idnits 2.17.1 draft-sin-sdnrg-sdn-approach-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 07, 2013) is 3848 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-05) exists of draft-boucadair-connectivity-provisioning-profile-02 == Outdated reference: A later version (-22) exists of draft-boucadair-connectivity-provisioning-protocol-00 == Outdated reference: A later version (-05) exists of draft-boucadair-network-automation-requirements-01 == Outdated reference: A later version (-13) exists of draft-ietf-idr-ls-distribution-03 == Outdated reference: A later version (-13) exists of draft-ietf-idr-sla-exchange-01 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SDNRG Working Group M. Boucadair 3 Internet-Draft C. Jacquenet 4 Intended status: Informational France Telecom 5 Expires: April 10, 2014 October 07, 2013 7 Software-Defined Networking: A Perspective From Within A Service 8 Provider 9 draft-sin-sdnrg-sdn-approach-04 11 Abstract 13 Software-Defined Networking (SDN) has been one of the major buzz 14 words of the networking industry for the past couple of years. And 15 yet, no clear definition of what SDN actually covers has been broadly 16 admitted so far. This document aims at contributing to the 17 clarification of the SDN landscape by providing a perspective on 18 requirements, issues and other considerations about SDN, as seen from 19 within a service provider environment. 21 It is not meant to endlessly discuss what SDN truly means, but rather 22 to suggest a functional taxonomy of the techniques that can be used 23 under a SDN umbrella and to elaborate on the various pending issues 24 the combined activation of such techniques inevitably raises. As 25 such, a definition of SDN is only mentioned for the sake of 26 clarification. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on April 10, 2014. 45 Copyright Notice 47 Copyright (c) 2013 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. Introducing Software-Defined Networking . . . . . . . . . . . 4 64 2.1. A Tautology? . . . . . . . . . . . . . . . . . . . . . . 4 65 2.2. On Flexibility . . . . . . . . . . . . . . . . . . . . . 4 66 2.3. A Tentative Definition . . . . . . . . . . . . . . . . . 5 67 2.4. Functional Meta-Domains . . . . . . . . . . . . . . . . . 5 68 3. A Few Considerations . . . . . . . . . . . . . . . . . . . . 6 69 3.1. Remember The Past . . . . . . . . . . . . . . . . . . . . 6 70 3.2. Be Pragmatic . . . . . . . . . . . . . . . . . . . . . . 7 71 3.3. Measure Experience Against Expectations . . . . . . . . . 8 72 3.4. Design Carefully . . . . . . . . . . . . . . . . . . . . 9 73 3.5. There Is Life Beyond OpenFlow . . . . . . . . . . . . . . 9 74 3.6. Non Goals . . . . . . . . . . . . . . . . . . . . . . . . 9 75 4. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 10 76 4.1. Implications Of Full Automation . . . . . . . . . . . . . 10 77 4.2. Bootstrapping An SDN . . . . . . . . . . . . . . . . . . 11 78 4.3. The Intelligence Resides In The PDP . . . . . . . . . . . 12 79 4.4. Simplicity And Adaptability Vs. Complexity . . . . . . . 13 80 4.5. Performance And Scalability . . . . . . . . . . . . . . . 13 81 4.6. Risk Assessement . . . . . . . . . . . . . . . . . . . . 14 82 4.7. On Security . . . . . . . . . . . . . . . . . . . . . . . 14 83 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 84 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 85 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 86 8. Informative References . . . . . . . . . . . . . . . . . . . 15 87 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 89 1. Introduction 91 The Internet has become the federative network that supports a wide 92 range of service offerings. The delivery of network services such as 93 IP VPNs assumes the combined activation of various capabilities that 94 include (but are not necessarily limited to) forwarding and routing 95 capabilities (e.g., customer-specific addressing scheme management, 96 dynamic path computation to reach a set of destination prefixes, 97 dynamic establishment of tunnels, etc.), quality of service 98 capabilities (e.g., traffic classification and marking, traffic 99 conditioning and scheduling), security capabilities (e.g., filters to 100 protect customer premises from network-originated attacks, to avoid 101 malformed route announcements, etc.) and management capabilities 102 (e.g., fault detection and processing). 104 As these services not only grow in variety but also in complexity, 105 their design, delivery and operation have become a complex alchemy 106 that often requires various levels of expertise. This situation is 107 further aggravated by the wide variety of (network) protocols and 108 tools, as well as recent Any Time Any-Where Any Device 109 (ATAWAD)-driven convergence trends that are meant to make sure an 110 end-user can access the whole range of services he/she has subscribed 111 to, whatever the access and device technologies, wherever the end- 112 user is connected to the network, and whether this end-user is in 113 motion or not. 115 Yet, most of these services have been deployed for the past decade, 116 primarily based upon often static service production procedures that 117 are more and more exposed to the risk of erroneous configuration 118 commands. In addition, most of these services do not assume any 119 specific negotiation between the customer and the service provider or 120 between service providers besides the typical financial terms. 