Internet-Draft | ALTO TIPS | September 2023 |
Gao, et al. | Expires 22 March 2024 | [Page] |
The ALTO Protocol (RFC 7285) leverages HTTP/1.1 and is designed for the simple, sequential request-reply use case, in which an ALTO client requests a sequence of information resources, and the server responds with the complete content of each resource one at a time.¶
ALTO incremental updates using Server-Sent Events (SSE) (RFC 8895) defines a multiplexing protocol on top of HTTP/1.x, so that an ALTO server can incrementally push resource updates to clients whenever monitored network information resources change, allowing the clients to monitor multiple resources at the same time. However, HTTP/2 and later versions already support concurrent, non-blocking transport of multiple streams in the same HTTP connection.¶
To take advantage of newer HTTP features, this document introduces the ALTO Transport Information Publication Service (TIPS). TIPS uses an incremental RESTful design to give an ALTO client the new capability to explicitly, concurrently (non-blocking) request (pull) specific incremental updates using native HTTP/2 or HTTP/3, while still functioning for HTTP/1.1.¶
This note is to be removed before publishing as an RFC.¶
Discussion of this document takes place on the Application-Layer Traffic Optimization Working Group mailing list (alto@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/alto/.¶
Source for this draft and an issue tracker can be found at https://github.com/ietf-wg-alto/draft-ietf-alto-new-transport.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 March 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Application-Layer Traffic Optimization (ALTO) provides means for network applications to obtain network status information. So far, two transport protocols have been designed:¶
Both protocols are designed for HTTP/1.1 [RFC9112] and, ideally, they should be able to automatically take advantage of newer HTTP versions such as HTTP/2 [RFC9113] and HTTP/3 [RFC9114]. However, there are issues with both protocols when higher HTTP versions are used:¶
To mitigate these concerns, this document introduces a new ALTO service, called the Transport Information Publication Service (TIPS). TIPS uses an incremental RESTful design to provide an ALTO client with a new capability to explicitly, concurrently (non-blocking) request (pull) specific incremental updates using native HTTP/2 or HTTP/3, while still functioning for HTTP/1.1.¶
Despite the benefits, however, ALTO/SSE [RFC8895], which solves a similar problem, has its own pros. First, SSE is a mature technique with a well-established ecosystem that can simplify the development. Second, SSE naturally supports the push mode even with HTTP/1.0, which is more efficient when the updates are frequent. HTTP/2 [RFC9113] and HTTP/3 [RFC9114] introduce server push, which may enhance TIPS with the push mode. While this feature is currently not widely implemented, we provide a non-normative specification of push-mode TIPS as an alternative design that has potential gains but is not mature enough yet.¶
Specifically, this document specifies:¶
Appendix B discusses to what extent the TIPS design adheres to the Best Current Practices for building protocols with HTTP [RFC9205].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the same syntax and notations as introduced in Section 8.2 of [RFC7285] to specify the extensions to existing ALTO resources and services.¶
The ALTO Protocol and its extensions support two transport mechanisms: First, a client can directly request an ALTO resource and obtain a complete snapshot of that ALTO resource, as specified in the base protocol [RFC7285]; Second, a client can subscribe to incremental changes of one or multiple ALTO resources using the incremental update extension [RFC8895], and a server pushes the updates to the client through Server Sent Events (SSE).¶
However, the current transport mechanisms are not optimized for storing, transmitting, and processing (incremental) updates of ALTO information resources. Specifically, the new transport mechanism must satisfy the following requirements:¶
Incremental updates can reduce both the data storage on an ALTO server and the transmission time of the updates, especially when the change of an ALTO resource is minor. The base protocol does not support incremental updates and the current incremental update mechanism in [RFC8895] has limitations (as discussed below).¶
When a client needs to receive and apply multiple incremental updates, it is desired to transmit the updates concurrently to fully utilize the bandwidth and to reduce head-of-line blocking. The ALTO incremental update extension [RFC8895], unfortunately, does not satisfy this requirement -- even though the updates can be multiplexed by the server to avoid head-of-line blocking between multiple resources, the updates are delivered sequentially and can suffer from head-of-line blocking inside the connection, for example, when there is a packet loss.¶
Prefetching updates can reduce the time to send the request, making it possible to achieve sub-RTT transmission of ALTO incremental updates. In [RFC8895], this requirement is fulfilled using server-sent event (SSE) and is still desired in the ALTO new transport.¶
While some of the previous requirements are offered by HTTP/2 [RFC9113] and HTTP/3 [RFC9114], it is desired that the ALTO new transport mechanism can work with HTTP/1.1 as many development tools and current ALTO implementations are based on HTTP/1.1.¶
The ALTO new transport specified in this document satisfies all the design requirements and hence improves the efficiency of continuous dissemination of ALTO information. The key idea is to introduce a unified data model to describe the changes (snapshots and incremental updates) of an ALTO resource, referred to as a TIPS view. Along with the data model, this document also specifies a unified naming for the snapshots and incremental updates, independent of the HTTP version. Thus, these updates can be concurrently requested. Prefetching is realized using long polling.¶
This document assumes the deployment model discussed in Appendix A.¶
In addition to the terms defined in [RFC7285], this document uses the following terms:¶
Is a new type of ALTO service, as specified in this document, to enable a uniform transport mechanism for updates of an incrementally changing ALTO network information resource.¶
Is a piece of retrievable information about network state, per [RFC7285].¶
Is defined in this document to be the container of incremental transport information about the network information resource. Though the TIPS view may include other transport information, it has two basic components: updates graph (ug) and receiver set (rs).¶
Is a directed, acyclic graph whose nodes represent the set of versions of an information resource, and edges the set of update items to compute these versions. An ALTO map service (e.g., Cost Map, Network Map) may need only a single updates graph. A dynamic network information service (e.g., Filtered Cost Map) may create an updates graph (within a new TIPS view) for each unique request.¶
