idnits 2.17.1 draft-ietf-dmm-deployment-models-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 21, 2017) is 2614 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'MN' is mentioned on line 429, but not defined == Outdated reference: A later version (-14) exists of draft-ietf-dmm-fpc-cpdp-03 == Outdated reference: A later version (-28) exists of draft-ietf-sfc-nsh-05 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMM WG S. Gundavelli 3 Internet-Draft Cisco 4 Intended status: Informational S. Jeon 5 Expires: August 25, 2017 Sungkyunkwan University 6 February 21, 2017 8 DMM Deployment Models and Architectural Considerations 9 draft-ietf-dmm-deployment-models-01.txt 11 Abstract 13 This document identifies the deployment models for Distributed 14 Mobility Management architecture. 16 Status of this Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on August 25, 2017. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 52 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 53 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 54 3. DMM Architectural Overview . . . . . . . . . . . . . . . . . . 4 55 3.1. DMM Service Primitives . . . . . . . . . . . . . . . . . . 4 56 3.2. DMM Functions and Interfaces . . . . . . . . . . . . . . . 5 57 3.2.1. Home Control-Plane Anchor (H-CPA): . . . . . . . . . . 5 58 3.2.2. Home Data-Plane Anchor (H-DPA): . . . . . . . . . . . 6 59 3.2.3. Access Control Plane Node (Access-CPN) . . . . . . . . 6 60 3.2.4. Access Data Plane Node (Access-DPN) . . . . . . . . . 6 61 3.2.5. DMM Function Mapping to other Architectures . . . . . 6 62 4. Deployment Models . . . . . . . . . . . . . . . . . . . . . . 7 63 4.1. Model-1: Split Home Anchor Mode . . . . . . . . . . . . . 7 64 4.2. Model-2: Seperated Control and User Plane Mode . . . . . . 8 65 4.3. Model-3: Centralized Control Plane Mode . . . . . . . . . 9 66 4.4. Model-4: Data Plane Abstraction Mode . . . . . . . . . . . 10 67 4.5. On-Demand Control Plane Orchestration Mode . . . . . . . . 11 68 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 70 7. Work Team . . . . . . . . . . . . . . . . . . . . . . . . . . 13 71 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 72 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 73 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 74 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 77 1. Overview 79 One of the key aspects of the Distributed Mobility Management (DMM) 80 architecture is the separation of control plane (CP) and data plane 81 (DP) functions of a network element. While data plane elements 82 continue to reside on customized networking hardware, the control 83 plane resides as a software element in the cloud. This is usually 84 referred to as CP-DP separation and is the basis for the IETF's DMM 85 Architecture. This approach of centralized control plane and 86 distributed data plane allows elastic scaling of control plane and 87 efficient use of common data plane that is agnostic to access 88 architectures. 90 This document identifies the functions in the DMM architecture and 91 the supported deployment models. 93 2. Conventions and Terminology 95 2.1. Conventions 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 99 document are to be interpreted as described in RFC 2119 [RFC2119]. 101 2.2. Terminology 103 All the mobility related terms are to interpreted as defined in 104 [RFC6275], [RFC5213], [RFC5844], [RFC7333], [RFC7429], 105 [I-D.ietf-sfc-nsh] and [I-D.ietf-dmm-fpc-cpdp]. Additionally, this 106 document uses the following terms: 108 Home Control-Plane Anchor (H-CPA) 110 The Home-CPA function hosts the mobile node's mobility session. 111 There can be more than one mobility session for a mobile node [MN] 112 and those sessions may be anchored on the same or different Home- 113 CPA's. The home-CPA will interface with the home-dpa for managing 114 the forwarding state. 116 Home Data Plane Anchor (Home-DPA) 118 The Home-DPA is the topological anchor for the mobile node's IP 119 address/prefix(es). The Home-DPA is chosen by the Home-CPA on a 120 session-basis. The Home-DPA is in the forwarding path for all the 121 mobile node's IP traffic. 123 Access Control Plane Node (Access-CPN) 124 The Access-CPN is responsible for interfacing with the mobile 125 node's Home-CPA and with the Access-DPN. The Access-CPN has a 126 protocol interface to the Home-CPA. 128 Access Data Plane Node (Access-DPN) 130 The Access-DPN function is hosted on the first-hop router where 131 the mobile node is attached. This function is not hosted on a 132 layer-2 bridging device such as a eNode(B) or Access Point. 134 3. DMM Architectural Overview 136 Following are the key goals of the Distributed Mobility Management 137 architecture. 