Jun 13, 2005 - Freek Dijkstra*, Bas van Oudenaarde*, Bert Andree, Leon Gommans,. Jeroen van der Ham ..... other services from the exchange without manual in- tervention at the ..... an Optical Internetâ, Journal of High-Speed networks, pp.
Control Models at Interconnection Points Freek Dijkstra*, Bas van Oudenaarde*, Bert Andree, Leon Gommans, Jeroen van der Ham, Karst Koymans, Cees de Laat Advanced Internet Research group, Universiteit van Amsterdam, Kruislaan 403, 1098 SJ Amsterdam, The Netherlands * Corresponding Authors {fdijkstr, oudenaar}@science.uva.nl 13 June 2005 riety of services on the control plane1 . These functions may include automated provisioning of network elements, authorizing a request based on a policy, providing information on existing connections, checking the availability of certain resources, perhaps also a broker service or an index server listing the available resources. Communities like GLIF [2] aim to standardize the services both on the transport and on the control plane. This article aims to provide a common vocabulary for this discussion, highlights problems and suggest how to solve them. We focus on the operational aspects of exchanges, not on business models. In this section we introduce a concise definition of terms like domain, administrative- and operational control, as well as open and automated.
Submitted for IEEE Communications Magazine, Feature topic Optical Control Planes for Grid Networks: Opportunities, Challenges and the Vision. Keywords: Interconnection Point, Lamda Exchange, Open Optical Exchange, Internet Exchange, Peering facility, Control model.
Abstract New types of exchange points, like Optical Exchanges and GMPLS exchanges have been described in the last few years. Optical and lambda exchanges are now deployed. However, these interconnection points are not defined in systematic way in the literature. We classify interconnection points, mainly by discriminating on the properties of the control planes. Three control models are defined: the autonomous, federated and distributed control model. In addition we define in which cases the adjectives “open” and “automated” can be applied to the control models. This article aims to reach community consensus about a common terminology.
1
1.1
Peering
Traffic between separate networks is often exchanged at geographically clustered locations, called Interconnection Points or Peering Points [3, 4]. For the regular Internet, the Internet Service Providers (ISPs), can interconnect using either transit or peering [5]. Peering, in most literature, is limited to providing connectivity to each other’s networks and to the customers of the other network, but not to other destinations. In this article however, we do not distinguish between peering and transit. In our terminology peers are network owners who connect to an interconnection point and peering is the concept of exchanging traffic between peers, regardless of the economic model.
Introduction
The main function of interconnection points is to facilitate traffic flows between peers. However, an exchange may also offer more advanced network services [1], like the conversion of data between different formats (interworking) and layers (elevator services). Likewise, an exchange may also offer a wide va-
1 In this article, we do not distinguish between the control plane and the higher-level service plane.
1
Traffic type
Internet Exchange Transports traffic at layer 2, peers connect with layer 3 devices IP traffic only
End-points
AS-to-AS network
Technology
Often packet switched, sometimes label-switched (with virtual circuits like MPLS and ATM) Only data transport
OSI Layer
Services
Dynamics
Stateless, or state changes only when peering relations change
Optical Exchange Transports traffic at layer 1 or layer 2, peers connect at that same layer. Any packet data or any data at a specific framing or bit rate Host to host connections (connections are part of a larger circuit) Circuit or virtual-circuit switched (e.g. using SONET or VLANs) Data transport, as well as other services, like the conversion of data between different formats and layers State changes for each data transport
Table 1: Typical differences between Internet Exchanges and current Optical Exchanges. This table will change over time, as new technologies become available and are implemented.
