idnits 2.17.1 draft-ietf-dmm-deployment-models-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 12, 2017) is 2355 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-14) exists of draft-ietf-dmm-fpc-cpdp-09 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMM WG S. Gundavelli 3 Internet-Draft Cisco 4 Intended status: Informational S. Jeon 5 Expires: May 16, 2018 Sungkyunkwan University 6 November 12, 2017 8 DMM Deployment Models and Architectural Considerations 9 draft-ietf-dmm-deployment-models-03.txt 11 Abstract 13 This document identifies the deployment models for Distributed 14 Mobility Management architecture. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on May 16, 2018. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (https://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 52 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 53 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 54 3. DMM Architectural Overview . . . . . . . . . . . . . . . . . 4 55 3.1. DMM Service Primitives . . . . . . . . . . . . . . . . . 4 56 3.2. DMM Functions and Interfaces . . . . . . . . . . . . . . 5 57 3.2.1. Home Control-Plane Anchor (H-CPA): . . . . . . . . . 5 58 3.2.2. Home Data-Plane Anchor (H-DPA): . . . . . . . . . . . 6 59 3.2.3. Access Control Plane Node (Access-CPN) . . . . . . . 6 60 3.2.4. Access Data Plane Node (Access-DPN) . . . . . . . . . 6 61 3.2.5. DMM Functions Mapping to Other Architectures . . . . 6 62 4. Deployment Models . . . . . . . . . . . . . . . . . . . . . . 7 63 4.1. Model-1: Split Home Anchor Mode . . . . . . . . . . . . . 7 64 4.2. Model-2: Separated Control and User Plane Mode . . . . . 8 65 4.3. Model-3: Centralized Control Plane Mode . . . . . . . . . 9 66 4.4. Model-4: Data Plane Abstraction Mode . . . . . . . . . . 10 67 4.5. On-Demand Control Plane Orchestration Mode . . . . . . . 11 68 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 70 7. Work Team . . . . . . . . . . . . . . . . . . . . . . . . . . 13 71 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 72 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 73 9.1. Normative References . . . . . . . . . . . . . . . . . . 14 74 9.2. Informative References . . . . . . . . . . . . . . . . . 14 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 77 1. Overview 79 One of the key aspects of the Distributed Mobility Management (DMM) 80 architecture is the separation of control plane (CP) and data plane 81 (DP) functions of a network element. While data plane elements 82 continue to reside on customized networking hardware, the control 83 plane resides as a software element in the cloud. This is usually 84 referred to as CP-DP separation and is the basis for the IETF's DMM 85 Architecture. This approach of centralized control plane and 86 distributed data plane allows elastic scaling of control plane and 87 efficient use of common data plane that is agnostic to access 88 architectures. 90 This document identifies the functions in the DMM architecture and 91 the supported deployment models. 93 2. Conventions and Terminology 95 2.1. Conventions 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 99 document are to be interpreted as described in RFC 2119 [RFC2119]. 101 2.2. Terminology 103 All the mobility related terms are to interpreted as defined in 104 [RFC6275], [RFC5213], [RFC5844], [RFC7333], [RFC7665], [RFC7429], 105 [I-D.ietf-sfc-nsh] and [I-D.ietf-dmm-fpc-cpdp]. Additionally, this 106 document uses the following terms: 108 Home Control-Plane Anchor (H-CPA) 110 The Home-CPA function hosts the mobile node (MN)'s mobility 111 session. There can be more than one mobility session for a mobile 112 node and those sessions may be anchored on the same or different 113 Home-CPA's. The home-CPA will interface with the home-dpa for 114 managing the forwarding state. 116 Home Data Plane Anchor (Home-DPA) 118 The Home-DPA is the topological anchor for the mobile node's IP 119 address/prefix(es). The Home-DPA is chosen by the Home-CPA on a 120 session-basis. The Home-DPA is in the forwarding path for all the 121 mobile node's IP traffic. 