From The Linux Foundation
[edit] Copyright
Copyright (c) 2005-2008 by The Linux Foundation, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is available at http://www.opencontent.org/opl.shtml/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Other company, product, or servic e names may be the trademarks of others.
Linux is a Registered Trademark of Linus Torvalds.
[edit] Introduction
[edit] Document Organization
[edit] Unsatisfied "Gap" Requirements
[edit] Availability Gaps
[edit] AVL.3.2 Forced Un-mount
Action: Rewrite using new gap template.
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for forced unmounting of a file system. The un-mount shall work even if there are open files in the file system. Pending requests shall be ended with the return of an error value when the file system is unmounted.
[edit] AVL.3.3 Forced Un-mount Application Notification
Action: Rewrite using new gaps template.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a notification mechanism when a forced un-mount of a file system occurs.
[edit] AVL.4.2 Replaceable OOM Killer
Action: Delete.
Notes: As of 2.6.25 the OOM killer is now configurable and can be informed of processes that are high priority and should not be killed until all other killable processes have already been terminated. OOM conditions are also assessed on a per-cgroup basis, also providing better options for engineering how OOM conditions will be handled.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide mechanisms to allow the replacement of the out-of-memory (OOM) killer algorithm within the kernel. In an environment in which an application is made up of many processes, the act of killing any single process may prevent the application from continuing to provide service while leaving its remaining processes running and preventing proper recovery. Hence it must be possible to provide a replacement algorithm that can take the relationships between processes into account when determining which ones to slay. By default the current algorithm in the kernel is used. The new algorithm can be activated by loading the relevant kernel module.
[edit] AVL.4.3 Low Memory Condition Monitor
Action: Delete.
Notes: It is impossible to predict from userspace when an OOM condition will occur.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a low memory condition monitor. To avoid encountering a true out-of-memory (OOM) condition in the Linux kernel, a userspace facility should be provided to monitor memory usage and take action based on a configurable low-memory threshold. This threshold would be set to predict an OOM condition before it becomes critical. The threshold would apply to both physical memory and swap area. The application should record the top N memory-consuming processes, so that when the threshold is reached, processes that are not on the user-defined do-not-kill list that are trending up in memory use can be killed. This capability would allow the application to tell the kernel to stop allocating memory to user-space processes. When applications run out of pre-allocated memory, the system could remain nominally in service until more memory becomes available.
[edit] AVL.4.4 Low Memory Notification Mechanism
Action: Delete.
Notes: It is impossible to predict from userspace when an OOM condition will occur.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a low memory notification mechanism. Whenever a low memory condition is detected, the mechanism shall generate a remote notification. Notification methods shall support enterprise-level notification protocols such as SNMP or CIM. See:
- STD.7 SNMP (for IPv4 and IPv6)
[edit] AVL.7.1.2 Multi-Path Access to Storage
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented today as part of any fibre channel driver.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. The software shall determine if multiple paths exist to the same port of the I/O device, and, with configurable controls, balance I/O requests across multiple host bus adapters. If multiple paths exist to the same device over two separate device ports on the same host bus adapter, those I/Os will not be balanced.
[edit] AVL.8.3 Parallel Driver Initialization During Startup
Action: Delete.
Notes: The feedback from the community was that this feature was implemented and the performance improvement was negligable. Full details of the discussion are captured here: https://lists.linux-foundation.org/pipermail/lf_carrier/2008-May/000333.html
Priority: P3
Description: CGL specifies that, if multiple drivers are compiled into the Linux Kernel, the initialization or probing routines of those drivers execute in parallel. CGL further specifies that, if multiple drivers are to be loaded as modules, the driver modules are loaded in parallel. CGL further specifies that in either of these two cases, a driver is only initialized once its dependent drivers have initialized.
[edit] AVL.12.0 NFS Client Protection Across Server Failures
Action: Delete.
Notes: NFI
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide mechanisms that allow an NFS server to have failover capability to provide service continuity upon a node failure. The NFS service has to be resumed on another node without any impact on NFS clients other than the retransmission of pending requests (open files must remain open). Clients authenticated on the old server must remain authenticated on the new server.
[edit] AVL.14.0 Excessive CPU Cycle Usage Detection
Action: Delete.
