draft-ietf-teas-enhanced-vpn-02.txt   draft-ietf-teas-enhanced-vpn-03.txt 
TEAS Working Group J. Dong TEAS Working Group J. Dong
Internet-Draft S. Bryant Internet-Draft Huawei
Intended status: Informational Huawei Intended status: Informational S. Bryant
Expires: January 9, 2020 Z. Li Expires: March 15, 2020 Futurewei
Z. Li
China Mobile China Mobile
T. Miyasaka T. Miyasaka
KDDI Corporation KDDI Corporation
Y. Lee Y. Lee
Futurewei Sung Kyun Kwan University
July 08, 2019 September 12, 2019
A Framework for Enhanced Virtual Private Networks (VPN+) Service A Framework for Enhanced Virtual Private Networks (VPN+) Service
draft-ietf-teas-enhanced-vpn-02 draft-ietf-teas-enhanced-vpn-03
Abstract Abstract
This document specifies a framework for using existing, modified and This document specifies a framework for using existing, modified and
potential new networking technologies as components to provide an potential new networking technologies as components to provide an
Enhanced Virtual Private Networks (VPN+) service. The purpose is to Enhanced Virtual Private Network (VPN+) service. The purpose is to
support the needs of new applications, particularly applications that support the needs of new applications, particularly applications that
are associated with 5G services by utilizing an approach that is are associated with 5G services, by utilizing an approach that is
based on existing VPN technologies and adds features that specific based on existing VPN and TE technologies and adds features that
services require over and above traditional VPNs. specific services require over and above traditional VPNs.
Typically, VPN+ will be used to form the underpinning of network Typically, VPN+ will be used to form the underpinning of network
slicing, but could also be of use in its own right. It is not slicing, but could also be of use in its own right. It is not
envisaged that large numbers of VPN+ instances will be deployed in a envisaged that large numbers of VPN+ instances will be deployed in a
network and, in particular, it is not intended that all VPNs network and, in particular, it is not intended that all VPNs
supported by a network will use VPN+ techniques. supported by a network will use VPN+ techniques.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 48 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020. This Internet-Draft will expire on March 15, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of the Requirements . . . . . . . . . . . . . . . . 5 2. Overview of the Requirements . . . . . . . . . . . . . . . . 6
2.1. Isolation between Virtual Networks . . . . . . . . . . . 5 2.1. Isolation between Virtual Networks . . . . . . . . . . . 6
2.1.1. A Pragmatic Approach to Isolation . . . . . . . . . . 7 2.1.1. A Pragmatic Approach to Isolation . . . . . . . . . . 7
2.2. Performance Guarantee . . . . . . . . . . . . . . . . . . 8 2.2. Performance Guarantee . . . . . . . . . . . . . . . . . . 8
2.3. Integration . . . . . . . . . . . . . . . . . . . . . . . 10 2.3. Integration . . . . . . . . . . . . . . . . . . . . . . . 10
2.3.1. Abstraction . . . . . . . . . . . . . . . . . . . . . 10 2.3.1. Abstraction . . . . . . . . . . . . . . . . . . . . . 11
2.4. Dynamic Configuration . . . . . . . . . . . . . . . . . . 10 2.4. Dynamic Management . . . . . . . . . . . . . . . . . . . 11
2.5. Customized Control . . . . . . . . . . . . . . . . . . . 11 2.5. Customized Control . . . . . . . . . . . . . . . . . . . 12
2.6. Applicability . . . . . . . . . . . . . . . . . . . . . . 11 2.6. Applicability . . . . . . . . . . . . . . . . . . . . . . 12
2.7. Inter-Domain and Inter-Layer Network . . . . . . . . . . 11 2.7. Inter-Domain and Inter-Layer Network . . . . . . . . . . 12
3. Architecture of Enhanced VPN . . . . . . . . . . . . . . . . 12 3. Architecture of Enhanced VPN . . . . . . . . . . . . . . . . 13
3.1. Layered Architecture . . . . . . . . . . . . . . . . . . 13 3.1. Layered Architecture . . . . . . . . . . . . . . . . . . 15
3.2. Multi-Point to Multi-Point . . . . . . . . . . . . . . . 15 3.2. Multi-Point to Multi-Point (MP2MP) . . . . . . . . . . . 16
3.3. Application Specific Network Types . . . . . . . . . . . 15 3.3. Application Specific Network Types . . . . . . . . . . . 16
3.4. Scaling Considerations . . . . . . . . . . . . . . . . . 15 3.4. Scaling Considerations . . . . . . . . . . . . . . . . . 16
4. Candidate Technologies . . . . . . . . . . . . . . . . . . . 16 4. Candidate Technologies . . . . . . . . . . . . . . . . . . . 17
4.1. Underlay Packet and Frame-Based Data Planes . . . . . . . 16 4.1. Layer-Two Data Plane . . . . . . . . . . . . . . . . . . 17
4.1.1. FlexE . . . . . . . . . . . . . . . . . . . . . . . . 17 4.1.1. FlexE . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1.2. Dedicated Queues . . . . . . . . . . . . . . . . . . 17 4.1.2. Dedicated Queues . . . . . . . . . . . . . . . . . . 18
4.1.3. Time Sensitive Networking . . . . . . . . . . . . . . 18 4.1.3. Time Sensitive Networking . . . . . . . . . . . . . . 19
4.2. Packet and Frame-Based Network Layer . . . . . . . . . . 18 4.2. Layer-Three Data Plane . . . . . . . . . . . . . . . . . 19
4.2.1. Deterministic Networking . . . . . . . . . . . . . . 18 4.2.1. Deterministic Networking . . . . . . . . . . . . . . 19
4.2.2. MPLS Traffic Engineering (MPLS-TE) . . . . . . . . . 19 4.2.2. MPLS Traffic Engineering (MPLS-TE) . . . . . . . . . 20
4.2.3. Segment Routing . . . . . . . . . . . . . . . . . . . 19 4.2.3. Segment Routing . . . . . . . . . . . . . . . . . . . 20
4.3. Non-Packet Technologies . . . . . . . . . . . . . . . . . 21 4.3. Non-Packet Data Plane . . . . . . . . . . . . . . . . . . 21
4.4. Control Plane . . . . . . . . . . . . . . . . . . . . . . 21 4.4. Control Plane . . . . . . . . . . . . . . . . . . . . . . 21
4.5. Management Plane . . . . . . . . . . . . . . . . . . . . 22 4.5. Management Plane . . . . . . . . . . . . . . . . . . . . 22
4.6. Applicability of ACTN to Enhanced VPN . . . . . . . . . . 22 4.6. Applicability of Service Data Models to Enhanced VPN . . 23
4.6.1. ACTN Used for VPN+ Delivery . . . . . . . . . . . . . 24 4.6.1. Enhanced VPN Delivery in ACTN Architecture . . . . . 24
4.6.2. Enhanced VPN Features with ACTN . . . . . . . . . . . 26 4.6.2. Enhanced VPN Features with Service Data Models . . . 25
4.6.3. 5G Transport Service Delivery via Coordinated Data
5. Scalability Considerations . . . . . . . . . . . . . . . . . 28 Modules . . . . . . . . . . . . . . . . . . . . . . . 28
5.1. Maximum Stack Depth of SR . . . . . . . . . . . . . . . . 29 5. Scalability Considerations . . . . . . . . . . . . . . . . . 30
5.2. RSVP Scalability . . . . . . . . . . . . . . . . . . . . 29 5.1. Maximum Stack Depth of SR . . . . . . . . . . . . . . . . 31
6. OAM Considerations . . . . . . . . . . . . . . . . . . . . . 30 5.2. RSVP Scalability . . . . . . . . . . . . . . . . . . . . 31
7. Enhanced Resiliency . . . . . . . . . . . . . . . . . . . . . 30 5.3. SDN Scaling . . . . . . . . . . . . . . . . . . . . . . . 31
8. Security Considerations . . . . . . . . . . . . . . . . . . . 31 6. OAM Considerations . . . . . . . . . . . . . . . . . . . . . 31
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 7. Telemetry Considerations . . . . . . . . . . . . . . . . . . 32
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32 8. Enhanced Resiliency . . . . . . . . . . . . . . . . . . . . . 32
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 9. Operational Considerations . . . . . . . . . . . . . . . . . 33
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 10. Security Considerations . . . . . . . . . . . . . . . . . . . 33
12.1. Normative References . . . . . . . . . . . . . . . . . . 33 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
12.2. Informative References . . . . . . . . . . . . . . . . . 33 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 34
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
14.1. Normative References . . . . . . . . . . . . . . . . . . 35
14.2. Informative References . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
Virtual private networks (VPNs) have served the industry well as a Virtual private networks (VPNs) have served the industry well as a
means of providing different groups of users with logically isolated means of providing different groups of users with logically isolated
access to a common network. The common or base network that is used access to a common network. The common or base network that is used
to provide the VPNs is often referred to as the underlay, and the VPN to provide the VPNs is often referred to as the underlay, and the VPN
is often called an overlay. is often called an overlay.
Customers of a network operator may request enhanced overlay services Customers of a network operator may request enhanced overlay services
with advanced characteristics such as complete isolation from other with advanced characteristics such as complete isolation from other
services so that changes in network load or event of other services services so that changes in one service (such as changes in network
have no effect on the throughput or latency of the service provided load, or events such as congestion or outages) have no effect on the
to the customer. throughput or latency of other services provided to the customer.
Driven largely by needs surfacing from 5G, the concept of network Driven largely by needs surfacing from 5G, the concept of network
slicing has gained traction [NGMN-NS-Concept] [TS23501] [TS28530] slicing has gained traction [NGMN-NS-Concept] [TS23501] [TS28530]
[BBF-SD406]. Network slicing requires the underlying network to [BBF-SD406]. In [TS23501], Network Slice is defined as "a logical
support partitioning the network resources to provide the client with network that provides specific network capabilities and network
dedicated (private) networking, computing, and storage resources characteristics", and Network Slice Instance is defined as "A set of
drawn from a shared pool. The slices may be seen as (and operated Network Function instances and the required resources (e.g. compute,
as) virtual networks. storage and networking resources) which form a deployed Network
Slice". According to [TS28530], an end-to-end network slice consists
of three major network segments: Radio Access Network (RAN),
Transport Network (TN) and Core Network (CN). Transport network
provides the required connectivity within and between RAN and CN
parts, with specific performance commitment. For each end-to-end
network slice, the topology and performance requirement on transport
network can be very different, which requires transport network to
have the capability of supporting multiple different transport
network slices.
A transport network slice is a virtual (logical) network with a
particular network topology and a set of shared or dedicated network
resources, which are used to provide the network slice consumer with
the required connectivity, appropriate isolation and specific Service
Level Agreement (SLA). A transport network slice could span multiple
technology (IP, Optical) and multiple administrative domains.
Depends on the consumer's requirement, a transport network slice
could be isolated from other, often concurrent transport network
slices in terms of data plane, control plane and management plane.
In the following sections of this document, network slice refers to
transport network slice, and is interchangable with enhanced VPN.
End-to-end network slice is used to refer to the 5G network slice.
Network abstraction is a technique that can be applied to a network Network abstraction is a technique that can be applied to a network
domain to select network resources by policy to obtain a view of domain to select network resources by policy to obtain a view of
potential connectivity and a set of service functions. potential connectivity and a set of service functions.
Network slicing is an approach to network operations that builds on Network slicing builds on the concept of resource management, network
the concept of network abstraction to provide programmability, virtualization and abstraction to provide performance assurance,
flexibility, and modularity. It may use techniques such as Software flexibility, programmability and modularity. It may use techniques
Defined Networking (SDN) [RFC7149] and Network Function such as Software Defined Networking (SDN) [RFC7149] and Network
Virtualization (NFV) to create multiple logical (virtual) networks, Function Virtualization (NFV) [RFC8172][RFC8568] to create multiple
each tailored for a set of services or a particular tenant or a group logical (virtual) networks, each tailored for a set of services or a
of tenants that share the same set of requirements, on top of a particular tenant or a group of tenants that share the same set of
common network. How the network slices are engineered can be requirements, on top of a common network. How the network slices are
deployment-specific. engineered can be deployment-specific.
Thus, there is a need to create virtual networks with enhanced Thus, there is a need to create virtual networks with enhanced
characteristics. The tenant of such a virtual network can require a characteristics. The tenant of such a virtual network can require a
degree of isolation and performance that previously could not be degree of isolation and performance that previously could not be
satisfied by traditional overlay VPNs. Additionally, the tenant may satisfied by traditional overlay VPNs. Additionally, the tenant may
ask for some level of control to their virtual networks, e.g., to ask for some level of control to their virtual networks, e.g., to
customize the service paths in a network slice. customize the service paths in a network slice.
These enhanced properties cannot be met with pure overlay networks, These enhanced properties cannot be met with pure overlay networks,
as they require tighter coordination and integration between the as they require tighter coordination and integration between the
underlay and the overlay network. This document introduces a new underlay and the overlay network. This document introduces a new
network service called Enhanced VPN: VPN+. VPN+ is built on a virtual network service called Enhanced VPN: VPN+. VPN+ is built from a
network which has a customized network topology and a set of virtual network which has a customized network topology and a set of
dedicated or shared network resources, including invoked service dedicated or shared network resources, including invoked service
functions, allocated from the underlay network. Unlike a traditional functions, allocated from the underlay network. Unlike a traditional
VPN, an enhanced VPN can achieve greater isolation with strict VPN, an enhanced VPN can achieve greater isolation with strict
guaranteed performance. These new properties, which have general performance guarantees. These new properties, which have general
applicability, may also be of interest as part of a network slicing applicability, may also be of interest as part of a network slicing
solution, but it is not envisaged that VPN+ techniques will be solution, but it is not envisaged that VPN+ techniques will be
applied to normal VPN services that can continue to be deployed using applied to normal VPN services that can continue to be deployed using
pre-existing mechanisms. Furthermore, it is not intended that large pre-existing mechanisms. Furthermore, it is not intended that large
numbers of VPN+ instances will be deployed within a single network. numbers of VPN+ instances will be deployed within a single network.