123 Access Control Plane Node (Access-CPN) 125 The Access-CPN is responsible for interfacing with the mobile 126 node's Home-CPA and with the Access-DPN. The Access-CPN has a 127 protocol interface to the Home-CPA. 129 Access Data Plane Node (Access-DPN) 131 The Access-DPN function is hosted on the first-hop router where 132 the mobile node is attached. This function is not hosted on a 133 layer-2 bridging device such as a eNode(B) or Access Point. 135 Routing Controller (RC) 137 The Routing Controller is a centralized control entity, which is 138 able to instruct the forwarding behavior for mobility management 139 in Home-DPA and Access-DPN. 141 Mobility Controller (MC) 143 The Mobility Controller is a function entity, which is able to 144 manage the orchestration of Home-CPA and Access-CPN functions. 146 3. DMM Architectural Overview 148 Following are the key goals of the Distributed Mobility Management 149 architecture. 151 1. Separation of control and data Plane 153 2. Aggregation of control plane for elastic scaling 155 3. Distribution of the data plane for efficient network usage 157 4. Elimination of mobility state from the data plane 159 5. Dynamic selection of control and data plane nodes 161 6. Enabling the mobile node with network properties 163 7. Relocation of anchor functions for efficient network usage 165 3.1. DMM Service Primitives 167 The functions in the DMM architecture support a set of service 168 primitives. Each of these service primitives identifies a specific 169 service capability with the exact service definition. The functions 170 in the DMM architecture are required to support a specific set of 171 service primitives that are mandatory for that service function. Not 172 all service primitives are applicable to all DMM functions. The 173 below table as shown in Fig. 1 identifies the service primitives that 174 each of the DMM function SHOULD support. The marking "X" indicates 175 the service primitive on that row needs to be supported by the 176 identified DMM function on the corresponding column; for example, the 177 IP address management must be supported by Home-CPA function. The 178 NSH Classifier denotes the SFC entity that performs the 179 classification of a service flow, defined in [RFC7665]. 181 +=================+=======+=======+=======+=======+=======+=======+ 182 | Service | H-CPA | H-DPA | A-CPN | A-DPN | MC | RC | 183 | Primitive | | | | | | | 184 +=================+=======+=======+=======+=======+=======+=======+ 185 | IP Management | X | | | | X | | 186 +-----------------+-------+-------+-------+-------+-------+-------+ 187 | IP Anchoring | | X | | | | | 188 +-----------------+-------+-------+-------+-------+-------+-------+ 189 | MN Detect | | | X | X | | | 190 +-----------------+-------+-------+-------+-------+-------+-------+ 191 | Routing | | X | | X | | | 192 +-----------------+-------+-------+-------+-------+-------+-------+ 193 | Tunneling | | X | | X | | | 194 +-----------------+-------+-------+-------+-------+-------+-------+ 195 | QoS Enforcement | | X | | X | | | 196 +-----------------+-------+-------+-------+-------+-------+-------+ 197 | FPC Client | X | | X | | X | | 198 +-----------------+-------+-------+-------+-------+-------+-------+ 199 | FPC Agent | | X | | X | | X | 200 +-----------------+-------+-------+-------+-------+-------+-------+ 201 | NSH Classifier | | X | | X | | | 202 +-----------------+-------+-------+-------+-------+-------+-------+ 204 Figure 1: Mapping of DMM functions 206 3.2. DMM Functions and Interfaces 208 3.2.1. Home Control-Plane Anchor (H-CPA): 210 The Home-CPA function hosts the mobile node's mobility session. 211 There can be more than one mobility session for a mobile node and 212 those sessions may be anchored on the same or different Home-CPA's. 213 The home-CPA will interface with the home-dpa for managing the 214 forwarding state. 216 There can be more than one Home-CPA serving the same mobile node at a 217 given point of time, each hosting a different control plane session. 