draft-ietf-teas-actn-framework-14.txt   draft-ietf-teas-actn-framework-15.txt 
TEAS Working Group Daniele Ceccarelli (Ed) TEAS Working Group Daniele Ceccarelli (Ed)
Internet Draft Ericsson Internet Draft Ericsson
Intended status: Informational Young Lee (Ed) Intended status: Informational Young Lee (Ed)
Expires: November 11, 2018 Huawei Expires: November 28, 2018 Huawei
May 11, 2018 May 28, 2018
Framework for Abstraction and Control of Traffic Engineered Networks Framework for Abstraction and Control of Traffic Engineered Networks
draft-ietf-teas-actn-framework-14 draft-ietf-teas-actn-framework-15
Abstract Abstract
Traffic Engineered networks have a variety of mechanisms to Traffic Engineered networks have a variety of mechanisms to
facilitate the separation of the data plane and control plane. They facilitate the separation of the data plane and control plane. They
also have a range of management and provisioning protocols to also have a range of management and provisioning protocols to
configure and activate network resources. These mechanisms represent configure and activate network resources. These mechanisms represent
key technologies for enabling flexible and dynamic networking. The key technologies for enabling flexible and dynamic networking. The
term "Traffic Engineered network" refers to a network that uses any term "Traffic Engineered network" refers to a network that uses any
connection-oriented technology under the control of a distributed or connection-oriented technology under the control of a distributed or
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 11, 2018. This Internet-Draft will expire on November 3, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 37 skipping to change at page 3, line 37
Authors' Addresses...............................................37 Authors' Addresses...............................................37
APPENDIX A - Example of MDSC and PNC Functions Integrated in A APPENDIX A - Example of MDSC and PNC Functions Integrated in A
Service/Network Orchestrator.....................................37 Service/Network Orchestrator.....................................37
1. Introduction 1. Introduction
The term "Traffic Engineered network" refers to a network that uses The term "Traffic Engineered network" refers to a network that uses
any connection-oriented technology under the control of a any connection-oriented technology under the control of a
distributed or centralized control plane to support dynamic distributed or centralized control plane to support dynamic
provisioning of end-to-end connectivity. Traffic Engineered (TE) provisioning of end-to-end connectivity. Traffic Engineered (TE)
networks have a variety of mechanisms to facilitate separation of networks have a variety of mechanisms to facilitate the separation
data plane and control plane including distributed signaling for of data plane and control plane including distributed signaling for
path setup and protection, centralized path computation for planning path setup and protection, centralized path computation for planning
and traffic engineering, and a range of management and provisioning and traffic engineering, and a range of management and provisioning
protocols to configure and activate network resources. These protocols to configure and activate network resources. These
mechanisms represent key technologies for enabling flexible and mechanisms represent key technologies for enabling flexible and
dynamic networking. Some examples of networks that are in scope of dynamic networking. Some examples of networks that are in scope of
this definition are optical networks, Multiprotocol Label Switching this definition are optical networks, Multiprotocol Label Switching
(MPLS) Transport Profile (MPLS-TP) networks [RFC5654], and MPLS-TE (MPLS) Transport Profile (MPLS-TP) networks [RFC5654], and MPLS-TE
networks [RFC2702]. networks [RFC2702].
One of the main drivers for Software Defined Networking (SDN) One of the main drivers for Software Defined Networking (SDN)
skipping to change at page 4, line 15 skipping to change at page 4, line 15
development of MPLS/GMPLS [RFC3945] and the Path Computation Element development of MPLS/GMPLS [RFC3945] and the Path Computation Element
(PCE) [RFC4655]. One of the advantages of SDN is its logically (PCE) [RFC4655]. One of the advantages of SDN is its logically
centralized control regime that allows a global view of the centralized control regime that allows a global view of the
underlying networks. Centralized control in SDN helps improve underlying networks. Centralized control in SDN helps improve
network resource utilization compared with distributed network network resource utilization compared with distributed network
control. For TE-based networks, a PCE may serve as a logically control. For TE-based networks, a PCE may serve as a logically
centralized path computation function. centralized path computation function.
This document describes a set of management and control functions This document describes a set of management and control functions
used to operate one or more TE networks to construct virtual used to operate one or more TE networks to construct virtual
networks that can be represented to customers and that are built networks that can be presented to customers and that are built from
from abstractions of the underlying TE networks so that, for abstractions of the underlying TE networks. For example, a link in
example, a link in the customer's network is constructed from a path the customer's network is constructed from a path or collection of
or collection of paths in the underlying networks. We call this set paths in the underlying networks. We call this set of functions
of functions "Abstraction and Control of Traffic Engineered "Abstraction and Control of Traffic Engineered Networks" (ACTN).
Networks" (ACTN).
2. Overview 2. Overview
Three key aspects that need to be solved by SDN are: Three key aspects that need to be solved by SDN are:
. Separation of service requests from service delivery so that . Separation of service requests from service delivery so that
the configuration and operation of a network is transparent the configuration and operation of a network is transparent
from the point of view of the customer, but remains responsive from the point of view of the customer, but remains responsive
to the customer's services and business needs. to the customer's services and business needs.
skipping to change at page 5, line 46 skipping to change at page 5, line 44
2.1. Terminology 2.1. Terminology
The following terms are used in this document. Some of them are The following terms are used in this document. Some of them are
newly defined, some others reference existing definitions: newly defined, some others reference existing definitions:
. Domain: A domain [RFC4655] is any collection of network . Domain: A domain [RFC4655] is any collection of network
elements within a common sphere of address management or path elements within a common sphere of address management or path
computation responsibility. Specifically within this document computation responsibility. Specifically within this document
we mean a part of an operator's network that is under common we mean a part of an operator's network that is under common
management. Network elements will often be grouped into management (i.e., under shared operational management using the
domains based on technology types, vendor profiles, and same instances of a tool and the same policies). Network
geographic proximity. elements will often be grouped into domains based on technology
types, vendor profiles, and geographic proximity.
. Abstraction: This process is defined in [RFC7926]. . Abstraction: This process is defined in [RFC7926].