1.2
Types of Interconnection Points
are also known as Internet Exchange Points (IXP) or Network Access Points (NAP). Mobile Roaming Exchanges (MRX), such as GPRS Roaming Exchanges (GRX) [6] and UMTS exchanges, exchange packet data for respectively 2.5th and 3rd (3G) generation mobile telephony. In telecommunications, however, the term “exchange” is different from our usage and refers to a transit provider rather than an interconnection point. An exchange point between mobile roaming exchanges is technically no different then a packet-based2 Internet exchange. Optical Exchanges3 are interconnection points where multiple parties exchange traffic. Current optical exchanges4 are transport exchanges which use switched circuits (and become a part of a larger dynamic circuit) to transport large quantities of data between end-points. Optical Exchanges (OX) [1] are also known as Lambda Exchanges or Grid Exchange Points (GXP), since they focus on switching circuits on optical networks for use in Grid-based applications. GMPLS Internet Exchanges (GMPLSIX) as defined by Tomic and Jukan [7] share the concept of circuit-switched interconnection points, but have not been implemented yet. Unlike exchanges, a Point of Presence (POP) is an interconnection point where the peers are unequal. Access networks connect with an upstream
The most trivial interconnection point is a colocation that provides no other functionality than rack space and power. This already gives the peers at the co-location the ability to initiate bilateral peerings with other peers at the same facility. However, we are interested in exchanges, which are interconnection points with one or more core networks in place, dedicated for the exchange of traffic between peers. 1.2.1
Classification
Based on the functions, rather than the technical implementation, we currently observe four types of interconnection points: • Internet Exchanges, • Mobile Roaming Exchanges, • Optical Exchanges, and • Points of Presence. An Internet Exchange serves as an interconnection point to exchange packet data between individual peers. The peers have one or a few physical connections to a central core infrastructure. The core network can be Ethernet LAN-, ATM-, or MPLSbased. The first variant is stateless, while the other two are stateful and require that the individual peers set up a path between them. Such a path is a channel in the physical connection. Internet Exchanges (IX)
2 GPRS and UMTS are packet based. The older CSD system is circuit switched. 3 Optical does not imply that the exchange itself is purely photonic. 4 For example NetherLight, StarLight, ManLan experimental switch, T-Lex, HK Light, UKLight and NorthernLight.
2
for the behavior of a device and has the final responsibility in case of hazards and abuse. In addition, each network element can also have a separate operator, the person, organization, or software component that configures and operates the device on behalf of the administrator. The administrator determines the policy for a network element; the operator enforces this policy. Finally, the users may use or invoke an element, if their request is in compliance with the active policy. We assume that each network element has exactly one legal owner, one economic owner, one administrator and one operator, but may have multiple users over time (though typically only one at a specific time).
network provider at a POP. In this case, the peers are unequal since the upstream provider accepts transit traffic from the customer (for a fee), but the reverse is not true. 1.2.2
Optical and Internet Exchange
There is no clear boundary between the different interconnection points since each interconnection point may take multiple roles. For example, customers at a POP may also directly peer with each other, a function typically seen at exchanges. Circuit switching is typically associated with optical exchanges, but not a technical necessity: ATMand MPLS-based Internet exchanges are also circuit switched and it might be possible to create a non-circuit switched optical exchange using Optical Burst Switching (OBS) [8]. Table 1 highlights the typical differences between Internet exchanges and current optical exchanges. We strongly believe that these differences will disappear as time progresses. First of all, there is a tendency for current optical exchanges to provide network services and one of the future services might be multiparty peering like in a LAN-based Internet exchange. Secondly, Internet exchanges also tend to offer more services which are now regarded as optical exchange functions, like private circuits between two peers5 . Third, there is a tendency that Internet exchanges and optical exchanges are built in the same cities6 , which indicates a possible economic advantage of combining exchanges on the same physical location. We use the term Transport Exchange to refer to current-day optical exchanges.
1.3.2
Domains
We define a domain as a set of network elements8 . An administrative domain is a set of network elements with the same administrator. An operational domain is a set of network elements with the same operator. A core network is an operational domain within an interconnection point that is able to exchange traffic between at least three different peers. Core networks are of special interest throughout this article and we use the term core to refer to a core network and its operator.
1.3.3
Examples
Often the legal owner, economic owner, administrator and operator of a network element are the same. But this is not always the case. 1.3.1 Owner, Administrator, Operator and An organization may sign a contract with a transUsers oceanic carrier to lease a fiber for a year. In this We distinguish between legal owner, economic case, the carrier is the legal owner, while the other owner, administrator, operator and user(s) for each organization is the economic owner. If an organization decides to outsource the mainnetwork element7 . The legal owner of a network element is the entity that purchased the device and tenance of their network, the administrator and opthe economic owner is the entity that acquired the erator of each network element in this network are usage rights from the legal owner. Furthermore, different entities. each network element has an administrator, who In the next subsection we explain the concept of manages the configuration and determines its pol- open control, where the exchange is both the ecoicy. This is the entity that carries the responsibility nomic owner as well as the operator of a specific interface, while the peer is the administrator of this 5 For example, the Amsterdam Internet Exchange AMS-IX alinterface.