See Section 5 for a discussion of scalability considerations. See Section 5 for a discussion of scalability considerations.
This document specifies a framework for using existing, modified and This document specifies a framework for using existing, modified and
potential new networking technologies as components to provide a VPN+ potential new technologies as components to provide a VPN+ service.
service. Specifically we are concerned with: Specifically we are concerned with:
o The design of the enhanced data plane. o The design of the enhanced data plane.
o The necessary protocols in both the underlay and the overlay of o The necessary protocols in both the underlay and the overlay of
enhanced VPN. the enhanced VPN.
o The mechanisms to achieve integration between overlay and o The mechanisms to achieve integration between overlay and
underlay. underlay.
o The necessary Operation, Administration and Management (OAM) o The necessary Operation, Administration, and Management (OAM)
methods to instrument an enhanced VPN to make sure that the methods to instrument an enhanced VPN to make sure that the
required Service Level Agreement (SLA) are met, and to take any required Service Level Agreement (SLA) is met, and to take any
corrective action to avoid SLA violation, such as switching to an corrective action to avoid SLA violation, such as switching to an
alternate path. alternate path.
The required network layered structure to achieve this is shown in The required layered network structure to achieve this is shown in
Section 3.1. Section 3.1.
Note that, in this document, the four terms "VPN", "Enhanced VPN" (or Note that, in this document, the four terms "VPN", "Enhanced VPN" (or
"VPN+"), "Virtual Network (VN)", and "Network Slice" may be "VPN+"), "Virtual Network (VN)", and "Network Slice" may be
considered as describing similar concepts dependent on the viewpoint considered as describing similar concepts dependent on the viewpoint
from which they are used. from which they are used.
o An enhanced VPN can be considered as a form of VPN, but with o An enhanced VPN can be considered as a form of VPN, but with
additional service-specific commitments. Thus, care must be taken additional service-specific commitments. Thus, care must be taken
with the term "VPN" to distinguish normal or legacy VPNs from VPN+ with the term "VPN" to distinguish normal or legacy VPNs from VPN+
skipping to change at page 5, line 36 skipping to change at page 6, line 14
2. Overview of the Requirements 2. Overview of the Requirements
In this section we provide an overview of the requirements of an In this section we provide an overview of the requirements of an
enhanced VPN. enhanced VPN.
2.1. Isolation between Virtual Networks 2.1. Isolation between Virtual Networks
One element of the SLA demanded for an enhanced VPN is the degree of One element of the SLA demanded for an enhanced VPN is the degree of
isolation from other services in the network. Isolation is a feature isolation from other services in the network. Isolation is a feature
requested by some particular customers in the network. Such feature requested by some particular customers in the network. Such a
is offered by a network operator where the traffic from one service feature is offered by a network operator where the traffic from one
instance is isolated from the traffic of other services. There are service instance is isolated from the traffic of other services.
different grades of isolation that range from simple separation of There are different grades of isolation that range from simple
traffic on delivery (ensuring that traffic is not delivered to the separation of traffic on delivery (ensuring that traffic is not
wrong customer) all the way to complete separation within the delivered to the wrong customer) all the way to complete separation
underlay so that the traffic from different services use distinct within the underlay so that the traffic from different services use
network resources. distinct network resources.
The terms hard and soft isolation are introduced to give example of The terms hard and soft isolation are introduced to identify
different isolation cases. A VPN has soft isolation if the traffic different isolation cases. A VPN has soft isolation if the traffic
of one VPN cannot be received by the customers of another VPN. Both of one VPN cannot be received by the customers of another VPN. Both
IP and MPLS VPNs are examples of soft isolated VPNs because the IP and MPLS VPNs are examples of soft isolated VPNs because the
network delivers the traffic only to the required VPN endpoints. network delivers the traffic only to the required VPN endpoints.
However, with soft isolation, traffic from one or more VPNs and However, with soft isolation, traffic from one or more VPNs and
regular non-VPN traffic may congest the network resulting in packet regular non-VPN traffic may congest the network resulting in packet
loss and delay for other VPNs operating normally. The ability for a loss and delay for other VPNs operating normally. The ability for a
VPN or a group of VPNs to be sheltered from this effect is called VPN or a group of VPNs to be sheltered from this effect is called
hard isolation, and this property is required by some critical hard isolation, and this property is required by some critical
applications. applications.
The requirement is for an operator to provide both hard and soft The requirement is for an operator to offer its customers a choice of
isolation between the tenants/applications using one enhanced VPN and different degrees of isolation ranging from soft isolation up to hard
the tenants/applications using another enhanced VPN. Hard isolation isolation so that the traffic of tenants/applications using one
is needed so that applications with exacting requirements can enhanced VPN can be separated from the traffic of tenants/
function correctly, despite other demands (perhaps a burst on another applications using another enhanced VPN appropriately. Hard
VPN) competing for the underlying resources. In practice isolation isolation is needed so that applications with exacting requirements
may be offered as a spectrum between soft and hard, and in some cases can function correctly, despite other demands (perhaps a burst of
soft and hard isolation may be used in a hierarchical manner. traffic in another VPN) competing for the underlying resources. In
practice isolation may be offered as a spectrum between soft and
hard, and in some cases soft and hard isolation may be used in a
hierarchical manner.
An example of hard isolation is a network supporting both emergency An example of the requirement for hard isolation is a network
services and public broadband multi-media services. During a major supporting both emergency services and public broadband multi-media
incident the VPNs supporting these services would both be expected to services. During a major incident the VPNs supporting these services
experience high data volumes, and it is important that both make would both be expected to experience high data volumes, and it is
progress in the transmission of their data. In these circumstances important that both make progress in the transmission of their data.
the VPNs would require an appropriate degree of isolation to be able
to continue to operate acceptably. In these circumstances the VPNs would require an appropriate degree
of isolation to be able to continue to operate acceptably.
In order to provide the required isolation, resources may have to be In order to provide the required isolation, resources may have to be
reserved in the data plane of the underlay network and dedicated to reserved in the data plane of the underlay network and dedicated to
traffic from a specific VPN or a specific group of VPNs. This may traffic from a specific VPN or a specific group of VPNs to form
introduce scalability concerns, thus some trade-off needs to be different network slices in the underlay network. This may introduce
considered to provide the required isolation between network slices scalability concerns, thus some trade-off needs to be considered to
while still allowing reasonable sharing inside each network slice. provide the required isolation between network slices while still
allowing reasonable sharing inside each network slice.
An optical layer can offer a high degree of isolation, at the cost of An optical layer can offer a high degree of isolation, at the cost of
allocating resources on a long term and end-to-end basis. Such an allocating resources on a long term and end-to-end basis. Such an
arrangement means that the full cost of the resources must be borne arrangement means that the full cost of the resources must be borne
by the service that is allocated with the resources. On the other by the service that is allocated with the resources. On the other
hand, where adequate isolation can be achieved at the packet layer, hand, where adequate isolation can be achieved at the packet layer,
this permits the resources to be shared amongst many services and this permits the resources to be shared amongst many services and
only dedicated to a service on a temporary basis. This in turn, only dedicated to a service on a temporary basis. This in turn,
allows greater statistical multiplexing of network resources and thus allows greater statistical multiplexing of network resources and thus
amortizes the cost over many services, leading to better economy. amortizes the cost over many services, leading to better economy.
skipping to change at page 7, line 28 skipping to change at page 8, line 11
packet networks, which were never designed to support hard isolation. packet networks, which were never designed to support hard isolation.
On the contrary, they were designed to provide statistical On the contrary, they were designed to provide statistical
multiplexing, a significant economic advantage when compared to a multiplexing, a significant economic advantage when compared to a
dedicated, or a Time Division Multiplexing (TDM) network. However dedicated, or a Time Division Multiplexing (TDM) network. However
there is no need to provide any harder isolation than is required by there is no need to provide any harder isolation than is required by
the application. Pseudowires [RFC3985] emulate services that would the application. Pseudowires [RFC3985] emulate services that would
have had hard isolation in their native form. An approximation to have had hard isolation in their native form. An approximation to
this requirement is sufficient in most cases. this requirement is sufficient in most cases.
Thus, for example, using FlexE or a virtual sub-interface together Thus, for example, using FlexE or a virtual sub-interface together
with packet scheduling as isolation mechanism of interface resources, with packet scheduling as the isolation mechanism of interface
optionally along with the partitioning of node resources, a type of resources, optionally along with the partitioning of node resources,
hard isolation can be provided that is adequate for many VPN+ a type of hard isolation can be provided that is adequate for many
applications. Other applications may be either satisfied with a enhanced VPN applications. Other applications may be either
classical VPN with or without reserved bandwidth, or may need satisfied with a classical VPN with or without reserved bandwidth, or
dedicated point to point underlay connection. The needs of each may need a dedicated point to point underlay connection. The needs
application must be quantified in order to provide an economic of each application must be quantified in order to provide an
solution that satisfies those needs without over-engineering. economic solution that satisfies those needs without over-
engineering.
This spectrum of isolation is shown in Figure 1: This spectrum of isolation is shown in Figure 1:
O=================================================O O=================================================O
| \---------------v---------------/ | \---------------v---------------/
Statistical Pragmatic Absolute Statistical Pragmatic Absolute
Multiplexing Isolation Isolation Multiplexing Isolation Isolation
(Traditional VPNs) (Enhanced VPN) (Dedicated Network) (Traditional VPNs) (Enhanced VPN) (Dedicated Network)
Figure 1: The Spectrum of Isolation Figure 1: The Spectrum of Isolation
skipping to change at page 8, line 26 skipping to change at page 9, line 11
guaranteed delay variation. Note that these guarantees apply to the guaranteed delay variation. Note that these guarantees apply to the
conformance traffic, the out-of-profile traffic will be handled conformance traffic, the out-of-profile traffic will be handled
following other requirements. following other requirements.
Guaranteed maximum packet loss is a common parameter, and is usually Guaranteed maximum packet loss is a common parameter, and is usually
addressed by setting the packet priorities, queue size and discard addressed by setting the packet priorities, queue size and discard
policy. However this becomes more difficult when the requirement is policy. However this becomes more difficult when the requirement is
combined with the latency requirement. The limiting case is zero combined with the latency requirement. The limiting case is zero
congestion loss, and that is the goal of the Deterministic Networking congestion loss, and that is the goal of the Deterministic Networking
work that the IETF [DETNET] and IEEE [TSN] are pursuing. In modern work that the IETF [DETNET] and IEEE [TSN] are pursuing. In modern
optical networks, loss due to transmission errors is already optical networks, loss due to transmission errors already approaches
approaches zero, but there are the possibilities of failure of the zero, but there are the possibilities of failure of the interface or
interface or the fiber itself. This can only be addressed by some the fiber itself. This can only be addressed by some form of signal
form of signal duplication and transmission over diverse paths. duplication and transmission over diverse paths.
Guaranteed maximum latency is required in a number of applications Guaranteed maximum latency is required in a number of applications
particularly real-time control applications and some types of virtual particularly real-time control applications and some types of virtual
reality applications. The work of the IETF Deterministic Networking reality applications. The work of the IETF Deterministic Networking
(DetNet) Working Group [DETNET] is relevant; however the scope needs (DetNet) Working Group [DETNET] is relevant; however the scope needs
to be extended to methods of enhancing the underlay to better support to be extended to methods of enhancing the underlay to better support
the delay guarantee, and to integrate these enhancements with the the delay guarantee, and to integrate these enhancements with the
overall service provision. overall service provision.
Guaranteed maximum delay variation is a service that may also be Guaranteed maximum delay variation is a service that may also be
needed. [I-D.ietf-detnet-use-cases] calls up a number of cases where needed. [RFC8578] calls up a number of cases where this is needed,
this is needed, for example electrical utilities have an operational for example electrical utilities have an operational need for this.
need for this. Time transfer is one example of a service that needs Time transfer is one example of a service that needs this, although
this, although it is in the nature of time that the service might be it is in the nature of time that the service might be delivered by
delivered by the underlay as a shared service and not provided the underlay as a shared service and not provided through different
through different virtual networks. Alternatively a dedicated virtual networks. Alternatively a dedicated virtual network may be
virtual network may be used to provide this as a shared service. used to provide this as a shared service.
This suggests that a spectrum of service guarantee be considered when This suggests that a spectrum of service guarantee be considered when
deploying an enhanced VPN. As a guide to understanding the design deploying an enhanced VPN. As a guide to understanding the design
requirements we can consider four types: requirements we can consider four types:
o Best effort o Best effort
o Assured bandwidth o Assured bandwidth
o Guaranteed latency o Guaranteed latency
skipping to change at page 10, line 7 skipping to change at page 10, line 40
isolated from other channels running over the same Ethernet bearer. isolated from other channels running over the same Ethernet bearer.
As noted elsewhere this produces hard isolation but makes the As noted elsewhere this produces hard isolation but makes the
reclamation of unused bandwidth more difficult. reclamation of unused bandwidth more difficult.
These approaches can be used in tandem. It is possible to use FlexE These approaches can be used in tandem. It is possible to use FlexE
to provide tenant isolation, and then to use the TSN/Detnet approach to provide tenant isolation, and then to use the TSN/Detnet approach
to provide a performance guarantee inside the a slice or tenant VPN. to provide a performance guarantee inside the a slice or tenant VPN.
