Internet Engineering Task Force (IETF) Y. Lee Request for Comments: 8454 Huawei Category: Informational S. Belotti ISSN: 2070-1721 Nokia D. Dhody Huawei D. Ceccarelli Ericsson B. Yoon ETRI September 2018
Information Model for Abstraction and Control of TE Networks (ACTN)
This document provides an information model for Abstraction and Control of TE Networks (ACTN).
Status of This Memo
This document is not an Internet Standards Track specification; it is published for informational purposes.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document provides an information model for Abstraction and Control of TE Networks (ACTN). The information model described in this document covers the interface requirements identified in the ACTN Framework document [RFC8453].
The ACTN reference architecture [RFC8453] identifies a three-tier control hierarchy comprising the following as depicted in Figure 1:
o Customer Network Controllers (CNCs) o Multi-Domain Service Coordinator (MDSC) o Provisioning Network Controllers (PNCs)
The two interfaces with respect to the MDSC, one north of the MDSC and the other south of the MDSC, are referred to as "CMI" (CNC-MDSC Interface) and "MPI" (MDSC-PNC Interface), respectively. This document models these two interfaces and derivative interfaces thereof (e.g., MDSC-to-MDSC in a hierarchy of MDSCs) as a single common interface.
This section provides an ACTN common interface information model to describe primitives, objects, their properties (represented as attributes), their relationships, and the resources for the service applications needed in the ACTN context.
The standard interface is described between a client controller and a server controller. A client-server relationship is recursive between a CNC and an MDSC and between an MDSC and a PNC. In the CMI, the client is a CNC while the server is an MDSC. In the MPI, the client is an MDSC and the server is a PNC. There may also be MDSC-MDSC interfaces that need to be supported. This may arise in a hierarchy of MDSCs in which workloads may need to be partitioned to multiple MDSCs.
Basic primitives (messages) are required between the CNC-MDSC and MDSC-PNC controllers. These primitives can then be used to support different ACTN network control functions like network topology requests/queries, VN service requests, path computation and connection control, VN service policy negotiation, enforcement, routing options, etc.
There are two different types of primitives depending on the type of interface:
o Virtual Network primitives at CMI o Traffic Engineering primitives at MPI
As well described in [RFC8453], at the CMI level, there is no need for detailed TE information since the basic functionality is to translate customer service information into VNS operation.
At the MPI level, MDSC has the main scope for multi-domain coordination and creation of a single end-to-end (E2E) abstracted network view that is strictly related to TE information.
As for topology, this document employs two types of topology.
o The first type is referred to as "virtual network topology" and is associated with a VN. Virtual network topology is a customized topology for view and control by the customer. See Section 3.1 for details.
o The second type is referred to as "TE topology" and is associated with provider network operation on which we can apply policy to obtain the required level of abstraction to represent the underlying physical network topology.
VN Instantiate refers to an action from customers/applications to request the creation of VNs. VN Instantiate is for CNC-to-MDSC communication. Depending on the agreement between client and provider, VN instantiate can imply different VN operations. There are two types of VN instantiation:
VN Type 1: VN is viewed as a set of edge-to-edge links (VN members).
VN Type 2: VN is viewed as a VN-topology comprising virtual nodes and virtual links.
Please see [RFC8453] for full details regarding the types of VN.
"VN Update" refers to any update to the VN that needs to be updated to the customers. VN Update is MDSC-to-CNC communication. VN Update fulfills a push model at the CMI level, making customers aware of any specific changes in the topology details related to the instantiated VN.
VN Update, depending of the type of VN instantiated, can be:
1. an update of VN members (edge-to-edge links) in case of VN Type 1, or
2. an update of virtual topology in case of VN Type 2.
Lee, et al. Informational [Page 7]
RFC 8454 ACTN Info Model September 2018
The connection-related information (e.g., Label Switched Paths (LSPs)) update association with VNs will be part of the "translation" function that happens in MDSC to map/translate VN request into TE semantics. This information will be provided in case the customer optionally wants to have more-detailed TE information associated with the instantiated VN.
VN Compute consists of a Request and Reply. "VN Compute Request" refers to an action from customers/applications to request a VN computation.
"VN Compute Reply" refers to the reply in response to VN Compute Request.
A VN Compute Request/Reply is to be differentiated from a VN Instantiate. The purpose of VN Compute is a priori exploration to compute network resources availability and getting a possible VN view in which path details can be specified matching customer/applications constraints. This a priori exploration may not guarantee the availability of the computed network resources at the time of instantiation.
TE Topology Update is a primitive specifically related to MPI used to provide a TE resource update between any domain controller and MDSC regarding the entire content of any actual TE topology of a domain controller or an abstracted filtered view of TE topology depending on negotiated policy.
See [TE-TOPO] for detailed YANG implementation of TE topology update.
The Connectivity Type identifies the type of required VN Service. In addition to the classical types of services (e.g., P2P/P2MP, etc.), ACTN defines the "multi-destination" service that is a new P2P service where the endpoints are not fixed. They can be chosen among a list of preconfigured endpoints or dynamically provided by the CNC.
VN Directionality indicates if a VN is unidirectional or bidirectional. This implies that each VN member that belongs to the VN has the same directionality as the VN.
