Table of Contents
Contents
Copyright
Copyright © 2005-2008 by The Linux Foundation, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is available athttp://www.opencontent.org/opl.shtml/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Other company, product, or servic e names may be the trademarks of others.
Linux is a Registered Trademark of Linus Torvalds.
Introduction
Document Organization
Satasfied Requirements
Availability Requirements
AVL.2.0 Single-bit ECC handling
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism for reporting when hardware error checking and correcting (ECC) detects and/or recovers from a single-bit ECC error.
AVL.2.1 Multi-bit ECC handling
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a panic trigger mechanism when hardware error checking and correcting (ECC) detects multi-bit ECC errors.
AVL.4.1 VM Strict Over-Commit
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the ability to control kernel virtual memory allocation adjustments based on the specific needs of the system. Control of virtual memory shall include but not be limited to the following:
- Heuristic overcommit handling. Obvious overcommits of address space are refused. Used for a typical system. It ensures a seriously wild allocation fails while allowing overcommit to reduce swap usage. root is allowed to allocate slighly more memory in this mode. This is the default.
- Always overcommit. Appropriate for some scientific applications.
- Don't overcommit. The total address space commit for the system is not permitted to exceed swap + a configurable percentage (default is 50) of physical RAM. Depending on the percentage you use, in most situations this means a process will not be killed while accessing pages but will receive errors on memory allocation as appropriate.
AVL.5.3 Process-Level Non-Intrusive Application Monitor
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide control and management capabilities for processes that cannot be altered to incorporate a monitoring API. Such capabilities are known as non-intrusive monitoring. These capabilities must be implemented programmatically using commands or scripts.
Another issue for many such processes is that the start script itself may spawn an application process that is not under the control of the management process. This sub-requirement assumes that this does not happen, and the child process remains under the control of the management entity.
Capabilities required:
- The following capabilities must be enabled for controlling processes:
- The ability to start a process (or a list of processes)
- The ability to stop a process (or a list of processes)
- The following capabilities must be enabled for monitoring processes:
- The ability to detect the unexpected exit of a process
- The ability to configure a set of actions in response to an unexpected exit of a process
- The following services must be provided beyond those currently provided by inittab:
- The ability to configure whether to restart the application if the process dies
- A configurable amount of time to wait before restarting the application
- A limit on the number of times to restart the application
AVL.6.0 Disk Predictive Analysis
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide capabilities to assist in monitoring storage systems.. The aim of this support is to assist in predicting situations likely to lead to failure of disks. This allows preventive action to be taken to avoid the failure and resulting disruption of service.
AVL.7.1.1 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. The software shall determine if multiple paths exist to the same port of the I/O device.
AVL.7.1.2 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. The software shall determine if multiple paths exist to the same port of the I/O device, and, with configurable controls, balance I/O requests across multiple host bus adapters. If multiple paths exist to the same device over two separate device ports on the same host bus adapter, those I/Os will not be balanced.
AVL.7.1.3 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. Handling a path failure must be automatic.
AVL.7.1.4 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. A mechanism must be provided for the reactivation of failed paths, allowing them to be placed back in service.
AVL.7.1.5 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. It must be possible to automatically determine and configure multiple paths.
AVL.7.1.6 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. Automatic configuration shall allow automatic multi-path configuration of complete disks and partitions located on those disks.
AVL.7.1.7 Multi-Path Access to Storage
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. A multipath device feature that allows multipath detection and mapping early in the boot process must be provided so that the root file system can exist on a multipath device.
AVL.7.2.2 Advanced Multi-Path Access to Storage
Priority P3
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. The mechanism should implement swap partition using the multipath mechanism.
AVL.7.2.4 Advanced Multi-Path Access to Storage
Priority P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable multiple access paths from a node to storage devices. The mechanism should implement error logging functions that clearly identify the failing device path.
AVL.8.1 Fast Linux Restart Bypassing System Firmware
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to speed up operating system initialization by bypassing the system firmware when one instance of Linux reboots to another instance of Linux.
AVL.9.0 Boot Image Fallback Mechanism
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism that enables a system to fallback to a previous “known good” boot image in the event of a catastrophic boot failure (i.e. failure to boot, panic on boot, failure to initialize HW/SW). System images are captured from the “known good” system and the system reboots to the latest good image. This mechanism would allow an automatic fallback mechanism to protect against problems resulting from system changes, such as program updates, installations, kernel changes, and configuration changes.“
AVL.10.0 Application Live Patching
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism and framework by which a custom application can be built so that it can be upgraded by replacing symbols in its live process. Dynamic replacement of symbols allows a process to access upgraded functions or values without requiring a process restart and in many circumstances can lead to improved process availability and uptime. The mechanism should be applied only to user applications. Patch to underlying distribution software component may lose distribution support.
AVL.13.1 Parallel User Initialization During Startup
Priority: P2
Description: CGL specifies that the user initialization procedure executed by the program /sbin/init shall provide a mechanism to allow multiple init scripts to run in parallel. CGL further specifies that a service is only started once its dependent services have started.
AVL.17.0 Multiple FIB Support
Priority: P3
Description: CGL specifies that Linux shall support multiple Forwarding Information Base (FIB) quick look-up tables with forwarding addresses to allow better server virtualization of overlapping addresses. An FIB is a table that contains a copy of the forwarding information in the IP routing table. All hooks/changes required to support multiple FIBs shall be added.
AVL.18.0 iSCSI Error Handling Support
Priority: P2
Description: CGL specifies that the iSCSI Initiators implemented by carrier grade Linux should support the following iSCSI options:
- Header and Data Digests
- Error recovery level 1 as specified by RFC 3720
AVL.21.0 Ethernet link bonding using IPV4
Priority: P1
Description: CGL specifies that carrier grade Linux shall support bonding of multiple Ethernet NICs within a single node using IPV4. The bonding supports the following functions:
- Ethernet link aggregation - Supports multiple Ethernet cards to be bonded for bandwidth aggregation.
- Ethernet link failover - Supports automatic failover of an IP address from one Ethernet NIC to another within a single node using the Ethernet bonding.
Some mode of bonding requires IEEE 802.3ad support on switches; however, other modes do not require special protocol support.
AVL.21.1 Ethernet link bonding using IPV6
Priority: P1
Description: CGL specifies that carrier grade Linux shall support bonding of multiple Ethernet NICs within a single node using IPV6. The bonding supports the following functions:
- Ethernet link aggregation - Supports multiple Ethernet cards to be bonded for bandwidth aggregation.
