Admission Control

Admission control is a research field that has been receiving a considerable amount of interest since the introduction of IP network architectures designed to support QoS for traffic flows, such as the Integrated services architecture and, more recently, the more scalable Differentiated services architecture. This interest has been driven by the belief that regulation of admission of new traffic flows is one of the primary means of preventing network congestion and ensuring QoS. In other words, admission control can be defined as the set of online actions that need to be taken during the flow establishment (invocation) phase to determine whether the flow should be admitted or not and its primary role is to control the amount of traffic injected to the network so that predefined performance objectives are met.

In order for an admission control scheme to be successful in practice, it needs to fulfill several requirements:

• Robustness: An admission control scheme must ensure that the requested QoS is provided and is robust with respect to traffic heterogeneity, time-scale fluctuations (long-range dependency), as well as to heavy offered traffic loads.
• Resource utilization: The secondary goal for admission control is to maximize resource utilization, subject to the QoS constraints for the admitted flows.
• Implementation: The cost of deploying an admission control scheme must be smaller than its benefits. In addition, the traffic characteristics required by the scheme should be easily obtained from the traffic sources and the network and, also, the scheme should scale well with the number of flows.

Therefore, the challenge is to design simple admission control functions that provide the requested QoS and improve network efficiency under any offered traffic conditions.

This section of the Quality of Service Management Information Portal serves as a focal point for research related to admission control targeted at achieving QoS, by giving a taxonomy of the admission control schemes based on various criteria, describing their main features and also considerations with respect to their performance, followed by links to relevant material where the interested reader can refer to for more information.

General Description/Taxonomy

The following criteria are commonly used for categorizing admission control schemes. Combinations of options, as given by each one of the criteria, allow for the reconstruction of most admission control approaches found in the literature.

Admission control for non-elastic and for elastic traffic

A first criterion to distinguish the different admission control schemes is given by the nature of the traffic applications the schemes are targeted to. The traffic applications can be divided into two main categories based on the transport layer protocol they use, non-elastic (UDP controlled) and elastic (TCP controlled) traffic applications. The vast majority of admission control schemes are targeted to non-elastic traffic flows, there exist though schemes targeted to elastic traffic flows as well. These two types of applications have different QoS requirements (loss, delay and jitter for non-elastic applications and throughput -goodput to be more precise; that is the throughput disregarding retransmissions- for elastic applications and, moreover, exhibit different traffic patterns and employ different invocation methods -the invocation of elastic traffic flows is mainly implicit (HTTP traffic) whereas for non-elastic traffic flows the invocation process is explicit. Therefore, the admission control schemes targeted to these two distinct types of applications take into account these fundamental differences.

Admission control for isolated and non-isolated types of traffic

Most admission control schemes assume the existence of isolation between the non-elastic and elastic traffic flows. This isolation makes the provisioning of QoS easier, given the different nature of QoS requirements that non-elastic and elastic traffic flows have. However, there exist some approaches that are applicable to networks that offer no isolation between these two types of traffic. In such cases, the admission control schemes, apart from providing the requested QoS for the traffic type they are targeted to, they also need to provide fairness with respect to the bandwidth sharing among these two types of traffic.

Centralized and distributed admission control schemes

A further criterion to distinguish different admission control schemes is given by the location where the admission control decision is made; at a centralized server (e.g. Bandwidth Broker) or at various possible points in a network (e.g. at ingress/egress nodes, at every forwarding node or at the endpoints of communication) in a distributed manner.

The idea of centralized schemes is rather simple. With a signaling protocol, messages are exchanged between the sender of the flow and the centralized entity and, also, between routers in the network and the centralized entity. These messages include the service requirement of the flow and the available resources state at each router, therefore admission control is performed by an entity that has complete and up-to-date knowledge of the network topology and resources, which is an ideal situation. However, in practice, centralized schemes have certain disadvantages that need to be considered. The first one is that a centralized entity constitutes a single point of failure. Another problem is the scalability problems that a centralized scheme raises and also the potential latency penalties incurred by the signaling messages exchange process.

Distributed schemes avoid the single point of failure and the scalability concerns inherent in the centralized approach, but the existence of multiple admission control decision points means that concurrent admission control decisions may be made by distinct decision points for flows competing for the same resources, without taking into account the effect that simultaneous admissions of flows at other decision points can have on the state of the resources. That can lead to violations of QoS and the effects of concurrent admission control decisions depend on the number of admission control decision points competing for the same resources and also on flow arrival and departure dynamics.

Traffic-descriptor based admission control vs Measurement-based admission control vs Probe-based admission control

Another criterion to distinguish different admission control schemes is based on the method they use in order to decide whether there exist enough resources in order to admit or not a new flow.

