Internet Research Task Force C. Zhou Internet-Draft H. Yang Intended status: Informational X. Duan Expires: August 26, 2021 China Mobile D. Lopez A. Pastor Telefonica I+D Q. Wu Huawei M. Boucadair C. Jacquenet Orange February 22, 2021 Concepts of Digital Twin Network draft-zhou-nmrg-digitaltwin-network-concepts-03 Abstract Digital Twin technology has been seen as a rapid adoption technology in Industry 4.0. The application of Digital Twin technology in the telecommunications field is meant to realize efficient and intelligent management and accelerate network innovation. This document presents an overview of the concepts of Digital Twin Network (DTN), provides the definition and DTN, and then describes the benefits and key challenges of such technology. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Zhou, et al. Expires August 26, 2021 [Page 1] Internet-Draft Network Working Group February 2021 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 26, 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definition of Digital Twin Network . . . . . . . . . . . . . 3 3. Benefits of Digital Twin Network . . . . . . . . . . . . . . 5 3.1. Lower the Cost of Network Optimization . . . . . . . . . 5 3.2. Optimized Decision Making . . . . . . . . . . . . . . . . 6 3.3. Safer Assessment of Innovative Network Capabilities . . . 6 3.4. Privacy and Regulatory Compliance . . . . . . . . . . . . 6 3.5. Customize Network Operation Training . . . . . . . . . . 7 4. Reference Architecture of Digital Twin Network . . . . . . . 7 5. Challenges to build Digital Twin Network . . . . . . . . . . 9 6. Interaction with IBN . . . . . . . . . . . . . . . . . . . . 10 7. Application Scenarios . . . . . . . . . . . . . . . . . . . . 10 7.1. Human Training . . . . . . . . . . . . . . . . . . . . . 10 7.2. ML Training . . . . . . . . . . . . . . . . . . . . . . . 11 7.3. DevOps-oriented certification . . . . . . . . . . . . . . 11 7.4. Network fuzzing . . . . . . . . . . . . . . . . . . . . . 11 8. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 12 10. Security Considerations . . . . . . . . . . . . . . . . . . . 12 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 13.1. Normative References . . . . . . . . . . . . . . . . . . 13 13.2. Informative References . . . . . . . . . . . . . . . . . 13 Appendix A. Change Logs . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Zhou, et al. Expires August 26, 2021 [Page 2] Internet-Draft Network Working Group February 2021 1. Introduction With the advent of technologies such as 5G, Industrial Internet of Things, Edge Computing, and Artificial Intelligence (AI), the ICT industry and other vertical industries such as smart city or smart manufacturers are transformed dramatically through replacing what is used to be manual processes with digital processes. With the fast growing of the network scale and the increased demand placed on the network driven by end user, accommodating and adapting dynamically to customer needs becomes a big challenge to network operators. Indeed, network operation and maintenance are becoming more complex due to higher complexity of the managed network. As such, providing innovations on network will be more and more difficult due to the higher risk of network failure and higher trial cost if no reliable emulation platforms are available. Digital Twin is the real-time representation of physical entities in the digital world. It has the characteristics of virtual-reality interrelation and real-time interaction, iterative operation and process optimization, as well as full life-cycle, and full business data-driven. At present, it has been successfully applied in the fields of intelligent manufacturing, smart city, or complex system operation and maintenance [Tao2019] to help with not only object design and test, but also operation and maintenance. A digital twin network platform can be built by applying Digital Twin technology to network and creating virtual image of physical network facilities (emulation). Through the real-time data interaction between the physical network and its twin network, the digital twin network platform might help the network designers to achieve more simplification, automatic, resilient, and full life-cycle operation and maintenance. Having an emulation platform that allows to reliably represent the state of a network is more reliable than a simulation platform. The emulated platform can thus be used to assess specific behaviors before actual implementation in the physical network, tweak the network for better optimized behavior, run 'what-if' scenarios that can't be tested and evaluated easily in the physical network. 