< draft-ietf-teas-enhanced-vpn-08.txt   draft-ietf-teas-enhanced-vpn-09.txt >
TEAS Working Group J. Dong TEAS Working Group J. Dong
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Informational S. Bryant Intended status: Informational S. Bryant
Expires: January 13, 2022 Futurewei Expires: 28 April 2022 University of Surrey
Z. Li Z. Li
China Mobile China Mobile
T. Miyasaka T. Miyasaka
KDDI Corporation KDDI Corporation
Y. Lee Y. Lee
Samsung Samsung
July 12, 2021 25 October 2021
A Framework for Enhanced Virtual Private Network (VPN+) Services A Framework for Enhanced Virtual Private Network (VPN+) Services
draft-ietf-teas-enhanced-vpn-08 draft-ietf-teas-enhanced-vpn-09
Abstract Abstract
This document describes the framework for Enhanced Virtual Private This document describes the framework for Enhanced Virtual Private
Network (VPN+) services. The purpose of enhanced VPNs is to support Network (VPN+) services. The purpose of enhanced VPNs is to support
the needs of new applications, particularly applications that are the needs of new applications, particularly applications that are
associated with 5G services, by utilizing an approach that is based associated with 5G services, by utilizing an approach that is based
on existing VPN and Traffic Engineering (TE) technologies and adds on existing VPN and Traffic Engineering (TE) technologies and adds
characteristics that specific services require over and above those characteristics that specific services require over those provided by
provided by traditional VPNs. traditional VPNs.
Typically, VPN+ will be used to underpin network slicing, but could Typically, VPN+ will be used to underpin network slicing, but could
also be of use in its own right providing enhanced connectivity also be of use in its own right providing enhanced connectivity
services between customer sites. services between customer sites.
It is envisaged that enhanced VPNs will be delivered using a It is envisaged that enhanced VPNs will be delivered using a
combination of existing, modified, and new networking technologies. combination of existing, modified, and new networking technologies.
This document provides an overview of relevant technologies and This document provides an overview of relevant technologies and
identifies some areas for potential new work. identifies some areas for potential new work.
skipping to change at page 2, line 7 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2022. This Internet-Draft will expire on 28 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Overview of the Requirements . . . . . . . . . . . . . . . . 6 3. Overview of the Requirements . . . . . . . . . . . . . . . . 7
3.1. Performance Guarantees . . . . . . . . . . . . . . . . . 6 3.1. Performance Guarantees . . . . . . . . . . . . . . . . . 7
3.2. Isolation between Enhanced VPN Services . . . . . . . . . 8 3.2. Isolation between Enhanced VPN Services . . . . . . . . . 9
3.2.1. A Pragmatic Approach to Isolation . . . . . . . . . . 10 3.2.1. A Pragmatic Approach to Isolation . . . . . . . . . . 11
3.3. Integration . . . . . . . . . . . . . . . . . . . . . . . 11 3.3. Integration . . . . . . . . . . . . . . . . . . . . . . . 11
3.3.1. Abstraction . . . . . . . . . . . . . . . . . . . . . 11 3.3.1. Abstraction . . . . . . . . . . . . . . . . . . . . . 12
3.4. Dynamic Changes . . . . . . . . . . . . . . . . . . . . . 11 3.4. Dynamic Changes . . . . . . . . . . . . . . . . . . . . . 12
3.5. Customized Control . . . . . . . . . . . . . . . . . . . 12 3.5. Customized Control . . . . . . . . . . . . . . . . . . . 13
3.6. Applicability . . . . . . . . . . . . . . . . . . . . . . 12 3.6. Applicability to Overlay Technologies . . . . . . . . . . 13
3.7. Inter-Domain and Inter-Layer Network . . . . . . . . . . 13 3.7. Inter-Domain and Inter-Layer Network . . . . . . . . . . 14
4. Architecture of Enhanced VPNs . . . . . . . . . . . . . . . . 13 4. Architecture of Enhanced VPNs . . . . . . . . . . . . . . . . 14
4.1. Layered Architecture . . . . . . . . . . . . . . . . . . 15 4.1. Layered Architecture . . . . . . . . . . . . . . . . . . 16
4.2. Multi-Point to Multi-Point (MP2MP) Connectivity . . . . . 17 4.2. Multi-Point to Multi-Point (MP2MP) Connectivity . . . . . 18
4.3. Application Specific Data Types . . . . . . . . . . . . . 17 4.3. Application Specific Data Types . . . . . . . . . . . . . 19
4.4. Scaling Considerations . . . . . . . . . . . . . . . . . 18 4.4. Scaling Considerations . . . . . . . . . . . . . . . . . 19
5. Candidate Technologies . . . . . . . . . . . . . . . . . . . 18 5. Candidate Technologies . . . . . . . . . . . . . . . . . . . 20
5.1. Packet Forwarding Plane Technologies . . . . . . . . . . 19 5.1. Packet Forwarding Plane Technologies . . . . . . . . . . 20
5.1.1. Flexible Ethernet . . . . . . . . . . . . . . . . . . 19 5.1.1. Flexible Ethernet . . . . . . . . . . . . . . . . . . 20
5.1.2. Dedicated Queues . . . . . . . . . . . . . . . . . . 19 5.1.2. Dedicated Queues . . . . . . . . . . . . . . . . . . 21
5.1.3. Time Sensitive Networking . . . . . . . . . . . . . . 20 5.1.3. Time Sensitive Networking . . . . . . . . . . . . . . 21
5.2. Layer Three Data Plane . . . . . . . . . . . . . . . . . 20 5.2. Layer Three Data Plane . . . . . . . . . . . . . . . . . 21
5.2.1. Deterministic Networking . . . . . . . . . . . . . . 20 5.2.1. Deterministic Networking . . . . . . . . . . . . . . 22
5.2.2. MPLS Traffic Engineering (MPLS-TE) . . . . . . . . . 21 5.2.2. MPLS Traffic Engineering (MPLS-TE) . . . . . . . . . 22
5.2.3. Segment Routing . . . . . . . . . . . . . . . . . . . 21 5.2.3. Segment Routing . . . . . . . . . . . . . . . . . . . 22
5.3. Non-Packet Data Plane . . . . . . . . . . . . . . . . . . 23
5.3. Non-Packet Data Plane . . . . . . . . . . . . . . . . . . 22 5.4. Control Plane . . . . . . . . . . . . . . . . . . . . . . 23
5.4. Control Plane . . . . . . . . . . . . . . . . . . . . . . 22 5.5. Management Plane . . . . . . . . . . . . . . . . . . . . 24
5.5. Management Plane . . . . . . . . . . . . . . . . . . . . 23 5.6. Applicability of Service Data Models to Enhanced VPN . . 25
5.6. Applicability of Service Data Models to Enhanced VPN . . 24 6. Applicability to Network Slice Realization . . . . . . . . . 26
5.6.1. An Example of Enhanced VPN Delivery . . . . . . . . . 25 6.1. VTN Planning and Instantiation . . . . . . . . . . . . . 26
6. Scalability Considerations . . . . . . . . . . . . . . . . . 25 6.2. Enhanced VPN Provisioning . . . . . . . . . . . . . . . . 27
6.1. Maximum Stack Depth of SR . . . . . . . . . . . . . . . . 26 6.3. Network Slice Traffic Steering and Forwarding . . . . . . 27
6.2. RSVP-TE Scalability . . . . . . . . . . . . . . . . . . . 27 7. Scalability Considerations . . . . . . . . . . . . . . . . . 28
6.3. SDN Scaling . . . . . . . . . . . . . . . . . . . . . . . 27 7.1. Maximum Stack Depth of SR . . . . . . . . . . . . . . . . 29
7. OAM Considerations . . . . . . . . . . . . . . . . . . . . . 27 7.2. RSVP-TE Scalability . . . . . . . . . . . . . . . . . . . 29
8. Telemetry Considerations . . . . . . . . . . . . . . . . . . 28 7.3. SDN Scaling . . . . . . . . . . . . . . . . . . . . . . . 29
9. Enhanced Resiliency . . . . . . . . . . . . . . . . . . . . . 28 8. OAM Considerations . . . . . . . . . . . . . . . . . . . . . 29
10. Operational Considerations . . . . . . . . . . . . . . . . . 29 9. Telemetry Considerations . . . . . . . . . . . . . . . . . . 30
11. Security Considerations . . . . . . . . . . . . . . . . . . . 29 10. Enhanced Resiliency . . . . . . . . . . . . . . . . . . . . . 30
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 11. Operational Considerations . . . . . . . . . . . . . . . . . 32
13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 30 12. Security Considerations . . . . . . . . . . . . . . . . . . . 32
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 33
15.1. Normative References . . . . . . . . . . . . . . . . . . 31 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33
15.2. Informative References . . . . . . . . . . . . . . . . . 32 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 33
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 16.1. Normative References . . . . . . . . . . . . . . . . . . 33
16.2. Informative References . . . . . . . . . . . . . . . . . 34
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40
1. Introduction 1. Introduction
Virtual private networks (VPNs) have served the industry well as a Virtual private networks (VPNs) have served the industry well as a
means of providing different groups of users with logically isolated means of providing different groups of users with logically isolated
connectivity over a common network. The common or base network that connectivity over a common network. The common or base network that
is used to provide the VPNs is often referred to as the underlay, and is used to provide the VPNs is often referred to as the underlay, and
the VPN is often called an overlay. the VPN is often called an overlay.