Represents a historical content of an information resource. For an information resource, each version is associated with and uniquely identified by a monotonically and consecutively increased sequence number. We use the term "version s" to refer to the version associated with sequence number s.¶
Is the smallest non-zero sequence number in an updates graph.¶
Is the largest sequence number in an updates graph.¶
Is a full replacement of a resource and is contained within an updates graph.¶
Is a partial replacement of a resource contained within an updates graph, codified in this document as a JSON Merge Patch or JSON Patch. An incremental update is mandatory if the source version (i) and target version (j) are consecutive, i.e., i + 1 = j, and optional or a shortcut otherwise. Mandatory incremental updates are always in an updates graph, while optional/shortcut incremental updates may or may not be included in an updates graph.¶
Refers to the content on an edge of the updates graph, which can be either a snapshot or incremental update. An update item can be considered as a pair (op, data) where op denotes whether the item is an incremental update or a snapshot, and data is the content of the item.¶
Denotes the update item on a specific edge in the updates graph to transition from version i to version j, where i and j are the sequence numbers of the source node and the target node of the edge, respectively.¶
Contains the set of clients who have requested to receive server push updates. This term is not used in the normative specification.¶
Figure 1 shows an example illustrating an overview of the ALTO TIPS service. The server provides the TIPS service of two information resources (#1 and #2) where we assume #1 is an ALTO map service, and #2 is a filterable service. There are 3 ALTO clients (Client 1, Client 2, and Client 3) that are connected to the ALTO server. Each client maintains a single HTTP connection with the ALTO server and uses the TIPS view to retrieve updates (see the arguments in Section 4.2). Specifically, a TIPS view (tv1) is created for the map service #1, and is shared by multiple clients. For the filtering service #2, two different TIPS view (tv2 and tv3) are created upon different client requests with different filter sets.¶
In order to provide incremental updates for a resource, an ALTO server creates an updates graph, which is a directed, acyclic graph that contains a sequence of incremental updates and snapshots (collectively called update items) of a network information resource.¶
For each resource (e.g., a cost map, a network map), the incremental updates and snapshots can be represented using the following directed acyclic graph model, where the server tracks the change of the resource maps with version IDs that are assigned sequentially (i.e., incremented by 1 each time):¶
A concrete example is as shown in Figure 2. There are 7 nodes in the graph, representing 7 different versions of the resource. Edges in the figure represent the updates from the source version to the target version. Thick lines represent mandatory incremental updates (e.g., ID103-104), dotted lines represent optional incremental updates (e.g., ID103-105), and thin lines represent snapshots (e.g., ID0-103). Note that node content is path independent: the content of node v can be obtained by applying the updates from any path that ends at v. For example, assume the latest version is 105 and a client already has version 103. We say the base version of the client is 103 as it serves as a base upon which incremental updates can be applied. The target version 105 can either be directly fetched as a snapshot, computed incrementally by applying the incremental updates between 103 and 104, then 104 and 105, or if the optional update from 103 to 105 exists, computed incrementally by taking the "shortcut" path from 103 to 105.¶
Update items are exposed as HTTP resources and the URLs of these items, which we call resource location schema, follow specific patterns. To access each individual update in an updates graph, consider the model represented as a "virtual" file system (adjacency list), contained within the root of a TIPS view URI (see Section 6.2 for the definition of tips-view-uri). For example, assuming that the update graph of a TIPS view is as shown in Figure 2, the location schema of this TIPS view will have the format as in Figure 3.¶
TIPS uses this directory schema to generate template URIs which allow clients to construct the location of incremental updates after receiving the tips-view-uri path from the server. The generic template for the location of the update item on the edge from node 'i' to node 'j' in the updates graph is:¶
<tips-view-uri>/ug/<i>/<j>¶
Due to the sequential nature of the update item IDs, a client can long poll a future update that does not yet exist (e.g., the incremental update from 106 to 107) by constructing the URI for the next edge that will be added, starting from the sequence number of the current last node (denoted as end-seq) in the graph to the next sequential node (with the sequence number of end-seq + 1):¶
GET /<tips-view-uri>/ug/<end-seq>/<end-seq + 1>¶
A server may change its updates graph (to compact, to add nodes, etc.), but it must ensure that any resource state that it makes available is reachable by clients, either directly via a snapshot (that is, relative to 0) or indirectly by requesting an earlier snapshot and a contiguous set of incremental updates. Additionally, to allow clients to proactively construct URIs for future update items, the ID of each added node in the updates graph must increment contiguously by 1. More specifically, the updates graph MUST satisfy the following invariants:¶
[ns, ne]
.¶
[n1, n2]
at time t
and versions in [n1', n2']
at time t'. If t' > t, then n1' >= n1 and n2' >=
n2.¶
For example, consider the case that a server compacts a resource's updates graph
to conserve space, using the example model in Section 3.1. Assume at time 0,
the server provides the versions {101, 102, 103, 104, 105, 106}
. At time 1,
both {103, 104, 105, 106}
and {105, 106}
are valid sets. However, {102,
103, 104, 105, 106}
and {104, 105, 106}
are not valid sets as there is no
snapshot to version 102 or 104 in the update graph. Thus, there is a risk that
the right content of version 102 (in the first example) or 104 (in the second
example) cannot be obtained by a client that does not have the previous version
101 or 103, respectively.¶
There are two ways a client can receive updates for a resource:¶
At a high level, an ALTO client first uses the TIPS service to indicate the information resource(s) that the client wants to monitor. For each requested resource, the server returns a JSON object that contains a URI, which points to the root of a TIPS view, and a summary of the current view, which contains, at the minimum, the start-seq and end-seq of the update graph and a server-recommended edge to consume first.¶
For client pull, the TIPS view summary provides enough information for the
client to continuously pull each additional update, following the workflow in
Figure 4. Detailed specification of this mode is given in Section 7.
