resource which returns all available costs, so a client can get the full set of costs once, and then lookup costs without querying the ALTO server. RFC7285 does not define an equivalent service for endpoint properties. Granted, it is not be practical to enumerate the properties for every possible internet address. But it is unlikely a property will be defined for every possible address. It is very likely that properties will only be defined for a subset of addresses, and that subset would be small enough to enumerate. This is particularly true if blocks of addresses with a common prefix (e.g., a CIDR) have the same value for a property. Furthermore, entities in other domains may very well be enumerable. This document proposes a new approach to ALTO properties. Specifically, it defines two new resource types, namely Property Maps and Filtered Property Maps. The former are GET-mode resources which return the property values for all entities in a domain, and are analogous the ALTO's Network Map and Cost Map resources. The latter are POST-mode resources which return the values for a set of properties and entities requested by the client, and are analogous to ALTO's Filtered Network Maps and Filtered Cost Maps. Entity domains and property names are extensible, so that new domains can be defined without revising the messages defined in this document, in the same way that new cost metrics and new endpoint properties can be defined without revising the messages defined by the ALTO protocol. This proposal would subsume the Endpoint Property Service defined in RFC7285, although that service may be retained for legacy clients (see ).

An entity is an object with a (possibly empty) set of properties. Every entity is in a domain, such as the IPv4 and IPv6 domains, and has a unique address.

A domain is a family of entities. Examples are the internet address and PID domains (see and ). Another example is the proposed domain of Abstract Network Elements associated with topology and routing, as suggested by .

Each entity has a unique name of the form:

Examples from the IP domain include individual addresses such as "ipv4:192.0.2.14" and "ipv6:2001:db8::12", as well as address blocks such as "ipv4:192.0.2.0/26" and "ipv6:2001:db8:1/48". The type EntityAddr denotes a JSON string with an entity address in this format. The format of the second part of an entity address depends on the domain, and must be specified when registering a new domain. Addresses may be hierarchical, and properties may be inherited based on that hierarchy. Again, the rules defining any hierarchy or inheritance must be defined when the domain is registered. Note that entity addresses do NOT have a unique textual representation. For example, the strings "ipv6:2001:db8::1" and "ipv6:2001:db8:0:0:0:0:0:1" refer to the same entity.

Each domain has a unique name. A domain name MUST be no more than 32 characters, and MUST NOT contain characters other than US-ASCII alphanumeric characters (U+0030-U+0039, U+0041-U+005A, and U+0061-U+007A), hyphen (’-’, U+002D), and low line (’_’, U+005F). For example, the names "ipv4" and "ipv6" identify objects in the internet address domain (). The type DomainName denotes a JSON string with a domain name in this format. Domain names must be registered with the IANA, and the format of the entity addresses in that domain, as well as any hierarchical or inheritance rules for those entities, must be specified at the same time.

The space of property names associated with entities defined by this document is the same as, and is shared with, the endpoint property names defined by . Thus entity property names are as defined in Section 10.8.2 of that document, and must be registered with the "ALTO Endpoint Property Type Registry" defined in Section 14.3 of that document. The type PropertyName denotes a JSON string with a property name in this format. Property names are not specific to a domain, although some properties may only be applicable for particular domains, and the interpretation of the value may depend on the domain. For example, suppose the "geo-location" property is defined as the coordinates of a point, encoded as (say) "latitude longitude [altitude]." When applied to an entity that represents a specific host computer, such as an internet address, the property defines the host's location. When applied to an entity that represents a set of computers, such as a CIDR, the property would be the location of the center of that set. If it is necessary to represent the bounding box of a set of hosts, another property, such as "geo-region", should be defined.

