| RFC 9240 | Entity Property Maps | July 2022 |
| Roome, et al. | Standards Track | [Page] |
This document specifies an extension to the base Application-Layer Traffic Optimization (ALTO) Protocol that generalizes the concept of "endpoint properties", which have been tied to IP addresses so far, to entities defined by a wide set of objects. Further, these properties are presented as maps, similar to the network and cost maps in the base ALTO Protocol. While supporting the endpoints and related Endpoint Property Service defined in RFC 7285, the ALTO Protocol is extended in two major directions. First, from endpoints restricted to IP addresses to entities covering a wider and extensible set of objects; second, from properties for specific endpoints to entire entity property maps. These extensions introduce additional features that allow entities and property values to be specific to a given information resource. This is made possible by a generic and flexible design of entity and property types.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9240.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The ALTO Protocol[RFC7285] introduces the concept of "properties" attached to "endpoint addresses". It also defines the Endpoint Property Service (EPS) to allow ALTO clients to retrieve those properties. While useful, the EPS as defined in[RFC7285] has at least three limitations, which are elaborated here.¶
First, the EPS allows properties to be associated only with endpoints that are identified by individual communication addresses like IPv4 and IPv6 addresses. It is reasonable to think that collections of endpoints identified by Provider-Defined Identifiers (PIDs) may also have properties. Furthermore, recent ALTO use cases show that properties of entities such as Abstract Network Elements as defined in[PATH-VECTOR] are also useful. However, the current EPS is restricted to individual endpoints and cannot be applied to those entities.¶
Second, the EPS only allows endpoints identified by global communicationaddresses. However, an endpoint address may be a local IP address or ananycast IP address that may not be globally unique. Additionally, an entitysuch as a PID may have an identifier that is not globally unique. That is, thesame PID may be used in multiple network maps, while in eachnetwork map, this PID points to a different set of addresses.¶
Third, inSection 11.4 of [RFC7285], the EPS is only defined as a POST-mode service. ALTO clients must requestthe properties for an explicit set of endpoint addresses. By contrast,Section 11.2.3 of [RFC7285]defines a GET-mode cost map resource that returns all availablecosts, so an ALTO Client can retrieve a full set of costs once and then process costlookups without querying the ALTO server.[RFC7285] does not define asimilar service for endpoint properties. At first, a map of endpointproperties might seem impractical because it could require enumerating theproperty value for every possible endpoint. In particular, the number of endpoint addresses involved byan ALTO server can be quite large. To avoid enumerating a large number of endpoint addresses inefficiently, the ALTO server might define properties for a sufficiently large subset of endpoints and then use an aggregation representation to reference endpoints in order to allow efficient enumeration. This is particularly true if blocks ofendpoint addresses with a common prefix have the same valuefor a property. Entities in other domains may very well allow aggregatedrepresentation and hence be enumerable as well.¶
To address these three limitations, this document specifies an ALTO Protocol extension for defining and retrieving ALTO properties:¶
The entity property maps extension described in this document introduces anumber of features that are summarized inAppendix A, whereTable 11 liststhe features and references the sections in this document that give their high-level and their normative descriptions.¶
The protocol extension defined in this document can be augmented. New entitydomain types can be defined without revising the present specification. Similarly, new cost metrics and new endpoint properties can bedefined in other documents without revising the protocol specificationdefined in[RFC7285].¶
This document uses the following terms and abbreviations that will befurther defined in the document. While this document introduces the feature"entity property map", it will use both the term "property map" and "entityproperty map" to refer to this feature.¶
This document uses the notation defined inSection 8.2 of [RFC7285].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14[RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This section gives a high-level overview of the basic features involved inALTO entity property maps. It assumes the reader is familiar with the ALTOProtocol[RFC7285]. The purpose of this extension is to conveyproperties for objects that extend ALTO endpoints and are called ALTOEntities, or entities for short.¶
The features introduced in this section can be used standalone. However,in some cases, these features may depend on particular information resourcesand need to be defined with respect to them. To this end,Section 4 introducesadditional features that extend the ones presented in this section.¶
The concept of an ALTO entity generalizes the concept of an ALTO endpointdefined inSection 2.1 of [RFC7285]. An entity is an object that can be anendpoint defined by its network address, but it can also be an objectthat has a defined mapping to a set of one or more network addresses or anobject that is not even related to any network address. Thus, whereas allendpoints are entities, not all entities are endpoints.¶
Examples of entities are:¶
Some of the example entities listed above have already been documented as ALTO entities. The other examples are provided for illustration as potential entities.¶
An entity domain defines a set of entities of the same semantic type. Anentity domain is characterized by a type and identified by a name.¶
In this document, an entity is owned by exactly one entity domain name.An entity identifier points to exactly one entity. If two entities in twodifferent entity domains refer to the same physical or logical object, theyare treated as different entities. For example, if an end host has both an IPv4and an IPv6 address, these two addresses will be treated as two entities,defined respectively in the "ipv4" and "ipv6" entity domains.¶
The entity domain type defines the semantics of the type of entity found in an entity domain. Entity domain types can be defined in different documents. For example: the present document defines entity domain types "ipv4" and "ipv6" inSection 6.1 and "pid" inSection 6.2. The entity domain type "ane", which defines Abstract Network Elements (ANEs), is introduced in[PATH-VECTOR]. The "countrycode" entity domain type that defines country codes is introduced in[RFC9241]. An entity domain typeMUST be registered with IANA, as specified inSection 12.3.2.¶
In this document, the identifier of an entity domain is mostly called "entity domain name". The identifier of an entity domain is scoped to an ALTO server. An entity domain identifier can sometimes be identical to the identifier of its relevant entity domain type. This is the case when the entities of a domain have an identifier that points to the same object throughout all the information resources of the Server that are providing entity properties for this domain. For example, a domain of type "ipv4" containing entities that are identified by a public IPv4 address can be named "ipv4" because its entities are uniquely identified by all the Server resources.¶
In some cases, the name of an entity domain cannot be simply its entity domain type. Indeed, for some domain types, entities are defined relative to a given information resource. This is the case for entities of domain type "pid". A PID is defined relative to a network map. For example, an entity "mypid10" of domain type "pid" may be defined in a given network map and be undefined in other network maps. The entity "mypid10" may even be defined in two different network maps, and it may map in each of these network maps to a different set of endpoint addresses. In this case, naming an entity domain only by its type "pid" does not guarantee that its set of entities is owned by exactly one entity domain.¶
Sections4.2 and5.1.2 describe how a domain is uniquely identified across the ALTO server by a name that associates the domain type and the related information resource.¶
An entity property defines a property of an entity. This is similar to theendpoint property defined inSection 7.1 of [RFC7285]. An entity propertycan convey either network-aware or network-agnostic information. Similar toan entity domain, an entity property is characterized by a type andidentified by a name. An entity property typeMUST be registered with IANA, as specified inSection 12.4.¶
Below are listed some examples with real and fictitious entity domain and propertynames:¶
It should be noted that some identifiers may be used for both an entitydomain type and a property type. For example:¶
Likewise, the same identifier may point to both a domain name and a propertyname. For example: the identifier "netmap10.pid" may point to either thedomain defined by the PIDs of network map "netmap10" or to a property thatreturns, for an entity defined by its IPv4 address, the PID of "netmap10" thatcontains this entity. Such cases are further explained inSection 4.¶