Note that in Figure 4, the update item at
/<tips-view-uri1>/ug/<j>/<j+1>
may not yet exist, so the server holds the
request until the update becomes available (long polling).¶
For server push, the TIPS requires support of HTTP server push, a new feature in HTTP/2 and HTTP/3 that is not widely supported yet. A non-normative, unreviewed specification for this mode is given in Appendix C.4.¶
A key requirement in the current new transport extension is that a client must interact with the ALTO server using a single persistent HTTP connection to manage a TIPS view, and the life cycle of the TIPS view are bounded to that specific connection. This design is due to the following reasons:¶
The first reason is to reduce the management complexity in modern server deployment technologies. As microservices are becoming the new trend of web development, requests to the same service are load balanced to different instances, even between the same source and destination addresses. However, TIPS views are stateful information which depends on the client's input. If requests from the same client session can be directed to different instances, the operator of the ALTO server must implement complex mapping management or load balancing mechanisms to make sure the requests arrive at the same server.¶
The second reason is to simplify the state management of a single session. If multiple connections are associated with a single session, implementations of ALTO servers and clients must manage the state of the connections, which increases the complexity of both ALTO servers and clients.¶
Third, single persistent HTTP connection offers an implicit way of life cycle management of TIPS views, which otherwise can be resource-consuming. Malicious users may create TIPS views and then disconnect, to get around the limits on concurrent TIPS views, if not implemented correctly by an ALTO server. Leaving the TIPS views alive after the HTTP connection is closed or timed out also makes session management complex: When a client reconnects, should it try to access the TIPS view before the disconnection or simply start a new session? Whether and when can the server remove the TIPS views? In the current extension, the idea is to avoid such complexity and enforce the consensus that a session will be automatically closed once the connection is closed or timed out.¶
The HTTP version of an "https" connection is negotiated between client and server using the TLS ALPN extension, as specified in Section 3.1 of [RFC9113] for HTTP/2 and Section 3.1 of [RFC9114] for HTTP/3. For an "http" connection, the explicit announcement of HTTP/2 or HTTP/3 support by the server is outside the scope of this document.¶
While TIPS is designed to take advantage of newer HTTP features like server push and substreams for concurrent fetch, TIPS still functions with HTTP/1.1 for client poll defined in Section 7, with the limitation that it cannot cancel any outstanding requests or fetch resources concurrently over the same connection due to the blocking nature of HTTP/1.1 requests. If a client only capable of HTTP/1.1 desires to concurrently monitor multiple resources at the same time, it should open multiple connections, one for each resource, so that an outstanding long-poll request can be issued for each resource to monitor for new updates. For HTTP/2 and /3, with multiplexed streams, multiple resources can be monitored simultaneously.¶
While only one HTTP connection is used to manage a TIPS view, fetching incremental updates may use multiple connections, e.g., to allow concurrent, out-of-order downloading for HTTP/1.1 and HTTP/2. In case of connection failures, there are two cases:¶
For case 2, the client only needs to resend the request in the current design. For case 1, however, the client needs to resend an open request to the server, and all unfinished data transfer requests will fail, even if they are on a different connection, because the old TIPS view is removed and the new TIPS view may have a different base URL and sequence number.¶
The alternative design is to keep the base URL and sequence number for a TIPS view, e.g., identified by the client and content of the open request, for a graceful period. While this design may increase the efficiency of transferring TIPS updates, it has the following drawbacks:¶
As we expect HTTP disconnection to be an occasional event, the efficiency gain of keeping the state is unlikely to be significant but the drawbacks are permanent. Thus, this document chooses the stateless design for security and simplicity.¶
To announce a TIPS information resource in the information resource directory (IRD), an ALTO server MUST specify the "media-type", "capabilities" and "uses" as follows.¶
The media type of the Transport Information Publication Service resource is "application/alto-tips+json".¶
The capabilities field of TIPS is modeled on that defined in Section 6.3 of [RFC8895].¶
Specifically, the capabilities are defined as an object of type TIPSCapabilities:¶
with field:¶
If a TIPS can provide updates with incremental changes for a resource, the "incremental-change-media-types" field has an entry for that resource-id, and the value is the supported media types of the incremental change separated by commas. For the implementation of this specification, this MUST be "application/ merge-patch+json", "application/json-patch+json", or "application/ merge-patch+json,application/json-patch+json", unless defined by a future extension.¶
When choosing the media types to encode incremental updates for a resource, the server MUST consider the limitations of the encoding. For example, when a JSON merge patch specifies that the value of a field is null, its semantics are that the field is removed from the target and hence the field is no longer defined (i.e., undefined). This, however, may not be the intended result for the resource, when null and undefined have different semantics for the resource. In such a case, the server MUST choose JSON patch over JSON merge patch if JSON patch is indicated as a capability of the TIPS. If the server does not support JSON patch to handle such a case, the server then needs to send a full replacement.¶
The "uses" attribute MUST be an array with the resource-ids of every network information resource for which this TIPS can provide service.¶