<VN Traffic Matrix> ::= <Bandwidth>
The VN Traffic Matrix represents the traffic matrix parameters for the required service connectivity. Bandwidth is a mandatory parameter, and a number of optional constraints can be specified in the VN Constraints (e.g., diversity, cost). They can include objective functions and TE metric bounds as specified in [RFC5541].
Further details on the VN constraints are specified below:
Layer Protocol identifies the layer topology at which the VN service is requested. It could be, for example, MPLS, Optical Data Unit (ODU), and Optical Channel (OCh).
Diversity allows asking for diversity constraints for a VN Instantiate/Modify or a VN Path Compute. For example, a new VN or a path is requested in total diversity from an existing one (e.g., diversity exclusion).
<Diversity> ::= (<VN-exclusion> (<VN-id>...)) |
Metric can include all the Metrics (cost, delay, delay variation, latency) and bandwidth utilization parameters defined and referenced by [RFC3630] and [RFC7471].
Local Reroute Allowed is a delegation policy to the Server on whether or not to allow a local reroute fix upon a failure of the primary LSP.
Domain Preference is only applied on the MPI where the MDSC (client) provides a domain preference to each PNC (server), e.g., when an inter-domain link fails, then PNC can choose the alternative peering with this info.
Push Allowed is a policy that allows a server to trigger an updated VN topology upon failure without an explicit request from the client. Push action can be set as default unless otherwise specified.
Incremental Update is another policy that triggers an incremental update from the server since the last period of update. Incremental update can be set as default unless otherwise specified.
VN End-Point Object describes the VN's customer endpoint characteristics.
<VN End-Point> ::= (<Access Point Identifier>
[<Access Link Capability>] [<Source Indicator>])...
Access Point Identifier represents a unique identifier of the client endpoint. They are used by the customer to ask for the setup of a virtual network instantiation. A VN End-Point is defined against each AP in the network and is shared between customer and provider. Both the customer and the provider will map it against their own physical resources.
Lee, et al. Informational [Page 13]
RFC 8454 ACTN Info Model September 2018
Access Link Capability identifies the capabilities of the access link related to the given access point (e.g., max-bandwidth, bandwidth availability, etc.).
Source Indicator indicates whether or not an endpoint is the source.
The VN Computed Path is the list of paths obtained after the VN path computation request from a higher controller. Note that the computed path is to be distinguished from the LSP. When the computed path is signaled in the network (and thus the resource is reserved for that path), it becomes an LSP.
This section provides the VN Service preference. VN Service is defined in Section 2.
<VN Service Preference> ::= [<Location Service Preference >]
[<Client-specific Preference >]
[<End-Point Dynamic Selection Preference >]
Location Service Preference describes the End-Point Location's (e.g., data centers (DCs)) support for certain Virtual Network Functions (VNFs) (e.g., security function, firewall capability, etc.) and is used to find the path that satisfies the VNF constraint.
Client-specific Preference describes any preference related to VNS that an application/client can enforce via CNC towards lower-level controllers. For example, CNC can enforce client-specific preferences, e.g., selection of a destination DC from the set of candidate DCs based on some criteria in the context of Virtual Machine (VM) migration. MSDC/PNC should then provide the DC interconnection that supports the Client-specific Preference.
End-Point Dynamic Selection Preference describes if the endpoint (e.g., DC) can support load-balancing, disaster recovery, or VM migration and so can be part of the selection by MDSC following service Preference enforcement by CNC.
The ACTN information model is not directly relevant when considering potential security issues. Rather, it defines a set of interfaces for TE networks. The underlying protocols, procedures, and implementations used to exchange the information model described in this document will need to secure the request and control of resources with proper authentication and authorization mechanisms. In addition, the data exchanged over the ACTN interfaces discussed in this document requires verification of data integrity. Backup or redundancies should also be available to restore the affected data to its correct state.
Implementations of the ACTN framework will have distributed functional components that will exchange an instantiation that adheres to this information model. Implementations should encrypt data that flows between them, especially when they are implemented at remote nodes and irrespective of whether these data flows are on external or internal network interfaces. The information model may contain customer, application, and network data that, for business or privacy reasons, may be considered sensitive. It should be stored only in an encrypted data store.
Lee, et al. Informational [Page 20]
RFC 8454 ACTN Info Model September 2018
The ACTN security discussion is further split into two specific interfaces:
o Interface between the CNC and MDSC, CNC-MDSC Interface (CMI)
o Interface between the MDSC and PNC, MDSC-PNC Interface (MPI).
See the detailed discussion of the CMI and MPI in Sections 9.1 and 9.2 (respectively) in [RFC8453].
The conclusion is that all data models and protocols used to realize the ACTN information model should have rich security features, as discussed in this section. Additional security risks may still exist. Therefore, discussion and applicability of specific security functions and protocols will be better described in documents that are use case and environment specific.
[ACTN-REQ] Lee, Y., Ceccarelli, D., Miyasaka, T., Shin, J., and K. Lee, "Requirements for Abstraction and Control of TE Networks", Work in Progress, draft-ietf-teas-actn-requirements-09, March 2018.
[Path-Compute] Busi, I., Belotti, S., Lopezalvarez, V., Dios, O., Sharma, A., Shi, Y., Vilata, R., and K. Sethuraman, "Yang model for requesting Path Computation", Work in Progress, draft-ietf-teas-yang-path-computation-02, June 2018.