2.3. Integration 2.3. Integration
A solution to the enhanced VPN problem has to provide close The only way to achieve the enhanced characteristics provided by an
integration of both overlay VPN and the underlay network resource. enhanced VPN (such as guaranteed or predicted performance) is by
This needs be done in a flexible and scalable way so that it can be integrating the overlay VPN with a particular set of network
widely deployed in operator networks to support a reasonable number resources in the underlay network. This needs be done in a flexible
of enhanced VPN customers. and scalable way so that it can be widely deployed in operator
networks to support a reasonable number of enhanced VPN customers.
Taking mobile networks and in particular 5G into consideration, the Taking mobile networks and in particular 5G into consideration, the
integration of network and the service functions is a likely integration of network and the service functions is a likely
requirement. The work in IETF SFC working group [SFC] provides a requirement. The work in IETF SFC working group [SFC] provides a
foundation for this integration. foundation for this integration.
2.3.1. Abstraction 2.3.1. Abstraction
Integration of the overlay VPN and the underlay network resources Integration of the overlay VPN and the underlay network resources
does not need to be a tight mapping. As described in [RFC7926], does not need to be a tight mapping. As described in [RFC7926],
skipping to change at page 10, line 35 skipping to change at page 11, line 22
abstraction presents the connectivity graph in a way that is abstraction presents the connectivity graph in a way that is
independent of the underlying network technologies, capabilities, and independent of the underlying network technologies, capabilities, and
topology so that the graph can be used to plan and deliver network topology so that the graph can be used to plan and deliver network
services in a uniform way. services in a uniform way.
Virtual networks can be built on top of an abstracted topology that Virtual networks can be built on top of an abstracted topology that
represents the connectivity capabilities of the underlay network as represents the connectivity capabilities of the underlay network as
described in the framework for Abstraction and Control of TE Networks described in the framework for Abstraction and Control of TE Networks
(ACTN) described in [RFC8453] as discussed further in Section 4.5. (ACTN) described in [RFC8453] as discussed further in Section 4.5.
2.4. Dynamic Configuration 2.4. Dynamic Management
Enhanced VPNs need to be created, modified, and removed from the Enhanced VPNs need to be created, modified, and removed from the
network according to service demand. An enhanced VPN that requires network according to service demand. An enhanced VPN that requires
hard isolation must not be disrupted by the instantiation or hard isolation must not be disrupted by the instantiation or
modification of another enhanced VPN. Determining whether modification of another enhanced VPN. Determining whether
modification of an enhanced VPN can be disruptive to that VPN, and in modification of an enhanced VPN can be disruptive to that VPN, and in
particular the traffic in flight will be disrupted can be a difficult particular whether the traffic in flight will be disrupted can be a
problem. difficult problem.
The data plane aspects of this problem are discussed further in The data plane aspects of this problem are discussed further in
Section 4. Section 4.
The control plane aspects of this problem are discussed further in The control plane aspects of this problem are discussed further in
Section 4.4. Section 4.4.
The management plane aspects of this problem are discussed further in The management plane aspects of this problem are discussed further in
Section 4.5 Section 4.5
Dynamic changes both to the VPN and to the underlay transport network Dynamic changes both to the VPN and to the underlay transport network
need to be managed to avoid disruption to sensitive services. need to be managed to avoid disruption to services that are sensitive
to the change of network performance?
In addition to non-disruptively managing the network as a result of In addition to non-disruptively managing the network as a result of
gross change such as the inclusion of a new VPN endpoint or a change gross change such as the inclusion of a new VPN endpoint or a change
to a link, VPN traffic might need to be moved as a result of traffic to a link, VPN traffic might need to be moved as a result of traffic
volume changes. volume changes.
2.5. Customized Control 2.5. Customized Control
In some cases it is desirable that an enhanced VPN has a customized In some cases it is desirable that an enhanced VPN has a customized
control plane, so that the tenant of the enhanced VPN can have some control plane, so that the tenant of the enhanced VPN can have some
control to the resources and functions allocated to this enhanced control to the resources and functions allocated to this enhanced
VPN. For example, the tenant may be able to specify the service VPN. For example, the tenant may be able to specify the service
paths in his own enhanced VPN. Depending on the requirement, an paths in his own enhanced VPN. Depending on the requirement, an
enhanced VPN may have its own dedicated controller, or it may be enhanced VPN may have its own dedicated controller, or it may be
provided with an interface to a control system which is shared with a provided with an interface to a control system which is shared with a
set of other tenants, or it may be provided with an interface to the set of other tenants, or it may be provided with an interface to the
control system provided by the network operator. control system provided by the network operator.
Further detail on this requirement will be provided in a future Further detail on this requirement will be provided in a future
version of the draft. A description of the management plane aspects version of the draft.
of this feature can be found in Section 4.5.
A description of the control plane aspects of this problem are
discussed further in Section 4.4. A description of the management
plane aspects of this feature can be found in Section 4.5.
2.6. Applicability 2.6. Applicability
The technologies described in this document should be applicable to a The technologies described in this document should be applicable to a
number types of VPN services such as: number types of VPN services such as:
o Layer 2 point to point services such as pseudowires [RFC3985] o Layer 2 point to point services such as pseudowires [RFC3985]
o Layer 2 VPNs [RFC4664] o Layer 2 VPNs [RFC4664]
o Ethernet VPNs [RFC7209] o Ethernet VPNs [RFC7209]
o Layer 3 VPNs [RFC4364], [RFC2764] o Layer 3 VPNs [RFC4364], [RFC2764]
o Virtual Networks (VNs) [RFC8453] Where such VPN types need enhanced isolation and delivery
Where such VPN or VN types need enhanced isolation and delivery
characteristics, the technology described here can be used to provide characteristics, the technology described here can be used to provide
an underlay with the required enhanced performance. an underlay with the required enhanced performance.
2.7. Inter-Domain and Inter-Layer Network 2.7. Inter-Domain and Inter-Layer Network
In some scenarios, an enhanced VPN services may span multiple network In some scenarios, an enhanced VPN services may span multiple network
domains. And in some domains the operator may own a multi-layered domains. A domain is considered to be any collection of network
elements within a common realm of address space or path computation
responsibility[RFC5151]. And in some domains the operator may own a
multi-layered network, for example, a packet network over an optical
network. When enhanced VPNs are provisioned in such network network. When enhanced VPNs are provisioned in such network
scenarios, the technologies used in different network plane (data scenarios, the technologies used in different network plane (data
plane, control plane and management plane) need to provide necessary plane, control plane and management plane) need to provide necessary
mechanisms to support multi-domain and multi-layer coordination and mechanisms to support multi-domain and multi-layer coordination and
integration, so as to provide the required service characterstics for integration, so as to provide the required service characteristics
different enhanced VPNs, and improve network efficiency and for different enhanced VPNs, and improve network efficiency and
operational simplicity. operational simplicity.
3. Architecture of Enhanced VPN 3. Architecture of Enhanced VPN
A number of enhanced VPN services will typically be provided by a A number of enhanced VPN services will typically be provided by a
common network infrastructure. Each enhanced VPN consists of both common network infrastructure. Each enhanced VPN consists of both
the overlay and a specific set of dedicated network resources and the overlay and a specific set of dedicated network resources and
functions allocated in the underlay to satisfy the needs of the VPN functions allocated in the underlay to satisfy the needs of the VPN
tenant. The integration between overlay and various underlay tenant. The integration between overlay and various underlay
resources ensures the isolation between different enhanced VPNs, and resources ensures the isolation between different enhanced VPNs, and
skipping to change at page 13, line 18 skipping to change at page 14, line 14
* Determine the risk of SLA violation and take appropriate * Determine the risk of SLA violation and take appropriate
avoiding action. avoiding action.
* Determine the right balance of per-packet and per-node state * Determine the right balance of per-packet and per-node state
according to the needs of enhanced VPN service to scale to the according to the needs of enhanced VPN service to scale to the
required size. required size.
o Management plane o Management plane
* Provides the life-cycle management (creation, modification, * Provides an interface between the enhanced VPN provider (e.g.
decommissioning) of enhanced VPN. the Transport Network (TN) Manager) and the enhanced VPN
clients (e.g. the 3GPP Management System) such that some of the
operation requests can be met without interfering with the
enhanced VPN of other clients.
* Provides an interface between the enhanced VPN provider and the * Provides an interface between the enhanced VPN provider and the
enhanced VPN clients such that some of the operation requests enhanced VPN clients to expose transport network capability
can be met without interfering with the enhanced VPN of other information toward the enhanced VPN client.
clients.
* Provides the service life-cycle management and operation of
enhanced VPN (e.g. creation, modification, assurance/monitoring
and decommissioning).
OAM
* Provides the OAM tools to verify the connectivity and
performance of the enhanced VPN.
* Provide the OAM tools to verify whether the underlay network
resources are correctly allocated and operated properly.
o Telemetry
* Provides the mechanism to collect the data plane, control plane
and management plane data of the network, more specifically:
*
+ Provides the mechanism to collect network data of the
underlay network for overall performance evaluation and the
enhanced VPN service planning.
+ Provides the mechanism to collect network data of each
enhanced VPN for the monitoring and analytics of the
characteristics and SLA fulfilment of enhanced VPN services.
3.1. Layered Architecture 3.1. Layered Architecture
The layered architecture of enhanced VPN is shown in Figure 2. The layered architecture of enhanced VPN is shown in Figure 2.
+-------------------+ } +-------------------+ }
| Network Controller| } Centralized | Network Controller| } Centralized
+-------------------+ } Control +-------------------+ } Control
. . . . . . . . . .
. . . . . . . . . .
skipping to change at page 14, line 36 skipping to change at page 15, line 40
N = Partitioned node N = Partitioned node
L = Partitioned link L = Partitioned link
+----+ = Partition within a node +----+ = Partition within a node
+----+ +----+
====== = Partition within a link ====== = Partition within a link
Figure 2: The Layered Architecture Figure 2: The Layered Architecture
Underpinning everything is the physical infrastructure layer Underpinning everything is the physical network infrastructure layer
consisting of partitioned links and nodes which provide the consisting of partitioned links and nodes which provide the
underlying resources used to provision the separated virtual underlying resources used to provision the separated virtual
networks. Various components and techniques as discussed in networks. Various components and techniques as discussed in
Section 4 can be used to provide the resource partition, such as Section 4 can be used to provide the resource partition, such as
FlexE, Time Sensitive Networking, Deterministic Networking, etc. FlexE, Time Sensitive Networking, Deterministic Networking, etc.
These partitions may be physical, or virtual so long as the SLA These partitions may be physical, or virtual so long as the SLA
required by the higher layers is met. required by the higher layers is met.
These techniques can be used to provision the virtual networks with These techniques can be used to provision the virtual networks with
dedicated resources that they need. To get the required the dedicated resources that they need. To get the required
functionality there needs to be integration between these overlays functionality there needs to be integration between these overlays
and the underlay providing the physical resources. and the underlay providing the physical resources.
The centralized controller is used to create the virtual networks, to The centralized controller is used to create the virtual networks, to
allocate the resources to each virtual network and to provision the allocate the resources to each virtual network and to provision the
enhanced VPN services within the virtual networks. A distributed enhanced VPN services within the virtual networks. A distributed
control plane may also be used for the distribution of the topology control plane may also be used for the distribution of the topology
and attribute information of the virtual networks. and attribute information of the virtual networks.
The creation and allocation process needs to take a holistic view of The creation and allocation process needs to take a holistic view of
the needs of all of its tenants, and to partition the resources the needs of all of its tenants, and to partition the resources
accordingly. However within a virtual network these resources can if accordingly. However within a virtual network these resources can,
required be managed via a dynamic control plane. This provides the if required, be managed via a dynamic control plane. This provides
required scalability and isolation. the required scalability and isolation.
3.2. Multi-Point to Multi-Point 3.2. Multi-Point to Multi-Point (MP2MP)
At the VPN service level, the connectivity are usually mesh or At the VPN service level, the connectivity is usually mesh or
partial-mesh. To support such kind of VPN service, the corresponding partial-mesh. To support such kinds of VPN service, the
underlay is also an abstract MP2MP medium. However when service corresponding underlay is also an abstract MP2MP medium. However
guarantees are provided, the point-to-point path through the underlay when service guarantees are provided, the point-to-point path through
of the enhanced VPN needs to be specifically engineered to meet the the underlay of the enhanced VPN needs to be specifically engineered
required performance guarantees. to meet the required performance guarantees.
3.3. Application Specific Network Types 3.3. Application Specific Network Types
Although a lot of the traffic that will be carried over the enhanced Although a lot of the traffic that will be carried over the enhanced
VPN will likely be IPv4 or IPv6, the design has to be capable of VPN will likely be IPv4 or IPv6, the design has to be capable of
carrying other traffic types, in particular Ethernet traffic. This carrying other traffic types, in particular Ethernet traffic. This
is easily accomplished through the various pseudowire (PW) techniques is easily accomplished through the various pseudowire (PW) techniques
[RFC3985]. Where the underlay is MPLS, Ethernet can be carried over [RFC3985]. Where the underlay is MPLS, Ethernet can be carried over
the enhanced VPN encapsulated according to the method specified in the enhanced VPN encapsulated according to the method specified in
[RFC4448]. Where the underlay is IP, Layer Two Tunneling Protocol - [RFC4448]. Where the underlay is IP, Layer Two Tunneling Protocol -
Version 3 (L2TPv3) [RFC3931] can be used with Ethernet traffic Version 3 (L2TPv3) [RFC3931] can be used with Ethernet traffic
carried according to [RFC4719]. Encapsulations have been defined for carried according to [RFC4719]. Encapsulations have been defined for
most of the common layer-2 types for both PW over MPLS and for most of the common layer-2 types for both PW over MPLS and for
L2TPv3. L2TPv3.