- Ethernet link failover - Supports automatic failover of an IP address from one Ethernet NIC to another within a single node using the Ethernet bonding.
Some modes of bonding require IEEE 802.3ad support on switches; however, other modes do not require special protocol support.
AVL.22.0 Software RAID 1 support
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide RAID 1(Mirroring) support so that the OS maintains duplicate sets of all data on separate disk drives. RAID 1 support shall allow booting off of selected mirror disk drive even if the other drive is failed. RAID 1 implementation shall provide a user-controllable parameter to throttle the syncing operation. Support can be configured out if desired.
AVL.23.0 Watchdog Timer Pre-Timeout Interrupt
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for a watchdog timer pre-timeout interrupt. Where the hardware supports such a capability an interrupt handler routine will be called before the real timeout occurs.
AVL.24.0 Watchdog Timer Interface Requirements
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the ability to use an interface to reset the hardware watchdog timer, where the hardware supports such a capability. This timeout value shall be a configurable item. A configurable action can be performed when a timeout occurs.
AVL.25.0 Application Heartbeat Monitor
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide an application heartbeat service that allows applications to register to be monitored via specified APIs. The mechanism shall use periodic synchronized events (heartbeats) between an application and the monitor. If a registered application fails to provide a heartbeat, the monitor shall report the events. The application heartbeat service shall be available to any process or sub-process (thread) entity on the system. A process or thread may register for multiple heartbeats.
AVL.26.0 Resilient File System Support
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for the installation of a file system that is resilient against system failures in terms of recovering rapidly upon reboot without requiring a full, traditional fsck. This is normally achieved using logging or journaling techniques.
AVL.27.0 Kernel Live Patching
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism for symbols, functions, or variables within a running kernel to be replaced with new symbols, functions, or variables. CGL further specifies this operation be completed without a system shutdown or restart
Cluster Requirements
CFH.1.0 Cluster Node Failure Detection
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a fast, communicationbased cluster node failure mechanism that is reflected in a cluster membership service. At a minimum, the cluster node failure mechanism maintains a list of the nodes that are currently active in the cluster. Changes in cluster membership must result in a membership event that can be monitored by cluster services, applications, and middleware that register to be notified of membership events. Fast node failure detection must not depend on a failing node reporting that the node is failing. However, self-diagnosis may be leveraged to speed up failure detection in the cluster. This requirement does not address the issue of how to prevent failing nodes from accessing shared resources (see CFH.3.0 Application Fail-Over Enabling).
Fast node failure detection shall include the following capabilities:
- Ability to provide cluster membership health monitoring through cluster communication mechanisms.
- Support for multiple, redundant communication paths to check the health of
cluster nodes.
- Support for fast failure detection. The guideline is a maximum
of 250ms for failure detection. Since there is tradeoff between fast failure detection and potentially false failures, the health-monitoring interval must be tunable.
- Ability to provide a cluster-membership change event to middleware
and applications.
Cluster node failure detection must use only a small percentage of the total cluster communication bandwidth for membership health monitoring. The guideline is that the bandwidth used by the health monitoring mechanism shall be linear with respect to the number of bytes per second per node.
CFH.2.0 Prevent Failed Node From Corrupting Shared Resources
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a way to fence a failed or errant node from shared resources, such as SAN storage, to prevent the failed node from causing damage to shared resources. Since the surviving nodes in the cluster will want to failover resources, applications, and/or middleware to other surviving nodes in the cluster, the cluster must make sure it is safe to do the failover. Killing the failed node is the easiest and safest way to protect shared resources from a failing node. If a failing node can detect that it is failing, the failing node could kill itself (suicide) or disable its ability to access shared resources to augment the node isolation process. However, the cluster cannot depend on the failing node to alter the cluster when it is failing, so the cluster must be proactive in protecting shared resources.
External Specification Dependencies: This requirement is dependent on hardware to provide a mechanism to reset or isolate a failed or failing node.
CFH.3.0 Application Fail-Over Enabling
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide mechanisms for failing over applications in a cluster from one node to another. Applications and nodes are monitored and a failover mechanism is invoked when a failure is detected. Once a failure is detected, the application failover mechanism must determine which policies apply to this failover scenario and then begin the process to start a standby application or initiate the re-spawn of an application within 1 second.
Note: The full application failover time is dependent upon application and node failure detection, the time to apply the failover policies, and the time it takes to start or restart the application. The aggregate failover time for an application must allow the cluster to maintain carrier grade application availability.
CSM.1.0 Storage Network Replication
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism for storage network replication. The storage network replication shall provide the following:
- A network replication layer that enables RAID-1-like disk mirroring, using a
cluster-local network for data.
- Resynchronization of replicated data after
node failure and recovery such that replicated data remains available during resynchronization.
CSM.2.0 Cluster-aware Volume Management for Shared Storage
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide management of logical volumes on shared storage from different cluster nodes. Volumes in such an environment are usually on physical disks accessible to multiple nodes. Volume management shall include the following:
- Enabling remote nodes to be informed of volume definition changes.
- Providing consistent and persistent cluster-wide volume names.
- Managing volumes from different cluster nodes consistently.
- Providing support for the striping and concatenation of storage. Clustered mirroring of shared storage is not included in this requirement (see CSM.3.0 Shared Storage Mirroring).
CSM.4.0 Redundant Cluster Storage Path
Priority: P1
Description: CGL specifies that Linux shall provide each cluster node with the ability to have redundant access paths to shared storage. CGL Availability Requirement: AVL.7.1 Multi-Path Access To Storage
CSM.6.0 Cluster File System
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a cluster-wide file system. A clustered file system must allow simultaneous access to shared files by multiple computers. Node failure must be transparent to file system users on all surviving nodes. A clustered file system must provide the same user API and semantics as a file system associated with private, single-node storage.
CSM.7.0 Shared Storage Consistent Access
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a consistent method to access shared storage from different nodes to ensure partition information isn't changed on one node while a partition is in use on another node that would prevent the change.
CCM.2.1 Cluster Communication Service - Logical Addressing
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a cluster communication service with a socket-based interface that provides logical addressing for pointto-point and multipoint communication. The communication service must hide the physical topology of the cluster from application programs with this logical addressing scheme. Mapping between logical and physical addresses must be performed transparently. In addition, there must be no user-level distinction between inter- and intra-node communications or between user-space and kernel-space messages. Connection-oriented and connectionless modes must be supported.