. TE Network Slicing: In the context of ACTN, a TE network slice . TE Network Slicing: In the context of ACTN, a TE network slice
is a collection of resources that is used to establish a is a collection of resources that is used to establish a
logically dedicated virtual network over one or more TE logically dedicated virtual network over one or more TE
networks. TE network slicing allows a network operator to networks. TE network slicing allows a network operator to
provide dedicated virtual networks for applications/customers provide dedicated virtual networks for applications/customers
over a common network infrastructure. The logically dedicated over a common network infrastructure. The logically dedicated
resources are a part of the larger common network resources are a part of the larger common network
infrastructures that are shared among various TE network slice infrastructures that are shared among various TE network slice
instances which are the end-to-end realization of TE network instances which are the end-to-end realization of TE network
slicing, consisting of the combination of physically or slicing, consisting of the combination of physically or
logically dedicated resources. logically dedicated resources.
. Node: A node is a vertex on the graph representation of a TE . Node: A node is a vertex on the graph representation of a TE
topology. In a physical network topology, a node corresponds topology. In a physical network topology, a node corresponds
to a physical network element (NE) such as a router. In an to a physical network element (NE) such as a router. In an
abstract network topology, a node (sometimes called an abstract abstract network topology, a node (sometimes called an abstract
skipping to change at page 8, line 48 skipping to change at page 9, line 9
- Service Providers - Service Providers
- Network Operators - Network Operators
These entities are related in a three tier model as shown in Figure These entities are related in a three tier model as shown in Figure
1. 1.
+----------------------+ +----------------------+
| Customer | | Customer |
+----------------------+ +----------------------+
| |
VNS || | /\ VNS VNS || | /\ VNS
Request || | || Reply Request || | || Reply
\/ | || \/ | ||
+----------------------+ +----------------------+
| Service Provider | | Service Provider |
+----------------------+ +----------------------+
/ | \ / | \
/ | \ / | \
/ | \ / | \
/ | \ / | \
+------------------+ +------------------+ +------------------+ +------------------+ +------------------+ +------------------+
|Network Operator 1| |Network Operator 2| |Network Operator 3| |Network Operator 1| |Network Operator 2| |Network Operator 3|
+------------------+ +------------------+ +------------------+ +------------------+ +------------------+ +------------------+
Figure 1: The Three Tier Model. Figure 1: The Three Tier Model.
The commercial roles of these entities are described in the The commercial roles of these entities are described in the
following sections. following sections.
2.2.1. Customers 2.2.1. Customers
Basic customers include fixed residential users, mobile users, and Basic customers include fixed residential users, mobile users, and
small enterprises. Each requires a small amount of resources and is small enterprises. Each requires a small amount of resources and is
characterized by steady requests (relatively time invariant). Basic characterized by steady requests (relatively time invariant). Basic
customers do not modify their services themselves: if a service customers do not modify their services themselves: if a service
change is needed, it is performed by the provider as a proxy. change is needed, it is performed by the provider as a proxy.
Advanced customers include enterprises, governments, and utility Advanced customers include enterprises and governments. Such
companies. Such customers ask for both point-to point and customers ask for both point-to point and multipoint connectivity
multipoint connectivity with high resource demands varying with high resource demands varying significantly in time. This is
significantly in time. This is one of the reasons why a bundled one of the reasons why a bundled service offering is not enough and
service offering is not enough and it is desirable to provide each it is desirable to provide each advanced customer with a customized
advanced customer with a customized virtual network service. virtual network service. Advanced customers may also have the
Advanced customers may also have the ability to modify their service ability to modify their service parameters within the scope of their
parameters within the scope of their virtualized environments. The virtualized environments. The primary focus of ACTN is Advanced
primary focus of ACTN is Advanced Customers. Customers.
As customers are geographically spread over multiple network As customers are geographically spread over multiple network
operator domains, they have to interface to multiple operators and operator domains, they have to interface to multiple operators and
may have to support multiple virtual network services with different may have to support multiple virtual network services with different
underlying objectives set by the network operators. To enable these underlying objectives set by the network operators. To enable these
customers to support flexible and dynamic applications they need to customers to support flexible and dynamic applications they need to
control their allocated virtual network resources in a dynamic control their allocated virtual network resources in a dynamic
fashion, and that means that they need a view of the topology that fashion, and that means that they need a view of the topology that
spans all of the network operators. Customers of a given service spans all of the network operators. Customers of a given service
provider can in turn offer a service to other customers in a provider can in turn offer a service to other customers in a
skipping to change at page 11, line 15 skipping to change at page 11, line 22
computation based on the global network-wide abstracted computation based on the global network-wide abstracted
topology, and the creation of an abstracted view of network topology, and the creation of an abstracted view of network
resources allocated to each customer. These operations depend resources allocated to each customer. These operations depend
on customer-specific network objective functions and customer on customer-specific network objective functions and customer
traffic profiles. traffic profiles.
. Customer mapping/translation: This function is to map customer . Customer mapping/translation: This function is to map customer
requests/commands into network provisioning requests that can requests/commands into network provisioning requests that can
be sent from the Multi-Domain Service Coordinator (MDSC) to the be sent from the Multi-Domain Service Coordinator (MDSC) to the
Provisioning Network Controller (PNC) according to business Provisioning Network Controller (PNC) according to business
policies provisioned statically or dynamically at the OSS/NMS. policies provisioned statically or dynamically at the Operations
Support System (OSS)/ Network Management System (NMS).
Specifically, it provides mapping and translation of a Specifically, it provides mapping and translation of a
customer's service request into a set of parameters that are customer's service request into a set of parameters that are
specific to a network type and technology such that network specific to a network type and technology such that network
configuration process is made possible. configuration process is made possible.