3.4. Scaling Considerations 3.4. Scaling Considerations
VPNs are instantiated as overlays on top of an operators network and VPNs are instantiated as overlays on top of an operator's network and
offered as services to the operators customers. An important feature offered as services to the operator's customers. An important
of overlays is that they are able to deliver services without placing feature of overlays is that they are able to deliver services without
per-service state in the core of the underlay network. placing per-service state in the core of the underlay network.
Enhanced VPNs may need to install some additional state within the Enhanced VPNs may need to install some additional state within the
network to achieve the additional features that they require. network to achieve the additional features that they require.
Solutions must consider minimising and controlling the scale of such Solutions must consider minimising and controlling the scale of such
state, and deployment architectures should constrain the number of state, and deployment architectures should constrain the number of
enhanced VPNs that would exist where such services would place enhanced VPNs that would exist where such services would place
additional state in the network. It is expected that the number of additional state in the network. It is expected that the number of
enhanced VPN would be a small number in the beginning, and even in enhanced VPN would be a small number in the beginning, and even in
future the number of enhanced VPN will be much less than traditional future the number of enhanced VPN will be much less than traditional
VPNs, because traditional VPN would be enough for most existing VPNs, because pre-existing VPN techniques would be good enough to
services. meet the needs of most existing VPN-type services.
In general, it is not required that the state in the network to be In general, it is not required that the state in the network be
maintained in a 1:1 relationship with the VPN+ instances. It will maintained in a 1:1 relationship with the VPN+ instances. It will
usually be possible to aggregate a set of VPN+ services so that they usually be possible to aggregate a set of VPN+ services so that they
share a same virtual network and the same set of network resources share the same virtual network and the same set of network resources
(much in the way that current VPNs are aggregated over transport (much in the way that current VPNs are aggregated over transport
tunnels) so that collections of enhanced VPNs that require the same tunnels) so that collections of enhanced VPNs that require the same
behaviour from the network in terms of resource reservation, latency behaviour from the network in terms of resource reservation, latency
bounds, resiliency, etc. are able to be grouped together. This is an bounds, resiliency, etc. are able to be grouped together. This is an
important feature to assist with the scaling characteristics of VPN+ important feature to assist with the scaling characteristics of VPN+
deployments. deployments.
See Section 5 for a greater discussion of scalability considerations. See Section 5 for a greater discussion of scalability considerations.
4. Candidate Technologies 4. Candidate Technologies
skipping to change at page 16, line 38 skipping to change at page 17, line 43
protocol, or directly through the use of an SDN controller, although protocol, or directly through the use of an SDN controller, although
other techniques may emerge as this problem is studied. This state other techniques may emerge as this problem is studied. This state
gets harder to manage as the number of VPN paths increases. gets harder to manage as the number of VPN paths increases.
Furthermore, as we increase the coupling between the underlay and the Furthermore, as we increase the coupling between the underlay and the
overlay to support the enhanced VPN service, this state will increase overlay to support the enhanced VPN service, this state will increase
further. further.
In an enhanced VPN different subsets of the underlay resources can be In an enhanced VPN different subsets of the underlay resources can be
dedicated to different enhanced VPNs or different groups of enhanced dedicated to different enhanced VPNs or different groups of enhanced
VPNs. An enhanced VPN solution thus needs tighter coupling with VPNs. An enhanced VPN solution thus needs tighter coupling with
underlay than is the case with existing VPNs. We cannot for example underlay than is the case with existing VPNs. We cannot, for
share the tunnel between enhanced VPNs which require hard isolation. example, share the network resource between enhanced VPNs which
require hard isolation.
4.1. Underlay Packet and Frame-Based Data Planes 4.1. Layer-Two Data Plane
A number of candidate underlay packet or frame-based data plane A number of candidate Layer-2 packet or frame-based data plane
solutions which can be used provide the required isolation and solutions which can be used provide the required isolation and
guarantee are described in following sections. guarantee are described in following sections.
o FlexE o FlexE
o Time Sensitive Networking o Time Sensitive Networking
o Dedicated Queues o Dedicated Queues
4.1.1. FlexE 4.1.1. FlexE
FlexE [FLEXE] is a method of creating a point-to-point Ethernet with FlexE [FLEXE] is a method of creating a point-to-point Ethernet with
a specific fixed bandwidth. FlexE provides the ability to multiplex a specific fixed bandwidth. FlexE provides the ability to multiplex
multiple channels over an Ethernet link in a way that provides hard multiple channels over an Ethernet link in a way that provides hard
isolation. FlexE also supports the bonding of multiple links, which isolation. FlexE also supports the bonding of multiple links, which
can be used to create larger links out of multiple slower links in a can be used to create larger links out of multiple low capacity links
more efficient way that traditional link aggregation. FlexE also in a more efficient way that traditional link aggregation. FlexE
supports the sub-rating of links, which allows an operator to only also supports the sub-rating of links, which allows an operator to
use a portion of a link. However it is a only a link level only use a portion of a link. However it is a only a link level
technology. When packets are received by the downstream node, they technology. When packets are received by the downstream node, they
need to be processed in a way that preserves that isolation in the need to be processed in a way that preserves that isolation in the
downstream node. This in turn requires a queuing and forwarding downstream node. This in turn requires a queuing and forwarding
implementation that preserves the end-to-end isolation. implementation that preserves the end-to-end isolation.
If different FlexE channels are used for different services, then no If different FlexE channels are used for different services, then no
sharing is possible between the FlexE channels. This in turn means sharing is possible between the FlexE channels. This in turn means
that it may be difficult to dynamically redistribute unused bandwidth that it may be difficult to dynamically redistribute unused bandwidth
to lower priority services. This may increase the cost of providing to lower priority services. This may increase the cost of providing
services on the network. On the other hand, FlexE can be used to services on the network. On the other hand, FlexE can be used to
provide hard isolation between different tenants on a shared provide hard isolation between different tenants on a shared
interface. The tenant can then use other methods to manage the interface. The tenant can then use other methods to manage the
relative priority of their own traffic in each FlexE channel. relative priority of their own traffic in each FlexE channel.
Methods of dynamically re-sizing FlexE channels and the implication Methods of dynamically re-sizing FlexE channels and the implication
for enhanced VPN is for further study. for enhanced VPN are for further study.
4.1.2. Dedicated Queues 4.1.2. Dedicated Queues
In order to provide multiple isolated virtual networks for enhanced In order to provide multiple isolated virtual networks for enhanced
VPN, the conventional Diff-Serv based queuing system [RFC2475] VPN, the conventional DiffServ based queuing system [RFC2475]
[RFC4594] is insufficient, due to the limited number of queues which [RFC4594] is considered insufficient, as DiffServ does not always
cannot differentiate between traffic of different enhanced VPNs, and provide enough queues to differentiate between traffic of different
the range of service classes that each need to provide to their enhanced VPNs, or the range of service classes that each need to
tenants. This problem is particularly acute with an MPLS underlay provide to their tenants. This problem is particularly acute with an
due to the small number of traffic class services available. In MPLS underlay, because MPLS only provides 8 Traffic Classes (TC), and
order to address this problem and reduce the interference between it's highly likely that there will be more than eight enhanced VPN
enhanced VPNs, it is necessary to steer traffic of VPNs to dedicated instances supported by a network. In addition, DiffServ, as
input and output queues. Routers usually have large amount of queues currently implemented, mainly provides relative priority-based
and sophisticated queuing systems, which could be used or enhanced to scheduling, and is difficult to achieve quantitive resource
provide the levels of isolation required by the applications of reservation. In order to address this problem and reduce the
enhanced VPN. For example, on one physical interface, the queuing interference between enhanced VPNs, it is necessary to steer traffic
system can provide a set of virtual sub-interfaces, each allocated of enhanced VPNs to dedicated input and output queues. Some routers
with dedicated queueing and buffer resources. Sophisticated queuing have large amount of queues and sophisticated queuing systems, which
systems of this type may be used to provide end-to-end virtual could be used or enhanced to provide the granularity and level of
isolation between traffic of different enhanced VPNs. isolation required by the applications of enhanced VPN. For example,
on one physical interface, the queuing system can provide a set of
virtual sub-interfaces, each allocated with dedicated queueing and
buffer resources. Sophisticated queuing systems of this type may be
used to provide end-to-end virtual isolation between traffic of
different enhanced VPNs.
4.1.3. Time Sensitive Networking 4.1.3. Time Sensitive Networking
Time Sensitive Networking (TSN) [TSN] is an IEEE project that is Time Sensitive Networking (TSN) [TSN] is an IEEE project that is
designing a method of carrying time sensitive information over designing a method of carrying time sensitive information over
Ethernet. It introduces the concept of packet scheduling where a Ethernet. It introduces the concept of packet scheduling where a
high priority packet stream may be given a scheduled time slot high priority packet stream may be given a scheduled time slot
thereby guaranteeing that it experiences no queuing delay and hence a thereby guaranteeing that it experiences no queuing delay and hence a
reduced latency. However, when no scheduled packet arrives, its reduced latency. However, when no scheduled packet arrives, its
reserved time-slot is handed over to best effort traffic, thereby reserved time-slot is handed over to best effort traffic, thereby
skipping to change at page 18, line 25 skipping to change at page 19, line 34
TSN can be used to meet the requirements of time sensitive services TSN can be used to meet the requirements of time sensitive services
of an enhanced VPN. of an enhanced VPN.
Ethernet can be emulated over a Layer 3 network using a pseudowire. Ethernet can be emulated over a Layer 3 network using a pseudowire.
However the TSN payload would be opaque to the underlay and thus not However the TSN payload would be opaque to the underlay and thus not
treated specifically as time sensitive data. The preferred method of treated specifically as time sensitive data. The preferred method of
carrying TSN over a layer 3 network is through the use of carrying TSN over a layer 3 network is through the use of
deterministic networking as explained in the following section of deterministic networking as explained in the following section of
this document. this document.
4.2. Packet and Frame-Based Network Layer 4.2. Layer-Three Data Plane
We now consider the problem of slice differentiation and resource We now consider the problem of slice differentiation and resource
representation in the network layer. The candidate technologies are: representation in the network layer. The candidate technologies are:
o Deterministic Networking o Deterministic Networking
o MPLS-TE o MPLS-TE
o Segment Routing o Segment Routing
4.2.1. Deterministic Networking 4.2.1. Deterministic Networking
Deterministic Networking (DetNet) [I-D.ietf-detnet-architecture] is a Deterministic Networking (DetNet) [I-D.ietf-detnet-architecture] is a
technique being developed in the IETF to enhance the ability of layer technique being developed in the IETF to enhance the ability of
3 networks to deliver packets more reliably and with greater control layer-3 networks to deliver packets more reliably and with greater
over the delay. The design cannot use re-transmission techniques control over the delay. The design cannot use re-transmission
such as TCP since that can exceed the delay tolerated by the techniques such as TCP since that can exceed the delay tolerated by
applications. Even the delay improvements that are achieved with the applications. Even the delay improvements that are achieved with
Stream Control Transmission Protocol Partial Reliability Extenstion Stream Control Transmission Protocol Partial Reliability Extenstion
(SCTP-PR) [RFC3758] do not meet the bounds set by application (SCTP-PR) [RFC3758] do not meet the bounds set by application
demands. DetNet pre-emptively sends copies of the packet over demands. DetNet pre-emptively sends copies of the packet over
various paths to minimize the chance of all packets being lost, and various paths to minimize the chance of all copies of a packet being
trims duplicate packets to prevent excessive flooding of the network lost, and trims duplicate packets to prevent excessive flooding of
and to prevent multiple packets being delivered to the destination. the network and to prevent multiple packets being delivered to the
It also seeks to set an upper bound on latency. The goal is not to destination. It also seeks to set an upper bound on latency. The
minimize latency; the optimum upper bound paths may not be the goal is not to minimize latency; the optimum upper bound paths may
minimum latency paths. not be the minimum latency paths.
DetNet is based on flows. It currently does not specify the use of DetNet is based on flows. It currently does not specify the use of
underlay topology other than the base topology. To be of use for underlay topology other than the base topology. To be of use for
enhanced VPN, DetNet needs to be integrated with different virtual enhanced VPN, DetNet needs to be integrated with different virtual
topologies of enhanced VPNs. topologies of enhanced VPNs.
The detailed design that allows the use DetNet in a multi-tenant The detailed design that allows the use DetNet in a multi-tenant
network, and how to improve the scalability of DetNet in a multi- network, and how to improve the scalability of DetNet in a multi-
tenant network are topics for further study. tenant network are topics for further study.
skipping to change at page 19, line 31 skipping to change at page 20, line 41
connection in a VPN. Some network operators have concerns about the connection in a VPN. Some network operators have concerns about the
scalability and management overhead of RSVP-TE system, and this has scalability and management overhead of RSVP-TE system, and this has
lead them to consider other solutions for their networks. lead them to consider other solutions for their networks.
4.2.3. Segment Routing 4.2.3. Segment Routing
Segment Routing [RFC8402] is a method that prepends instructions to Segment Routing [RFC8402] is a method that prepends instructions to
packets at the head-end node and optionally at various points as it packets at the head-end node and optionally at various points as it
passes though the network. These instructions allow the packets to passes though the network. These instructions allow the packets to
be routed on paths other than the shortest path for various traffic be routed on paths other than the shortest path for various traffic
engineering reasons. These paths can be strict or loose paths, engineering reasons. With SR, a path needs to be dynamically created
depending on the compactness required of the instruction list and the through a set of segments by simply specifying the Segment
degree of autonomy granted to the network, for example to support Identifiers (SIDs), i.e. instructions rooted at a particular point in
Equal Cost Multipath load-balancing (ECMP) [RFC2992]. the network. By encoding the state in the packet, per-path state is
transitioned out of the network.
