idnits 2.17.1 draft-wt-dmm-deployment-models-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 3, 2016) is 2944 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'MN' is mentioned on line 426, but not defined == Outdated reference: A later version (-14) exists of draft-ietf-dmm-fpc-cpdp-03 == Outdated reference: A later version (-28) exists of draft-ietf-sfc-nsh-04 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMM WG S. Gundavelli 3 Internet-Draft Cisco 4 Intended status: Informational April 3, 2016 5 Expires: October 5, 2016 7 DMM Deployment Models and Architectural Considerations 8 draft-wt-dmm-deployment-models-00.txt 10 Abstract 12 This document identifies the deployment models for Distributed 13 Mobility Management architecture. 15 Status of this Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at http://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on October 5, 2016. 32 Copyright Notice 34 Copyright (c) 2016 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 50 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 51 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 52 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 53 3. DMM Architectural Overview . . . . . . . . . . . . . . . . . . 4 54 3.1. DMM Service Primitives . . . . . . . . . . . . . . . . . . 4 55 3.2. DMM Functions and Interfaces . . . . . . . . . . . . . . . 5 56 3.2.1. Home Control-Plane Anchor (H-CPA): . . . . . . . . . . 5 57 3.2.2. Home Data-Plane Anchor (H-DPA): . . . . . . . . . . . 6 58 3.2.3. Access Control Plane Node (Access-CPN) . . . . . . . . 6 59 3.2.4. Access Data Plane Node (Access-DPN) . . . . . . . . . 6 60 3.2.5. DMM Function Mapping to other Architectures . . . . . 6 61 4. Deployment Models . . . . . . . . . . . . . . . . . . . . . . 7 62 4.1. Model-1: Split Home Anchor Mode . . . . . . . . . . . . . 7 63 4.2. Model-2: Seperated Control and User Plane Mode . . . . . . 8 64 4.3. Model-3: Centralized Control Plane Mode . . . . . . . . . 9 65 4.4. Model-4: Data Plane Abstraction Mode . . . . . . . . . . . 10 66 4.5. On-Demand Control Plane Orchestration Mode . . . . . . . . 11 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 69 7. Work Team . . . . . . . . . . . . . . . . . . . . . . . . . . 13 70 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 72 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 73 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 74 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 76 1. Overview 78 One of the key aspects of the Distributed Mobility Management (DMM) 79 architecture is the separation of control plane (CP) and data plane 80 (DP) functions of a network element. While data plane elements 81 continue to reside on customized networking hardware, the control 82 plane resides as a software element in the cloud. This is usually 83 referred to as CP-DP separation and is the basis for the IETF's DMM 84 Architecture. This approach of centralized control plane and 85 distributed data plane allows elastic scaling of control plane and 86 efficient use of common data plane that is agnostic to access 87 architectures. 89 This document identifies the functions in the DMM architecture and 90 the supported deployment models. 92 2. Conventions and Terminology 94 2.1. Conventions 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 98 document are to be interpreted as described in RFC 2119 [RFC2119]. 100 2.2. Terminology 102 All the mobility related terms are to interpreted as defined in 103 [RFC6275], [RFC5213], [RFC5844], [RFC7333], [RFC7429], 104 [I-D.ietf-sfc-nsh] and [I-D.ietf-dmm-fpc-cpdp]. Additionally, this 105 document uses the following terms: 107 Home Control-Plane Anchor (H-CPA) 109 The Home-CPA function hosts the mobile node's mobility session. 110 There can be more than one mobility session for a mobile node [MN] 111 and those sessions may be anchored on the same or different Home- 112 CPA's. The home-CPA will interface with the home-dpa for managing 113 the forwarding state. 115 Home Data Plane Anchor (Home-DPA) 117 The Home-DPA is the topological anchor for the mobile node's IP 118 address/prefix(es). The Home-DPA is chosen by the Home-CPA on a 119 session-basis. The Home-DPA is in the forwarding path for all the 120 mobile node's IP traffic. 122 Access Control Plane Node (Access-CPN) 123 The Access-CPN is responsible for interfacing with the mobile 124 node's Home-CPA and with the Access-DPN. The Access-CPN has a 125 protocol interface to the Home-CPA. 127 Access Data Plane Node (Access-DPN) 129 The Access-DPN function is hosted on the first-hop router where 130 the mobile node is attached. This function is not hosted on a 131 layer-2 bridging device such as a eNode(B) or Access Point. 133 3. DMM Architectural Overview 135 Following are the key goals of the Distributed Mobility Management 136 architecture. 138 1. Separation of control and data Plane 140 2. Aggregation of control plane for elastic scaling 142 3. Distribution of the data plane for efficient network usage 144 4. Elimination of mobility state from the data plane 146 5. Dynamic selection of control and data plane nodes 148 6. Enabling the mobile node with network properties 150 7. Relocation of anchor functions for efficient network usage 152 3.1. DMM Service Primitives 154 The functions in the DMM architecture support a set of service 155 primitives. Each of these service primitives identifies a specific 156 service capability with the exact service definition. The functions 157 in the DMM architecture are required to support a specific set of 158 service primitives that are mandatory for that service function. Not 159 all service primitives are applicable to all DMM functions. The 160 below table identifies the service primitives that each of the DMM 161 function SHOULD support. The marking "X" indicates the service 162 primitive on that row needs to be supported by the identified DMM 163 function on the corresponding column; for example, the IP address 164 management must be supported by Home-CPA function. 