Notes: The Completely Fair Scheduler (CFS), the cgroups feature and the Real-Time group scheduling feature implements protection against runaway applications, which seems to be the intent of this feature. If the description below is a real requirement, it will have to be re-written to follow the new template.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a mechanism that detects excessive CPU cycle usage by any process or thread. To enable detection, the following capabilities shall be provided:
- Communication between the monitoring process and the kernel.
- Registering a list of processes or threads and their allowed CPU cycle thresholds.
- Ability to define policy based on process events including process/thread creation and exit.
- Ability to take action whenever an event occurs.
- Ability to set the CPU cycle threshold to a resolution of one millisecond.
[edit] AVL.15.0 Fast Application Restart Mechanism
Action: Delete.
Notes: This sounds like application checkpointing and is unlikely to ever be implemented as described below. The addition of a 'freeze state' API in the kernel is almost certainly a permanently out-of-tree feature.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a mechanism that enables a quick application restart. Typical applications in a carrier environment use multiple processes with inter-process communications. As applications become more complex, application initialization times become longer. To speed up application initialization, the mechanism shall provide the functionality to simultaneously save memory images of multiple processes (including the kernel resources used by each process) and to restore the images. When the application completes initialization, including making connections between processes and setting up kernel resources for inter-process communication, the application invokes a save function that makes a copy of the memory images of the process and kernel resources. If the application hangs, the mechanism restores the memory images and kernel resources and restarts the application.
[edit] AVL.18.0 iSCSI Error Handling Support
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented today in iSCSI.
Priority: P3
Description: CGL specifies that the iSCSI Initiators implemented by carrier grade Linux should support the following iSCSI options:
- Header and Data Digests
- Error recovery level 1 as specified by RFC 3720
[edit] AVL.28.0 Support of Mlocked Page Limits
Action: Rewrite using new gaps template.
Priority: P3
Description: CGL specifies that carrier grade Linux shall support system wide limits on mlocked pages. This shall be configurable and enforced when the mlock page count exceeds the maximum setting. Either explicitly through a system call or implicitly through a page fault. The behavior shall be identical to per process mlocked limit when this system wide limit is exceeded.
[edit] Cluster Gaps
[edit] CCM.2.3 Cluster Communication Service - Quality of Service
Action: Delete.
Notes: This appears to be heartbeat et. al. over TCP. This is unlikely to be implemented.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a reliable communication service that guarantees in sequence non-replicating, uncorrupted, and loss-free message delivery in a connection-oriented mode. In sequence message delivery is configurable. In case of destination unavailability, an error indicator will be returned to the sender along with information to describe which messages could not be delivered. An additional configurable option is for such messages to be returned to the sender.
[edit] CCM.2.4 Cluster Communication Service - Performance
Action: Delete.
Notes: This appears to be a wish-list of general TCP improvements but is unimplementable in the current form.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a fast communication service when transferring data between nodes in a cluster. It shall provide throughput and latency performance improvements when compared to the performance of TCP mechanisms. Some key attributes are preservation of message boundaries, out of order delivery, support of multiple streams over one connection support for flexible end to end heartbeat and superior congestion control. The transport protocol should take advantage of the cluster-specific physical model and must provide stable and bounded transmission delays.
[edit] CCON.1.1 Run Diagnostics
Action: Delete.
Notes: This requirement is unimplementable as written.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely perform a diagnostic on a cluster node.
[edit] CCON.1.2 Boot/Reboot nodes
Action: Move to implemented requirements.
Notes: This appears to be a request for standard IPMI/xTCA functionality already present in the linux kernel.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely boot or reboot any node in the cluster. The ability to boot/reboot a cluster node must conform to the HPI standard. Links to Other Specifications CGL Standards Requirements Definition:
- STD.8.8 SA Forum HPI
[edit] CCON.1.3 SW Upgrades
Action: Delete.
Notes: This requirement is unimplementable as written. If it is a request for software upgrades without access to the console, this is met by any package management system.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely perform the upgrade of the software on a node. Cluster rolling upgrades will depend on protocol and API compatibility in the software stack. Links to Other Specifications CGL Serviceability Requirement:
- SVC.2.1 - Remote Package Update and Installation
[edit] CCON.1.4 SW Rolling Upgrades
Action: Delete.