CCM.2.2 Cluster Communication Service - Fault Handling
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a reliable communication service that detects a connection failure, aborts the connection, and reports the connection failure. An established connection must react to and report a problem to the application within 100 ms upon any kind of service failure, such as a process or node crash. The connection failure detection requirement must offer controls that allow it to be tailored to specific conditions in different clusters. An example is to allow the specification of the duration of timeouts or the number of lost packets before declaring a connection failed.
CCM.3.0 Redundant Cluster Communication Path
Priority: P1
Description: CGL specifies that Linux shall provide each cluster node the ability to have redundant communication paths to other cluster nodes and for these paths to appear as a single interface to an application. CGL Availability Requirement: AVL.7.3 Redundant Communication Paths
CAF.2.1 Ethernet MAC Address Takeover
Priority: P1
Description: CGL specifies a mechanism to program and announce MAC addresses on Ethernet interfaces so that when a SW Failure event occurs, redundant nodes may begin receiving traffic for failed nodes.
CAF.2.2 IP Takeover
Priority: P1
Description: CGL specifies a mechanism to program and announce IP addresses (using gratuitous ARP) so that when a SW Failure event occurs, redundant nodes may begin receiving traffic for failed nodes.
CCON.1.2 Boot/Reboot nodes
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the ability for the management console to remotely boot or reboot any node in the cluster. The ability to boot/reboot a cluster node must conform to the HPI standard. Links to Other Specifications CGL Standards Requirements Definition:
- STD.8.8 SA Forum HPI
CDIAG.2.1 Cluster-Wide Identified Application Core Dump
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a cluster-aware application core dump that uniquely identifies which node produced the core dump. For instance, if a diskless node dumps core files to network storage, the core dump will be uniquely identified as originating from that node.
CDIAG.2.2 Cluster-Wide Kernel Crash Dump
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a cluster-aware kernel crash dump that uniquely identifies which node produced the crash dump. For instance, if a diskless node dumps crash data to network storage, the data will be uniquely identified as originating from that node.
CDIAG.2.3 Cluster Wide Log Collection
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a cluster-wide logging mechanism. A cluster-wide log shall contain node identification, message type, and cluster time identification. This cluster-wide log may be implemented as a central log or as the collection of specific node logs.
CDIAG.2.4 Synchronized/Atomic Time Across Cluster
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide cluster wide time synchronization within 500mS, and must synchronize within 10 seconds once the time synchronization service is initiated. In a cluster, each node must have be synchronized to the same wall-clock time to provide consistency in access times to shared resources (i.e. clustered file system modification and access times) as well as time stamps in cluster-wide logs.
Serviceability Requirements
SMM.3.1 Serial Console Operation
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for a connection to a system console via a serial port on the system where a serial port exists. All output that would appear on a local console must appear on the remote console.
SMM.3.2 Network Console Operation
Priority: P1
Description: CGL specifies that Linux shall provide support for a management console connection via a network port in addition to providing the standard support for a management console connection via a serial port.
SMM.4.0 Persistent Device Naming
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide consistent device naming functionality. The user-space system name of the device shall be maintained when the device is removed and reinstalled even if the device is plugged into a different bus, slot, or adapter. A device name shall be assigned, based on hardware identification information using policies set by the administrator.
SMM.5.0 Kernel Profiling
Priority: P1
Description: CGL specifies that Linux shall support profiling of a running kernel and applications to identify bottlenecks and other kernel and application statistics.
SMM.5.1 Application Profiler (was AVL.19.0)
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to profile critical resources of the kernel and applications. The critical resources that are profiled by this mechanism shall include (but are not limited to):
- Time used
- Memory used
- Number of semaphores, mutexes, sockets, and threads/child processes in use
- Number of open files.
Monitoring shall happen at configurable, periodic intervals or as initiated by the user.
SMM.6.0 Boot Cycle Detection
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for detecting a repeating reboot cycle due to recurring failures. This detection should happen in user space before system services are started. This type of failure requires a response due to the negative impact of repeatedly bringing up and taking down services. A configurable policy is needed to set thresholds of cycling and desired shutdown actions, such as exponential back off, shutdown, or notifying administrators.
SMM.7.1 Temperature Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of system temperature settings and conditions.
SMM.7.2 Fan Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of system fan settings and conditions.
SMM.7.3 Power Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of system power settings and conditions.
SMM.7.4 Media Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of media settings and conditions for system media, such as hard disks or hardware specific disk sub-systems.
SMM.7.5 Network Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of system network settings and conditions.
SMM.7.6 CPU Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of CPU settings and conditions, such as current utilization totals, per process totals and trends, and current speed settings.
SMM.7.7 Memory Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a capability that supports the monitoring of memory conditions, such as current utilization totals, and per process totals and trends.
SMM.7.9 Support for Precise Process Accounting
Priority: P2
Description: CGL specifies that carrier grade Linux shall support precise process accounting of CPU usage. This shall be accomplished by time stamping various kernel execution paths using the native platform high resolution counter. This accounting activity shall be run-time configurable, including partial or total disabling, via the proc file system. When totally disabled no additional overhead will be measurable. Disabling or enabling precise accounting shall not affect Linux native tick accounting. All data shall be accessible from the proc file system. For task perCPU metrics, a range of 1 through N rows may be configured such that each row accrues metrics for one CPU, a range in between 1 and N CPUs (all metrics summed together). Where N is the number of logical CPUs. Additional Sub-requirements follow.
Sub-requirement 1: The following metrics shall be accrued on per-CPU basis:
- Per task CPU usage user, system, interrupt (in tasks context), and time
spent on run queue
- System wide CPU usage idle, user, system, interrupt,
softirq
- Per task occurrence counts of system calls, signals, reschedules,
voluntary blocks, preemption due to higher priority task and preemptions due to time slice expirations.
- System wide occurrence counts of interrupts, system
calls, signals, and softirqs, with softirqs grouped by types.
Sub-requirement 2: A per task table of schedule latency counts shall be
implemented such that a schedule latency value is indexed into predetermined
ranges, and the count for that range is incremented. For example a table size
of three will correspond to three scheduling latency ranges such as:
- index 0: 0-10 mili-seconds
- index 1: 10-100 mili-seconds
- index 2: greater then 100 mili-seconds The table size and ranges may be build time configurable
Sub-requirement 3: Certain OS timers and CPU caps may be configured to increment or expire precisely with the initial list being SIGXCPU, SIGVTALARM, SIGPROF.
SMM.8.1 Kernel Message Structuring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support that allows the structuring of kernel messages using an event log format to provide more information to identify the problem and its severity, and to allow client applications registered for the fault event to take policy-based corrective action.
