-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdraft-ietf-anima-grasp-api-07.xml
1373 lines (1335 loc) · 70.8 KB
/
draft-ietf-anima-grasp-api-07.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<!-- This is built from a template for a generic Internet Draft. Suggestions for
improvement welcome - write to Brian Carpenter, brian.e.carpenter @ gmail.com
This can be converted using the Web service at http://xml.resource.org/ -->
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<?rfc toc="yes"?>
<!-- You want a table of contents -->
<?rfc symrefs="yes"?>
<!-- Use symbolic labels for references -->
<?rfc sortrefs="yes"?>
<!-- This sorts the references -->
<?rfc iprnotified="no" ?>
<!-- Change to "yes" if someone has disclosed IPR for the draft -->
<?rfc compact="yes"?>
<!-- This defines the specific filename and version number of your draft (and inserts the appropriate IETF boilerplate -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-ietf-anima-grasp-api-07" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3">
<!-- xml2rfc v2v3 conversion 2.44.0 -->
<front>
<title abbrev="GRASP API">Generic Autonomic Signaling Protocol Application
Program Interface (GRASP API)</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-anima-grasp-api-07"/>
<author fullname="Brian Carpenter" initials="B. E." surname="Carpenter">
<organization abbrev="Univ. of Auckland"/>
<address>
<postal>
<street>School of Computer Science</street>
<street>University of Auckland</street>
<street>PB 92019</street>
<city>Auckland</city>
<region/>
<code>1142</code>
<country>New Zealand</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author fullname="Bing Liu" initials="B." role="editor" surname="Liu">
<organization>Huawei Technologies</organization>
<address>
<postal>
<street>Q14, Huawei Campus</street>
<street>No.156 Beiqing Road</street>
<city>Hai-Dian District, Beijing</city>
<code>100095</code>
<country>P.R. China</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author fullname="Wendong Wang" initials="W." surname="Wang ">
<organization>BUPT University</organization>
<address>
<postal>
<street>Beijing University of Posts & Telecom.</street>
<street>No.10 Xitucheng Road</street>
<city>Hai-Dian District, Beijing 100876</city>
<country>P.R. China</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author fullname="Xiangyang Gong" initials="X." surname="Gong">
<organization>BUPT University</organization>
<address>
<postal>
<street>Beijing University of Posts & Telecom.</street>
<street>No.10 Xitucheng Road</street>
<city>Hai-Dian District, Beijing 100876</city>
<country>P.R. China</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<!---->
<date day="13" month="October" year="2020"/>
<abstract>
<t>This document is a conceptual outline of an application
programming interface (API) for the
Generic Autonomic Signaling Protocol (GRASP). Such an API is needed for
Autonomic Service Agents (ASA) calling the GRASP protocol module to
exchange autonomic network messages with other ASAs. Since GRASP is
designed to support asynchronous operations, the API will need to
be adapted to the support for asynchronicity in various programming languages
and operating systems.</t>
</abstract>
</front>
<middle>
<section anchor="intro" numbered="true" toc="default">
<name>Introduction</name>
<t>As defined in <xref target="I-D.ietf-anima-reference-model" format="default"/>, the
Autonomic Service Agent (ASA)
is the atomic entity of an autonomic function, and it is instantiated
on autonomic nodes. When ASAs communicate with each other, they should
use the Generic Autonomic Signaling Protocol (GRASP) <xref target="I-D.ietf-anima-grasp" format="default"/>.</t>
<t>As <xref target="sw"/> shows, a GRASP implementation could contain several
sub-layers. The bottom layer is the GRASP base protocol module, which is only
responsible for sending and receiving GRASP messages and maintaining
shared data structures. Above that is the basic API described in this
document. The upper layer contains
some extended API functions based upon GRASP basic protocol. For example,
<xref target="I-D.ietf-anima-grasp-distribution" format="default"/> describes a possible extended
function.</t>
<t>Multiple ASAs in a single node will share the same instance of GRASP, much as
multiple applications share a single TCP/IP stack. This aspect is hidden from
individual ASAs by the API, and is not further discussed here.</t>
<t>It is desirable that ASAs can be designed as portable user-space programs
using a system-independent API. In many implementations, the GRASP code will therefore
be split between user space and kernel space. In user space, library functions provide the API
and communicate directly with ASAs. In kernel space is a daemon, or a set
of sub-services, providing GRASP core functions that are
independent of specific ASAs, such as multicast handling and relaying, and
common data structures such as the discovery cache. The GRASP API
library would need to communicate with the GRASP core via an inter-process
communication (IPC) mechanism. The details of this are system-dependent.