1.3
Ownership
ready provides Private Interconnects and Closed User Groups. 6 For example, Chicago and Amsterdam. 7 Network element is a generic term to include network devices, links, interfaces and hosts.
8 Including non-disjoint sets. Note that a domain does not necessarily have to be an AS-domain.
3
Control plane
Transport plane core
core
Figure 1: Example of a closed control model (on the left) and an open control model (on the right), with the same physical network. In this picture, each circle represents an administrative domain, both on the transport and the control plane. On the transport plane, the administrative domains are interconnected with links. On the control plane, the administrative domains communicate with each other in order to jointly achieve a network configuration.
1.4
Open Exchanges
1.4.1
Open Control Model
for new peers to join, and has a reasonable and nondiscriminatory (RAND) policy9 towards its peers. The word “open” in “open exchanges” may refer to In our view, all exchanges should be public. A at least four different meanings. We recommend that non-public interconnection point is called “private” it is only used for open control, as described in 1.4.1. or “non-neutral”. For other meanings, we recommend to use alternative wording, as described in 1.4.2 to 1.4.4. 1.4.3 Service Exposure The term “service exposure” or “transparent” can be used to refer to the ability by peers to look in the inner workings of the exchange.
In a closed interconnection point, the core operator ultimately decides on the policy for each interface in the core network. In an open interconnection point, on the other hand, the core delegates administrative control of each external interface to the peer that connects to that interface. So peers of an open exchange have the ability to configure “their” interface in the core network and thus can decide who connects to their network. The operational control of an interface is always carried out by the operator of the device (typically the owner). In the closed model, the administrator and operator of the interface are the same, while in the open model, they are different since the decision-making is delegated to the peers. Figure 1 shows an example of a closed and an open control model of the same network. 1.4.2
1.4.4
Automated Exchange
An exchange is called “automated” if peers are able to set up circuits between each other and invoke other services from the exchange without manual intervention at the core.
2
Control Models
In this section, we define three different control models for interconnection points: the autonomous, federated and distributed control model. The autonomous control model is the simplest model. The federated and the distributed control model respectivly extend the autonomous- and the federated control.
Business Model
We use the word “public” or “neutral” to refer to an 9 This seems to imply equal access rights to all peers. Howinterconnection point with an open business model. ever, a distinction may be made based on the service level, An open business model requires that an intercon- as long as the service level is achievable by all peers on nonnection point must have a published, clear policy discriminatory conditions. E.g., if they pay a certain fee. 4
The autonomous control model is always closed.
These models make a clear distinction between administrative and operational control of the network elements. We consider a few operational domains on the transport plane, each operated by a specific operator. For each model, we explain how the administrative domains can control network elements and in particular how peers can administratively control network elements in the core network. It is only possible to control network elements in another operation domain if the operators work together by sending messages to each other. It should be noted that we do not assume that these messages are automated.
2.1
2.2
In the federated control model, the interconnection point has exactly one core network. The core network is owned by an independent entity (often a federation formed by all members of the exchange). The facility offers services to each peer, including the ability to interconnect with other peers. The inner workings of the core network may be unknown to the peers (making it a black box), but peers can still check information about the state of some resources. For example, a peer can still inquire about the availability of a certain resource or get the status of a circuit it established earlier.
Autonomous Control Model
In the autonomous control model, there is exactly one core network, which is administratively and operationally controlled by a single organization. Peers can connect their network to the interconnection point, but there is no interaction between the peers, or between the peers and the core network on the control plane. Figure 2 shows an example of the autonomous control model. Typically the administrator of a core network determines one or a limited number of policies. Peers can either accept this policy and connect to the facility or decide to take their business elsewhere. Such pre-established policies are defined in contracts (Service Level Agreements) and may include connection details, such as wavelength, power-level and framing format.