This document introduces a new ALTO information resource named property map.An ALTO property map provides a set of properties for one or more sets ofentities. A property may apply to different entity domain types and names.For example, an ALTO property map may define the "ASN" property for both"ipv4" and "ipv6" entity domains.¶
The present extension also introduces a new media type.¶
This document uses the same definition of an information resource asSection 9.1 of [RFC7285]. ALTO uses media types to uniquely indicate the dataformat used to encode the content to be transmitted between an ALTO serverand an ALTO client in the HTTP entity body. In the present case, an ALTOproperty map resource isdefined by the media type "application/alto-propmap+json".¶
A property map can be queried as a GET-mode resource, thus conveying allproperties for all entities indicated in its capabilities. It can also bequeried as a POST-mode resource, thus conveying a selection of properties for a selection of entities.¶
This section gives a high-level overview of the advanced features involved in ALTO entity property maps. Most of these features extend the features defined inSection 3.¶
In[RFC7285], an endpoint has an identifier that is explicitly associatedwith the "ipv4" or "ipv6" address domain. Examples are "ipv4:192.0.2.14" and"ipv6:2001:db8::12".¶
In this document, example IPv4 and IPv6 addresses and prefixes are taken from the address ranges reserved for documentation by[RFC5737] and[RFC3849].¶
In this document, an entity must be owned by exactly one entity domain name, and an entity identifier must point to exactly one entity. To ensure this, an entity identifier is explicitly attached to the name of its entity domain, and an entity domain type characterizes the semantics and identifier format of its entities.¶
The encoding format of an entity identifier is further specified inSection 5.1.3 of this document.¶
For instance:¶
Some entities are defined and identified uniquely and globally in the context of an ALTO server. This is thecase, for instance, when entities are endpoints that are identified by areachable IPv4 or IPv6 address. The entity domain for such entities can beglobally defined and named "ipv4" or "ipv6". Those entity domains are calledresource-agnostic entity domains in this document, as they are not associatedwith any specific ALTO information resources.¶
Some other entities and entity types are only defined relative to a giveninformation resource. This is the case for entities of domain type "pid",which can only be understood with respect to the network map where they aredefined. For example, a PID named "mypid10" may be defined to represent a setS1 of IP addresses in a network map resource named "netmap1". Another networkmap "netmap2" may use the same name "mypid10" and define it to representanother set S2 of IP addresses. The identifier "pid:mypid10" may thus pointto different objects because the information on the originating informationresource is lost.¶
To solve this ambiguity, the present extension introduces the concept ofresource-specific entity domain. This concept applies to domain types whereentities are defined relative to a given information resource. It can alsoapply to entity domains that are defined locally, such as local networks ofobjects identified with a local IPv4 address.¶
In such cases, an entity domain type is explicitly associated with anidentifier of the information resource where these entities are defined. Suchan information resource is referred to as the "specific informationresource". Using a resource-aware entity domain name, an ALTO property mapcan unambiguously identify distinct entity domains of the same type, on whichentity properties may be queried. Examples of resource-specific entity domainnames may look like "netmap1.pid" or "netmap2.pid". Thus, a name associationsuch as "netmap1.pid:mypid10" and "netmap2.pid:mypid10" distinguishesthe two abovementioned PIDs that are both named "mypid10" but in twodifferent resources, "netmap1" and "netmap2".¶
An information resource is defined in the scope of an ALTO Server and so isan entity domain name. The format of a resource-specific entity domain nameis further specified inSection 5.1.2.¶
Like entity domains, some types of properties are defined relative to aninformation resource. That is, an entity may have a property of a given typewhose values are associated with different information resources.¶
For example, suppose entity "192.0.2.34" defined in the "ipv4" domain has aproperty of type "pid" whose value is the PID to which address "192.0.2.34"is attached in a network map. The mapping of network addresses to PIDs isspecific to a network map and probably different from one network mapresource to another one. Thus, if a property "pid" is defined for entity"192.0.2.34" in two different network maps "netmap1" and "netmap2", the valuefor this property can be a different value in "netmap1" and"netmap2".¶
To support information-resource-dependent property values, this document usesthe same approach as in Section10.8.1 ( "Resource-Specific Endpoint Properties") of[RFC7285]. When a property value depends on agiven information resource, the name of this propertyMUST be explicitlyassociated with the information resource that defines it.¶
For example, the property "pid" queried on entity "ipv4:192.0.2.34" anddefined in both "netmap1" and "netmap2" can be named "netmap1.pid" and"netmap2.pid". This allows a Client to get a property of the same type butdefined in different information resources with a single query.Specifications for the property name format are provided inSection 5.2.¶
For some domain types, there is an underlying structure that allows entities to be efficiently grouped into a set and be defined by the identifier of this set. This is the case for domain types "ipv4" and "ipv6", where individual Internet addresses can be grouped in blocks. When the same property value applies to a whole set, a Server can define a property for the identifier of this set instead of enumerating all the entities and their properties. This allows a substantial reduction of transmission payload both for the Server and the Client. For example, all the entities included in the set defined by the address block "ipv6:2001:db8::1/64" share the same properties and values defined for this block.¶
Additionally, entity sets sometimes are related by inclusion, hierarchy, or other relations. This allows defining inheritance rules for entity properties that propagate properties among related entity sets. The Server and the Client can use these inheritance rules for further payload savings. Entity hierarchy and property inheritance rules are specified in the documents that define the applicable domain types. The present document defines these rules for the "ipv4" and "ipv6" domain types.¶
For applicable domain types, this document introduces entity property inheritance rules with the following concepts: entity hierarchy, property inheritance, and property value unicity. A detailed specification of entity hierarchy and property inheritance rules is provided inSection 5.1.4.¶
An entity domain may allow the use of a single identifier to identify a set of related individual entities. For example, a Classless Inter-Domain Routing (CIDR) block can be used to identify a set of IPv4 or IPv6 entities. A CIDR block is called a hierarchical entity identifier, as it can reflect inclusion relations among entity sets. That is, in an entity hierarchy, "supersets" are defined at upper levels and include "subsets" defined at lower levels. For example, the CIDR "ipv4:192.0.1.0/24" includes all the individual IPv4 entities identified by the CIDR "ipv4:192.0.1.0/26". This document will sometimes use the term "hierarchical address" to refer to a hierarchical entity identifier.¶
A property may be defined for a hierarchical entity identifier, while it may be undefined for individual entities covered by this identifier. In this case, these individual entities inherit the property value defined for the identifier that covers them. For example, suppose a property map defines a property P for which it assigns value V1 only for the hierarchical entity identifier "ipv4:192.0.1.0/24" but not for individual entities in this block. Suppose also that inheritance rules are specified for CIDR blocks in the "ipv4" domain type. When receiving this property map, a Client can infer that entity "ipv4:192.0.1.1" inherits the property value V1 of block "ipv4:192.0.1.0/24" because the address "ipv4:192.0.1.1" is included in the CIDR block "ipv4:192.0.1.0/24".¶
Property value inheritance rules also apply among entity sets. A property map may define values for an entity set belonging to a hierarchy but not for "subsets" that are covered by this set identifier. In this case, inheritance rules must specify how entities in "subsets" inherit property values from their "superset". For instance, suppose a property P is defined only for the entity set defined by address block "ipv4:192.0.1.0/24". We know that entity set "ipv4:192.0.1.0/30" is included in "ipv4:192.0.1.0/24". Therefore, the entities of "ipv4:192.0.1.0/30" may inherit the value of property P from set "ipv4:192.0.1.0/24" if an inheritance rule from "ipv4" CIDR blocks to included "ipv4" CIDR blocks is specified.¶