</t>
<figure anchor="sw">
<name>Software layout</name>
<artwork align="center" name="" type="" alt=""><![CDATA[
+--------------+ +--------------+
| ASAs | | ASAs |
+--------------+ +--------------+
| | |
| +------------------+ |
| | GRASP Extended | |
| | Function API | |
| +------------------+ |
| | |
+------------------------------------------+
| GRASP API Library |
+------------------------------------------+
|
IPC
|
+------------------------------------------+
| GRASP Core |
| (functions, data structures, daemon(s)) |
+------------------------------------------+
]]></artwork>
</figure>
<t>Both the GRASP library and the extended function modules should
be available to the ASAs.
However, since the extended functions are expected to be added in an incremental
manner, they will be the subject of future documents.
This document only describes the basic GRASP API.</t>
<t>The functions provided by the API do not map one-to-one onto GRASP messages. Rather,
they are intended to offer convenient support for message sequences (such as a discovery
request followed by responses from several peers,
or a negotiation request followed by various possible responses).
This choice was made to assist ASA programmers in writing
code based on their application requirements rather than needing to
understand protocol details.</t>
<t>Note that a simple autonomic node might contain very few ASAs in
addition to the autonomic infrastructure components described in
<xref target="I-D.ietf-anima-bootstrapping-keyinfra" format="default"/>
and <xref target="I-D.ietf-anima-autonomic-control-plane" format="default"/>.
Such a node might directly integrate a GRASP protocol stack in
its code and therefore not
require this API to be installed. However, the programmer would then need
a deeper understanding of the GRASP protocol than is needed to use the API.</t>
<t>This document gives a conceptual outline of the API. It is not a formal
specification for any particular programming language or operating system,
and it is expected that details will be clarified in individual implementations.</t>
</section>
<section numbered="true" toc="default">
<name>GRASP API for ASA</name>
<section numbered="true" toc="default">
<name>Design Assumptions</name>
<t>The assumption of this document is that any Autonomic Service Agent
(ASA) needs to call a GRASP module. The latter handles protocol details
(security, sending and listening for GRASP messages, waiting, caching
discovery results, negotiation looping, sending and receiving
sychronization data, etc.) but understands nothing about individual
GRASP objectives (Section 2.10 of <xref target="I-D.ietf-anima-grasp" format="default"/>).
The semantics of objectives are unknown to the GRASP
module and are handled only by the ASAs. Thus, this is an
abstract API for use by ASAs. Individual
language bindings should be defined in separate documents.</t>
<t>Different ASAs may make different use of GRASP features:
</t>
<ul spacing="normal">
<li>Use GRASP only for discovery purposes.</li>
<li>Use GRASP negotiation but only as an initiator (client).</li>
<li>Use GRASP negotiation but only as a responder.</li>
<li>Use GRASP negotiation as an initiator or responder.</li>
<li>Use GRASP synchronization but only as an initiator (recipient).</li>
<li>Use GRASP synchronization but only as a responder and/or flooder.</li>
<li>Use GRASP synchronization as an initiator, responder and/or flooder.</li>
</ul>
<t>
The API also assumes that one ASA may support multiple objectives. Nothing prevents
an ASA from supporting some objectives for synchronization and others for negotiation.