This set may be any subset of the ALTO server's network information resources and may include resources defined in linked IRDs. However, it is RECOMMENDED that the ALTO server selects a set that is closed under the resource dependency relationship. That is, if a TIPS' "uses" set includes resource R1 and resource R1 depends on ("uses") resource R0, then the TIPS' "uses" set SHOULD include R0 as well as R1. For example, if a TIPS provides a TIPS view for a cost map, it SHOULD also provide a TIPS view for the network map upon which that cost map depends.¶
If the set is not closed, at least one resource R1 in the "uses" field of a TIPS depends on another resource R0 which is not in the "uses" field of the same TIPS. Thus, a client cannot receive incremental updates for R0 from the same TIPS service. If the client observes in an update of R1 that the version tag for R0 has changed, it must make a request to retrieve the full content of R0, which is likely to be less efficient than receiving the incremental updates of R0.¶
Extending the IRD example in Section 8.1 of [RFC8895], Figure 6 is the IRD of an ALTO server supporting ALTO base protocol, ALTO/SSE, and ALTO TIPS.¶
Note that it is straightforward for an ALTO server to run HTTP/2 and support concurrent retrieval of multiple resources such as "my- network-map" and "my-routingcost-map" using multiple HTTP/2 streams.¶
The resource "update-my-costs-tips" provides an ALTO TIPS based connection, and this is indicated by the media-type "application/ alto-tips+json".¶
Upon request, a server sends a TIPS view to a client. This TIPS view may be created at the time of the request or may already exist (either because another client has an active connection to a TIPS view for the same requested network resource or because the server perpetually maintains a TIPS view for an often-requested resource). The server MAY keep track of which clients have an active connection to each TIPS view to determine whether or not it should delete a TIPS view and its corresponding updates graph and associated data.¶
An ALTO client requests that the server provide a TIPS view for a given resource by sending an HTTP POST body with the media type "application/alto-tipsparams+json". That body contains a JSON object of type TIPSReq, where:¶
with the following fields:¶
The resource-id of an ALTO resource and MUST be in the TIPS' "uses" list (Section 5). If a client does not support all incremental methods from the set announced in the server's capabilities, the client MUST NOT use the TIPS service.¶
If the resource-id is a GET-mode resource with a version tag (or "vtag"), as defined in Section 10.3 of [RFC7285], and the ALTO client has previously retrieved a version of that resource from ALTO, the ALTO client MAY set the "tag" field to the tag part of the client's version of that resource. The server MAY use the tag when calculating a recommended starting edge for the client to consume. Note that the client MUST support all incremental methods from the set announced in the server's capabilities for this resource.¶
If the resource is a POST-mode service that requires input, the ALTO client MUST set the "input" field to a JSON object with the parameters that the resource expects.¶
The response to a valid request MUST be a JSON object of type AddTIPSResponse, denoted as media type "application/alto-tips+json":¶
with the following fields:¶
Relative URI to the TIPS view of a network resource, which MUST be unique per connection, and is de-aliased by the server to refer to the actual location of the TIPS view which may be shared by other clients.¶
When creating the URI for the TIPS view, TIPS MUST NOT use other properties of an HTTP request, such as cookies or the client's IP address, to determine the TIPS view. Furthermore, TIPS MUST NOT reuse a URI for a different object in the same connection.¶
It is expected that there is an internal mechanism to map a tips- view-uri to the TIPS view to be accessed. For example, TIPS may assign a unique, internal state id to each TIPS view instance. However, the exact mechanism is left to the TIPS provider.¶
Contains an updates-graph-summary.¶
The updates-graph-summary field contains the starting sequence number (start-seq) of the updates graph and the last sequence number (end-seq) that is currently available, along with a recommended edge to consume (start-edge-rec). How the server calculates the recommended edge depends on the implementation. Ideally, if the client does not provide a version tag, the server should recommend the edge of the latest snapshot available. If the client does provide a version tag, the server should calculate the cumulative size of the incremental updates available from that version onward and compare it to the size of the complete resource snapshot. If the snapshot is bigger, the server should recommend the first incremental update edge starting from client's tagged version. Else, the server should recommend the latest snapshot edge.¶
If the request has any errors, the TIPS service must return an HTTP "400 Bad Request" to the ALTO client; the body of the response follows the generic ALTO error response format specified in Section 8.5.2 of [RFC7285]. Hence, an example ALTO error response has the format shown in Figure 9.¶
Note that "field" and "value" are optional fields. If the "value" field exists, the "field" field MUST exist.¶
E_MISSING_FIELD
and the "field"
field SHOULD be "resource-id". The TIPS service MUST NOT create
any TIPS view.¶
E_INVALID_FIELD_VALUE
. The "field" field SHOULD be the full path
of the "resource-id" field, and the "value" field SHOULD be the
invalid resource-id.¶
Furthermore, it is RECOMMENDED that the server uses the following HTTP codes to indicate other errors, with the media type "application/alto-error+json".¶
For simplicity, assume that the ALTO server is using the Basic authentication. If a client with username "client1" and password "helloalto" wants to create a TIPS view of an ALTO Cost Map resource with resource ID "my-routingcost-map", it can send the request depiced in Figure 10.¶
If the operation is successful, the ALTO server returns the message shown in Figure 11.¶