Notes: This requirement is unimplementable as written. If it is a request for software upgrades to servers/libraries, this is met by any package management system.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely perform the upgrade of the software stack on a node. In addition, the cluster must continue to function with the upgraded software stack with compatible protocols and formats until all the nodes in the cluster have been upgraded.
[edit] CDIAG.1.2 Online Diagnostics For System Components
Action: Delete.
Notes: NFI
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely perform online diagnostic functions on a node in the cluster to diagnose system components such as CPUs, memory, interface cards, disks, and disk subsystems.
[edit] CAF.2.3 Deliberate TCP Session Takeover
Action: Rewrite using new gaps template.
Notes: Discussion around this topic happened, http://tcpcp2.sf.net was created but the project appears to have been abandoned since then with no prospects for getting it mainlined.
Priority: P2
Description: CGL specifies a mechanism to synchronize TCP sockets, buffer structures, and sequence numbers so that redundant nodes may take over TCP sessions originated on other nodes. A deliberate TCP session takeover assumes that TCP session(s) are transferred deliberately and not as the result of unexpected node failure(s).
[edit] CAF.2.4 TCP Session Takeover on Node Failure
Action: Rewrite using new gaps template.
Notes: Discussion around this topic happened, http://tcpcp2.sf.net was created but the project appears to have been abandoned since then with no prospects for getting it mainlined.
Priority: P2
Description: CGL specifies a mechanism to synchronize TCP sockets, buffer structures, and sequence numbers so that when a critical resource fails, such as a CPU, memory, or kernel, a redundant node may take over TCP sessions originated on the failed node. Note that when the TCP session(s) are assumed by a redundant node, the sessions will resume from the last checkpoint. TCP traffic should continue even if there is a conflict between the last TCP state of the failed node and the checkpointed TCP state on the redundant node.
[edit] Serviceability Gaps
[edit] SMM.6.1 Early Boot Cycle Detection
Action: Delete.
Notes: As written this is unimplementable in the linux kernel as it is a function of both the BIOS/firmware and the bootloader.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for detecting a repeating reboot cycle due to recurring failures. This detection should happen before the first process is started. Since this is a limited environment, reporting is the most important step.
[edit] SMM.7.8 Support for User Locked Page Reporting
Action: Rewrite using new gaps template.
Notes: Kernel-space implementation for this is showing up on lkml now. Needs rewriting, but it will probably be able to implement this as a rough estimate, it'll never be completely accurate and should be written to be an estimate of mlocked pages.
Priority: P3
Description: CGL specifies that in addition to current memory usage reporting, the OS shall report the count of mlocked pages to accurately determine how much memory may be reclaimed by the page frame reclaim algorithm. Based on mlocked page count and current memory usage reporting, a more accurate amount of free physical memory may be determined. In addition current overcommit policies shall take mlocked pages into account to accurately enforce memory overcommit policies for which the count of mlocked pages is applicable.
[edit] SMM.12.0 Remote Boot Support (was PMT.2.0)
Action: Move to implemented requirements document.
Notes: This requirement appears to be met via NFS root and TFTP kernel support.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for remote booting across common LAN and WAN communication media to support diskless systems.
[edit] SMM.14.2 Kernel Resources Limits for Threads (was AVL.20.0)
Action: Delete.
Notes: This is unlikely to be accepted into mainline, however specific pieces of this are likely to be accepted (see CGOS-4.5 and the new gap spawned from it). This requirement should be deleted and new requirements created for each rlimit option needed.
Priority: P3
Description: CGL specifies that carrier grade Linux shall expand available kernel resources to provide additional support for threads. The existing thread model is defined as a lightweight process model; therefore some thread kernel resources are missing. Threads are widely used in carrier grade level applications, so at least the following additional kernel resource functionality shall be provided to support threads:
- Full rlimit support - The rlimit parameter should be supported for each thread.
[edit] SPM.6.0 Automatic Software Rollback
Action: Delete.
Notes: This requirement is unimplementable as written. Software rollback is possible today but it is always achieved via a reinstall of the previous version of the package.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide mechanisms that allow automatic rollback with configurable triggers to a previous version of software without having to reinstall the previous version.
[edit] SPM.7.0 Fine-Grain Software Version Checking
Action: Delete.