</t>
<t>The API design assumes that the operating system and programming language
provide a mechanism for simultaneous asynchronous operations. This is discussed
in detail in <xref target="asynchop" format="default"/>.</t>
<t>A few items are out of scope in this version, since practical experience is required before including them:</t>
<ul spacing="normal">
<li>Authorization of ASAs is not defined as part of GRASP and is not supported.</li>
<li>User-supplied explicit locators for an objective are not supported. The GRASP core will
supply the locator, using the ACP address of the node concerned.</li>
<li>The Rapid mode of GRASP (Section 2.5.4 of <xref target="I-D.ietf-anima-grasp" format="default"/>)
is not supported.</li>
</ul>
</section>
<section anchor="asynchop" numbered="true" toc="default">
<name>Asynchronous Operations</name>
<t>GRASP depends on asynchronous operations and wait states, and its messages
are not idempotent, meaning that repeating a message may cause repeated changes
of state in the recipient ASA. Many ASAs will
need to support several concurrent operations; for example an ASA might need
to negotiate one objective with a peer while discovering and synchronizing
a different objective with a different peer. Alternatively, an ASA which
acts as a resource manager might need to run simultaneous negotiations
for a given objective with multiple different peers. Such an ASA will probably
need to support uninterruptible atomic changes to its internal data structures,
using a mechanism provided by the operating system and programming language in use.</t>
<section anchor="asynchmech" numbered="true" toc="default">
<name> Alternative Asynchronous Mechanisms</name>
<t>Thus, some ASAs need to support asynchronous operations, and therefore
the GRASP core must do so. Depending on both the
operating system and the programming language in use, there are various
techniques for such parallel operations, three of which we
consider here: multi-threading, an event loop structure using polling,
and an event loop structure using callback functions.</t>
<ol spacing="normal" type="1">
<li>In multi-threading, the operating system and language will provide
the necessary support for asynchronous operations, including creation
of new threads, context switching between threads, queues, locks,
and implicit wait states. In this case, API calls can be treated as simple
synchronous function calls within their own thread, even if the function includes
wait states, blocking and queueing. Concurrent operations will each run
in their own threads. For example, the discover() call may not return
until discovery results have arrived or a timeout has occurred. If the ASA
has other work to do, the discover() call must be in a thread of its own.</li>
<li>In an event loop implementation with polling, blocking calls
are not acceptable. Therefore all calls must be non-blocking, and
the main loop could support multiple GRASP sessions in parallel
by repeatedly polling each one for a change of state. To facilitate this, the
API implementation would provide non-blocking versions of all the functions that
otherwise involve blocking and queueing. In these calls, a 'noReply' code
will be returned by each call instead of blocking, until such time as the event
for which it is waiting (or a failure) has occurred. Thus, for example, discover()
would return 'noReply' instead of waiting until discovery has succeeded
or timed out. The discover() call would be repeated in every cycle of the
main loop until it completes. Effectively, it becomes a polling call.</li>
<li>In an event loop implementation with callbacks, the ASA programmer would
provide a callback function for each asynchronous operation, e.g. discovery_received().
This would be called asynchronously when a reply is received or a failure such as a
timeout occurs.</li>
</ol>
<t>The following calls involve waiting for a remote operation, so they could
use a polling or callback mechanism. In a threaded mechanism, they will usually
require to be called in a separate thread:
</t>
<ul empty="true" spacing="normal">
<li>discover()
whose callback would be discovery_received().</li>
<li>request_negotiate()
whose callback would be negotiate_step_received().</li>
<li>negotiate_step()
whose callback would be negotiate_step_received().</li>
<li>listen_negotiate()
whose callback would be negotiate_step_received().</li>
<li>synchronize()
whose callback would be synchronization_received().</li>
</ul>
</section>
<section anchor="multineg" numbered="true" toc="default">
<name>Multiple Negotiation Scenario</name>
<t>The design of GRASP allows the following scenario. Consider
an ASA "A" that acts as a resource allocator for some objective. An ASA "B" launches
a negotiation with "A" to obtain or release a quantity of the resource. While this negotatition
is under way, "B" chooses to launch a second simultaneous negotiation with "A" for a different
quantity of the same resource. "A" must therefore conduct two separate negotiation sessions
at the same time with the same peer, and must not mix them up.</t>
<t>Note that ASAs could be designed to avoid such a scenario, i.e. restricted to exactly one
negotiation session at a time for a given objective, but this would be a voluntary
restriction not required by the GRASP protocol. In fact it is an assumption of GRASP
that any ASA managing a resource may need to conduct multiple parallel negotiations,
possibly with the same peer. Communication patterns could be very complex, with a group
of ASAs overlapping negotiations among themselves, as described in
<xref target="I-D.ciavaglia-anima-coordination" format="default"/>.
Therefore, the API design allows for such scenarios.</t>
<t>In the callback model, for the scenario just described,
the ASAs "A" and "B" will each provide two instances of negotiate_step_received(), one for
each session. For this reason, each ASA must be
able to distinguish the two sessions, and the peer's IP address is not sufficient for this.
It is also not safe to rely on transport port numbers for this, since future variants of GRASP
might use shared ports rather than a separate port per session. Hence the GRASP design
includes a session identifier. Thus, when necessary, a 'session_nonce' parameter is
used in the API to distinguish simultaneous GRASP sessions from each other, so that any
number of sessions may proceed asynchronously in parallel.</t>
</section>
<section anchor="overlap" numbered="true" toc="default">
<name>Overlapping Sessions and Operations</name>
<t>On the first call in a new GRASP session, the API returns a 'session_nonce'
value based on the GRASP session identifier. This value must be used in all subsequent
calls for the same session, and will be provided as a parameter in the callback functions. By this
mechanism, multiple overlapping sessions can be distinguished, both in the ASA
and in the GRASP core. The value of the 'session_nonce" is opaque to the ASA.
