Skip to content

Allow application servers to be identified by domain name#522

Open
eric-murray wants to merge 8 commits intocamaraproject:mainfrom
eric-murray:eric-murray-patch-2
Open

Allow application servers to be identified by domain name#522
eric-murray wants to merge 8 commits intocamaraproject:mainfrom
eric-murray:eric-murray-patch-2

Conversation

@eric-murray
Copy link
Collaborator

@eric-murray eric-murray commented Jan 5, 2026

What type of PR is this?

  • enhancement/feature

What this PR does / why we need it:

Currently, application servers can only be identified by a contiguous set of IP addresses within a defined subnet. This PR allows application servers to be identified by a domain name that resolves (at least within the network operator's own DNS service) to a limited list of IPv4 and IPv6 addresses.

Which issue(s) this PR fixes:

Fixes #513

Special notes for reviewers:

None

Changelog input

 release-note
 - Allow application servers to be identified by domain name

Additional documentation

None

@eric-murray
Clarify application server identifier requirements
47cc7f9 
Updated the description of application server identifiers and clarified the requirements for domain name resolution.
@eric-murray
Clean up blank lines in quality-on-demand.yaml
b08326c 
Removed unnecessary blank lines in the YAML file.
tlohmar
tlohmar reviewed Jan 9, 2026
View reviewed changes
tlohmar
tlohmar reviewed Jan 12, 2026
View reviewed changes
@ilya-smirnov-berlin
Copy link

ilya-smirnov-berlin commented Jan 20, 2026
edited
Loading

I find this suggested extension reasonable but have one remark.

If an API consumer has the ability to resolve a given domain name into a list of IP addresses automatically on the provider side and apply all of them to QoS flows, then the API should also allow the consumer to create a session using such an IP address list for the application server, rather than being limited to a single single network segment (single IP in particular case). For example:

  "applicationServer": {
    "ipv4Addresses": [ "98.138.91.63", "72.30.3.157", "66.163.190.174" ]
  }

Also we could think about a limitation of number of addresses in this list but also now many addresses can be used in case of DNS resolution on service provider side. Current classical DNS implementation has a limitation of the record size but still can return up to 15 addresses.

As already mentioned, DNS resolution results may differ from the consumer’s own resolution, even when using the same DNS server, due to region-based responses and load balancing. This behavior should be explicitly documented as warning to consumers.

@tlohmar
Copy link
Contributor

tlohmar commented Jan 20, 2026
edited
Loading

@ilya-smirnov-berlin

If an API consumer has the ability to resolve a given domain name into a list of IP addresses automatically ....

My understanding is that the API consumer CANNOT resolve the IP address(es). This is a common issue, when content is hosted within a CDN. The Application Client resolves the IP addresses using an FQDN. The API consumer only knows the FQDN, which is used by the Application Client (can be multiple). The API consumer and the Application Client belong to the same Application (same Application Service Provider).

@eric-murray please correct, when my understanding is wrong.

@hdamker
Copy link
Collaborator

hdamker commented Jan 20, 2026

@ilya-smirnov-berlin

If an API consumer has the ability to resolve a given domain name into a list of IP addresses automatically ....

My understanding is that the API consumer CANNOT resolve the IP address(es). This is a common issue, when content is hosted within a CDN. The Application Client resolves the IP addresses using an FQDN. The API consumer only knows the FQDN, which is used by the Application Client (can be multiple). The API consumer and the Application Client belong to the same Application (same Application Service Provider).

@eric-murray please correct, when my understanding is wrong.

@tlohmar the important word is here "also" ... when the API anyway allows to work with list of IP addresses (in the result), then it make sense to allow such a list also as input.

@tlohmar
Copy link
Contributor

tlohmar commented Jan 20, 2026

thx for the clarification. I misunderstood this. Could make sense to modify the ApplicationServer parameter, allowing a list of IPs.