recognizes that some properties may be specific to another ALTO resource, such as a network map. Accordingly defines the concept of "resource-specific endpoint properties" (Section 10.8.1), and indicates that dependency by prefixing the property name with the ID of the resource on which it depends. That document defines one resource-specific property, namely the "pid" property, whose value is the name of the name of the PID containing that endpoint in the associated network map. This document takes a different approach. Instead of defining the dependency by qualifying the property name, this document attaches the dependency to the property map as a whole. Thus all properties in a given property map depend on the same resource. Furthermore, entity addresses may depend on a network map (for example, the Abstract Network Elements suggested by ). Associating the dependency with the property map handles any entity address dependencies as well. The "uses" field in an IRD entry defines the dependencies of a property map resource, and the "dependent-vtags" field in a property map response defines the dependencies of that map. These fields are defined in Sections 9.1.5 and 11.1 of , respectively. This is similar to how RFC7285 handles dependencies between cost metrics and network maps. Recall that cost maps present the costs between PIDs, and PID names depend on a network map. If an ALTO server provides the "routingcost" metric for the network maps "net1" and "net2", then the server defines two separate cost maps, one for "net1" and the other for "net2". According to , an ALTO server with two network maps, with resource IDs "net1" and "net2", could offer a single Endpoint Property Service for the two properties "net1.pid" and "net2.pid". Instead, an ALTO server which supports the extensions in this document would offer two different property maps for the "pid" property, one depending on "net1", the other on "net2".

This document defines the following entity domains.

The domain of internet addresses consists of two domains (IPv4 and IPv6). Both domains include individual addresses and blocks of addresses.

ipv4

Individual addresses are strings as specified by the IPv4Addresses rule of Section 3.2.2 of . Blocks of addresses are prefix-match strings as specified in Section 3.1 of . For the purpose of defining properties, an individual internet address and the corresponding full-length prefix are considered aliases for the same entity. Thus "ipv4:192.0.2.0" and "ipv4:192.0.2.0/32" are equivalent, and have the same set of properties, as are "ipv6:2001:db8::" and "ipv6:2001:db8::/128".

ipv6

Individual addresses are strings as specified by Section 4 of . Blocks of addresses are prefix-match strings as specified in Section 7 of . For the purpose of defining properties, an individual internet address and the corresponding 128-bit prefix are considered aliases for the same entity. That is, "ipv6:2001:db8::1" and "ipv:2001:db8::1/128" are equivalent, and have the same set of properties.

Both domains allow property values to be inherited. Specifically, if a property P is not defined for a specific internet address IP, but P is defined for some block C which prefix-matches IP, then the address IP inherits the value of P defined for block C. If more than one such block defines a value for P, IP inherits the value of P in the block with the longest prefix. Address blocks can also inherit properties: if property P is not defined for a block C, but is defined for some block C' prefix-matches C, and C' has a shorter mask than C, then block C inherits the property from C'. If there are several such blocks C', C inherits from the block with the longest prefix. As an example, suppose that a server defines the property P for the following entities:

Then the following entities have the indicated values:

An internet address domain may or may not be associated with an ALTO network map resource. Logically, there is a map of internet address entities to property values for each network map defined by the ALTO server, plus an additional property map for internet address entities which are not associated with a network map. These maps are separate from each other. The prefixes in the property map do not have to correspond to the prefixes defining the network map's PIDs. For example, the property map for a network map may assign properties to "ipv4:192.0.2.0/24" even if that prefix is not associated with any PID in the network map.

The PID domain associates property values with the PIDs in a network map. Accordingly, this domain always depends on a network map.

pid

The entity addresses are the PID names of the associated network map.

There is no hierarchy or inheritance for properties associated with PIDs.

The PID domain and the internet address domains are completely independent; the properties associated with a PID have no relation to the properties associated with the prefixes or endpoint addresses in that PID. An ALTO server MAY choose to assign some or all properties of a PID to the prefixes in that PID, but is not required to do so. For example, suppose "PID1" consists of the prefix "ipv4:192.0.2.0/24", and has the property "P" with value "v1". The internet address entities "ipv4:192.0.2.0" and "ipv4:192.0.2.0/24" may or may not have a value for the property "P", and if they do, it is not necessarily "v1".