SMM.8.2 Platform Signal Handler
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide an infrastructure to allow interrupts generated by “hardware errors” to be logged using the event logging mechanism. A default handler shall be provided.
SMM.8.3 Remote Access to Event Log
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for a remote access capability that allows a centralized system to access the Linux OS event log information of a remote system.
SMM.9.0 Disk and Volume Management
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for the installation of a subsystem that supports hard disks to be managed without incurring downtime:
- Physical disks can be grouped into volumes and the volume definitions can be
modified without downtime.
- Filesystems that are defined within volumes can be enlarged without
requiring unmounting.
- Support can be configured out if desired.
SMM.10.0 System Initialization Error Handling Enhancements
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to detect errors during system initialization. When such an initialization error occurs, this mechanism shall be able to report the event to a remote system over the network. CGL further specifies the following error conditions shall apply to this requirement:
- The kernel image fails before
init is started
- The init process fails to fully complete the startup
initialization to the point where the conventional error reporting mechanisms are available
SMM.12.0 Remote Boot Support (was PMT.2.0)
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for remote booting across common LAN and WAN communication media to support diskless systems.
SMM.13.0 Diskless Systems (was PMS.4.0)
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide for Linux on diskless systems.
SPM.1.0 Remote Package Update and Installation
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a remote software package update feature. The package shall include functions that allow kernel modules and application software to be installed or upgraded remotely, while minimizing downtime of the system. The use of the term “remotely” does not imply a central package management platform, nor does it preclude such a system. This requirement only necessitates that a single device may be upgraded without requiring the administrator to be physically at the device. Note: Due to the wide range of platforms and applications in use, CGL does not specify a specific downtime limit metric. Downtime targets will vary based on the system application.
SPM.2.0 No System Reboot for Upgrade of Kernel Modules
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide remote software installation and upgrade mechanisms that requiring no system reboots:
- No reboot shall be required to upgrade kernel modules.
- Remote software installation and upgrade mechanisms will not require more reboots than the same upgrade done using the console.
SPM.2.1 No System Reboot for Application Package Update
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide remote software installation and upgrade mechanisms that require no system reboots:
- No reboot shall be required to upgrade user-space applications provided by CGL system software.
SPM.3.0 Version and Dependency Checking via Package Management
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide remote software installation and upgrade capabilities that include provisions for version compatibility and dependency checking at the package level.
SPM.4.0 Upgrade Log
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide remote software installation and upgrade mechanisms that perform transaction logging of dates, times, changes, and the identity of the user performing a change.
SPM.5.0 Manual Software Rollback
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide mechanisms that allow manual rollback to a previous version of software without having to reinstall the previous version.
SFA.1.0 Kernel Panic Handler Enhancements
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide enriched capabilities in response to a system panic. Currently the default system panic behavior is to print a short message to the console and halt the system. CGL systems shall provide a set of configurable functions, including:
- Logging the panic event to the system event log
- Cycling power (rebooting) or powering off
- Forcing a crash dump
CGL shall support enhanced kernel panic reporting, at a minimum supporting proper resolution of in-kernel symbols. This will make kernel panic reports useful to administrators that do not have access to the kernel for which the report was generated.
SFA.2.1 Live Kernel Remote Debugger
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for remote debugging of a live kernel. This shall include support over serial and/or local Ethernet.
SFA.2.2 Dynamic Probe Insertion
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for the ability to dynamically insert software instrumentation into a running system in the kernel or applications.
- The instrumentation must be insertable to any part of the kernel.
- The instrumentation should allow control to be passed to a user-provided module.
- The instrumentation should not require interactive direction, i.e., no user
sitting at the kernel debugger.
- The user-provided modules should have access to data the kernel would
normally be expected to have access to, e.g., hardware registers, kernel
SFA.2.3 User Space Debug Support for Threads
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support to fully enable debugging of multi-t hreaded programs. This support should allow any actions available for debugging a single-threaded (non-threaded) process be extended to be available for every thread in a multi-threaded process. CGL shall provide specific additional debugging capabilities that are unique to multi-threaded applications:
- Automatic notification of a new thread.
- List of threads and the ability to switch among them.
- Apply specific debug commands to a list of threads.
SFA.2.4 Multithreaded Core Dump Support for Threaded Applications
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for correctly storing core dumps of multi-threaded user-space applications.
SFA.3.0 Kernel Dump: Analysis
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for tools to enable enhanced analysis of kernel dumps. These enhancements must include, but not be limited to, the following capabilities:
- Access to kernel structures
- Virtual-to-physical address translation
- Module access
- Preserve all tools and CPU states
SFA.4.0 Kernel Dump: Limit Scope
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for configuring the amount of system information that is retained. The minimum type of configuration would be only kernel memory or all system memory. A way must be provided for a system administrator to specify which type of system dump should be performed.
SFA.8.0 Kernel Flat/Graph Execution Profiling
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for profiling of the running kernel using a prof or gprof style of recording trace information during system execution.
SFA.10.0 Kernel Dump: Configurable Destinations
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for producing and storing kernel dumps as follows:
- It must be possible to store kernel dumps to disk and across a network.
- Regardless of the specific dump target, dumps must be preserved across the next system boot.
SFA.14.0 Per Thread CPU Time Limits and Signaling
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a method to accurately track CPU time consumed by an individual thread. It shall also provide a method to set CPU threshold time used by an individual thread. This method shall also include the ability to send a signal to an individual thread if its CPU threshold time is exceeded.
Performance Requirements
PRF.1.1 Low Scheduling Latency
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the ability to configure the kernel to provide real time support so the scheduling latency of a given task will not exceed a target defined by the vendor. Based on commodity hardware commonly supported by Linux, latency responses of less than 1 millisecond should be considered a reasonable and likely target.
See general information at:
PRF.1.3 1 ms Tick Support
Priority: P1
Description: CGL specifies that carrier grade Linux shall support a 1 ms tick value on all compatible architectures The base overhead of the timer interrupt handler should remain less than 0.1% of CPU time.
PRF.1.4 High-Resolution Timers
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide high-resolution timer support. As specified by POSIX 1003.1b section 14, Clocks and Timers API.
PRF.1.6 Protecting Against Priority Inversion On Mutex
Priority: P1
Description: CGL specifies that carrier grade Linux shall support a mechanism for protecting against priority inversion when using a mutex to synchronize tasks. This mechanism shall support transitive priority inheritance and resolve cases where several mutexes are owned by the same task. It shall be supported in UP and SMP contexts.