The inheritance rules must ensure that an entity belonging to a hierarchical set of entities inherits no more than one property value, for the sake of consistency. Indeed, a property map may define a property for a hierarchy of entity sets that inherits property values from one or more supersets (located at upper levels). On the other hand, a property value defined for a subset (located at a lower level) may be different from the value defined for a superset. In such a case, subsets may potentially end up with different property values. This may be the case for address blocks with increasing prefix length, on which a property value becomes increasingly accurate and thus may differ. For example, a fictitious property such as "geo-location" or "average transfer volume" may be defined at a progressively finer grain for lower-level subsets of entities defined with progressively longer CIDR prefixes. It seems more interesting to have property values of progressively higher accuracy. A unicity rule applied to the entity domain type must specify an arbitration rule among the different property values for an entity. An example illustrating the need for such rules is provided inSection 6.1.3.¶
A property type is not necessarily applicable to any domain type, or an ALTO Server may choose not to provide a property for all applicable domains. For instance, a property type reflecting link bandwidth is likely not defined for entities of a domain of type "countrycode". Therefore, an ALTO server providing property maps needs to specify the properties that can be queried on the different entity domains it supports.¶
This document explains how the Information Resource Directory (IRD) capabilities of a property map resource unambiguously expose which properties a Client can query on a given entity domain:¶
An example is provided inSection 10.3. The "mappings" field associates entity domains and properties that can be resource-agnostic or resource-specific. This allows a Client to formulate compact and unambiguous entity property queries, possibly relating to one or more information resources. In particular:¶
Further details are provided inSection 7.4.¶
A Client willing to query entity properties belonging to a domain needsto know how to retrieve these entities. To this end, the Client can look upthe "mappings" field exposed in IRD capabilities of a property map; seeSection 4.5.This field, in its keys, exposes all the entity domains supported by theproperty map. The syntax of the entity domain identifier specified inSection 5.1.2 allows the client to infer whether the entity domain isresource-specific or not. The Client can extract, if applicable, theidentifier of the specific resource, query the resource, and retrieve the entities. For example:¶
Besides, it is not possible to prevent a Server from mistakenly exposing inappropriate associations of information resources and entity domain types. To prevent failures due to invalid queries, it is necessary to inform the Client which associations are allowed. An informed Client will just ignore inappropriate associations exposed by a Server and avoid error-prone transactions with the Server.¶
For example, the association "costmap3.pid" is not allowed for the followingreason: although a cost map exposes PID identifiers, it does not define theset of addresses included in this PID. Neither does a cost map list all thePIDs on which properties can be queried because a cost map only exposes PIDpairs on which a queried cost type is defined. Therefore, the resource"costmap3" does not enable a Client to extract information on the existingPID entities or on the addresses they contain.¶
Instead, the cost map uses a network map where all the PIDs used in a costmap are defined together with the addresses contained by the PIDs. Thisnetwork map is qualified in this document as the defining informationresource for the entity domain of type "pid", and this concept is explained inSection 4.6.1.¶
For the reasons explained inSection 4.6, this document introduces the concept of "Defining Information Resource and its Media Type".¶
A defining information resource for an entity domain D is the information resource where entities of D are defined. That is, all the information on the entities of D can be retrieved in this resource. A defining information resource is defined for resource-specific entity domains. It does not exist for entity domains that are not resource-specific such as "ipv4" or "ipv6". Neither does it exist for entity domains that are covering entity identifiers already defined in other standardization documents, as is the case for country code identifiers standardized in[ISO3166-1] or AS numbers allocated by IANA. This is useful for entity domain types that are by essence domain-specific, such as the domain type "pid". It is also useful for resource-specific entity domains constructed from resource-agnostic domain types, such as network-map-specific domains of local IPv4 addresses.¶
The defining information resource of a resource-specific entity domain D, when it exists, is unique and has the following characteristics:¶
A fundamental characteristic of a defining information resource is its media type. There is a unique association between an entity domain type and the media type of its defining information resource. When an entity domain type allows associations with defining information resources, the media type of the potential defining information resourceMUST be specified:¶
When the Client wants to use a resource-specific entity domain, it needs tobe cognizant of the media type of its defining information resource. If theServer exposes a resource-specific entity domain with anoncompliant media type for the defining resource, the ClientMUST ignore theentities from that entity domain to avoid errors.¶
Here are examples of defining information resource types and their mediatypes associated with different entity domain types:¶
As explained inSection 4.3, a property type maytake values that are resource-specific. This is the case for property type"pid", whose values are by essence defined relative to a specific networkmap. That is, the PID value returned for an IPv4 address is specific to the networkmap defining this PID and may differ from one network map to another one.¶
Another example is provided in[RFC9241],which defines property type "cdni-capabilities". The value of this property isspecific to a Content Delivery Network Interconnection (CDNI) Advertisement resource, which provides a list of CDNIcapabilities. The property is provided for entity domain types "ipv4","ipv6", "asn", and "countrycode". However, a CDNI Advertisement resource does not define PID values for IPv4 addresses, while a network map does not defineCDNI capabilities for IPv4 addresses.¶
Similar to resource-specific entity domains, the Client needs to becognizant of appropriate associations of information resource and propertytypes. Therefore, when specifying and registering a property type whosevalues are resource-specific, the media type of its defining informationresource needs to be specified. For example:¶
An entity domain has a type, which is uniquely identified by a string thatMUST be no more than 64 characters, andMUST NOT contain characters other than US-ASCII alphanumeric characters (U+0030-U+0039, U+0041-U+005A, and U+0061-U+007A), the hyphen-minus ('-', U+002D), the colon (':', U+003A), or the low line ('_', U+005F).¶
The usage of colon (':', U+003A)MUST obey the rules below:¶
For example, the strings "ipv4", "ipv6", "pid", and "priv:example-test-edt", are valid entity domain types. "ipv4.anycast", "pid.local", and "priv:" are invalid.¶
Although "_", "-", "__--" are valid entity domain types, it is desirable to add characters, such as alphanumeric ones, for better intelligibility.¶
The type EntityDomainType is used in this document to denote a JSON stringmeeting the preceding requirements.¶
An entity domain type defines the semantics of a type of entity, independently of any specifying resource. All entity domain types that are not prefixed with "priv:"MUST be registered with IANA in the "ALTO Entity Domain Types" registry, defined inSection 12.3, following the procedure specified inSection 12.3.2 of this document. The format of the entity identifiers (seeSection 5.1.3) in that entity domain type, as well as any hierarchical or inheritance rules (seeSection 5.1.4) for those entities,MUST be specified in the IANA registration.¶
Entity domain type identifiers prefixed with "priv:" are reserved for Private Use (see[RFC8126]) without a need to register with IANA. The definition of a private-use entity domain typeMUST apply the same way in all property maps of an IRD where it is present.¶
As discussed inSection 3.2, an entity domain is characterized by a type and identified by a name.¶
This document distinguishes three categories of entity domains: resource-specific entity domains, resource-agnostic entity domains, and self-defined entity domains. Their entity domain names are constructed as specified in the following subsections.¶
Each entity domain is identified by a unique entity domain name. Borrowing the symbol "::=" from the Backus-Naur Form notation[RFC5511], the format of an entity domain name is defined as follows:¶
EntityDomainName ::= [ [ ResourceID ] '.' ] EntityDomainType¶
The presence and construction of the component¶
"[ [ ResourceID ] '.' ]"¶
depends on the category of entity domain.¶
Note that the '.' separator is not allowed in EntityDomainType, and hence there is no ambiguity on whether an entity domain name refers to a resource-agnostic entity domain or a resource-specific entity domain.¶
Note also thatSection 10.1 of [RFC7285] specifies the format of the PID name, which is the format of the resource identifier including the following specification:¶
The '.' separator is reserved for future use andMUST NOT be used unless specifically indicated in this document, or an extension document.¶
The present extension keeps the format specification of[RFC7285], hence the '.' separatorMUST NOT be used in an information resource identifier.¶