139 1. Separation of control and data Plane 141 2. Aggregation of control plane for elastic scaling 143 3. Distribution of the data plane for efficient network usage 145 4. Elimination of mobility state from the data plane 147 5. Dynamic selection of control and data plane nodes 149 6. Enabling the mobile node with network properties 151 7. Relocation of anchor functions for efficient network usage 153 3.1. DMM Service Primitives 155 The functions in the DMM architecture support a set of service 156 primitives. Each of these service primitives identifies a specific 157 service capability with the exact service definition. The functions 158 in the DMM architecture are required to support a specific set of 159 service primitives that are mandatory for that service function. Not 160 all service primitives are applicable to all DMM functions. The 161 below table identifies the service primitives that each of the DMM 162 function SHOULD support. The marking "X" indicates the service 163 primitive on that row needs to be supported by the identified DMM 164 function on the corresponding column; for example, the IP address 165 management must be supported by Home-CPA function. 167 +=================+=======+=======+=======+=======+=======+=======+ 168 | Service | H-CPA | H-DPA | A-CPN | A-DPN | MC | RC | 169 | Primitive | | | | | | | 170 +=================+=======+=======+=======+=======+=======+=======+ 171 | IP Management | X | | | | X | | 172 +-----------------+-------+-------+-------+-------+-------+-------+ 173 | IP Anchoring | | X | | | | | 174 +-----------------+-------+-------+-------+-------+-------+-------+ 175 | MN Detect | | | X | X | | | 176 +-----------------+-------+-------+-------+-------+-------+-------+ 177 | Routing | | X | | X | | | 178 +-----------------+-------+-------+-------+-------+-------+-------+ 179 | Tunneling | | X | | X | | | 180 +-----------------+-------+-------+-------+-------+-------+-------+ 181 | QoS Enforcement | | X | | X | | | 182 +-----------------+-------+-------+-------+-------+-------+-------+ 183 | FPC Client | X | | X | | X | | 184 +-----------------+-------+-------+-------+-------+-------+-------+ 185 | FPC Agent | | X | | X | | X | 186 +-----------------+-------+-------+-------+-------+-------+-------+ 187 | NSH Classifier | | X | | X | | | 188 +-----------------+-------+-------+-------+-------+-------+-------+ 190 Figure 1: Mapping of DMM functions 192 3.2. DMM Functions and Interfaces 194 3.2.1. Home Control-Plane Anchor (H-CPA): 196 The Home-CPA function hosts the mobile node's mobility session. 197 There can be more than one mobility session for a mobile node and 198 those sessions may be anchored on the same or different Home-CPA's. 199 The home-CPA will interface with the homd-dpa for managing the 200 forwarding state. 202 There can be more than one Home-CPA serving the same mobile node at a 203 given point of time, each hosting a different control plane session. 205 The Home-CPA is responsible for life cycle management of the session, 206 interfacing with the policy infrastructure, policy control and 207 interfacing with the Home-DPA functions. 209 The Home-CPA function typically stays on the same node. In some 210 special use-cases (Ex: Geo-Redundancy), the session may be migrated 211 to a different node and with the new node assuming the Home-CPA role 212 for that session. 214 3.2.2. Home Data-Plane Anchor (H-DPA): 216 The Home-DPA is the topological anchor for the mobile node's IP 217 address/prefix(es). The Home-DPA is chosen by the Home-CPA/MC on a 218 session-basis. The Home-DPA is in the forwarding path for all the 219 mobile node's IP traffic. 221 As the mobile node roams in the mobile network, the mobile node's 222 access-DPN may change, however, the Home-DPA does not change, unless 223 the session is migrated to a new node. 225 The Home-DPA interfaces with the Home-CPA/MC for all IP forwarding 226 and QoS rules enforcement. 228 The Home-DPA and the Access-DPN functions may be collocated on the 229 same node. 231 3.2.3. Access Control Plane Node (Access-CPN) 233 The Access-CPN is responsible for interfacing with the mobile node's 234 Home-CPA and with the Access-DPN. The Access-CPN has a protocol 235 interface to the Home-CPA. 237 The Access-CPN is responsible for the mobile node's Home-CPA 238 selection based on: Mobile Node's Attach Preferences, Access and 239 Subscription Policy, Topological Proximity and Other Considerations. 241 The Access-CPN function is responsible for MN's service 242 authorization. It will interface with the access network 243 authorization functions. 245 3.2.4. Access Data Plane Node (Access-DPN) 247 The Access-DPN function is hosted on the first-hop router where the 248 mobile node is attached. This function is not hosted on a layer-2 249 bridging device such as a eNode(B) or Access Point. 251 The Access-DPA will have a protocol interface to the Access-CPA. 253 The Access-DPN and the Home-DPA functions may be collocated on the 254 same node. 256 3.2.5. DMM Function Mapping to other Architectures 258 Following table identifies the potential mapping of DMM functions to 259 protocol functions in other system architectures. 