122 At best, five-year master plans are referred to as the network 123 planning policy that will be enforced by the service provider, given 124 the foreseen business development perspectives, manually-computed 125 traffic forecasts and the market coverage (fixed/mobile, residential/ 126 corporate). This so-called network planning policy may very well 127 affect the way resources are allocated in a network, but clearly 128 fails to be adequately responsive to highly dynamic customer 129 requirements in an "always-on" fashion. The need for improved 130 service delivery procedures (including the time it takes to deliver 131 the service once possible negotiation phase is completed) is even 132 more critical for corporate customers. 134 In addition, various tools are used for different, sometimes service- 135 centric, management purposes but their usage is not necessarily 136 coordinated for the sake of event aggregation, correlation and 137 processing. This lack of coordination may come at the cost of extra 138 complexity and possible customer's Quality of Experience degradation. 140 Multi-service, multi-protocol, multi-technology convergent and 141 dynamically-adaptive networking environments of the near future have 142 therefore become one of the major challenges faced by service 143 providers. 145 This document aims at clarifying the SDN landscape by providing a 146 perspective on the functional taxonomy of the techniques that can be 147 used in SDN, as seen from within a service provider environment. 149 2. Introducing Software-Defined Networking 151 2.1. A Tautology? 153 The separation of the forwarding and control planes (beyond 154 implementation considerations) have almost become a gimmick to 155 promote flexibility as a key feature of the SDN approach. 156 Technically, most of current router implementations have been 157 assuming this separation for decades. Routing processes (such as IGP 158 and BGP route computation) have often been software-based, while 159 forwarding capabilities are hardware-encoded. 161 As such, the current state-of-the-art tends to confirm the said 162 separation, which rather falls under a tautology. 164 But a somewhat centralized, "controller-embedded", control plane for 165 the sake of optimized route computation before FIB population is 166 certainly another story. 168 2.2. On Flexibility 170 Promoters of SDN have argued that it provides additional flexibility 171 in how the network is operated. This is undoubtedly one of the key 172 objectives that must be achieved by service providers. This is 173 because the ability to dynamically adapt to a wide range of 174 customer's requests for the sake of flexible network service delivery 175 is an important competitive advantage. But flexibility is much, much 176 more than separating the control and forwarding planes to facilitate 177 forwarding decision-making processes. 179 For example, the ability to accommodate short duration extra 180 bandwidth requirements so that end users can stream a video file to 181 their 4G terminal device is an example of that flexibility that 182 several mobile operators are currently investigating. 184 From this perspective, the ability to predict the network behavior as 185 a function of the network services to be delivered is of paramount 186 importance for service providers, so that they can assess the impact 187 of introducing new services or activating additional network features 188 or enforcing a given set of (new) policies from both a financial and 189 technical standpoints. This argues in favor of investigating 190 advanced network emulation engines, which can be fed with information 191 that can be derived from [I-D.ietf-idr-ls-distribution], for example. 193 Given the rather broad scope that the flexibility wording suggests: 195 o The exact characterization of what flexibility actually means is 196 still required. 197 o The exposure of programmable interfaces is not a goal per se, 198 rather a means to facilitate configuration procedures for the sake 199 of improved flexibility. 201 2.3. A Tentative Definition 203 We define Software-Defined Networking as the set of techniques used 204 to facilitate the design, the delivery and the operation of network 205 services in a deterministic, dynamic, and scalable manner. The said 206 determinism refers to the ability to completely master the various 207 components of the service delivery chain, so that the service that 208 has been delivered complies with what has been negotiated and 209 contractually defined with the customer. 211 As such, determinism implies the ability to control how network 212 services are structured, designed and delivered, and where traffic 213 should be forwarded in the network for the sake of optimized resource 214 usage. Although not explicitly reminded in the following sections of 215 the document, determinism lies beneath any action that may be taken 216 by a service provider once service parameter negotiation is 217 completed, from configuration tasks to service delivery, fulfillment 218 and assurance (see Section 2.4 below). 220 Such a definition assumes the introduction of a high level of 221 automation in the overall service delivery and operation procedures. 223 Because networking is software-driven by nature, the above definition 224 does not emphasize the claimed "Software-Defined" properties of SDN- 225 labeled solutions. 227 2.4. Functional Meta-Domains 229 SDN techniques can be classified into the following functional meta- 230 domains: 232 o Techniques for the dynamic discovery of network topology, devices 233 and capabilities, along with relevant information and data models 234 that are meant to precisely document such topology, devices and 235 capabilities. 237 o Techniques for exposing network services and their 238 characteristics, and for dynamically negotiating the set of 239 service parameters that will be used to measure the level of 240 quality associated to the delivery of a given service or a 241 combination thereof. For example, 242 [I-D.boucadair-connectivity-provisioning-profile]) . 243 o Techniques used by service requirements-derived dynamic resource 244 allocation and policy enforcement schemes, so that networks can be 245 programmed accordingly. Decisions made to dynamically allocate 246 resources and enforce policies are typically the result of the 247 correlation of various inputs, such as the status of available 248 resources in the network at any given time, the number of customer 249 service subscription requests that need to be processed over a 250 given period of time, the traffic forecasts and the possible need 251 to trigger additional resource provisioning cycles according to a 252 typical multi-year master plan, etc. 253 o Dynamic feedback mechanisms that are meant to assess how 254 efficiently a given policy (or a set thereof) is enforced from a 255 service fulfillment and assurance perspective. 257 3. A Few Considerations 259 The networking ecosystem has become awfully complex and highly 260 demanding in terms of robustness, performance, scalability, 261 flexibility, agility, etc. This means in particular that service 262 providers and network operators must deal with such complexity and 263 operate networking infrastructures that can evolve easily, remain 264 scalable, guarantee robustness and availability, and are resilient 265 against denial-of-service attacks. 267 The introduction of new SDN-based networking features should 268 obviously take into account this context, especially from a cost 269 impact assessment perspective. 271 3.1. Remember The Past 273 SDN techniques are not the next big thing per se, but rather a kind 274 of rebranding of proposals that have been investigated for several 275 years, like Active or Programmable Networks. As a matter of fact, 276 some of the claimed "new" SDN features have been already implemented 277 (e.g., NMS (Network Management System), PCE (Path Computation 278 Element, [RFC4655])), and supported by vendors for quite some time 279 (references can be added if needed). 281 Some of these features have also been standardized (e.g., DNS-based 282 routing [RFC1383] that can be seen as an illustration of separated 283 control and forwarding planes or ForCES ([RFC5810][RFC5812])). 285 Also, the Policy-Based Management framework[RFC2753] introduced in 286 the early 2000's was designed to orchestrate available resources, by 287 means of a typical Policy Decision Point (PDP) which masters advanced 288 offline traffic engineering capabilities. As such, this framework 289 has the ability to interact with in-band software modules embedded in 290 controlled devices (or not). 292 The Policy Decision Point (PDP) is where policy decisions are made. 293 PDPs use a directory service for policy repository purposes. The 294 policy repository stores the policy information that can be retrieved 295 and updated by the PDP. The PDP delivers policy rules to the Policy 296 Enforcement Point (PEP) in the form of policy-provisioning 297 information that includes configuration information. 299 The Policy Enforcement Point (PEP) is where policy decisions are 300 applied. PEPs are embedded in (network) devices, which are 301 dynamically configured based upon the policy-formatted information 302 that has been processed by the PEP. PEPs request configuration from 303 the PDP, store the configuration information in the Policy 304 Information Base (PIB), and delegate any policy decision to the PDP. 306 SDN techniques as a whole are an instantiation of the policy-based 307 network management framework. Within this context, SDN techniques 308 can be used to activate capabilities on demand, to dynamically invoke 309 network and storage resources and to operate dynamically-adaptive 310 networks according to events (e.g., alteration of the network 311 topology) and triggers (e.g., dynamic notification of a link 312 failure), etc. 314 3.2. Be Pragmatic 316 SDN approaches should be holistic, i.e., global, network-wide. It is 317 not a matter of configuring devices one by one to enforce a specific 318 forwarding policy. SDN techniques are about configuring and 319 operating a whole range of devices at the scale of the network for 320 the sake of automated service delivery 321 ([I-D.boucadair-network-automation-requirements]), from service 322 negotiation and creation (e.g., [I-D.ietf-idr-sla-exchange]) to 323 assurance and fulfillment. 325 Because the complexity of activating SDN capabilities is largely 326 hidden to the end-user and software-handled, a clear understanding of 327 the overall ecosystem is needed to figure out how to manage this 328 complexity and to what extent this hidden complexity does not have 329 side effects on network operation. 331 As an example, SDN designs that assume a central decision-making 332 entity must avoid single points of failure. They must not affect 333 packet forwarding performances either (e.g., transit delays must not 334 be impacted). 336 SDN techniques are not necessary to develop new network services per 337 se. The basic service remains (IP) connectivity that solicits 338 resources located in the network. SDN techniques can thus be seen as 339 another means to interact with network service modules and invoke 340 both connectivity and storage resources accordingly in order to meet 341 service-specific requirements. 343 By definition, SDN technique activation and operation remain limited 344 to what is supported by embedded software and hardware. One cannot 345 expect SDN techniques to support unlimited customizable features. 347 3.3. Measure Experience Against Expectations 349 Because several software modules may be controlled by external 350 entities, there is a need for a means to make sure that what has been 351 delivered complies with what has been negotiated. Such means belong 352 to the set of SDN techniques. 354 These typical policiy-based techniques should interact with both 355 Service Structuring engines (that are meant to expose the service 356 characteristics and to possibly negotiate those characteristics) and 357 the network to continuously assess whether the experienced network 358 behavior is compliant with the objectives set by the Service 359 Structuring engine, and which may have been dynamically negotiated 360 with the customer (e.g., as captured in a CPP 361 [I-D.boucadair-connectivity-provisioning-profile], 362 [I-D.boucadair-connectivity-provisioning-protocol]). This 363 requirement applies to several regions of a network, including: 365 1. At the interface between two adjacent IP network providers. 366 2. At the access interface between a service provider and an IP 367 network provider. 368 3. At the interface between a customer and the IP network provider. 370 Ideally, a fully automated service delivery procedure from 371 negotiation and ordering, through order processing, to delivery, 372 assurance and fulfillment, should be supported. This approach 373 assumes widely adopted standard data and information models, let 374 alone interfaces. 376 3.4. Design Carefully 378 Exposing open and programmable interfaces has a cost, from both a 379 scalability and performance standpoints. 381 Maintaining hard-coded performance optimization techniques is 382 encouraged. So is the use of interfaces that allow the direct 383 control of some engines (e.g., routing, forwarding) without requiring 384 any in-between adaptation layer (generic objects to vendor-specific 385 CLI commands for instance). 387 SDN techniques will have to accommodate vendor-specific components 388 anyway. Indeed, these vendor-specific features will not cease to 389 exist mainly because of the harsh competition. 391 The introduction of new functions or devices that may jeopardize 392 network flexibility should be avoided, or at least carefully 393 considered in light of possible performance and scalability impacts. 394 SDN-enabled devices will have to coexist with legacy systems. 396 One single SDN, network-wide deployment is therefore very unlikely. 397 Instead, multiple instantiations of SDN techniques will be 398 progressively deployed and adapted to various network and service 399 segments. 401 3.5. There Is Life Beyond OpenFlow 403 Empowering networking with in-band controllable modules does not 404 necessarily mean the use of the OpenFlow protocol, which is just 405 another protocol that helps devices populate their forwarding tables 406 according to a set of instructions. 408 OpenFlow is clearly not the "next big thing": there are many, many 409 other candidate protocols that can be used for the same or even 410 broader purposes (e.g., resource reservation purposes). The 411 forwarding of the configuration information can indeed rely upon a 412 variety of protocols that include (but is not necessarily limited to) 413 PCEP [RFC5440], NETCONF [RFC6241], COPS-PR [RFC3084], Routing Policy 414 Specification Language (RPSL, [RFC2622]), etc. 416 There is therefore no 1:1 relationship between OpenFlow and SDN. 417 Rather, OpenFlow is one of the candidate protocols to convey specific 418 configuration information towards devices. As such, OpenFlow is one 419 possible component of the global SDN toolkit. 