A resource-specific entity domain is identified by an entity domain nameconstructed as follows. ItMUST start with a resource identifier using the ResourceIDtype defined inSection 10.2 of [RFC7285], followed by the '.' separator(U+002E), followed by a string of the type EntityDomainType specified inSection 5.1.1.¶
For example, if an ALTO server provides two network maps "netmap-1" and"netmap-2", these network maps can define two resource-specific domains oftype "pid", respectively identified by "netmap-1.pid" and "netmap-2.pid".¶
A resource-agnostic entity domain contains entities that are identifiedindependently of any information resource. The identifier of aresource-agnostic entity domain is simply the identifier of its entity domaintype. For example, "ipv4" and "ipv6" identify the two resource-agnosticInternet address entity domains defined inSection 6.1.¶
A property map can define properties for entities that are specific to aunique information resource, which is the property map itself. This may bethe case when an ALTO Server provides properties for a set of entities thatare defined only in this property map, are not relevant to another one, and donot depend on another specific resource.¶
For example: a specialized property map may define a domain of type "ane",defined in[PATH-VECTOR], that contains a set of ANEsrepresenting data centers that each have a persistent identifier and arerelevant only to this property map.¶
In this case, the entity domain is qualified as "self-defined". Theidentifier of a self-defined entity domain can be of the format:¶
EntityDomainName ::= '.' EntityDomainType¶
where '.' indicates that the entity domain only exists within the propertymap resource using it.¶
A self-defined entity domain can be viewed as a particular case ofresource-specific entity domain, where the specific resource is the currentresource that uses this entity domain. In that case, for the sake ofsimplification, the component ResourceIDMUST be omitted in its entitydomain name.¶
Entities in an entity domain are identified by entity identifiers (EntityID) of the following format:¶
EntityID ::= EntityDomainName ':' DomainTypeSpecificEntityID¶
Examples from the Internet address entity domains include individual IP addresses such as "net1.ipv4:192.0.2.14" and "net1.ipv6:2001:db8::12", as well as address blocks such as "net1.ipv4:192.0.2.0/26" and "net1.ipv6:2001:db8::/48".¶
The format of the second part of an entity identifier, DomainTypeSpecificEntityID, depends on the entity domain type andMUST be specified when defining a new entity domain type and registering it with IANA. IdentifiersMAY be hierarchical, and propertiesMAY be inherited based on that hierarchy. The rules defining any hierarchy or inheritanceMUST be defined when the entity domain type is registered.¶
The type EntityID is used in this document to denote a JSON stringrepresenting an entity identifier in this format.¶
Note that two entity identifiers with different, valid textual representationsmay refer to the same entity, for a given entity domain. For example, thestrings "net1.ipv6:2001:db8::1" and "net1.ipv6:2001:db8:0:0:0:0:0:1" refer tothe same entity in the "ipv6" entity domain. Such equivalences should beestablished by the object represented by DomainTypeSpecificEntityID. Forexample,[RFC5952] establishes equivalence for IPv6 addresses, while[RFC4632] does so for IPv4 addresses.¶
To simplify the representation, some types of entity domains allow the ALTOClient and Server to use a hierarchical entity identifier format to representa block of individual entities. For instance, in an IPv4 domain "net1.ipv4",a CIDR "net1.ipv4:192.0.2.0/26" covers 64 individual IPv4 entities. In thiscase, the corresponding property inheritance ruleMUST be defined for theentity domain type. The hierarchy and inheritance ruleMUST have noambiguity.¶
Each entity property has a type to indicate the encoding and the semantics ofthe value of this entity property, and has a name to identify it.¶
The type EntityPropertyType is used in this document to indicate a string denoting an entity property type. The stringMUST be no more than 32 characters, and itMUST NOT contain characters other than US-ASCII alphanumeric characters (U+0030-U+0039, U+0041-U+005A, and U+0061-U+007A), the hyphen-minus ('-', U+002D), the colon (':', U+003A), or the low line ('_', U+005F). Note that the '.' separator is not allowed because it is reserved to separate an entity property type and an information resource identifier when an entity property is resource-specific.¶
WhileSection 5.1.1 allows the use of the character ":" with restrictions on entity domain identifiers, it can be used without restrictions on entity property type identifiers. This relates to[RFC7285], where a Server can define properties for endpoints "ipv4" and "ipv6". In the present extension, there is a mapping of ALTO entity domain types "ipv4" and "ipv6" to ALTO address types "ipv4" and "ipv6". Properties defined for "ipv4" and "ipv6" endpoints should be reusable on "ipv4" and "ipv6" entities. Forbidding the usage of ":" in a non-private entity property type identifier would not allow the use of properties previously defined for "ipv4" and "ipv6" endpoints because their identifiers would be invalid.¶
Although ":" or "_::-" are valid entity domain types, it is desirable to add characters, such as alphanumeric ones, for better intelligibility.¶
Identifiers prefixed with "priv:" are reserved for Private Use[RFC8126] without a need to register with IANA. All other identifiers for entity property typesMUST be registered in the "ALTO Entity Property Types" registry, which is defined inSection 12.4. The intended semantics of the entity property typeMUST be specified in the IANA registration.¶
For an entity property identifier with the "priv:" prefix, an additional string (e.g., company identifier or random string)MUST follow the prefix to reduce potential collisions, that is, the string "priv:" alone is not a valid entity property identifier. The definition of a private-use entity property type must apply the same way in all property maps of an IRD where it is present.¶
To distinguish from the endpoint property type, the entity property type hasthe following characteristics:¶
Each entity property is identified by an entity property name, which is astring of the following format:¶
EntityPropertyName ::= [ [ ResourceID ] '.' ] EntityPropertyType¶
Similar to the endpoint property type defined inSection 10.8 of [RFC7285],each entity property may be defined by either the property map itself(self-defined) or some other specific information resource(resource-specific).¶
The entity property name of a resource-specific entity property starts with astring of the type ResourceID defined in[RFC7285], followed by the '.'separator (U+002E) and an EntityDomainType typed string. For example, the"pid" properties of an "ipv4" entity defined by two different maps"net-map-1" and "net-map-2" are identified by "net-map-1.pid" and"net-map-2.pid" respectively.¶
The specific information resource of an entity property may be the currentinformation resource itself, that is, the property map defining the property.In that case, the ResourceID in the property nameSHOULD be omitted. Forexample, the property name ".ASN" applied to an entity identified by itsIPv4 address indicates the AS number of the AS that "owns" the entity, wherethe returned AS number is defined by the property map itself.¶
Section 11.4.1.6 of [RFC7285] specifies that an implementation of theEndpoint Property Service specified in[RFC7285]SHOULD assume that theproperty value is a JSONString and fail to parse if it is not. This documentextends the format of a property value by allowing it to be a JSONValueinstead of just a JSONString.¶
The definition of each entity domain typeMUST includethe entity domain type name and the domain-specific entity identifiers.The definition of an entity domain typeMAY include hierarchy and inheritance semantics. Thisdocument defines three initial entity domain types as follows.¶
The document defines two entity domain types (IPv4 and IPv6) for Internetaddresses. Both types are resource-agnostic entity domain types and hencedefine corresponding resource-agnostic entity domains as well. Since the twodomains use the same hierarchy and inheritance semantics, we define thesemantics together, instead of repeating for each.¶
The identifier for this entity domain type is "ipv4".¶
Individual addresses are strings as specified by the IPv4address rule inSection 3.2.2 of [RFC3986]; hierarchical addresses are strings as specified by the prefix notation inSection 3.1 of [RFC4632]. An individual Internet address and the corresponding full-length prefix are considered aliases for the same entity on which to define properties. Thus, "ipv4:192.0.2.0" and "ipv4:192.0.2.0/32" are equivalent.¶
The identifier for this Entity Domain Type is "ipv6".¶
Individual addresses are strings as specified bySection 4 of [RFC5952]; hierarchical addresses are strings as specified by IPv6 address prefixes notation inSection 2.3 of [RFC4291]. To define properties, an individual Internet address and the corresponding 128-bit prefix are considered aliases for the same entity. That is, "ipv6:2001:db8::1" and "ipv6:2001:db8::1/128" are equivalent and have the same set of properties.¶
Both Internet address domains allow property values to be inherited. Specifically, if a property P is not defined for a specific Internet address I, but P is defined for a hierarchical Internet address C that represents a set of addresses containing I, then the address I inherits the value of P defined for the hierarchical address C. If more than one such hierarchical addresses define a value for P, I inherits the value of P in the hierarchical address with the longest prefix. Note that this longest prefix rule ensures no multiple value inheritances, and hence no ambiguity.¶