Customers of a network operator may request a connectivity services Customers of a network operator may request a connectivity services
skipping to change at page 4, line 7 skipping to change at page 4, line 10
The concept of network slicing has gained traction driven largely by The concept of network slicing has gained traction driven largely by
needs surfacing from 5G [NGMN-NS-Concept] [TS23501] [TS28530] needs surfacing from 5G [NGMN-NS-Concept] [TS23501] [TS28530]
[BBF-SD406]. According to [TS28530], a 5G end-to-end network slice [BBF-SD406]. According to [TS28530], a 5G end-to-end network slice
consists of three major types of network segments: Radio Access consists of three major types of network segments: Radio Access
Network (RAN), Transport Network (TN), and Mobile Core Network (CN). Network (RAN), Transport Network (TN), and Mobile Core Network (CN).
The transport network provides the connectivity between different The transport network provides the connectivity between different
entities in RAN and CN segments of a 5G end-to-end network slice, entities in RAN and CN segments of a 5G end-to-end network slice,
with specific performance commitment. with specific performance commitment.
An IETF network slice [I-D.ietf-teas-ietf-network-slices] is a [I-D.ietf-teas-ietf-network-slices] introduces the concept and the
virtual (logical) network with its own network topology and a set of general framework of IETF network slices. An IETF Network Slice is a
shared or dedicated network resources, which are used to provide the logical network topology connecting a number of endpoints using a set
network slice customer with the required connectivity, appropriate of shared or dedicated network resources that are used to satisfy
isolation, and a specific set of Service Level Objectives (SLOs) and specific Service Level Objectives (SLOs) and Service Level
Service Level Expectations (SLEs). In this document (which is solely Expectations (SLEs). In this document (which is solely about IETF
about IETF technologies) we refer to an "IETF network slice" simply technologies) we refer to an "IETF network slice" simply as a
as a "network slice": a network slice is considered one possible use "network slice": a network slice is considered one possible use case
case of an enhanced VPN. of an enhanced VPN.
A network slice could span multiple technologies (such as IP or A network slice could span multiple technologies (such as IP or
Optical) and multiple administrative domains. Depending on the Optical) and multiple administrative domains. Depending on the
customer's requirement, a network slice could be isolated from other customer's requirement, a network slice could be isolated from other
network slices in terms of data plane, control plane, and management network slices in terms of data plane, control plane, and management
plane resources. plane resources.
Network slicing builds on the concepts of resource management, Network slicing builds on the concepts of resource management,
network virtualization, and abstraction to provide performance network virtualization, and abstraction to provide performance
assurance, flexibility, programmability, and modularity. It may use assurance, flexibility, programmability, and modularity. It may use
skipping to change at page 5, line 17 skipping to change at page 5, line 29
using pre-existing mechanisms and can co-exist with VPN+ services. using pre-existing mechanisms and can co-exist with VPN+ services.
In fact, compared to traditional VPNs, it is not envisaged that large In fact, compared to traditional VPNs, it is not envisaged that large
numbers of VPN+ services will be deployed in a network. In other numbers of VPN+ services will be deployed in a network. In other
words, it is not intended that all existing VPNs supported by a words, it is not intended that all existing VPNs supported by a
network will use VPN+ techniques. network will use VPN+ techniques.
This document describes a framework for using existing, modified, and This document describes a framework for using existing, modified, and
potential new technologies as components to provide a VPN+ service. potential new technologies as components to provide a VPN+ service.
Specifically, we are concerned with: Specifically, we are concerned with:
o The functional requirements and service characteristics of an * The functional requirements and service characteristics of an
enhanced VPN. enhanced VPN.
o The design of the enhanced VPN data plane. * The design of the enhanced VPN data plane.
o The necessary control and management protocols in both the * The necessary control and management protocols in both the
underlay and the overlay of the enhanced VPN. underlay and the overlay of the enhanced VPN.
o The mechanisms to achieve integration between overlay and * The mechanisms to achieve integration between overlay and
underlay. underlay.
o The necessary Operation, Administration, and Management (OAM) * The necessary Operation, Administration, and Management (OAM)
methods to instrument an enhanced VPN to make sure that the methods to instrument an enhanced VPN to make sure that the
required Service Level Agreement (SLA) between the customer and required Service Level Agreement (SLA) between the customer and
the network operator is met, and to take any corrective action the network operator is met, and to take any corrective action
(such as switching traffic to an alternate path) to avoid SLA (such as switching traffic to an alternate path) to avoid SLA
violation. violation.
The required layered network structure to achieve this is shown in The required layered network structure to achieve this is shown in
Section 4.1. Section 4.1.
2. Terminology 2. Terminology
In this document, the relationship of the four terms "VPN", "VPN+", In this document, the relationship of the four terms "VPN", "VPN+",
"VTN", and "Network Slice" are as follows: "VTN", and "Network Slice" are as follows:
o A Virtual Private Network (VPN) refers to the overlay network * A Virtual Private Network (VPN) refers to the overlay network
service that provides the connectivity between different customer service that provides the connectivity between different customer
sites, and that maintains traffic separation between different sites, and that maintains traffic separation between different
customers. IPVPN is defined in [RFC2764], L2VPN is defined in customers. IPVPN is defined in [RFC2764], L2VPN is defined in
[RFC4664], L3VPN is defined in [RFC4364], and EVPN is defined in [RFC4664], L3VPN is defined in [RFC4364], and EVPN is defined in
[RFC7209]. [RFC7209].
o An enhanced VPN (VPN+) is an evolution of the VPN service that * An enhanced VPN (VPN+) is an evolution of the VPN service that
makes additional service-specific commitments. An enhanced VPN is makes additional service-specific commitments. An enhanced VPN is
made by integrating an overlay VPN with a set of network resources made by integrating an overlay VPN with a set of network resources
allocated in the underlay network. allocated in the underlay network.
o A Virtual Transport Network (VTN) is a virtual underlay network * A Virtual Transport Network (VTN) is a virtual underlay network
that provide the connection between the customer sites. The VTN which consists of a set of dedicated or shared network resources
has the capability to deliver the performance characteristics allocated from the physical underlay network, and is associated
required by the VPN+ customers and to provide isolation between with a customized logical network topology. VTN has the
separate VPN+ services. capability to deliver the performance characteristics required by
the VPN+ customers and to provide isolation between different VPN+
services.
o A network slice could be provided by building an enhanced VPN. * A network slice could be provided by provisioning an enhanced VPN
Other mechanisms for delivering network slices may exist but are in the network. Other mechanisms for delivering network slices
not in scope for this document. may exist but are not in scope for this document.
The term "tenant" is used in this document to refer to the customers The term "tenant" is used in this document to refer to the customers
and all of their associated enhanced VPNs. and all of their associated enhanced VPNs.
The following terms are also used in this document. Some of them are The following terms are also used in this document. Some of them are
newly defined, some others reference existing definitions. newly defined, some others reference existing definitions.
ACTN: Abstraction and Control of Traffic Engineered Networks ACTN: Abstraction and Control of Traffic Engineered Networks
[RFC8453] [RFC8453]
DetNet: Deterministic Networking. See [DETNET] and [RFC8655] DetNet: Deterministic Networking. See [DETNET] and [RFC8655]
FlexE: Flexible Ethernet [FLEXE] FlexE: Flexible Ethernet [FLEXE]
TSN: Time Sensitive Networking [TSN] TSN: Time Sensitive Networking [TSN]
VN: Virtual Network [I-D.ietf-teas-actn-vn-yang] VN: Virtual Network [I-D.ietf-teas-actn-vn-yang]
VTP: Virtual Transport Path. A VTP is a path through the VTN which VTP: Virtual Transport Path. A VTP is a path through the VTN which
provides the connection between two customer sites. provides the required connectivity and performance between two or
more customer sites.
3. Overview of the Requirements 3. Overview of the Requirements
This section provides an overview of the requirements of an enhanced This section provides an overview of the requirements of an enhanced
VPN service. VPN service.
3.1. Performance Guarantees 3.1. Performance Guarantees
Performance guarantees are made by network operators to their Performance guarantees are made by network operators to their
customers in relation to the services provided to the customers. customers in relation to the services provided to the customers.
skipping to change at page 7, line 38 skipping to change at page 8, line 10
is in the nature of time that the service might be delivered by the is in the nature of time that the service might be delivered by the
underlay as a shared service and not provided through different underlay as a shared service and not provided through different
enhanced VPNs. Alternatively, a dedicated enhanced VPN might be used enhanced VPNs. Alternatively, a dedicated enhanced VPN might be used
to provide this as a shared service. to provide this as a shared service.