Control plane
Transport plane
D
Figure 3 shows an example of the federated control model. When a peer wants to use a certain service, it invokes the operator of the core network, which may delegate parts of the request to other parties. For example, if peer D sends a request to set up a circuit from B to D, the core operator checks if the requested resources in the core itself are available and contacts the administrator of the resources involved. In the case of open control, it asks peer B if this request must be honored. If that is true, the core operator then creates the requested circuit. Let’s assume that in this example the circuit from B to D needs a WAN PHY to LAN PHY conversion service, only available at C. Then the core operator gains access to that service from C on behalf of the original requester. By doing so, it delegates part of the original request to C. The peers can independently decide what resources or services they share in the interconnection point with the other peering partners. If the peers offer non-trivial services, like the aforementioned conversion service, the core operator can offer a sharing index service. For each request, this central index
core C
core
Figure 3: Example of the federated control model. The transport plane is the same as in figure 2, but the control plane is different: here the controller of each peer exchanges messages with the controller of the core network.
B
A
B
A
C
Control plane
Transport plane
Federated Control Model
D
Figure 2: Example of the autonomous control model. The transport plane shows five distinct operational domains: core, A, B, C and D, each operated by a controller on the control plane. On the transport plane, each box represents an operational domain, interconnected by links. On the control plane, each square represents a separate controller. A LAN-based Internet exchange is an example of the autonomous control model. While peers can not configure any services in the core network with the autonomous control model, the core may still offer static services on the transport plane, which do not require configuration. 5
core network. For example, C may expose some network elements to the other peers, which can be used by A or D to interconnect, either to C, or between each other through the core network of C. Also, B and D may decide to put some network resources in a pool, forming another, joint, core network. Typically, a core network formed by multiple peers is exposed as one single core network by a broker, which then delegates incoming requests to the individual operators of the peers.
can be queried to see if it the required resources are available and who owns them. Section 4 discusses how AAA (Authentication, Authorization and Accounting) services can be used to provide automated admission control by resource operators.
2.3
Distributed Control Model
In the distributed control model there can be multiple federations, each controlling a different core network. Every party can bring in its own equipment, e.g. fibers, and most important: its own services (and control software). Each peer is responsible for exposing its own services to the rest of the community, possibly without revealing the inner details. A broker may combine multiple services and expose this combination as a single service. The idea is each peer still operationally controls its own network elements, but interacts with other operators, or partially delegates its administrative control, forming collaborations. Each peer can partner in multiple collaborations. It is possible to regard one instance of the distributed control model as multiple interconnected instances of the federated control model. However, the distributed control model highlights the intelligence that is required to make all parts work together. This intelligence is not always necessary in the federated model.
3
In our view, an exchange does not only exist of the transport network itself, but also of the services it is offering at the control plane. In this section we discuss how an operator, typically a peer, interacts with other operators and in particular with the operator of the core network. In the autonomous control model, there is no interaction between the different operators, so this section does not apply to that model.
3.1
B
A*
C*
Automated Exchanges
The interaction between operators does not have to be automated. It is possible that the messages between the operators require manual intervention. However, the strength of the federated and the distributed control model lies in the fact that peers can provision the state of the exchange in real time; this requires automated control.
Control plane
Transport plane
Control Plane Services
3.2
D*
Service Oriented Architecture
If the available services are not known in advance, for example because the number of services is large, it is desirable to use a common way for service discovery and invocation. This requires that each core network exposes its control plane as software service(s) to the connected peers. This can be done using index services for discovery and a common way of interfacing for invocation. Web services are an example of a common interface. If the advertisements of the services are described in self-contained service-contracts, with an independent control of these services, this results in a Service Oriented Architecture (SOA) [9]. In such an architecture, the services are pluggable. This means that each peer, independent of the other peers, can easily add, change, or drop services to or from the interconnection point.
Figure 4: Example of the distributed control model, which does not show a distinction between core networks and other networks. In the other models, the core network is special since it is the only network that connect to other networks (of the peers). However, in the distributed control model this special property is not there, making the core network a regular network, just like the networks of the peers. So the distinction between core network and other networks is redundant and is not shown figure 4. The result is a mesh network with interconnected control planes, which happen to reside at the same interconnection point. The figure does not show how peers can dedicate part of their network resources to form a dedicated 6
3.3
Broker Services
the administrative control of the peers, which is required for open control.
Multiple resources may be involved in handling a certain request. For the federated control model, the peers often only interact with the operator of the core, but not directly with other peers. This makes it relatively simple for the peers: they have a single point of contact, which executes their requests. In this model, most of the intelligence lies at the operator of the core network. The distributed control model is far more complex because each peer can communicate with all other operators. Brokers handle part of the complexity by taking multiple services and combining them into one higher-level service. Broker services can be run by the core, peers, or third parties.