. Virtual service coordination: This function translates customer . Virtual service coordination: This function translates customer
service-related information into virtual network service service-related information into virtual network service
operations in order to seamlessly operate virtual networks operations in order to seamlessly operate virtual networks
while meeting a customer's service requirements. In the while meeting a customer's service requirements. In the
context of ACTN, service/virtual service coordination includes context of ACTN, service/virtual service coordination includes
skipping to change at page 12, line 4 skipping to change at page 12, line 5
. CNC - Customer Network Controller . CNC - Customer Network Controller
. MDSC - Multi-Domain Service Coordinator . MDSC - Multi-Domain Service Coordinator
. PNC - Provisioning Network Controller . PNC - Provisioning Network Controller
Figure 2 also shows the following interfaces: Figure 2 also shows the following interfaces:
. CMI - CNC-MDSC Interface . CMI - CNC-MDSC Interface
. MPI - MDSC-PNC Interface . MPI - MDSC-PNC Interface
. SBI - Southbound Interface . SBI - Southbound Interface
+---------+ +---------+ +---------+
| CNC | | CNC | | CNC | +---------+ +---------+ +---------+
+---------+ +---------+ +---------+ | CNC | | CNC | | CNC |
\ | / +---------+ +---------+ +---------+
\ | / \ | /
Boundary =============\==================|=====================/======= \ | /
Between \ | / Boundary ========\==================|=====================/=======
Customer & ----------- | CMI -------------- Between \ | /
Network Operator \ | / Customer & ----------- | CMI --------------
+---------------+ Network Operator \ | /
| MDSC | +---------------+
+---------------+ | MDSC |
/ | \ +---------------+
------------ | MPI --------------- / | \
/ | \ ------------ | MPI -------------
+-------+ +-------+ +-------+ / | \
| PNC | | PNC | | PNC | +-------+ +-------+ +-------+
+-------+ +-------+ +-------+ | PNC | | PNC | | PNC |
| SBI / | / \ +-------+ +-------+ +-------+
| / | SBI SBI / \ | SBI / | / \
--------- ----- | / \ | / | SBI SBI / \
( ) ( ) | / \ --------- ----- | / \
- Control - ( Phys. ) | / ----- ( ) ( ) | / \
( Plane ) ( Net ) | / ( ) - Control - ( Phys. ) | / -----
( Physical ) ----- | / ( Phys. ) ( Plane ) ( Net ) | / ( )
( Network ) ----- ----- ( Net ) ( Physical ) ----- | / ( Phys. )
- - ( ) ( ) ----- ( Network ) ----- ----- ( Net )
( ) ( Phys. ) ( Phys. ) - - ( ) ( ) -----
--------- ( Net ) ( Net ) ( ) ( Phys. ) ( Phys. )
----- ----- --------- ( Net ) ( Net )
----- -----
Figure 2: ACTN Base Architecture Figure 2: ACTN Base Architecture
Note that this is a functional architecture: an implementation and Note that this is a functional architecture: an implementation and
deployment might collocate one or more of the functional components. deployment might collocate one or more of the functional components.
Figure 2 shows a case where service provider is also a network
operator.
3.1. Customer Network Controller 3.1. Customer Network Controller
A Customer Network Controller (CNC) is responsible for communicating A Customer Network Controller (CNC) is responsible for communicating
a customer's VNS requirements to the network operator over the CNC- a customer's VNS requirements to the network operator over the CNC-
MDSC Interface (CMI). It has knowledge of the end-points associated MDSC Interface (CMI). It has knowledge of the end-points associated
with the VNS (expressed as APs), the service policy, and other QoS with the VNS (expressed as APs), the service policy, and other QoS
information related to the service. information related to the service.
As the Customer Network Controller directly interfaces to the As the Customer Network Controller directly interfaces to the
skipping to change at page 13, line 14 skipping to change at page 13, line 19
their service needs. The capability of a CNC beyond its CMI role is their service needs. The capability of a CNC beyond its CMI role is
outside the scope of ACTN and may be implemented in different ways. outside the scope of ACTN and may be implemented in different ways.
For example, the CNC may in fact be a controller or part of a For example, the CNC may in fact be a controller or part of a
controller in the customer's domain, or the CNC functionality could controller in the customer's domain, or the CNC functionality could
also be implemented as part of a service provider's portal. also be implemented as part of a service provider's portal.
3.2. Multi-Domain Service Coordinator 3.2. Multi-Domain Service Coordinator
A Multi-Domain Service Coordinator (MDSC) is a functional block that A Multi-Domain Service Coordinator (MDSC) is a functional block that
implements all of the ACTN functions listed in Section 3 and implements all of the ACTN functions listed in Section 3 and
described further in Section 4.2. The two functions of the MDSC, described further in Section 4.2. Two functions of the MDSC,
namely, multi-domain coordination and virtualization/abstraction are namely, multi-domain coordination and virtualization/abstraction are
referred to as network-related functions while the other two referred to as network-related functions while the other two
functions, namely, customer mapping/translation and virtual service functions, namely, customer mapping/translation and virtual service
coordination are referred to as service-related functions. The MDSC coordination are referred to as service-related functions. The MDSC
sits at the center of the ACTN model between the CNC that issues sits at the center of the ACTN model between the CNC that issues
connectivity requests and the Provisioning Network Controllers connectivity requests and the Provisioning Network Controllers
(PNCs) that manage the network resources. (PNCs) that manage the network resources.
The key point of the MDSC (and of the whole ACTN framework) is The key point of the MDSC (and of the whole ACTN framework) is
detaching the network and service control from underlying technology detaching the network and service control from underlying technology
to help the customer express the network as desired by business to help the customer express the network as desired by business
skipping to change at page 14, line 4 skipping to change at page 14, line 10
3.3. Provisioning Network Controller 3.3. Provisioning Network Controller
The Provisioning Network Controller (PNC) oversees configuring the The Provisioning Network Controller (PNC) oversees configuring the
network elements, monitoring the topology (physical or virtual) of network elements, monitoring the topology (physical or virtual) of
the network, and collecting information about the topology (either the network, and collecting information about the topology (either
raw or abstracted). raw or abstracted).
The PNC functions can be implemented as part of an SDN domain The PNC functions can be implemented as part of an SDN domain
controller, a Network Management System (NMS), an Element Management controller, a Network Management System (NMS), an Element Management
System (EMS), an active PCE-based controller [Centralized] or any System (EMS), an active PCE-based controller [Centralized] or any
other means to dynamically control a set of nodes and that is other means to dynamically control a set of nodes and implementing a
implementing an NBI compliant with ACTN specification. north bound interface from the standpoint of the nodes (which is out
of the scope of this document). A PNC domain includes all the
A PNC domain includes all the resources under the control of a resources under the control of a single PNC. It can be composed of
single PNC. It can be composed of different routing domains and different routing domains and administrative domains, and the
administrative domains, and the resources may come from different resources may come from different layers. The interconnection
layers. The interconnection between PNC domains is illustrated in between PNC domains is illustrated in Figure 3.
Figure 3.