An ALTO client can indicate it no longer desires to pull/receive updates for a specific network resource by "deleting" the TIPS view using the returned tips-view-uri and the HTTP DELETE method. Whether or not the server actually deletes the TIPS view is implementation dependent. For example, an ALTO server may maintain a set of clients that subscribe to the TIPS view of a resource: a client that deletes the view is removed from the set, and the TIPS view is only removed when the dependent set becomes empty. See other potential implementations in Section 8.7. The DELETE request MUST have the following format:¶
DELETE /<tips-view-uri>¶
The response to a valid request must be 200 if success, and the corresponding error code if there is any error.¶
If the connection between the client and TIPS provider is severed without a DELETE request having been sent, the server MUST treat it as if the client had sent a DELETE request because the TIPS view is, at least from the client view, per-session based.¶
It is RECOMMENDED that the server uses the following HTTP codes to indicate errors, with the media type "application/alto-error+json", regarding TIPS view close requests.¶
TIPS allows an ALTO client to retrieve the content of an update item from the updates graph, with an update item defined as the content (incremental update or snapshot) on an edge in the updates graph.¶
The client sends an HTTP GET request, where the media type of an update item resource MUST be the same as the "media-type" field of the update item on the specified edge in the updates graph.¶
The GET request MUST have the following format:¶
GET /<tips-view-uri>/ug/<i>/<j>¶
For example, consider the updates graph in Figure 3. If the client wants to query the content of the first update item (0 -> 101) whose media type is "application/alto- costmap+json", it must send a request to "/tips/2718281828459/ug/0/101" and set the "Accept" header to "application/alto- costmap+json, application/alto-error+json". See Section 7.3 for a concrete example.¶
If the request is valid (ug/<i>/<j>
exists), the response is encoded
as a JSON object whose data format is indicated by the media type.¶
It is possible that a client conducts proactive fetching of future updates, by
long polling updates that have not been listed in the directory yet. For
long-poll prefetch, the client must have indicated the media type which may
appear. It is RECOMMENDED that the server allows for at least the prefetch of
<end-seq> -> <end-seq + 1>
¶
Hence, the server processing logic SHOULD be:¶
ug/<i>/<j>
exists: return content using encoding.¶
ug/<i>/<j>
pre-fetch is acceptable: put request in a
backlog queue.¶
It is RECOMMENDED that the server uses the following HTTP codes to indicate errors, with the media type "application/alto-error+json", regarding update item requests.¶
Assume the client wants to get the contents of the update item on edge 0 to 101. The format of the request is shown in Figure 12.¶
The response is shown in Figure 13.¶
While intended TIPS usage is for the client to recieve a recommended starting edge in the TIPS summary, consume that edge, then construct all future URIs by incrementing the sequence count by 1, there may be cases in which the client needs to request a new next edge to consume. For example, if a client has an open TIPS view yet has not polled in a while, the client may requests the next logical incremental URI but the server has compacted the updates graph so it no longer exists. Thus, the client must request a new next edge to consume based on its current version of the resource.¶
An ALTO client requests that the server provide a next edge recommendation for a given TIPS view by sending an HTTP POST request with the media type "application/alto-tipsparams+json". The URI has the form:¶
POST /<tips-view-uri>/ug¶
The POST body have the following form, where providing the version tag of the resource the client already has is optional:¶
object { [JSONString tag;] } TIPSNextEdgeReq;¶
The response to a valid request MUST be a JSON object of type UpdatesGraphSummary (defined in Section 6.2 but reproduced in Figure 14 as well), denoted as media type "application/alto-tips+json":¶
It is RECOMMENDED that the server uses the following HTTP codes to indicate errors, with the media type "application/alto-error+json", regarding new next edge requests.¶
TIPS allow clients to make concurrent pulls of the incremental updates potentially through different HTTP connections. As a consequence, it introduces additional complexities when the ALTO server is being load balanced -- a feature widely used to build scalable and fault-tolerant web services. For example, a request may be incorrectly processed if the following two conditions both hold:¶
Thus, additional considerations are required to enable correct load balancing for TIPS, including:¶
When implementing TIPS, a developer should be cognizant of the effects of update schedule, which includes both the choice of timing (i.e., when/what to trigger an update on the updates graph) and the choice of message format (i.e., given an update, send a full replacement or an incremental change). In particular, the update schedule can have effects on both the overhead and the freshness of information. To minimize overhead, developers may choose to batch a sequence of updates for resources that frequently change by cumulative updates or a full replacement after a while. Developers should be cognizant that batching reduces the freshness of information and should also consider the effect of such delays on client behaviors.¶
For incremental updates, this design allows both JSON patch and JSON merge patch for incremental changes. JSON merge patch is clearly superior to JSON patch for describing incremental changes to cost maps, endpoint costs, and endpoint properties. For these data structures, JSON merge patch is more space efficient, as well as simpler to apply. There is no advantage allowing a server to use JSON patch for those resources.¶
The case is not as clear for incremental changes to network maps.¶
First, consider small changes, such as moving a prefix from one PID to another. JSON patch could encode that as a simple insertion and deletion, while JSON merge patch would have to replace the entire array of prefixes for both PIDs. On the other hand, to process a JSON patch update, the ALTO client would have to retain the indexes of the prefixes for each PID. Logically, the prefixes in a PID are an unordered set, not an array; aside from handling updates, a client has no need to retain the array indexes of the prefixes. Hence, to take advantage of JSON patch for network maps, ALTO clients would have to retain additional, otherwise unnecessary, data.¶