Hierarchical addresses can also inherit properties. For instance, if a property P:¶
but is defined for a set of hierarchical addresses where:¶
then CMUST inherit the property P from the C' having the longest prefix length.¶
As an example, suppose that a server defines a property P for the followingentities:¶
| ipv4:192.0.2.0/26: | P=v1 |
| ipv4:192.0.2.0/28: | P=v2 |
| ipv4:192.0.2.0/30: | P=v3 |
| ipv4:192.0.2.0: | P=v4 |
Then the following entities have the indicated values:¶
| ipv4:192.0.2.0: | P=v4 |
| ipv4:192.0.2.1: | P=v3 |
| ipv4:192.0.2.16: | P=v1 |
| ipv4:192.0.2.32: | P=v1 |
| ipv4:192.0.2.64: | (not defined) |
| ipv4:192.0.2.0/32: | P=v4 |
| ipv4:192.0.2.0/31: | P=v3 |
| ipv4:192.0.2.0/29: | P=v2 |
| ipv4:192.0.2.0/27: | P=v1 |
| ipv4:192.0.2.0/25: | (not defined) |
An ALTO serverMAY explicitly indicate a property as not having a value fora particular entity. That is, a serverMAY say that property P of entity X is"defined to have no value" instead of "undefined". To indicate "no value",a serverMAY perform different behaviors:¶
If the ALTO server does not define any properties for an entity, then theserverMAY omit that entity from the response.¶
Entity domain types "ipv4" and "ipv6" both allow the definition of resource-specificentity domains. When resource-specific domains are defined with entities ofdomain type "ipv4" or "ipv6", the defining information resource for an entitydomain of type "ipv4" or "ipv6"MUST be a network map. The media type of adefining information resource is therefore:¶
application/alto-networkmap+json¶
The PID entity domain associates property values with the PIDs in a network map.Accordingly, this entity domain always depends on a network map.¶
The identifier for this Entity Domain Type is "pid".¶
The entity identifiers are the PID names of the associated network map.¶
There is no hierarchy or inheritance for properties associated with PIDs.¶
The entity domain type "pid" allows the definition of resource-specific entitydomains. When resource-specific domains are defined with entities of domaintype "pid", the defining information resource for entity domain type "pid"MUST be a network map. The media type of a defining information resource istherefore:¶
application/alto-networkmap+json¶
The PID domain and the Internet address domains are completely independent;the properties associated with a PID have no relation to the propertiesassociated with the prefixes or endpoint addresses in that PID. An ALTOserverMAY choose to assign all the properties of a PID to the prefixes inthat PID or only some of these properties.¶
For example, suppose "PID1" consists of the prefix "ipv4:192.0.2.0/24" andhas the property P with value v1. The Internet address entities"ipv4:192.0.2.0" and "ipv4:192.0.2.0/24" in the IPv4 domainMAY have a valuefor the property P, and if they do, it is not necessarily v1.¶
Because the Internet address and PID domains relate to completely distinct domain types, thequestion may arise as to which entity domain type is the best for a property. In general, theInternet address domain types areRECOMMENDED for properties that are closely relatedto the Internet address or are associated with, and inherited through, hierarchical addresses.¶
The PID domain type isRECOMMENDED for properties that arise from the definition ofthe PID, rather than from the Internet address prefixes in that PID.¶
For example, because Internet addresses are allocated to service providers byblocks of prefixes, an "ISP" property would be best associated with Internetaddress domain types. On the other hand, a property that explains why a PIDwas formed, or how it relates to a provider's network, would best beassociated with the PID domain type.¶
A property map returns the properties defined for all entities in one or more domains, e.g., the "location" property of entities in a domain of type "pid", and the "ASN" property of entities in domains of types "ipv4" and "ipv6".Section 10.4 gives an example of a property map request and its response.¶
Downloading the whole property map is a way for the Client to obtain the entity identifiers that can be used as input for a filtered property map request. However, a whole property map may be too voluminous for a Client that only wants the list of applicable entity identifiers. How to obtain the list of entities of a filtered property map in a simplified response is specified inSection 8.¶
The media type of a property map is "application/alto-propmap+json".¶
The property map is requested using the HTTP GET method.¶
A property map has no Accept Input parameters.¶
The capabilities are defined by an object of type PropertyMapCapabilities:¶
object { EntityPropertyMapping mappings; } PropertyMapCapabilities; object-map { EntityDomainName -> EntityPropertyName<1..*>; } EntityPropertyMapping¶with fields:¶
The "uses" field of a property map resource in an IRD entry specifies the resources in this same IRD on which this property map directly depends. It is an array of resource identifier(s). This array identifies the defining information resources associated with the resource-specific entity domains and properties that are indicated in this resource.¶
If the entity domains in this property map depend on other resources, the"dependent-vtags" field in the "meta" field of the responseMUST be an arraythat includes the version tags of those resources, and the orderMUST beconsistent with the "uses" field of this property map resource. The datacomponent of a property map response is named "property-map", which is a JSONobject of type PropertyMapData, where:¶
object { PropertyMapData property-map; } InfoResourceProperties : ResponseEntityBase; object-map { EntityID -> EntityProps; } PropertyMapData; object { EntityPropertyName -> JSONValue; } EntityProps;¶The ResponseEntityBase type is defined inSection 8.4 of [RFC7285].¶
Specifically, a PropertyMapData object has one member for each entity in the property map. The entity's properties are encoded in the corresponding EntityProps object. EntityProps encodes one name/value pair for each property, where the property names are encoded as strings of type PropertyName. A protocol implementationSHOULD assume that the property value is either a JSONString or a JSON "null" value, and fail to parse if it is not, unless the implementation is using an extension to this document that indicates when and how property values of other data types are signaled.¶
For each entity in the property map:¶
The ALTO serverMAY omit property values that are inherited rather than explicitly defined in order to achieve more compact encoding. As a consequence,the ALTO ClientMUST NOT assume inherited property values will all be present. If the Client needs inherited values, itMUST use the entity domain's inheritance rules to deduce those values.¶
A filtered property map returns the values of a set of properties for a set of entities selected by the client.¶
Sections10.5,10.6,10.7, and10.8 give examples of filtered property map requests and responses.¶
While the IRD lists all the names of the supported properties, it only lists the names of the supported entity domains and not the entity identifiers. Sometimes a client only wants to know what entity identifiers it can provide as input to a filtered property map request but does not want to download the full property map, or it may want to check whether some given entity identifiers are eligible for a query. To support these cases, the filtered property map supports a lightweight response with empty property values.¶
The media type of a property map resource is "application/alto-propmap+json".¶
The filtered property map is requested using the HTTP POST method.¶
The input parameters for a filtered property map request are supplied in the entity body of the POST request. This document specifies the input parameters with a data format indicated by the media type "application/alto-propmapparams+json", which is a JSON object of type ReqFilteredPropertyMap. ReqFilteredPropertyMap is designed to support the following cases of client requests:¶
The third case is equivalent to querying the whole unfiltered property map, which can also be achieved with a GET request. Some Clients, however, may prefer to systematically make filtered property map queries, where filtering parameters may sometimes be empty.¶
The JSON object ReqFilteredPropertyMap is specified as follows:¶
object { EntityID entities<0..*>; [EntityPropertyName properties<0..*>;] } ReqFilteredPropertyMap;¶with fields:¶
Note that the field "properties" is optional. In addition, when the "entities" field is an empty list, it corresponds to a query for all applicable entity identifiers of the filtered property map, with no current interest on any particular property. When the "entities" field is not empty, it allows the Client to check whether the listed entity identifiers can be used as input to a filtered property map query.¶
The capabilities are defined by an object of type PropertyMapCapabilities, as defined inSection 7.4.¶
This is the same as the "uses" field of the property map resource (seeSection 7.5).¶
The responseMUST indicate an error, using ALTO Protocol error handling, as defined inSection 8.5 of [RFC7285], if the request is invalid.¶
Specifically, a filtered property map request can be invalid in the following cases:¶
An entity identifier in the "entities" field of the request is invalid. This occurs when:¶