With SR, a path needs to be dynamically created through a set of
segments by simply specifying the Segment Identifiers (SIDs), i.e.
instructions rooted at a particular point in the network. Thus if a
path is to be provisioned from some ingress point A to some egress
point B in the underlay, A is provided with a SID list from A to B
and instructions on how to identify the packets to which the SID list
is to be prepended.
By encoding the state in the packet, as is done in Segment Routing,
per-path state is transitioned out of the network.
However, there are a number of limitations in current SR, which limit
its applicability to enhanced VPNs:
o Segments are shared between different VPNs paths
o There is no reservation of bandwidth or other network resources
o There is limited differentiation in the data plane.
Thus some extensions to SR are needed to provide isolation between
different enhanced VPNs. This can be achieved by including a finer
granularity of state in the network in anticipation of its future use
by authorized services. We therefore need to evaluate the balance
between this additional state and the performance delivered by the
network.
With current segment routing, the instructions are used to specify With current segment routing, the instructions are used to specify
the nodes and links to be traversed. However, in order to achieve the nodes and links to be traversed. An SR traffic engineered path
the required isolation between different services, new instructions operates with a granularity of a link with hints about priority
can be created which can be prepended to a packet to steer it through provided through the use of the traffic class (TC) or Differentiated
specific network resources and functions. Services Code Point (DSCP) field in the header. However to achieve
the latency and isolation characteristics that are sought by the
enhanced VPN users, steering packets through specific queues and
resources will likely be required. With SR, it is possible to
introduce such fine-grained packet steering by specifying the queues
and resources through an SR instruction list.
Traditionally, an SR traffic engineered path operates with a
granularity of a link with hints about priority provided through the
use of the traffic class (TC) field in the header. However to
achieve the latency and isolation characteristics that are sought by
the enhanced VPN users, steering packets through specific queues and
resources will likely be required. The extent to which these needs
can be satisfied through existing QoS mechanisms is to be determined.
What is clear is that a fine control of which services wait for
which, with a fine granularity of queue management policy is needed.
Note that the concept of a queue is a useful abstraction for many Note that the concept of a queue is a useful abstraction for many
types of underlay mechanism that may be used to provide enhanced types of underlay mechanism that may be used to provide enhanced
isolation and latency support. isolation and latency support. How the queue satisfies the
requirement is implementation specific and is transparent to the
From the perspective of the segment routing, the method of steering a layer-3 data plane and control plane mechanisms used.
packet to a queue that provides the required properties is an
abstraction that hides the details of the underlying implementation.
How the queue satisfies the requirement is implementation specific
and is transparent to the control plane and data plane mechanisms
used. Thus, for example, a FlexE channel, or a time sensitive
networking packet scheduling slot are abstracted to the same concept
and bound to the data plane in a common manner.
We can also introduce such fine grained packet steering by specifying
the queues through an SR instruction list. Thus new SR instructions
may be created to specify not only which resources are traversed, but
in some cases how they are traversed. For example, it may be
possible to specify not only the queue to be used but the policy to
be applied when enqueuing and dequeuing.
This concept could be further generalized, since as well as queuing
to the output port of a router, it is possible to consider queuing
data to any resource, for example:
o A network processor unit (NPU)
o A central processing unit (CPU) Core
o A Look-up engine
Both SR-MPLS and SRv6 are candidate network layer technologies for Both SR-MPLS and SRv6 are candidate data plane technologies for
enhanced VPN. In some cases they can be supported by DetNet to meet enhanced VPN. In some cases they can further be used for DetNet to
the packet loss, delay and jitter requirement of particular service. meet the packet loss, delay and jitter requirement of particular
However, currently the "pure" IP variant of DetNet service. How to provide the DetNet enhanced delivery in an SRv6
[I-D.ietf-detnet-dp-sol-ip] does not support the Packet Replication, environment is specified in [I-D.geng-spring-srv6-for-detnet].
Elimination, and Re-ordering (PREOF) [I-D.ietf-detnet-architecture]
functions. How to provide the DetNet enhanced delivery in an SRv6
environment needs further study.
4.3. Non-Packet Technologies 4.3. Non-Packet Data Plane
Non-packet underlay data plane technologies often have TE properties Non-packet underlay data plane technologies often have TE properties
and behaviors, and meet many of the key requirements in particular and behaviors, and meet many of the key requirements in particular
for bandwidth guarantees, traffic isolation (with physical isolation for bandwidth guarantees, traffic isolation (with physical isolation
often being an integral part of the technology), highly predictable often being an integral part of the technology), highly predictable
latency and jitter characteristics, measurable loss characteristics, latency and jitter characteristics, measurable loss characteristics,
and ease of identification of flows (and hence slices). and ease of identification of flows (and hence slices).
The control and management planes for non-packet data plane The control and management planes for non-packet data plane
technologies have most in common with MPLS-TE (Section 4.2.2) and technologies have most in common with MPLS-TE (Section 4.2.2) and
offer the same set of advanced features [RFC3945]. Furthermore, offer the same set of advanced features [RFC3945]. Furthermore,
management techniques such as ACTN ([RFC8453] and Section 4.4) can be management techniques such as ACTN ([RFC8453] and Section 4.6 can be
used to aid in the reporting of underlying network topologies, and used to aid in the reporting of underlying network topologies, and
the creation of virtual networks with the resource and properties the creation of virtual networks with the resource and properties
needed by the enhanced VPN services. needed by the enhanced VPN services.
4.4. Control Plane 4.4. Control Plane
Enhanced VPN would likely be based on a hybrid control mechanism, Enhanced VPN would likely be based on a hybrid control mechanism,
which takes advantage of the logically centralized controller for on- which takes advantage of the logically centralized controller for on-
demand provisioning and global optimization, whilst still relies on demand provisioning and global optimization, whilst still relies on
distributed control plane to provide scalability, high reliability, distributed control plane to provide scalability, high reliability,
skipping to change at page 22, line 30 skipping to change at page 22, line 32
causing unintended resource conflict. causing unintended resource conflict.
In addition, in multi-domain and multi-layer networks, the In addition, in multi-domain and multi-layer networks, the
centralized and distributed control mechanisms will be used for centralized and distributed control mechanisms will be used for
inter-domain coordination and inter-layer optimization, so that the inter-domain coordination and inter-layer optimization, so that the
diverse and customized enhanced VPN service requirement could be met. diverse and customized enhanced VPN service requirement could be met.
The detailed mechanisms will be described in a future version. The detailed mechanisms will be described in a future version.
4.5. Management Plane 4.5. Management Plane
The management plane mechanisms for enhanced VPN can be based on the In the context of 5G end-to-end network slicing, the management of
VPN service models as defined in [RFC8299] and [RFC8466], possible enhanced VPN is considered as the management of transport network
augmentations and extensions to these models may be needed, which is part of the end-to-end network slice. 3GPP management system may
out of the scope of this document. provide the topology and QoS parameters as requirement to the
management plane of transport network. It may also require the
transport network to expose the capability and status of the
transport network slice. Thus an interface between enhanced VPN
management plane and 3GPP network slice management system and
relevant service data models are needed for the coordination of end-
to-end network slice management.
Abstraction and Control of Traffic Engineered Networks (ACTN) The management plane interface and data models for enhanced VPN can
[RFC8453] specifies the SDN based architecture for the control of TE be based on the service models such as:
networks. The ACTN related data models such as
[I-D.ietf-teas-actn-vn-yang] and
[I-D.ietf-teas-te-service-mapping-yang] can be applicable in the
provisioning of enhanced VPN service. The details are described in
Section 4.6.
4.6. Applicability of ACTN to Enhanced VPN o VPN service models defined in [RFC8299] and [RFC8466]
ACTN facilitates end-to-end connections and provides them to the o Possible augmentations and extensions
user. The ACTN framework [RFC8453] highlights how: (e.g.,[I-D.ietf-teas-te-service-mapping-yang]) to VPN service
models
o ACTN related service models such as [I-D.ietf-teas-actn-vn-yang]
and [I-D.ietf-teas-actn-pm-telemetry-autonomics].
o VPN network model as defined in [I-D.aguado-opsawg-l3sm-l3nm].
o TE Tunnel model as defined in [I-D.ietf-teas-yang-te].
These data models can be applicable in the provisioning of enhanced
VPN service. The details are described in Section 4.6.
4.6. Applicability of Service Data Models to Enhanced VPN
ACTN supports operators in viewing and controlling different domains
and presenting virtualized networks to their customers. The ACTN
framework [RFC8453] highlights how:
o Abstraction of the underlying network resources are provided to o Abstraction of the underlying network resources are provided to
higher-layer applications and customers. higher-layer applications and customers.
o Virtualization of underlying resources, whose selection criterion o Virtualization of underlying resources, whose selection criterion
is the allocation of those resources for the customer, is the allocation of those resources for the customer,
application, or service. application, or service.
o Creation of a virtualized environment allowing operators to view o Creation of a virtualized environment allowing operators to view
and control multi-domain networks as a single virtualized network. and control multi-domain networks as a single virtualized network.
o The presentation to customers of networks as a virtual network via o The presentation to customers of networks as a virtual network via
open and programmable interfaces. open and programmable interfaces.
The infrastructure managed through ACTN comprises traffic engineered The infrastructure managed through the Service Data models comprises
network resources, which may include: traffic engineered network resources (e.g. bandwidth, time slot,
wavelength) and VPN service related resources (e.g. Route Target
o Statistical packet bandwidth. (RT) and Route Distinguisher (RD)).
o Physical forwarding plane sources, such as: wavelengths and time
slots.
o Forwarding and cross-connect capabilities. The type of network virtualization enabled by ACTN managed
infrastructure provides customers and applications (tenants) with the
capability to utilize and independently control allocated virtual
network resources as if they were physically their own resources.
The type of network virtualization enabled by ACTN provides customers The Customer VPN model (e.g. L3SM) or an ACTN Virtual Network (VN)
and applications (tenants) with the capability to utilize and model is a customer view of the ACTN managed infrastructure, and is
independently control allocated virtual network resources as if they presented by the ACTN provider as a set of abstracted services or
were physically their own resources. resources.
An ACTN Virtual Network (VN) is a client view of the ACTN managed L3VPN network model or TE tunnel model is a network view of the ACTN
infrastructure, and is presented by the ACTN provider as a set of managed infrastructure, and is presented by the ACTN provider as a
abstracted resources. set of transport resources.
Depending on the agreement between client and provider various VN Depending on the agreement between customer and provider, various
operations and VN views are possible. VPN/VN operations and VPN/VN views are possible.
o Virtual Network Creation: A VN could be pre-configured and created o Virtual Network Creation: A VPN/VN could be pre-configured and
via static or dynamic request and negotiation between customer and created via static or dynamic request and negotiation between
provider. It must meet the specified SLA attributes which satisfy customer and provider. It must meet the specified SLA attributes
the customer's objectives. which satisfy the customer's objectives.
o Virtual Network Operations: The virtual network may be further o Virtual Network Operations: The virtual network may be further
modified and deleted based on customer request to request changes modified and deleted based on customer request to request changes
in the network resources reserved for the customer, and used to in the network resources reserved for the customer, and used to
construct the network slice. The customer can further act upon construct the network slice. The customer can further act upon
the virtual network to manage traffic flow across the virtual the virtual network to manage traffic flow across the virtual
network. network.
o Virtual Network View: The VN topology from a customer point of o Virtual Network View: The VPN/VN topology from a customer point of
view. These may be a variety of tunnels, or an entire VN view. These may be a variety of tunnels, or an entire VN
topology. Such connections may comprise of customer end points, topology, or an VPN service topology. Such connections may
access links, intra-domain paths, and inter-domain links. comprise of customer end points, access links, intra-domain paths,
and inter-domain links.
Dynamic VN Operations allow a customer to modify or delete the VN. Dynamic VPN/VN Operations allow a customer to modify or delete the
The customer can further act upon the virtual network to VPN/VN. The customer can further act upon the virtual network to
create/modify/delete virtual links and nodes. These changes will create/modify/delete virtual links and nodes or VPN sites. These
result in subsequent tunnel management in the operator's networks. changes will result in subsequent tunnel management or VPN service
management in the operator's networks.
4.6.1. ACTN Used for VPN+ Delivery 4.6.1. Enhanced VPN Delivery in ACTN Architecture
ACTN provides VPN connections between multiple sites as requested via ACTN provides VPN connections or VN connections between multiple
a VPN requestor enabled by the Customer Network Controller (CNC). sites as requested via a VPN requestor enabled by the Customer
The CNC is managed by the customer themselves, and interacts with the Network Controller (CNC). The CNC is managed by the customer
network provider's Multi-Domain Service Controller (MDSC). The themselves, and interacts with the network provider's Multi-Domain
Provisioning Network Controllers (PNC) remain entirely under the Service Controller (MDSC). The Provisioning Network Controllers
management of the network provider and are not visible to the (PNC) are responible for network resource management, thus the PNCs
customer. are remain entirely under the management of the network provider and
are not visible to the customer.
The benefits of this model include: The benefits of this model include:
o Provision of edge-to-edge VPN multi-access connectivity. o Provision of edge-to-edge VPN multi-access connectivity.
o Management is mostly performed by the network provider, with some o Management is mostly performed by the network provider, with some
flexibility delegated to the customer-managed CNC. flexibility delegated to the customer-managed CNC.