_______ _______ _______ _______
_( )_ _( )_ _( )_ _( )_
_( )_ _( )_ _( )_ _( )_
( ) Border ( ) ( ) Border ( )
( PNC ------ Link ------ PNC ) ( PNC ------ Link ------ PNC )
( Domain X |Border|========|Border| Domain Y ) ( Domain X |Border|========|Border| Domain Y )
( | Node | | Node | ) ( | Node | | Node | )
( ------ ------ ) ( ------ ------ )
(_ _) (_ _) (_ _) (_ _)
(_ _) (_ _) (_ _) (_ _)
(_______) (_______) (_______) (_______)
Figure 3: PNC Domain Borders Figure 3: PNC Domain Borders
3.4. ACTN Interfaces 3.4. ACTN Interfaces
Direct customer control of transport network elements and Direct customer control of transport network elements and
virtualized services is not a viable proposition for network virtualized services is not a viable proposition for network
operators due to security and policy concerns. In addition, some operators due to security and policy concerns. Therefore, the
networks may operate a control plane and as such it is not practical network has to provide open, programmable interfaces, through which
for the customer to directly interface with network elements. customer applications can create, replace and modify virtual network
Therefore, the network has to provide open, programmable interfaces, resources and services in an interactive, flexible and dynamic
through which customer applications can create, replace and modify fashion.
virtual network resources and services in an interactive, flexible
and dynamic fashion.
Three interfaces exist in the ACTN architecture as shown in Figure Three interfaces exist in the ACTN architecture as shown in Figure
2. 2.
. CMI: The CNC-MDSC Interface (CMI) is an interface between a CNC . CMI: The CNC-MDSC Interface (CMI) is an interface between a CNC
and an MDSC. The CMI is a business boundary between customer and an MDSC. The CMI is a business boundary between customer
and network operator. It is used to request a VNS for an and network operator. It is used to request a VNS for an
application. All service-related information is conveyed over application. All service-related information is conveyed over
this interface (such as the VNS type, topology, bandwidth, and this interface (such as the VNS type, topology, bandwidth, and
service constraints). Most of the information over this service constraints). Most of the information over this
skipping to change at page 15, line 45 skipping to change at page 16, line 5
must be able to receive requests as normal at the CMI and also at must be able to receive requests as normal at the CMI and also at
the MPI. The hierarchy of MDSCs can be seen in Figure 4. the MPI. The hierarchy of MDSCs can be seen in Figure 4.
Another implementation choice could foresee the usage of an MDSC-L Another implementation choice could foresee the usage of an MDSC-L
for all the PNCs related to a given technology (e.g., Internet for all the PNCs related to a given technology (e.g., Internet
Protocol (IP)/Multiprotocol Label Switching (MPLS)) and a different Protocol (IP)/Multiprotocol Label Switching (MPLS)) and a different
MDSC-L for the PNCs related to another technology (e.g., Optical MDSC-L for the PNCs related to another technology (e.g., Optical
Transport Network (OTN)/Wavelength Division Multiplexing (WDM)) and Transport Network (OTN)/Wavelength Division Multiplexing (WDM)) and
an MDSC-H to coordinate them. an MDSC-H to coordinate them.
+--------+ +--------+
| CNC | | CNC |
+--------+ +--------+
| +-----+ | +-----+
| CMI | CNC | | CMI | CNC |
+----------+ +-----+ +----------+ +-----+
-------| MDSC-H |---- |
-------| MDSC-H |---- | | +----------+ | | CMI
| +----------+ | | CMI MPI | MPI | |
MPI | MPI | | | | |
| | | +---------+ +---------+
+---------+ +---------+ | MDSC-L | | MDSC-L |
| MDSC-L | | MDSC-L | +---------+ +---------+
+---------+ +---------+ MPI | | | |
MPI | | | | | | | |
| | | | ----- ----- ----- -----
----- ----- ----- ----- | PNC | | PNC | | PNC | | PNC |
| PNC | | PNC | | PNC | | PNC | ----- ----- ----- -----
----- ----- ----- -----
Figure 4: MDSC Hierarchy Figure 4: MDSC Hierarchy
The hierarchy of MDSC can be recursive, where an MDSC-H is in turn
an MDSC-L to a higher level MDSC-H.
4.2. Functional Split of MDSC Functions in Orchestrators 4.2. Functional Split of MDSC Functions in Orchestrators
An implementation choice could separate the MDSC functions into two An implementation choice could separate the MDSC functions into two
groups, one group for service-related functions and the other for groups, one group for service-related functions and the other for
network-related functions. This enables the implementation of a network-related functions. This enables the implementation of a
service orchestrator that provides the service-related functions of service orchestrator that provides the service-related functions of
the MDSC and a network orchestrator that provides the network- the MDSC and a network orchestrator that provides the network-
related functions of the MDSC. This split is consistent with the related functions of the MDSC. This split is consistent with the
Yet Another Next Generation (YANG) service model architecture Yet Another Next Generation (YANG) service model architecture
described in [Service-YANG]. Figure 5 depicts this and shows how described in [Service-YANG]. Figure 5 depicts this and shows how
skipping to change at page 16, line 48 skipping to change at page 17, line 6
CMI | Customer Service Model CMI | Customer Service Model
| |
+---------------------------------------+ +---------------------------------------+
| Service | | Service |
********|*********************** Orchestrator | ********|*********************** Orchestrator |
* MDSC | +-----------------+ * | * MDSC | +-----------------+ * |
* | | Service-related | * | * | | Service-related | * |
* | | Functions | * | * | | Functions | * |
* | +-----------------+ * | * | +-----------------+ * |
* +----------------------*----------------+ * +----------------------*----------------+
* * | Service Delivery Model * * | Service Delivery
* * | * * | Model
* +----------------------*----------------+ * +----------------------*----------------+
* | * Network | * | * Network |
* | +-----------------+ * Orchestrator | * | +-----------------+ * Orchestrator |
* | | Network-related | * | * | | Network-related | * |
* | | Functions | * | * | | Functions | * |
* | +-----------------+ * | * | +-----------------+ * |
********|*********************** | ********|*********************** |
+---------------------------------------+ +---------------------------------------+
MPI | Network Configuration Model MPI | Network Configuration
| | Model
+------------------------+ +------------------------+
| Domain | | Domain |
| +------+ Controller | | +------+ Controller |
| | PNC | | | | PNC | |
| +------+ | | +------+ |
+------------------------+ +------------------------+
SBI | Device Configuration Model SBI | Device Configuration
| | Model
+--------+ +--------+
| Device | | Device |
+--------+ +--------+
Figure 5: ACTN Architecture in the Context of the YANG Service Figure 5: ACTN Architecture in the Context of the YANG Service
Models Models
5. Topology Abstraction Methods 5. Topology Abstraction Methods
Topology abstraction is described in [RFC7926]. This section Topology abstraction is described in [RFC7926]. This section
discusses topology abstraction factors, types, and their context in discusses topology abstraction factors, types, and their context in
the ACTN architecture. the ACTN architecture.