261 +===========+==========+==========+==========+==========+==========+ 262 | FUNCTION | PMIPv6 | MIPv6 | IPsec | 3GPP | Broadband| 263 +===========+==========+==========+==========+==========+==========+ 264 | Home-CPA | LMA-CPA | HA-CPA | IKE-CPA | PGW-CPA | BNG-CPA | 265 +-----------+----------+----------+----------+----------+----------+ 266 | Home-DPA | LMA-DPA | HA-DPA | IKE-DPA | PGW-DPA | BNG-DPA | 267 +-----------+----------+----------+----------+----------+----------+ 268 |Access-CPN | MAG-CPN | - | - | SGW-CPN | RG-CPN | 269 +-----------+----------+----------+----------+----------+----------+ 270 |Access-DPN | MAG-DPN | - | - | SGW-DPN | RG-DPN | 271 +-----------+----------+----------+----------+----------+----------+ 273 Figure 2: Mapping of DMM functions 275 4. Deployment Models 277 This section identifies the key deployment models for the DMM 278 architecture. 280 4.1. Model-1: Split Home Anchor Mode 282 In this model, the control and the data plane functions of the home 283 anchor are separated and deployed on different nodes. The control 284 plane function of the Home anchor is handled by the Home-CPA and 285 where as the data plane function is handled by the Home-DPA. In this 286 model, the access node operates in the legacy mode with the 287 integrated control and user plane functions. 289 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 290 control plane functions to interact with the data plane for the 291 subscriber's forwarding state management. 293 +============+ 294 | Policy | 295 . . . . . . .| Function |. . . . . . . 296 . +============+ . 297 . . 298 . . 299 +============+ {PMIPv6/GTP} +============+ 300 | |- - - - - - - - - - - - -| Home-CPA | 301 | | +============+ 302 | | . 303 | | . FPC 304 | Access Node| . 305 | | . 306 | (CPN + DPN)| . 307 | | +============+ 308 | Legacy |. . . . . . . . . . . . .| Home-DPA | 309 +============+ UP {Tunnel/Route} +============+ 310 . 311 . 312 +--+ 313 |MN| 314 +--+ 316 Figure 3: Split Home Anchor Mode 318 4.2. Model-2: Seperated Control and User Plane Mode 320 In this model, the control and the data plane functions on both the 321 home anchor and the access node are seperated and deployed on 322 different nodes. The control plane function of the Home anchor is 323 handled by the Home-CPA and where as the data plane function is 324 handled by the Home-DPA. The control plane function of the access 325 node is handled by the Access-CPN and where as the data plane 326 function is handled by the Access-DPN. 328 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 329 control plane functions of the home and access nodes to interact with 330 the respective data plane functions for the subscriber's forwarding 331 state management. 333 +============+ 334 | Policy | 335 . . . . . . .| Function |. . . . . . . 336 . +============+ . 337 . . 338 . . 339 . . 340 . . 341 +============+ {PMIPv6/GTP} +============+ 342 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 343 +============+ +============+ 344 . . 345 . FPC . FPC 346 . . 347 . . 348 . . 349 +============+ +============+ 350 | Access-DPN |. . . . . . . . . . . | Home-DPA | 351 +============+ UP {Tunnel/Route} +============+ 352 . 353 . 354 [MN] 356 Figure 4: Seperated Control and User Plane Mode 358 4.3. Model-3: Centralized Control Plane Mode 360 In this model, the control-plane functions of the home and the access 361 nodes are collapsed. This is a flat architecture with no signaling 362 protocol between the access node and home anchors. The interface 363 between the Home-CPA and the Access-DPN is internal to the system. 365 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 366 mobility controller to interact with the respective data plane 367 functions for the subscriber's forwarding state management. 369 +=======================+ +============+ 370 | Home-CPA + Access-CPN | | Policy | 371 | |-----| Function | 372 +=======================+ +============+ 373 . 374 . . 375 . . 376 FPC . . FPC 377 . . 378 . . 379 +============+ +============+ 380 | Access-DPN |. . . . . . . . . .| Home-DPA | 381 +============+ UP {Tunnel/Route} +============+ 382 . 383 . 384 [MN] 386 Figure 5: Centralized Control Plane Mode 388 4.4. Model-4: Data Plane Abstraction Mode 390 In this model, the data plane network is completely abstracted from 391 the control plane. There is a new network element, Routing 392 Controller which abstracts the entire data plane network and offers 393 data plane services to the control plane functions. The control 394 plane functions, Home-CPA and the Access-CPN interface with the 395 Routing Controller for the forwarding state management. 397 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the Home- 398 CPA and Access-CPN functions to interface with the Routing Controller 399 for subscriber's forwarding state management. 401 +============+ 402 | Policy | 403 . . . . . . .| Function |. . . . . . . 404 . +============+ . 