2. Definition of Digital Twin Network There is no standard definition of digital twin network in networking industry or SDOs. This document attempts to define Digital Twin Network as a virtual representation of the physical network. Such virtualized representation of the network is meant to analyze, diagnose, emulate, and control the physical network. To that aim, real-time and interactive mapping is required between the between Zhou, et al. Expires August 26, 2021 [Page 3] Internet-Draft Network Working Group February 2021 physical network and the virtual twin network. Digital Twin Network may involve five key elements: data, mapping, model, interface, and orchestration stack as shown in Figure 1. +-------------+ +--------------+ | | | | | Mapping | |Orchestration | | | | | +-------------+-----------------+--------------+ | | | Analyze, Diagnose | | | | +----------------------+ | | | NETWORK DIGITAL TWIN | | | +----------------------+ | +------------+ +------------+ | | Simulate, Control | | | Models | | Data | | |-----+------------+-----| | +------------+ | | +------------+ | Interface | | | +------------+ Figure 1: Key Elements of Digital Twin Network Data: Provide a unified data repository aggregated from multiple data sources in the network, can be the single source of the "truth" and provide timely and accurate data search support. Data Model: An abstract model that organizes elements of data. Various data models such as YANG data models, database models, or knowledge graph can be designed to represent the physical network assets and flexibly trimmed or interwoven to serve various network applications. Interface: Standardized interfaces include telemetry interface between Network Digital Twin Platform and Physical Network Infrastructure, data as a service interface between Network Digital Twin Platform and Application and can effectively check the data inconsistency and ensure compatibility and scalability of DTN system. Mapping: Different from the traditional network simulation system, it provides real-time interactive mapping between physical network and virtual twin network, which emulate the behavior of a network by calculating the deviation between the different network entities (routers, switches, nodes, access points, links etc.) in Zhou, et al. Expires August 26, 2021 [Page 4] Internet-Draft Network Working Group February 2021 the physical network and corresponding entities in the virtual twin network. Orchestration: Two kind or orchestration are provided, one is to controlling the DTN environment and its components to derive the required behavior. The second is to deal with the dynamic lifecycle management of these components. The second orchestration provides repeatability (the capacity to replicate network conditions on demand) and reproducibility (the ability to replay successions of events, possibly under controlled variations). 3. Benefits of Digital Twin Network Digital Twin Networks can help enable closed-loop network management across the entire lifecycle, from digital deployment and simulation, to visualized assessment, physical deployment, and continuous verification. In doing so, network operators (and end-users to some extent) can get a global, systemic and consistent view of the network. Network operators can also safely assess the enforcement of network planning policies, deployment procedures, etc., without jeopardizing the daily operation of the physical network. The benefits of DTN can be classified into: low cost of network optimization, optimized and safer decision-making, safer testing of innovative network capabilities (including "what if" scenarios),Privacy and Regulatory Compliance and Customize Network Operation Training. The following sections detail such benefits. 3.1. Lower the Cost of Network Optimization Large scale networks are complex to operate. Since there is no effective platform for simulation, network optimization designs have to be tested on the physical network at the cost of jeopardizing its daily operation and possibly degrading the quality of the services supported by the network. Such assessment greatly increases network operator's OpEX budgets too. With a Digital Twin Network platform, network operators can safely emulate candidate optimization solutions before deploying them in the physical network. In addition, the operator's OpEX on the real physical network deployment will be greatly decreased accordingly at the cost of the complexity of the assessment and the resources involved. Zhou, et al. Expires August 26, 2021 [Page 5] Internet-Draft Network Working Group February 2021 3.2. Optimized Decision Making Traditional network operation and management mainly focus on deploying and managing current services, but hardly support predictive maintenance techniques. DTN can combine data acquisition, big data processing and AI modeling to assess the status of the network, but also to predict future trends, and better organize predictive maintenance. The DTN's ability to reproduce network behaviors under various conditions facilitates the corresponding assessment of the various evolution options as often as required. 3.3. Safer Assessment of Innovative Network Capabilities Testing a new feature in an operational network is not only complex: it's also extremely risky. DTNs can thus greatly help assessing innovative network capabilities without jeopardizing the daily operation of the physical network. In addition, it also helps researches explore network innovation (e.g. new network protocols, network AI/ML applications, etc.) efficiently, and network operators deploy new technologies quickly with lower risks. Take AI/ ML application as example, it is a conflict between the continuous high reliability requirement (i.e., 99.999%) of network and the slow learning speed or phase-in learning steps of AI/ ML algorithms. With DTN platform, AI/ML can fully complete the learning and training with the sufficient data before deploy the model to the real network. This will greatly encourage more network AI innovations in future network. 