</t>
<t>An additional mechanism that might increase efficiency for polling
implementations is to add a general call, say notify(), which would check the
status of all outstanding operations for the calling ASA and return the session_nonce values
for all sessions that have changed state. This would eliminate the need for repeated calls
to the individual functions returning a 'noReply'. This call is not described below
as the details are likely to be implementation-specific.</t>
<t>An implication of the above for all GRASP implementations is that the GRASP core
must keep state for each GRASP operation in progress, most likely keyed by the GRASP
Session ID and the GRASP source address of the session initiator. Even in a threaded
implementation, the GRASP core will need such state internally. The session_nonce
parameter exposes this aspect of the implementation.</t>
</section>
</section>
<section numbered="true" toc="default">
<name>API definition</name>
<t>Some example logic flows for a resource management ASA are given in
<xref target="I-D.carpenter-anima-asa-guidelines"/>, which may be of help
in understanding the following descriptions.
The next section describes parameters and data structures used in multiple API calls.
The following sections describe various groups of function APIs. Those APIs that
do not list asynchronous mechanisms are implicitly synchronous in their behaviour.
</t>
<section numbered="true" toc="default">
<name>Parameters and data structures</name>
<section numbered="true" toc="default">
<name>Errorcode</name>
<t>All functions in the API have an unsigned 'errorcode' integer as their return value (the first returned value
in languages that allow multiple returned parameters). An errorcode of zero indicates success.
Any other value indicates failure of some kind. The first three errorcodes have special importance:
</t>
<ol spacing="normal" type="1">
<li>Declined: used to indicate that the other end has sent a GRASP Negotiation End message (M_END) with a Decline option (O_DECLINE).</li>
<li>No reply: used in non-blocking calls to indicate that the other end has sent no reply so far (see <xref target="asynchop" format="default"/>).</li>
<li>Unspecified error: used when no more specific error code applies.</li>
</ol>
<t><xref target="ErrAppx" format="default"/> gives a full list of currently suggested error codes, based on
implementation experience. While there is no absolute requirement for all implementations
to use the same error codes, this is highly recommended for portability of applications.</t>
</section>
<section numbered="true" toc="default">
<name>Timeout</name>
<t>Wherever a 'timeout' parameter appears, it is an integer expressed
in milliseconds. If it is zero, the GRASP default timeout (GRASP_DEF_TIMEOUT,
see <xref target="I-D.ietf-anima-grasp" format="default"/>) will apply. If no response
is received before the timeout expires, the call will fail unless otherwise noted.</t>
</section>
<section numbered="true" toc="default">
<name>Objective</name>
<t>An 'objective' parameter is a data structure with the following components:
</t>
<ul spacing="normal">
<li>name (UTF-8 string) - the objective's name</li>
<li>neg (Boolean flag) - True if objective supports negotiation (default False)</li>
<li>synch (Boolean flag) - True if objective supports synchronization (default False)</li>
<li>
<t>dry (Boolean flag) - True if objective supports dry-run negotiation (default False)
</t>
<ul spacing="normal">
<!-- <li>Note 1: All objectives are assumed to support discovery, so there is no Boolean for that.</li> -->
<li>Note 1: Only one of 'synch' or 'neg' may be True.</li>
<li>Note 2: 'dry' must not be True unless 'neg' is also True.</li>
<li>Note 3: In a language such as C the preferred implementation may be to represent the Boolean flags as bits in a single byte.</li>
</ul>
</li>
<li>loop_count (integer) - Limit on negotiation steps etc. (default GRASP_DEF_LOOPCT,
see <xref target="I-D.ietf-anima-grasp" format="default"/>)</li>
<li>
<t>value - a specific data structure expressing the value of the objective. The format is
language dependent, with the constraint that it can be validly represented in CBOR.
</t>
<t>
An essential requirement for all language mappings and all implementations is that, regardless
of what other options exist for a language-specific representation of the value, there is
always an option to use a raw CBOR data item as the value. The API will then wrap this
with CBOR Tag 24 as an encoded CBOR data item <xref target="RFC7049"/>
for transmission via GRASP, and unwrap it after reception.
