2.5 Policies, Authentication, and Billing
If I offer you a first-class seat on the plane for the price of an economy-class seat, you would take it, right? At worst you might wonder what the catch is, but in the end nobody refuses better service if it costs no more than worse servicewhether the comfort of an airplane's seating, the speed of package delivery from a shipping service, or Internet access from a local ISP is being discussed. Of course, a practical problem immediately arises if you're not being charged a premium price for the premium serviceeverybody else wants it, too.
Any networking technology that offers differentiation of service levels must also address the need to differentiate each user's right to use particular service levels. If everyone has a right to use the best service level at the same time, the resources would either run out, or the network would have to be engineered to cope. In general the network's resources are limited at various service levels, and so the task is one of allowing or disallowing particular users access to service levels based on their right to use. (If the network were engineered to handle everyone asking for premium service, without any differential impact on the cost of running the network, what would be the point of offering lesser service levels?) This right to use can be established in a number of waysfor example, payment of fees (financial cost) or administrative assignment (ranking of the user's importance). A commercial service provider would be inclined to utilize a fee basisyou get the service you pay for. A corporate enterprise network may determine service allocations based at least in part on the status of each user (or the user's department) within the company.
The whole issue of establishing and monitoring a user's right to use certain service levels opens up a can of worms that the Internet industry is only beginning to address. First are questions of policy (identifying the service classes that particular users are entitled to negotiate). Second is the problem of authentication (proving that the entity currently using the network is the claimed user, either during right-to-use negotiations or subsequent traffic transmission). Third is the question of billing (extracting the fee from the correct user) if fees are used to establish the right to use. Billing is even of interest to enterprise networks, where it may be used to provide additional granularity of usage control beyond the corporate status of a user or the user's department.
All three issues are also tightly coupled to the network's signaling because the network's signaling system must establish the requested edge-to-edge service levels and associate them with traffic coming from the user. If the users are utilizing dynamic, edge-to-edge signaling to negotiate their right to use, the signaling protocol itself must be tightly coupled with the policy, authentication, and billing mechanisms.
Human nature being what it is, the network must be capable of authenticating any user's request for, and use of, particular service levels. Users must not be billed for services they don't request, lest the operator finds itself in a court of law or being lambasted in the media (perhaps a worse fate for a service provider trying to garner the trust of the market place!). Of course, users must also be accurately billed for the service levels they do request. If the operator's fee structure is based in some part on the actual amount of usage, the consumption of services must also be tracked and authenticated.
If dynamic, edge-to-edge user-signaling protocols (such as RSVP) are to be used in fee-for-use environments, these protocols clearly need to incorporate sufficiently strong user authentication fields. (An operator might attempt to deduce a user's identity from physical attachment points on the network, but in an age of dial-up IP access and mobile nodes this approach is rarely effective.) In the absence of such capabilities, the user and service provider are forced to rely on more traditional or manual channels to negotiate service levels (the fax, phone, or postal service). Alternatively, the service provider can simply hope users don't go around impersonating each other when ordering service levels.
Enterprise environments are typically more structured and controlled, and in these environments authentication based solely on the node's topological position might be quite feasible. However, if the enterprise network includes mobile nodes or any likelihood that users will move around the network's topology, it will need to consider the same issues faced by a commercial service provider.
Two problems develop if the service provider decides to incorporate a usage-based component in the right-to-use fee. First, no clear industry consensus has emerged on what constitutes a realistic metric for useis it simple packet counts, burstiness, peak or mean bandwidths, or some complex measurement of delivered latency and jitter?
Second, after you decide on a metric that you think the customers will understand, you face the problem of accurately measuring it in your network and reliably associating your measurements to particular users. Real-time measurement of traffic patterns is a major problem because it requires significant processing capabilities and needs to be undertaken for each and every instance of a distinct, user-defined traffic class.
This book cannot hope to cover the emerging solutions to policy management, user authentication, and billing models. However, you will be left with an understanding of the roles played by these important components of a total IP QoS solution and have the ability to assess whatever the industry offers.