@jlurien
Copy link
Collaborator

jlurien commented Jan 22, 2026

Some comments/considerations:

  • Changing the input schema to a list (array) of IP adresses, as sugegsted by Ilya, would break compatibility, unless we define the input schema as a oneOf/anyOf individual IP or array of IPs. This is something to be considered.

  • If several identifiers (hostname, IPv4/v6 address(es)) are provided, it is specified that the service is applied to all of them, even if they identify totally unrelated servers. In the current API version this could also happen using one IPv4 and one IPv6, but not sure if that was the original intention or just to allow dual IP stacks for the same server. It would be something to clarify as it may have implications (the consumer could use this to enhance 2 unrelated services with one request, or might have implications for error handling).

    • Additionally, if applicationServerPorts are specified, those ports would apply to all identified servers. If the servers are unrelated, this mapping might be limiting or overly broad.

  • Regarding the DNS resolution lifecycle, the specification may need to clarify that the mapping from domainName to IP addresses occurs at session creation time (one-time resolution). It may be noted that any subsequent changes to the DNS records during the session's lifetime will not be reflected in the active QoS flow. For this API is not as relevant as it is for other APIs in the family (provisioning, booking), if we apply the enhancement there.

  • Maybe we have to remark also that the applicationServer in the response must be the same indicated in the request, without explicit translation to the IP addresses.

@eric-murray @tlohmar
Apply suggestion from @tlohmar
7f379a6 
Co-authored-by: tlohmar <Thorsten.Lohmar@ericsson.com>
@eric-murray
Copy link
Collaborator Author

eric-murray commented Jan 22, 2026

the API should also allow the consumer to create a session using such an IP address list for the application server

Changing the input schema to a list (array) of IP addresses, as suggested by Ilya, would break compatibility, unless we define the input schema as a oneOf/anyOf individual IP or array of IPs

The original issue did indeed propose allowing the API consumer to pass a list (i.e. array) of IP addresses. See "Alternative Solution".

That would be a breaking change unless we kept the existing properties, so we would end up with four possible ways of specifying IP addresses, all of which could be used in a single request:

  ...
  "applicationServer": {
    "domainName": ...,
    "ipAddresses": [...],
    "ipv4Address": ...,
    "ipv6Address": ...
  },
  ...

My (i.e. Vodafone's) requirements would be met just by adding the additional domainName property, but I have no objection to adding the ipAddresses property as well.

Trying to restrict the schema to only allow ipAddresses if neither ipv4Address nor ipv6Address is provided (and vice versa) is possible but, I think, unnecessarily complex. Better just to deprecate the ipv4Address and ipv6Address properties, and then drop them in a later breaking release.

@eric-murray
Copy link
Collaborator Author

eric-murray commented Jan 22, 2026

My understanding is that the API consumer CANNOT resolve the IP address(es)

The specific issue was that our (potential) API consumer did not know which IP address was actually in use by the application. Their SDK could call DNS and obtain the list of IP addresses, but that DNS call would likely return the IP addresses in a different order to that returned to the application. So they would not know which IP address from the list that the application was actually using.

So either the domainName or ipAddresses list would work, but it is expected that the API consumer would find the domainName approach more "intuitive`.

@eric-murray
Copy link
Collaborator Author

eric-murray commented Jan 22, 2026

Additionally, if applicationServerPorts are specified, those ports would apply to all identified servers. If the servers are unrelated, this mapping might be limiting or overly broad.

So all specified applicationServerPorts would (or, at least, should) get applied to all specified applicationServers. I agree this could be overly broad, though likely it would just mean some application server IP / port combinations would get prioritised for flows that just did not exist.

Typically, the application server port will be 443. Indeed, this is Vodafone's "default" if applicationServerPorts is not specified at all. So that approach continues to work even as the number of ways of specifying IP addresses is expanded.

If someone has a use case where different application server ports must be prioritised for different application server IP addresses as part of the same QoS session, they might like to propose a scheme to link specific ports to specific application server IP addresses.