</t>
<t>The 'name' and 'value' fields are of variable length. GRASP does not set a maximum
length for these fields, but only for the total length of a GRASP message. Implementations
might impose length limits.</t>
<t>
An example data structure definition for an objective in the C language,
assuming the use of a particular CBOR library, is:
</t>
<artwork align="center" name="" type="" alt=""><![CDATA[
typedef struct {
char *name;
uint8_t flags; // flag bits as defined by GRASP
int loop_count;
int value_size; // size of value in bytes
cbor_mutable_data cbor_value;
// CBOR bytestring (libcbor/cbor/data.h)
} objective;
]]></artwork>
<t>
An example data structure definition for an objective in the Python language is:
</t>
<artwork align="center" name="" type="" alt=""><![CDATA[
class objective:
"""A GRASP objective"""
def __init__(self, name):
self.name = name # Unique name (string)
self.negotiate = False #True if objective supports negotiation
self.dryrun = False #True if objective supports dry-run neg.
self.synch = False # True if objective supports synch
self.loop_count = GRASP_DEF_LOOPCT # Default starting value
self.value = 0 # Place holder; any valid Python object
]]></artwork>
</li>
</ul>
</section>
<section anchor="asaL" numbered="true" toc="default">
<name>ASA_locator</name>
<t>An 'ASA_locator' parameter is a data structure with the following contents:
</t>
<ul spacing="normal">
<li>locator - The actual locator, either an IP address or an ASCII string.</li>
<li>ifi (integer) - The interface identifier index via which this was discovered - probably no use to a normal ASA</li>
<li>expire (system dependent type) - The time on the local system clock when this locator will expire from the cache</li>
<li><t>The following cover all locator types currently supported by GRASP:</t>
<ul><li>is_ipaddress (Boolean) - True if the locator is an IP address</li>
<li>is_fqdn (Boolean) - True if the locator is an FQDN</li>
<li>is_uri (Boolean) - True if the locator is a URI</li></ul></li>
<li>diverted (Boolean) - True if the locator was discovered via a Divert option</li>
<li>protocol (integer) - Applicable transport protocol (IPPROTO_TCP or IPPROTO_UDP)</li>
<li>port (integer) - Applicable port number</li>
</ul>
<t>The 'locator' field is of variable length in the case of an FQDN or a URI. GRASP does not set a maximum
length for this field, but only for the total length of a GRASP message. Implementations
might impose length limits.</t>
</section>
<section numbered="true" toc="default">
<name>Tagged_objective</name>
<t>A 'tagged_objective' parameter is a data structure with the following contents:
</t>
<ul spacing="normal">
<li>objective - An objective</li>
<li>locator - The ASA_locator associated with the objective, or a null value.</li>
</ul>
</section>
<section numbered="true" toc="default">
<name>Asa_nonce</name>
<t>Although an authentication and authorization scheme for ASAs has not been defined, the API
provides a very simple hook for such a scheme. When an ASA starts up, it registers itself
with the GRASP core, which provides it with an opaque nonce that, although not cryptographically
protected, would be difficult for a third party to predict. The ASA must present this nonce
in future calls. This mechanism will prevent some elementary errors or trivial attacks
such as an ASA manipulating an objective it has not registered to use.</t>
<t>Thus, in most calls, an 'asa_nonce' parameter is required. It is generated when an ASA
first registers with GRASP, and the ASA must then store the asa_nonce
and use it in every subsequent GRASP call. Any call in which an invalid nonce is presented will fail.
It is an up to 32-bit opaque value (for example represented as a uint32_t, depending on the language).
It should be unpredictable; a possible implementation is to use the same mechanism that GRASP
uses to generate Session IDs <xref target="I-D.ietf-anima-grasp" format="default"/>. Another possible
implementation is to hash the name of the ASA with a locally defined secret key.</t>
</section>
<section numbered="true" toc="default">
<name>Session_nonce</name>
<t>In some calls, a 'session_nonce' parameter is required. This is an opaque data
structure as far as the ASA is concerned,
used to identify calls to the API as belonging to a specific GRASP session (see <xref target="asynchop" format="default"/>).
In fully threaded implementations this parameter might not be needed, but it is included to
act as a session handle if necessary. It will also allow GRASP to detect and ignore
malicious calls or calls from timed-out sessions. A possible implementation is to form the
nonce from the underlying GRASP Session ID and the source address of the session.</t>
</section>
</section>
<section anchor="regi" numbered="true" toc="default">
<name>Registration</name>
<t>These functions are used to register an ASA and the objectives that it supports with
the GRASP module. If an authorization model is added to GRASP, these API calls would
need to be modified accordingly.</t>
<ul spacing="normal">
<li>
<t>register_asa()</t>
<ul spacing="normal">
<li>
<t>Input parameter:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>name of the ASA (UTF-8 string)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
<dt/>
<dd>asa_nonce (integer) (if successful)</dd>
</dl>
</li>
<li>This initialises state in the GRASP module for the calling entity (the ASA).