219 The Home-CPA is responsible for life cycle management of the session, 220 interfacing with the policy infrastructure, policy control and 221 interfacing with the Home-DPA functions. 223 The Home-CPA function typically stays on the same node. In some 224 special use-cases (Ex: Geo-Redundancy), the session may be migrated 225 to a different node and with the new node assuming the Home-CPA role 226 for that session. 228 3.2.2. Home Data-Plane Anchor (H-DPA): 230 The Home-DPA is the topological anchor for the mobile node's IP 231 address/prefix(es). The Home-DPA is chosen by the Home-CPA/MC on a 232 session-basis. The Home-DPA is in the forwarding path for all the 233 mobile node's IP traffic. 235 As the mobile node roams in the mobile network, the mobile node's 236 access-DPN may change, however, the Home-DPA does not change, unless 237 the session is migrated to a new node. 239 The Home-DPA interfaces with the Home-CPA/MC for all IP forwarding 240 and QoS rules enforcement. 242 The Home-DPA and the Access-DPN functions may be collocated on the 243 same node. 245 3.2.3. Access Control Plane Node (Access-CPN) 247 The Access-CPN is responsible for interfacing with the mobile node's 248 Home-CPA and with the Access-DPN. The Access-CPN has a protocol 249 interface to the Home-CPA. 251 The Access-CPN is responsible for the mobile node's Home-CPA 252 selection based on: Mobile Node's Attach Preferences, Access and 253 Subscription Policy, Topological Proximity and Other Considerations. 255 The Access-CPN function is responsible for MN's service 256 authorization. It will interface with the access network 257 authorization functions. 259 3.2.4. Access Data Plane Node (Access-DPN) 261 The Access-DPN function is hosted on the first-hop router where the 262 mobile node is attached. This function is not hosted on a layer-2 263 bridging device such as a eNode(B) or Access Point. 265 The Access-DPA will have a protocol interface to the Access-CPA. 267 The Access-DPN and the Home-DPA functions may be collocated on the 268 same node. 270 3.2.5. DMM Functions Mapping to Other Architectures 272 Following table identifies the potential mapping of DMM functions to 273 protocol functions in other system architectures. 275 +===========+==========+==========+==========+=============+==========+ 276 | FUNCTION | PMIPv6 | MIPv6 | IPsec | 3GPP | Broadband| 277 +===========+==========+==========+==========+=============+==========+ 278 | Home-CPA | LMA-CPA | HA-CPA | IKE-CPA | PGW-CPA/MME | BNG-CPA | 279 +-----------+----------+----------+----------+-------------+----------+ 280 | Home-DPA | LMA-DPA | HA-DPA | IKE-DPA | PGW-DPA | BNG-DPA | 281 +-----------+----------+----------+----------+-------------+----------+ 282 |Access-CPN | MAG-CPN | - | - | SGW-CPN | RG-CPN | 283 +-----------+----------+----------+----------+-------------+----------+ 284 |Access-DPN | MAG-DPN | - | - | SGW-DPN | RG-DPN | 285 +-----------+----------+----------+----------+-------------+----------+ 287 Figure 2: Mapping of DMM functions 289 4. Deployment Models 291 This section identifies the key deployment models for the DMM 292 architecture. 294 4.1. Model-1: Split Home Anchor Mode 296 In this model, the control and the data plane functions of the home 297 anchor are separated and deployed on different nodes. The control 298 plane function of the Home anchor is handled by the Home-CPA and 299 where as the data plane function is handled by the Home-DPA. In this 300 model, the access node operates in the legacy mode with the 301 integrated control and user plane functions. 303 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 304 control plane functions to interact with the data plane for the 305 subscriber's forwarding state management. 307 +============+ 308 | Policy | 309 . . . . . . .| Function |. . . . . . . 310 . +============+ . 311 . . 312 . . 313 +============+ {PMIPv6/GTP} +============+ 314 | |- - - - - - - - - - - - -| Home-CPA | 315 | | +============+ 316 | | . 317 | | . FPC 318 | Access Node| . 319 | | . 320 | (CPN + DPN)| . 321 | | +============+ 322 | Legacy |. . . . . . . . . . . . .| Home-DPA | 323 +============+ UP {Tunnel/Route} +============+ 324 . 