4
4.3
The Generic Authorization Authentication and Accounting (AAA) framework [11] can be used for policy evaluation. This framework automates the decision making (authorization) process by applying formalized policies. From the perspective of an interconnection point, the service request comes from a peer, although it actually originated from a remote user. A hierarchy of AAA servers makes resource authorizations as described by Gommans et al. [12]. In this framework, a request is sent to the AAA server of the core network, which dispatches the authorization decision(s) to AAA server(s) of the resource owner(s). This interaction with the AAA service is called the agent sequence [13].
Policy Controlled Access
To protect scarce resources, a set of rules to control access to the network resources must be in place10 . Such a set of rules is called a policy [10]. We only discuss the policies needed to operate the exchange, and not the policies between individual peers, e.g. Service Level Agreements or BGP peering policies.
4.1
Generic AAA Framework
peer D operator
core AAA server 1
peer B AAA server 2 3
peer C core AAA server cross connect
4 7
peer C service
5 6 8 9
10
Policy Evaluation
A policy is enforced by the operator, but the decision involves the administrator, which decides on the business policy for its network elements. If the operator and administrator are different entities, they will have to interact with each other. The operator can either contact the administrator and ask it to take the actual decision, or the administrator can push its policy to the operator, and let the operator do the evaluation. We concern ourselves primarily with the administrative policy as determined by the administrator, but the operator may also apply a device policy. For example, a device policy may prevent a requester from accidentally connecting a high power laser to a low power receiver.
PDP functions
PEP functions
Figure 5: Sequence diagram for broker authorization sequence example. The vertical lines each represent a certain element, and the arrows represent the interactions. The time is mapped on the y-axis, starting with the first interaction at the top and the last at the bottom. The parties in this scenario are the same as in figure 3.
Figure 5 takes the example scenario of section 2.2, and shows the interaction between AAA servers in the agent sequence. The AAA servers are Policy Decision Points (PDP); the network elements are Policy Enforcement Points (PEP). In this example peer D requests a connection between peer B and 4.2 Open Control peer D, through the core network, which involves a Open control makes peers responsible for the set- service at peer C. The message includes proper creting of ‘their’ interfaces on the exchange. It allows dentials or authentication attributes to identify the them to provision the exchange to their needs. Open peer by the core AAA server. The AAA server of control is orthogonal to automated exchange, and the core network fetches a driving policy to deterequally important. Policies can be used to enforce mine which steps are required, and which administrators must be invoked. 10 For example, to prevent malicious users from performing a This example shows an open control exchange, Denial of Service attack by requesting all resources and not rewhich means that each administrator needs an AAA leasing the gained exclusive usage of the resources. 7
Autonomous control model Federated control model Distributed control model
Internet Exchange X X
Mobile Exchange X X
Optical Exchange X X
Point of Presence X X
Table 2: Applicable models for each type of interconnection point. server dealing with the resource authorization next to its own local operator11 . Alternatively, each administrator can push its policies into the core AAA server for evaluation. When the AAA server has gotten all answers back, it makes up the final outcome of the decision. For closed control, the core AAA server makes decisions autonomously. In that case, the sequences 2 and 3 in figure 5 are missing. If the requests is authorized, the AAA server acts as enforcer and invokes the services at the core control plane. The result is then sent back to the requester.
4.4
over the inner working of the facility. However, if peers of a POP do have administrative control, the federated control model is used. If optical exchanges offer multiple services, standardized service discovery and service invocation are required. Both the federated and distributed control models offer this feature in a scalable way using pluggable services (a Service Oriented Architecture). The distributed model adds more complexity, because there is no longer a single entity that acts as a broker. This makes the distributed control model harder to deploy. Therefore, the federated control model is preferred for optical exchanges. We see a major role for the transport exchange in the future, since peers and their users demand more flexibility to set up circuits with known Quality of Service (QoS). Large data transport on long distances is most efficient over the lowest possible layers, and interconnection points are needed to offer features for the data transport down in the protocol stack. Technologies change over time, just as the requests from the users. This makes us believe that the current optical (transport) exchanges and Internet exchanges converge into optical exchanges that support all the required services. Open control is a mind shift compared to most current exchanges. With closed control, peers sometimes have the ability to change the state of one or more network elements in a core network, but their requests are evaluated against the policy set by the exchange. With open control on the other hand, the peers decide on the policy and they evaluate requests that the exchange forwards to them. Automation of exchanges is a necessity for this paradigm change to happen. We also recognize a trend to let end users control the network resources as they want12 . If humans evaluate policies, and connections are made in a matter of days, rather then seconds, end-users probably do not see the advantage over using the regular Internet. Even if peers are in control, they do not experience it that way unless their requests
Complexity of AAA
In the Distributed control model, the authorization process is distributed, since there are multiple autonomous decision points. Just like the service discovery, this makes the authorization process as a whole rather complex. However, each individual authorization decision by the AAA server is of the same nature and same complexity as the one in the federated control model.