A valid entity identifier never generates an error, even if the filtered property map resource does not define any properties for it.¶
If an entity identifier in the "entities" field of the request is invalid, the ALTO serverMUST return an "E_INVALID_FIELD_VALUE" error defined inSection 8.5.2 of [RFC7285], and the "value" field of the error messageSHOULD indicate the provided invalid entity identifier.¶
A property name in the "properties" field of the request is invalid. This occurs when this property name is not defined in the "properties" capability of this resource in the IRD.¶
When a filtered property map resource does not define a value for a property requested for a particular entity, it is not an error. In this case, the ALTO serverMUST omit that property from the response for that endpoint.¶
If a property name in the "properties" field in the request is invalid, the ALTO serverMUST return an "E_INVALID_FIELD_VALUE" error defined inSection 8.5.2 of [RFC7285]. The "value" field of the error messageSHOULD indicate the property name.¶
Some identifiers can be interpreted as both an entity name and a property name, as is the case for "pid" if it were erroneously used alone. In such a case, the ServerSHOULD followSection 8.5.2 of [RFC7285], which says:¶
For an E_INVALID_FIELD_VALUE error, the server may include an optional field named "field" in the "meta" field of the response, to indicate the field that contains the wrong value.¶
The response to a valid request is the same as for the property map (seeSection 7.6) except that:¶
The filtered property map responseMUST include all the inherited property values for the requested entities and all the entities that are able to inherit property values from the requested entities. To achieve this goal, the ALTO serverMAY follow two rules:¶
For the sake of response compactness, the ALTO serverSHOULD obey the following rule:¶
An ALTO client should be aware that the entities in the response may be different from the entities in its request.¶
This document defines the entity property type "pid". This property typeextends the ALTO endpoint property type "pid" defined inSection 7.1.1 of [RFC7285] as follows: the property has the same semantics and applies toIPv4 and IPv6 addresses; the difference is that the IPv4 and IPv6 addresseshave evolved from the status of endpoints to the status of entities.¶
The defining information resource for property typeMUST be a network map.¶
Since the property map and the filtered property map defined in this documentprovide a functionality that covers the EPSdefined inSection 11.4 of [RFC7285], ALTO servers may prefer to provideproperty map and filtered property map in place of EPS. However, for thelegacy endpoint properties, it is recommended that ALTO servers also provideEPS so that legacy clients can still be supported.¶
Section 10.8 of [RFC7285] defines two categories of endpoint properties: "resource-specific" and "global". Resource-specific property names areprefixed with the identifier of the resource they depend on, while global propertynames have no such prefix. The property map and the filtered property mapspecified in this document define similar categories of entity properties. Thedifference is that entity property maps do not define "global" entityproperties. Instead, they define self-defined entity properties as aspecial case of "resource-specific" entity properties, where the specificresource is the property map itself. This means that self-definedproperties are defined within the scope of the property map.¶
In the present extension, properties can be defined for sets of entityaddresses, rather than just individual endpoint addresses as initially definedin[RFC7285]. This might change the semantics of a property. These sets can be,for example, hierarchical IP address blocks. For instance, a property such as thefictitious "geo-location" defined for a set of IP addresses would have avalue corresponding to a location representative of all the addresses in this set.¶
In this document, the HTTP message bodies of all the examples use Unix-style line-ending character (%x0A) as the line separator.¶
The examples in this section use a very simple default network map:¶
| defaultpid: | ipv4:0.0.0.0/0 ipv6:::/0 |
| pid1: | ipv4:192.0.2.0/25 |
| pid2: | ipv4:192.0.2.0/27 |
| pid3: | ipv4:192.0.3.0/28 |
| pid4: | ipv4:192.0.3.16/28 |
And another simple alternative network map:¶
| defaultpid: | ipv4:0.0.0.0/0 ipv6:::/0 |
| pid1: | ipv4:192.0.2.0/27 |
| pid2: | ipv4:192.0.3.0/27 |
Beyond "pid", the examples in this section use four additional, fictitious property types for entities of domain type "ipv4": "countrycode", "ASN", "ISP", and "state". These properties are assumed to be resource-agnostic so their name is identical to their type. The entities have the following values:¶
| ISP | ASN | countrycode | state | |
|---|---|---|---|---|
| ipv4:192.0.2.0/23: | BitsRus | - | us | - |
| ipv4:192.0.2.0/28: | - | 65543 | - | NJ |
| ipv4:192.0.2.16/28: | - | 65543 | - | CT |
| ipv4:192.0.2.1: | - | - | - | PA |
| ipv4:192.0.3.0/28: | - | 65544 | - | TX |
| ipv4:192.0.3.16/28: | - | 65544 | - | MN |
The examples in this section use the property "region" for the PID domain of the default network map with the following values:¶
| region | |
|---|---|
| pid:defaultpid: | - |
| pid:pid1: | us-west |
| pid:pid2: | us-east |
| pid:pid3: | us-south |
| pid:pid4: | us-north |
Note that "-" means the value of the property for the entity is "undefined". So the entity would inherit a value for this property by the inheritance rule if possible. For example, the value of the "ISP" property for "ipv4:192.0.2.1" is "BitsRus" because of "ipv4:192.0.2.0/24". But the "region" property for "pid:defaultpid" has no value because there is no entity from which it can inherit.¶
Similar to the PID domain of the default network map, the examples in this section use the property "ASN" for the PID domain of the alternative network map with the following values:¶
| ASN | |
|---|---|
| pid:defaultpid: | - |
| pid:pid1: | 65543 |
| pid:pid2: | 65544 |
The following IRD defines ALTO Server information resources that are relevant to the Entity Property Service. It provides a property map for the "ISP" and "ASN" properties. The server could have provided a single property map for all four properties, but it does not, presumably because the organization that runs the ALTO server believes that a client is not necessarily interested in getting all four properties.¶
The server provides several filtered property maps. The first returns all four properties, and the second returns only the "pid" property for the default network map and the "alt-network-map".¶
The filtered property maps for the "ISP", "ASN", "countrycode", and "state" properties do not depend on the default network map (it does not have a "uses" capability) because the definitions of those properties do not depend on the default network map. The filtered property map providing the "pid" property does have a "uses" capability for the default network map because the default network map defines the values of the "pid" property.¶
Note that for legacy clients, the ALTO server provides an Endpoint Property Service for the "pid" property defined for the endpoints of the default network map and the "alt-network-map".¶
The server provides another filtered Property map resource, named "ane-dc-property-map", that returns fictitious properties named "storage-capacity", "ram", and "cpu" for ANEs that have a persistent identifier. The entity domain to which the ANEs belong is self-defined and valid only within the property map.¶
The other property maps in the returned IRD are shown here for purposes of illustration.¶
GET /directory HTTP/1.1 Host: alto.example.com Accept: application/alto-directory+json,application/alto-error+json HTTP/1.1 200 OK Content-Length: 2713 Content-Type: application/alto-directory+json { "meta" : { "default-alto-network-map" : "default-network-map" }, "resources" : { "default-network-map" : { "uri" : "http://alto.example.com/networkmap/default", "media-type" : "application/alto-networkmap+json" }, "alt-network-map" : { "uri" : "http://alto.example.com/networkmap/alt", "media-type" : "application/alto-networkmap+json" }, "ia-property-map" : { "uri" : "http://alto.example.com/propmap/full/inet-ia", "media-type" : "application/alto-propmap+json", "capabilities" : { "mappings": { "ipv4": [ ".ISP", ".ASN" ], "ipv6": [ ".ISP", ".ASN" ] } } }, "iacs-property-map" : { "uri" : "http://alto.example.com/propmap/lookup/inet-iacs", "media-type" : "application/alto-propmap+json", "accepts": "application/alto-propmapparams+json", "capabilities" : { "mappings": { "ipv4": [ ".ISP", ".ASN", ".countrycode", ".state" ], "ipv6": [ ".ISP", ".ASN", ".countrycode", ".state" ] } } }, "region-property-map": { "uri": "http://alto.example.com/propmap/lookup/region", "media-type": "application/alto-propmap+json", "accepts": "application/alto-propmapparams+json", "uses" : [ "default-network-map", "alt-network-map" ], "capabilities": { "mappings": { "default-network-map.pid": [ ".region" ], "alt-network-map.pid": [ ".ASN" ] } } }, "ip-pid-property-map" : { "uri" : "http://alto.example.com/propmap/lookup/pid", "media-type" : "application/alto-propmap+json", "accepts" : "application/alto-propmapparams+json", "uses" : [ "default-network-map", "alt-network-map" ], "capabilities" : { "mappings": { "ipv4": [ "default-network-map.pid", "alt-network-map.pid" ], "ipv6": [ "default-network-map.pid", "alt-network-map.pid" ] } } }, "legacy-endpoint-property" : { "uri" : "http://alto.example.com/legacy/eps-pid", "media-type" : "application/alto-endpointprop+json", "accepts" : "application/alto-endpointpropparams+json", "capabilities" : { "properties" : [ "default-network-map.pid", "alt-network-map.pid" ] } }, "ane-dc-property-map": { "uri" : "http://alto.example.com/propmap/lookup/ane-dc", "media-type" : "application/alto-propmap+json", "accepts": "application/alto-propmapparams+json", "capabilities": { "mappings": { ".ane" : [ "storage-capacity", "ram", "cpu" ] } } } } }The following example uses the properties and IRD defined inSection 10.3 to retrieve a property map for entities with the "ISP" and "ASN" properties.¶