This suggests that a spectrum of service guarantees need to be This suggests that a spectrum of service guarantees need to be
considered when deploying an enhanced VPN. As a guide to considered when deploying an enhanced VPN. As a guide to
understanding the design requirements we can consider four types of understanding the design requirements we can consider four types of
service: service:
o Best effort * Best effort
o Assured bandwidth * Assured bandwidth
o Guaranteed latency * Guaranteed latency
o Enhanced delivery * Enhanced delivery
The best effort service is the basic service as provided by current The best effort service is the basic service as provided by current
VPNs. VPNs.
An assured bandwidth service is one in which the bandwidth over some An assured bandwidth service is one in which the bandwidth over some
period of time is assured. This can be achieved either simply based period of time is assured. This can be achieved either simply based
on a best effort service with over-capacity provisioning, or it can on a best effort service with over-capacity provisioning, or it can
be based on MPLS traffic engineered label switching paths (TE-LSPs) be based on MPLS traffic engineered label switching paths (TE-LSPs)
with bandwidth reservations. Depending on the technique used, with bandwidth reservations. Depending on the technique used,
however, the bandwidth is not necessarily assured at any instant. however, the bandwidth is not necessarily assured at any instant.
skipping to change at page 11, line 39 skipping to change at page 12, line 24
information that represents the potential ability to connect across information that represents the potential ability to connect across
the network. The process of abstraction presents the connectivity the network. The process of abstraction presents the connectivity
graph in a way that is independent of the underlying network graph in a way that is independent of the underlying network
technologies, capabilities, and topology so that the graph can be technologies, capabilities, and topology so that the graph can be
used to plan and deliver network services in a uniform way. used to plan and deliver network services in a uniform way.
Virtual networks can be built on top of an abstracted topology that Virtual networks can be built on top of an abstracted topology that
represents the connectivity capabilities of the underlay network as represents the connectivity capabilities of the underlay network as
described in the framework for Abstraction and Control of TE Networks described in the framework for Abstraction and Control of TE Networks
(ACTN) [RFC8453] as discussed further in Section 5.5. (ACTN) [RFC8453] as discussed further in Section 5.5.
[I-D.king-teas-applicability-actn-slicing] describes the [I-D.ietf-teas-applicability-actn-slicing] describes the
applicability of ACTN to network slicing and is, therefore, relevant applicability of ACTN to network slicing and is, therefore, relevant
to the consideration of using ACTN to enable enhanced VPNs. to the consideration of using ACTN to enable enhanced VPNs.
3.4. Dynamic Changes 3.4. Dynamic Changes
Enhanced VPNs need to be created, modified, and removed from the Enhanced VPNs need to be created, modified, and removed from the
network according to service demands. An enhanced VPN that requires network according to service demands. An enhanced VPN that requires
hard isolation (Section 3.2) must not be disrupted by the hard isolation (Section 3.2) must not be disrupted by the
instantiation or modification of another enhanced VPN. Determining instantiation or modification of another enhanced VPN. Determining
whether modification of an enhanced VPN can be disruptive to that whether modification of an enhanced VPN can be disruptive to that
skipping to change at page 12, line 46 skipping to change at page 13, line 33
own network controller, which may be provided with an interface to own network controller, which may be provided with an interface to
the control or management system run by the network operator. Note the control or management system run by the network operator. Note
that such control is within the scope of the customer's enhanced VPN, that such control is within the scope of the customer's enhanced VPN,
any additional changes beyond this would require some intervention by any additional changes beyond this would require some intervention by
the network operator. the network operator.
A description of the control plane aspects of this problem are A description of the control plane aspects of this problem are
discussed further in Section 5.4. A description of the management discussed further in Section 5.4. A description of the management
plane aspects of this feature can be found in Section 5.5. plane aspects of this feature can be found in Section 5.5.
3.6. Applicability 3.6. Applicability to Overlay Technologies
The concept of enhanced VPN can be applied to any existing and future The concept of enhanced VPN can be applied to any existing and future
multi-tenancy overlay services including but not limited to : multi-tenancy overlay technologies including but not limited to :
o Layer-2 point-to-point services such as pseudowires [RFC3985] * Layer-2 point-to-point services such as pseudowires [RFC3985]
o Layer-2 VPNs [RFC4664]
o Ethernet VPNs [RFC7209] * Layer-2 VPNs [RFC4664]
o Layer-3 VPNs [RFC4364], [RFC2764] * Ethernet VPNs [RFC7209]
* Layer-3 VPNs [RFC4364], [RFC2764]
Where such VPN service types need enhanced isolation and delivery Where such VPN service types need enhanced isolation and delivery
characteristics, the technologies described in Section 5 can be used characteristics, the technologies described in Section 5 can be used
to provide an underlay with the required enhanced performance. to provide an underlay with the required enhanced performance.
3.7. Inter-Domain and Inter-Layer Network 3.7. Inter-Domain and Inter-Layer Network
In some scenarios, an enhanced VPN service may span multiple network In some scenarios, an enhanced VPN service may span multiple network
domains. A domain is considered to be any collection of network domains. A domain is considered to be any collection of network
elements within a common realm of address space or path computation elements within a common realm of address space or path computation
skipping to change at page 13, line 42 skipping to change at page 14, line 33
common network infrastructure. Each enhanced VPN consists of both common network infrastructure. Each enhanced VPN consists of both
the overlay and a VTN with a specific set of network resources and the overlay and a VTN with a specific set of network resources and
service functions allocated in the underlay to satisfy the needs of service functions allocated in the underlay to satisfy the needs of
the VPN customer. One VTN may support one of more enhanced VPNs. the VPN customer. One VTN may support one of more enhanced VPNs.
The integration between overlay and various underlay resources The integration between overlay and various underlay resources
ensures the required isolation between different enhanced VPNs, and ensures the required isolation between different enhanced VPNs, and
achieves the guaranteed performance for different services. achieves the guaranteed performance for different services.
An enhanced VPN needs to be designed with consideration given to: An enhanced VPN needs to be designed with consideration given to:
o An enhanced data plane. * An enhanced data plane.
o A control plane to create enhanced VPNs, making use of the data * A control plane to create enhanced VPNs, making use of the data
plane isolation and performance guarantee techniques. plane isolation and performance guarantee techniques.
o A management plane for enhanced VPN service life-cycle management. * A management plane for enhanced VPN service life-cycle management.
These topics are expanded below. These topics are expanded below.
o The enhanced data plane: * The enhanced data plane:
* Provides the required packet latency and jitter - Provides the required packet latency and jitter
characteristics. characteristics.
* Provides the required packet loss characteristics. - Provides the required packet loss characteristics.
* Provides the required resource isolation capability, e.g., - Provides the required resource isolation capability, e.g.,
bandwidth guarantee. bandwidth guarantee.
* Provides the mechanism to associate a packet with the set of - Provides the mechanism to associate a packet with the set of
resources allocated to the enhanced VPN to which the packet resources allocated to the enhanced VPN to which the packet
belongs. belongs.
o The control plane: * The control plane:
* Collects information about the underlying network topology and - Collects information about the underlying network topology and
available resources, and exports this to nodes in the network available resources, and exports this to nodes in the network
and/or a centralized controller as required. and/or a centralized controller as required.
* Creates the required VTNs with the resources and properties - Creates the required VTNs with the resources and properties
needed by the enhanced VPN services that are they support. needed by the enhanced VPN services that are they support.
* Determines the risk of SLA violation and takes appropriate - Determines the risk of SLA violation and takes appropriate
avoiding action. avoiding action.
* Determines the right balance of per-packet and per-node state - Determines the right balance of per-packet and per-node state
according to the needs of the enhanced VPN services to scale to according to the needs of the enhanced VPN services to scale to
the required size. the required size.
o The management plane: * The management plane:
* Provides an interface between the enhanced VPN provider (e.g., - Provides an interface between the enhanced VPN provider (e.g.,
operator's network management system ) and the enhanced VPN operator's network management system ) and the enhanced VPN
customer (e.g., an organization or a service with enhanced VPN customer (e.g., an organization or a service with enhanced VPN
requirement) such that some of the operation requests can be requirement) such that some of the operation requests can be
met without interfering with the enhanced VPN of other met without interfering with the enhanced VPN of other
customers. customers.
* Provides an interface between the enhanced VPN provider and the - Provides an interface between the enhanced VPN provider and the
enhanced VPN customers to expose the network capability enhanced VPN customers to expose the network capability
information toward the enhanced VPN customer. information toward the enhanced VPN customer.
* Provides the service life-cycle management and operation of - Provides the service life-cycle management and operation of
enhanced VPNs (e.g., creation, modification, assurance/ enhanced VPNs (e.g., creation, modification, assurance/
monitoring, and decommissioning). monitoring, and decommissioning).
o Operations, Administration, and Maintenance (OAM) * Operations, Administration, and Maintenance (OAM)
* Provides the tools to verify the connectivity and performance
- Provides the tools to verify the connectivity and performance
of the enhanced VPN. of the enhanced VPN.
* Provides the tools to verify whether the underlay network - Provides the tools to verify whether the underlay network
resources are correctly allocated and operating properly. resources are correctly allocated and operating properly.
o Telemetry * Telemetry
- Provides the mechanisms to collect network information about
* Provides the mechanisms to collect network information about
the operation of the data plane, control plane, and management the operation of the data plane, control plane, and management
plane. More specifically, telemetry provides the mechanisms to plane. More specifically, telemetry provides the mechanisms to
collect network data: collect network data:
+ from the underlay network for overall performance evaluation o from the underlay network for overall performance evaluation
and for the planning enhanced VPN services. and for the planning enhanced VPN services.