Notes: This requirement appears to ask for per-file version tracking rather than package-level version and dependancy tracking as well as versioned binaries. This isn't implementable in the package manager and would have to be done at the filesystem level, so it will not be accepted into mainline.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide remote software upgrade mechanisms that include provisions for version compatibility and dependency checking at a finegrain file or application level. The upgrade process shall allow the coexistence of new and old executables, shared libraries, configuration files, and data. The capability must be provided to identify the versions of specific binaries and files. A version inventory mechanism shall be provided that records version, dependency, and compatibility for software packages currently installed.
[edit] SPM.8.0 Idempotent Package Installation Recovery Procedure
Action: Delete.
Notes: This requirement is unimplementable as written. Current package management tools already implement the component of this feature that allows a failed / interrupted package installation to be resumed, if that is all that is required, this should be moved to the implemented requirements document.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide idempotent packaging. In this case, idempotent shall mean that if a script is run successfully, and then it is called again, it doesn't fail or cause any harm, but just verifies that everything is the way it ought to be. If the first call failed, or aborted part way through for some reason, the second call should merely do the things that were left undone the first time, if any, and exit with a success status if everything completes successfully.
Enhanced capabilities for analyzing software failures are a requirement for a carrier grade system.
[edit] SFA.5.0 Live Application Dump Trigger
Action: Delete.
Notes: This requirement is unimplementable as written and is unlikely to be integrated into the mainline tree if an interface were provided to allow applications to dump a running image when CPU or memory utilization thresholds were passed.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide mechanisms to trigger application dump procedures. Standard triggers include:
- Memory thresholds
- CPU thresholds
[edit] SFA.6.0 System Snapshot
Action: Delete.
Notes: This requirement is unimplementable as written, there will be no way to reliably restore the system state at any arbitrary time since there are underlying dependencies on particular hardware state.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide mechanisms to allow a snapshot image to be taken of an entire running system. The system must be frozen during the snapshot to ensure a consistent image is stored. When the system is frozen, it will not be able to respond to external events. This capability can be used both for analysis and for restoring an arbitrary system state. (This feature may also be known as "live system dump" or "memory image save".
[edit] SFA.8.0 Kernel Flat/Graph Execution Profiling
Action: Move to implemented requirements.
Notes: This requirement appears to be implemented via systemtap and microstate accounting, oprofile and LTTng.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for profiling of the running kernel using a prof or gprof style of recording trace information during system execution.
[edit] SFA.9.0 Kernel Sampling for Profiling
Action: Delete.
Notes: This requirement appears to be implemented via systemtap and microstate accounting, oprofile and LTTng.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for profiling of the running kernel by providing profiling based on interrupt sampling as follows:
- Take an interrupt.
- Record an execution point.
- Record additional execution points at configurable intervals based on HW timers.
- Analyze to build a profile of the execution history of the system.
[edit] SFA.14.0 Per Thread CPU Time Limits and Signaling
Action: Move to implemented requirements document.
Notes: CPU time consumed by individual threads is already tracked and available to userspace (see the top application). The Completely Fair Scheduler (CFS) and the cgroups feature allow limiting of processes or threads on a configurable level.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a method to accurately track CPU time consumed by an individual thread. It shall also provide a method to set CPU threshold time used by an individual thread. This method shall also include the ability to send a signal to an individual thread if its CPU threshold time is exceeded.
[edit] SFA.7.0 Application Snapshot
Action: Delete.
Notes: This sounds like application checkpointing (AVL.15.0) and is unlikely to ever be implemented as described below. The addition of a 'freeze state' API in the kernel is almost certainly a permanently out-of-tree feature.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to allow a snapshot image to be taken of a single running application or process. For threaded applications, all child threads and thread contexts should be included in the snapshot. This mechanism must be able to capture images from multiple applications running concurrently. While this capability would typically be used during a system debugging session, it must also be possible to use it during production. It is expected that the snapshot would affect application performance as follows:
- The application must be frozen during the time the snapshot is being created to ensure that a consistent image is stored.
- While the application is frozen, it will not be able to respond to system events like messages or signals.
This capability is important for situations like the following:
- If an application crashes that relies heavily on another application, the
state of the other application may be needed to debug the problem.
- When problems need to be debugged that do not impact service, such as memory
leaks.
[edit] SFA.13.0 Live Application Dump with no Affect on System or Process
Action: Delete.