Traffic descriptor-based admission control (TDAC) is based on the assumption that traffic descriptors, either deterministic or stochastic, are provided by the application/end-users for each flow requested prior to its establishment, and the scheme uses the declared traffic descriptors to derive the bandwidth requirements for the required QoS. This approach achieves high utilization when traffic descriptors used by the admission control scheme are tight. Nevertheless, in practice, it suffers from several problems. One of them is the inability of the application users to come up with tight traffic descriptors before establishing the flows. In case users overestimate their requirements, resources will be wasted in the network for the entire flows durations, leading, therefore, to reduced network utilization. On the other hand, if users underestimate their requirements, insufficient resources will be allocated to their flows for the entire flows durations, leading, therefore, to QoS degradation. Another problem is that the provided traffic descriptor and the associated QoS guarantee define a contract between the application and the network. Therefore, the need to police based on this traffic specification arises, which is difficult, especially for statistical traffic descriptors. Deterministic models, such as token buckets, are easy to police, but they fail to provide a sufficient characterization to extract a large fraction of the potential statistical multiplexing gain.

Measurement-based admission control (MBAC) tries to avoid the problems of TDAC approaches by shifting the task of traffic characterization from the application to the network. Instead of applications explicitly specifying their traffic descriptors, the network attempts to “learn” the characteristics of existing flows through real-time measurements. This approach has a number of advantages. First, the specified traffic descriptors can be very simple, e.g. peak rate, which can be easily policed. Second, an overly conservative specification does not result in over-allocation of resources for the entire duration of the service session. Third, when traffic from different flows is multiplexed, the QoS experienced depends often on their aggregate behavior, the statistics of which are easier to estimate than those of an individual flow (this is a consequence of the law of large numbers). However, relying on measured quantities raises a number of issues. As with any measurement/estimation procedure, there exists the possibility of making errors, which can translate to erroneous flow admission decisions, leading either to QoS degradation, if flows are erroneously granted admission, or reduced network utilization, if flows are erroneously refused admission. The impact of wrong flow admission decisions on performance depends on how long it takes until this error is corrected; that is, on flow departure dynamics. Moreover, the issue of determining a proper amount of memory to use for past information about the flows currently present in the network arises, something that is not trivial to be addressed. MBAC schemes can be further divided into fitted-model schemes and model-free schemes. The fitted-model schemes assume a traffic model and try to find the best-fit parameters from the observed real traffic. This approach can be a good choice if the assumed traffic model is valid, but can lead to erroneous admission control decisions if the traffic model is not valid. The model-free schemes do not assume any traffic models but use general traffic statistics (e.g. measurements of utilization or packet loss). This approach is appealing because it avoids the problem of traffic modeling, however it is doubtful whether general traffic characteristics can represent traffic characteristics as accurately as a traffic model.

Probe-based admission control (PBAC) employs probes via a pattern of packets to infer path-wise QoS. PBAC schemes can be further divided into schemes that require the involvement of routers along the path between two communication endpoints and to pure Endpoint Admission Control (EAC), where only communication endpoints are involved in the admission control process. In the PBAC schemes where routers are involved, each router along the path has to make a decision whether the probes can continue to be forwarded to the destination. In these schemes, probe packets can be used merely as a kind of signaling packets to convey the 'local' admission control decisions made by the routers along the paths to the endpoint, which then implicitly infers the 'global' admission control decision. In EAC schemes, prior to a new flow admission, the end-hosts send a probe packet stream with similar characteristics to the request flow and based on the QoS the probe packet stream receives, the new flow is admitted or rejected. The probe packets are usually sent either at the same priority as the main flow packets (in-band probing) or at a lower priority (out-of-band probing). For in-band probing, the QoS target for the main flow can be directly used as an admission threshold. For out-of-band probing, the probe packets stream QoS is not directly related to the main flow QoS and it is, therefore, necessary to establish the method to find the optimum admission threshold. In EAC schemes, routers along the paths can be simple, since they only forward probe packets like normal data packets. However, set-up delays can be high, since for reasonably bounded setup delays the metrics do not depict stationary network states but rather snapshots of network status, which can result to a quite unrealistic picture of the network congestion level, and there exists the hazard of thrashing; that is even though the number of admitted flows is small, the cumulative level of probing packets prevents further flow admissions, driving the network utilization to very low values. For in-band probing, thrashing additionally degrades the QoS perceived by the already established flows because of the stress incurred by the probe packets. For out-of-band probing, since probe packets are sent at a lower priority than the main flow packets, thrashing does not degrade the QoS perceived by the already established flows. On the contrary, it can have the opposite effect, since the higher priority main flows traffic class is emptied.