+ from each enhanced VPN and for monitoring and analytics of o from each enhanced VPN and for monitoring and analytics of
the characteristics and SLA fulfillment of the enhanced VPN the characteristics and SLA fulfillment of the enhanced VPN
services. services.
4.1. Layered Architecture 4.1. Layered Architecture
The layered architecture of an enhanced VPN is shown in Figure 2. The layered architecture of an enhanced VPN is shown in Figure 2.
Underpinning everything is the physical network infrastructure layer Underpinning everything is the physical network infrastructure layer
which provide the underlying resources used to provision the which provide the underlying resources used to provision the
separated virtual transport networks (VTNs). This includes the separated virtual transport networks (VTNs). This includes the
skipping to change at page 18, line 38 skipping to change at page 19, line 49
usually be possible to aggregate a set or group of VPN+ services so usually be possible to aggregate a set or group of VPN+ services so
that they share the same VTN and the same set of network resources that they share the same VTN and the same set of network resources
(much in the same way that current VPNs are aggregated over transport (much in the same way that current VPNs are aggregated over transport
tunnels) so that collections of enhanced VPNs that require the same tunnels) so that collections of enhanced VPNs that require the same
behavior from the network in terms of resource reservation, latency behavior from the network in terms of resource reservation, latency
bounds, resiliency, etc. can be grouped together. This is an bounds, resiliency, etc. can be grouped together. This is an
important feature to assist with the scaling characteristics of VPN+ important feature to assist with the scaling characteristics of VPN+
deployments. deployments.
[I-D.dong-teas-enhanced-vpn-vtn-scalability] provides more details of [I-D.dong-teas-enhanced-vpn-vtn-scalability] provides more details of
scalability considerations for enhanced VPNs, and Section 6 includes scalability considerations for enhanced VPNs, and Section 7 includes
a greater discussion of scalability considerations. a greater discussion of scalability considerations.
5. Candidate Technologies 5. Candidate Technologies
A VPN is a network created by applying a demultiplexing technique to A VPN is a network created by applying a demultiplexing technique to
the underlying network (the underlay) to distinguish the traffic of the underlying network (the underlay) to distinguish the traffic of
one VPN from that of another. A VPN path that travels by other than one VPN from that of another. A VPN path that travels by other than
the shortest path through the underlay normally requires state in the the shortest path through the underlay normally requires state in the
underlay to specify that path. State is normally applied to the underlay to specify that path. State is normally applied to the
underlay through the use of the RSVP-TE signaling protocol, or underlay through the use of the RSVP-TE signaling protocol, or
skipping to change at page 22, line 34 skipping to change at page 23, line 46
optimization of the centralized and distributed control plane is optimization of the centralized and distributed control plane is
needed to support the enhanced properties of VPN+. needed to support the enhanced properties of VPN+.
RSVP-TE [RFC3209] provides the signaling mechanism for establishing a RSVP-TE [RFC3209] provides the signaling mechanism for establishing a
TE-LSP in an MPLS network with end-to-end resource reservation. This TE-LSP in an MPLS network with end-to-end resource reservation. This
can be seen as an approach of providing a Virtual Transport Path can be seen as an approach of providing a Virtual Transport Path
(VTP) which could be used to bind the VPN to specific network (VTP) which could be used to bind the VPN to specific network
resources allocated within the underlay, but there remain scalability resources allocated within the underlay, but there remain scalability
concerns as mentioned in Section 5.2.2. concerns as mentioned in Section 5.2.2.
The control plane of SR [RFC8665] [RFC8667] The control plane of SR [RFC8665] [RFC8667] [RFC9085] does not have
[I-D.ietf-idr-bgp-ls-segment-routing-ext] does not have the the capability of signaling resource reservations along the path. On
capability of signaling resource reservations along the path. On the the other hand, the SR approach provides a potential way of binding
other hand, the SR approach provides a potential way of binding the the underlay network resource and the enhanced VPN service without
underlay network resource and the enhanced VPN service without
requiring per-path state to be maintained in the network. A requiring per-path state to be maintained in the network. A
centralized controller can perform resource planning and reservation centralized controller can perform resource planning and reservation
for enhanced VPNs, while it needs to ensure that resources are for VTNs, while it needs to ensure that resources are correctly
correctly allocated in network nodes for the enhanced VPN service. allocated in network nodes for the enhanced VPN service. The
The controller could also compute the SR paths based on the planned controller could also compute the SR paths based on the planned or
or collected network resource and other attributes, and provision the collected network resource and other attributes, and provision the SR
SR paths based on the mechanism in paths based on the mechanism in
[I-D.ietf-spring-segment-routing-policy] to the ingress nodes of the [I-D.ietf-spring-segment-routing-policy] to the ingress nodes of the
enhanced VPN services. The distributed control plane may be used to enhanced VPN services. The distributed control plane may be used to
advertise the network attributes associated with enhanced VPNs, and advertise the network topology and resource attributes associated
compute the SR paths with specific constraints of enhanced VPN with the VTNs, and compute the SR paths with VTN specific constraints
services. for the enhanced VPN services.
5.5. Management Plane 5.5. Management Plane
The management plane provides the interface between the enhanced VPN The management plane provides the interface between the enhanced VPN
provider and the customers for life-cycle management of the service provider and the customers for life-cycle management of the service
(i.e., creation, modification, assurance/monitoring, and (i.e., creation, modification, assurance/monitoring, and
decommissioning). It relies on a set of service data models for the decommissioning). It relies on a set of service data models for the
description of the information and operations needed on the description of the information and operations needed on the
interface. interface.
skipping to change at page 24, line 23 skipping to change at page 25, line 33
5.6. Applicability of Service Data Models to Enhanced VPN 5.6. Applicability of Service Data Models to Enhanced VPN
This section describes the applicability of the existing and in- This section describes the applicability of the existing and in-
progress service data models to enhanced VPN. New service models may progress service data models to enhanced VPN. New service models may
also be introduced for some of the required management functions. also be introduced for some of the required management functions.
The ACTN framework[RFC8453] supports operators in viewing and The ACTN framework[RFC8453] supports operators in viewing and
controlling different domains and presenting virtualized networks to controlling different domains and presenting virtualized networks to
their customers. It highlights how: their customers. It highlights how:
o Abstraction of the underlying network resources is provided to * Abstraction of the underlying network resources is provided to
higher-layer applications and customers. higher-layer applications and customers.
o Underlying resources are virtualized and allocated for the * Underlying resources are virtualized and allocated for the
customer, application, or service. customer, application, or service.
o A virtualized environment is created allowing operators to view * A virtualized environment is created allowing operators to view
and control multi-domain networks as a single virtualized network. and control multi-domain networks as a single virtualized network.
o Networks can be presented to customers as a virtual network via * Networks can be presented to customers as a virtual network via
open and programmable interfaces. open and programmable interfaces.
The type of network virtualization enabled by ACTN managed The type of network virtualization enabled by ACTN managed
infrastructure provides customers with the capability to utilize and infrastructure provides customers with the capability to utilize and
independently control allocated virtual network resources as if they independently control allocated virtual network resources as if they
were physically their own resources. Service Data models are used to were physically their own resources. Service Data models are used to
represent, monitor, and manage the virtual networks and services represent, monitor, and manage the virtual networks and services
enabled by ACTN. The VPN customer service models (e.g., the layer 3 enabled by ACTN. The VPN customer service models (e.g., the layer 3
VPN service model (L3SM) [RFC8299], the layer 2 VPN service model VPN service model (L3SM) [RFC8299], the layer 2 VPN service model
(L2SM) [RFC8466]), or the ACTN Virtual Network (VN) model (L2SM) [RFC8466]), or the ACTN Virtual Network (VN) model
skipping to change at page 25, line 7 skipping to change at page 26, line 16
infrastructure, and is presented by the ACTN provider as a set of infrastructure, and is presented by the ACTN provider as a set of
abstracted services or resources. The layer 3 VPN network model abstracted services or resources. The layer 3 VPN network model
(L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and layer 2 VPN network model (L3NM) [I-D.ietf-opsawg-l3sm-l3nm] and layer 2 VPN network model
(L2NM) [I-D.ietf-opsawg-l2nm] provide network views of the ACTN (L2NM) [I-D.ietf-opsawg-l2nm] provide network views of the ACTN
managed infrastructure presented by the ACTN provider as a set of managed infrastructure presented by the ACTN provider as a set of
virtual networks and the associated resources. The VTN network model virtual networks and the associated resources. The VTN network model
[I-D.wd-teas-vtn-network-yang] further provides the management of the [I-D.wd-teas-vtn-network-yang] further provides the management of the
virtual underlay network topology and resources for the mapping of virtual underlay network topology and resources for the mapping of
the VPN network models. the VPN network models.