Notes: This sounds like application checkpointing (AVL.15.0) and is unlikely to ever be implemented as described below. The addition of a 'freeze state' API in the kernel is almost certainly a permanently out-of-tree feature.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable a live dump image of an application without adversely affecting the application's ability to perform its intended functionality. The dump mechanism must not stop the application, or must minimize the time the application or its components are stopped, during a dump operation. An application can be one or more "processes" with zero or more threads.
[edit] Performance Gaps
[edit] PRF.1.2 Configurable Scheduler Quantum For Round Robin Scheduling Policy
Action: Delete.
Notes: The scheduler quantum for RR scheduling has never been user-configurable and now has been completely replaced by CFS.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a configurable quantum value for round robin real-time scheduling policy. This quantum value shall be configurable at the machine level as recommended in the POSIX specification. The minimum value of the range for the quantum value shall be the tick value (for example, 1 ms on the Intel x86 architecture.)
[edit] PRF.1.9 Message Queues With Priority Promotion
Action: Delete.
Notes: This is unlikely to be accepted by mainline developers as it can easily lead to priority inversion problems.
Priority: P3
Description: CGL specifies that carrier grade Linux shall support thread priority promotion based on message queue priorities. The priority of a receiver thread should be promoted based on the priority of the delivered message, reducing the latency of urgent messages.
[edit] PRF.1.11 Implementing Priority Inheritance Inside API
Action: Delete.
Notes: NFI
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a means for an application to initialize libraries specifying what kind (if any) of priority inheritance or priority protection capabilities to use for internal mutexes. The ability for an application to have control over the priority capabilities gives an application using these libraries fine-grained control over how mutex contention is handled when processes with differing priorities contend for a resource.
[edit] PRF.4.1 IP Forwarding Tables Fast Access And Compact Memory
Action: Delete.
Notes: Fast forwarding table support is already in the linux kernel, however it will not be possible to prove the predictability in all cases and the wost case update looking time cannot be shown to be better than O(log2(n)).
Priority: P3
Description: CGL specifies that carrier grade Linux shall enable support of a fast IP forwarding algorithm with predictable performance. The worst case update lookup time and update order should be predictable and better than O(log2(n)) with n prefixes in the forwarding information table.
[edit] PRF.4.3 Prioritized Protocol Processing
Action: Delete.
Notes: It is not possible to apply DiffServ rules based on receiving process priority.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a prioritized protocol processing mechanism. The mechanism shall enable a high-priority process to quickly receive data from the network even if massive packets are transmitted for other processes.
[edit] PRF.4.4 Low Software Overhead For Message Latency
Action: Delete.
Notes: This needs to be rewritten using the new template as we're unable to determine what this requirement is asking for. It sounds like it is zero-copy DMAs to user buffers, but that requires a specific use-case as well and is unlikely to make it in to mainline.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a new communication service scheme to support low software latency based on a zero-copy architecture that uses memory mapping and a simplified path between the user and physical layer to reduce abstract layer overhead.
[edit] PRF.10.0 CGL Benchmark
Action: Delete.
Notes: LF and CGL does not publish benchmarks or provide or recommend suites for gathering such statistics. If functional conformance to the specification is required, this will be addressed by the LSB Headless profile, but this will still not provide benchmarking statistics.
Priority: P3
Description: CGL specifies that carrier grade Linux shall be delivered with a carrier grade benchmark tool allowing measurement of target product performance metrics at a glance. Both hardware and Linux system software capacities should be reflected. The benchmark tool shall provide applications with a variety of metrics based on application profiles, including the following:
- Processing - CPU usage, memory access, thread context switching time, system
call overhead, available memory.
- Real-time - Interrupt and scheduling latency, timer resolution and jiffy
granularity.
- Communication/network - Local socket communication, IP forwarding, physical
network latency, communication service, latency and bandwidth, and CPU overhead.
- Storage/file system/mirroring - Local disk access, file system local access,
file system NFS access, mirroring overhead.
[edit] PRF.11.1 Application (Pre)loading Non-Root
Action: Rewrite using new gaps template.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for the preloading of an application even when the application is not executing as root. A configuration capability must exist to allow the system loader to determine an application's eligible for preloading. The action of preloading an application must not overload the system memory. The configuration capability must provide a control that allows the application to specify what is to be done if it can't be pre-loaded. Options are:
- Load anyway as a normal (pageable) application. Fail and don't load the
application.
