| COPS, Common Open Policy Service |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP. |
| Protocol type: | Application layer protocol. |
| Port: | 3288 (TCP). |
| SNMP MIBs: | iso.org.dod.internet.mgmt.mib-2.copsClientMIB (1.3.6.1.2.1.89). |
| Working groups: | rap, Resource Allocation Protocol. |
| Links: | IANA: COPS parameters. |
COPS was designed to distribute clear-text policy information from a centralized Policy Decision Point (PDP) to a set of Policy Enforcement Points (PEP) in the Internet. COPS provides its own security mechanisms to protect the per-hop integrity of the deployed policy. However, the use of COPS for sensitive applications (e.g., some types of security policy distribution) requires additional security measures, such as data confidentiality. This is because some organizations find it necessary to hide some or all of their security policies, e.g., because policy distribution to devices such as mobile platforms can cross domain boundaries.
| MAC header | IP header | TCP header | COPS header | Data ::: |
COPS header:
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Version | reserved | S | Opcode | Client type | |||||||||||||||||||||||||||
| Message length | |||||||||||||||||||||||||||||||
| Data ::: | |||||||||||||||||||||||||||||||
Version.
4 bits.
COPS version number.
reserved.
3 bits.
Must be cleared to 0.
S, Solicited Message Flag.
1 bit.
Set when the message is solicited by another COPS message.
Opcode. 8 bits.
| Opcode | Description | References |
|---|---|---|
| 1 | REQ, Request. | RFC 2748 |
| 2 | DEC, Decision. | RFC 2748 |
| 3 | RPT, Report State. | RFC 2748 |
| 4 | DRQ, Delete Request State. | RFC 2748 |
| 5 | SSQ, Synchronize State Req. | RFC 2748 |
| 6 | OPN, Client-Open. | RFC 2748 |
| 7 | CAT, Client-Accept. | RFC 2748 |
| 8 | CC, Client-Close. | RFC 2748 |
| 9 | KA, Keep-Alive. | RFC 2748 |
| 10 | SSC, Synchronize Complete. | RFC 2748 |
Client type.
16 bits.
Identifies the policy client.
Interpretation of all encapsulated objects is relative to the client type.
Client types that set the most significant bit in the client-type field are enterprise specific (these are client-types 0x8000 - 0xFFFF).
See the specific client usage documents for particular client-type IDs.
For KA Messages, the client-type in the header MUST always be set to 0 as the KA is used for connection verification (not per client session verification).
| Client type | Description | References |
|---|---|---|
| 0x0001 | RSVP. | RFC 2749 |
| 0x0002 | DiffServ QoS. | RFC 3317 |
| 0x8001 - 0x8004 | IP Highway. | |
| 0x8005 | Fujitsu Application Server Software Division. | |
| 0x8006 | HP OpenView PolicyXpert. | |
| 0x8007 | HP OpenView PolicyXpert COPS-PR PXPIB. | |
| 0x8008 | PacketCable Dynamic Quality of Service. | |
| 0x8009 | COPS usage for 3GPP GO interface. |
Message length.
32 bits.
Size of message in bytes, which includes the standard COPS header and all encapsulated objects.
Messages MUST be aligned on 4 byte intervals.
Data.
Variable length.
Contains one or more Objects.
Object.
Variable length.
If the length in bytes does not fall on a 32-bit word boundary, padding MUST be added to
the end of the object so that it is aligned to the next 32-bit boundary before the object can be sent on the wire.
On the receiving side, a subsequent object boundary can be found
by simply rounding up the previous stated object length to the next 32-bit boundary.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Length | Class | Type | |||||||||||||||||||||||||||||
| Data ::: | |||||||||||||||||||||||||||||||
Length.
16 bits.
Size of the object in bytes.
Class. 8 bits.
Class of the object.
| Class | Description | References |
|---|---|---|
| 1 | Handle. | RFC 2748 |
| 2 | Context. | RFC 2748 |
| 3 | In Interface. | RFC 2748 |
| 4 | Out Interface. | RFC 2748 |
| 5 | Reason code. | RFC 2748 |
| 6 | Decision. | RFC 2748 |
| 7 | LPDP Decision. | RFC 2748 |
| 8 | Error. | RFC 2748 |
| 9 | Client Specific Info. | RFC 2748 |
| 10 | Keep-Alive Timer. | RFC 2748 |
| 11 | PEP Identification. | RFC 2748 |
| 12 | Report Type. | RFC 2748 |
| 13 | PDP Redirect Address. | RFC 2748 |
| 14 | Last PDP Address. | RFC 2748 |
| 15 | Accounting Timer. | RFC 2748 |
| 16 | Message Integrity. | RFC 2748 |
Type. 8 bits.
Data.
Variable length.
The content depends on the message.
PDP, Policy Decision Point.
PEP, Policy Enforcement Point.
PIB, Policy Information Base.
SPPI, Structure of Policy Provisioning Information.
Defines the adapted subset of SNMP's Structure of Management Information used to write Policy Information Base modules.
RFCs:
[RFC 2748] The COPS (Common Open Policy Service) Protocol.
[RFC 2749] COPS usage for RSVP.
[RFC 2940] Definitions of Managed Objects for Common Open Policy Service (COPS) Protocol Clients.
[RFC 3084] COPS Usage for Policy Provisioning (COPS-PR).
[RFC 3127] Authentication, Authorization, and Accounting: Protocol Evaluation.
[RFC 3159] Structure of Policy Provisioning Information (SPPI).
[RFC 3317] Differentiated Services Quality of Service Policy Information Base.
[RFC 3535] Overview of the 2002 IAB Network Management Workshop.
[RFC 3571] Framework Policy Information Base for Usage Feedback.
[RFC 4261] Common Open Policy Service (COPS) Over Transport Layer Security (TLS).
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |