idnits 2.17.1 draft-ietf-teas-ietf-network-slices-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (27 March 2022) is 732 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-15) exists of draft-ietf-opsawg-sap-03 == Outdated reference: A later version (-15) exists of draft-ietf-spring-nsh-sr-10 == Outdated reference: A later version (-06) exists of draft-ietf-teas-applicability-actn-slicing-01 == Outdated reference: A later version (-17) exists of draft-ietf-teas-enhanced-vpn-10 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Farrel, Ed. 3 Internet-Draft Old Dog Consulting 4 Intended status: Informational J. Drake, Ed. 5 Expires: 28 September 2022 Juniper Networks 6 R. Rokui 7 Ciena 8 S. Homma 9 NTT 10 K. Makhijani 11 Futurewei 12 L.M. Contreras 13 Telefonica 14 J. Tantsura 15 Microsoft 16 27 March 2022 18 Framework for IETF Network Slices 19 draft-ietf-teas-ietf-network-slices-10 21 Abstract 23 This document describes network slicing in the context of networks 24 built from IETF technologies. It defines the term "IETF Network 25 Slice" and establishes the general principles of network slicing in 26 the IETF context. 28 The document discusses the general framework for requesting and 29 operating IETF Network Slices, the characteristics of an IETF Network 30 Slice, the necessary system components and interfaces, and how 31 abstract requests can be mapped to more specific technologies. The 32 document also discusses related considerations with monitoring and 33 security. 35 This document also provides definitions of related terms to enable 36 consistent usage in other IETF documents that describe or use aspects 37 of IETF Network Slices. 39 Status of This Memo 41 This Internet-Draft is submitted in full conformance with the 42 provisions of BCP 78 and BCP 79. 44 Internet-Drafts are working documents of the Internet Engineering 45 Task Force (IETF). Note that other groups may also distribute 46 working documents as Internet-Drafts. The list of current Internet- 47 Drafts is at https://datatracker.ietf.org/drafts/current/. 49 Internet-Drafts are draft documents valid for a maximum of six months 50 and may be updated, replaced, or obsoleted by other documents at any 51 time. It is inappropriate to use Internet-Drafts as reference 52 material or to cite them other than as "work in progress." 54 This Internet-Draft will expire on 28 September 2022. 56 Copyright Notice 58 Copyright (c) 2022 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 63 license-info) in effect on the date of publication of this document. 64 Please review these documents carefully, as they describe your rights 65 and restrictions with respect to this document. Code Components 66 extracted from this document must include Revised BSD License text as 67 described in Section 4.e of the Trust Legal Provisions and are 68 provided without warranty as described in the Revised BSD License. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 73 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 4 74 2. Terms and Abbreviations . . . . . . . . . . . . . . . . . . . 5 75 2.1. Core Terminology . . . . . . . . . . . . . . . . . . . . 6 76 3. IETF Network Slice . . . . . . . . . . . . . . . . . . . . . 7 77 3.1. Definition and Scope of IETF Network Slice . . . . . . . 8 78 3.2. IETF Network Slice Service . . . . . . . . . . . . . . . 8 79 3.2.1. Ancillary SDPs . . . . . . . . . . . . . . . . . . . 12 80 4. IETF Network Slice System Characteristics . . . . . . . . . . 12 81 4.1. Objectives for IETF Network Slices . . . . . . . . . . . 12 82 4.1.1. Service Level Objectives . . . . . . . . . . . . . . 13 83 4.1.2. Service Level Expectations . . . . . . . . . . . . . 15 84 4.2. IETF Network Slice Service Demarcation Points . . . . . . 17 85 4.3. IETF Network Slice Composition . . . . . . . . . . . . . 19 86 5. Framework . . . . . . . . . . . . . . . . . . . . . . . . . . 20 87 5.1. IETF Network Slice Stakeholders . . . . . . . . . . . . . 20 88 5.2. Expressing Connectivity Intents . . . . . . . . . . . . . 21 89 5.3. IETF Network Slice Controller (NSC) . . . . . . . . . . . 22 90 5.3.1. IETF Network Slice Controller Interfaces . . . . . . 24 91 5.3.2. Management Architecture . . . . . . . . . . . . . . . 25 92 6. Realizing IETF Network Slices . . . . . . . . . . . . . . . . 26 93 6.1. Architecture to Realize IETF Network Slices . . . . . . . 27 94 6.2. Procedures to Realize IETF Network Slices . . . . . . . . 30 95 6.3. Applicability of ACTN to IETF Network Slices . . . . . . 31 96 6.4. Applicability of Enhanced VPNs to IETF Network Slices . . 31 97 6.5. Network Slicing and Aggregation in IP/MPLS Networks . . . 32 98 6.6. Network Slicing and Service Function Chaining (SFC) . . . 32 99 7. Isolation in IETF Network Slices . . . . . . . . . . . . . . 33 100 7.1. Isolation as a Service Requirement . . . . . . . . . . . 33 101 7.2. Isolation in IETF Network Slice Realization . . . . . . . 34 102 8. Management Considerations . . . . . . . . . . . . . . . . . . 34 103 9. Security Considerations . . . . . . . . . . . . . . . . . . . 34 104 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 35 105 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 106 12. Informative References . . . . . . . . . . . . . . . . . . . 36 107 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 40 108 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 41 109 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 111 1. Introduction 113 A number of use cases benefit from network connections that, along 114 with connectivity, provide assurance of meeting a specific set of 115 objectives with respect to network resources use. This connectivity 116 and resource commitment is referred to as a network slice and is 117 expressed in terms of connectivity constructs (see Section 3) and 118 service objectives (see Section 4). Since the term network slice is 119 rather generic, the qualifying term "IETF" is used in this document 120 to limit the scope of network slice to network technologies described 121 and standardized by the IETF. This document defines the concept of 122 IETF Network Slices that provide connectivity coupled with a set of 123 specific commitments of network resources between a number of 124 endpoints (known as Service Demarcation Points (SDPs) - see 125 Section 2.1 and Section 4.2) over a shared underlay network. The 126 term IETF Network Slice service is also introduced to describe the 127 service requested by and provided to the service provider's customer. 129 Services that might benefit from IETF Network Slices include, but are 130 not limited to: 132 * 5G services (e.g. eMBB, URLLC, mMTC)(See [TS23501]) 134 * Network wholesale services 136 * Network infrastructure sharing among operators 138 * NFV connectivity and Data Center Interconnect 140 IETF Network Slices are created and managed within the scope of one 141 or more network technologies (e.g., IP, MPLS, optical). They are 142 intended to enable a diverse set of applications with different 143 requirements to coexist over a shared underlay network. A request 144 for an IETF Network Slice service is agnostic to the technology in 145 the underlay network so as to allow a customer to describe their 146 network connectivity objectives in a common format, independent of 147 the underlay technologies used. 149 This document also provides a framework for discussing IETF Network 150 Slices. The framework is intended as a structure for discussing 151 interfaces and technologies. It is not intended to specify a new set 152 of concrete interfaces or technologies. 154 For example, virtual private networks (VPNs) have served the industry 155 well as a means of providing different groups of users with logically 156 isolated access to a common network. The common or base network that 157 is used to support the VPNs is often referred to as an underlay 158 network, and the VPN is often called an overlay network. An overlay 159 network may, in turn, serve as an underlay network to support another 160 overlay network. 162 Note that it is conceivable that extensions to IETF technologies are 163 needed in order to fully support all the ideas that can be 164 implemented with network slices. Evaluation of existing 165 technologies, proposed extensions to existing protocols and 166 interfaces, and the creation of new protocols or interfaces is 167 outside the scope of this document. 169 1.1. Background 171 The concept of network slicing has gained traction driven largely by 172 needs surfacing from 5G ([NGMN-NS-Concept], [TS23501], and 173 [TS28530]). In [TS23501], a Network Slice is defined as "a logical 174 network that provides specific network capabilities and network 175 characteristics", and a Network Slice Instance is defined as "A set 176 of Network Function instances and the required resources (e.g. 177 compute, storage and networking resources) which form a deployed 178 Network Slice." According to [TS28530], an end-to-end network slice 179 consists of three major types of network segments: Radio Access 180 Network (RAN), Transport Network (TN) and Core Network (CN). An IETF 181 Network Slice provides the required connectivity between different 182 entities in RAN and CN segments of an end-to-end network slice, with 183 a specific performance commitment (for example, serving as a TN 184 slice). For each end-to-end network slice, the topology and 185 performance requirement on a customer's use of an IETF Network Slice 186 can be very different, which requires the underlay network to have 187 the capability of supporting multiple different IETF Network Slices. 189 While network slices are commonly discussed in the context of 5G, it 190 is important to note that IETF Network Slices are a narrower concept 191 with a broader usage profile, and focus primarily on particular 192 network connectivity aspects. Other systems, including 5G 193 deployments, may use IETF Network Slices as a component to create 194 entire systems and concatenated constructs that match their needs, 195 including end-to-end connectivity. 197 An IETF Network Slice could span multiple technologies and multiple 198 administrative domains. Depending on the IETF Network Slice 199 customer's requirements, an IETF Network Slice could be isolated from 200 other, often concurrent IETF Network Slices in terms of data, control 201 and management planes. 203 The customer expresses requirements for a particular IETF Network 204 Slice service by specifying what is required rather than how the 205 requirement is to be fulfilled. That is, the IETF Network Slice 206 customer's view of an IETF Network Slice is an abstract one. 208 Thus, there is a need to create logical network structures with 209 required characteristics. The customer of such a logical network can 210 require a degree of isolation and performance that previously might 211 not have been satisfied by overlay VPNs. Additionally, the IETF 212 Network Slice customer might ask for some level of control of their 213 virtual networks, e.g., to customize the service paths in a network 214 slice. 216 This document specifies definitions and a framework for the provision 217 of an IETF Network Slice service. Section 6 briefly indicates some 218 candidate technologies for realizing IETF Network Slices. 220 2. Terms and Abbreviations 222 The following abbreviations are used in this document. 224 * NSC: Network Slice Controller 226 * SDP: Service Demarcation Point 228 * SLA: Service Level Agreement 230 * SLE: Service Level Expectation 232 * SLI: Service Level Indicator 234 * SLO: Service Level Objective 236 The meaning of these abbreviations is defined in greater details in 237 the remainder of this document. 239 2.1. Core Terminology 241 The following terms are presented here to give context. Other 242 terminology is defined in the remainder of this document. 244 Customer: A customer is the requester of an IETF Network Slice 245 service. Customers may request monitoring of SLOs. A customer 246 may be an entity such as an enterprise network or a network 247 operator, an individual working at such an entity, a private 248 individual contracting for a service, or an application or 249 software component. A customer may be an external party 250 (classically a paying customer) or a division of a network 251 operator that uses the service provided by another division of the 252 same operator. Other terms that have been applied to the customer 253 role are "client" and "consumer". 255 Provider: A provider is the organization that delivers an IETF 256 Network Slice service. A provider is the network operator that 257 controls the network resources used to construct the network slice 258 (that is, the network that is sliced). The provider's network 259 maybe a physical network or may be a virtual network supplied by 260 another service provider. 262 Customer Edge (CE): The customer device that provides connectivity 263 to a service provider. Examples include routers, Ethernet 264 switches, firewalls, 4G/5G RAN or Core nodes, application 265 accelerators, server load balancers, HTTP header enrichment 266 functions, and PEPs (Performance Enhancing Proxy). In some 267 circumstances CEs are provided to the customer and managed by the 268 provider. 270 Provider Edge (PE): The device within the provider network to which 271 a CE is attached. A CE may be attached to multiple PEs, and 272 multiple CEs may be attached to a given PE. 274 Attachment Circuit (AC): A channel connecting a CE and a PE over 275 which packets that belong to an IETF Network Slice service are 276 exchanged. An AC is, by definition, technology specific: that is, 277 the AC defines how customer traffic is presented to the provider 278 network. The customer and provider agree (through configuration) 279 on which values in which combination of layer 2 and layer 3 header 280 and payload fields within a packet identify to which {IETF Network 281 Slice service, connectivity construct, and SLOs/SLEs} that packet 282 is assigned. The customer and provider may agree on a per {IETF 283 Network Slice service, connectivity construct, and SLOs/SLEs} 284 basis to police or shape traffic on the AC in both the ingress (CE 285 to PE) direction and egress (PE to CE) direction, This ensures 286 that the traffic is within the capacity profile that is agreed in 287 an IETF Network Slice service. Excess traffic is dropped by 288 default, unless specific out-of-profile policies are agreed 289 between the customer and the provider. As described in 290 Section 4.2 the AC may be part of the IETF Network Slice service 291 or may be external to it. 293 Service Demarcation Point (SDP): The point at which an IETF Network 294 Slice service is delivered by a service provider to a customer. 295 Depending on the service delivery model (see Section 4.2) this may 296 be a CE or a PE, and could be a device, a software component, or 297 in the case of network functions virtualization (for example), be 298 an abstract function supported within the provider's network. 299 Each SDP must have a unique identifier (e.g., an IP address or MAC 300 address) within a given IETF Network Slice service and may use the 301 same identifier in multiple IETF Network Slice services. 303 An SDP may be abstracted as a Service Attachment Point (SAP) 304 [I-D.ietf-opsawg-sap] for the purpose generalizing the concept 305 across multiple service types and representing it in management 306 and configuration systems. 308 Connectivity Construct: A set of SDPs together with a communication 309 type that defines how traffic flows between the SDPs. An IETF 310 Network Slice service is specified in terms of a set of SDPs, the 311 associated connectivity constructs and the service objectives that 312 the customer wishes to see fulfilled. 314 3. IETF Network Slice 316 IETF Network Slices are created to meet specific requirements, 317 typically expressed as bandwidth, latency, latency variation, and 318 other desired or required characteristics. Creation of an IETF 319 Network Slice is initiated by a management system or other 320 application used to specify network-related conditions for particular 321 traffic flows in response to an actual or logical IETF Network Slice 322 service request. 324 Once created, these slices can be monitored, modified, deleted, and 325 otherwise managed. 327 Applications and components will be able to use these IETF Network 328 Slices to move packets between the specified end-points of the 329 service in accordance with specified characteristics. 331 A clear distinction should be made between the "IETF Network Slice 332 service" which is the function delivered to the customer (see 333 Section 3.2) and which is agnostic to the technologies and mechanisms 334 used by the service provider, and the "IETF Network Slice" which is 335 the realization of the service in the provider's network achieved by 336 partitioning network resources and by applying certain tools and 337 techniques within the network (see Section 3.1 and Section 6). 339 3.1. Definition and Scope of IETF Network Slice 341 The term "Slice" refers to a set of characteristics and behaviors 342 that differentiate one type of user-traffic from another within a 343 network. An IETF Network Slice is a slice of a network that uses 344 IETF technology. An IETF Network Slice assumes that an underlay 345 network is capable of changing the configurations of the network 346 devices on demand, through in-band signaling, or via controllers. 348 An IETF Network Slice enables connectivity between a set of Service 349 Demarcation Points (SDPs) with specific Service Level Objectives 350 (SLOs) and Service Level Expectations (SLEs) (see Section 4) over a 351 common underlay network. Thus, an IETF Network Slice delivers a 352 service to a customer by meeting connectivity resource requirements 353 and associated network capabilities such as bandwidth, latency, 354 jitter, and network functions with other resource behaviors such as 355 compute and storage availability. 357 IETF Network Slices may be combined hierarchically, so that a network 358 slice may itself be sliced. They may also be combined sequentially 359 so that various different networks can each be sliced and the network 360 slices placed into a sequence to provide an end-to-end service. This 361 form of sequential combination is utilized in some services such as 362 in 3GPP's 5G network [TS23501]. 364 3.2. IETF Network Slice Service 366 A service provider delivers an IETF Network Slice service for a 367 customer by realizing an IETF Network Slice. The IETF Network Slice 368 service is agnostic to the technology of the underlay network, and 369 its realization may be selected based upon multiple considerations 370 including its service requirements and the capabilities of the 371 underlay network. This allows an IETF Network Slice service customer 372 to describe their network connectivity and relevant objectives in a 373 common format, independent of the underlay technologies used. 375 The IETF Network Slice service is specified in terms of a set of 376 SDPs, a set of one or more connectivity constructs between subsets of 377 these SDPs, and a set of SLOs and SLEs (see Section 4) for each SDP 378 sending to each connectivity construct. A communication type (point- 379 to-point (P2P), point-to-multipoint (P2MP), or any-to-any (A2A)) is 380 specified for each connectivity construct. That is, in a given IETF 381 Network Slice service there may be one or more connectivity 382 constructs of the same or different type, each connectivity construct 383 may be between a different subset of SDPs, for a given connectivity 384 construct each sending SDP has its own set of SLOs and SLEs, and the 385 SLOs and SLEs in each set may be different. Note that a service 386 provider may decide how many connectivity constructs per IETF Network 387 Slice service it wishes to support such that an IETF Network Slice 388 service may be limited to one connectivity construct or may support 389 many. 391 This approach results in the following possible connectivity 392 constructs: 394 * For a P2P connectivity construct, there is one sending SDP and one 395 receiving SDP. This construct is like a private wire or a tunnel. 396 All traffic injected at the sending SDP is intended to be received 397 by the receiving SDP. The SLOs and SLEs apply at the sender (and 398 implicitly at the receiver). 400 * For a P2MP connectivity construct, there is only one sending SDP 401 and more than one receiving SDP. This is like a P2MP tunnel or 402 multi-access VLAN segment. All traffic from the sending SDP is 403 intended to be received by all the receiving SDPs. There is one 404 set of SLOs and SLEs that applies at the sending SDP (and 405 implicitly at all receiving SDPs). 407 * With an A2A connectivity construct, any sending SDP may send to 408 any one receiving SDP or any set of receiving SDPs in the 409 construct. There is an implicit level of routing in this 410 connectivity construct that is not present in the other 411 connectivity constructs because the provider's network must 412 determine to which receiving SDPs to deliver each packet. This 413 construct may be used to support P2P traffic between any pair of 414 SDPs, or to support multicast or broadcast traffic from one SDP to 415 a set of other SDPs. In the latter case, whether the service is 416 delivered using multicast within the provider's network or using 417 "ingress replication" or some other means is out of scope of the 418 specification of the service. A service provider may choose to 419 support A2A constructs, but to limit the traffic to unicast. 421 The SLOs/SLEs in an A2A connectivity construct apply to individual 422 sending SDPs regardless of the receiving SDPs, and there is no 423 linkage between sender and receiver in the specification of the 424 connectivity construct. A sending SDP may be "disappointed" if 425 the receiver is over-subscribed. If a customer wants to be more 426 specific about different behaviors from one SDP to another SDP, 427 they should use P2P connectivity constructs. 429 A customer traffic flow may be unicast or multicast, and various 430 network realizations are possible: 432 * Unicast traffic may be mapped to a P2P connectivity construct for 433 direct delivery, or to an A2A connectivity construct for the 434 service provider to perform routing to the destination SDP. It 435 would be unusual to use a P2MP connectivity construct to deliver 436 unicast traffic because all receiving SDPs would get a copy, but 437 this can still be done if the receivers are capable of dropping 438 the unwanted traffic. 440 * A bidirectional unicast service can be constructed by specifying 441 two P2P connectivity constructs. An additional SLE may specify 442 fate-sharing in this case. 444 * Multicast traffic may be mapped to a set of P2P connectivity 445 constructs, a single P2MP connectivity construct, or a mixture of 446 P2P and P2MP connectivity constructs. Multicast may also be 447 supported by an A2A connectivity construct. The choice clearly 448 influences how and where traffic is replicated in the network. 449 With a P2MP or A2A connectivity construct, it is the operator's 450 choice whether to realize the construct with ingress replication, 451 multicast in the core, P2MP tunnels, or hub-and-spoke. This 452 choice should not change how the customer perceives the service. 454 * The concept of a multipoint-to-point (MP2P) service can be 455 realized with multiple P2P connectivity constructs. Note that, in 456 this case, the egress may simultaneously receive traffic from all 457 ingresses. The SLOs at the sending SDPs must be set with this in 458 mind because the provider's network is not capable of coordinating 459 the policing of traffic across multiple distinct source SDPs. It 460 is assumed that the customer, requesting SLOs for the various P2P 461 connectivity constructs, is aware of the capabilities of the 462 receiving SDP. If the receiver receives more traffic than it can 463 handle, it may drop some and introduce queuing delays. 465 * The concept of a multipoint-to-multipoint (MP2MP) service can best 466 be realized using a set of P2MP connectivity constructs, but could 467 be delivered over an A2A connectivity construct if each sender is 468 using multicast. As with MP2P, the customer is assumed to be 469 familiar with the capabilities of all receivers. A customer may 470 wish to achieve an MP2MP service using a hub-and-spoke 471 architecture where they control the hub: that is, the hub may be 472 an SDP or an ancillary SDP (see Section 3.2.1) and the service may 473 be achieved by using a set of P2P connectivity constructs to the 474 hub, and a single P2MP connectivity construct from the hub. 476 From the above, it can be seen that the SLOs of the senders define 477 the SLOs for the receivers on any connectivity construct. That is, 478 and in particular, the network may be expected to handle the traffic 479 volume from a sender to all destinations. This extends to all 480 connectivity constructs in an IETF Network Slice service. 482 Note that the realization of an IETF Network Slice service does not 483 need to map the connectivity constructs one-to-one onto underlying 484 network constructs (such as tunnels, etc.). The service provided to 485 the customer is distinct from how the provider decides to deliver 486 that service. 488 If a CE has multiple attachment circuits to a PE within a given IETF 489 Network Slice service and they are operating in single-active mode, 490 then all traffic between the CE and its attached PEs transits a 491 single attachment circuit; if they are operating in all-active mode, 492 then traffic between the CE and its attached PEs is distributed 493 across all of the active attachment circuits. 495 A given sending SDP may be part of multiple connectivity constructs 496 within a single IETF Network Slice service, and the SDP may have 497 different SLOs and SLEs for each connectivity construct to which it 498 is sending. Note that a given sending SDP's SLOs and SLEs for a 499 given connectivity construct apply between it and each of the 500 receiving SDPs for that connectivity construct. 502 An IETF Network Slice service provider may freely make a deployment 503 choice as to whether to offer a 1:1 relationship between IETF Network 504 Slice service and connectivity construct, or to support multiple 505 connectivity constructs in a single IETF Network Slice service. In 506 the former case, the provider might need to deliver multiple IETF 507 Network Slice services to achieve the function of the second case. 509 It should be noted that per Section 9 of [RFC4364] an IETF Network 510 Slice service customer may actually provide IETF Network Slice 511 services to other customers in a mode sometimes referred to as 512 "carrier's carrier". In this case, the underlying IETF Network Slice 513 service provider may be owned and operated by the same or a different 514 provider network. As noted in Section 4.3, network slices may be 515 composed hierarchically or serially. 517 Section 4.2 provides a description of endpoints in the context of 518 IETF network slicing. These are known as Service Demarcation Points 519 (SDPs). For a given IETF Network Slice service, the customer and 520 provider agree, on a per-SDP basis which end of the attachment 521 circuit provides the SDP (i.e., whether the attachment circuit is 522 inside or outside the IETF Network Slice service). This determines 523 whether the attachment circuit is subject to the set of SLOs and SLEs 524 at the specific SDP. 526 3.2.1. Ancillary SDPs 528 It may be the case that the set of SDPs needs to be supplemented with 529 additional senders or receivers. An additional sender could be, for 530 example, an IPTV or DNS server either within the provider's network 531 or attached to it, while an extra receiver could be, for example, a 532 node reachable via the Internet. This is modelled as a set of 533 ancillary SDPs which supplement the other SDPs in one or more 534 connectivity constructs, or which have their own connectivity 535 constructs. Note that an ancillary SDP can either have a resolvable 536 address, e.g., an IP address or MAC address, or the SDP may be a 537 placeholder, e.g., IPTV or DNS server, which is resolved within the 538 provider's network when the IETF Network Slice service is 539 instantiated. 541 4. IETF Network Slice System Characteristics 543 The following subsections describe the characteristics of IETF 544 Network Slices in addition to the list of SDPs, the connectivity 545 constructs, and the technology of the ACs. 547 4.1. Objectives for IETF Network Slices 549 An IETF Network Slice service is defined in terms of quantifiable 550 characteristics known as Service Level Objectives (SLOs) and 551 unquantifiable characteristics known as Service Level Expectations 552 (SLEs). SLOs are expressed in terms Service Level Indicators (SLIs), 553 and together with the SLEs form the contractual agreement between 554 service customer and service provider known as a Service Level 555 Agreement (SLA). 557 The terms are defined as follows: 559 * A Service Level Indicator (SLI) is a quantifiable measure of an 560 aspect of the performance of a network. For example, it may be a 561 measure of throughput in bits per second, or it may be a measure 562 of latency in milliseconds. 564 * A Service Level Objective (SLO) is a target value or range for the 565 measurements returned by observation of an SLI. For example, an 566 SLO may be expressed as "SLI <= target", or "lower bound <= SLI <= 567 upper bound". A customer can determine whether the provider is 568 meeting the SLOs by performing measurements on the traffic. 570 * A Service Level Expectation (SLE) is an expression of an 571 unmeasurable service-related request that a customer of an IETF 572 Network Slice makes of the provider. An SLE is distinct from an 573 SLO because the customer may have little or no way of determining 574 whether the SLE is being met, but they still contract with the 575 provider for a service that meets the expectation. 577 * A Service Level Agreement (SLA) is an explicit or implicit 578 contract between the customer of an IETF Network Slice service and 579 the provider of the slice. The SLA is expressed in terms of a set 580 of SLOs and SLEs that are to be applied for a given connectivity 581 construct between a sending SDP and the set of receiving SDPs, and 582 may describe the extent to which divergence from individual SLOs 583 and SLEs can be tolerated, and commercial terms as well as any 584 consequences for violating these SLOs and SLEs. 586 4.1.1. Service Level Objectives 588 SLOs define a set of measurable network attributes and 589 characteristics that describe an IETF Network Slice service. SLOs do 590 not describe how an IETF Network Slice service is implemented or 591 realized in the underlying network layers. Instead, they are defined 592 in terms of dimensions of operation (time, capacity, etc.), 593 availability, and other attributes. 595 An IETF Network Slice service may include multiple connectivity 596 constructs that associate sets of endpoints (SDPs). SLOs apply to a 597 given connectivity construct and apply to a specific direction of 598 traffic flow. That is, they apply to a specific sending SDP and the 599 connection to the specific set of receiving SDPs. 601 The SLOs are combined with Service Level Expectations in an SLA. 603 4.1.1.1. Some Common SLOs 605 SLOs can be described as 'Directly Measurable Objectives': they are 606 always measurable. See Section 4.1.2 for the description of Service 607 Level Expectations which are unmeasurable service-related requests 608 sometimes known as 'Indirectly Measurable Objectives'. 610 Objectives such as guaranteed minimum bandwidth, guaranteed maximum 611 latency, maximum permissible delay variation, maximum permissible 612 packet loss rate, and availability are 'Directly Measurable 613 Objectives'. Future specifications (such as IETF Network Slice 614 service YANG models) may precisely define these SLOs, and other SLOs 615 may be introduced as described in Section 4.1.1.2. 617 The definition of these objectives are as follows: 619 Guaranteed Minimum Bandwidth: Minimum guaranteed bandwidth between 620 two endpoints at any time. The bandwidth is measured in data rate 621 units of bits per second and is measured unidirectionally. 623 Guaranteed Maximum Latency: Upper bound of network latency when 624 transmitting between two endpoints. The latency is measured in 625 terms of network characteristics (excluding application-level 626 latency). [RFC7679] discusses one-way metrics. 628 Maximum Permissible Delay Variation: Packet delay variation (PDV) as 629 defined by [RFC3393], is the difference in the one-way delay 630 between sequential packets in a flow. This SLO sets a maximum 631 value PDV for packets between two endpoints. 633 Maximum Permissible Packet Loss Rate: The ratio of packets dropped 634 to packets transmitted between two endpoints over a period of 635 time. See [RFC7680]. 637 Availability: The ratio of uptime to the sum of uptime and downtime, 638 where uptime is the time the connectivity construct is available 639 in accordance with all of the SLOs associated with it. 640 Availability will often be expressed along with the time period 641 over which the availability is measured, and specifying the 642 maximum allowed single period of downtime. 644 4.1.1.2. Other Service Level Objectives 646 Additional SLOs may be defined to provide additional description of 647 the IETF Network Slice service that a customer requests. These would 648 be specified in further documents. 650 If the IETF Network Slice service is traffic aware, other traffic 651 specific characteristics may be valuable including MTU, traffic-type 652 (e.g., IPv4, IPv6, Ethernet or unstructured), or a higher-level 653 behavior to process traffic according to user-application (which may 654 be realized using network functions). 656 4.1.2. Service Level Expectations 658 SLEs define a set of network attributes and characteristics that 659 describe an IETF Network Slice service, but which are not directly 660 measurable by the customer (e.g. diversity, isolation, and 661 geographical restrictions). Even though the delivery of an SLE 662 cannot usually be determined by the customer, the SLEs form an 663 important part of the contract between customer and provider. 665 Quite often, an SLE will imply some details of how an IETF Network 666 Slice service is realized by the provider, although most aspects of 667 the implementation in the underlying network layers remain a free 668 choice for the provider. For example, activating unicast or 669 multicast capabilities to deliver an IETF Network Slice service could 670 be explicitly requested by a customer or could be left as an 671 engineering decision for the service provider based on capabilities 672 of the network and operational choices. 674 SLEs may be seen as aspirational on the part of the customer, and 675 they are expressed as behaviors that the provider is expected to 676 apply to the network resources used to deliver the IETF Network Slice 677 service. Of course, over time, it is possible that mechanisms will 678 be developed that enable a customer to verify the provision of an 679 SLE, at which point it effectively becomes an SLO. The SLEs are 680 combined with SLOs in an SLA. 682 An IETF Network Slice service may include multiple connectivity 683 constructs that associate sets of endpoints (SDPs). SLEs apply to a 684 given connectivity construct and apply to specific directions of 685 traffic flow. That is, they apply to a specific sending SDP and the 686 connection to the specific set of receiving SDPs. However, being 687 more general in nature than SLOs, SLEs may commonly be applied to all 688 connectivity constructs in an IETF Network Slice service. 690 4.1.2.1. Some Common SLEs 692 SLEs can be described as 'Indirectly Measurable Objectives': they are 693 not generally directly measurable by the customer. 695 Security, geographic restrictions, maximum occupancy level, and 696 isolation are example SLEs as follows. 698 Security: A customer may request that the provider applies 699 encryption or other security techniques to traffic flowing between 700 SDPs of a connectivity construct within an IETF Network Slice 701 service. For example, the customer could request that only 702 network links that have MACsec [MACsec] enabled are used to 703 realize the connectivity construct. 705 This SLE may include a request for encryption (e.g., [RFC4303]) 706 between the two SDPs explicitly to meet the architectural 707 recommendations in [TS33.210] or for compliance with [HIPAA] or 708 [PCI]. 710 Whether or not the provider has met this SLE is generally not 711 directly observable by the customer and cannot be measured as a 712 quantifiable metric. 714 Please see further discussion on security in Section 9. 716 Geographic Restrictions: A customer may request that certain 717 geographic limits are applied to how the provider routes traffic 718 for the IETF Network Slice service. For example, the customer may 719 have a preference that its traffic does not pass through a 720 particular country for political or security reasons. 722 Whether or not the provider has met this SLE is generally not 723 directly observable by the customer and cannot be measured as a 724 quantifiable metric. 726 Maximal Occupancy Level: The maximal occupancy level specifies the 727 number of flows to be admitted and optionally a maximum number of 728 countable resource units (e.g., IP or MAC addresses) an IETF 729 Network Slice service can consume. Since an IETF Network Slice 730 service may include multiple connectivity constructs, this SLE 731 should also say whether it applies for the entire IETF Network 732 Slice service, for group of connections, or on a per connection 733 basis. 735 Again, a customer may not be able to fully determine whether this 736 SLE is being met by the provider. 738 Isolation: As described in Section 7, a customer may request that 739 its traffic within its IETF Network Slice service is isolated from 740 the effects of other network services supported by the same 741 provider. That is, if another service exceeds capacity or has a 742 burst of traffic, the customer's IETF Network Slice service should 743 remain unaffected and there should be no noticeable change to the 744 quality of traffic delivered. 746 In general, a customer cannot tell whether a service provider is 747 meeting this SLE. They cannot tell whether the variation of an 748 SLI is because of changes in the underlay network or because of 749 interference from other services carried by the network. If the 750 service varies within the allowed bounds of the SLOs, there may be 751 no noticeable indication that this SLE has been violated. 753 Diversity: A customer may request that different connectivity 754 constructs use different underlay network resources. This might 755 be done to enhance the availability of the connectivity constructs 756 within an IETF Network Slice service. 758 While availability is a measurable objective (see Section 4.1.1.1) 759 this SLE requests a finer grade of control and is not directly 760 measurable (although the customer might become suspicious if two 761 connectivity constructs fail at the same time). 763 4.2. IETF Network Slice Service Demarcation Points 765 As noted in Section 3.1, an IETF Network Slice provides connectivity 766 between sets of SDPs with specific SLOs and SLEs. Section 3.2 goes 767 on to describe how the IETF Network Slice service is composed of a 768 set of one or more connectivity constructs that describe connectivity 769 between the Service Demarcation Points (SDPs) across the underlay 770 network. 772 The characteristics of IETF Network Slice SDPs are as follows. 774 * SDPs are conceptual points of connection to an IETF Network Slice. 775 As such, they serve as the IETF Network Slice ingress/egress 776 points. 778 * Each SDP maps to a device, application, or a network function, 779 such as (but not limited to) routers, switches, interfaces/ports, 780 firewalls, WAN, 4G/5G RAN nodes, 4G/5G Core nodes, application 781 accelerators, server load balancers, NAT44 [RFC3022], NAT64 782 [RFC6146], HTTP header enrichment functions, and Performance 783 Enhancing Proxies (PEPs) [RFC3135]. 785 * An SDP is identified by a unique identifier in the context of an 786 IETF Network Slice customer. 788 * The provider associates each SDP with a set of provider-scope 789 identifiers such as IP addresses, encapsulation-specific 790 identifiers (e.g., VLAN tag, MPLS Label), interface/port numbers, 791 node ID, etc. 793 * SDPs are mapped to endpoints of services/tunnels/paths within the 794 IETF Network Slice during its initialization and realization. 796 - A combination of the SDP identifier and SDP provider-network- 797 scope identifiers define an SDP in the context of the Network 798 Slice Controller (NSC) (see Section 5.3). 800 - The NSC will use the SDP provider-network-scope identifiers as 801 part of the process of realizing the IETF Network Slice. 803 For a given IETF Network Slice service, the IETF Network Slice 804 customer and provider agree where the endpoint (i.e., the service 805 demarcation point) is located. This determines what resources at the 806 edge of the network form part of the IETF Network Slice and are 807 subject to the set of SLOs and SLEs for a specific endpoint. 809 Figure 1 shows different potential scopes of an IETF Network Slice 810 that are consistent with the different SDP locations. For the 811 purpose of this discussion and without loss of generality, the figure 812 shows customer edge (CE) and provider edge (PE) nodes connected by 813 attachment circuits (ACs). Notes after the figure give some 814 explanations. 816 |<---------------------- (1) ---------------------->| 817 | | 818 | |<-------------------- (2) -------------------->| | 819 | | | | 820 | | |<----------- (3) ----------->| | | 821 | | | | | | 822 | | | |<-------- (4) -------->| | | | 823 | | | | | | | | 824 V V AC V V V V AC V V 825 +-----+ | +-----+ +-----+ | +-----+ 826 | |--------| | | |--------| | 827 | CE1 | | | PE1 |. . . . . . . . .| PE2 | | | CE2 | 828 | |--------| | | |--------| | 829 +-----+ | +-----+ +-----+ | +-----+ 830 ^ ^ ^ ^ 831 | | | | 832 | | | | 833 Customer Provider Provider Customer 834 Edge 1 Edge 1 Edge 2 Edge 2 836 Figure 1: Positioning IETF Service Demarcation Points 838 Explanatory notes for Figure 1 are as follows: 840 1. If the CE is operated by the IETF Network Slice service provider, 841 then the edge of the IETF Network Slice may be within the CE. In 842 this case the slicing process may utilize resources from within 843 the CE such as buffers and queues on the outgoing interfaces. 845 2. The IETF Network Slice may be extended as far as the CE, to 846 include the AC, but not to include any part of the CE. In this 847 case, the CE may be operated by the customer or the provider. 848 Slicing the resources on the AC may require the use of traffic 849 tagging (such as through Ethernet VLAN tags) or may require 850 traffic policing at the AC link ends. 852 3. In another model, the SDPs of the IETF Network Slice are the 853 customer-facing ports on the PEs. This case can be managed in a 854 way that is similar to a port-based VPN: each port (AC) or 855 virtual port (e.g., VLAN tag) identifies the IETF Network Slice 856 and maps to an IETF Network Slice SDP. 858 4. Finally, the SDP may be within the PE. In this mode, the PE 859 classifies the traffic coming from the AC according to 860 information (such as the source and destination IP addresses, 861 payload protocol and port numbers, etc.) in order to place it 862 onto an IETF Network Slice. 864 The choice of which of these options to apply is entirely up to the 865 network operator. It may limit or enable the provisioning of 866 particular managed services and the operator will want to consider 867 how they want to manage CEs and what control they wish to offer the 868 customer over AC resources. 870 Note that Figure 1 shows a symmetrical positioning of SDPs, but this 871 decision can be taken on a per-SDP basis through agreement between 872 the customer and provider. 874 In practice, it may be necessary to map traffic not only onto an IETF 875 Network Slice, but also onto a specific connectivity construct if the 876 IETF Network Slice supports more than one with a source at the 877 specific SDP. The mechanism used will be one of the mechanisms 878 described above, dependent on how the SDP is realized. 880 Finally, note (as described in Section 2.1) that an SDP is an 881 abstract endpoint of an IETF Network Slice service and as such may be 882 a device, interface, or software component and may, in the case of 883 network functions virtualization (for example), be an abstract 884 function supported within the provider's network. 886 4.3. IETF Network Slice Composition 888 Operationally, an IETF Network Slice may be composed of two or more 889 IETF Network Slices as specified below. Decomposed network slices 890 are independently realized and managed. 892 * Hierarchical (i.e., recursive) composition: An IETF Network Slice 893 can be further sliced into other network slices. Recursive 894 composition allows an IETF Network Slice at one layer to be used 895 by the other layers. This type of multi-layer vertical IETF 896 Network Slice associates resources at different layers. 898 * Sequential composition: Different IETF Network Slices can be 899 placed into a sequence to provide an end-to-end service. In 900 sequential composition, each IETF Network Slice would potentially 901 support different dataplanes that need to be stitched together. 903 5. Framework 905 A number of IETF Network Slice services will typically be provided 906 over a shared underlay network infrastructure. Each IETF Network 907 Slice consists of both the overlay connectivity and a specific set of 908 dedicated network resources and/or functions allocated in a shared 909 underlay network to satisfy the needs of the IETF Network Slice 910 customer. In at least some examples of underlay network 911 technologies, the integration between the overlay and various 912 underlay resources is needed to ensure the guaranteed performance 913 requested for different IETF Network Slices. 915 5.1. IETF Network Slice Stakeholders 917 An IETF Network Slice and its realization involves the following 918 stakeholders. The IETF Network Slice customer and IETF Network Slice 919 provider (see Section 2.1) are also stakeholders. 921 Orchestrator: An orchestrator is an entity that composes different 922 services, resource, and network requirements. It interfaces with 923 the IETF NSC when composing a complex service such as an end-to- 924 end network slice. 926 IETF Network Slice Controller (NSC): The NSC realizes an IETF 927 Network Slice in the underlay network, and maintains and monitors 928 the run-time state of resources and topologies associated with it. 929 A well-defined interface is needed to support interworking between 930 different NSC implementations and different orchestrator 931 implementations. 933 Network Controller: The Network Controller is a form of network 934 infrastructure controller that offers network resources to the NSC 935 to realize a particular network slice. This may be an existing 936 network controller associated with one or more specific 937 technologies that may be adapted to the function of realizing IETF 938 Network Slices in a network. 940 5.2. Expressing Connectivity Intents 942 An IETF Network Slice customer communicates with the NSC using the 943 IETF Network Slice Service Interface. 945 An IETF Network Slice customer may be a network operator who, in 946 turn, uses the IETF Network Slice to provide a service for another 947 IETF Network Slice customer. 949 Using the IETF Network Slice Service Interface, a customer expresses 950 requirements for a particular slice by specifying what is required 951 rather than how that is to be achieved. That is, the customer's view 952 of a slice is an abstract one. Customers normally have limited (or 953 no) visibility into the provider network's actual topology and 954 resource availability information. 956 This should be true even if both the customer and provider are 957 associated with a single administrative domain, in order to reduce 958 the potential for adverse interactions between IETF Network Slice 959 customers and other users of the underlay network infrastructure. 961 The benefits of this model can include the following. 963 * Security: The underlay network components are less exposed to 964 attack because the underlay network (or network operator) does not 965 need to expose network details (topology, capacity, etc.) to the 966 IETF Network Slice customers. 968 * Layered Implementation: The underlay network comprises network 969 elements that belong to a different layer network than customer 970 applications. Network information (advertisements, protocols, 971 etc.) that a customer cannot interpret or respond to is not 972 exposed to the customer. (Note - a customer should not use 973 network information not exposed via the IETF Network Slice Service 974 Interface, even if that information is available.) 976 * Scalability: Customers do not need to know any information 977 concerning Network topology, capabilities, or state beyond that 978 which is exposed via the IETF Network Slice Service Interface. 980 The general issues of abstraction in a TE network are described more 981 fully in [RFC7926]. 983 This framework document does not assume any particular technology 984 layer at which IETF Network Slices operate. A number of layers 985 (including virtual L2, Ethernet or, IP connectivity) could be 986 employed. 988 Data models and interfaces are needed to set up IETF Network Slices, 989 and specific interfaces may have capabilities that allow creation of 990 slices within specific technology layers. 992 Layered virtual connections are comprehensively discussed in other 993 IETF documents. See, for instance, GMPLS-based networks [RFC5212] 994 and [RFC4397], or Abstraction and Control of TE Networks (ACTN) 995 [RFC8453] and [RFC8454]. The principles and mechanisms associated 996 with layered networking are applicable to IETF Network Slices. 998 There are several IETF-defined mechanisms for expressing the need for 999 a desired logical network. The IETF Network Slice Service Interface 1000 carries data either in a protocol-defined format, or in a formalism 1001 associated with a modeling language. 1003 For instance: 1005 * The Path Computation Element (PCE) Communication Protocol (PCEP) 1006 [RFC5440] and GMPLS User-Network Interface (UNI) using RSVP-TE 1007 [RFC4208] use a TLV-based binary encoding to transmit data. 1009 * The Network Configuration Protocol (NETCONF) [RFC6241] and 1010 RESTCONF Protocol [RFC8040] use XML and JSON encoding. 1012 * gRPC/GNMI [I-D.openconfig-rtgwg-gnmi-spec] uses a binary encoded 1013 programmable interface. ProtoBufs can be used to model gRPC and 1014 GNMI data. 1016 * For data modeling, YANG ([RFC6020] and [RFC7950]) may be used to 1017 model configuration and other data for NETCONF, RESTCONF, and 1018 GNMI, among others. 1020 While several generic formats and data models for specific purposes 1021 exist, it is expected that IETF Network Slice management may require 1022 enhancement or augmentation of existing data models. Further, it is 1023 possible that mechanisms will be needed to determine the feasibility 1024 of service requests before they are actually made. 1026 5.3. IETF Network Slice Controller (NSC) 1028 The IETF NSC takes abstract requests for IETF Network Slices and 1029 implements them using a suitable underlay technology. An IETF NSC is 1030 the key component for control and management of the IETF Network 1031 Slice. It provides the creation/modification/deletion, monitoring 1032 and optimization of IETF Network Slices in a multi-domain, a multi- 1033 technology and multi-vendor environment. 1035 The main task of the IETF NSC is to map abstract IETF Network Slice 1036 requirements to concrete technologies and establish required 1037 connectivity ensuring that resources are allocated to the IETF 1038 Network Slice as necessary. 1040 The IETF Network Slice Service Interface is used for communicating 1041 details of an IETF Network Slice (configuration, selected policies, 1042 operational state, etc.), as well as information about status and 1043 performance of the IETF Network Slice. The details for this IETF 1044 Network Slice Service Interface are not in scope for this document. 1046 The controller provides the following functions. 1048 * Provides an IETF Network Slice Service Interface for 1049 creation/modification/deletion of the IETF Network Slices that is 1050 agnostic to the technology of the underlay network. The API 1051 exposed by this interface communicates the Service Demarcation 1052 Points of the IETF Network Slice, IETF Network Slice SLO/SLE 1053 parameters (and possibly monitoring thresholds), applicable input 1054 selection (filtering) and various policies, and provides a way to 1055 monitor the slice. 1057 * Determines an abstract topology connecting the SDPs of the IETF 1058 Network Slice that meets criteria specified via the IETF Network 1059 Slice Service Interface. The NSC also retains information about 1060 the mapping of this abstract topology to underlay components of 1061 the IETF Network Slice as necessary to monitor IETF Network Slice 1062 status and performance. 1064 * Provides "Mapping Functions" for the realization of IETF Network 1065 Slices. In other words, it will use the mapping functions that: 1067 - map IETF Network Slice Service Interface requests that are 1068 agnostic to the technology of the underlay network to 1069 technology-specific network configuration interfaces. 1071 - map filtering/selection information as necessary to entities in 1072 the underlay network so that those entities are able to 1073 identify what traffic is associated with which connectivity 1074 construct and IETF network slice and necessary according to the 1075 realization solution, and how traffic should be treated to meet 1076 the SLOs and SLEs of the connectivity construct. 1078 * The controller collects telemetry data (e.g., OAM results, 1079 statistics, states, etc.) via a network configuration interface 1080 for all elements in the abstract topology used to realize the IETF 1081 Network Slice. 1083 * Evaluates the current performance against IETF Network Slice SLO 1084 parameters using the telemetry data from the underlying 1085 realization of an IETF Network Slice (i.e., services/paths/ 1086 tunnels). Exposes this performance to the IETF Network Slice 1087 customer via the IETF Network Slice Service Interface. The IETF 1088 Network Slice Service Interface may also include the capability to 1089 provide notifications if the IETF Network Slice performance 1090 reaches threshold values defined by the IETF Network Slice 1091 customer. 1093 5.3.1. IETF Network Slice Controller Interfaces 1095 The interworking and interoperability among the different 1096 stakeholders to provide common means of provisioning, operating and 1097 monitoring the IETF Network Slices is enabled by the following 1098 communication interfaces (see Figure 2). 1100 IETF Network Slice Service Interface: The IETF Network Slice Service 1101 Interface is an interface between a customer's higher level 1102 operation system (e.g., a network slice orchestrator or a customer 1103 network management system) and the NSC. It is agnostic to the 1104 technology of the underlay network. The customer can use this 1105 interface to communicate the requested characteristics and other 1106 requirements for the IETF Network Slice, and the NSC can use the 1107 interface to report the operational state of an IETF Network Slice 1108 to the customer. 1110 Network Configuration Interface: The Network Configuration Interface 1111 is an interface between the NSC and network controllers. It is 1112 technology-specific and may be built around the many network 1113 models already defined within the IETF. 1115 These interfaces can be considered in the context of the Service 1116 Model and Network Model described in [RFC8309] and, together with the 1117 Device Configuration Interface used by the Network Controllers, 1118 provides a consistent view of service delivery and realization. 1120 +------------------------------------------+ 1121 | Customer higher level operation system | 1122 | (e.g E2E network slice orchestrator, | 1123 | customer network management system) | 1124 +------------------------------------------+ 1125 A 1126 | IETF Network Slice Service Interface 1127 V 1128 +------------------------------------------+ 1129 | IETF Network Slice Controller (NSC) | 1130 +------------------------------------------+ 1131 A 1132 | Network Configuration Interface 1133 V 1134 +------------------------------------------+ 1135 | Network Controllers | 1136 +------------------------------------------+ 1138 Figure 2: Interfaces of the IETF Network Slice Controller 1140 5.3.1.1. IETF Network Slice Service Interface 1142 The IETF Network Slice Controller provides an IETF Network Slice 1143 Service Interface that allows customers to request and monitor IETF 1144 Network Slices. Customers operate on abstract IETF Network Slices, 1145 with details related to their realization hidden. 1147 The IETF Network Slice Service Interface is also independent of the 1148 type of network functions or services that need to be connected, 1149 i.e., it is independent of any specific storage, software, protocol, 1150 or platform used to realize physical or virtual network connectivity 1151 or functions in support of IETF Network Slices. 1153 The IETF Network Slice Service Interface uses protocol mechanisms and 1154 information passed over those mechanisms to convey desired attributes 1155 for IETF Network Slices and their status. The information is 1156 expected to be represented as a well-defined data model, and should 1157 include at least SDP and connectivity information, SLO/SLE 1158 specification, and status information. 1160 5.3.2. Management Architecture 1162 The management architecture described in Figure 2 may be further 1163 decomposed as shown in Figure 3. This should also be seen in the 1164 context of the component architecture shown in Figure 4 and 1165 corresponds to the architecture in [RFC8309]. 1167 -------------- 1168 | Network | 1169 | Slice | 1170 | Orchestrator | 1171 -------------- 1172 | IETF Network Slice 1173 | Service Request 1174 | Customer view 1175 ....|................................ 1176 -v------------------- Operator view 1177 |Controller | 1178 | ------------ | 1179 | | IETF | | 1180 | | Network | |--> Virtual Network 1181 | | Slice | | 1182 | | Controller | | 1183 | | (NSC) | | 1184 | ------------ | 1185 ..| | Network |............ 1186 | | Configuration | Underlay Network 1187 | v | 1188 | ------------ | 1189 | | Network | | 1190 | | Controller | | 1191 | | (NC) | | 1192 | ------------ | 1193 --------------------- 1194 | Device Configuration 1195 v 1197 Figure 3: Interface of IETF Network Slice Management Architecture 1199 6. Realizing IETF Network Slices 1201 Realization of IETF Network Slices is out of scope of this document. 1202 It is a mapping of the definition of the IETF Network Slice to the 1203 underlying infrastructure and is necessarily technology-specific and 1204 achieved by the NSC over the Network Configuration Interface. 1205 However, this section provides an overview of the components and 1206 processes involved in realizing an IETF Network Slice. 1208 The realization can be achieved in a form of either physical or 1209 logical connectivity using VPNs, virtual networks (VNs), or a variety 1210 of tunneling technologies such as Segment Routing, MPLS, etc. 1211 Accordingly, SDPs may be realized as physical or logical service or 1212 network functions. 1214 6.1. Architecture to Realize IETF Network Slices 1216 The architecture described in this section is deliberately at a high 1217 level. It is not intended to be prescriptive: implementations and 1218 technical solutions may vary freely. However, this approach provides 1219 a common framework that other documents may reference in order to 1220 facilitate a shared understanding of the work. 1222 Figure 4 shows the architectural components of a network managed to 1223 provide IETF Network Slices. The customer's view is of individual 1224 IETF Network Slices with their SDPs, and connectivity constructs. 1225 Requests for IETF Network Slices are delivered to the NSC. 1227 The figure shows, without loss of generality, the CEs, ACs, and PEs, 1228 that exist in the network. The SDPs are not shown and can be placed 1229 in any of the ways described in Section 4.2. 1231 -- -- -- 1232 |CE| |CE| |CE| 1233 -- -- -- 1234 AC : AC : AC : 1235 ---------------------- ------- 1236 ( |PE|....|PE|....|PE| ) ( IETF ) 1237 IETF Network ( --: -- :-- ) ( Network ) 1238 Slice Service ( :............: ) ( Slice ) 1239 Request ( IETF Network Slice ) ( ) Customer 1240 v ---------------------- ------- View 1241 v ............................\........./............... 1242 v \ / Provider 1243 v >>>>>>>>>>>>>>> Grouping/Mapping v v View 1244 v ^ ----------------------------------------- 1245 v ^ ( |PE|.......|PE|........|PE|.......|PE| ) 1246 --------- ( --: -- :-- -- ) 1247 | | ( :...................: ) 1248 | NSC | ( Network Resource Partition ) 1249 | | ----------------------------------------- 1250 | | ^ 1251 | |>>>>> Resource Partitioning | 1252 --------- of Filter Topology | 1253 v v | 1254 v v ----------------------------- -------- 1255 v v (|PE|..-..|PE|... ..|PE|..|PE|) ( ) 1256 v v ( :-- |P| -- :-: -- :-- ) ( Filter ) 1257 v v ( :.- -:.......|P| :- ) ( Topology ) 1258 v v ( |P|...........:-:.......|P| ) ( ) 1259 v v ( - Filter Topology ) -------- 1260 v v ----------------------------- ^ 1261 v >>>>>>>>>>>> Topology Filter ^ / 1262 v ...........................\............../........... 1263 v \ / Underlay 1264 ---------- \ / (Physical) 1265 | | \ / Network 1266 | Network | ---------------------------------------------- 1267 |Controller| ( |PE|.....-.....|PE|...... |PE|.......|PE| ) 1268 | | ( -- |P| -- :-...:-- -..:-- ) 1269 ---------- ( : -:.............|P|.........|P| ) 1270 v ( -......................:-:..- - ) 1271 >>>>>>> ( |P|.........................|P|......: ) 1272 Program the ( - - ) 1273 Network ---------------------------------------------- 1275 Figure 4: Architecture of an IETF Network Slice 1277 The network itself (at the bottom of the figure) comprises an 1278 underlay network. This could be a physical network, but may be a 1279 virtual network. The underlay network is provisioned through network 1280 controllers that may utilize device controllers [RFC8309]. 1282 The underlay network may optionally be filtered or customized by the 1283 network operator to produce a number of network topologies that we 1284 call Filter Topologies. Customization is just a way of selecting 1285 specific resources (e.g., nodes and links) from the underlay network 1286 according to their capabilities and connectivity in the underlay 1287 network. These actions are configuration options or operator 1288 policies. The resulting topologies can be used as candidates to host 1289 IETF Network Slices and provide a useful way for the network operator 1290 to know in advance that all of the resources they are using to plan 1291 an IETF Network Slice would be able to meet specific SLOs and SLEs. 1292 The creation of a Filter Topology could be an offline planning 1293 activity or could be performed dynamically as new demands arise. The 1294 use of Filter Topologies is entirely optional in the architecture, 1295 and IETF Network Slices could be hosted directly on the underlay 1296 network. 1298 Recall that an IETF Network Slice is a service requested by / 1299 provided for the customer. The IETF Network Slice service is 1300 expressed in terms of one or more connectivity constructs. An 1301 implementation or operator is free to limit the number of 1302 connectivity constructs in a slice to exactly one. Each connectivity 1303 construct is associated within the IETF Network Slice service request 1304 with a set of SLOs and SLEs. The set of SLOs and SLEs does not need 1305 to be the same for every connectivity construct in the slice, but an 1306 implementation or operator is free to require that all connectivity 1307 constructs in a slice have the same set of SLOs and SLEs. 1309 One or more connectivity constructs from one or more slices are 1310 mapped to a set of network resources called a Network Resource 1311 Partition (NRP). A single connectivity construct is mapped to only 1312 one NRP (that is, the relationship is many to one). An NRP may be 1313 chosen to support a specific connectivity construct because of its 1314 ability to support a specific set of SLOs and SLEs, or its ability to 1315 support particular connectivity types, or for any administrative or 1316 operational reason. An implementation or operator is free to map 1317 each connectivity construct to a separate NRP, although there may be 1318 scaling implications depending on the solution implemented. Thus, 1319 the connectivity constructs from one slice may be mapped to one or 1320 more NRPs. By implication from the above, an implementation or 1321 operator is free to map all the connectivity constructs in a slice to 1322 a single NRP, and to not share that NRP with connectivity constructs 1323 from another slice. 1325 An NRP is simply a collection of resources identified in the underlay 1326 network. Thus, the NRP is a scoped view of a topology and may be 1327 considered as a topology in its own right. The process of 1328 determining the NRP may be made easier if the underlay network 1329 topology is first filtered into a Filter Topology in order to be 1330 aware of the subset of network resources that are suitable for 1331 specific NRPs, but this is optional. 1333 The steps described here can be applied in a variety of orders 1334 according to implementation and deployment preferences. Furthermore, 1335 the steps may be iterative so that the components are continually 1336 refined and modified as network conditions change and as service 1337 requests are received or relinquished, and even the underlay network 1338 could be extended if necessary to meet the customers' demands. 1340 6.2. Procedures to Realize IETF Network Slices 1342 There are a number of different technologies that can be used in the 1343 underlay, including physical connections, MPLS, time-sensitive 1344 networking (TSN), Flex-E, etc. 1346 An IETF Network Slice can be realized in a network, using specific 1347 underlay technology or technologies. The creation of a new IETF 1348 Network Slice will be realized with following steps: 1350 * The NSC exposes the network slicing capabilities that it offers 1351 for the network it manages so that the customer can determine 1352 whether to request services and what features are in scope. 1354 * The customer may issue a request to determine whether a specific 1355 IETF Network Slice could be supported by the network. The NSC may 1356 respond indicating a simple yes or no, and may supplement a 1357 negative response with information about what it could support 1358 were the customer to change some requirements. 1360 * The customer requests an IETF Network Slice. The NSC may respond 1361 that the slice has or has not been created, and may supplement a 1362 negative response with information about what it could support 1363 were the customer to change some requirements. 1365 * When processing a customer request for an IETF Network Slice, the 1366 NSC maps the request to the network capabilities and applies 1367 provider policies before creating or supplementing the NRP. 1369 Regardless of how IETF Network Slice is realized in the network 1370 (i.e., using tunnels of different types), the definition of the IETF 1371 Network Slice service does not change at all. The only difference is 1372 how the slice is realized. The following sections briefly introduce 1373 how some existing architectural approaches can be applied to realize 1374 IETF Network Slices. 1376 6.3. Applicability of ACTN to IETF Network Slices 1378 Abstraction and Control of TE Networks (ACTN - [RFC8453]) is a 1379 management architecture and toolkit used to create virtual networks 1380 (VNs) on top of a TE underlay network. The VNs can be presented to 1381 customers for them to operate as private networks. 1383 In many ways, the function of ACTN is similar to IETF network 1384 slicing. Customer requests for connectivity-based overlay services 1385 are mapped to dedicated or shared resources in the underlay network 1386 in a way that meets customer guarantees for service level objectives 1387 and for separation from other customers' traffic. [RFC8453] 1388 describes the function of ACTN as collecting resources to establish a 1389 logically dedicated virtual network over one or more TE networks. 1390 Thus, in the case of a TE-enabled underlay network, the ACTN VN can 1391 be used as a basis to realize IETF network slicing. 1393 While the ACTN framework is a generic VN framework that can be used 1394 for VN services beyond the IETF Network Slice, it also a suitable 1395 basis for delivering and realizing IETF Network Slices. 1397 Further discussion of the applicability of ACTN to IETF Network 1398 Slices including a discussion of the relevant YANG models can be 1399 found in [I-D.ietf-teas-applicability-actn-slicing]. 1401 6.4. Applicability of Enhanced VPNs to IETF Network Slices 1403 An enhanced VPN (VPN+) is designed to support the needs of new 1404 applications, particularly applications that are associated with 5G 1405 services, by utilizing an approach that is based on existing VPN and 1406 TE technologies and adds characteristics that specific services 1407 require over and above VPNs as they have previously been specified. 1409 An enhanced VPN can be used to provide enhanced connectivity services 1410 between customer sites and can be used to create the infrastructure 1411 to underpin a IETF Network Slice service. 1413 It is envisaged that enhanced VPNs will be delivered using a 1414 combination of existing, modified, and new networking technologies. 1416 [I-D.ietf-teas-enhanced-vpn] describes the framework for Enhanced 1417 Virtual Private Network (VPN+) services. 1419 6.5. Network Slicing and Aggregation in IP/MPLS Networks 1421 Network slicing provides the ability to partition a physical network 1422 into multiple isolated logical networks of varying sizes, structures, 1423 and functions so that each slice can be dedicated to specific 1424 services or customers. 1426 Many approaches are currently being worked on to support IETF Network 1427 Slices in IP and MPLS networks with or without the use of Segment 1428 Routing. Most of these approaches utilize a way of marking packets 1429 so that network nodes can apply specific routing and forwarding 1430 behaviors to packets that belong to different IETF Network Slices. 1431 Different mechanisms for marking packets have been proposed 1432 (including using MPLS labels and Segment Routing segment IDs) and 1433 those mechanisms are agnostic to the path control technology used 1434 within the underlay network. 1436 These approaches are also sensitive to the scaling concerns of 1437 supporting a large number of IETF Network Slices within a single IP 1438 or MPLS network, and so offer ways to aggregate the connectivity 1439 constructs of slices (or whole slices) so that the packet markings 1440 indicate an aggregate or grouping where all of the packets are 1441 subject to the same routing and forwarding behavior. 1443 At this stage, it is inappropriate to mention any of these proposed 1444 solutions that are currently work in progress and not yet adopted as 1445 IETF work. 1447 6.6. Network Slicing and Service Function Chaining (SFC) 1449 A customer may request an IETF Network Slice service that involves a 1450 set of service functions (SFs) together with the order in which these 1451 SFs are invoked. Also, the customer can specify the service 1452 objectives to be met by the underly network (e.g., one-way delay to 1453 cross a service function path, one-way delay to reach a specific SF). 1454 These SFs are considered as ancillary SDPs and are possibly 1455 placeholders (i.e., the SFs are identified, but not their locators). 1457 Service Function Chaining (SFC) [RFC7665] techniques can be used by a 1458 provider to instantiate such an IETF Network Service Slice. The NSC 1459 may proceed as follows. 1461 * Expose a set of ancillary SDPs that are hosted in the underlay 1462 network. 1464 * Capture the SFC requirements (including, traffic performance 1465 metrics) from the customer. One or more service chains may be 1466 associated with the same IETF Network Slice service as 1467 connectivity constructs. 1469 * Execute an SF placement algorithm to decide where to locate the 1470 ancillary SDPs in order to fulfil the service objectives. 1472 * Generate SFC classification rules to identify (part of) the slice 1473 traffic that will be bound to an SFC. These classification rules 1474 may be the same as or distinct from the identification rules used 1475 to bind incoming traffic to the associated IETF Network Slice. 1477 The NSC also generates a set of SFC forwarding policies that 1478 govern how the traffic will be forwarded along a service function 1479 path (SFP). 1481 * Identify the appropriate Classifiers in the underlay network and 1482 provision them with the classification rules. Likewise, the NSC 1483 communicates the SFC forwarding polices to the appropriate Service 1484 Function Forwarders (SFF). 1486 The provider can enable an SFC data plane mechanism, such as 1487 [RFC8300], [RFC8596], or [I-D.ietf-spring-nsh-sr]. 1489 7. Isolation in IETF Network Slices 1491 7.1. Isolation as a Service Requirement 1493 An IETF Network Slice customer may request that the IETF Network 1494 Slice delivered to them is such that changes to other IETF Network 1495 Slices or to other services do not have any negative impact on the 1496 delivery of the IETF Network Slice. The IETF Network Slice customer 1497 may specify the degree to which their IETF Network Slice is 1498 unaffected by changes in the provider network or by the behavior of 1499 other IETF Network Slice customers. The customer may express this 1500 via an SLE it agrees with the provider. This concept is termed 1501 'isolation'. 1503 In general, a customer cannot tell whether a service provider is 1504 meeting an isolation SLE. If the service varies such that an SLO is 1505 breached then the customer will become aware of the problem, and if 1506 the service varies within the allowed bounds of the SLOs, there may 1507 be no noticeable indication that this SLE has been violated. 1509 7.2. Isolation in IETF Network Slice Realization 1511 Isolation may be achieved in the underlay network by various forms of 1512 resource partitioning ranging from dedicated allocation of resources 1513 for a specific IETF Network Slice, to sharing of resources with 1514 safeguards. For example, traffic separation between different IETF 1515 Network Slices may be achieved using VPN technologies, such as L3VPN, 1516 L2VPN, EVPN, etc. Interference avoidance may be achieved by network 1517 capacity planning, allocating dedicated network resources, traffic 1518 policing or shaping, prioritizing in using shared network resources, 1519 etc. Finally, service continuity may be ensured by reserving backup 1520 paths for critical traffic, dedicating specific network resources for 1521 a selected number of IETF Network Slices. 1523 8. Management Considerations 1525 IETF Network Slice realization needs to be instrumented in order to 1526 track how it is working, and it might be necessary to modify the IETF 1527 Network Slice as requirements change. Dynamic reconfiguration might 1528 be needed. 1530 The various management interfaces and components are discussed in 1531 Section 5. 1533 9. Security Considerations 1535 This document specifies terminology and has no direct effect on the 1536 security of implementations or deployments. In this section, a few 1537 of the security aspects are identified. 1539 Conformance to security constraints: Specific security requests from 1540 customer-defined IETF Network Slices will be mapped to their 1541 realization in the underlay networks. Underlay networks will 1542 require capabilities to conform to customer's requests as some 1543 aspects of security may be expressed in SLEs. 1545 IETF NSC authentication: Underlay networks need to be protected 1546 against the attacks from an adversary NSC as this could 1547 destabilize overall network operations. An IETF Network Slice may 1548 span across different networks, therefore, the NSC should have 1549 strong authentication with each of these networks. Furthermore, 1550 both the IETF Network Slice Service Interface and the Network 1551 Configuration Interface need to be secured. 1553 Specific isolation criteria: The nature of conformance to isolation 1554 requests means that it should not be possible to attack an IETF 1555 Network Slice service by varying the traffic on other services or 1556 slices carried by the same underlay network. In general, 1557 isolation is expected to strengthen the IETF Network Slice 1558 security. 1560 Data Integrity of an IETF Network Slice: A customer wanting to 1561 secure their data and keep it private will be responsible for 1562 applying appropriate security measures to their traffic and not 1563 depending on the network operator that provides the IETF Network 1564 Slice. It is expected that for data integrity, a customer is 1565 responsible for end-to-end encryption of its own traffic. While 1566 an IETF Network Slice might include encryption and other security 1567 features as part of the service (for example as SLEs), customers 1568 might be well advised to take responsibility for their own 1569 security needs. 1571 Note: See [NGMN_SEC] on 5G network slice security for discussion 1572 relevant to this section. 1574 IETF Network Slices might use underlying virtualized networking. All 1575 types of virtual networking require special consideration to be given 1576 to the separation of traffic between distinct virtual networks, as 1577 well as some degree of protection from effects of traffic use of 1578 underlay network (and other) resources from other virtual networks 1579 sharing those resources. 1581 For example, if a service requires a specific upper bound of latency, 1582 then that service can be degraded by added delay in transmission of 1583 service packets caused by the activities of another service or 1584 application using the same resources. 1586 Similarly, in a network with virtual functions, noticeably impeding 1587 access to a function used by another IETF Network Slice (for 1588 instance, compute resources) can be just as service-degrading as 1589 delaying physical transmission of associated packet in the network. 1591 10. Privacy Considerations 1593 Privacy of IETF Network Slice service customers must be preserved. 1594 It should not be possible for one IETF Network Slice customer to 1595 discover the presence of other customers, nor should sites that are 1596 members of one IETF Network Slice be visible outside the context of 1597 that IETF Network Slice. 1599 In this sense, it is of paramount importance that the system use the 1600 privacy protection mechanism defined for the specific underlay 1601 technologies that support the slice, including in particular those 1602 mechanisms designed to preclude acquiring identifying information 1603 associated with any IETF Network Slice customer. 1605 11. IANA Considerations 1607 This document makes no requests for IANA action. 1609 12. Informative References 1611 [HIPAA] HHS, "Health Insurance Portability and Accountability Act 1612 - The Security Rule", February 2003, 1613 . 1616 [I-D.ietf-opsawg-sap] 1617 Boucadair, M., Dios, O. G. D., Barguil, S., Wu, Q., and V. 1618 Lopez, "A Network YANG Model for Service Attachment Points 1619 (SAPs)", Work in Progress, Internet-Draft, draft-ietf- 1620 opsawg-sap-03, 21 March 2022, 1621 . 1624 [I-D.ietf-spring-nsh-sr] 1625 Guichard, J. N. and J. Tantsura, "Integration of Network 1626 Service Header (NSH) and Segment Routing for Service 1627 Function Chaining (SFC)", Work in Progress, Internet- 1628 Draft, draft-ietf-spring-nsh-sr-10, 13 December 2021, 1629 . 1632 [I-D.ietf-teas-applicability-actn-slicing] 1633 King, D., Drake, J., Zheng, H., and A. Farrel, 1634 "Applicability of Abstraction and Control of Traffic 1635 Engineered Networks (ACTN) to Network Slicing", Work in 1636 Progress, Internet-Draft, draft-ietf-teas-applicability- 1637 actn-slicing-01, 7 March 2022, 1638 . 1641 [I-D.ietf-teas-enhanced-vpn] 1642 Dong, J., Bryant, S., Li, Z., Miyasaka, T., and Y. Lee, "A 1643 Framework for Enhanced Virtual Private Network (VPN+) 1644 Services", Work in Progress, Internet-Draft, draft-ietf- 1645 teas-enhanced-vpn-10, 6 March 2022, 1646 . 1649 [I-D.openconfig-rtgwg-gnmi-spec] 1650 Shakir, R., Shaikh, A., Borman, P., Hines, M., Lebsack, 1651 C., and C. Morrow, "gRPC Network Management Interface 1652 (gNMI)", Work in Progress, Internet-Draft, draft- 1653 openconfig-rtgwg-gnmi-spec-01, 5 March 2018, 1654 . 1657 [MACsec] IEEE, "IEEE Standard for Local and metropolitan area 1658 networks - Media Access Control (MAC) Security", 2018, 1659 . 1661 [NGMN-NS-Concept] 1662 NGMN Alliance, "Description of Network Slicing Concept", 1663 https://www.ngmn.org/uploads/ 1664 media/161010_NGMN_Network_Slicing_framework_v1.0.8.pdf , 1665 2016. 1667 [NGMN_SEC] NGMN Alliance, "NGMN 5G Security - Network Slicing", April 1668 2016, . 1671 [PCI] PCI Security Standards Council, "PCI DSS", May 2018, 1672 . 1674 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 1675 Address Translator (Traditional NAT)", RFC 3022, 1676 DOI 10.17487/RFC3022, January 2001, 1677 . 1679 [RFC3135] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z. 1680 Shelby, "Performance Enhancing Proxies Intended to 1681 Mitigate Link-Related Degradations", RFC 3135, 1682 DOI 10.17487/RFC3135, June 2001, 1683 . 1685 [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation 1686 Metric for IP Performance Metrics (IPPM)", RFC 3393, 1687 DOI 10.17487/RFC3393, November 2002, 1688 . 1690 [RFC4208] Swallow, G., Drake, J., Ishimatsu, H., and Y. Rekhter, 1691 "Generalized Multiprotocol Label Switching (GMPLS) User- 1692 Network Interface (UNI): Resource ReserVation Protocol- 1693 Traffic Engineering (RSVP-TE) Support for the Overlay 1694 Model", RFC 4208, DOI 10.17487/RFC4208, October 2005, 1695 . 1697 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 1698 RFC 4303, DOI 10.17487/RFC4303, December 2005, 1699 . 1701 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1702 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 1703 2006, . 1705 [RFC4397] Bryskin, I. and A. Farrel, "A Lexicography for the 1706 Interpretation of Generalized Multiprotocol Label 1707 Switching (GMPLS) Terminology within the Context of the 1708 ITU-T's Automatically Switched Optical Network (ASON) 1709 Architecture", RFC 4397, DOI 10.17487/RFC4397, February 1710 2006, . 1712 [RFC5212] Shiomoto, K., Papadimitriou, D., Le Roux, JL., Vigoureux, 1713 M., and D. Brungard, "Requirements for GMPLS-Based Multi- 1714 Region and Multi-Layer Networks (MRN/MLN)", RFC 5212, 1715 DOI 10.17487/RFC5212, July 2008, 1716 . 1718 [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation 1719 Element (PCE) Communication Protocol (PCEP)", RFC 5440, 1720 DOI 10.17487/RFC5440, March 2009, 1721 . 1723 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1724 the Network Configuration Protocol (NETCONF)", RFC 6020, 1725 DOI 10.17487/RFC6020, October 2010, 1726 . 1728 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1729 NAT64: Network Address and Protocol Translation from IPv6 1730 Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, 1731 April 2011, . 1733 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1734 and A. Bierman, Ed., "Network Configuration Protocol 1735 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1736 . 1738 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 1739 Chaining (SFC) Architecture", RFC 7665, 1740 DOI 10.17487/RFC7665, October 2015, 1741 . 1743 [RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, 1744 Ed., "A One-Way Delay Metric for IP Performance Metrics 1745 (IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January 1746 2016, . 1748 [RFC7680] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, 1749 Ed., "A One-Way Loss Metric for IP Performance Metrics 1750 (IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January 1751 2016, . 1753 [RFC7926] Farrel, A., Ed., Drake, J., Bitar, N., Swallow, G., 1754 Ceccarelli, D., and X. Zhang, "Problem Statement and 1755 Architecture for Information Exchange between 1756 Interconnected Traffic-Engineered Networks", BCP 206, 1757 RFC 7926, DOI 10.17487/RFC7926, July 2016, 1758 . 1760 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1761 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1762 . 1764 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1765 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1766 . 1768 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 1769 "Network Service Header (NSH)", RFC 8300, 1770 DOI 10.17487/RFC8300, January 2018, 1771 . 1773 [RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models 1774 Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018, 1775 . 1777 [RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for 1778 Abstraction and Control of TE Networks (ACTN)", RFC 8453, 1779 DOI 10.17487/RFC8453, August 2018, 1780 . 1782 [RFC8454] Lee, Y., Belotti, S., Dhody, D., Ceccarelli, D., and B. 1783 Yoon, "Information Model for Abstraction and Control of TE 1784 Networks (ACTN)", RFC 8454, DOI 10.17487/RFC8454, 1785 September 2018, . 1787 [RFC8596] Malis, A., Bryant, S., Halpern, J., and W. Henderickx, 1788 "MPLS Transport Encapsulation for the Service Function 1789 Chaining (SFC) Network Service Header (NSH)", RFC 8596, 1790 DOI 10.17487/RFC8596, June 2019, 1791 . 1793 [TS23501] 3GPP, "System architecture for the 5G System (5GS)", 1794 3GPP TS 23.501, 2019. 1796 [TS28530] 3GPP, "Management and orchestration; Concepts, use cases 1797 and requirements", 3GPP TS 28.530, 2019. 1799 [TS33.210] 3GPP, "3G security; Network Domain Security (NDS); IP 1800 network layer security (Release 14).", December 2016, 1801 . 1804 Acknowledgments 1806 The entire TEAS Network Slicing design team and everyone 1807 participating in related discussions has contributed to this 1808 document. Some text fragments in the document have been copied from 1809 the [I-D.ietf-teas-enhanced-vpn], for which we are grateful. 1811 Significant contributions to this document were gratefully received 1812 from the contributing authors listed in the "Contributors" section. 1813 In addition we would like to also thank those others who have 1814 attended one or more of the design team meetings, including the 1815 following people not listed elsewhere: 1817 * Aihua Guo 1819 * Bo Wu 1821 * Greg Mirsky 1823 * Lou Berger 1825 * Rakesh Gandhi 1827 * Ran Chen 1829 * Sergio Belotti 1831 * Stewart Bryant 1833 * Tomonobu Niwa 1834 * Xuesong Geng 1836 Further useful comments were received from Daniele Ceccarelli, Uma 1837 Chunduri, Pavan Beeram, Tarek Saad, Kenichi Ogaki, Oscar Gonzalez de 1838 Dios, Xiaobing Niu, Dan Voyer, Igor Bryskin, Luay Jalil, Joel 1839 Halpern, John Scudder, John Mullooly, and Krzysztof Szarkowicz. 1841 This work is partially supported by the European Commission under 1842 Horizon 2020 grant agreement number 101015857 Secured autonomic 1843 traffic management for a Tera of SDN flows (Teraflow). 1845 Contributors 1847 The following authors contributed significantly to this document: 1849 Eric Gray 1850 (The original editor of the foundation documents) 1851 Independent 1852 Email: ewgray@graiymage.com 1854 Jari Arkko 1855 Ericsson 1856 Email: jari.arkko@piuha.net 1858 Mohamed Boucadair 1859 Orange 1860 Email: mohamed.boucadair@orange.com 1862 Dhruv Dhody 1863 Huawei, India 1864 Email: dhruv.ietf@gmail.com 1866 Jie Dong 1867 Huawei 1868 Email: jie.dong@huawei.com 1870 Xufeng Liu 1871 Volta Networks 1872 Email: xufeng.liu.ietf@gmail.com 1874 Authors' Addresses 1876 Adrian Farrel (editor) 1877 Old Dog Consulting 1878 United Kingdom 1879 Email: adrian@olddog.co.uk 1880 John Drake (editor) 1881 Juniper Networks 1882 United States of America 1883 Email: jdrake@juniper.net 1885 Reza Rokui 1886 Ciena 1887 Email: rrokui@ciena.com 1889 Shunsuke Homma 1890 NTT 1891 Japan 1892 Email: shunsuke.homma.ietf@gmail.com 1894 Kiran Makhijani 1895 Futurewei 1896 United States of America 1897 Email: kiranm@futurewei.com 1899 Luis M. Contreras 1900 Telefonica 1901 Spain 1902 Email: luismiguel.contrerasmurillo@telefonica.com 1904 Jeff Tantsura 1905 Microsoft Inc. 1906 Email: jefftant.ietf@gmail.com