3.4. Privacy and Regulatory Compliance The requirements on data confidentiality and privacy on network service providers increase the complexity of network management, as decisions made by computation logics such as a SDN controller may rely upon the contents of payloads. As a result, the improvement of data-driven management requires complementary techniques that can provide a strict control based upon security mechanisms to guarantee data privacy protection and regulatory compliance. Some examples of these techniques include payload inspection, including de-encryption user explicit consents, or data anonymization mechanisms. Given DTN operation assumes the mapping between real traffic or services and the traffic used by the DTN for assessment purposes in particular, the need for privacy is of the utmost importance. The lack of personal data permits to lower the privacy requirements and simplifies the use of privacy-preserving techniques. Zhou, et al. Expires August 26, 2021 [Page 6] Internet-Draft Network Working Group February 2021 3.5. Customize Network Operation Training Network architectures can be complex, and their operation requires expert personnel. DTN offers an opportunity to train staff for customized networks and specific user needs. Two salient examples are the application of new network architectures and protocols, or the use of cyber-ranges to train security experts in the threat detection and mitigation. 4. Reference Architecture of Digital Twin Network So far, there is no reference or standard DTN architecture. Based on the definition of the key DTN elements introduced in section 2, a DTN architecture that relies upon three layers is depicted in Figure 2. +---------------------------------------------------------+ | +-------+ +-------+ +-------+ Network| | | App 1 | | App 2 | ... | App n | Application| | +-------+ +-------+ +-------+ | +-------------^-------------------+-----------------------+ |Capability Exposure|intent input | | +---------------------------------v-----------------------+ | Network Digital Twin| | +--------+ +------------------------+ +--------+ | | | | | Service Mapping Models | | | | | | | | +------------------+ | | | | | | Data +---> |Functional Models | +---> Digital| | | | Repo- | | +-----+-----^------+ | | Twin | | | | sitory | | | | | | Entity | | | | | | +-----v-----+------+ | | Mgmt | | | | <---+ | Basic Models | <---+ | | | | | | +------------------+ | | | | | +--------+ +------------------------+ +--------+ | +--------^------------------------------------------------+ | | | data collection | control +-------------------------------------v-------------------+ | Physical Network | | | +---------------------------------------------------------+ Figure 2: Reference Architecture of Digital Twin Network 1. The lowest layer is Physical Network. All network elements in physical network exchange massive network data and control with network digital twin entity, via southbound interfaces. Zhou, et al. Expires August 26, 2021 [Page 7] Internet-Draft Network Working Group February 2021 2. The Intermediate layer is the Network Digital Twin Entity, which is the core of the DTN system. This layer includes three key subsystems: Data Repository, Service Mapping Models and Digital Twin Entity Management. * Data Repository provides accurate and complete information about the network and its components for building various service models by collecting and updating the real-time operational data of various network elements through the southbound interface. In addition to data storage, the Repository is also responsible for providing data search services to the Service Mapping Models sub-system, including fast retrieval, concurrent conflict, batch service, unified interface, etc. * Service Mapping Models completes data modellling, provides data model instances for various network capabilities, and maximizes the agility and programmability of network services. The data models include two major types: basic models and functional models. + Basic Model refers to the network element model and network topology model of the network digital twin entity based on the basic configuration, environment information, operational state, link topology and other information of the network element, to complete the real-time accurate description of the physical network. + Functional model refers to various data models such as network analysis, simulation, diagnosis, prediction, assurance, etc. The functional models can be constructed and expanded by multiple dimensions: by network type, there can be models serving for a single or multiple network domains; by function type, it can be divided into state monitoring, traffic analysis, security exercise, fault diagnosis, quality assurance and other models; it can also be divided into general model and special-purpose model. Specifically, multiple dimensions can be combined to create a data model for more specific application scenarios. * Digital Twin Entity Management completes the management function of digital twin network, records the life-cycle of the entity, visualizes and controls various elements of the network digital twin, including topology management, model management and security management. 3. Top layer is Network Application. Various applications (e.g. OAM, IBN, etc.) can effectively run over a Digital Twin Network Zhou, et al. Expires August 26, 2021 [Page 8] Internet-Draft Network Working Group February 2021 platform to implement either conventional or innovative network operations, with low cost and less service impact on real networks. Network applications raise requirements that need to be addressed by the DTN. Such requirements are exchanged through a northbound interface; then the service is emulated by various service model instances; once checked, changes can be safely deployed in the physical network. 