Second, consider more involved changes, such as removing half of the prefixes from a PID. JSON merge patch would send a new array for that PID, while JSON patch would have to send a list of remove operations and delete the prefix one by one.¶
Therefore, each TIPS instance may choose to encode the updates using JSON merge patch or JSON patch based on the type of changes in network maps.¶
Dependent ALTO resources result in cross-resource dependencies in TIPS. Consider the following pair of resources, where my-cost-map (C) is dependent on my-network-map (N). The updates graph for each resource is shown, along with links in between the respective updates graphs to show dependency:¶
In Figure 15, the cost-map versions 101 and 102 (denoted as C101 and C102) are dependent on the network-map version 89 (denoted as N89). The cost-map version 103 (C103) is dependent on the network-map version 90 (N90), and so on.¶
In pull-mode, a client can decide the order in which to receive the updates.¶
In push-mode, the server must decide. Pushing order may affect how fast the client can build a consistent view and how long the client needs to buffer the update.¶
Therefore, the server is RECOMMENDED to push updates in the ascending order of the smallest dependent tag, e.g., {C101, C102, N89} before {C103, N90}¶
In general, when an ALTO client receives a full replacement for a resource, the ALTO client should replace the current version with the new version. When an ALTO client receives an incremental update for a resource, the ALTO client should apply those updates to the current version of the resource.¶
However, because resources can depend on other resources (e.g., cost maps depend on network maps), an ALTO client MUST NOT use a dependent resource if the resource on which it depends has changed. There are at least two ways an ALTO client can do that. The following paragraphs illustrate these techniques by referring to network and cost map messages, although these techniques apply to any dependent resources.¶
Note that when a network map changes, the server SHOULD send the network map update message before sending the updates for the dependent cost maps.¶
One approach is for the ALTO client to save the network map update message in a buffer and continue to use the previous network map and the associated cost maps until the ALTO client receives the update messages for all dependent cost maps. The ALTO client then applies all network and cost map updates atomically.¶
Alternatively, the ALTO client MAY update the network map immediately. In this case, the cost maps using the network map become invalid because they are inconsistent with the current network map; hence, the ALTO client MUST mark each such dependent cost map as temporarily invalid and MUST NOT use each such cost map until the ALTO client receives a cost map update indicating that it is based on the new network map version tag.¶
When implementing server push, the server SHOULD send updates for dependent resource (i.e., the cost maps in the preceding example) in a timely fashion. However, if the ALTO client does not receive the expected updates, a simple recovery method is that the ALTO client uses client pull to request the missing update. The ALTO client MAY retain the version tag of the last version of any tagged resources and search those version tags when identifying the new updates to pull. Although not as efficient as possible, this recovery method is simple and reliable.¶
Though a server SHOULD send update items sequentially, it is possible that a client receives the update items out of order (in the case of a retransmitted update item or a result of concurrent fetch). The client MUST buffer the update items if they arrive out of order and then apply them sequentially (based upon the sequence numbers) due to the operation of JSON merge patch and JSON patch.¶
If TIPS provides updates to a Filtered Cost Map that allows constraint tests, then an ALTO client MAY request updates to a Filtered Cost Map request with a constraint test. In this case, when a cost changes, the updates graph MUST have an update if the new value satisfies the test. If the new value does not, whether there is an update depends on whether the previous value satisfied the test. If it did not, the updates graph SHOULD NOT have an update. But if the previous value did, then the updates graph MUST add an update with a "null" value to inform the ALTO client that this cost no longer satisfies the criteria.¶
TIPS can avoid having to handle such a complicated behavior by offering TIPS only for Filtered Cost Maps that do not allow constraint tests.¶
For an ordinal mode cost map, a change to a single cost point may require updating many other costs. As an extreme example, suppose the lowest cost changes to the highest cost. For a numerical mode cost map, only that one cost changes. But for an ordinal mode cost map, every cost might change. While this document allows TIPS to offer incremental updates for ordinal mode cost maps, TIPS implementors should be aware that incremental updates for ordinal costs are more complicated than for numerical costs, and that small changes of the original cost value may result in large updates.¶
A TIPS implementation can avoid this complication by only offering full replacements as updates in the updates graph for ordinal cost maps.¶
Besides the mandatory stepwise incremental updates (from i to i+1), an ALTO server may optionally offer shortcut incremental updates, or simple shortcuts, between two non-consecutive versions i and i+k (k > 1). Such shortcuts offer alternative paths in the update graph and can potentially speed up the transmission and processing of incremental updates, leading to faster synchronization of ALTO information, especially when the client has limited bandwidth and computation. However, implementors of an ALTO server must be aware that:¶
The security considerations (Section 15 of [RFC7285]) of the base protocol fully apply to this extension. For example, the same authenticity and integrity considerations (Section 15.1 of [RFC7285]) still fully apply; the same considerations for the privacy of ALTO users (Section 15.4 of [RFC7285]) also still fully apply.¶