In the case of success, an 'asa_nonce' is returned which the ASA must present in
all subsequent calls.
In the case of failure, the ASA has not been authorized and cannot operate.</li>
</ul>
</li>
<li>
<t>deregister_asa()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>name of the ASA (UTF-8 string)</dd>
</dl>
</li>
<li>
<t>Return parameter:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>This removes all state in the GRASP module for the calling entity (the ASA),
and deregisters any objectives it has registered. Note that these actions must
also happen automatically if an ASA crashes.</li>
<li>Note - the ASA name is strictly speaking redundant in this call, but is present for clarity.</li>
</ul>
</li>
<li>
<t>register_objective()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
<dt/>
<dd>ttl (integer - default GRASP_DEF_TIMEOUT)</dd>
<dt/>
<dd>discoverable (Boolean - default False)</dd>
<dt/>
<dd>overlap (Boolean - default False)</dd>
<dt/>
<dd>local (Boolean - default False)</dd>
</dl>
</li>
<li>
<t>Return parameter:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>This registers an objective that this ASA supports and may modify.
The 'objective' becomes a candidate for discovery. However, discovery
responses should not be enabled until the ASA calls listen_negotiate() or
listen_synchronize(), showing that it is able to act as a responder.
The ASA may negotiate the objective or send synchronization or flood data.
Registration is not needed for "read-only" operations, i.e., the ASA only wants
to receive synchronization or flooded data for the objective concerned. </li>
<li>The 'ttl' parameter is the valid lifetime (time to live) in milliseconds of any
discovery response for this objective. The default value should be the GRASP
default timeout (GRASP_DEF_TIMEOUT, see <xref target="I-D.ietf-anima-grasp" format="default"/>).</li>
<li>If the parameter 'discoverable' is True, the objective
is immediately discoverable. This is
intended for objectives that are only defined for GRASP discovery,
and which do not support negotiation or synchronization.</li>
<li>If the parameter 'overlap' is True, more than one ASA may register this objective
in the same GRASP instance.</li>
<li>If the parameter 'local' is True, discovery must return a link-local address.
This feature is for objectives that must be restricted to the local link.</li>
<li>This call may be repeated for multiple objectives.</li>
</ul>
</li>
<li>
<t>deregister_objective()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
</dl>
</li>
<li>
<t>Return parameter:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>The 'objective' must have been registered by the calling ASA; if not, this call fails.
Otherwise, it removes all state in the GRASP module for the given objective.</li>
</ul>
</li>
</ul>
<!-- End of registration functions -->
</section>
<section numbered="true" toc="default">
<name>Discovery</name>
<ul spacing="normal">
<li>
<t>discover()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
<dt/>
<dd>timeout (integer)</dd>
<dt/>
<dd>age_limit (integer)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
<dt/>
<dd>locator_list (structure)</dd>
</dl>
</li>
<li>This returns a list of discovered 'ASA_locator's for the given objective.
Note that this structure includes all the fields described in <xref target="asaL" format="default"/>.
</li>
<li>If the parameter 'age_limit' is greater than zero, any locally cached locators for the
objective whose remaining lifetime in milliseconds is less than or equal to 'age_limit'
are deleted first. Thus 'age_limit' = 0 will flush all entries.</li>
<li>If the parameter 'timeout' is zero, any remaining locally cached locators for the
objective are returned immediately and no other action is taken. (Thus,
a call with 'age_limit' and 'timeout' both equal to zero is pointless.)</li>
<li>If the parameter 'timeout' is greater than zero,
GRASP discovery is performed, and all results obtained before the timeout in milliseconds
expires are returned. If no results are obtained, an empty list is returned after the timeout.
That is not an error condition.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: This should be called in a separate thread if asynchronous operation is required.</li>
<li>Event loop implementation: An additional read/write 'session_nonce' parameter is used.