5. Challenges to build Digital Twin Network As mentioned in the above section, DTNs can bring many benefits to network management as well as facilitate the introduction of innovative network capabilities. However, building an effective and efficient DTN system remains a challenge. The following is a list of the major challenges. o Large scale challenge: The digital twin entity of large-scale networks will significantly increase the complexity of data acquisition and storage, the design and implementation of models. And the requirements of software and hardware of the system will be even more constraining. o Compatibility issue: It is difficult to establish a unified digital twin platform with a unified data model in the whole network domain due to the inconsistency of technical implementations and the heterogeneity of vendor technologies. o Data modeling difficulties: Based on large-scale network data, data modeling should not only focus on ensuring the accuracy of model functions, but also need to consider the flexibility and scalability of the model. Balancing these requirements further increase the complexity of building efficient and hierarchical functional data models. o Real-time requirement: For services with real-time requirements, the processing of model simulation and verification through a DTN system will increase the service delay, so the function and process of the data model need to be based on automated processing mechanism under various network application scenarios; at the same time, the real-time requirements will further increase performance requirements on the system software and hardware. o Security risks: the DTN synchronizes all the data of physical networks in real time, which inevitably augments the attack surface, with a higher risk of information leakage in particular. To address these challenges, the Digital Twin Network needs continuous optimization and breakthrough on key enabling technologies Zhou, et al. Expires August 26, 2021 [Page 9] Internet-Draft Network Working Group February 2021 including data acquisition, data storage, data modeling, network visualization, interface standardization, and security assurance, so as to meet the requirements of compatibility, reliability, real-time and security. 6. Interaction with IBN Implementing Intent-Based Networking (IBN) via DTN can be an example to show how DTN improves the efficiency of deploying network innovation. IBN is an innovative technology for life-cycle network management. Future network will be possibly Intent-based, which means that users can input their abstract 'intent' to the network, instead of detailed policies or configurations on the network devices. [I-D.irtf-nmrg-ibn-concepts-definitions] clarifies the concept of "Intent" and provides an overview of IBN functionalities. The key characteristic of an IBN system is that user's intent can be assured automatically via continuously adjusting the policies and validating the real-time situation. To lower the impact on real network, several rounds of adjustment and validation can be simulated on the DTN platform instead of directly on physical network. Therefore, DTN can be an important enabler platform to implement IBN system and speed up the deployment of IBN in customer's network. 7. Application Scenarios Digital Twin Network can be applied to solve different problems in network management and operation. 7.1. Human Training The usual approach to network Operations, Administration, and Maintenance (OAM) with procedures applied by humans is open to errors in all these procedures, with impact in network availability and resilience. Response procedures and actions for most relevant operational requests and incidents are commonly defined to reduce errors to a minimum. The progressive automation of these procedures, such as predictive control or closed loop management, reduce the faults and response time, but still there is the need of a human-in- the-loop for multiples actions. These processes are not intuitive and require training to learn how to respond. The use of DTN for this purpose in different network management activities will improve the operators performance. One common example is cybersecurity incident handling, where cyber-range exercises are executed periodically to train security practitioners. DTN will offer realistic environments, fitted to the real production networks. Zhou, et al. Expires August 26, 2021 [Page 10] Internet-Draft Network Working Group February 2021 7.2. ML Training Machine Learning requires data and their context to be available in order to apply it. A common approach in the network management environment has been to simulate or import data in a specific environment (the ML developer lab), where they are used to train the selected model, while later, when the model is deployed in production, re-train or adjust to the production environment context. This demands a specific adaption period. DTNs simplify the complete ML lifecycle development by providing a realistic environment, including network topologies, to generate the data required in a well-aligned context. Dataset generated belongs to the DTN and not to the production network, allowing information access by third parties, without impacting data privacy. 