The additional services (addition of update read service and update push service) provided by this extension extend the attack surface described in Section 15.1.1 of [RFC7285]. The following sub-sections discuss the additional risks and their remedies.¶
Allowing TIPS views enables a new class of Denial-of-Service attacks. In particular, for the TIPS server, an ALTO client might create an excessive number of TIPS views.¶
To avoid these attacks on the TIPS server, the server SHOULD choose to limit the number of active views and reject new requests when that threshold is reached. TIPS allows predictive fetching and the server SHOULD also choose to limit the number of pending requests. If a new request exceeds the threshold, the server SHOULD log the event and may return the HTTP status "429 Too many requests".¶
It is important to note that the preceding approaches are not the only possibilities. For example, it may be possible for TIPS to use somewhat more clever logic involving IP reputation, rate-limiting, and compartmentalization of the overall threshold into smaller thresholds that apply to subsets of potential clients.¶
The availability of continuous updates, when the client indicates receiving server push, can also cause overload for an ALTO client, in particular, an ALTO client with limited processing capabilities. The current design does not include any flow control mechanisms for the client to reduce the update rates from the server. For example, TCP, HTTP/2, and QUIC provide stream and connection flow control data limits, and PUSH stream limits, which might help prevent the client from being overloaded. Under overloading, the client MAY choose to remove the information resources with high update rates.¶
Also, under overloading, the client may no longer be able to detect whether information is still fresh or has become stale. In such a case, the client should be careful in how it uses the information to avoid stability or efficiency issues.¶
An outside party that can read the TIPS response or that can observe TIPS requests can obtain the TIPS view URI and use that to send fraudulent "DELETE" requests, thus disabling the service for the valid ALTO client. This can be avoided by encrypting the requests and responses (Section 15 of [RFC7285]).¶
IANA is requested to register the following media types from the registry available at [IANA-Media-Type]:¶
Note to the RFC Editor: Please replace This-Document with the RFC number to be assigned to this document.¶
application¶
alto-tips+json¶
N/A¶
N/A¶
Encoding considerations are identical to those specified for the "application/json" media type. See [RFC8259].¶
See the Security Considerations section of This-Document.¶
This document specifies format of conforming messages and the interpretation thereof.¶
Section 6.2 of This-Document.¶
ALTO servers and ALTO clients either stand alone or are embedded within other applications.¶
N/A¶
See Authors' Addresses section.¶
COMMON¶
N/A¶
See Authors' Addresses section.¶
Internet Engineering Task Force (mailto:iesg@ietf.org).¶
No¶
application¶
alto-tipsparams+json¶
N/A¶
N/A¶
Encoding considerations are identical to those specified for the "application/json" media type. See [RFC8259].¶
See the Security Considerations section of This-Document.¶
This document specifies format of conforming messages and the interpretation thereof.¶
Section 6.1 of This-Document.¶
ALTO servers and ALTO clients either stand alone or are embedded within other applications.¶
N/A¶
See Authors' Addresses section.¶
COMMON¶
N/A¶
See Authors' Addresses section.¶
Internet Engineering Task Force (mailto:iesg@ietf.org).¶
No¶
Conceptually, the TIPS system consists of three types of resources:¶
Design Point: Component Resource Location¶
This document specifies Design 1 in order to simplify session management, though at the expense of maximum load balancing flexibility. See Section 8.1 for a discussion on load balancing considerations. Future documents may extend the protocol to support Design 2 or Design 3.¶
This specification adheres fully to [RFC9205] as further elaborated below:¶
[the TIPS]
application -- namely, [its]
HTTP
resources" (Section 3.1 of [RFC9205]).¶
In this section, we give a non-normative specification of the push-mode TIPS. It is intended to not be part of the standard protocol extension, because of the lack of server push support and increased protocol complexity. However, push-mode TIPS can potentially improve performance (e.g., latency) in more dynamic environments and use cases, with wait-free message delivery. Using native server push also results in minimal changes to the current protocol. Thus, a preliminary push-mode TIPS extension using native server push is specified here as a reference for future push-mode TIPS protocol designs.¶
A client that prefers server push can use the workflow as shown in Figure 17. In this case, the client indicates for server push when it creates the TIPS view. Future updates are pushed to the client as soon as they become available.¶
The specifications for media type, uses, requests and responses of the push-mode TIPS is the same as specified in Section 5.2.¶
The capabilities field of push-mode TIPS is modeled on that defined in Section 5.2.¶
Specifically, the capabilities are defined as an object of type PushTIPSCapabilities:¶
object { [Boolean support-server-push;] } PushTIPSCapabilities: TIPSCapabilities;¶
with field:¶
The "support-server-push" field specifies whether the given TIPS supports server push. If the "support-server-push" field is TRUE, this TIPS will allow a client to start or stop server push. If the field is FALSE or not present, this TIPS does not provide server push.¶
An ALTO client requests that the server provide a TIPS view for a given resource by sending an HTTP POST body with the media type "application/alto-tipsparams+json". That body contains a JSON object of type PushTIPSReq, where:¶
object { [Boolean server-push;] } PushTIPSReq: TIPSReq;¶
with the following field:¶
Set to TRUE if a client desires to receive updates via server push. If the value is FALSE or not present, the client does not accept server push updates. See Appendix C.4 for detailed specifications.¶
The push-mode TIPS requires extending the contents of tips-view-summary