---------------- ---------------- Figure 3 presents a more general representation of how multiple
| Site-A Users |----------- ------------| Site-B Users |
---------------- | | ----------------
-------
| CNC |
-------
Boundary |
Between ==========================|==========================
Customer & |
Network Operator |
---------------
| MDSC |
---------------
_________/ | \__________
/ | \
/ | \
--------- --------- ---------
| PNC | | PNC | | PNC |
--------- --------- ---------
| | /
| | /
----- ----- -----
( ) ( ) ( )
<Site A>---( Phys. )------------( Phys. )-------( Phys. )---<Site B>
( Net ) ( Net ) ( Net )
----- ----- -----
Figure 3: VPN Delivery in the ACTN Architecture
Figure 4 presents a more general representation of how multiple
enhanced VPNs may be created from the resources of multiple physical enhanced VPNs may be created from the resources of multiple physical
networks using the CNC, MDSC, and PNC components of the ACTN networks using the CNC, MDSC, and PNC components of the ACTN
architecture. Each enhanced VPN is controlled by its own CNC. The architecture. Each enhanced VPN is controlled by its own CNC. The
CNCs send requests to the provider's MDSC. The provider manages two CNCs send requests to the provider's MDSC. The provider manages two
physical networks each under the control of PNC. The MDSC asks the different physical networks each under the control of PNC. The MDSC
PNCs to allocate and provision resources to achieve the enhanced asks the PNCs to allocate and provision resources to achieve the
VPNs. In this figure, one enhanced VPN is constructed solely from enhanced VPNs. In this figure, one enhanced VPN is constructed
the resources of one of the physical networks, while the the VPN uses solely from the resources of one of the physical networks, while the
resources from both physical networks. the VPN uses resources from both physical networks.
___________
--------------- ( ) --------------- ( )
| CNC |---------->( VPN+ ) | CNC |---------->( VPN+ )
--------^------ ( ) --------^------ ( )
| _(_________ _) | _(_________ _)
--------------- ( ) ^ --------------- ( ) ^
| CNC |----------->( VPN+ ) : | CNC |----------->( VPN+ ) :
------^-------- ( ) : ------^-------- ( ) :
| | (___________) : | | (___________) :
| | ^ ^ : | | ^ ^ :
Boundary | | : : : Boundary | | : : :
skipping to change at page 26, line 33 skipping to change at page 25, line 41
| ( ) . | ( ) .
v ( Physical ) . v ( Physical ) .
---------------- ( Network ) . ---------------- ( Network ) .
| PNC |<-------->( ) ---^------ | PNC |<-------->( ) ---^------
---------------- | -------- ( ) ---------------- | -------- ( )
| |-- ( Physical ) | |-- ( Physical )
| PNC |<------------------------->( Network ) | PNC |<------------------------->( Network )
--------------- ( ) --------------- ( )
-------- --------
Figure 4: Generic VPN+ Delivery in the ACTN Architecture Figure 3: Generic VPN+ Delivery in the ACTN Architecture
4.6.2. Enhanced VPN Features with ACTN 4.6.2. Enhanced VPN Features with Service Data Models
This section discusses how the features of ACTN can fulfill the This section discusses how the service data models can fulfill the
enhanced VPN requirements described earlier in this document. As enhanced VPN requirements described earlier in this document. As
previously noted, key requirements of the enhanced VPN include: previously noted, key requirements of the enhanced VPN include:
1. Isolation between VPNs 1. Isolation between VPNs/VNs
2. Guaranteed Performance 2. Guaranteed Performance
3. Integration 3. Integration
4. Dynamic Configuration 4. Dynamic Management
5. Customized Control Plane 5. Customized Control
The subsections that follow outline how each requirement is met using The subsections that follow outline how each requirement is met using
ACTN. ACTN.
4.6.2.1. Isolation Between VPNs 4.6.2.1. Isolation Between VPN/VNs
The ACTN VN YANG model [I-D.ietf-teas-actn-vn-yang] and the TE- The VN YANG model [I-D.ietf-teas-actn-vn-yang] and the TE-service
service mapping model [I-D.ietf-teas-te-service-mapping-yang] fulfill mapping model [I-D.ietf-teas-te-service-mapping-yang] fulfill the
the VPN isolation requirement by providing the following features for VPN/VN isolation requirement by providing the following features for
the VNs: the VPN/VNs:
o Each VN is identified with a unique identifier (vn-id and vn-name) o Each VN is identified with a unique identifier (vn-id and vn-name)
and so is each VN member that belongs to the VN (vn-member-id). and so is each VN member that belongs to the VN (vn-member-id).
o Each instantiated VN is managed and controlled independent of o Each VPN is identified with a unique identifier (vpn-id) and can
other VNs in the network with proper protection level be mapped to one specific VN. While multiple VPNs may mapped to
(protection). the same VN according to service requirement and operator's
policy.
o Each VN is instantiated with an isolation requirement described by o Each VPN and the corresponding VN is managed and controlled
the TE-service mapping model independent of other VPNs/VNs in the network with proper
availability level.
o Each VPN/VN is instantiated with an isolation requirement
described by the TE-service mapping model
[I-D.ietf-teas-te-service-mapping-yang]. This mapping supports: [I-D.ietf-teas-te-service-mapping-yang]. This mapping supports:
* Hard isolation with deterministic characteristics (e.g., this * Hard isolation with deterministic characteristics (e.g., this
case may need an optical bypass tunnel or a DetNet/TSN tunnel case may need an optical bypass tunnel or a DetNet/TSN tunnel
to guarantee latency with no jitter) to guarantee latency with no jitter)
* Hard isolation (i.e., dedicated TE resources in all underlays) * Hard isolation (i.e., dedicated TE resources in all underlays)
* Soft isolation (i.e., resource in some layer may be shared * Soft isolation (i.e., resource in some layer may be shared
while in some other layers is dedicated). while in some other layers is dedicated).
* No isolation (i.e., sharing with other VN). * No isolation (i.e., sharing with other VPN/VN).
4.6.2.2. Guaranteed Performance 4.6.2.2. Guaranteed Performance
Performance objectives of a VN need first to be expressed in order to Performance objectives of a VN need first to be expressed in order to
assure the performance guarantee. [I-D.ietf-teas-actn-vn-yang] and assure the performance guarantee.
[I-D.ietf-teas-yang-te-topo] allow configuration of several
parameters that may affect the VN performance objectives as follows: Performance objectives of a VPN [RFC8299][RFC8466] are expressed with
QoS profile, either standard profile or customer profile. The
customer QoS profile include the following properties:
o Rate-limit
o Bandwidth
o Latency
o Jitter
[I-D.ietf-teas-actn-vn-yang] and [I-D.ietf-teas-yang-te-topo] allow
configuration of several TE parameters that may affect the VN
performance objectives as follows:
o Bandwidth o Bandwidth
o Objective function (e.g., min cost path, min load path, etc.) o Objective function (e.g., min cost path, min load path, etc.)
o Metric Types and their threshold: o Metric Types and their threshold:
* TE cost, IGP cost, Hop count, or Unidirectional Delay (e.g., * TE cost, IGP cost, Hop count, or Unidirectional Delay (e.g.,
can set all path delay <= threshold) can set all path delay <= threshold)
Once these requests are instantiated, the resources are committed and Once these requests are instantiated, the resources are committed and
guaranteed through the life cycle of the VN. guaranteed through the life cycle of the VPN/VN.
4.6.2.3. Integration 4.6.2.3. Integration
ACTN provides mechanisms to correlate customer's VN and the actual TE L3VPN network model provides mechanism to correlate customer's VPN
tunnels instantiated in the provider's network. Specifically: and the VPN service related resources (e.g.RT and RD) allocated in
the provider's network.
VPN/Network performance monitoring model
[I-D.www-bess-yang-vpn-service-pm] provides mechanisms to monitor and
manage network Performance on the topology at different layer or the
overlay topology between VPN sites.
VN model and Performance Monitoring Telemetry model provides
mechanisms to correlate customer's VN and the actual TE tunnels
instantiated in the provider's network. Specifically:
o Link each VN member to actual TE tunnel. o Link each VN member to actual TE tunnel.
o Each VN can be monitored on a various level such as VN level, VN o Each VN can be monitored on a various level such as VN level, VN
member level, TE-tunnel level, and link/node level. member level, TE-tunnel level, and link/node level.
Service function integration with network topology (L3 and TE Service function integration with network topology (L3 and TE
topology) is in progress in [I-D.ietf-teas-sf-aware-topo-model]. topology) is in progress in [I-D.ietf-teas-sf-aware-topo-model].
Specifically, [I-D.ietf-teas-sf-aware-topo-model] addresses a number Specifically, [I-D.ietf-teas-sf-aware-topo-model] addresses a number
of use-cases that show how TE topology supports various service of use-cases that show how TE topology supports various service
functions. functions.
4.6.2.4. Dynamic Configuration 4.6.2.4. Dynamic Management
ACTN provides an architecture that allows the CNC to interact with ACTN provides an architecture that allows the CNC to interact with
the MDSC which is network provider's SDN controller. This gives the the MDSC which is network provider's SDN controller. This gives the
customer control of their VNs. customer control of their VPN or VNs.
Specifically, the ACTN VN model [I-D.ietf-teas-actn-vn-yang] allows e.g., the ACTN VN model [I-D.ietf-teas-actn-vn-yang] allows the VN to
the VN to create, modify, and delete VNs. life-cycle management such as create, modify, and delete VNs on
demand. Another example is L3VPN servicel model [RFC8299] which
allows the VPN lifecycle management such as VPN creation,
modification and deletion on demand.
4.6.2.5. Customized Control 4.6.2.5. Customized Control
ACTN provides a YANG model that allows the CNC to control a VN as a ACTN provides a YANG model that allows the CNC to control a VN as a
"Type 2 VN" that allows the customer to provision tunnels that "Type 2 VN" that allows the customer to provision tunnels that
connect their endpoints over the customized VN topology. connect their endpoints over the customized VN topology.
For some VN members, the customers are allowed to configure the path For some VN members, the customers are allowed to configure the path
(i.e., the sequence of virtual nodes and virtual links) over the VN/ (i.e., the sequence of virtual nodes and virtual links) over the VN/
abstract topology. abstract topology.
4.6.3. 5G Transport Service Delivery via Coordinated Data Modules
The overview of network slice structure as defined in the 3GPP 5GS is
shown in Figure 5. The terms are described in specific 3GPP
documents (e.g. [TS23501] and [TS28530].)
<================== E2E-NSI =======================>
: : : : :
: : : : :
<====== RAN-NSSI ======><=TRN-NSSI=><====== CN-NSSI ======>VL[APL]
: : : : : : : : :
: : : : : : : : :
RW[NFs ]<=TRN-NSSI=>[NFs ]<=TRN-NSSI=>[NFs ]<=TRN-NSSI=>[NFs ]VL[APL]
. . . . . . . . . . . . .. . . . . . . . . . . . . ..
.,----. ,----. ,----.. ,----. .,----. ,----. ,----..
UE--|RAN |---| TN |---|RAN |---| TN |---|CN |---| TN |---|CN |--[APL]
.|NFs | `----' |NFs |. `----' .|NFs | `----' |NFs |.
.`----' `----'. .`----' `----'.
. . . . . . . . . . . . .. . . . . . . . . . . . . ..
RW RAN MBH CN DN
*Legends
UE: User Equipment
RAN: Radio Access Network
CN: Core Network
DN: Data Network
TN: Transport Network
MBH: Mobile Backhaul
RW: Radio Wave
NF: Network Function
APL: Application Server
NSI: Network Slice Instance
NSSI: Network Slice Subnet Instance
Figure 4: Overview of Structure of Network Slice in 3GPP 5GS
To support 5G service (e.g., 5G MBB service), L3VPN service model
[RFC8299] and TEAS VN model [I-D.ietf-teas-actn-vn-yang] can be both
provided to describe 5G MBB Transport Service or connectivity
service. L3VPN service model is used to describe end-to-end IP
connectivity service while TEAS VN model is used to describe TE
connectivity service between VPN sites or between RAN NFs and Core
network NFs.
VN in TEAS VN model and support point-to-point or multipoint-to-
multipoint connectivity service and can be seen as one example of
network slice.
TE Service mapping model can be used to map L3VPN service requests
onto underlying network resource and TE models to get TE network
setup.
For IP VPN service provision, the service parameters in the L3VPN
service model [RFC8299] can be decomposed into a set of configuration
parameters described in the L3VPN network model
[I-D.aguado-opsawg-l3sm-l3nm] which will get VPN network setup.
5. Scalability Considerations 5. Scalability Considerations
Enhanced VPN provides the performance guaranteed services in packet Enhanced VPN provides the performance guaranteed services in packet
networks, but with the potential cost of introducing additional networks, but with the potential cost of introducing additional
states into the network. There are at least three ways that this states into the network. There are at least three ways that this
adding state might be presented in the network: adding state might be presented in the network:
o Introduce the complete state into the packet, as is done in SR. o Introduce the complete state into the packet, as is done in SR.
This allows the controller to specify the detailed series of This allows the controller to specify the detailed series of
forwarding and processing instructions for the packet as it forwarding and processing instructions for the packet as it
skipping to change at page 30, line 10 skipping to change at page 31, line 29
an MPLS network is to use the RSVP protocol. However there have been an MPLS network is to use the RSVP protocol. However there have been
concerns that this requires significant continuous state maintenance concerns that this requires significant continuous state maintenance
in the network. There are ongoing works to improve the scalability in the network. There are ongoing works to improve the scalability
of RSVP-TE LSPs in the control plane [RFC8370]. of RSVP-TE LSPs in the control plane [RFC8370].