Because the internet address and PID domains are completely separate, the question may arise as to which domain is best for a property. In general, the internet address domain is best for properties that are closely related to the internet address, or which are associated with, and inherited through, blocks of addresses. The PID domain is best for properties that arise from the definition of the PID, rather than from the internet address prefixes in that PID. For example, because internet addresses are allocated to server providers by blocks of prefixes, an "ISP" property would be best associated with the internet address domain. On the other hand, a property that explains why a PID was formed, or how it relates the a provider's network, would best be associated with the PID domain.

A Property Map returns the properties defined for all entities in one of more domains. gives an example of a property map request and response.

The media type of an ALTO Property Map resource is "application/alto-propmap+json".

An ALTO Property Map resource is requested using the HTTP GET method.

None.

The capabilities are defined by an object of type PropertyMapCapabilities:

; PropertyName prop-types<1..*>; } PropertyMapCapabilities; ]]> where "domain-types" is an array with the domains of the entities in this property map, and "prop-types" is an array with the names of the properties returned for entities in those domains.

An array with the resource ID(s) of resource(s) with which the domains in this map are associated. In most cases, this array will have at most one ID, and it will be for a network map resource.

If the domains in this property map depend on other resources, the "dependent-vtags" field in the "meta" field of the response MUST be an array that includes the version tags of those resources. The data component of a Property Map response is named "property-map", which is a JSON object of type PropertyMapData, where:

EntityProps; } PropertyMapData; object { PropertyName -> JSONValue; } EntityProps; ]]> The ResponseEntityBase type is defined in Section 8.4 of . Specifically, a PropertyMapData object has one member for each entity in the Property Map. The entity's properties are encoded in the corresponding EntityProps object. EntityProps encodes one name/value pair for each property, where the property names are encoded as strings of type PropertyName. A protocol implementation SHOULD assume that the property value is either a JSONString or a JSON "null" value, and fail to parse if it is not, unless the implementation is using an extension to this document that indicates when and how property values of other data types are signaled. For each entity in the Property Map, the ALTO Server returns the value defined for each of the properties specified in this resource's "capabilities" list. For efficiency, the ALTO Server SHOULD omit property values that are inherited rather than explicitly defined; if a client needs inherited values, the client SHOULD use the domain's inheritance rules to deduce those values. An ALTO Server MAY explicitly define a property as not having a value for a particular entity. That is, a server may say that a property is "defined to have no value", as opposed to the property being "undefined". If that entity would inherit a value for that property, then the ALTO server MUST return a "null" value for that property, and an ALTO client MUST recognize a "null" value means "do not apply the inheritance rules for this property." If the entity would not inherit a value, the ALTO server MAY return "null" or MAY just omit the property. If the ALTO Server does not define any properties for an entity, then the server MAY omit that entity from the response.

A Filtered Property Map returns the values of a set of properties for a set of entities selected by the client. , and give examples of filtered property map requests and responses.

The media type of an ALTO Property Map resource is "application/alto-propmap+json".

An ALTO Property Map resource is requested using the HTTP POST method.

The input parameters for a Filtered Property Map request are supplied in the entity body of the POST request. This document specifies the input parameters with a data format indicated by the media type "application/alto-propmapparams+json", which is a JSON object of type ReqFilteredPropertyMap:

PropertyName properties<1..*>; } ReqFilteredPropertyMap; ]]> with fields: List of entity addresses for which the specified properties are to be returned. The ALTO server MUST interpret entries appearing multiple times as if they appeared only once. The domain of each entity MUST be included in the list of domains in this resource's "capabilities" field (). List of properties to be returned for each entity. Each specified property MUST be included in the list of properties in this resource's "capabilities" field (). The ALTO server MUST interpret entries appearing multiple times as if they appeared only once. Note that the "entities" and "properties" fields MUST have at least one entry each.

The capabilities are defined by an object of type PropertyMapCapabilities, as defined in .

An array with the resource ID(s) of resource(s) with which the domains in this map are associated. In most cases, this array will have at most one ID, and it will be for a network map resource.