Abstraction in ACTN is performed by the PNC when presenting Abstraction in ACTN is performed by the PNC when presenting
skipping to change at page 22, line 6 skipping to change at page 22, line 9
supplementary topology may be obtained by the MDSC via a path supplementary topology may be obtained by the MDSC via a path
compute request/reply mechanism. compute request/reply mechanism.
The abstract topology advertisements from PNCs give the MDSC the The abstract topology advertisements from PNCs give the MDSC the
border node/link information for each domain. Under this scenario, border node/link information for each domain. Under this scenario,
when the MDSC needs to create a new VN, the MDSC can issue path when the MDSC needs to create a new VN, the MDSC can issue path
computation requests to PNCs with constraints matching the VN computation requests to PNCs with constraints matching the VN
request as described in [ACTN-YANG]. An example is provided in request as described in [ACTN-YANG]. An example is provided in
Figure 8, where the MDSC is creating a P2P VN between AP1 and AP2. Figure 8, where the MDSC is creating a P2P VN between AP1 and AP2.
The MDSC could use two different inter-domain links to get from The MDSC could use two different inter-domain links to get from
Domain X to Domain Y, but in order to choose the best end-to-end domain X to domain Y, but in order to choose the best end-to-end
path it needs to know what domain X and Y can offer in terms of path it needs to know what domain X and Y can offer in terms of
connectivity and constraints between the PE nodes and the border connectivity and constraints between the PE nodes and the border
nodes. nodes.
------- ------- ------- --------
( ) ( ) ( ) ( )
- BrdrX.1------- BrdrY.1 - - BrdrX.1------- BrdrY.1 -
(+---+ ) ( +---+) (+---+ ) ( +---+)
-+---( |PE1| Dom.X ) ( Dom.Y |PE2| )---+- -+---( |PE1| Dom.X ) ( Dom.Y |PE2| )---+-
| (+---+ ) ( +---+) | | (+---+ ) ( +---+) |
AP1 - BrdrX.2------- BrdrY.2 - AP2 AP1 - BrdrX.2------- BrdrY.2 - AP2
( ) ( ) ( ) ( )
------- -------- ------- --------
Figure 8: A Multi-Domain Example Figure 8: A Multi-Domain Example
The MDSC issues a path computation request to PNC.X asking for The MDSC issues a path computation request to PNC.X asking for
potential connectivity between PE1 and border node BrdrX.1 and potential connectivity between PE1 and border node BrdrX.1 and
between PE1 and BrdrX.2 with related objective functions and TE between PE1 and BrdrX.2 with related objective functions and TE
metric constraints. A similar request for connectivity from the metric constraints. A similar request for connectivity from the
border nodes in Domain Y to PE2 will be issued to PNC.Y. The MDSC border nodes in domain Y to PE2 will be issued to PNC.Y. The MDSC
merges the results to compute the optimal end-to-end path including merges the results to compute the optimal end-to-end path including
the inter domain links. The MDSC can use the result of this the inter domain links. The MDSC can use the result of this
computation to request the PNCs to provision the underlying computation to request the PNCs to provision the underlying
networks, and the MDSC can then use the end-to-end path as a virtual networks, and the MDSC can then use the end-to-end path as a virtual
link in the VN it delivers to the customer. link in the VN it delivers to the customer.
5.4. Hierarchical Topology Abstraction Example 5.4. Hierarchical Topology Abstraction Example
This section illustrates how topology abstraction operates in This section illustrates how topology abstraction operates in
different levels of a hierarchy of MDSCs as shown in Figure 9. different levels of a hierarchy of MDSCs as shown in Figure 9.
skipping to change at page 23, line 19 skipping to change at page 23, line 23
Virtual Network Delivered to CNC Virtual Network Delivered to CNC
CE A o==============o CE B CE A o==============o CE B
Topology operated on by MDSC-H Topology operated on by MDSC-H
CE A o----o==o==o===o----o CE B CE A o----o==o==o===o----o CE B
Topology operated on by MDSC-L1 Topology operated on by MDSC-L2 Topology operated on by MDSC-L1 Topology operated on by MDSC-L2
_ _ _ _ _ _ _ _
( ) ( ) ( ) ( ) ( ) ( ) ( ) ( )
( ) ( ) ( ) ( ) ( ) ( ) ( ) ( )
CE A o--(o---o)==(o---o)==Dom.3 Dom.2==(o---o)==(o---o)--o CE B CE A o--(o---o)==(o---o)==Dom.3 Dom.2==(o---o)==(o---o)--o CE B
( ) ( ) ( ) ( ) ( ) ( ) ( ) ( )
(_) (_) (_) (_) (_) (_) (_) (_)
Actual Topology Actual Topology
___ ___ ___ ___ ___ ___ ___ ___
( ) ( ) ( ) ( ) ( ) ( ) ( ) ( )
( o ) ( o ) ( o--o) ( o ) ( o ) ( o ) ( o--o) ( o )
( / \ ) ( |\ ) ( | | ) ( / \ ) ( / \ ) ( |\ ) ( | | ) ( / \ )
CE A o---(o-o---o-o)==(o-o-o-o-o)==(o--o--o-o)==(o-o-o-o-o)---o CE B CE A o---(o-o---o-o)==(o-o-o-o-o)==(o--o--o-o)==(o-o-o-o-o)---o CE B
( \ / ) ( | |/ ) ( | | ) ( \ / ) ( \ / ) ( | |/ ) ( | | ) ( \ / )
( o ) (o-o ) ( o--o) ( o ) ( o ) (o-o ) ( o--o) ( o )
(___) (___) (___) (___) (___) (___) (___) (___)
Domain 1 Domain 2 Domain 3 Domain 4 Domain 1 Domain 2 Domain 3 Domain 4
Where Where
o is a node o is a node
--- is a link --- is a link
=== border link === border link
Figure 9: Illustration of Hierarchical Topology Abstraction Figure 9: Illustration of Hierarchical Topology Abstraction
In the example depicted in Figure 9, there are four domains under In the example depicted in Figure 9, there are four domains under
control of PNCs PNC1, PNC2, PNC3, and PNC4. MDSC-L1 controls PNC1 control of PNCs PNC1, PNC2, PNC3, and PNC4. MDSC-L1 controls PNC1
and PNC2 while MDSC-L2 controls PNC3 and PNC4. Each of the PNCs and PNC2 while MDSC-L2 controls PNC3 and PNC4. Each of the PNCs
provides a grey topology abstraction that presents only border nodes provides a grey topology abstraction that presents only border nodes
and links across and outside the domain. The abstract topology and links across and outside the domain. The abstract topology
MDSC-L1 that operates is a combination of the two topologies from MDSC-L1 that operates is a combination of the two topologies from
PNC1 and PNC2. Likewise, the abstract topology that MDSC-L2 PNC1 and PNC2. Likewise, the abstract topology that MDSC-L2
operates is shown in Figure 9. Both MDSC-L1 and MDSC-L2 provide a operates is shown in Figure 9. Both MDSC-L1 and MDSC-L2 provide a
black topology abstraction to MSDC-H in which each PNC domain is black topology abstraction to MDSC-H in which each PNC domain is
presented as a single virtual node. MDSC-H combines these two presented as a single virtual node. MDSC-H combines these two
topologies to create the abstraction topology on which it operates. topologies to create the abstraction topology on which it operates.