There is also concern at the scalability of the forwarder footprint There is also concern at the scalability of the forwarder footprint
of RSVP as the number of paths through an LSR grows [RFC8577] of RSVP as the number of paths through an LSR grows [RFC8577]
proposes to address this by employing SR within a tunnel established proposes to address this by employing SR within a tunnel established
by RSVP-TE. by RSVP-TE.
6. OAM Considerations 5.3. SDN Scaling
A study of OAM in SR networks has been documented in [RFC8403]. The centralized approach of SDN requires state to be stored in the
network, but does not have the overhead of also requiring control
plane state to be maintained. Each individual network node may need
to maintain a communication channel with the SDN controller, but that
compares favourably with the need for a control plane to maintain
communication with all neighbors.
However, SDN may transfer some of the scalability concerns from the
network to the centralized controller. In particular, there may be a
heavy processing burden at the controller, and a heavy load in the
network surrounding the controller.
6. OAM Considerations
The enhanced VPN OAM design needs to consider the following The enhanced VPN OAM design needs to consider the following
requirements: requirements:
o Instrumentation of the underlay so that the network operator can o Instrumentation of the underlay so that the network operator can
be sure that the resources committed to a tenant are operating be sure that the resources committed to a tenant are operating
correctly and delivering the required performance. correctly and delivering the required performance.
o Instrumentation of the overlay by the tenant. This is likely to o Instrumentation of the overlay by the tenant. This is likely to
be transparent to the network operator and to use existing be transparent to the network operator and to use existing
skipping to change at page 30, line 37 skipping to change at page 32, line 21
o Instrumentation of the overlay by the network provider to o Instrumentation of the overlay by the network provider to
proactively demonstrate that the committed performance is being proactively demonstrate that the committed performance is being
delivered. This needs to be done in a non-intrusive manner, delivered. This needs to be done in a non-intrusive manner,
particularly when the tenant is deploying a performance sensitive particularly when the tenant is deploying a performance sensitive
application application
o Verification of the conformity of the path to the service o Verification of the conformity of the path to the service
requirement. This may need to be done as part of a commissioning requirement. This may need to be done as part of a commissioning
test. test.
These issues will be discussed in a future version of this document. A study of OAM in SR networks has been documented in [RFC8403].
7. Enhanced Resiliency 7. Telemetry Considerations
Network visibility is essential for network operation. Network
telemetry has been considered as an ideal means to gain sufficient
network visibility with better flexibility, scalability, accuracy,
coverage, and performance than conventional OAM technologies.
As defined in [I-D.ietf-opsawg-ntf], Network Telemetry is to acquire
network data remotely for network monitoring and operation. It is a
general term for a large set of network visibility techniques and
protocols. Network telemetry addresses the current network operation
issues and enables smooth evolution toward intent-driven autonomous
networks. Telemetry can be applied on the forwarding plane, the
control plane, and the management plane in a network.
How the telemetry mechanisms could be used or extended for the
enhanced VPN service will be described in a future version.
8. Enhanced Resiliency
Each enhanced VPN has a life-cycle, and needs modification during Each enhanced VPN has a life-cycle, and needs modification during
deployment as the needs of its tenant change. Additionally, as the deployment as the needs of its tenant change. Additionally, as the
network as a whole evolves, there will need to be garbage collection network as a whole evolves, there will need to be garbage collection
performed to consolidate resources into usable quanta. performed to consolidate resources into usable quanta.
Systems in which the path is imposed such as SR, or some form of Systems in which the path is imposed such as SR, or some form of
explicit routing tend to do well in these applications, because it is explicit routing tend to do well in these applications, because it is
possible to perform an atomic transition from one path to another. possible to perform an atomic transition from one path to another.
This is a single action by the head-end changes the path without the This is a single action by the head-end changes the path without the
skipping to change at page 31, line 41 skipping to change at page 33, line 43
consideration has to be given to the impact of best effort traffic on consideration has to be given to the impact of best effort traffic on
the high priority packets during a transient. Specifically if a the high priority packets during a transient. Specifically if a
conventional re-convergence process is used there will inevitably be conventional re-convergence process is used there will inevitably be
micro-loops and whilst some form of explicit routing will protect the micro-loops and whilst some form of explicit routing will protect the
high priority traffic, lower priority traffic on best effort shortest high priority traffic, lower priority traffic on best effort shortest
paths will micro-loop without the use of a loop prevention paths will micro-loop without the use of a loop prevention
technology. To provide the highest quality of service to high technology. To provide the highest quality of service to high
priority traffic, either this traffic must be shielded from the priority traffic, either this traffic must be shielded from the
micro-loops, or micro-loops must be prevented. micro-loops, or micro-loops must be prevented.
8. Security Considerations 9. Operational Considerations
TBD in a future version.
10. Security Considerations
All types of virtual network require special consideration to be All types of virtual network require special consideration to be
given to the isolation between the tenants. In this regard enhanced given to the isolation between the tenants. In this regard enhanced
VPNs neither introduce, no experience a greater security risk than VPNs neither introduce, no experience a greater security risk than
another VPN of the same base type. However, in an enhanced virtual another VPN of the same base type. However, in an enhanced virtual
network service the isolation requirement needs to be considered. If network service the isolation requirement needs to be considered. If
a service requires a specific latency then it can be damaged by a service requires a specific latency then it can be damaged by
simply delaying the packet through the activities of another tenant. simply delaying the packet through the activities of another tenant.
In a network with virtual functions, depriving a function used by In a network with virtual functions, depriving a function used by
another tenant of compute resources can be just as damaging as another tenant of compute resources can be just as damaging as
delaying transmission of a packet in the network. The measures to delaying transmission of a packet in the network. The measures to
address these dynamic security risks must be specified as part to the address these dynamic security risks must be specified as part to the
specific solution. specific solution.
9. IANA Considerations While an enhanced VPN service may be sold as offering encryption and
other security features as part of the service, customers would be
well advised to take responsibility for their own security
requirements themselves possibly by encrypting traffic before handing
it off to the service provider.
There are no requested IANA actions. The privacy of enhanced VPN service customers must be preserved. It
should not be possible for one customer to discover the existence of
another customer, nor should the sites that are members of an
enhanced VPN be externally visible.
10. Contributors 11. IANA Considerations
There are no requested IANA actions.
12. Contributors
Daniel King Daniel King
Email: daniel@olddog.co.uk Email: daniel@olddog.co.uk
Adrian Farrel Adrian Farrel
Email: adrian@olddog.co.uk Email: adrian@olddog.co.uk
Jeff Tansura Jeff Tansura
Email: jefftant.ietf@gmail.com Email: jefftant.ietf@gmail.com
Qin Wu Qin Wu
skipping to change at page 32, line 38 skipping to change at page 35, line 28
Mohamed Boucadair Mohamed Boucadair
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Sergio Belotti Sergio Belotti
Email: sergio.belotti@nokia.com Email: sergio.belotti@nokia.com
Haomian Zheng Haomian Zheng
Email: zhenghaomian@huawei.com Email: zhenghaomian@huawei.com
11. Acknowledgements 13. Acknowledgements
The authors would like to thank Charlie Perkins, James N Guichard and The authors would like to thank Charlie Perkins, James N Guichard and
John E Drake for their review and valuable comments. John E Drake for their review and valuable comments.
This work was supported in part by the European Commission funded This work was supported in part by the European Commission funded
H2020-ICT-2016-2 METRO-HAUL project (G.A. 761727). H2020-ICT-2016-2 METRO-HAUL project (G.A. 761727).
12. References 14. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 14.1. Normative References
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
12.2. Informative References [I-D.ietf-teas-actn-vn-yang]
Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B.
Yoon, "A Yang Data Model for VN Operation", draft-ietf-
teas-actn-vn-yang-06 (work in progress), July 2019.
[I-D.ietf-teas-te-service-mapping-yang]
Lee, Y., Dhody, D., Fioccola, G., Wu, Q., Ceccarelli, D.,
and J. Tantsura, "Traffic Engineering (TE) and Service
Mapping Yang Model", draft-ietf-teas-te-service-mapping-
yang-02 (work in progress), September 2019.
[RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A.
Malis, "A Framework for IP Based Virtual Private
Networks", RFC 2764, DOI 10.17487/RFC2764, February 2000,
<https://www.rfc-editor.org/info/rfc2764>.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
<https://www.rfc-editor.org/info/rfc3209>.
[RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation
Edge-to-Edge (PWE3) Architecture", RFC 3985,
DOI 10.17487/RFC3985, March 2005,
<https://www.rfc-editor.org/info/rfc3985>.
[RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer
2 Virtual Private Networks (L2VPNs)", RFC 4664,
DOI 10.17487/RFC4664, September 2006,
<https://www.rfc-editor.org/info/rfc4664>.
[RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki,
"YANG Data Model for L3VPN Service Delivery", RFC 8299,
DOI 10.17487/RFC8299, January 2018,
<https://www.rfc-editor.org/info/rfc8299>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
Abstraction and Control of TE Networks (ACTN)", RFC 8453,
DOI 10.17487/RFC8453, August 2018,
<https://www.rfc-editor.org/info/rfc8453>.
[RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG
Data Model for Layer 2 Virtual Private Network (L2VPN)
Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October
2018, <https://www.rfc-editor.org/info/rfc8466>.
14.2. Informative References
[BBF-SD406] [BBF-SD406]
"BBF SD-406: End-to-End Network Slicing", 2016, "BBF SD-406: End-to-End Network Slicing", 2016,
<https://wiki.broadband-forum.org/display/BBF/ <https://wiki.broadband-forum.org/display/BBF/SD-406+End-
SD-406+End-to-End+Network+Slicing>. to-End+Network+Slicing>.
[DETNET] "Deterministic Networking", March , [DETNET] "Deterministic Networking", March ,
<https://datatracker.ietf.org/wg/detnet/about/>. <https://datatracker.ietf.org/wg/detnet/about/>.
[FLEXE] "Flex Ethernet Implementation Agreement", March 2016, [FLEXE] "Flex Ethernet Implementation Agreement", March 2016,
<http://www.oiforum.com/wp-content/uploads/ <http://www.oiforum.com/wp-content/uploads/OIF-FLEXE-
OIF-FLEXE-01.0.pdf>. 01.0.pdf>.
[I-D.aguado-opsawg-l3sm-l3nm]
Aguado, A., Dios, O., Lopezalvarez, V.,
daniel.voyer@bell.ca, d., and L. Munoz, "Layer 3 VPN
Network Model", draft-aguado-opsawg-l3sm-l3nm-01 (work in
progress), July 2019.
[I-D.geng-spring-srv6-for-detnet]
Geng, X., Li, Z., and M. Chen, "SRv6 for Deterministic
Networking (DetNet)", draft-geng-spring-srv6-for-detnet-00
(work in progress), July 2019.
[I-D.ietf-detnet-architecture] [I-D.ietf-detnet-architecture]
Finn, N., Thubert, P., Varga, B., and J. Farkas, Finn, N., Thubert, P., Varga, B., and J. Farkas,
"Deterministic Networking Architecture", draft-ietf- "Deterministic Networking Architecture", draft-ietf-
detnet-architecture-13 (work in progress), May 2019. detnet-architecture-13 (work in progress), May 2019.
[I-D.ietf-detnet-dp-sol-ip] [I-D.ietf-detnet-dp-sol-ip]
Korhonen, J. and B. Varga, "DetNet IP Data Plane Korhonen, J. and B. Varga, "DetNet IP Data Plane
Encapsulation", draft-ietf-detnet-dp-sol-ip-02 (work in Encapsulation", draft-ietf-detnet-dp-sol-ip-02 (work in
progress), March 2019. progress), March 2019.
[I-D.ietf-detnet-use-cases] [I-D.ietf-opsawg-ntf]
Grossman, E., "Deterministic Networking Use Cases", draft- Song, H., Qin, F., Martinez-Julia, P., Ciavaglia, L., and
ietf-detnet-use-cases-20 (work in progress), December A. Wang, "Network Telemetry Framework", draft-ietf-opsawg-
2018. ntf-01 (work in progress), June 2019.
[I-D.ietf-teas-actn-vn-yang] [I-D.ietf-teas-actn-pm-telemetry-autonomics]
Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Lee, Y., Dhody, D., Karunanithi, S., Vilata, R., King, D.,
Yoon, "A Yang Data Model for VN Operation", draft-ietf- and D. Ceccarelli, "YANG models for VN & TE Performance
teas-actn-vn-yang-06 (work in progress), July 2019. Monitoring Telemetry and Scaling Intent Autonomics",
draft-ietf-teas-actn-pm-telemetry-autonomics-00 (work in
progress), July 2019.
[I-D.ietf-teas-sf-aware-topo-model] [I-D.ietf-teas-sf-aware-topo-model]
Bryskin, I., Liu, X., Lee, Y., Guichard, J., Contreras, Bryskin, I., Liu, X., Lee, Y., Guichard, J., Contreras,
L., Ceccarelli, D., and J. Tantsura, "SF Aware TE Topology L., Ceccarelli, D., and J. Tantsura, "SF Aware TE Topology
YANG Model", draft-ietf-teas-sf-aware-topo-model-03 (work YANG Model", draft-ietf-teas-sf-aware-topo-model-03 (work
in progress), March 2019. in progress), March 2019.