421 3.6. Non Goals 422 There are inevitable trade-offs to be found between operating the 423 current networking ecosystem and introducing some SDN techniques, 424 possibly at the cost of introducing new technologies. Operators do 425 not have to choose between the two as both environments will have to 426 coexist. 428 In particular, the following considerations cannot justify the 429 deployment of SDN techniques: 431 o Fully flexible software implementations, because the claimed 432 flexibility will be limited by respective software and hardware 433 limitations, anyway. 434 o Fully modular implementations are difficult to achieve (because of 435 the implicit complexity) and may introduce extra effort for 436 testing, validation and troubleshooting. 437 o Fully centralized control systems that are likely to raise some 438 scalability issues. Distributed protocols and their ability to 439 react to some events (e.g., link failure) in a timely manner 440 remains a cornerstone of scalable networks. This means that SDN 441 designs can rely upon a logical representation of centralized 442 features (an abstraction layer that would support inter-PDP 443 communications, for example). 445 4. Discussion 447 4.1. Implications Of Full Automation 449 The path towards full automation is paved with numerous challenges 450 and requirements, including: 452 o Make sure automation is well implemented so as to facilitate 453 testing (including validation checks) and troubleshooting. 455 * This suggests the need for simulation tools that accurately 456 assess the impact of introducing a high level of automation in 457 the overall service delivery procedure, so as to avoid a 458 typical "mad robot" syndrom whose consequences can be serious, 459 from a control and QoS standpoints among others. 460 * This also suggests careful management of human expertise, so 461 that network operators can use robust, flexible means to 462 automate repetitive or error-prone tasks, and then build on 463 automation or stringing together multiple actions to create 464 increasingly complex tasks that require less human interaction 465 (guidance, input) to complete. 466 o Simplify and foster service delivery, assurance and fulfillment, 467 as well as network failure detection, diagnosis and root cause 468 analysis, for the sake of cost optimization: 470 * Such cost optimization relates to improved service delivery 471 times as well as optimized human expertise (see above) and 472 global, technology-agnostic, service structuring and delivery 473 procedures. In particular, the ability to inject new functions 474 in existing devices should not assume a replacement of the said 475 devices, but rather allow smart investment capitalization. 476 * This can be achieved thanks to automation, possibly based upon 477 a logically centralized view of the network infrastructure (or 478 a portion thereof), yielding the need for highly automated 479 topology, device and capabilities discovery means as well as 480 operational procedures. 481 * The main intelligence resides in the PDP, which suggests that 482 an important part of the SDN-related development effort should 483 focus on a detailed specification of the PDP function, 484 including algorithms and behavioral state machineries, based 485 upon a complete set of standardized data and information 486 models. 487 * These information models and data need to be carefully 488 structured for the sakes of efficiency and flexibility. This 489 probably suggests a set of simplified pseudoblocks that can be 490 assembled as per the nature of the service to be delivered. 491 o Need for abstraction layers: clear interfaces between business 492 actors, between layers, let alone cross-layer considerations, etc. 494 * For the sake of various service structuring and packaging. 495 * Need for IP connectivity service exposure to customers, peers, 496 applications, content/service providers, etc. (e.g., 497 [I-D.boucadair-connectivity-provisioning-profile]). 498 * Need for solutions that accommodate IP connectivity service 499 requirements with network engineering objectives. 500 * Need for dynamically-adaptive decision-making processes, which 501 can properly operate according to a set of input data and 502 metrics, such as current resource usage and demand, traffic 503 forecasts and matrices, etc., all for the sake of highly 504 responsive dynamic resource allocation and policy enforcement 505 schemes. 506 o Better accommodate technologically heterogeneous networking 507 environments: 509 * Need for vendor-independent configuration procedures, based 510 upon the enforcement of vendor-agnostic generic policies 511 instead of vendor-specific languages. 