[I-D.king-teas-applicability-actn-slicing] discusses the [I-D.ietf-teas-applicability-actn-slicing] discusses the
applicability of the ACTN approach in the context of network slicing. applicability of the ACTN approach in the context of network slicing.
Since there is a strong correlation between network slices and Since there is a strong correlation between network slices and
enhanced VPNs, that document can also give guidance on how ACTN can enhanced VPNs, that document can also give guidance on how ACTN can
be applied to enhanced VPNs. be applied to enhanced VPNs.
5.6.1. An Example of Enhanced VPN Delivery 6. Applicability to Network Slice Realization
One typical use case of enhanced VPN is to instantiate a network One of the typical use cases of enhanced VPN is to deliver IETF
slice. In order to provide network slices to customers, a network slice service. This section describes the applicability of
technology-agnostic network slice Northbound Interface (NBI) data enhanced VPN to network slice realization.
model is needed for the customers to communicate the requirements and
operations of network slices (end points, connectivity, SLOs, and
SLEs). These requirements may then be realized using technology-
specific Southbound Interfaces (SBIs) to instruct the network to
instantiate an enhanced VPN service to meet the requirements of the
customer.
As per [RFC8453] and [I-D.ietf-teas-actn-yang], the CNC-MDSC In order to provide network slices to customers, a technology-
Interface (CMI) of ACTN can be used to convey the virtual network agnostic network slice service Northbound Interface (NBI) data model
service requirements, which is a generic interface to deliver various [I-D.ietf-teas-ietf-network-slice-nbi-yang] is needed for the
TE based VN services. In the context of the network slice NBI, there customers to communicate the requirements of IETF network slices (end
may be some gaps in the combination of the L3SM/L2SM and VN models. points, connectivity, SLOs, and SLEs). These requirements may be
The NBI is required to communicate the connectivity of the network realized using technology specified in this document to instruct the
slice, along with the SLO parameters, SLEs, and traffic selection network to instantiate an enhanced VPN to meet the requirements of
rules, and provides a way to monitor the state of the network slice. the IETF network slice customers.
This can be described in a more abstract manner, so as to reduce the
association with specific technologies used to realize the network
slice, such as the VPN and TE technologies. The network slice NBI
model as defined in [I-D.wd-teas-ietf-network-slice-nbi-yang]
provides an abstract and generic approach to provide the network
slice NBI functions.
The MDSC-PNC Interface (MPI) models in the ACTN architecture can be 6.1. VTN Planning and Instantiation
used for the realization of network slices, for example, in a TE
enabled network, and may also be used for cross-layer or cross-domain
implementation of network slice.
6. Scalability Considerations According to the network operators' network resource planning policy,
or based on the requirement of one or a group of customers or
services, a VTN may need to be created. One of the basic
requirements for a VTN is to provide a set of dedicated network
resources to avoid unexpected interference from other services in the
same network. Other possible requirements may include the required
topology and connectivity, bandwidth, latency, reliability, etc.
A centralized network controller can be responsible for calculating a
subset of the underlay network topology (which is called a logical
topology) to support the VTN requirement. And on the network nodes
and links within the logical topology, the set of network resources
to be allocated to the VTN can also be determined by the controller.
Normally such calculation needs to take the underlay network
connectivity information and the available network resource
information of the underlay network into consideration. The network
controller may also take the status of the existing VTNs into
consideration in the planning and calculation of a new VTN.
According to the result of the VTN planning, the network nodes and
links involved in the logical topology of the VTN are instructed to
allocated the required set of network resources for the VTN. One or
multiple mechanisms as specified in section 5.1 can be used to
partition the forwarding plane network resources for different VTNs.
In addition, the data plane VTN identifiers which are used to
identify the set of network resources allocated to the VTN are also
provisioned on the network nodes. Depends on the data plane
technologies used, the set of network resources of a VTN can be
identified using either resource aware SR segments as specified in
[I-D.ietf-spring-resource-aware-segments], or a dedicated VTN
resource ID as specified in [I-D.dong-6man-enhanced-vpn-vtn-id] can
be introduced. The network nodes involved in a VTN may distribute
the logical topology information, the VTN specific network resource
information and the VTN resource identifiers using the control plane,
which could be used by the controller and the network nodes to
compute the TE paths within the VTN, and install the VTN specific
forwarding entries.
6.2. Enhanced VPN Provisioning
According to the connectivity requirements of an IETF network slice
service, an overlay VPN can be created using the existing or future
multi-tenancy overlay technologies as described in Section 3.6.
Then according to the SLOs and SLEs requirements of the network
slice, the overlay VPN is mapped to an appropriate VTN as the virtual
underlay. The integration of the overlay VPN and the underlay VTN
together provide an enhanced VPN service which can meet the network
slice service requirements.
6.3. Network Slice Traffic Steering and Forwarding
At the edge of the operator's network, traffic of IETF network slices
can be classified based on the matching rules defined by operator's
policy, so that the traffic is mapped to a specific enhanced VPN,
which is further mapped to a underlay VTN. Packets belonging to the
enhanced VPN will be processed and forwarded by network nodes using
the set of network resources allocated to the corresponding VTN.
7. Scalability Considerations
An enhanced VPN provides performance guaranteed services in packet An enhanced VPN provides performance guaranteed services in packet
networks, but with the potential cost of introducing additional state networks, but with the potential cost of introducing additional state
into the network. There are at least three ways that this additional into the network. There are at least three ways that this additional
state might be brought into the network: state might be brought into the network:
o Introduce the complete state into the packet, as is done in SR. * Introduce the complete state into the packet, as is done in SR.
This allows the controller to specify the detailed series of This allows the controller to specify the detailed series of
forwarding and processing instructions for the packet as it forwarding and processing instructions for the packet as it
transits the network. The cost of this is an increase in the transits the network. The cost of this is an increase in the
packet header size. The cost is also that systems will have packet header size. The cost is also that systems will have
capabilities enabled in case they are called upon by a service. capabilities enabled in case they are called upon by a service.
This is a type of latent state, and increases as the path and This is a type of latent state, and increases as the path and
resources that need to be exclusively available to a VPN are resources that need to be exclusively available to a VPN are
specified more precisely. specified more precisely.
o Introduce the state to the network. This is normally done by * Introduce the state to the network. This is normally done by
creating a path using signaling such as RSVP-TE. This could be creating a path using signaling such as RSVP-TE. This could be
extended to include any element that needs to be specified along extended to include any element that needs to be specified along
the path, for example explicitly specifying queuing policy. It is the path, for example explicitly specifying queuing policy. It is
also possible to use other methods to introduce path state, such also possible to use other methods to introduce path state, such
as via an SDN controller, or possibly by modifying a routing as via an SDN controller, or possibly by modifying a routing
protocol. With this approach there is state per path: per-path protocol. With this approach there is state per path: per-path
characteristic that needs to be maintained over the life of the characteristic that needs to be maintained over the life of the
path. This is more network state than is needed using SR, but the path. This is more network state than is needed using SR, but the
packets are usually shorter. packets are usually shorter.
o Provide a hybrid approach. One example is based on using binding * Provide a hybrid approach. One example is based on using binding
SIDs [RFC8402] to create path fragments, and bind them together SIDs [RFC8402] to create path fragments, and bind them together
with SR. Dynamic creation of a VPN service path using SR requires with SR. Dynamic creation of a VPN service path using SR requires
less state maintenance in the network core at the expense of less state maintenance in the network core at the expense of
larger packet headers. The packet size can be lower if a form of larger packet headers. The packet size can be lower if a form of
loose source routing is used (using a few nodal SIDs), and it will loose source routing is used (using a few nodal SIDs), and it will
be lower if no specific functions or resources on the routers are be lower if no specific functions or resources on the routers are
specified. specified.
Reducing the state in the network is important to enhanced VPN, as it Reducing the state in the network is important to enhanced VPN, as it
requires the overlay to be more closely integrated with the underlay requires the overlay to be more closely integrated with the underlay
than with traditional VPNs. This tighter coupling would normally than with traditional VPNs. This tighter coupling would normally
mean that more state needs to be created and maintained in the mean that more state needs to be created and maintained in the
network, as the state about fine granularity processing would need to network, as the state about fine granularity processing would need to
be loaded and maintained in the routers. However, an SR approach be loaded and maintained in the routers. However, an SR approach
allows much of this state to be spread amongst the network ingress allows much of this state to be spread amongst the network ingress
nodes, and transiently carried in the packets as SIDs. nodes, and transiently carried in the packets as SIDs.
Further discussion of the scalability considerations of enhanced VPNs Further discussion of the scalability considerations of enhanced VPNs
can be found in [I-D.dong-teas-enhanced-vpn-vtn-scalability]. can be found in [I-D.dong-teas-enhanced-vpn-vtn-scalability].
6.1. Maximum Stack Depth of SR 7.1. Maximum Stack Depth of SR
One of the challenges with SR is the stack depth that nodes are able One of the challenges with SR is the stack depth that nodes are able
to impose on packets [RFC8491]. This leads to a difficult balance to impose on packets [RFC8491]. This leads to a difficult balance
between adding state to the network and minimizing stack depth, or between adding state to the network and minimizing stack depth, or
minimizing state and increasing the stack depth. minimizing state and increasing the stack depth.