MDSC-H sees the whole four domain networks as four virtual nodes MDSC-H sees the whole four domain networks as four virtual nodes
connected via virtual links. connected via virtual links.
5.5. VN Recursion with Network Layers 5.5. VN Recursion with Network Layers
In some cases the VN supplied to a customer may be built using In some cases the VN supplied to a customer may be built using
resources from different technology layers operated by different resources from different technology layers operated by different
operators. For example, one operator may run a packet TE network operators. For example, one operator may run a packet TE network
and use optical connectivity provided by another operator. and use optical connectivity provided by another operator.
As shown in Figure 10, a customer asks for end-to-end connectivity As shown in Figure 10, a customer asks for end-to-end connectivity
between CE A and CE B, a virtual network. The customer's CNC makes a between CE A and CE B, a virtual network. The customer's CNC makes
request to Operator 1's MDSC. The MDSC works out which network a request to Operator 1's MDSC. The MDSC works out which network
resources need to be configured and sends instructions to the resources need to be configured and sends instructions to the
appropriate PNCs. However, the link between Q and R is a virtual appropriate PNCs. However, the link between Q and R is a virtual
link supplied by Operator 2: Operator 1 is a customer of Operator 2. link supplied by Operator 2: Operator 1 is a customer of Operator 2.
To support this, Operator 1 has a CNC that communicates to Operator To support this, Operator 1 has a CNC that communicates to Operator
2's MDSC. Note that Operator 1's CNC in Figure 10 is a functional 2's MDSC. Note that Operator 1's CNC in Figure 10 is a functional
component that does not dictate implementation: it may be embedded component that does not dictate implementation: it may be embedded
in a PNC. in a PNC.
Virtual CE A o===============================o CE B Virtual CE A o===============================o CE B
skipping to change at page 25, line 16 skipping to change at page 25, line 19
Layer CE A o---P-----Q===========R-----S---o CE B Layer CE A o---P-----Q===========R-----S---o CE B
Network | : | Network | : |
| : | | : |
| ----- | | ----- |
| | CNC | | | | CNC | |
| ----- | | ----- |
| : | | : |
*********************************************** ***********************************************
| : | | : |
Operator 2 | ------ | Operator 2 | ------ |
| | MSDC | | | | MDSC | |
| ------ | | ------ |
| : | | : |
| ------- | | ------- |
| | PNC | | | | PNC | |
| ------- | | ------- |
\ : : : / \ : : : /
Lower \v v v/ Lower \v v v/
Layer X--Y--Z Layer X--Y--Z
Network Network
Where Where
--- is a link
=== is a virtual link --- is a link
=== is a virtual link
Figure 10: VN recursion with Network Layers Figure 10: VN recursion with Network Layers
6. Access Points and Virtual Network Access Points 6. Access Points and Virtual Network Access Points
In order to map identification of connections between the customer's In order to map identification of connections between the customer's
sites and the TE networks and to scope the connectivity requested in sites and the TE networks and to scope the connectivity requested in
the VNS, the CNC and the MDSC refer to the connections using the the VNS, the CNC and the MDSC refer to the connections using the
Access Point (AP) construct as shown in Figure 11. Access Point (AP) construct as shown in Figure 11.
------------- -------------
( ) ( )
- - - -
+---+ X ( ) Z +---+ +---+ X ( ) Z +---+
|CE1|---+----( )---+---|CE2| |CE1|---+----( )---+---|CE2|
+---+ | ( ) | +---+ +---+ | ( ) | +---+
AP1 - - AP2 AP1 - - AP2
( ) ( )
------------- -------------
Figure 11: Customer View of APs Figure 11: Customer View of APs
Let's take as an example a scenario shown in Figure 11. CE1 is Let's take as an example a scenario shown in Figure 11. CE1 is
connected to the network via a 10 Gbps link and CE2 via a 40 Gbps connected to the network via a 10 Gbps link and CE2 via a 40 Gbps
link. Before the creation of any VN between AP1 and AP2 the link. Before the creation of any VN between AP1 and AP2 the
customer view can be summarized as shown in Table 1. customer view can be summarized as shown in Table 1.
+----------+------------------------+ +----------+------------------------+
|End Point | Access Link Bandwidth | |End Point | Access Link Bandwidth |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
|AP id| CE,port | MaxResBw | AvailableBw | |AP id| CE,port | MaxResBw | AvailableBw |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
| AP1 |CE1,portX | 10Gbps | 10Gbps | | AP1 |CE1,portX | 10 Gbps | 10 Gbps |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
| AP2 |CE2,portZ | 40Gbps | 40Gbps | | AP2 |CE2,portZ | 40 Gbps | 40 Gbps |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
Table 1: AP - Customer View Table 1: AP - Customer View
On the other hand, what the provider sees is shown in Figure 12. On the other hand, what the operator sees is shown in Figure 12.
------- ------- ------- -------
( ) ( ) ( ) ( )
- - - - - - - -
W (+---+ ) ( +---+) Y W (+---+ ) ( +---+) Y
-+---( |PE1| Dom.X )---( Dom.Y |PE2| )---+- -+---( |PE1| Dom.X )----( Dom.Y |PE2| )---+-
| (+---+ ) ( +---+) | | (+---+ ) ( +---+) |
AP1 - - - - AP2 AP1 - - - - AP2
( ) ( ) ( ) ( )
------- ------- ------- -------
Figure 12: Provider view of the AP Figure 12: Operator view of the AP
Which results in a summarization as shown in Table 2. Which results in a summarization as shown in Table 2.