512 * Need for tools to aid manageability and orchestrate resources. 513 * Avoid proxies and privilege direct interaction with engines 514 (e.g., routing, forwarding). 516 4.2. Bootstrapping An SDN 517 Means to dynamically discover the functional capabilities of the 518 devices that will be steered by a PDP intelligence for the sake of 519 automated network service delivery need to be provided. This is 520 indeed because the acquisition of the information related to what the 521 network is actually capable of will help structuring the PDP 522 intelligence so that policy provisioning information can be derived 523 accordingly. 525 A typical example would consist in documenting a traffic engineering 526 policy based upon the dynamic discovery of the various functions 527 supported by the network devices, as a function of the services to be 528 delivered, thus yielding the establlishment of different routes 529 towards the same destination depending on the nature of the traffic, 530 the location of the functions that need to be invoked to forward such 531 traffic, etc. 533 Likewise, means to dynamically acquire the descriptive information 534 (includding the base configuration) of any network device that may 535 participate to the delivery of a given service should be provided so 536 as to help the PDP structure the services that can be delivered, as a 537 function of the available resources, their location, etc. 539 SDN-related features can be grafted into an existing network 540 infrastructure. These features may not be enabled at once, but a 541 gradual approach can rather be adopted. A typical deployment example 542 would be to use an SDN decision-making process as an emulation 543 platform that would help in making appropriate technical choices 544 before their actual deployment in the network. 546 4.3. The Intelligence Resides In The PDP 548 The proposed SDN definition in Section 2.3 assumes an intelligence 549 that may reside in the control or the management planes (or both). 550 This intelligence is typically represented by a Policy Decision Point 551 (PDP), which is one of the key functional components of the Policy- 552 Based Management framework [RFC2753]. 554 SDN networking therefore relies upon PDP functions that are capable 555 of processing various input data (traffic forecasts, outcomes of 556 negotiation between customers and service providers, resource status 557 (as depicted in appropriate information models instantiated in the 558 PIB, etc.) to make appropriate decisions. 560 The design and the operation of such PDP-based intelligence in a 561 scalable manner remains of the major areas that needs to be 562 investigated. 564 To avoid centralized design schemes, inter-PDP communication is 565 likely to be required, and corresponding issues and solutions should 566 be considered. Several PDP instances may thus be activated in a 567 given domain. Because each of these PDP instances may be responsible 568 for making decisions about the enforcement of a specific policy 569 (e.g., one PDP for QoS policy enforcement purposes, another one for 570 security policy enforcement purposes, etc.), an inter-PDP 571 communication scheme is required for the sake of global PDP 572 coordination and correlation. 574 Inter-domain PDP exchanges may also be needed for specific usages. 575 Examples of such exchanges are: (1) During the network attachment 576 phase of a node to a visited network, the PDP operated by the visited 577 network can contact the home PDP to retrieve the policies to be 578 enforced for that node. (2) Various PDPs can collaborate together in 579 order to compute inter-domain paths which satisfy a set of traffic 580 performance guarantees. 582 4.4. Simplicity And Adaptability Vs. Complexity 584 The meta functional domains introduced in Section 2.4 assume the 585 introduction of a high level of automation, from service negotiation 586 to delivery and operation. Automation is the key to simplicity, but 587 must not be seen as a magic button that would be hit by a network 588 administrator whenever a customer request has to be processed or 589 additional resources need to be allocated. 591 The need for simplicity and adaptability thanks to automated 592 procedures generally assumes some complexity that lies beneath 593 automation. 595 4.5. Performance And Scalability 597 The combination of flexibility with software inevitably raises 598 performance and scalability issues as a function of the number and 599 the nature of the services to be delivered and their associated 600 dynamics. 602 For example: while the deployment of a network solely composed of 603 OpenFlow switches within a data center environment is unlikely to 604 raise FIB scalability issues given the current state-of-the-art, data 605 center networking that relies upon complex, possibly IP-based, QoS- 606 inferred, interconnect design schemes meant to dynamically manage the 607 mobility of Virtual Machines between sites is certainly of another 608 scale. 610 The claimed flexibility of SDN networking in the latter context will 611 have to be carefully investigated by operators. 