The response is the same as for the property map (), except that it only includes the entities and properties requested by the client. Also, the Filtered Property Map response MUST include all inherited property values for the specified entities (unlike the Full Property Map, the Filtered Property Map response does not include enough information for the client to calculate the inherited values).

The property maps defined in this document provide the same functionality as the Endpoint Property Service (EPS) defined in Section 11.4 of . Accordingly, it is RECOMMENDED that the EPS be deprecated in favor of property maps. However, ALTO servers MAY provide an EPS for the benefit of legacy clients.

Section 10.8 of defines two categories of endpoint properties: "resource-specific" and "global". Resource-specific property names are prefixed with the ID of the resource they depended upon, while global property names have no such prefix. The property map resources defined in this document do not distinguish between those two types of properties. Instead, if there is a dependency, it is indicated by the "uses" capability of a property map, and is shared by all properties and entity domains in that map. Accordingly, it is RECOMMENDED that resource-specific endpoint properties be deprecated, and no new resource-specific endpoint properties be defined.

Section 7.1.1 of defines the resource-specific endpoint property "pid", whose value is the name of the PID containing that endpoint. For compatibility with legacy clients, an ALTO server which provides the "pid" property via the Endpoint Property Service MUST use that definition, and that syntax, in the EPS resource. However, when used with property maps, this document amends the definition of the "pid" property as follows. First, the name of the property is simply "pid"; the name is not prefixed with the resource ID of a network map. The "uses" capability of the property map resource indicates the associated network map. This implies that a property map can only return the "pid" property for one network map; if an ALTO server provides several network maps, it must provide a property map resource for each one. Second, a client MAY request the "pid" property for a block of addresses. An ALTO server determines the value of "pid" for an address block C as follows. Let CS be the set of all address blocks in the network map. If C is in CS, then the value of "pid" is the name of the PID associated with C. Otherwise, find the longest block C' in CS such that C' prefix-matches C, but is shorter than C. If there is such a block C', the value of "pid" is the name of the PID associated with C'. If not, then "pid" has no value for block C. Note that although an ALTO server MAY provide a GET-mode property map resource which returns the entire map for the "pid" property, there is no need to do so, because that map is simply the inverse of the network map.

In general, there should be little or no impact on other previously defined properties. The only consideration is that properties can now be defined on blocks of addresses, rather than just individual addresses, which might change the semantics of a property.

The examples in this section use a very simple default network map:

The examples in this section use four additional properties, "ISP", "ASN", "country" and "state", with the following values:

The following IRD defines the relevant resources of the ALTO server. It provides two Property Map resources, one for the "ISP" and "ASN" properties, and another for the "country" and "state" properties. The server could have provided a Property Map resource for all four properties, but did not, presumably because the organization that runs the ALTO server believes any given client is not interested in all four properties. The server provides two Filtered Property Maps. The first returns all four properties, and the second just returns the "pid" property for the default network map. The Property Maps for the "ISP", "ASN", "country" and "state" properties do not depend on the default network map (they do not have a "uses" capability), because the definitions of those properties do not depend on the default network map. The Filtered Property Map for the "pid" property does have a "uses" capability for the default network map, because that defines the values of the "pid" property. Note that for legacy clients, the ALTO server provides an Endpoint Property Service for the "pid" property for the default network map.

The following example uses the properties and IRD defined above to retrieve a property map for entities with the "ISP" and "ASN" properties. Note that the response does not include the entity "ipv4:192.0.2.0", because it does not have a value for either of those properties. Also note that the entities "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28" are refinements of "ipv4:192.0.2.0/24", and hence inherit its value for "ISP" property. But because that value is inherited, it is not explicitly listed in the property map.

The following example uses the Filtered Property Map resource to request the "ISP", "ASN" and "state" properties for several IPv4 addresses. Note that the value of "state" for "ipv4:192.0.2.0" is the only explicitly defined property; the other values are all derived by the inheritance rules for internet address entities.

