| Abstract
|
The purpose of this document is to develop framework and
requirements for a protocol that will allow for communicating
control data associated with IP/transport-layer data flows or
aggregates of them between intermediate packet processing devices
and external controllers.
The protocol will be extensible in order to allow for communicating
arbitrary control data associated with packet flows and defining
packet flow processing. It will include provisions for verifying the
integrity of each message as well as ensuring authentication of all
parties involved in the transactions.
A major application of this protocol will be the control of packet
processing policies in decomposed firewalls/NATs/NAT-PTs by
externalized Application Level Gateways. This particular use will
relieve firewalls/NATs from application-layer processing to improve
their maintainability and performance.
Examples of other possible applications include but are not limited
to buffer management and load balancing.
|