- Regardless of the option used, any failure to pre-load the application must
be logged.
[edit] PRF.11.2 Application (Pre)loading Limits
Action: Rewrite using new gaps template.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide mechanisms to avoid overloading a system when preloading applications. Specifically, it shall be possible to specify the total amount of memory reserved (pinned) by preloading applications.
[edit] Standards Gaps
[edit] STD.11.2 Diameter Protocol Minor CGL Features
Action: Move to implemented requirements document.
Notes: The draft referenced here has been published as RFC4004 which appears to be implemented in OpenDiameter, the only current open source implementation of the Diameter protocol.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the following Internet drafts.
|draft-ietf-aaa-diameter-mobileip-16.txt] Diameter Mobile IP
[edit] STD.19.0 Advanced Switching http://www.asi-sig.org/home
Action: Delete.
Notes: The ASI SIG has disbanded and transferred control of all documentation and standards to PICMG. If support for these standards are still required, new gaps should be written using the new template referencing the PICMG documentation.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a standardized method for performing high speed interconnects as defined in the Advanced Switching 1.0 specification.
[edit] STD.20.1 PKI CA: RFC 2527 X.509 PKI
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented in current CA software. OpenSSL supports X.509 PKI.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 2527 - Internet X.509 Public Key Infrastructure
[edit] STD.20.2 PKI CA: RFC 2585 X.509 PKI Protocols FTP and HTTP
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented in current CA software. OpenSSL supports X.509 PKI.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 2585 - Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP
[edit] STD.20.3 PKI CA: RFC 3279 Algorithms for X.509 PKI
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented in current CA software. OpenSSL supports X.509 PKI.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 3279 - Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure
[edit] STD.20.4 PKI CA: RFC 3280 X.509 PKI Certificate Stuff
Action: Move to implemented requirements document.
Notes: This requirement appears to be implemented in current CA software. OpenSSL supports both X.509 PKI and publishing CRLs for expired or compromised certificates.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
[edit] STD.22.0 Common Criteria for IT Security Evaluation http://csrc.nist.gov/cc/
Action: Delete.
Notes: If this means a formal EAL3 evaluation and test plan must be provided, this should be called out specifically, as EAL3 addresses good design practices that require little to no code changes at the test and validation phase and this isn't possible with the number of external projects included in any linux distribution.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the Common Criteria for IT Security Evaluation v2.1 specification. For Part 2, Functional Requirements, all functionality applicable to Carrier Grade Linux shall be supported. For Part 2, Assurance Requirements, or at least EAL3, shall be supported.
[edit] Security Gaps
[edit] SEC.3.5 Log Integrity and Origin Authentication
Action: Move to implemented requirements.
Notes: This requirement is implemented in a combination of software including AIDE and syslog-ng.
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide a mechanism to check that log files have not been modified (integrity), even by most insiders. In addition, CGL specifies that carrier grade Linux shall provide a mechanism to verify the origin of a log message. CGL specifies that carrier grade Linux shall provide a mechanism to prevent replay attacks of a log message. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM
[edit] Hardware Gaps
[edit] Contributors
- Anderson, Tim (MontaVista)
- Aziz, Khalid (HP)
- Badovinatz, Peter (IBM)
- Chacron, Eric (Alcatel)
- Chen, Terence (Intel)
- Cherry, John (LF)
- Christopher, Johnson (Sun)
- Cress, Andrew (Intel)
- Dake, Steven (MontaVista)
- Flaxa, Ralf (Novell)
- Fleischer, Julie (Intel)
- Haddad, Ibrahim (Ericsson)
- Heber, Troy (HP)
- Ikebe, Takashi (NTT
- Ishitsuka, Seiichi (NEC)
- Kevin, Fox (Sun)
- Kimura, Masato (NTT Comware)
- Kukkonen, Mika (Nokia Siemens Networks)
- Liu, Bing Wei (Intel)
- MacDonald, Joe (Wind River)
- Manas, Saksena (Timesys)
- Nakayama, Mitsuo (NEC)
- Sakuma, Junichi (OSDL)
- Smarduch, Mario (Motorola)
- Witham, Timothy (OSDL)
[edit] Appendix A:
To be supplied