@eric-murray
Copy link
Collaborator Author

eric-murray commented Jan 22, 2026

Maybe we have to remark also that the applicationServer in the response must be the same indicated in the request, without explicit translation to the IP addresses.

For this PR, yes - indeed, it will usually not be possible to express the IP addresses associated a domain name using the current schema based on a single IPv6 and/or IPv6 subnet.

But I will separately propose a breaking change whereby the session creation response includes a list (i.e. array) of all application server IP addresses included in the QoS session, rather than the current ip4Address and ipv6Address parameters. That can be discussed separately to this PR, as it can be an independent change.

@ilya-smirnov-berlin ilya-smirnov-berlin mentioned this pull request Jan 23, 2026
Open
@eric-murray eric-murray mentioned this pull request Jan 23, 2026
Open
@eric-murray
Copy link
Collaborator Author

eric-murray commented Jan 23, 2026

I will separately propose a breaking change whereby the session creation response includes a list (i.e. array) of all application server IP addresses included in the QoS session, rather than the current ip4Address and ipv6Address parameters

I have now opened issue #529

eric-murray and others added 5 commits February 5, 2026 16:21
@eric-murray
Enhance API definitions with ipAddresses support
490a83d 
Added 'ipAddresses' property to application server identifiers and defined 'ApplicationServerIPAddressList' schema.
@eric-murray
Format YAML for ApplicationServerIPAddressList
6b8f3a9
@eric-murray
Add uniqueItems constraint to IP address list
a852df2
@eric-murray @tlohmar
Update code/API_definitions/quality-on-demand.yaml
7baae1b 
Co-authored-by: tlohmar <Thorsten.Lohmar@ericsson.com>
@eric-murray
Update quality-on-demand.yaml by removing redundant notes
45e8582 
Removed unnecessary notes regarding DNS and WebRTC IP address handling.
@eric-murray
Copy link
Collaborator Author

eric-murray commented Feb 5, 2026

I added ipAddresses as an additional application server identifier. My proposal is a list of up to 16 individual IPv4 and/or IPv6 addresses.

Some considerations for the sub-project:

  • Should we have separate lists for IPv4 and IPv6 addresses (i.e. ipv4Addresses and ipv6Addresses), or is mixed list OK?
  • Is a maximum of 16 addresses too few, or too many?
  • Should we remove or deprecate the ability to specify subnets using ipv4Address and ipv6Address?
    • If we want to keep the ability to specify subnets, should we keep ipv4Address and ipv6Address, or extend ipAddresses to allow a list of subnets to be specified?

@jlurien
Copy link
Collaborator

jlurien commented Feb 20, 2026

The last proposal considers one single domain and/or a list of IPv4/v6 addresses which may include subnets. Would it make sense to allow also a list of domains?

@eric-murray
Copy link
Collaborator Author

eric-murray commented Feb 20, 2026

The last proposal considers one single domain and/or a list of IPv4/v6 addresses which may include subnets. Would it make sense to allow also a list of domains?

I'm proposing to drop support for subnets - see my comment here

Regarding domains, my preference would be that separate domains require separate QoS sessions. Of course, separate domains could be implicitly specified in the list of IP addresses, but I would prefer not to add explicit support for this.

If there are reasons that other domains need to be included, maybe for "net neutrality" reasons or to prioritise other domains to which the device may be redirected when using the specified domain, I think it is for the API provider to implement that "behind the scenes" rather than requiring the API consumer to be explicitly aware they need to specify it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hdamker hdamker Awaiting requested review from hdamker hdamker is a code owner

@RandyLevensalor RandyLevensalor Awaiting requested review from RandyLevensalor RandyLevensalor is a code owner

@jlurien jlurien Awaiting requested review from jlurien jlurien is a code owner

1 more reviewer

@tlohmar tlohmar tlohmar left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow more control over application server IP address specification

5 participants

@eric-murray @ilya-smirnov-berlin @tlohmar @hdamker @jlurien