7.3. DevOps-oriented certification The potential application of CI/CD models network management operations increases the risk associated to deployment of non- validated updates, what conflicts with the goal of the certification requirements applied by network service providers. A solution for addressing these certification requirements is to verify the specific impacts of updates on service assurance and SLAs using a DTN environment replicating the network particularities, as a previous step to production release. DTN orchestration capacities support the dynamic mechanisms required by DevOps procedures. 7.4. Network fuzzing Network management dependency on programmability increases systems complexity. The behavior of new protocol stacks, API parameters and interactions among complex software components, are examples that implies higher risk to errors or vulnerabilities in software and configuration. DTN allows to apply fuzzing testing techniques on a twin network environment, with interactions and conditions similar to the production network, permitting to identify and solve vulnerabilities, bugs and zero-days attacks before production delivery. 8. Summary Research on Digital Twin Networks has just started. This document presents an overview of the DTN concepts. Looking forward, further elaboration on DTN scenarios, requirements, architecture and key enabling technologies should be promoted by the industry, so as to accelerate the implementation and deployment of DTNs. Zhou, et al. Expires August 26, 2021 [Page 11] Internet-Draft Network Working Group February 2021 9. Open Issues o Why distinguish data from model? Typically data repository can store data models. o Why is Digital Twin Network components separated from the orchestration component? Should Digital Twin Network components part of orchestration? o Do we need to first show the interfaces between the physical network and its twin and then focus on the twin part with the various required components to build the twin image? o Which component is responsible for checking for deviation of the underlay network vs. the image? o Is continuous verification an implicit reference to CI/CD procedures where the DTN would be used to run non-regression tests (for example) before deploying a major release? Please be more specific 10. Security Considerations This document describes concepts and definitions of Digital Twin Network. As such, the below security considerations remain high level, i.e. in the form of principles, guidelines or requirements. Security in the Digital-Twin network can apply to the following aspects: o Secure the digital twin system itself. o Data privacy protection Securing the digital twin system aims at making the digital-twin system operationally secure by implementing security mechanisms and applying security best practices. In the context of digital-twin Network, such mechanisms and practices may consist in data verification and model validation; mapping operations between physical network and digital counterpart network by authenticated and authorized users only. Synchronizing all the data between physical network and Network digital twin entity may increase the risk of sensitive data and information leakage. Strict control and security mechanisms such as payload inspection can be provided to mitigate data privacy risk. Zhou, et al. Expires August 26, 2021 [Page 12] Internet-Draft Network Working Group February 2021 11. Acknowledgements Diego Lopez and Antonio Pastor were partly supported by the European Commission under Horizon 2020 grant agreement no. 833685 (SPIDER), and grant agreement no. 871808 (INSPIRE-5Gplus). 12. IANA Considerations This document has no requests to IANA. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 13.2. Informative References [I-D.irtf-nmrg-ibn-concepts-definitions] Clemm, A., Ciavaglia, L., Granville, L., and J. Tantsura, "Intent-Based Networking - Concepts and Definitions", draft-irtf-nmrg-ibn-concepts-definitions-02 (work in progress), September 2020. [Tao2019] Tao, F., Zhang, H., Liu, A., and A. Nee, "Digital Twin in Industry: State-of-the-Art. IEEE Transactions on Industrial Informatics, vol. 15, no. 4.", April 2019. Appendix A. Change Logs v02 - v03 o Split interaction with IBN part as a separate section. o Fill security section; o Clarify the motivation in the introduction section; o Use new boilerplate for requirements language section; o Key elements definition update. Zhou, et al. Expires August 26, 2021 [Page 13] Internet-Draft Network Working Group February 2021 o Other editorial changes. o Add open issues section. o Add section on application scenarios. Authors' Addresses Cheng Zhou China Mobile Beijing 100053 China Email: zhouchengyjy@chinamobile.com Hongwei Yang China Mobile Beijing 100053 China Email: yanghongwei@chinamobile.com Xiaodong Duan China Mobile Beijing 100053 China Email: duanxiaodong@chinamobile.com Diego Lopez Telefonica I+D Seville Spain Email: diego.r.lopez@telefonica.com Antonio Pastor Telefonica I+D Madrid Spain Email: antonio.pastorperales@telefonica.com Zhou, et al. Expires August 26, 2021 [Page 14] Internet-Draft Network Working Group February 2021 Qin Wu Huawei 101 Software Avenue, Yuhua District Nanjing, Jiangsu 210012 China Email: bill.wu@huawei.com Mohamed Boucadair Orange Rennes 35000 France Email: mohamed.boucadair@orange.com Christian Jacquenet Orange Rennes 35000 France Email: christian.jacquenet@orange.com Zhou, et al. Expires August 26, 2021 [Page 15]