A callback may be used in the case of a non-zero tiemout.</li></ul></li>
</ul>
</li>
</ul>
</section>
<!-- End of discovery functions -->
<section numbered="true" toc="default">
<name>Negotiation</name>
<ul spacing="normal">
<li>
<t>request_negotiate()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
<dt/>
<dd>peer (ASA_locator)</dd>
<dt/>
<dd>timeout (integer)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
<dt/>
<dd>session_nonce (structure) (if successful)</dd>
<dt/>
<dd>proffered_objective (structure) (if successful)</dd>
<dt/>
<dd>reason (string) (if negotiation declined)</dd>
</dl>
</li>
<li>This function opens a negotiation session between two ASAs. Note that GRASP currently
does not support multi-party negotiation, which would need to be added as an extended
function.</li>
<li>The 'objective' parameter must
include the requested value, and its loop count should be set to a
suitable starting value by the ASA. If not, the GRASP default will apply.</li>
<li>Note that a given negotiation session may or may not be a dry-run negotiation;
the two modes must not be mixed in a single session.</li>
<li>The 'peer' parameter is the target node; it must be an 'ASA_locator' as returned
by discover(). If 'peer' is null, GRASP discovery is automatically performed first to find
a suitable peer (i.e., any node that supports the objective in question).</li>
<li>
<t>If the 'errorcode' return parameter is 0, the negotiation has successfully
started. There are then two cases:
</t>
<ol spacing="normal" type="1">
<li>The 'session_nonce' parameter is null. In this case the negotiation
has succeeded immediately (the peer has accepted the request). The returned
'proffered_objective' contains the value accepted by the peer.</li>
<li>
<t>The 'session_nonce' parameter is not null. In this case negotiation
must continue. The 'session_nonce' must be presented in all subsequent negotiation steps.
The returned 'proffered_objective' contains the first value
proffered by the negotiation peer. The contents of this instance of the objective
must be used in the subsequent negotiation call because
it contains the updated loop count, sent by the negotiation peer.
The GRASP code automatically decrements the loop count by 1 at each step,
and returns an error if it becomes zero.
</t>
<t>
This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait'
and/or 'end_negotiate' until the negotiation ends. 'request_negotiate' may then be called
again to start a new negotiation.</t>
</li>
</ol>
</li>
<li>If the 'errorcode' parameter has the value 1 ('declined'), the negotiation has been declined
by the peer (M_END and O_DECLINE features of GRASP). The 'reason' string is then available for
information and diagnostic use, but it may be a null string. For this and any other error code,
an exponential backoff is recommended before any retry.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: This should be called in a separate thread if asynchronous operation is required.</li>
<li>Event loop implementation: The 'session_nonce' parameter is used to distinguish
multiple simultaneous sessions.</li></ul></li>
<li>Use of dry run mode: This must be consistent within a GRASP session. The state of the 'dry'
flag in the initial request_negotiate() call must be the same in all subsequent negotiation
steps of the same session. The semantics of the dry run mode are built into the ASA; GRASP
merely carries the flag bit.</li>
<li>Special note for the ACP infrastructure ASA: It is likely that this ASA will need to
discover and negotiate with its peers in each of its on-link neighbors. It will therefore need to
know not only the link-local IP address but also the physical interface and transport port for
connecting to each neighbor. One implementation approach to this is to include these
details in the 'session_nonce' data structure, which is opaque to normal ASAs.</li>
</ul>
</li>
<li>
<t>listen_negotiate()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
<dt/>
<dd>session_nonce (structure) (if successful)</dd>
<dt/>
<dd>requested_objective (structure) (if successful)</dd>
</dl>
</li>
<li>This function instructs GRASP to listen for negotiation
requests for the given 'objective'. It also enables discovery responses for the objective,
as mentioned under register_objective() in <xref target="regi"/>.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: It will block waiting for an incoming request, so
should be called in a separate thread if asynchronous operation is required.
Unless there is an unexpected failure, this call only returns after an
incoming negotiation request.
If the ASA supports multiple simultaneous transactions, a new thread must
be spawned for each new session.</li>
<li>Event loop implementation: A 'session_nonce' parameter is used
to distinguish individual sessions.
If the ASA supports multiple simultaneous transactions, a new event must be inserted
in the event loop for each new session.</li></ul></li>
<li>This call only returns (threaded model) or triggers (event loop) after an
incoming negotiation request. When this occurs,
'requested_objective' contains the first value requested by
the negotiation peer. The contents of this instance of the objective
must be used in the subsequent negotiation call because
it contains the loop count sent by the negotiation peer. The 'session_nonce' must be
presented in all subsequent negotiation steps. </li>
<li>This function must be followed by calls to 'negotiate_step' and/or 'negotiate_wait'
and/or 'end_negotiate' until the negotiation ends. 'listen_negotiate' may then be called
again to await a new negotiation.</li>
<li>If an ASA is capable of handling multiple negotiations simultaneously, it may
call 'listen_negotiate' simultaneously from multiple threads, or insert multiple events.