PRF.1.7 Handling Interrupts As Threads
Priority: P1
Description: CGL specifies that carrier grade Linux shall enable handling of interrupt handlers (top half and bottom half) as a task-based process rather than in interrupt processing routine mechanism to allow:
- A mutex-based critical section inside an interrupt handler.
- The ability for an interrupt handler to sleep.
- Prioritization of an interrupt handler based on real-time scheduling priorities.
- Affinity and load-balancing in an SMP.
Context switching overhead should be considered case by case in the application design. The interrupts are divided into a critical urgent part that kernel needs to execute quickly, and deferrable part. The thread based interrupt handler should be applied at deferrable part.
PRF.2.1 Enabling Process Affinity
Priority: P1
Description: CGL specifies that carrier grade Linux shall enable process affinity. Process affinity enables a process to run on an explicitly designated processor. When process affinity is used, it provides more efficient caching. For example, it must be possible to bind real-time processes to specified processors.
PRF.2.2 Enabling Interrupt CPU Affinity
Priority: P1
Description: CGL specifies that carrier grade Linux shall enable interrupt CPU affinity. The interrupts are divided into a critical urgent part that the kernel needs to execute quickly and a deferrable part. CGL should enable interrupt CPU affinity on the critical urgent part. Note: The latest stable kernel enables interrupt affinity based on the /proc configuration interface.
PRF.2.3 (Hyper-Threading) Optimized SMT Support
Priority: P1
Description: CGL specifies that carrier grade Linux shall enable optimized symmetric multi-threading (SMT) processors and interrupt migration between logical processors. Note: The latest stable kernel enables this feature.
PRF.2.4 Support for Task Exclusive Bind to Logical CPU
Priority: P3
Description: CGL specifies that carrier grade Linux shall support exclusive bind of processes or threads to any number of logical CPUs. Once the binding is established the logical CPU(s) become exclusively dedicated to the execution of the bound processes/threads, and idle. CGL further specifies the following conditions shall also apply to this requirement:
- There must be at least one logical CPU available for unbound tasks. Because
of this, binding need not be supported on systems with only one logical CPU
- A logical CPU is defined as any CPU or part of a CPU/node that Linux
represents as a single processing unit to the user
PRF.3.1 Dynamic allocation with low space loss
Priority: P1
Description: CGL specifies that carrier grade Linux shall allow less than 10% loss of application memory space, due to internal memory usage by the system and by fragmentation during periods of intense dynamic allocation of memory for applications.
PRF.4.2 Support of Gigabit Ethernet Jumbo MTU
Priority: P1
Description: CGL specifies that carrier grade Linux shall enable support for a 9000 byte Maximum Transmission Unit (MTU) for the Gigabit Ethernet protocol to enable lower CPU overhead and better throughput. This shall be a configurable option as some applications may prefer low latency to large message sizes. Hardware support is required.
PRF.5.0 Efficient Low-Level Asynchronous Events
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide an efficient capability for handling a large number of essentially simultaneous asynchronous events arriving on multiple channels, such as multiple sockets or other similar paths.
This mechanism is needed to enforce system scalability and soft real-time responsiveness by reducing contentions appearing at the kernel level, especially under high load.
PRF.6.0 Managing Transient Data
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for a selfresizing file system for transient data that can be limited to a maximum size.
PRF.7.0 Interruptless Ethernet Delivery
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide for the capability for Ethernet drivers to operate in a pure polling mode in which they do not generate interrupts for arriving frames. This is to prevent interrupt-storms from consuming too many CPU cycles. This is primarily an issue for gigabit Ethernet.
PRF.8.0 Network Storage block level Replication Performances
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a network storage replication service with the following performance levels:
- Less than 30% decrease in user throughput compared to local storage access using a network interface and with full available network bandwidth.
- Less than 25% decrease in user throughput during resynchronization of redundant devices compared with normal throughput when devices are synchronized.
PRF.14.0 RAID 0 Support
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide RAID 0 (striping) support that stripes data across multiple disks without any redundant information to enhance performance in either a request-rate-intensive or transfer-rate-intensive environment.
Standards Requirements
STD.1.0 Linux Standard Base Compliance
Priority: P1
http://www.linuxbase.org Description: CGL specifies that carrier grade Linux shall be compliant with the Linux Standard Base (LSB) 3.0 The LSB 3.0 specification has been split into a generic LSB core, a generic module for C++, and a set of architecture specific modules. Required LSB 3.0 modules for CGL are:
- Generic LSB-Core
- Generic LSB-CXX
- For each supported architecture, one LSB-Core module and one LSB-CXX module
The developer may choose to implement more than one architecture platform . In this case, each supported architecture platform shall contain an implementation of at least one architecture specific LSB-Core module and one architecture specific LSB-CXX module.
STD.3.1 SCTP - Base Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs below.
- RFC 2960 - The base standard for SCTP.
- RFC 3309 - An RFC that corrects a weakness in the original SCTP for very small packets.
STD.3.2.1 RFC 4460/2960
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs below:
- RFC 2960 - Stream Control Transmission Protocol
STD.3.2.2 Extensions to BSD Sockets to support SCTP
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the Internet draft below:
- draft-ietf-tsvwg-sctpsocket-13.txt
Carrier Grade Linux Standards Requirements Definition Version 4.0
STD.3.2.3 [[http://www.ietf.org/rfc/rfc3873.txt|RFC 3873]] MIB for SCTP
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the Internet draft below.
- RFC 3873, MIB for SCTP
STD.3.2.4 Extension for adding IP addresses to SCTP association
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the Internet draft below:
- draft-ietf-tsvwg-addip-sctp-15.txt - An extension to SCTP that allows adding
and removing IP addresses to an existing SCTP association. This extension is needed to allow for associations that last longer than expiring IPv6 addresses.
STD.3.2.5 [[http://www.ietf.org/rfc/rfc3758.txt|RFC 3758]] Partial reliability
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFC below:
- RFC 3758 - An extension to SCTP allowing for partial reliability. Introduces
a mechanism for canceling messages no longer worth sending.
STD.3.2.6 SCTP Threats
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the Internet draft below:
- draft-ietf-tsvwg-sctpthreat-02.txt - Documents additional security issues
that implementers need to address.
STD.3.2.7 SCTP signing chunks
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the Internet draft below.
- draft-ietf-tsvwg-sctp-auth-04.txt -allows an SCTP sender to sign chunks using shared keys between the sender and receiver to prevent blind attacks against static Verification tag.