6.2. RSVP-TE Scalability 7.2. RSVP-TE Scalability
The traditional method of creating a resource allocated path through The traditional method of creating a resource allocated path through
an MPLS network is to use the RSVP-TE protocol. However, there have an MPLS network is to use the RSVP-TE protocol. However, there have
been concerns that this requires significant continuous state been concerns that this requires significant continuous state
maintenance in the network. Work to improve the scalability of RSVP- maintenance in the network. Work to improve the scalability of RSVP-
TE LSPs in the control plane can be found in [RFC8370]. TE LSPs in the control plane can be found in [RFC8370].
There is also concern at the scalability of the forwarder footprint There is also concern at the scalability of the forwarder footprint
of RSVP-TE as the number of paths through a label switching router of RSVP-TE as the number of paths through a label switching router
(LSR) grows. [RFC8577] addresses this by employing SR within a (LSR) grows. [RFC8577] addresses this by employing SR within a
tunnel established by RSVP-TE. tunnel established by RSVP-TE.
6.3. SDN Scaling 7.3. SDN Scaling
The centralized approach of SDN requires state to be stored in the The centralized approach of SDN requires state to be stored in the
network, but does not have the overhead of also requiring control network, but does not have the overhead of also requiring control
plane state to be maintained. Each individual network node may need plane state to be maintained. Each individual network node may need
to maintain a communication channel with the SDN controller, but that to maintain a communication channel with the SDN controller, but that
compares favorably with the need for a control plane to maintain compares favorably with the need for a control plane to maintain
communication with all neighbors. communication with all neighbors.
However, SDN may transfer some of the scalability concerns from the However, SDN may transfer some of the scalability concerns from the
network to the centralized controller. In particular, there may be a network to the centralized controller. In particular, there may be a
heavy processing burden at the controller, and a heavy load in the heavy processing burden at the controller, and a heavy load in the
network surrounding the controller. A centralized controller also network surrounding the controller. A centralized controller also
presents a single point of failure within the network. presents a single point of failure within the network.
7. OAM Considerations 8. OAM Considerations
The design of OAM for enhanced VPNs needs to consider the following The design of OAM for enhanced VPNs needs to consider the following
requirements: requirements:
o Instrumentation of the underlay so that the network operator can * Instrumentation of the underlay so that the network operator can
be sure that the resources committed to a tenant are operating be sure that the resources committed to a tenant are operating
correctly and delivering the required performance. correctly and delivering the required performance.
o Instrumentation of the overlay by the tenant. This is likely to * Instrumentation of the overlay by the tenant. This is likely to
be transparent to the network operator and to use existing be transparent to the network operator and to use existing
methods. Particular consideration needs to be given to the need methods. Particular consideration needs to be given to the need
to verify the isolation and the various committed performance to verify the isolation and the various committed performance
characteristics. characteristics.
o Instrumentation of the overlay by the network provider to * Instrumentation of the overlay by the network provider to
proactively demonstrate that the committed performance is being proactively demonstrate that the committed performance is being
delivered. This needs to be done in a non-intrusive manner, delivered. This needs to be done in a non-intrusive manner,
particularly when the tenant is deploying a performance sensitive particularly when the tenant is deploying a performance sensitive
application. application.
o Verification of the conformity of the path to the service * Verification of the conformity of the path to the service
requirement. This may need to be done as part of a commissioning requirement. This may need to be done as part of a commissioning
test. test.
A study of OAM in SR networks has been documented in [RFC8403]. A study of OAM in SR networks has been documented in [RFC8403].
8. Telemetry Considerations 9. Telemetry Considerations
Network visibility is essential for network operation. Network Network visibility is essential for network operation. Network
telemetry has been considered as an ideal means to gain sufficient telemetry has been considered as an ideal means to gain sufficient
network visibility with better flexibility, scalability, accuracy, network visibility with better flexibility, scalability, accuracy,
coverage, and performance than conventional OAM technologies. coverage, and performance than conventional OAM technologies.
As defined in [I-D.ietf-opsawg-ntf], the objective of Network As defined in [I-D.ietf-opsawg-ntf], the objective of Network
Telemetry is to acquire network data remotely for network monitoring Telemetry is to acquire network data remotely for network monitoring
and operation. It is a general term for a large set of network and operation. It is a general term for a large set of network
visibility techniques and protocols. Network telemetry addresses the visibility techniques and protocols. Network telemetry addresses the
current network operation issues and enables smooth evolution toward current network operation issues and enables smooth evolution toward
intent-driven autonomous networks. Telemetry can be applied on the intent-driven autonomous networks. Telemetry can be applied on the
forwarding plane, the control plane, and the management plane in a forwarding plane, the control plane, and the management plane in a
network. network.
How the telemetry mechanisms could be used or extended for the How the telemetry mechanisms could be used or extended for the
enhanced VPN service is out of the scope of this document. enhanced VPN service is out of the scope of this document.
9. Enhanced Resiliency 10. Enhanced Resiliency
Each enhanced VPN has a life cycle, and may need modification during Each enhanced VPN has a life cycle, and may need modification during
deployment as the needs of its tenant change. This is discussed in deployment as the needs of its tenant change. This is discussed in
Section 5.5. Additionally, as the network evolves, there may need to Section 5.5. Additionally, as the network evolves, there may need to
be garbage collection performed to consolidate resources into usable be garbage collection performed to consolidate resources into usable
quanta. quanta.
Systems in which the path is imposed, such as SR or some form of Systems in which the path is imposed, such as SR or some form of
explicit routing, tend to do well in these applications, because it explicit routing, tend to do well in these applications, because it
is possible to perform an atomic transition from one path to another. is possible to perform an atomic transition from one path to another.
skipping to change at page 28, line 41 skipping to change at page 31, line 4
Each enhanced VPN has a life cycle, and may need modification during Each enhanced VPN has a life cycle, and may need modification during
deployment as the needs of its tenant change. This is discussed in deployment as the needs of its tenant change. This is discussed in
Section 5.5. Additionally, as the network evolves, there may need to Section 5.5. Additionally, as the network evolves, there may need to
be garbage collection performed to consolidate resources into usable be garbage collection performed to consolidate resources into usable
quanta. quanta.
Systems in which the path is imposed, such as SR or some form of Systems in which the path is imposed, such as SR or some form of
explicit routing, tend to do well in these applications, because it explicit routing, tend to do well in these applications, because it
is possible to perform an atomic transition from one path to another. is possible to perform an atomic transition from one path to another.
That is, a single action by the head-end that changes the path That is, a single action by the head-end that changes the path
without the need for coordinated action by the routers along the without the need for coordinated action by the routers along the
path. However, implementations and the monitoring protocols need to path. However, implementations and the monitoring protocols need to
make sure that the new path is operational and meets the required SLA make sure that the new path is operational and meets the required SLA
before traffic is transitioned to it. It is possible for deadlocks before traffic is transitioned to it. It is possible for deadlocks
to arise as a result of the network becoming fragmented over time, to arise as a result of the network becoming fragmented over time,
such that it is impossible to create a new path or to modify an such that it is impossible to create a new path or to modify an
existing path without impacting the SLA of other paths. Resolution existing path without impacting the SLA of other paths. Resolution
of this situation is as much a commercial issue as it is a technical of this situation is as much a commercial issue as it is a technical
issue and is outside the scope of this document. issue and is outside the scope of this document.
There are, however, two manifestations of the latency problem that There are, however, two manifestations of the latency problem that
are for further study in any of these approaches: are for further study in any of these approaches:
o The problem of packets overtaking one another if a path latency * The problem of packets overtaking one another if a path latency
reduces during a transition. reduces during a transition.
o The problem of transient variation in latency in either direction * The problem of transient variation in latency in either direction
as a path migrates. as a path migrates.
There is also the matter of what happens during failure in the There is also the matter of what happens during failure in the
underlay infrastructure. Fast reroute is one approach, but that underlay infrastructure. Fast reroute is one approach, but that
still produces a transient loss with a normal goal of rectifying this still produces a transient loss with a normal goal of rectifying this
within 50ms [RFC5654]. An alternative is some form of N+1 delivery within 50ms [RFC5654]. An alternative is some form of N+1 delivery
such as has been used for many years to support protection from such as has been used for many years to support protection from
service disruption. This may be taken to a different level using the service disruption. This may be taken to a different level using the
techniques of DetNet with multiple in-network replication and the techniques of DetNet with multiple in-network replication and the
culling of later packets [RFC8655]. culling of later packets [RFC8655].
skipping to change at page 29, line 34 skipping to change at page 32, line 5
consideration should be given to the impact of best effort traffic on consideration should be given to the impact of best effort traffic on
the high priority packets during a transition. Specifically, if a the high priority packets during a transition. Specifically, if a
conventional re-convergence process is used there will inevitably be conventional re-convergence process is used there will inevitably be
micro-loops and whilst some form of explicit routing will protect the micro-loops and whilst some form of explicit routing will protect the
high priority traffic, lower priority traffic on best effort shortest high priority traffic, lower priority traffic on best effort shortest
paths will micro-loop without the use of a loop prevention paths will micro-loop without the use of a loop prevention
technology. To provide the highest quality of service to high technology. To provide the highest quality of service to high
priority traffic, either this traffic must be shielded from the priority traffic, either this traffic must be shielded from the
micro-loops, or micro-loops must be prevented completely. micro-loops, or micro-loops must be prevented completely.