405 . . 406 . . 407 . . 408 +============+ {PMIPv6/GTP} +============+ 409 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 410 +============+ +============+ 411 . . 412 . . 413 . . 414 . +============+ . 415 . . . . . . | Routing | . . . . . . . 416 | Controller | 417 +============+ 418 . 419 . . 420 . . BGP/Others 421 . . 422 . . 423 . . 424 +============+ +============+ 425 | Access-DPN |. . . . . . . . . .| Home-DPA | 426 +============+ UP {Tunnel/Route} +============+ 427 . 428 . 429 [MN] 431 Figure 6: Data Plane Abstraction Mode 433 4.5. On-Demand Control Plane Orchestration Mode 435 In this model, there is a new function Mobility Controller which 436 manages the orchestration of Access-CPN and Home-CPA functions. The 437 Mobility Controller allocates the Home-CPA and Access-DPN 438 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 439 | +----------+ +----------+ +----------+ | 440 |Access-CPN| |Access-CPN| |Access-CPN| 441 | +----------+ +----------+ +----------+ | 443 | +----------+ +----------+ +----------+ | 444 | Home-CPA | | Home-CPA | | Home-CPA | 445 | +----------+ +----------+ +----------+ | 446 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 447 . . 448 . . 449 . . 450 . +============+ +============+ 451 . | Mobility | | Policy | 452 . | Controller |-----| Function | 453 . +============+ +============+ 454 . 455 . 456 . 457 . +============+ 458 . . . . . .| Routing | 459 | Controller | 460 +============+ 461 . 462 . 463 . 464 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 465 | +----------+ +----------+ +----------+ | 466 |Access-DPN| |Access-DPN| |Access-DPN| 467 | +----------+ +----------+ +----------+ | 469 | +----------+ +----------+ +----------+ | 470 | Home-DPA | | Home-DPA | | Home-DPA | 471 | +----------+ +----------+ +----------+ | 472 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 474 Figure 7: On-Demand CP Orchestration Mode 476 5. IANA Considerations 478 This document does not require any IANA actions. 480 6. Security Considerations 482 The control-plane messages exchanged between a Home-CPA and the Home- 483 DPA must be protected using end-to-end security associations with 484 data-integrity and data-origination capabilities. 486 IPsec ESP in transport mode with mandatory integrity protection 487 should be used for protecting the signaling messages. IKEv2 should 488 be used to set up security associations between the Home-CPA and 489 Home-DPA. 491 There are no additional security considerations other than what is 492 presented in the document. 494 7. Work Team 496 This document reflects contributions from the following work team 497 members: 499 Younghan Kim 501 younghak@ssu.ac.kr 503 Vic Liu 505 liuzhiheng@chinamobile.com 507 Danny S Moses 509 danny.moses@intel.com 511 Marco Liebsch 513 liebsch@neclab.eu 515 Carlos Jesus Bernardos Cano 517 cjbc@it.uc3m.es 519 8. Acknowledgements 521 This document is a result of DMM WT#4 team discussions and ideas 522 taken from several DMM WG presentations and documents including, 523 draft-sijeon-dmm-deployment-models, draft-liu-dmm-deployment-scenario 524 and others. The work teams would like to thank the authors of these 525 documents and additionally the discussions in DMM Working group that 526 helped shape this document. 528 9. References 530 9.1. Normative References 532 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 533 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 534 RFC2119, March 1997, 535 . 537 9.2. Informative References 539 [I-D.ietf-dmm-fpc-cpdp] 540 Liebsch, M., Matsushima, S., Gundavelli, S., Moses, D., 541 and L. Bertz, "Protocol for Forwarding Policy 542 Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-03 543 (work in progress), March 2016. 545 [I-D.ietf-sfc-nsh] 546 Quinn, P. and U. Elzur, "Network Service Header", 547 draft-ietf-sfc-nsh-05 (work in progress), May 2016. 549 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 550 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 551 RFC 5213, DOI 10.17487/RFC5213, August 2008, 552 . 554 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 555 Mobile IPv6", RFC 5844, DOI 10.17487/RFC5844, May 2010, 556 . 558 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 559 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, 560 July 2011, . 562 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. 563 Korhonen, "Requirements for Distributed Mobility 564 Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, 565 . 567 [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and 568 CJ. Bernardos, "Distributed Mobility Management: Current 569 Practices and Gap Analysis", RFC 7429, DOI 10.17487/ 570 RFC7429, January 2015, 571 . 573 Authors' Addresses 575 Sri Gundavelli 576 Cisco 577 170 West Tasman Drive 578 San Jose, CA 95134 579 USA 581 Email: sgundave@cisco.com 583 Seil Jeon 584 Sungkyunkwan University 585 2066 Seobu-ro, Jangan-gu 586 Suwon, Gyeonggi-do 587 Korea 589 Email: seiljeon@skku.edu