+----------+------------------------+ +----------+------------------------+
|End Point | Access Link Bandwidth | |End Point | Access Link Bandwidth |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
|AP id| PE,port | MaxResBw | AvailableBw | |AP id| PE,port | MaxResBw | AvailableBw |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
| AP1 |PE1,portW | 10Gbps | 10Gbps | | AP1 |PE1,portW | 10 Gbps | 10 Gbps |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
| AP2 |PE2,portY | 40Gbps | 40Gbps | | AP2 |PE2,portY | 40 Gbps | 40 Gbps |
+-----+----------+----------+-------------+ +-----+----------+----------+-------------+
Table 2: AP - Operator View Table 2: AP - Operator View
A Virtual Network Access Point (VNAP) needs to be defined as binding A Virtual Network Access Point (VNAP) needs to be defined as binding
between an AP and a VN. It is used to allow for different VNs to between an AP and a VN. It is used to allow for different VNs to
start from the same AP. It also allows for traffic engineering on start from the same AP. It also allows for traffic engineering on
the access and/or inter-domain links (e.g., keeping track of the access and/or inter-domain links (e.g., keeping track of
bandwidth allocation). A different VNAP is created on an AP for bandwidth allocation). A different VNAP is created on an AP for
each VN. each VN.
skipping to change at page 28, line 21 skipping to change at page 28, line 36
The customer view would be shown in Table 4. The customer view would be shown in Table 4.
+----------+------------------------+ +----------+------------------------+
|End Point | Access Link/VNAP Bw | |End Point | Access Link/VNAP Bw |
+---------+----------+----------+-------------+-----------+ +---------+----------+----------+-------------+-----------+
|AP/VNAPid| CE,port | MaxResBw | AvailableBw |Dual Homing| |AP/VNAPid| CE,port | MaxResBw | AvailableBw |Dual Homing|
+---------+----------+----------+-------------+-----------+ +---------+----------+----------+-------------+-----------+
|AP1 |CE1,portW | 10 Gbps | 5 Gbps | | |AP1 |CE1,portW | 10 Gbps | 5 Gbps | |
| -VNAP1.9| | 5 Gbps | N.A. | VNAP2.9 | | -VNAP1.9| | 5 Gbps | N.A. | VNAP2.9 |
+---------+----------+----------+-------------+-----------+ +---------+----------+----------+-------------+-----------+
|AP2 |CE1,portY | 40 Gbps | 35 Gbps | | |AP2 |CE1,portY | 40 Gbps | 35 Gbps | |
| -VNAP2.9| | 5 Gbps | N.A. | VNAP1.9 | | -VNAP2.9| | 5 Gbps | N.A. | VNAP1.9 |
+---------+----------+----------+-------------+-----------+ +---------+----------+----------+-------------+-----------+
|AP3 |CE2,portX | 50 Gbps | 45 Gbps | | |AP3 |CE2,portX | 50 Gbps | 45 Gbps | |
| -VNAP3.9| | 5 Gbps | N.A. | NONE | | -VNAP3.9| | 5 Gbps | N.A. | NONE |
+---------+----------+----------+-------------+-----------+ +---------+----------+----------+-------------+-----------+
Table 4: Dual-Homing - Customer View after VN Creation Table 4: Dual-Homing - Customer View after VN Creation
7. Advanced ACTN Application: Multi-Destination Service 7. Advanced ACTN Application: Multi-Destination Service
skipping to change at page 30, line 7 skipping to change at page 30, line 9
Furthermore, in case of Data Center selection, customer could Furthermore, in case of Data Center selection, customer could
request for a backup DC to be selected, such that in case of request for a backup DC to be selected, such that in case of
failure, another DC site could provide hot stand-by protection. As failure, another DC site could provide hot stand-by protection. As
shown in Figure 15 DC-C is selected as a backup for DC-A. Thus, the shown in Figure 15 DC-C is selected as a backup for DC-A. Thus, the
VN should be setup by the MDSC to include primary connectivity VN should be setup by the MDSC to include primary connectivity
between AP1 (CE1) and AP2 (DC-A) as well as protection connectivity between AP1 (CE1) and AP2 (DC-A) as well as protection connectivity
between AP1 (CE1) and AP4 (DC-C). between AP1 (CE1) and AP4 (DC-C).
------- ------- ------- -------
( ) ( ) ( ) ( )
- - - - - - __ - -
+---+ ( ) ( ) +----+ +---+ ( ) ( ) +----+
|CE1|---+----( Domain X )----( Domain Y )---+---|DC-A| |CE1|---+----( Domain X )----( Domain Y )---+---|DC-A|
+---+ | ( ) ( ) | +----+ +---+ | ( ) ( ) | +----+
AP1 - - - - AP2 | AP1 - - - - AP2 |
( ) ( ) | ( ) ( ) |
---+--- ---+--- | ---+--- ---+--- |
| | | | | |
AP3-+ AP4-+ HOT STANDBY AP3-| AP4-| HOT STANDBY
| | | | | |
+----+ +----+ | +----+ +----+ |
|DC-D| |DC-C|<------------- |DC-D| |DC-C|<-------------
+----+ +----+ +----+ +----+
Figure 15: Pre-planned End-Point Migration Figure 15: Pre-planned End-Point Migration
7.2. On the Fly End-Point Migration 7.2. On the Fly End-Point Migration
Compared to pre-planned end point migration, on the fly end point Compared to pre-planned end point migration, on the fly end point
skipping to change at page 31, line 32 skipping to change at page 31, line 34
these include, but are not limited to: connectivity, bandwidth, these include, but are not limited to: connectivity, bandwidth,
geographical transit, technology selection, security, resilience, geographical transit, technology selection, security, resilience,
and economic cost. and economic cost.
Depending on the deployment of the ACTN architecture, some policies Depending on the deployment of the ACTN architecture, some policies
may have local or global significance. That is, certain policies may have local or global significance. That is, certain policies
may be ACTN component specific in scope, while others may have may be ACTN component specific in scope, while others may have
broader scope and interact with multiple ACTN components. Two broader scope and interact with multiple ACTN components. Two
examples are provided below: examples are provided below:
. A local policy might limit the number, type, size, and o A local policy might limit the number, type, size, and
scheduling of virtual network services a customer may request scheduling of virtual network services a customer may request
via its CNC. This type of policy would be implemented locally via its CNC. This type of policy would be implemented locally
on the MDSC. on the MDSC.