Admission control for intra-domain and for inter-domain traffic

Admission control schemes can be also categorized depending on the topological scope of the traffic flows. Many admission control schemes, explicitly or implicitly make the assumption that the traffic is intra-domain; that is it originates and terminates within the same domain. Therefore, the administrative entities of this domain (e.g. Bandwidth Broker in case of centralized schemes) can have complete knowledge and control over the end-to-end paths and the underlying architecture (e.g. functionality and number of forwarding classes supported in the routers) when configuring the admission control processes. For example, for out-of-band EAC schemes, the existence of the lower priority forwarding class that will carry the probe streams, as well as the relative priority of this class with respect to the other implemented classes must be guaranteed to exist and remain unchanged end-to-end. Schemes that do not make the assumption of intra-domain traffic, but assume that traffic can be inter-domain; that is it may have to go through transit domains in order to reach its destination, usually view the end-to-end admission control process as a chain of 'per-domain' admission control processes, e.g. as a cooperation of Bandwidth Brokers along the end-to-end paths, where each Bandwidth Broker performs admission control for the domain it administers.

Publications

• S. Jamin, S. Shenker and P. Danzig, Comparison of Measurement-based Admission Control Algorithms for Controlled-Load Service, IEEE INFOCOM 1997.
• H. Perros and K. Elsayed, Call Admission Control Schemes: A Review, IEEE Communications Magazine, November 1996.
• K. Shiomoto, N. Yamanaka and T. Takahashi , Overview of Measurement-based Connection Admission Control Methods in ATM Networks, IEEE Communication Surveys 1999.
• S. Floyd, Comments on Measurement-based Admission Control for Controlled-Load Services, July 1996, Lawrence Berkeley Laboratory Technical Report.
• X. Xiao and L.M. Ni, Internet QoS: A Big Picture, IEEE Network, March/April 1999.
• V. Elek, G. Karlsson and R. Ronngren, Admission Control based on End-to End Measurements, IEEE INFOCOM 2000.
• K. Mase, Toward Scalable Admission Control for VoIP Networks, IEEE Communications Magazine, July 2004.
• L. Breslau, S. Jamin and S. Shenker, Comments on the Performance of Measurement-Based Admission Control Algorithms, IEEE INFOCOM 2000.
• N. Blefari-Melazzi and M. Femminella, A Comparison of the Utilization Efficiency between a Stateful and a Stateless Admission Control in IP Networks in a Heterogeneous Traffic Case, ACM/Kluwer Telecommunication Systems Journal, March/April 2004.
• S. Lima, P. Carvalho and V. Freitas, Distributed Admission Control for QoS and SLS Management, Journal of Network and Systems Management, September 2004.
• M. Grossglauser and D. Tse, A Framework for Robust Measurement-Based Admission Control, IEEE/ACM Transactions on Networking, June 1999.
• L. Breslau, E. Knightly, S. Shenker, I. Stoica and Z. Zhang, Endpoint Admission Control: Architectural Issues and Performance, ACM SIGCOMM 2000.
• S. Lima, P. Carvalho and V. Freitas, Distributed Admission Control in Multiservice IP Networks: Concurrency issues, Journal of Communications, June 2006.
• S.B. Fredj, S. Oueslati-Boulahia and J. Roberts, Measurement-based Admission control for Elastic Traffic, ITC 2001.
• J. Charzinski, Problems of Elastic Traffic Admission Control in an HTTP Scenario, IWQoS 2001.
• G. Karlsson, H. Lundqvist and I.M. Ivars, Single-Service Quality Differentiation, IWQoS 2004.
• H. Lundqvist, I.M. Ivars and G. Karlsson, Edge-based Differentiated Services, IWQoS 2005.
• N. Benameur, S.B. Fredj, S. Oueslati-Boulahia and J. Roberts, Integrated Admission Control for Streaming and Elastic Traffic, QofIS 2001.
• C. Cetinkaya and E. Knightly, Egress Admission Control, IEEE INFOCOM 2000.

Related Links

• European Network of Excellence for the Management of Internet Technologies and Complex Services (EMANICS)

Dissemination

The list of journals and conferences related to admission control does not mean to be exhaustive, rather it is indicative. For additions/updates please contact the webmaster.

Journals

• IEEE Transactions on Network and Service Management
• Journal of Network and Systems Management
• IEEE Communication Magazine
• IEEE Network
• IEEE/ACM Transactions on Networking
• IEEE Transactions on Multimedia
• IEEE Journal on Selected Areas of Communications
• Elsevier Computer Networks
• Elsevier Computer Communications
• ACM SIGCOMM Computer Communications Review

Major Conferences

• IEEE International Conference on Communications (ICC)
• IEEE Global Communications Conference (Globecom)
• IEEE Conference on Computer Communications (Infocom)
• IEEE International Workshop on Quality of Service (IWQoS)
• ACM SIGCOMM

Software/Tools

• The Network Simulator (ns2)
• The J-Sim Simulator (formerly known as Javasim)
• The OPNET Modeler