[I-D.ietf-teas-te-service-mapping-yang] [I-D.ietf-teas-yang-te]
Lee, Y., Dhody, D., Ceccarelli, D., Tantsura, J., Saad, T., Gandhi, R., Liu, X., Beeram, V., and I. Bryskin,
Fioccola, G., and Q. Wu, "Traffic Engineering and Service "A YANG Data Model for Traffic Engineering Tunnels and
Mapping Yang Model", draft-ietf-teas-te-service-mapping- Interfaces", draft-ietf-teas-yang-te-21 (work in
yang-01 (work in progress), March 2019. progress), April 2019.
[I-D.ietf-teas-yang-te-topo] [I-D.ietf-teas-yang-te-topo]
Liu, X., Bryskin, I., Beeram, V., Saad, T., Shah, H., and Liu, X., Bryskin, I., Beeram, V., Saad, T., Shah, H., and
O. Dios, "YANG Data Model for Traffic Engineering (TE) O. Dios, "YANG Data Model for Traffic Engineering (TE)
Topologies", draft-ietf-teas-yang-te-topo-22 (work in Topologies", draft-ietf-teas-yang-te-topo-22 (work in
progress), June 2019. progress), June 2019.
[I-D.www-bess-yang-vpn-service-pm]
Wang, Z., Wu, Q., Even, R., Wen, B., and C. Liu, "A YANG
Model for Network and VPN Service Performance Monitoring",
draft-www-bess-yang-vpn-service-pm-03 (work in progress),
July 2019.
[NGMN-NS-Concept] [NGMN-NS-Concept]
"NGMN NS Concept", 2016, <https://www.ngmn.org/fileadmin/u "NGMN NS Concept", 2016, <https://www.ngmn.org/fileadmin/u
ser_upload/161010_NGMN_Network_Slicing_framework_v1.0.8.pd ser_upload/161010_NGMN_Network_Slicing_framework_v1.0.8.pd
f>. f>.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
<https://www.rfc-editor.org/info/rfc2475>. <https://www.rfc-editor.org/info/rfc2475>.
[RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A.
Malis, "A Framework for IP Based Virtual Private
Networks", RFC 2764, DOI 10.17487/RFC2764, February 2000,
<https://www.rfc-editor.org/info/rfc2764>.
[RFC2992] Hopps, C., "Analysis of an Equal-Cost Multi-Path [RFC2992] Hopps, C., "Analysis of an Equal-Cost Multi-Path
Algorithm", RFC 2992, DOI 10.17487/RFC2992, November 2000, Algorithm", RFC 2992, DOI 10.17487/RFC2992, November 2000,
<https://www.rfc-editor.org/info/rfc2992>. <https://www.rfc-editor.org/info/rfc2992>.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
<https://www.rfc-editor.org/info/rfc3209>.
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P.
Conrad, "Stream Control Transmission Protocol (SCTP) Conrad, "Stream Control Transmission Protocol (SCTP)
Partial Reliability Extension", RFC 3758, Partial Reliability Extension", RFC 3758,
DOI 10.17487/RFC3758, May 2004, DOI 10.17487/RFC3758, May 2004,
<https://www.rfc-editor.org/info/rfc3758>. <https://www.rfc-editor.org/info/rfc3758>.
[RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed., [RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed.,
"Layer Two Tunneling Protocol - Version 3 (L2TPv3)", "Layer Two Tunneling Protocol - Version 3 (L2TPv3)",
RFC 3931, DOI 10.17487/RFC3931, March 2005, RFC 3931, DOI 10.17487/RFC3931, March 2005,
<https://www.rfc-editor.org/info/rfc3931>. <https://www.rfc-editor.org/info/rfc3931>.
[RFC3945] Mannie, E., Ed., "Generalized Multi-Protocol Label [RFC3945] Mannie, E., Ed., "Generalized Multi-Protocol Label
Switching (GMPLS) Architecture", RFC 3945, Switching (GMPLS) Architecture", RFC 3945,
DOI 10.17487/RFC3945, October 2004, DOI 10.17487/RFC3945, October 2004,
<https://www.rfc-editor.org/info/rfc3945>. <https://www.rfc-editor.org/info/rfc3945>.
[RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation
Edge-to-Edge (PWE3) Architecture", RFC 3985,
DOI 10.17487/RFC3985, March 2005,
<https://www.rfc-editor.org/info/rfc3985>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <https://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC4448] Martini, L., Ed., Rosen, E., El-Aawar, N., and G. Heron, [RFC4448] Martini, L., Ed., Rosen, E., El-Aawar, N., and G. Heron,
"Encapsulation Methods for Transport of Ethernet over MPLS "Encapsulation Methods for Transport of Ethernet over MPLS
Networks", RFC 4448, DOI 10.17487/RFC4448, April 2006, Networks", RFC 4448, DOI 10.17487/RFC4448, April 2006,
<https://www.rfc-editor.org/info/rfc4448>. <https://www.rfc-editor.org/info/rfc4448>.
[RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration [RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration
Guidelines for DiffServ Service Classes", RFC 4594, Guidelines for DiffServ Service Classes", RFC 4594,
DOI 10.17487/RFC4594, August 2006, DOI 10.17487/RFC4594, August 2006,
<https://www.rfc-editor.org/info/rfc4594>. <https://www.rfc-editor.org/info/rfc4594>.
[RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer
2 Virtual Private Networks (L2VPNs)", RFC 4664,
DOI 10.17487/RFC4664, September 2006,
<https://www.rfc-editor.org/info/rfc4664>.
[RFC4719] Aggarwal, R., Ed., Townsley, M., Ed., and M. Dos Santos, [RFC4719] Aggarwal, R., Ed., Townsley, M., Ed., and M. Dos Santos,
Ed., "Transport of Ethernet Frames over Layer 2 Tunneling Ed., "Transport of Ethernet Frames over Layer 2 Tunneling
Protocol Version 3 (L2TPv3)", RFC 4719, Protocol Version 3 (L2TPv3)", RFC 4719,
DOI 10.17487/RFC4719, November 2006, DOI 10.17487/RFC4719, November 2006,
<https://www.rfc-editor.org/info/rfc4719>. <https://www.rfc-editor.org/info/rfc4719>.
[RFC5151] Farrel, A., Ed., Ayyangar, A., and JP. Vasseur, "Inter-
Domain MPLS and GMPLS Traffic Engineering -- Resource
Reservation Protocol-Traffic Engineering (RSVP-TE)
Extensions", RFC 5151, DOI 10.17487/RFC5151, February
2008, <https://www.rfc-editor.org/info/rfc5151>.
[RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., [RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed.,
Sprecher, N., and S. Ueno, "Requirements of an MPLS Sprecher, N., and S. Ueno, "Requirements of an MPLS
Transport Profile", RFC 5654, DOI 10.17487/RFC5654, Transport Profile", RFC 5654, DOI 10.17487/RFC5654,
September 2009, <https://www.rfc-editor.org/info/rfc5654>. September 2009, <https://www.rfc-editor.org/info/rfc5654>.
[RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined [RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined
Networking: A Perspective from within a Service Provider Networking: A Perspective from within a Service Provider
Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014, Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014,
<https://www.rfc-editor.org/info/rfc7149>. <https://www.rfc-editor.org/info/rfc7149>.
skipping to change at page 36, line 17 skipping to change at page 40, line 5
VPN (EVPN)", RFC 7209, DOI 10.17487/RFC7209, May 2014, VPN (EVPN)", RFC 7209, DOI 10.17487/RFC7209, May 2014,
<https://www.rfc-editor.org/info/rfc7209>. <https://www.rfc-editor.org/info/rfc7209>.
[RFC7926] Farrel, A., Ed., Drake, J., Bitar, N., Swallow, G., [RFC7926] Farrel, A., Ed., Drake, J., Bitar, N., Swallow, G.,
Ceccarelli, D., and X. Zhang, "Problem Statement and Ceccarelli, D., and X. Zhang, "Problem Statement and
Architecture for Information Exchange between Architecture for Information Exchange between
Interconnected Traffic-Engineered Networks", BCP 206, Interconnected Traffic-Engineered Networks", BCP 206,
RFC 7926, DOI 10.17487/RFC7926, July 2016, RFC 7926, DOI 10.17487/RFC7926, July 2016,
<https://www.rfc-editor.org/info/rfc7926>. <https://www.rfc-editor.org/info/rfc7926>.
[RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki, [RFC8172] Morton, A., "Considerations for Benchmarking Virtual
"YANG Data Model for L3VPN Service Delivery", RFC 8299, Network Functions and Their Infrastructure", RFC 8172,
DOI 10.17487/RFC8299, January 2018, DOI 10.17487/RFC8172, July 2017,
<https://www.rfc-editor.org/info/rfc8299>. <https://www.rfc-editor.org/info/rfc8172>.
[RFC8370] Beeram, V., Ed., Minei, I., Shakir, R., Pacella, D., and [RFC8370] Beeram, V., Ed., Minei, I., Shakir, R., Pacella, D., and
T. Saad, "Techniques to Improve the Scalability of RSVP-TE T. Saad, "Techniques to Improve the Scalability of RSVP-TE
Deployments", RFC 8370, DOI 10.17487/RFC8370, May 2018, Deployments", RFC 8370, DOI 10.17487/RFC8370, May 2018,
<https://www.rfc-editor.org/info/rfc8370>. <https://www.rfc-editor.org/info/rfc8370>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N. [RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N.
Kumar, "A Scalable and Topology-Aware MPLS Data-Plane Kumar, "A Scalable and Topology-Aware MPLS Data-Plane
Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July
2018, <https://www.rfc-editor.org/info/rfc8403>. 2018, <https://www.rfc-editor.org/info/rfc8403>.
[RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
Abstraction and Control of TE Networks (ACTN)", RFC 8453,
DOI 10.17487/RFC8453, August 2018,
<https://www.rfc-editor.org/info/rfc8453>.
[RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG
Data Model for Layer 2 Virtual Private Network (L2VPN)
Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October
2018, <https://www.rfc-editor.org/info/rfc8466>.
[RFC8491] Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg, [RFC8491] Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg,
"Signaling Maximum SID Depth (MSD) Using IS-IS", RFC 8491, "Signaling Maximum SID Depth (MSD) Using IS-IS", RFC 8491,
DOI 10.17487/RFC8491, November 2018, DOI 10.17487/RFC8491, November 2018,
<https://www.rfc-editor.org/info/rfc8491>. <https://www.rfc-editor.org/info/rfc8491>.
[RFC8568] Bernardos, CJ., Rahman, A., Zuniga, JC., Contreras, LM.,
Aranda, P., and P. Lynch, "Network Virtualization Research
Challenges", RFC 8568, DOI 10.17487/RFC8568, April 2019,
<https://www.rfc-editor.org/info/rfc8568>.
[RFC8577] Sitaraman, H., Beeram, V., Parikh, T., and T. Saad, [RFC8577] Sitaraman, H., Beeram, V., Parikh, T., and T. Saad,
"Signaling RSVP-TE Tunnels on a Shared MPLS Forwarding "Signaling RSVP-TE Tunnels on a Shared MPLS Forwarding
Plane", RFC 8577, DOI 10.17487/RFC8577, April 2019, Plane", RFC 8577, DOI 10.17487/RFC8577, April 2019,
<https://www.rfc-editor.org/info/rfc8577>. <https://www.rfc-editor.org/info/rfc8577>.
[RFC8578] Grossman, E., Ed., "Deterministic Networking Use Cases",
RFC 8578, DOI 10.17487/RFC8578, May 2019,
<https://www.rfc-editor.org/info/rfc8578>.
[SFC] "Service Function Chaining", March , [SFC] "Service Function Chaining", March ,
<https://datatracker.ietf.org/wg/sfc/about>. <https://datatracker.ietf.org/wg/sfc/about>.
[TS23501] "3GPP TS23.501", 2016, [TS23501] "3GPP TS23.501", 2016,
<https://portal.3gpp.org/desktopmodules/Specifications/ <https://portal.3gpp.org/desktopmodules/Specifications/
SpecificationDetails.aspx?specificationId=3144>. SpecificationDetails.aspx?specificationId=3144>.
[TS28530] "3GPP TS28.530", 2016, [TS28530] "3GPP TS28.530", 2016,
<https://portal.3gpp.org/desktopmodules/Specifications/ <https://portal.3gpp.org/desktopmodules/Specifications/
SpecificationDetails.aspx?specificationId=3273>. SpecificationDetails.aspx?specificationId=3273>.
skipping to change at page 37, line 32 skipping to change at page 41, line 13
<https://1.ieee802.org/tsn/>. <https://1.ieee802.org/tsn/>.
Authors' Addresses Authors' Addresses
Jie Dong Jie Dong
Huawei Huawei
Email: jie.dong@huawei.com Email: jie.dong@huawei.com
Stewart Bryant Stewart Bryant
Huawei Futurewei
Email: stewart.bryant@gmail.com Email: stewart.bryant@gmail.com
Zhenqiang Li Zhenqiang Li
China Mobile China Mobile
Email: lizhenqiang@chinamobile.com Email: lizhenqiang@chinamobile.com
Takuya Miyasaka Takuya Miyasaka
KDDI Corporation KDDI Corporation
skipping to change at page 38, line 4 skipping to change at page 41, line 26
Zhenqiang Li Zhenqiang Li
China Mobile China Mobile
Email: lizhenqiang@chinamobile.com Email: lizhenqiang@chinamobile.com
Takuya Miyasaka Takuya Miyasaka
KDDI Corporation KDDI Corporation
Email: ta-miyasaka@kddi.com Email: ta-miyasaka@kddi.com
Young Lee Young Lee
Futurewei Sung Kyun Kwan University
Email: younglee.tx@gmail.com Email: younglee.tx@gmail.com
 End of changes. 132 change blocks. 
469 lines changed or deleted 662 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/