Admission Control Service

Platform SDK: Quality of Service

Admission Control Service

Admission control service (ACS), is a Windows 2000 QOS component that regulates subnet usage for QOS-enabled applications. The ACS exerts its authority over QOS-aware applications or clients by placing itself within the RSVP message path. With this placement, ACS effectively intercepts RSVP PATH, RESV, PATH_ERR, RESV_ERR, PATH_TEAR, and RESV_TEAR messages and passes the messages' policy information to Local Policy Modules (LPMs) for authentication. This exertion of ACS authority occurs on each interface (or shared medium) over which a given QOS flow must traverse. For a simplified example, if ACS is functioning on a source subnet and a (different) destination subnet for a given flow, policy restrictions are enforced by the ACS on each subnet.

ACS regulation is based on available network resources and on administratively-configurable information on users, or group policy. ACS is implemented as a Windows 2000 service on a Windows 2000 Server.

Local policy modules (LPMs) fall within the fold of ACS functionality, and can be considered an integral part of the ACS. With the default LPM, Microsoft Identity LPM (MSIDLPM) user information in the intercepted RSVP message is used to look up user policy in Windows 2000 Active Directory services. MSIDLPM then makes policy decisions based on information found in Active Directory services.

Another ACS component, the Policy Control Module (PCM), actually mediates the interaction between the ACS and LPMs. If there are multiple residential LPMs, the PCM will send all policy data objects contained in the received RSVP messages to each LPM, gather all responses, perform logical checks on the information, aggregate it, and return the combined response to the ACS.

If network resources are available and if the policy check succeeds, the RSVP message and its policy information is sent to the next hop (or the previous hop, if it is a PATH or RESV message). In this way, ACS acts as the logical gatekeeper for RSVP message propagation across the network by rejecting requests under the following conditions:

If local segment resources aren't available to provide the requested level of QOS (the SBM functionality of the ACS)
If the sender or receiver doesn't have appropriate policy permission to transmit data with the requested parameters

When such conditions occur, no network nodes beyond the ACS (in the appropriate direction) receive any of the RSVP messages rejected by the ACS. However, the error messages due to the rejection will traverse the network to get to the network mode that made the request.

This provides twofold service. It keeps unnecessary RSVP signaling traffic from traversing the network by keeping lame-duck RSVP messages from running across the network, and restricts access to network resources, allowing only authorized requests to create reservations in the network. As an additional benefit, this also preserves processing resources for routers and WAN Interface Cards (WANICs) since they will not have to handle such RSVP messages. Note that any node that declines requests based on policy failure, however, will return an RSVP error message to the sender, indicating failure. Clients will not transmit anything if their request is rejected by ACS.

Though ACS is a Windows 2000 QOS component, its services include other QOS components, such as the Subnet Bandwidth Manager (SBM) and its LPM interface.