STD.4.1 IPv6 Base Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the IPv6 functionality listed in the RFCs below:
- RFC 2460: IPv6 Specification
- RFC 2463: ICMPv6 for IPv6 Specification
- RFC 2461: Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2462: IPv6 Stateless Address Autoconfiguration
- RFC 1981: Path MTU Discovery for IP version 6
- RFC 3493: Basic Socket Interface Extensions for IPv6
- RFC 3542: Advanced Sockets Application Program Interface (API) for Ipv6
- RFC 3587: Global Unicast IPv6 Address Format
- RFC 2710: Multicast Listener Discovery for Ipv6
- RFC 3810 : Multicast Listener Discovery Version 2
STD.4.2.1 IPv6 Additional Features: RFC 2451 Ciphers
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 2451: The ESP CBC-Mode Cipher Algorithms
STD.4.2.2 IPv6 Additional Features: RFC 4213/2893 Tunnels
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4213 which replaces
- RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers (IPv6 over IPv4 Tunnel)
STD.4.2.3 IPv6 Additional Features: RFC 3484 Default Address Selection
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 3484: Default Address Selection for Internet Protocol version 6 (IPv6).
STD.4.2.4 IPv6 Additional Features: RFC 3315 Dynamic Host Configuration
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
STD.4.2.5 IPv6 Additional Features: RFC 3633 Prefix Options for Dynamic Host Configuration Protocol
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 3633: IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6
STD.4.2.6 IPv6 Additional Features: RFC 4191 Default Router Preferences
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4191: Default Router Preferences, More-Specific Routes, and Load Sharing
STD.4.2.7 IPv6 Additional Features: RFC 2428 FTP Extensions
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 2428: FTP Extensions for IPv6 and NATs
STD.4.2.8 IPv6 Additional Features: [[http://www.ietf.org/rfc/rfc3596.txt|RFC 3596]] DNS Extensions
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
STD.4.2.9 IPv6 Additional Features: RFC 2874 DNS Address Aggregation and Renumbering
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 2874: DNS Extensions to Support IPv6 Address Aggregation and Renumbering
STD.4.2.10 IPv6 Additional Features: RFC 3646 DNS options for DHCP
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 3646: DNS options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
STD.5.1 IPSec Major CGL Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs below.
- RFC 2367: PF_KEY Key Management API, Version 2
- RFC 2401: Security Architecture for the Internet Protocol
- RFC 2402: IP Authentication Header
- RFC 2406: IP Encapsulating Security Payload (ESP)
- RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
- RFC 2404: The Use of HMAC-SHA -1-96 within ESP and AH
- RFC 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
- RFC 2409: Support for IKE daemon
- RFC 2410: The NULL Encryption Algorithm and Its Use With Ipsec
- RFC 2451: The ESP CBC-Mode Cipher Algorithms
STD.5.2.1 IPSec Minor CGL Features: RFC 4301 Security Architecture for IP
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4301: Security Architecture for the Internet Protocol (obsoletes 2401)NEPS/Motorola flush needed RFCs.
STD.5.2.2 IPSec Minor CGL Features: RFC 4302 IP Authentication Header
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4302: IP Authentication Header (obsoletes 2402)
STD.5.2.3 IPSec Minor CGL Features: RFC 4303 IP Encapsulating Security Payload
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4303: IP Encapsulating Security Payload (ESP) (obsoletes 2406)
STD.5.2.4 IPSec Minor CGL Features: RFC 4305 Cryptographic Algorithm Requirements
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoletes 2402 and 2406)
STD.5.2.5 IPSec Minor CGL Features: RFC 4307 Cryptographic Algorithms for Use in IKE
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2
STD.5.2.6 IPSec Minor CGL Features: [[http://www.ietf.org/rfc/rfc4322.txt|RFC 4322]] Opportunistic Encryption using IKE
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE) – This document is not part of the basic set of standards required to support IPSec, but is useful if a customer wants to set up IPSec tunnels without coordinating with the administrators at the other end of the tunnels.
STD.5.2.7 IPSec Minor CGL Features: RFC 4434 AES Algorithm for IKE
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs and internet drafts below:
- RFC 4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
STD.6.1 MIPv6 CGL Major Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFC below.
- RFC 3775: Mobility Support in IPv6
STD.6.2 MIPv6 Minor CGL Features
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the functionality listed in the RFCs below.
- RFC 3776: Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents.
STD.7.1 SNMP v1, v2, v3
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide SNMPv1, SNMPv2, and SNMPv3 functionality as defined in the RFCs listed below.
STD.7.2 SNMP MIBs for IPv6/IPv4
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality for the SNMP IPv6/IPv4 MIBs as defined by the RFCs listed below:
- RFC 3411: SNMP-FRAMEWORK -MIB.txt
- RFC 3412: SNMP-MPD-MIB.txt
- RFC 3413: SNMP-TARGET-MIB.txt, SNMP-NOTIFICATION-MIB.txt, SNMP-PROXY-MIB.txt
- RFC 3414: SNMP-USER-BASED-SM- MIB.txt
- RFC 3415: SNMP-VIEW-BASED-ACM- MIB.txt
- RFC 2576: SNMP-COMMUNITY -MIB.txt
- RFC 2578: SNMPv2-SMI.txt
- RFC 2579: SNMPv2-TC.txt
- RFC 2580: SNMPv2-CONF.txt
- RFC 3417: SNMPv2-TM.txt
- RFC 3418: SNMPv2-MIB.txt
- RFC 2742: AGENTX-MIB.txt
- RFC 1227: SMUX-MIB.txt
- RFC 3231: DISMAN-SCHEDULE-MIB.txt
- RFC 3165: DISMAN-SCRIPT-MIB.txt
- RFC 2863: IF-MIB.txt
- RFC 2864: IF-INVERTED-STACK-MIB.txt
- RFC 2856: HCNUM-TC.txt
- RFC 3291: INET-ADDRESS-MIB.txt
- RFC 2665: EtherLike-MIB.txt
- RFC 2011: IP-MIB.txt
- RFC 2096: IP-FORWARD-MIB.txt
- RFC 2012: TCP-MIB.txt
- RFC 2013: UDP -MIB.txt
- RFC 2465: IPV6-TC.txt IPV6-MIB.txt
- RFC 2466: IPV6-ICMP-MIB.txt
- RFC 2452: IPV6-TCP-MIB.txt
- RFC 2454: IPV6-UDP-MIB.txt
- RFC 2790: HOST-RESOURCES-MIB.txt, HOST-RESOURCES-TYPES.txt
- RFC 2819: RMON-MIB.txt
- RFC 2788: NETWORK -SERVICES- MIB.txt
- RFC 2789: MTA -MIB.txt
Note: There is currently an ongoing effort within IETF to combine IPv4 and IPv6 MIBs into unified MIBs. The developer may choose to implement RFC 2011,RFC 2012, and RFC 2013 instead of RFC 2452, RFC 2454, RFC 2465, and RFC 2466.