10. Operational Considerations 11. Operational Considerations
It is likely that enhanced VPN services will be introduced in It is likely that enhanced VPN services will be introduced in
networks which already have traditional VPN services deployed. networks which already have traditional VPN services deployed.
Depending on service requirements, the tenants or the operator may Depending on service requirements, the tenants or the operator may
choose to use a traditional VPN or an enhanced VPN to fulfill a choose to use a traditional VPN or an enhanced VPN to fulfill a
service requirement. The information and parameters to assist such a service requirement. The information and parameters to assist such a
decision needs to be reflected on the management interface between decision needs to be reflected on the management interface between
the tenant and the operator. the tenant and the operator.
11. Security Considerations 12. Security Considerations
All types of virtual network require special consideration to be All types of virtual network require special consideration to be
given to the isolation of traffic belonging to different tenants. given to the isolation of traffic belonging to different tenants.
That is, traffic belonging to one VPN must not be delivered to end That is, traffic belonging to one VPN must not be delivered to end
points outside that VPN. In this regard enhanced VPNs neither points outside that VPN. In this regard enhanced VPNs neither
introduce, nor experience a greater security risks than other VPNs. introduce, nor experience a greater security risks than other VPNs.
However, in an enhanced Virtual Private Network service the However, in an enhanced Virtual Private Network service the
additional service requirements need to be considered. For example, additional service requirements need to be considered. For example,
if a service requires a specific upper bound to latency then it can if a service requires a specific upper bound to latency then it can
skipping to change at page 30, line 32 skipping to change at page 33, line 5
other security features as part of the service, customers would be other security features as part of the service, customers would be
well advised to take responsibility for their own security well advised to take responsibility for their own security
requirements themselves possibly by encrypting traffic before handing requirements themselves possibly by encrypting traffic before handing
it off to the service provider. it off to the service provider.
The privacy of enhanced VPN service customers must be preserved. It The privacy of enhanced VPN service customers must be preserved. It
should not be possible for one customer to discover the existence of should not be possible for one customer to discover the existence of
another customer, nor should the sites that are members of an another customer, nor should the sites that are members of an
enhanced VPN be externally visible. enhanced VPN be externally visible.
12. IANA Considerations 13. IANA Considerations
There are no requested IANA actions. There are no requested IANA actions.
13. Contributors 14. Contributors
Daniel King Daniel King
Email: daniel@olddog.co.uk Email: daniel@olddog.co.uk
Adrian Farrel Adrian Farrel
Email: adrian@olddog.co.uk Email: adrian@olddog.co.uk
Jeff Tansura Jeff Tansura
Email: jefftant.ietf@gmail.com Email: jefftant.ietf@gmail.com
Zhenbin Li Zhenbin Li
skipping to change at page 31, line 34 skipping to change at page 33, line 41
Mohamed Boucadair Mohamed Boucadair
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Sergio Belotti Sergio Belotti
Email: sergio.belotti@nokia.com Email: sergio.belotti@nokia.com
Haomian Zheng Haomian Zheng
Email: zhenghaomian@huawei.com Email: zhenghaomian@huawei.com
14. Acknowledgements 15. Acknowledgements
The authors would like to thank Charlie Perkins, James N Guichard, The authors would like to thank Charlie Perkins, James N Guichard,
John E Drake, Shunsuke Homma, and Luis M. Contreras for their review John E Drake, Shunsuke Homma, and Luis M. Contreras for their review
and valuable comments. and valuable comments.
This work was supported in part by the European Commission funded This work was supported in part by the European Commission funded
H2020-ICT-2016-2 METRO-HAUL project (G.A. 761727). H2020-ICT-2016-2 METRO-HAUL project (G.A. 761727).
15. References 16. References
15.1. Normative References 16.1. Normative References
[RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A. [RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A.
Malis, "A Framework for IP Based Virtual Private Malis, "A Framework for IP Based Virtual Private
Networks", RFC 2764, DOI 10.17487/RFC2764, February 2000, Networks", RFC 2764, DOI 10.17487/RFC2764, February 2000,
<https://www.rfc-editor.org/info/rfc2764>. <https://www.rfc-editor.org/info/rfc2764>.
[RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation [RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation
Edge-to-Edge (PWE3) Architecture", RFC 3985, Edge-to-Edge (PWE3) Architecture", RFC 3985,
DOI 10.17487/RFC3985, March 2005, DOI 10.17487/RFC3985, March 2005,
<https://www.rfc-editor.org/info/rfc3985>. <https://www.rfc-editor.org/info/rfc3985>.
[RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer [RFC4664] Andersson, L., Ed. and E. Rosen, Ed., "Framework for Layer
2 Virtual Private Networks (L2VPNs)", RFC 4664, 2 Virtual Private Networks (L2VPNs)", RFC 4664,
DOI 10.17487/RFC4664, September 2006, DOI 10.17487/RFC4664, September 2006,
<https://www.rfc-editor.org/info/rfc4664>. <https://www.rfc-editor.org/info/rfc4664>.
15.2. Informative References 16.2. Informative References
[BBF-SD406] [BBF-SD406]
"BBF SD-406: End-to-End Network Slicing", 2016, "BBF SD-406: End-to-End Network Slicing", 2016,
<https://wiki.broadband-forum.org/display/BBF/SD-406+End- <https://wiki.broadband-forum.org/display/BBF/SD-406+End-
to-End+Network+Slicing>. to-End+Network+Slicing>.
[DETNET] "Deterministic Networking", March , [DETNET] "Deterministic Networking", March ,
<https://datatracker.ietf.org/wg/detnet/about/>. <https://datatracker.ietf.org/wg/detnet/about/>.
[FLEXE] "Flex Ethernet Implementation Agreement", March 2016, [FLEXE] "Flex Ethernet Implementation Agreement", March 2016,
<http://www.oiforum.com/wp-content/uploads/OIF-FLEXE- <http://www.oiforum.com/wp-content/uploads/OIF-FLEXE-
01.0.pdf>. 01.0.pdf>.
[I-D.dong-teas-enhanced-vpn-vtn-scalability] [I-D.dong-6man-enhanced-vpn-vtn-id]
Dong, J., Li, Z., Qin, F., Yang, G., and J. N. Guichard, Dong, J., Li, Z., Xie, C., Ma, C., and G. Mishra,
"Scalability Considerations for Enhanced VPN (VPN+)", "Carrying Virtual Transport Network Identifier in IPv6
draft-dong-teas-enhanced-vpn-vtn-scalability-02 (work in Extension Header", Work in Progress, Internet-Draft,
progress), February 2021. draft-dong-6man-enhanced-vpn-vtn-id-05, 8 September 2021,
<https://www.ietf.org/archive/id/draft-dong-6man-enhanced-
vpn-vtn-id-05.txt>.
[I-D.ietf-idr-bgp-ls-segment-routing-ext] [I-D.dong-teas-enhanced-vpn-vtn-scalability]
Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., Dong, J., Li, Z., Gong, L., Yang, G., Guichard, J. N.,
and M. Chen, "BGP Link-State extensions for Segment Mishra, G., and F. Qin, "Scalability Considerations for
Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-18 Enhanced VPN (VPN+)", Work in Progress, Internet-Draft,
(work in progress), April 2021. draft-dong-teas-enhanced-vpn-vtn-scalability-03, 11 July
2021, <https://www.ietf.org/archive/id/draft-dong-teas-
enhanced-vpn-vtn-scalability-03.txt>.
[I-D.ietf-opsawg-l2nm] [I-D.ietf-opsawg-l2nm]
Barguil, S., Dios, O. G. D., Boucadair, M., and L. A. Barguil, S., Dios, O. G. D., Boucadair, M., and L. A.
Munoz, "A Layer 2 VPN Network YANG Model", draft-ietf- Munoz, "A Layer 2 VPN Network YANG Model", Work in
opsawg-l2nm-02 (work in progress), April 2021. Progress, Internet-Draft, draft-ietf-opsawg-l2nm-09, 20
October 2021, <https://www.ietf.org/archive/id/draft-ietf-
opsawg-l2nm-09.txt>.
[I-D.ietf-opsawg-l3sm-l3nm] [I-D.ietf-opsawg-l3sm-l3nm]
Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A., Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
and A. Aguado, "A Layer 3 VPN Network YANG Model", draft- and A. Aguado, "A Layer 3 VPN Network YANG Model", Work in
ietf-opsawg-l3sm-l3nm-08 (work in progress), April 2021. Progress, Internet-Draft, draft-ietf-opsawg-l3sm-l3nm-18,
8 October 2021, <https://www.ietf.org/archive/id/draft-
ietf-opsawg-l3sm-l3nm-18.txt>.