325 . 326 +--+ 327 |MN| 328 +--+ 330 Figure 3: Split Home Anchor Mode 332 4.2. Model-2: Separated Control and User Plane Mode 334 In this model, the control and the data plane functions on both the 335 home anchor and the access node are seperated and deployed on 336 different nodes. The control plane function of the Home anchor is 337 handled by the Home-CPA whereas the data plane function is handled by 338 the Home-DPA. The control plane function of the access node is 339 handled by the Access-CPN and where as the data plane function is 340 handled by the Access-DPN. 342 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 343 control plane functions of the home and access nodes to interact with 344 the respective data plane functions for the subscriber's forwarding 345 state management. 347 +============+ 348 | Policy | 349 . . . . . . .| Function |. . . . . . . 350 . +============+ . 351 . . 352 . . 353 . . 354 . . 355 +============+ {PMIPv6/GTP} +============+ 356 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 357 +============+ +============+ 358 . . 359 . FPC . FPC 360 . . 361 . . 362 . . 363 +============+ +============+ 364 | Access-DPN |. . . . . . . . . . . | Home-DPA | 365 +============+ UP {Tunnel/Route} +============+ 366 . 367 . 368 +--+ 369 |MN| 370 +--+ 372 Figure 4: Seperated Control and User Plane Mode 374 4.3. Model-3: Centralized Control Plane Mode 376 In this model, the control-plane functions of the home and the access 377 nodes are collapsed. This is a flat architecture with no signaling 378 protocol between the access node and home anchors. The interface 379 between the Home-CPA and the Access-DPN is internal to the system. 381 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 382 mobility controller to interact with the respective data plane 383 functions for the subscriber's forwarding state management. 385 +=======================+ +============+ 386 | Home-CPA + Access-CPN | | Policy | 387 | |-----| Function | 388 +=======================+ +============+ 389 . 390 . . 391 . . 392 FPC . . FPC 393 . . 394 . . 395 +============+ +============+ 396 | Access-DPN |. . . . . . . . . .| Home-DPA | 397 +============+ UP {Tunnel/Route} +============+ 398 . 399 . 400 +--+ 401 |MN| 402 +--+ 404 Figure 5: Centralized Control Plane Mode 406 4.4. Model-4: Data Plane Abstraction Mode 408 In this model, the data plane network is completely abstracted from 409 the control plane. There is a new network element, Routing 410 Controller which abstracts the entire data plane network and offers 411 data plane services to the control plane functions. The control 412 plane functions, Home-CPA and the Access-CPN interface with the 413 Routing Controller for the forwarding state management. 415 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the Home- 416 CPA and Access-CPN functions to interface with the Routing Controller 417 for subscriber's forwarding state management. 419 +============+ 420 | Policy | 421 . . . . . . .| Function |. . . . . . . 422 . +============+ . 423 . . 424 . . 425 . . 426 +============+ {PMIPv6/GTP} +============+ 427 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 428 +============+ +============+ 429 . . 430 . . 431 . . 432 . +============+ . 433 . . . . . . | Routing | . . . . . . . 434 | Controller | 435 +============+ 436 . 437 . . 438 . . BGP/Others 439 . . 440 . . 441 . . 442 +============+ +============+ 443 | Access-DPN |. . . . . . . . . .| Home-DPA | 444 +============+ UP {Tunnel/Route} +============+ 445 . 446 . 447 +--+ 448 |MN| 449 +--+ 451 Figure 6: Data Plane Abstraction Mode 453 4.5. On-Demand Control Plane Orchestration Mode 455 In this model, there is a new function Mobility Controller which 456 manages the orchestration of Access-CPN and Home-CPA functions. The 457 Mobility Controller allocates the Home-CPA and Access-DPN 458 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 459 | +----------+ +----------+ +----------+ | 460 |Access-CPN| |Access-CPN| |Access-CPN| 461 | +----------+ +----------+ +----------+ | 463 | +----------+ +----------+ +----------+ | 464 | Home-CPA | | Home-CPA | | Home-CPA | 465 | +----------+ +----------+ +----------+ | 466 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 467 . . 