STD.8.1 SA Forum AIS [[http://www.saforum.org|http://www.saforum.org]]
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide the APIs as defined by the SA Forum AIS B.01.01 or a subsequent level of the relevant AIS specification
STD.8.8 SA Forum HPI [[http://www.saforum.org|http://www.saforum.org]]
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the SA Forum HPI B.01.01 specification or a subsequent level of the relevant HPI specification.
STD.9.0 IPMI [[http://www.intel.com|http://www.intel.com]]
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the System Management Software (SMS) functionality to interface with the below-listed levels of the Intelligent Platform Management Interface (IPMI):
- IPMI v1.5 specification
- IPMI v2.0 specification
STD.10.0 802.1Q VLAN Endpoint [[http://www.ieee802.org/1/pages/802.1Q.html|http://www.ieee802.org/1/pages/802.1Q.html]]
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the IEEE Std 802.1Q-1998 specification. This standard defines the operation of virtual LAN (VLAN) endpoints that permit the definition, operation and administration of Virtual LAN topologies within a LAN infrastructure.
STD.11.1 Diameter Protocol CGL Major Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the following RFCs and Internet drafts.
- RFC 3588 (Diameter Base Protocol)
- draft-ietf-eap-rfc2284bis-07.txt
- draft-ietf-aaa-eap-03.txt
STD.11.2 Diameter Protocol Minor CGL Features
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the following Internet drafts.
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for Internet Small Computer Systems Interface (iSCSI) Initiators. The iSCSI Initiators shall support IPv6, SNMP MIBs, error handling, target discovery, and multiple sessions. This functionality is defined in the following RFCs:
- RFC 3720 - Internet Small Computer Systems Interface (iSCSI)reqs, determine which are P1
STD.17.2 iSCSI Support: [[http://www.ietf.org/rfc/rfc3271.txt|RFC 3271]] iSCSI Naming & Discovery [[http://www.ietf.org|http://www.ietf.org]]
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for Internet Small Computer Systems Interface (iSCSI) Initiators. The iSCSI Initiators shall support IPv6, SNMP MIBs, error handling, target discovery, and multiple sessions. This functionality is defined in the following RFCs:
- RFC 3721 - Internet Small Computer Systems Interface (iSCSI) Naming and Discovery
STD.17.3 iSCSI Support: RFC 3273 iSCSI Securing Block Storage Protocols over IP http://www.ietf.org
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for Internet Small Computer Systems Interface (iSCSI) Initiators. The iSCSI Initiators shall support IPv6, SNMP MIBs, error handling, target discovery, and multiple sessions. This functionality is defined in the following RFCs:
- RFC 3723 - Securing Block Storage Protocols over IP
STD.18.1 Differentiated Services: RFC 2474 Definition
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for differentiated services for IPv4 protocol as defined by the RFCs below. Differentiated services provide network traffic with different levels of service to enable quality of service and traffic control.
- RFC 2474 � Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
STD.18.2 Differentiated Services: RFC 2475 Definition
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide support for differentiated services for IPv4 protocol as defined by the RFCs below. Differentiated services provide network traffic with different levels of service to enable quality of service and traffic control.
- RFC 2475 � An Architecture for Differentiated Services
STD.20.1 PKI CA: RFC 2527 X.509 PKI
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 2527 - Internet X.509 Public Key Infrastructure
STD.20.2 PKI CA: RFC 2585 X.509 PKI Protocols FTP and HTTP
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 2585 - Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP
STD.20.3 PKI CA: RFC 3279 Algorithms for X.509 PKI
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 3279 - Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure
STD.20.4 PKI CA: RFC 3280 X.509 PKI Certificate Stuff
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide the functionality for private key infrastructure (PKI) support as defined in the standards:
- RFC 3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Security Requirements
SEC.1.1 Dynamic Kernel Security Module Mechanism
Priority: P1
Description: CGL specifies that carrier grade Linux shall support an interface that allows the addition of new access control policy implementations to the kernel without requiring patching or recompilation. This support must allow for the dynamic loading of such policy implementations. The mechanism must govern all of the kernel objects. This requirement does not specify any particular policies. Objectives Satisfied: O.AUTHORIZE-TOE, O.APPLICATION-TOOLS, O.ENTRY-NON-TECHNICAL
SEC.1.2 Process Containment using File System Restrictions
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for constraining the privileges and access to system resources of a process independently of the user account under which the process runs by limiting a process' access to a subset of the file system hierarchy. This limits the effects of a security compromise of a process (such as a buffer overflow exploit). Objectives Satisfied: O.BYPASS-TOE, O.CONTAINMENT
SEC.1.3 Process Containment Using MAC-based Mechanism
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for constraining the privileges and access to system resources of a process independently of the user account under which the process runs, using a mandatory access control (MAC) mechanism. This limits the effects of a security compromise of a process, such as a buffer overflow exploit, even if it running as root. Objectives Satisfied: O.BYPASS-TOE, O.CONTAINMENT, O.ACCESS-MALICIOUS
SEC.1.3.1 MAC-based Policy Administration Tools
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide tools for the administration of MAC-based access control policies. These tools should facilitate the creation, maintenance, and management of policies. The tools should provide at least one of a command line or graphical interface. Objectives Satisfied: O.CONTAINMENT, O.APPLICATION-TOOLS, O.ACCESS-MALICIOUS
SEC.1.4 Buffer Overflow Protection
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide at least one mechanism to protect against the exploitation of software bugs that exploit the lack of boundary checking in many programs and give an attacker some access to a task's address space by writing outside of buffer bounds. Objectives Satisfied: O.ENTRY, O.ENTRY-SOPHISTICATED
SEC.1.5 Access Control List Support for File Systems
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide access control list (ACL) capabilities on file systems that allow the specification of access rights for multiple users and groups. Objectives Satisfied: O.CONTAINMENT
SEC.2.1 Generic Authentication Modules
Priority: P1
Description: CGL specifies that carrier grade Linux shall support a mechanism for implementing new operating system authentication mechanisms. This support must allow for the dynamic loading of authentication modules. Objectives Satisfied: O.APPLICATION-TOOLS, O.KNOWN-TOE
SEC.2.2 Password Integrity Checking