613 4.6. Risk Assessement 615 Various risks are to be assessed such as: 617 o Evaluating the risk of depending on a controller technology rather 618 than a device technology. 619 o Evaluating the risk of operating frozen architectures because of 620 potential interoperability issues between a controller and a 621 controlled device. 622 o Assessing whether SDN-labeled solutions are likely to obsolete 623 existing technologies because of hardware limitations. 624 o Etc. 626 4.7. On Security 628 Security has to be a first-class part of any SDN design, thus giving 629 both network and applications people the control to ensure that the 630 other has access to the info and controls that they need (but no 631 more), and to ensure that they are properly safeguarded against 632 taking actions that will adversely affect the network or application 633 as a whole [I-D.hartman-sdnsec-requirements]. 635 Likewise, PEP-PDP interactions suggest the need to make sure that (1) 636 A PDP is entitled to solicit PEPs so that they can apply the 637 decisions made by the said PDP, (2) A PEP is entitled to solicit a 638 PDP for whatever reason (request for additional configuration 639 information, notification about the results of a set of configuration 640 tasks, etc.), and (3) communication between PDPs within a domain or 641 between domains is properly secured (e.g., make sure a pair of PDPs 642 are entitled to communicate with each other, make sure the 643 confidentiality of the information exchanged between two PDPs can be 644 preserved, etc.). 646 5. IANA Considerations 648 This document does not require any action from IANA. 650 6. Security Considerations 652 This document does not define any protocol nor architecture. 654 7. Acknowledgements 656 Many thanks to A. Farrel, W. George, J. Halpern, D. King, J. H. 657 Salim, and T. Tsou for their comments. Special thanks to P. 658 Georgatos for the fruitful discussions on SDNi (SDN Interconnection) 659 in particular. 661 8. Informative References 663 [I-D.boucadair-connectivity-provisioning-profile] 664 Boucadair, M., Jacquenet, C., and N. Wang, "IP/MPLS 665 Connectivity Provisioning Profile", draft-boucadair- 666 connectivity-provisioning-profile-02 (work in progress), 667 September 2012. 669 [I-D.boucadair-connectivity-provisioning-protocol] 670 Boucadair, M. and C. Jacquenet, "Connectivity Provisioning 671 Negotiation Protocol (CPNP)", draft-boucadair- 672 connectivity-provisioning-protocol-00 (work in progress), 673 May 2013. 675 [I-D.boucadair-network-automation-requirements] 676 Boucadair, M. and C. Jacquenet, "Requirements for 677 Automated (Configuration) Management", draft-boucadair- 678 network-automation-requirements-01 (work in progress), 679 June 2013. 681 [I-D.hartman-sdnsec-requirements] 682 Hartman, S. and D. Zhang, "Security Requirements in the 683 Software Defined Networking Model", draft-hartman-sdnsec- 684 requirements-01 (work in progress), April 2013. 686 [I-D.ietf-idr-ls-distribution] 687 Gredler, H., Medved, J., Previdi, S., Farrel, A., and S. 688 Ray, "North-Bound Distribution of Link-State and TE 689 Information using BGP", draft-ietf-idr-ls-distribution-03 690 (work in progress), May 2013. 692 [I-D.ietf-idr-sla-exchange] 693 Shah, S., Patel, K., Bajaj, S., Tomotaki, L., and M. 694 Boucadair, "Inter-domain SLA Exchange", draft-ietf-idr- 695 sla-exchange-01 (work in progress), June 2013. 697 [RFC1383] Huitema, C., "An Experiment in DNS Based IP Routing", RFC 698 1383, December 1992. 700 [RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., 701 Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra, 702 "Routing Policy Specification Language (RPSL)", RFC 2622, 703 June 1999. 705 [RFC2753] Yavatkar, R., Pendarakis, D., and R. Guerin, "A Framework 706 for Policy-based Admission Control", RFC 2753, January 707 2000. 709 [RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, 710 K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A. 711 Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC 712 3084, March 2001. 714 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation 715 Element (PCE)-Based Architecture", RFC 4655, August 2006. 717 [RFC5440] Vasseur, JP. and JL. Le Roux, "Path Computation Element 718 (PCE) Communication Protocol (PCEP)", RFC 5440, March 719 2009. 721 [RFC5810] Doria, A., Hadi Salim, J., Haas, R., Khosravi, H., Wang, 722 W., Dong, L., Gopal, R., and J. Halpern, "Forwarding and 723 Control Element Separation (ForCES) Protocol 724 Specification", RFC 5810, March 2010. 726 [RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control 727 Element Separation (ForCES) Forwarding Element Model", RFC 728 5812, March 2010. 730 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 731 Bierman, "Network Configuration Protocol (NETCONF)", RFC 732 6241, June 2011. 734 Authors' Addresses 736 Mohamed Boucadair 737 France Telecom 738 Rennes 35000 739 France 741 Email: mohamed.boucadair@orange.com 743 Christian Jacquenet 744 France Telecom 745 Rennes 746 France 748 Email: christian.jacquenet@orange.com