The following example uses the Filtered Property Map resource to request the "ASN", "country" and "state" properties for several IPv4 prefixes. Note that none of the returned property values were explicitly defined; all values are derived by the inheritance rules for internet address entities. Also note the "ASN" property has the value "12345" for both the blocks "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28", so every address in the block "ipv4:192.0.2.0/27" has that property value. However the block "ipv4:192.0.2.0/27" itself does not have a value for "ASN": address blocks cannot inherit properties from blocks with longer prefixes, even if every such block has the same value.

The following example uses the Filtered Property Map resource to request the "pid" property for several IPv4 addresses and prefixes. Note that the value of "pid" for the prefix "ipv4:10.0.0.0/15" is "pid1", even though all addresses in that block are in "pid2", because "ipv4:10.0.0.0/8" is the longest prefix in the network map which prefix-matches "ipv4:10.0.0.0/15", and that prefix is in "pid1".

As discussed in Section 15 of , properties may have sensitive customer-specific information. If this is the case, an ALTO Server may limit access to those properties by providing several different property maps. For non-sensitive properties, the ALTO Server would provide a URI which accepts requests from any client. Sensitive properties, on the other hand, would only be available via a secure URI which would require client authentication. Also, while technically this document does not introduce any security risks not inherent in the Endpoint Property Service defined by , the GET-mode property map resource defined in this document does make it easier for a client to download large numbers of property values. Accordingly, an ALTO Server should limit GET-mode property maps for to properties which do not contain sensitive data.

This document defines additional application/alto-* media types, and extends the ALTO endpoint property registry.

This document registers two additional ALTO media types, listed in . Type Subtype Specification application alto-propmap+json application alto-propmapparams+json application This documents registers multiple subtypes, as listed in . n/a n/a Encoding considerations are identical to those specified for the "application/json" media type. See . Security considerations relating to the generation and consumption of ALTO Protocol messages are discussed in Section 15 of . This document specifies format of conforming messages and the interpretation thereof. This document is the specification for these media types; see for the section documenting each media type. ALTO servers and ALTO clients either stand alone or are embedded within other applications. n/a This document uses the mime type to refer to protocol messages and thus does not require a file extension. n/a See Authors' Addresses section. COMMON n/a See Authors' Addresses section. Internet Engineering Task Force (mailto:iesg@ietf.org).

This document requests IANA to create and maintain the "ALTO Entity Domain Registry", listed in . Identifier Entity Address Encoding Hierarchy & Inheritance ipv4 See See ipv6 See See pid See None This registry serves two purposes. First, it ensures uniqueness of identifiers referring to ALTO entity domains. Second, it states the requirements for allocated domain names. New ALTO entity domains are assigned after IETF Review to ensure that proper documentation regarding the new ALTO entity domains and their security considerations has been provided. RFCs defining new entity domains should indicate how an entity in a registered domain is encoded as an EntityName, and, if applicable, the rules defining the entity hierarchy and property inheritance. Updates and deletions of ALTO entity domains follow the same procedure. Registered ALTO entity domain identifiers MUST conform to the syntactical requirements specified in . Identifiers are to be recorded and displayed as strings. Requests to add a new value to the registry MUST include the following information: Identifier: The name of the desired ALTO entity domain. Entity Address Encoding: The procedure for encoding the address of an entity of the registered type as an EntityAddr (see ). Hierarchy: If the entities form a hierarchy, the procedure for determining that hierarchy. Inheritance: If entities can inherit property values from other entities, the procedure for determining that inheritance. Security Considerations: In some usage scenarios, entity addresses carried in ALTO Protocol messages may reveal information about an ALTO client or an ALTO service provider. Applications and ALTO service providers using addresses of the registered type should be made aware of how (or if) the addressing scheme relates to private information and network proximity. This specification requests registration of the identifiers "ipv4", "ipv6" and "pid", as shown in .

The ALTO Endpoint Property Type Registry was created by . If possible, the name of that registry should be changed to "ALTO Entity Property Type Registry", to indicate that it is not restricted to Endpoint Properties. If it is not feasible to change the name, the description must be amended to indicate that it registers properties in all domains, rather than just the internet address domain.