5
Conclusion
In this article, we introduced multiple models for exchanges. We hope to offer communities, such as GLIF, a workable set of models for their environment. In table 2, we give our view of viable mappings of the current interconnection points to the models described. Most Internet or mobile exchanges use the autonomous or the federated control model. If the Internet or mobile exchange is stateless, the autonomous control model seems logical, since no request needs to be sent to the core network operator by design. If the Internet or mobile exchange is stateful, it can be either of these two models. A point of presence typically uses the autonomous control model, because the configuration is mostly static, and peers do not have direct control
12 For example DRAC (Dynamic Resource Allocation Controller) from Nortel networks, and UCLP promoted by CANARIE are control mechanisms driven by users.
11 Local operators,
which takes care of intradomain operational control, are not shown in figure 5.
8
an Optical Internet”, Journal of High-Speed networks, pp. 69-84, 1999
are promptly answered by an automated ensemble. Naturally, authorization is important to prevent DoS attacks, and monitoring is important for peers and end-users to check if failures occur. This is part of our future research direction.
[9]
Acknowledgment
[10] Andrea Westerinen, et al., “Terminology for Policy-Based Management”, RFC 3198, November 2001
The research work was funded by the GigaPort Next Generation project lead by the Dutch National Research Network (SURFnet). The authors wish to thank John Vollbrecht from Merit, Henk Steenman and Job Witteman of the AMS-IX, and members of the GLIF community for their discussions and proof-reading.
[11] Bas van Oudenaarde, Leon Gommans, Cees de Laat, Freek Dijkstra, Arie Taal, “References Reference to Generic AAA implementation”, Internet Draft draft-irtf-aaaarch-prototype-02, Work In Progress, September 2004
References [1]
Freek Dijkstra, Cees de Laat, “Optical Exchanges”, GRIDNETS conference proceedings, October 2004
[2]
Global Lambda http://www.glif.is/
[3]
Bilal Chinoy and Timothy Salo, “Internet Exchanges: Policy-Driven Evolution", Harvard Workshop On Co-Ordination Of The Internet, J.F. Kennedy School Of Government, September 1996
[4]
Geoff Huston, “Interconnection, Peering, and Settlements”, Proceedings of Inet’99, June 1999
[5]
William Norton, “Internet Service Providers and Peering”, Proceedings of NANOG 19, May 2001
[6]
K.J. Blyth, A.R.J. Cook, “Designing a GPRS roaming exchange service”, Second International Conference on 3G Mobile Communications Technologies, March 2001
[7]
Slobodanka Tomic, Admela Jukan, “GMPLSBased Exchange Points: Architecture and Functionalilty”, Chapter 8 in “Emerging Optical Network Technologies Architectures, Protocols and Performance”, Edited by Krishna Sivalingam and Suresh Subramaniam, Springer, ISBN: 0-387-22582-X, October 2004
[8]
Chunming Qiao, Myungsik Yoo, “Optical Burst Switching (OBS) – A New Paradigm for
Integrated
Alan Brown, Simon Johnston, Kevin Kelly, "Using service-oriented architecture and component-based development to build Web service applications", IBM (Rational Software), June 2003
[12] Leon Gommans, Cees de Laat, Bas van Oudenaarde, Arie Taal, “Authorization of a QoS path based on generic AAA”, Future Generation Computer Systems 19 (2003), pp. 10091016, August 2003
Facility,
[13] John Vollbrecht, Pat Calhoun, Stephen Farrell, Leon Gommans, George Gross, Betty de Bruijn, Cees de Laat, Matt Holdrege, David Spence, “AAA Authorization Framework”, RFC 2904, August 2000
9