The API and GRASP implementation
must support re-entrant use of the listening state and the negotiation calls. Simultaneous
sessions will be distinguished by the threads or events themselves,
the GRASP session nonces, and the underlying unicast transport sockets.</li>
</ul>
</li>
<li>
<t>stop_listen_negotiate()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
</dl>
</li>
<li>
<t>Return parameter:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>Instructs GRASP to stop listening for negotiation
requests for the given objective, i.e., cancels 'listen_negotiate'.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: Must be called
from a different thread than 'listen_negotiate'. </li>
<li>Event loop implementation: no special considerations.</li></ul></li>
</ul>
</li>
<li>
<t>negotiate_step()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>session_nonce (structure)</dd>
<dt/>
<dd>objective (structure)</dd>
<dt/>
<dd>timeout (integer)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>Exactly as for 'request_negotiate'</dd>
</dl>
</li>
<li>Executes the next negotation step with the peer. The 'objective' parameter
contains the next value being proffered by the ASA in this step.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.</li>
<li>Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.</li></ul></li>
</ul>
</li>
<li>
<t>negotiate_wait()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>session_nonce (structure)</dd>
<dt/>
<dd>timeout (integer)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>Delay negotiation session by 'timeout' milliseconds, thereby extending the original timeout. This
function simply triggers a GRASP Confirm Waiting message (see <xref target="I-D.ietf-anima-grasp"/>
for details).</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.</li>
<li>Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.</li></ul></li>
</ul>
</li>
<li>
<t>end_negotiate()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>session_nonce (structure)</dd>
<dt/>
<dd>result (Boolean)</dd>
<dt/>
<dd>reason (UTF-8 string)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
</dl>
</li>
<li>
<t>End the negotiation session.
</t>
<t>
'result' = True for accept (successful negotiation), False for decline (failed negotiation).
</t>
<t>
'reason' = optional string describing reason for decline.</t>
</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: Called in the same thread as the preceding 'request_negotiate' or 'listen_negotiate',
with the same value of 'session_nonce'.</li>
<li>Event loop implementation: Must use the same value of 'session_nonce' returned by the
preceding 'request_negotiate' or 'listen_negotiate'.</li></ul></li>
</ul>
</li>
</ul>
</section>
<!-- End of negotiation functions -->
<section numbered="true" toc="default">
<name>Synchronization and Flooding</name>
<ul spacing="normal">
<li>
<t>synchronize()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>asa_nonce (integer)</dd>
<dt/>
<dd>objective (structure)</dd>
<dt/>
<dd>peer (ASA_locator)</dd>
<dt/>
<dd>timeout (integer)</dd>
</dl>
</li>
<li>
<t>Return parameters:</t>
<dl newline="false" spacing="normal">
<dt/>
<dd>errorcode (integer)</dd>
<dt/>
<dd>objective (structure) (if successful)</dd>
</dl>
</li>
<li>This call requests the synchronized value of the given 'objective'.</li>
<li>Since this is essentially a read operation, any ASA can do it, unless
an authorization model is added to GRASP in future. Therefore
the API checks that the ASA is registered, but the objective does not need to
be registered by the calling ASA.</li>
<li>If the objective was already flooded, the flooded value is
returned immediately in the 'result' parameter. In this case, the 'peer'
and 'timeout' are ignored.</li>
<li> Otherwise, synchronization with a discovered ASA is performed.
The 'peer' parameter is an 'ASA_locator' as returned by discover().
If 'peer' is null, GRASP discovery is automatically performed first to find
a suitable peer (i.e., any node that supports the objective in question).</li>
<li>This call should be repeated whenever the latest value is needed.</li>
<li><t>Asynchronous Mechanisms:</t><ul>
<li>Threaded implementation: Call in a separate thread if asynchronous operation is required.</li>
<li>Event loop implementation: An additional read/write 'session_nonce' parameter is used.</li></ul></li>
<li>Since this is essentially a read operation, any ASA can use
it. Therefore GRASP checks that the calling ASA is registered but the
objective doesn't need to be registered by the calling ASA.</li>
<li>In the case of failure, an exponential backoff is recommended before retrying.</li>
</ul>
</li>
<li>
<t>listen_synchronize()</t>
<ul spacing="normal">
<li>
<t>Input parameters:</t>