. A global policy might constrain certain customer types (or o A global policy might constrain certain customer types (or
specific customer applications) to only use certain MDSCs, and specific customer applications) to only use certain MDSCs, and
be restricted to physical network types managed by the PNCs. A be restricted to physical network types managed by the PNCs. A
global policy agent would govern these types of policies. global policy agent would govern these types of policies.
The objective of this section is to discuss the applicability of The objective of this section is to discuss the applicability of
ACTN policy: requirements, components, interfaces, and examples. ACTN policy: requirements, components, interfaces, and examples.
This section provides an analysis and does not mandate a specific This section provides an analysis and does not mandate a specific
method for enforcing policy, or the type of policy agent that would method for enforcing policy, or the type of policy agent that would
be responsible for propagating policies across the ACTN components. be responsible for propagating policies across the ACTN components.
It does highlight examples of how policy may be applied in the It does highlight examples of how policy may be applied in the
skipping to change at page 32, line 19 skipping to change at page 32, line 21
A virtual network service for a customer application will be A virtual network service for a customer application will be
requested by the CNC. The request will reflect the application requested by the CNC. The request will reflect the application
requirements and specific service needs, including bandwidth, requirements and specific service needs, including bandwidth,
traffic type and survivability. Furthermore, application access and traffic type and survivability. Furthermore, application access and
type of virtual network service requested by the CNC, will be need type of virtual network service requested by the CNC, will be need
adhere to specific access control policies. adhere to specific access control policies.
8.3. Policy Applied to the Multi-Domain Service Coordinator 8.3. Policy Applied to the Multi-Domain Service Coordinator
A key objective of the MDSC is to support the customer's expression A key objective of the MDSC is to support the customer's expression
of the application connectivity request via its CNC as set of of the application connectivity request via its CNC as a set of
desired business needs, therefore policy will play an important desired business needs, therefore policy will play an important
role. role.
Once authorized, the virtual network service will be instantiated Once authorized, the virtual network service will be instantiated
via the CNC-MDSC Interface (CMI), it will reflect the customer via the CNC-MDSC Interface (CMI); it will reflect the customer
application and connectivity requirements, and specific service application and connectivity requirements, and specific service
transport needs. The CNC and the MDSC components will have agreed transport needs. The CNC and the MDSC components will have agreed
connectivity end-points, use of these end-points should be defined connectivity end-points; use of these end-points should be defined
as a policy expression when setting up or augmenting virtual network as a policy expression when setting up or augmenting virtual network
services. Ensuring that permissible end-points are defined for CNCs services. Ensuring that permissible end-points are defined for CNCs
and applications will require the MDSC to maintain a registry of and applications will require the MDSC to maintain a registry of
permissible connection points for CNCs and application types. permissible connection points for CNCs and application types.
Conflicts may occur when virtual network service optimization Conflicts may occur when virtual network service optimization
criteria are in competition. For example, to meet objectives for criteria are in competition. For example, to meet objectives for
service reachability a request may require an interconnection point service reachability a request may require an interconnection point
between multiple physical networks; however, this might break a between multiple physical networks; however, this might break a
confidentially policy requirement of specific type of end-to-end confidentially policy requirement of specific type of end-to-end
skipping to change at page 33, line 37 skipping to change at page 33, line 38
Several distributed ACTN functional components are required, and Several distributed ACTN functional components are required, and
implementations should consider encrypting data that flows between implementations should consider encrypting data that flows between
components, especially when they are implemented at remote nodes, components, especially when they are implemented at remote nodes,
regardless these data flows are on external or internal network regardless these data flows are on external or internal network
interfaces. interfaces.
The ACTN security discussion is further split into two specific The ACTN security discussion is further split into two specific
categories described in the following sub-sections: categories described in the following sub-sections:
. Interface between the Customer Network Controller and Multi- o Interface between the Customer Network Controller and Multi-
Domain Service Coordinator (MDSC), CNC-MDSC Interface (CMI) Domain Service Coordinator (MDSC), CNC-MDSC Interface (CMI)
. Interface between the Multi-Domain Service Coordinator and o Interface between the Multi-Domain Service Coordinator and
Provisioning Network Controller (PNC), MDSC-PNC Interface (MPI) Provisioning Network Controller (PNC), MDSC-PNC Interface (MPI)
From a security and reliability perspective, ACTN may encounter many From a security and reliability perspective, ACTN may encounter many
risks such as malicious attack and rogue elements attempting to risks such as malicious attack and rogue elements attempting to
connect to various ACTN components. Furthermore, some ACTN connect to various ACTN components. Furthermore, some ACTN
components represent a single point of failure and threat vector, components represent a single point of failure and threat vector,
and must also manage policy conflicts, and eavesdropping of and must also manage policy conflicts, and eavesdropping of
communication between different ACTN components. communication between different ACTN components.
The conclusion is that all protocols used to realize the ACTN The conclusion is that all protocols used to realize the ACTN
skipping to change at page 34, line 38 skipping to change at page 34, line 38
by different organizations and on separate functional nodes. Use of by different organizations and on separate functional nodes. Use of
the AAA-based mechanisms would also provide role-based authorization the AAA-based mechanisms would also provide role-based authorization
methods, so that only authorized CNC's may access the different methods, so that only authorized CNC's may access the different
functions of the MDSC. functions of the MDSC.
9.2. MDSC-PNC Interface (MPI) 9.2. MDSC-PNC Interface (MPI)
Where the MDSC must interact with multiple (distributed) PNCs, a Where the MDSC must interact with multiple (distributed) PNCs, a
PKI-based mechanism is suggested, such as building a TLS or HTTPS PKI-based mechanism is suggested, such as building a TLS or HTTPS
connection between the MDSC and PNCs, to ensure trust between the connection between the MDSC and PNCs, to ensure trust between the
physical network layer control components and the MDSC. physical network layer control components and the MDSC. Trust
anchors for the PKI can be configured to use a smaller (and
potentially non-intersecting) set of trusted Certificate Authorities
(CAs) than in the Web PKI.
Which MDSC the PNC exports topology information to, and the level of Which MDSC the PNC exports topology information to, and the level of
detail (full or abstracted), should also be authenticated, and detail (full or abstracted), should also be authenticated, and
specific access restrictions and topology views should be specific access restrictions and topology views should be
configurable and/or policy-based. configurable and/or policy-based.
10. IANA Considerations 10. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
 End of changes. 51 change blocks. 
164 lines changed or deleted 170 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/