468 . . 469 . . 470 . +============+ +============+ 471 . | Mobility | | Policy | 472 . | Controller |-----| Function | 473 . +============+ +============+ 474 . 475 . 476 . 477 . +============+ 478 . . . . . .| Routing | 479 | Controller | 480 +============+ 481 . 482 . 483 . 484 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 485 | +----------+ +----------+ +----------+ | 486 |Access-DPN| |Access-DPN| |Access-DPN| 487 | +----------+ +----------+ +----------+ | 489 | +----------+ +----------+ +----------+ | 490 | Home-DPA | | Home-DPA | | Home-DPA | 491 | +----------+ +----------+ +----------+ | 492 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 494 Figure 7: On-Demand CP Orchestration Mode 496 5. IANA Considerations 498 This document does not require any IANA actions. 500 6. Security Considerations 502 The control-plane messages exchanged between a Home-CPA and the Home- 503 DPA must be protected using end-to-end security associations with 504 data-integrity and data-origination capabilities. 506 IPsec ESP in transport mode with mandatory integrity protection 507 should be used for protecting the signaling messages. IKEv2 should 508 be used to set up security associations between the Home-CPA and 509 Home-DPA. 511 There are no additional security considerations other than what is 512 presented in the document. 514 7. Work Team 516 This document reflects contributions from the following work team 517 members: 519 Younghan Kim 521 younghak@ssu.ac.kr 523 Vic Liu 525 liuzhiheng@chinamobile.com 527 Danny S Moses 529 danny.moses@intel.com 531 Marco Liebsch 533 liebsch@neclab.eu 535 Carlos Jesus Bernardos Cano 537 cjbc@it.uc3m.es 539 8. Acknowledgements 541 This document is a result of DMM WT#4 team discussions and ideas 542 taken from several DMM WG presentations and documents including, 543 draft-sijeon-dmm-deployment-models, draft-liu-dmm-deployment-scenario 544 and others. The work teams would like to thank the authors of these 545 documents and additionally the discussions in DMM Working group that 546 helped shape this document. 548 9. References 550 9.1. Normative References 552 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 553 Requirement Levels", BCP 14, RFC 2119, 554 DOI 10.17487/RFC2119, March 1997, 555 . 557 9.2. Informative References 559 [I-D.ietf-dmm-fpc-cpdp] 560 Matsushima, S., Bertz, L., Liebsch, M., Gundavelli, S., 561 Moses, D., and C. Perkins, "Protocol for Forwarding Policy 562 Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-09 563 (work in progress), October 2017. 565 [I-D.ietf-sfc-nsh] 566 Quinn, P., Elzur, U., and C. Pignataro, "Network Service 567 Header (NSH)", draft-ietf-sfc-nsh-28 (work in progress), 568 November 2017. 570 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 571 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 572 RFC 5213, DOI 10.17487/RFC5213, August 2008, 573 . 575 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 576 Mobile IPv6", RFC 5844, DOI 10.17487/RFC5844, May 2010, 577 . 579 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 580 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 581 2011, . 583 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. 584 Korhonen, "Requirements for Distributed Mobility 585 Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, 586 . 588 [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and 589 CJ. Bernardos, "Distributed Mobility Management: Current 590 Practices and Gap Analysis", RFC 7429, 591 DOI 10.17487/RFC7429, January 2015, 592 . 594 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 595 Chaining (SFC) Architecture", RFC 7665, 596 DOI 10.17487/RFC7665, October 2015, 597 . 599 Authors' Addresses 601 Sri Gundavelli 602 Cisco 603 170 West Tasman Drive 604 San Jose, CA 95134 605 USA 607 Email: sgundave@cisco.com 609 Seil Jeon 610 Sungkyunkwan University 611 2066 Seobu-ro, Jangan-gu 612 Suwon, Gyeonggi-do 613 Korea 615 Email: seiljeon@skku.edu