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide tools to check passwords to ensure they cannot be cracked using common attack methods. These tools shall support at least the DES cipher text format and allow the user to specify rules for rejecting passwords. Objectives Satisfied: O.APPLICATION-TOOLS
SEC.3.1 Auditing
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide auditing mechanisms that flag security-relevant events and alert a system administrator. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM, O.ENTRY-TOE
SEC.3.2 Secure Transport of Log Information
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide secure transport of log information over a network to the log files. The transport mechanism shall ensure that the information remains confidential, cannot be modified, is not a replay of an earlier log message, and originated at the source it claims. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM
SEC.3.3 Periodic Automated Log Analysis
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism for periodically and automatically analyzing log files. This mechanism shall be able to generate reports if any suspicious or unrecognized log entry is detected. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM
SEC.3.4 Active Log Monitoring
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism for automatically analyzing security-relevant log information. This mechanism shall be able to generate alarms if criteria set by a system administrator are met. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM
SEC.3.5 Log Integrity and Origin Authentication
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a mechanism to check that log files have not been modified (integrity), even by most insiders. In addition, CGL specifies that carrier grade Linux shall provide a mechanism to verify the origin of a log message. CGL specifies that carrier grade Linux shall provide a mechanism to prevent replay attacks of a log message. Objectives Satisfied: O.DETECT-SOPHISTICATED, O.ACCOUNT-TOE, O.DETECT-TOE, O.OBSERVE-TOE, O.DETECT-SYSTEM
SEC.4.1 IPsec
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide IPsec support for network level confidentiality and integrity. The implementation shall conform to RFC 2401, 2402, 2406 and at least one encapsulating security payload (ESP) algorithm such as specified by RFC 2451. Objectives Satisfied: O.APPLICATION-TOOLS, O.NETWORK
SEC.4.2 IKE
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide an Internet Key Exchange (IKE) service to perform standards-based key exchange for IPsec. The service shall conform to RFC 2409. Objectives Satisfied: O.APPLICATION-TOOLS, O.NETWORK
SEC.4.3 PF_KEY Version 2
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide PF_KEY support, as defined by RFC 2367, for key management for the IPsec module and the IKE service. Objectives Satisfied: O.APPLICATION-TOOLS, O.NETWORK
SEC.4.4 PKI Support for Applications
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide basic PKI features, which shall conform to the IETF PKIX standards, specifically RFC 2527, 3279 & 3280. Support for processing certification revocation lists (CRLs) is required, although a specified delivery mechanism such as HTTP/FTP (RFC 2585) is not specified. Objectives Satisfied: O.ACCESS-TOE, O.APPLICATION-TOOLS, O.NETWORK
SEC.4.5 SSL/TLS Support for Applications
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide basic SSL/TLS support, which shall conform to the legacy SSL and IETF TLS standards. Objectives Satisfied: O.ACCESS-TOE, O.APPLICATION-TOOLS, O.NETWORK
SEC.4.6 PKI Certificate Authority (CA)
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a basic PKI CA service. This service shall conform to the IETF PKIX standards, specifically RFC 2527, 3279 & 3280. Support for the management of certification revocation lists (CRLs) is required. Certificate management and request protocols as defined by RFC 2527, 3279, and 3280, are not requirements. Objectives Satisfied: O.APPLICATION-TOOLS, O.NETWORK
SEC.5.1 Periodic User-Level File Integrity Checking
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a mechanism to enable a periodic checking of the integrity of files at user-level. Files to be checked are both binary files, which should not change after installation, and text files, such as configuration and log files, which may change. File integrity checks shall be able to be scheduled at any time of the day. The checking mechanism shall be able to send alarms to a system administrator when inconsistencies are detected. Objectives Satisfied: O.DETECT-SOPHISTICATED
SEC.7.1 Memory Limits
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for perprocess limits for the use of system memory. Objectives Satisfied: O.RESOURCES
SEC.7.2 File System Quotas
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for per-user file system quotas. Objectives Satisfied: O.RESOURCES
SEC.7.3 Process Quotas
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide support for per-user quotas on the number of processes which may be created. Objectives Satisfied: O.RESOURCES
SEC.7.4 Execution Quotas
Priority: P3
Description: CGL specifies that carrier grade Linux shall provide support for per-user CPU execution quotas. Objectives Satisfied: O.RESOURCES
SEC.8 Trusted Platform Module (TPM) Support
Priority: P2
Description: CGL specifies that, if and only if it is installed and executing on a TPMenabled platform, carrier grade Linux shall provide OS support for the TPM hardware, as defined in TCG TPM Specification, version 2. Objectives Satisfied: O.PHYSICAL
Hardware Requirements
PMT.1.1 IPMI support
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide the functionality defined in the Intelligent Platform Management Interface (IPMI):
- IPMI v1.5 specification
- IPMI v2.0 specification
- See STD.9.0 IPMI.
PMT.1.3 IPMI Accessibility
Priority: P1
Description: CGL specifies that carrier grade Linux shall provide a user space library for manipulating the IPMI directly for IPMI function accessibility. It shall also provide an interface for accessing IPMI functions from kernel space.
PMS.1.0 CPU Throttle
Priority: P2
Description: CGL specifies that carrier grade Linux shall provide a CPU power consumption management capability that enables adjustment of the CPU frequency. Any power, voltage and frequency settings shall be within the allowed range for the hardware.
PMS.5.1 iSCSI Initiator Support
Priority: P1
Description: CGL specifies that carrier grade Linux shall support the iSCSI protocol to enable block level access to SCSI storage devices using the TCP/IP transport. The support shall be compliant with the RFC 3270 specification and should provide iSCSI initiator support. At a minimum the supported iSCSI initiators should be able to authenticate themselves to potential iSCSI targets using the two-way CHAP authentication algorithm. See STD.17.0 iSCSI.
PMS.5.2 iSCSI Initiator IPv6 Support
Priority: P3
Description: CGL specifies that the iSCSI Initiators implemented by carrier grade Linux should support the IPv6 protocol. This would enable the iSCSI Initiator nodes to connect to iSCSI targets that have IPv6 addresses. See STD.4 IPV6 and STD.17.0 iSCSI.
PMS.5.3 iSCSI Target Discovery
Priority: P1
Description: CGL specifies that the iSCSI Initiators implemented by carrier grade Linux shall support the SendTargets Discovery mechanism to discover potential iSCSI targets they can connect. See STD.17.0 iSCSI.
Appendix A:
To be supplied