field
of AddTIPSResponse:¶
object { [Boolean server-push;] } PushTIPSViewSummary : TIPSViewSummary;¶
with the following field:¶
An optional server-push boolean value which is set to TRUE if and only if the client indicates server push. If the client indicates server push, the recommended edge in the updates-graph-summary field will be the first content pushed.¶
TIPS allows an ALTO client to receive an update item pushed by the ALTO server.¶
If a client registers for server push, it should not request updates via pull to avoid receiving the same information twice, unless the client does not receive the expected updates (see Section 8.4).¶
A client starts to receive server push when it is added to the receiver set. A client can read the status of the push state and remove itself from the receiver set to stop server push.¶
A client can add itself explicitly to the receiver set or add itself
to the receiver set when requesting the TIPS view. Before a client
starts receiving server push for a TIPS view, it MUST enable server
push in HTTP, i.e., following Section 8.4 of [RFC9113] for HTTP/2 and
Section 4.6 of [RFC9114] for HTTP/3. If the client does not enable
HTTP server push, the ALTO server MUST return an ALTO error with the
E_INVALID_FIELD_VALUE
code and set the "field" to "server-push".¶
Explicit add: A client can explicitly add itself in the receiver set by using the HTTP PUT method with media type "application/alto- tipsparams+json", where the client may optionally specify a starting edge (next-edge) from which it would like to receive updates:¶
PUT /<tips-view-uri>/push object { Boolean server-push; [NextEdge next-edge;] } PushState; object { JSONNumber seq-i; JSONNumber seq-j; } NextEdge;¶
with the following fields:¶
Set to true if the client desires to receive server push updates.¶
Optional field to request a starting edge to be pushed if the client has pulled the updates graph directory and has calculated the path it desires to take. The server MAY push this edge first if available.¶
Short cut add: When requesting a TIPS view, an ALTO client can start server push by setting the option "server-push" field to be true using the HTTP POST method defined in Section 6.1.¶
A client can use the HTTP GET method, with accept header set to "application/alto-tipsparams+json" to check whether server push is correctly enabled. The requested URL is the root path of the TIPS view, appended with "push", as shown below.¶
GET /<tips-view-uri>/push¶
The server returns an JSON object with content type "application/alto-tipsparams+json". The response MUST include only one field "server-push". If the server push is enabled, the value of the "server-push" field MUST be the JSONBool value "true" (without the quote marks), and otherwise JSONBool value "false" (without the quote marks).¶
A client can stop receiving server push updates either explicitly or implicitly.¶
A client stops push by using the HTTP PUT method to /<tips-view- uri>/push
,
with content type "application/alto-tipsparams+json" and setting server-push
to FALSE:¶
There are two ways. First, TIPS view is connection ephemeral: the close of connection or stream for the TIPS view deletes the TIPS view from the view of the client.¶
Second, the client sends a DELETE /<tips-view-uri>
request, indicating it
no longer is interested in the resource, which also deletes the
client from the push receiver set if present.¶
Note that a client may choose to explicitly stop server push for a resource, but may not delete the TIPS view so that it can switch seamlessly from server push to client pull in the case that the server push frequency is undesirable, without having to request a new TIPS view.¶
The objective of the server is to push the latest version to the client using the lowest cost (sum of size) of the updates. Hence, it is RECOMMENDED that the server computes the push path using the following algorithm, upon each event computing a push:¶
/<tips-view-uri>/ug/nc/n1
.¶
Note¶
Let SID_tv
denote the stream that creates the TIPS view. The server push MUST
satisfy the following requirements:¶
PUSH_PROMISE
frames MUST be sent in stream SID_tv
to serialize and allow
the client to know the push order;¶
PUSH_PROMISE
frame chooses a new server-selected stream ID, and the
stream is closed after push.¶
The examples below are for HTTP/2 and based on the example update graph in Section 3.1.¶
Figure 19 is an example request from a client to an ALTO server which enables server push when creating a TIPS view.¶
And Figure 20 is the response the server returns to the client. Note that the END_STREAM bit is not set.¶
Now assume the client queries the server whether server push is successfully enabled. Figure 21 is the request:¶
And Figure 22 is the response.¶
Below shows the example of how the server may push the updates to the client.¶
First, the ALTO server sends a PUSH_PROMISE in the same stream that is left open when creating the TIPS view. As there is no direct edge from 0 to 106, the first update is from 0 to 105, as shown in Figure 23.¶
Then, the content of the pushed update (a full replacement) is delivered through stream 4, as announced in the PUSH_PROMISE frame in Figure 23. Figure 24 shows the content of the message.¶
As the latest version has sequence number 106, the ALTO server sends another PUSH_PROMISE in the same stream that is left open when creating the TIPS view to transit from 105 to 106, as shown in Figure 25.¶
Then, the content of the pushed update (an incremental update as a JSON merge patch) is delivered through stream 6, as announced in the PUSH_PROMISE frame. Figure 26 shows the content of the update message.¶
Figure 27 is an example of explicitly stopping the server push. The client sends a PUT request to the push state of the TIPS view and set the "server-push" value to "false".¶
The server simply returns an empty message with status code 200, to indicate that the operation succeeds, ashown in Figure 28.¶
The authors of this document would like to thank Mark Nottingham and Spencer Dawkins for providing invaluable reviews of earlier versions of this document, Adrian Farrel, Qin Wu, and Jordi Ros Giralt for their continuous feedback, Russ White, Donald Eastlake, Martin Thomson, Bernard Adoba, Spencer Dawkins, and Sheng Jiang for the directorate reviews, and Martin Duke for the Area Director Review.¶