[I-D.ietf-opsawg-ntf] [I-D.ietf-opsawg-ntf]
Song, H., Qin, F., Martinez-Julia, P., Ciavaglia, L., and Song, H., Qin, F., Martinez-Julia, P., Ciavaglia, L., and
A. Wang, "Network Telemetry Framework", draft-ietf-opsawg- A. Wang, "Network Telemetry Framework", Work in Progress,
ntf-07 (work in progress), February 2021. Internet-Draft, draft-ietf-opsawg-ntf-09, 13 October 2021,
<https://www.ietf.org/archive/id/draft-ietf-opsawg-ntf-
09.txt>.
[I-D.ietf-spring-resource-aware-segments]
Dong, J., Bryant, S., Miyasaka, T., Zhu, Y., Qin, F., Li,
Z., and F. Clad, "Introducing Resource Awareness to SR
Segments", Work in Progress, Internet-Draft, draft-ietf-
spring-resource-aware-segments-03, 12 July 2021,
<https://www.ietf.org/archive/id/draft-ietf-spring-
resource-aware-segments-03.txt>.
[I-D.ietf-spring-segment-routing-policy] [I-D.ietf-spring-segment-routing-policy]
Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and
P. Mattes, "Segment Routing Policy Architecture", draft- P. Mattes, "Segment Routing Policy Architecture", Work in
ietf-spring-segment-routing-policy-11 (work in progress), Progress, Internet-Draft, draft-ietf-spring-segment-
April 2021. routing-policy-13, 28 May 2021,
<https://www.ietf.org/archive/id/draft-ietf-spring-
segment-routing-policy-13.txt>.
[I-D.ietf-teas-actn-vn-yang] [I-D.ietf-teas-actn-vn-yang]
Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Y. Lee, Y., Dhody, D., Ceccarelli, D., Bryskin, I., and B. Y.
Yoon, "A YANG Data Model for VN Operation", draft-ietf- Yoon, "A YANG Data Model for VN Operation", Work in
teas-actn-vn-yang-11 (work in progress), February 2021. Progress, Internet-Draft, draft-ietf-teas-actn-vn-yang-13,
23 October 2021, <https://www.ietf.org/archive/id/draft-
ietf-teas-actn-vn-yang-13.txt>.
[I-D.ietf-teas-actn-yang] [I-D.ietf-teas-actn-yang]
Lee, Y., Zheng, H., Ceccarelli, D., Yoon, B. Y., and S. Lee, Y., Zheng, H., Ceccarelli, D., Yoon, B. Y., and S.
Belotti, "Applicability of YANG models for Abstraction and Belotti, "Applicability of YANG models for Abstraction and
Control of Traffic Engineered Networks", draft-ietf-teas- Control of Traffic Engineered Networks", Work in Progress,
actn-yang-07 (work in progress), February 2021. Internet-Draft, draft-ietf-teas-actn-yang-08, 8 September
2021, <https://www.ietf.org/archive/id/draft-ietf-teas-
[I-D.ietf-teas-ietf-network-slices] actn-yang-08.txt>.
Farrel, A., Gray, E., Drake, J., Rokui, R., Homma, S.,
Makhijani, K., Contreras, L. M., and J. Tantsura,
"Framework for IETF Network Slices", draft-ietf-teas-ietf-
network-slices-00 (work in progress), April 2021.
[I-D.king-teas-applicability-actn-slicing] [I-D.ietf-teas-applicability-actn-slicing]
King, D., Drake, J., Zheng, H., and A. Farrel, King, D., Drake, J., Zheng, H., and A. Farrel,
"Applicability of Abstraction and Control of Traffic "Applicability of Abstraction and Control of Traffic
Engineered Networks (ACTN) to Network Slicing", draft- Engineered Networks (ACTN) to Network Slicing", Work in
king-teas-applicability-actn-slicing-10 (work in Progress, Internet-Draft, draft-ietf-teas-applicability-
progress), March 2021. actn-slicing-00, 21 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-teas-
applicability-actn-slicing-00.txt>.
[I-D.wd-teas-ietf-network-slice-nbi-yang] [I-D.ietf-teas-ietf-network-slice-nbi-yang]
Wu, B., Dhody, D., Han, L., and R. Rokui, "A Yang Data Wu, B., Dhody, D., Rokui, R., Saad, T., and L. Han, "IETF
Model for IETF Network Slice NBI", draft-wd-teas-ietf- Network Slice Service YANG Model", Work in Progress,
network-slice-nbi-yang-02 (work in progress), February Internet-Draft, draft-ietf-teas-ietf-network-slice-nbi-
2021. yang-00, 29 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-teas-ietf-
network-slice-nbi-yang-00.txt>.
[I-D.ietf-teas-ietf-network-slices]
Farrel, A., Gray, E., Drake, J., Rokui, R., Homma, S.,
Makhijani, K., Contreras, L. M., and J. Tantsura,
"Framework for IETF Network Slices", Work in Progress,
Internet-Draft, draft-ietf-teas-ietf-network-slices-04, 23
August 2021, <https://www.ietf.org/archive/id/draft-ietf-
teas-ietf-network-slices-04.txt>.
[I-D.wd-teas-vtn-network-yang] [I-D.wd-teas-vtn-network-yang]
Wu, B. and D. Dhody, "A VTN Network YANG Module", draft- Wu, B. and D. Dhody, "A VTN Network YANG Module", Work in
wd-teas-vtn-network-yang-00 (work in progress), June 2021. Progress, Internet-Draft, draft-wd-teas-vtn-network-yang-
00, 6 June 2021, <https://www.ietf.org/archive/id/draft-
wd-teas-vtn-network-yang-00.txt>.
[NGMN-NS-Concept] [NGMN-NS-Concept]
"NGMN NS Concept", 2016, <https://www.ngmn.org/fileadmin/u "NGMN NS Concept", 2016, <https://www.ngmn.org/fileadmin/u
ser_upload/161010_NGMN_Network_Slicing_framework_v1.0.8.pd ser_upload/161010_NGMN_Network_Slicing_framework_v1.0.8.pd
f>. f>.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
<https://www.rfc-editor.org/info/rfc2475>. <https://www.rfc-editor.org/info/rfc2475>.
skipping to change at page 37, line 17 skipping to change at page 39, line 46
Extensions for Segment Routing", RFC 8665, Extensions for Segment Routing", RFC 8665,
DOI 10.17487/RFC8665, December 2019, DOI 10.17487/RFC8665, December 2019,
<https://www.rfc-editor.org/info/rfc8665>. <https://www.rfc-editor.org/info/rfc8665>.
[RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C., [RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C.,
Bashandy, A., Gredler, H., and B. Decraene, "IS-IS Bashandy, A., Gredler, H., and B. Decraene, "IS-IS
Extensions for Segment Routing", RFC 8667, Extensions for Segment Routing", RFC 8667,
DOI 10.17487/RFC8667, December 2019, DOI 10.17487/RFC8667, December 2019,
<https://www.rfc-editor.org/info/rfc8667>. <https://www.rfc-editor.org/info/rfc8667>.
[RFC9085] Previdi, S., Talaulikar, K., Ed., Filsfils, C., Gredler,
H., and M. Chen, "Border Gateway Protocol - Link State
(BGP-LS) Extensions for Segment Routing", RFC 9085,
DOI 10.17487/RFC9085, August 2021,
<https://www.rfc-editor.org/info/rfc9085>.
[SFC] "Service Function Chaining", March , [SFC] "Service Function Chaining", March ,
<https://datatracker.ietf.org/wg/sfc/about>. <https://datatracker.ietf.org/wg/sfc/about>.
[TS23501] "3GPP TS23.501", 2016, [TS23501] "3GPP TS23.501", 2016,
<https://portal.3gpp.org/desktopmodules/Specifications/ <https://portal.3gpp.org/desktopmodules/Specifications/
SpecificationDetails.aspx?specificationId=3144>. SpecificationDetails.aspx?specificationId=3144>.
[TS28530] "3GPP TS28.530", 2016, [TS28530] "3GPP TS28.530", 2016,
<https://portal.3gpp.org/desktopmodules/Specifications/ <https://portal.3gpp.org/desktopmodules/Specifications/
SpecificationDetails.aspx?specificationId=3273>. SpecificationDetails.aspx?specificationId=3273>.
skipping to change at page 37, line 39 skipping to change at page 40, line 27
<https://1.ieee802.org/tsn/>. <https://1.ieee802.org/tsn/>.
Authors' Addresses Authors' Addresses
Jie Dong Jie Dong
Huawei Huawei
Email: jie.dong@huawei.com Email: jie.dong@huawei.com
Stewart Bryant Stewart Bryant
Futurewei University of Surrey
Email: stewart.bryant@gmail.com Email: stewart.bryant@gmail.com
Zhenqiang Li Zhenqiang Li
China Mobile China Mobile
Email: lizhenqiang@chinamobile.com Email: lizhenqiang@chinamobile.com
Takuya Miyasaka Takuya Miyasaka
KDDI Corporation KDDI Corporation
Email: ta-miyasaka@kddi.com Email: ta-miyasaka@kddi.com
Young Lee Young Lee
Samsung Samsung
Email: younglee.tx@gmail.com Email: younglee.tx@gmail.com
 End of changes. 104 change blocks. 
233 lines changed or deleted 323 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/