Note that, to be compact, the response does not include the entity "ipv4:192.0.2.1" because values of all those properties for this entity are inherited from other entities.¶
Also note that the entities "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28" are merged into "ipv4:192.0.2.0/27" because they have the same value of the "ASN" property. The same rule applies to the entities "ipv4:192.0.3.0/28" and "ipv4:192.0.3.16/28". Both "ipv4:192.0.2.0/27" and "ipv4:192.0.3.0/27" omit the value for the "ISP" property because it is inherited from "ipv4:192.0.2.0/23".¶
GET /propmap/full/inet-ia HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+json¶
HTTP/1.1 200 OKContent-Length: 418Content-Type: application/alto-propmap+json{ "meta": { "dependent-vtags": [ {"resource-id": "default-network-map", "tag": "3ee2cb7e8d63d9fab71b9b34cbf764436315542e"}, {"resource-id": "alt-network-map", "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d"} ] }, "property-map": { "ipv4:192.0.2.0/23": {".ISP": "BitsRus"}, "ipv4:192.0.2.0/27": {".ASN": "65543"}, "ipv4:192.0.3.0/27": {".ASN": "65544"} }}¶The following example uses the filtered property map resource to request the "ISP", "ASN", and "state" properties for several IPv4 addresses.¶
Note that the value of "state" for "ipv4:192.0.2.1" is the only explicitly defined property; the other values are all derived from the inheritance rules for Internet address entities.¶
POST /propmap/lookup/inet-iacs HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+jsonContent-Length: 158Content-Type: application/alto-propmapparams+json{ "entities" : [ "ipv4:192.0.2.0", "ipv4:192.0.2.1", "ipv4:192.0.2.17" ], "properties" : [ ".ISP", ".ASN", ".state" ]}¶HTTP/1.1 200 OKContent-Length: 540Content-Type: application/alto-propmap+json{ "meta": { "dependent-vtags": [ {"resource-id": "default-network-map", "tag": "3ee2cb7e8d63d9fab71b9b34cbf764436315542e"}, {"resource-id": "alt-network-map", "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d"} ] }, "property-map": { "ipv4:192.0.2.0": {".ISP": "BitsRus", ".ASN": "65543", ".state": "NJ"}, "ipv4:192.0.2.1": {".ISP": "BitsRus", ".ASN": "65543", ".state": "PA"}, "ipv4:192.0.2.17": {".ISP": "BitsRus", ".ASN": "65543", ".state": "CT"} }}¶The following example uses the filtered property map resource to request the "ASN", "countrycode", and "state" properties for several IPv4 prefixes.¶
Note that the property values for both entities "ipv4:192.0.2.0/26" and "ipv4:192.0.3.0/26" are not explicitly defined. They are inherited from the entity "ipv4:192.0.2.0/23".¶
Also note that some entities like "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28" in the response are not explicitly listed in the request. The response includes them because they are refinements of the requested entities and have different values for the requested properties.¶
The entity "ipv4:192.0.4.0/26" is not included in the response because there are neither entities from which it is inherited, nor entities inherited from it.¶
POST /propmap/lookup/inet-iacs HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+jsonContent-Length: 174Content-Type: application/alto-propmapparams+json{ "entities" : [ "ipv4:192.0.2.0/26", "ipv4:192.0.3.0/26", "ipv4:192.0.4.0/26" ], "properties" : [ ".ASN", ".countrycode", ".state" ]}¶HTTP/1.1 200 OKContent-Length: 774Content-Type: application/alto-propmap+json{ "meta": { "dependent-vtags": [ {"resource-id": "default-network-map", "tag": "3ee2cb7e8d63d9fab71b9b34cbf764436315542e"}, {"resource-id": "alt-network-map", "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d"} ] }, "property-map": { "ipv4:192.0.2.0/26": {".countrycode": "us"}, "ipv4:192.0.2.0/28": {".ASN": "65543", ".state": "NJ"}, "ipv4:192.0.2.16/28": {".ASN": "65543", ".state": "CT"}, "ipv4:192.0.2.1": {".state": "PA"}, "ipv4:192.0.3.0/26": {".countrycode": "us"}, "ipv4:192.0.3.0/28": {".ASN": "65544", ".state": "TX"}, "ipv4:192.0.3.16/28": {".ASN": "65544", ".state": "MN"} }}¶The following example uses the filtered property map resource to request the"default-network-map.pid" property and the "alt-network-map.pid" property fora set of IPv4 addresses and prefixes.¶
Note that the entity "ipv4:192.0.3.0/27" is decomposed into two entities:"ipv4:192.0.3.0/28" and "ipv4:192.0.3.16/28", as they have different"default-network-map.pid" property values.¶
POST /propmap/lookup/pid HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+jsonContent-Length: 222Content-Type: application/alto-propmapparams+json{ "entities" : [ "ipv4:192.0.2.128", "ipv4:192.0.2.0/27", "ipv4:192.0.3.0/27" ], "properties" : [ "default-network-map.pid", "alt-network-map.pid" ]}¶HTTP/1.1 200 OKContent-Length: 774Content-Type: application/alto-propmap+json{ "meta": { "dependent-vtags": [ {"resource-id": "default-network-map", "tag": "3ee2cb7e8d63d9fab71b9b34cbf764436315542e"}, {"resource-id": "alt-network-map", "tag": "c0ce023b8678a7b9ec00324673b98e54656d1f6d"} ] }, "property-map": { "ipv4:192.0.2.128": {"default-network-map.pid": "defaultpid", "alt-network-map.pid": "defaultpid"}, "ipv4:192.0.2.0/27": {"default-network-map.pid": "pid2", "alt-network-map.pid": "pid1"}, "ipv4:192.0.3.0/28": {"default-network-map.pid": "pid3", "alt-network-map.pid": "pid2"}, "ipv4:192.0.3.16/28": {"default-network-map.pid": "pid4", "alt-network-map.pid": "pid2"} }}¶Here is an example of using the filtered property map to query the regionsfor several PIDs in "default-network-map". The "region" property is specifiedas a self-defined property, i.e., the values of this property are definedby this property map resource.¶
POST /propmap/lookup/region HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+jsonContent-Length: 132Content-Type: application/alto-propmapparams+json{ "entities" : ["default-network-map.pid:pid1", "default-network-map.pid:pid2"], "properties" : [ ".region" ]}¶HTTP/1.1 200 OKContent-Length: 326Content-Type: application/alto-propmap+json{ "meta" : { "dependent-vtags" : [ {"resource-id": "default-network-map", "tag": "7915dc0290c2705481c491a2b4ffbec482b3cf62"} ] }, "property-map": { "default-network-map.pid:pid1": { ".region": "us-west" }, "default-network-map.pid:pid2": { ".region": "us-east" } }}¶The following example uses the filtered property map resource"ane-dc-property-map" to request properties "storage-capacity" and "cpu" onseveral ANEs defined in this property map.¶
POST /propmap/lookup/ane-dc HTTP/1.1Host: alto.example.comAccept: application/alto-propmap+json,application/alto-error+jsonContent-Length: 155Content-Type: application/alto-propmapparams+json{ "entities" : [".ane:dc21", ".ane:dc45-srv9", ".ane:dc6-srvcluster8"], "properties" : [ "storage-capacity", "cpu"]}¶HTTP/1.1 200 OKContent-Length: 295Content-Type: application/alto-propmap+json{ "meta" : { }, "property-map": { ".ane:dc21": {"storage-capacity" : 40000, "cpu" : 500}, ".ane:dc45-srv9": {"storage-capacity" : 100, "cpu" : 20}, ".ane:dc6-srvcluster8": {"storage-capacity" : 6000, "cpu" : 100} }}¶Both property map and filtered property map defined in this document fit intothe architecture of the ALTO base protocol, and hence the SecurityConsiderations (Section 15 of [RFC7285]) of the base protocol fully apply:authenticity and integrity of ALTO information (i.e., authenticity andintegrity of property maps), potential undesirable guidance fromauthenticated ALTO information (e.g., potentially imprecise or even wrongvalue of a property such as geo-location), confidentiality of ALTOinformation (e.g., exposure of a potentially sensitive entity property suchas geo-location), privacy for ALTO users, and availability of ALTO servicesshould all be considered.¶
ALTO clients using this extension should in addition be aware that the entity properties they require may convey more details than the endpoint properties conveyed by using[RFC7285]. Client requests may reveal details of their activity or plans thereof such that a malicious Server, which is in a position to do so, may monetize or use for attacks or undesired surveillance. Likewise, ALTO Servers expose entities and properties related to specific parts of the infrastructure that reveal details of capabilities, locations, or resource availability. These details may be maliciously used for competition purposes, or to cause resource shortage or undesired publication.¶
To address these concerns, the property maps provided by this extensionrequire additional attention to two security considerations discussed in:Section15.2 ("Potential Undesirable Guidance from Authenticated ALTO Information") of[RFC7285] and Section15.3 ("Confidentiality of ALTOInformation") of[RFC7285]. Threats to the availability ofthe ALTO service caused by highly demanding queries should be addressed asspecified inSection 15.5 of [RFC7285].¶
Potential undesirable guidance from authenticated ALTO information: this canbe caused by Property values that change over time and thus lead toperformance degradation or system rejection of application requests.¶
To avoid these consequences, a more robust ALTO client should adopt and extend protection strategies specified inSection 15.2 of [RFC7285]. For example, to be notified immediately when a particular ALTO value that the Client depends on changes, it isRECOMMENDED that both the ALTO Client and ALTO Server using this extension implement "Application-Layer Traffic Optimization (ALTO) Incremental Updates Using Server-Sent Events (SSE)"[RFC8895].¶
Confidentiality of ALTO information: as discussed inSection 15 of [RFC7285], properties may have sensitive customer-specific information.If this is the case, an ALTO Server may limit access to those properties byproviding several different property maps. For a nonsensitive properties,the ALTO Server would provide a URI that accepts requests from any client.Sensitive properties, on the other hand, would only be available via asecure URI that would require client authentication. Another way is toexpose highly abstracted, coarse-grained property values to all Clients whilerestricting access to URIs that expose more fine-grained values to authorizedClients. Restricted access URIs may be gathered in delegate IRDs asspecified inSection 9.2.4 of [RFC7285].¶
Also, while technically this document does not introduce any security risks not inherent in the Endpoint Property Service defined by[RFC7285], the GET-mode property map resource defined in this document does make it easier for a client to download large numbers of property values. Accordingly, an ALTO Server should limit GET-mode property maps to properties that do not contain sensitive data.¶
Section 12 of this document specifies that the ALTO service providerMUST be aware of the potential sensitivity of exposed entity domains and properties.Section 12.3.2 (ALTO Entity Domain Type Registration Process) of this document specifies that when the registration of an entity domain type is requested of IANA, the requestMUST include security considerations that show awareness of how the exposed entity addresses may be related to private information about an ALTO client or an infrastructure service provider. Likewise,Section 12.4 (ALTO Entity Property Types Registry) of this document specifies that when the registration of a property type is requested of IANA, the requestMUST include security considerations that explain why this property type is required for ALTO-based operations.¶
The risk of ALTO information being leaked to malicious Clients or third parties is addressed similarly toSection 7 of [RFC8896]. ALTO clients and serversSHOULD support TLS 1.3[RFC8446].¶
This document defines additional application/alto-* media types, which are listed inTable 8. It defines the "ALTO Entity Domain Types" registry that extends the "ALTO Address Types" registry defined in[RFC7285]. It also defines the "ALTO Entity Property Types" registry that extends the "ALTO Endpoint Property Types" registry defined in[RFC7285].¶
| Type | Subtype | Specification |
|---|---|---|
| application | alto-propmap+json | Section 7.1 |
| application | alto-propmapparams+json | Section 8.3 |
IANA has created and will maintain the "ALTO Entity Domain Types" registry listed inTable 9. The first row lists information items that must be provided with each registered entity domain type.Section 12.3.2 specifies how to document these items and in addition provides guidance on the security considerations item that must be documented.¶
| Identifier | Entity Identifier Encoding | Hierarchy and Inheritance | Media Type of Defining Resource | Mapping to ALTO Address Type |
|---|---|---|---|---|
| ipv4 | SeeSection 6.1.1 | SeeSection 6.1.3 | application/alto-networkmap+json | true |
| ipv6 | SeeSection 6.1.2 | SeeSection 6.1.3 | application/alto-networkmap+json | true |
| pid | SeeSection 6.2 | None | application/alto-networkmap+json | false |
This registry serves two purposes. First, it ensures uniqueness ofidentifiers referring to ALTO entity domain types. Second, it states therequirements for allocated entity domain types.¶
As specified inSection 5.1.1, identifiers prefixed with "priv:" are reserved for Private Use without a need to register with IANA¶
One potential issue of introducing the "ALTO Entity Domain Types" registry isits relationship with the "ALTO Address Types" registry already defined inSection 14.4 of [RFC7285]. In particular, the entity identifier of a typeof an entity domain registered in the "ALTO Entity Domain Types" registryMAYmatch an address type defined in "ALTO Address Types" registry. It isnecessary to precisely define and guarantee the consistency between "ALTOAddress Types" registry and "ALTO Entity Domain Types" registry.¶
We define that the "ALTO Entity Domain Types" registry is consistent with "ALTOAddress Types" registry if two conditions are satisfied:¶
To achieve this consistency, the following itemsMUST be checked beforeregistering a new ALTO entity domain type in a future document:¶
When a new ALTO entity domain type is registered, the consistency with the "ALTOAddress Types" registryMUST be ensured by the following procedure:¶
Test: Do corresponding entity domain type identifiers match a known "network" address type?¶
If yes (e.g., cell, MAC, or socket addresses):¶
Test: Is such an address type present in the "ALTO Address Types"registry?¶
New ALTO entity domain types are assigned after IETF Review[RFC8126] to ensure that proper documentation regarding the new ALTO entity domain types and their security considerations has been provided. RFCs defining new entity domain typesMUST indicate how an entity in a registered type of domain is encoded as an EntityID and, if applicable, provide the rules for defining the entity hierarchy and property inheritance. Updates and deletions of ALTO entity domains types follow the same procedure.¶
Registered ALTO entity domain type identifiersMUST conform to the syntactical requirements specified inSection 5.1.2. Identifiers are to be recorded and displayed as strings.¶
Requests to IANA to add a new value to the "ALTO Entity Domain Types" registryMUST include the following information:¶
IANA has registered the identifiers "ipv4", "ipv6", and "pid", as shown inTable 9.¶
IANA has created and will maintain the "ALTO Entity Property Types" registry, which is listed inTable 10.¶
This registry extends the "ALTO Endpoint Property Types" registry, defined in[RFC7285], in that a property type is defined for one or more entity domains, rather than just for IPv4 and IPv6 Internet address domains. An entry in this registry is an ALTO entity property type defined inSection 5.2.1. Thus, a registered ALTO entity property type identifierMUST conform to the syntactical requirements specified in that section.¶
As specified inSection 5.2.1, identifiers prefixed with "priv:" are reserved for Private Use without a need to register with IANA.¶
The first row ofTable 10 lists information items that must be provided with each registered entity property type.¶
| Identifier | Intended Semantics | Media Type of Defining Resource |
|---|---|---|
| pid | SeeSection 7.1.1 of [RFC7285] | application/alto-networkmap+json |
New ALTO entity property types are assigned after IETF Review[RFC8126] to ensure that proper documentation regarding the new ALTO entity property types and their security considerations has been provided. RFCs defining new entity property typesSHOULD indicate how a property of a registered type is encoded as a property name. Updates and deletions of ALTO entity property types follow the same procedure.¶
Requests to IANA to add a new value to the registryMUST include thefollowing information:¶
In security considerations, the request should also discuss the sensitivityof the information and why it is required for ALTO-based operations.Regarding this discussion, the requestSHOULD follow the recommendations ofthe "ALTO Endpoint Property Types" registry inSection 14.3 of [RFC7285].¶
IANA has registered the identifier "pid", which is listed inTable 10. Semantics for this property are documented inSection 7.1.1 of [RFC7285]. No security issues related to the exposure of a"pid" identifier are considered, as it is exposed with the Network MapService defined and mandated in[RFC7285].¶
The entity property maps extension described in this document introduces anumber of features that are summarized in table below. The first columnprovides the name of the feature. The second column provides the sectionnumber of this document that gives a high-level description of the feature.The third column provides the section number of this document that gives anormative description relating to the feature, when applicable.¶
| Feature | High-Level Description | Related Normative Description |
|---|---|---|
| Entity | Section 3.1 | Section 5.1.3 |
| Entity domain | Section 3.2 | |
| Entity domain type | Section 3.2.1 | Section 5.1.1 |
| Entity domain name | Section 3.2.2 | Section 5.1.2 |
| Entity property type | Section 3.3 | Sections5.2,5.2.1,5.2.2, and5.2.3 |
| Entity property map | Section 3.4 | Sections7 and8 |
| Resource-specific entity domain name | Section 4.2 | Sections5.1.2 and5.1.2.1 |
| Resource-specific entity property value | Section 4.3 | Section 5.2.3 |
| Entity Hierarchy and property inheritance | Section 4.4 | Section 5.1.4 |
| Defining information resource | Sections4.6 and4.7 | Sections12.3.2 and12.4 |
The authors would like to thankDawn Chen andShenshen Chen for their contributions to earlier drafts.Thank you also toQiao Xiang,Shawn Lin, andXin Wangfor fruitful discussions. Last, big thanks toDanny Perez andLuis Contreras for theirsubstantial working group review feedback and suggestions for improving this document, toVijay Gurbani, ALTO WG Chair, andMartin Duke, Transport Area Director, for their thorough review, discussions, guidance, and shepherding, which further helped toenrich this document.¶