166 +=================+=======+=======+=======+=======+=======+=======+ 167 | Service | H-CPA | H-DPA | A-CPN | A-DPN | MC | RC | 168 | Primitive | | | | | | | 169 +=================+=======+=======+=======+=======+=======+=======+ 170 | IP Management | X | | | | X | | 171 +-----------------+-------+-------+-------+-------+-------+-------+ 172 | IP Anchoring | | X | | | | | 173 +-----------------+-------+-------+-------+-------+-------+-------+ 174 | MN Detect | | | X | X | | | 175 +-----------------+-------+-------+-------+-------+-------+-------+ 176 | Routing | | X | | X | | | 177 +-----------------+-------+-------+-------+-------+-------+-------+ 178 | Tunneling | | X | | X | | | 179 +-----------------+-------+-------+-------+-------+-------+-------+ 180 | QoS Enforcement | | X | | X | | | 181 +-----------------+-------+-------+-------+-------+-------+-------+ 182 | FPC Client | X | | X | | X | | 183 +-----------------+-------+-------+-------+-------+-------+-------+ 184 | FPC Agent | | X | | X | | X | 185 +-----------------+-------+-------+-------+-------+-------+-------+ 186 | NSH Classifier | | X | | X | | | 187 +-----------------+-------+-------+-------+-------+-------+-------+ 189 Figure 1: Mapping of DMM functions 191 3.2. DMM Functions and Interfaces 193 3.2.1. Home Control-Plane Anchor (H-CPA): 195 The Home-CPA function hosts the mobile node's mobility session. 196 There can be more than one mobility session for a mobile node and 197 those sessions may be anchored on the same or different Home-CPA's. 198 The home-CPA will interface with the homd-dpa for managing the 199 forwarding state. 201 There can be more than one Home-CPA serving the same mobile node at a 202 given point of time, each hosting a different control plane session. 204 The Home-CPA is responsible for life cycle management of the session, 205 interfacing with the policy infrastructure, policy control and 206 interfacing with the Home-DPA functions. 208 The Home-CPA function typically stays on the same node. In some 209 special use-cases (Ex: Geo-Redundancy), the session may be migrated 210 to a different node and with the new node assuming the Home-CPA role 211 for that session. 213 3.2.2. Home Data-Plane Anchor (H-DPA): 215 The Home-DPA is the topological anchor for the mobile node's IP 216 address/prefix(es). The Home-DPA is chosen by the Home-CPA/MC on a 217 session-basis. The Home-DPA is in the forwarding path for all the 218 mobile node's IP traffic. 220 As the mobile node roams in the mobile network, the mobile node's 221 access-DPN may change, however, the Home-DPA does not change, unless 222 the session is migrated to a new node. 224 The Home-DPA interfaces with the Home-CPA/MC for all IP forwarding 225 and QoS rules enforcement. 227 The Home-DPA and the Access-DPN functions may be collocated on the 228 same node. 230 3.2.3. Access Control Plane Node (Access-CPN) 232 The Access-CPN is responsible for interfacing with the mobile node's 233 Home-CPA and with the Access-DPN. The Access-CPN has a protocol 234 interface to the Home-CPA. 236 The Access-CPN is responsible for the mobile node's Home-CPA 237 selection based on: Mobile Node's Attach Preferences, Access and 238 Subscription Policy, Topological Proximity and Other Considerations. 240 The Access-CPN function is responsible for MN's service 241 authorization. It will interface with the access network 242 authorization functions. 244 3.2.4. Access Data Plane Node (Access-DPN) 246 The Access-DPN function is hosted on the first-hop router where the 247 mobile node is attached. This function is not hosted on a layer-2 248 bridging device such as a eNode(B) or Access Point. 250 The Access-DPA will have a protocol interface to the Access-CPA. 252 The Access-DPN and the Home-DPA functions may be collocated on the 253 same node. 255 3.2.5. DMM Function Mapping to other Architectures 257 Following table identifies the potential mapping of DMM functions to 258 protocol functions in other system architectures. 260 +===========+==========+==========+==========+==========+==========+ 261 | FUNCTION | PMIPv6 | MIPv6 | IPsec | 3GPP | Broadband| 262 +===========+==========+==========+==========+==========+==========+ 263 | Home-CPA | LMA-CPA | HA-CPA | IKE-CPA | PGW-CPA | BNG-CPA | 264 +-----------+----------+----------+----------+----------+----------+ 265 | Home-DPA | LMA-DPA | HA-DPA | IKE-DPA | PGW-DPA | BNG-DPA | 266 +-----------+----------+----------+----------+----------+----------+ 267 |Access-CPN | MAG-CPN | - | - | SGW-CPN | RG-CPN | 268 +-----------+----------+----------+----------+----------+----------+ 269 |Access-DPN | MAG-DPN | - | - | SGW-DPN | RG-DPN | 270 +-----------+----------+----------+----------+----------+----------+ 272 Figure 2: Mapping of DMM functions 274 4. Deployment Models 276 This section identifies the key deployment models for the DMM 277 architecture. 279 4.1. Model-1: Split Home Anchor Mode 281 In this model, the control and the data plane functions of the home 282 anchor are separated and deployed on different nodes. The control 283 plane function of the Home anchor is handled by the Home-CPA and 284 where as the data plane function is handled by the Home-DPA. In this 285 model, the access node operates in the legacy mode with the 286 integrated control and user plane functions. 288 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 289 control plane functions to interact with the data plane for the 290 subscriber's forwarding state management. 292 +============+ 293 | Policy | 294 . . . . . . .| Function |. . . . . . . 295 . +============+ . 296 . . 297 . . 298 +============+ {PMIPv6/GTP} +============+ 299 | |- - - - - - - - - - - - -| Home-CPA | 300 | | +============+ 301 | | . 302 | | . FPC 303 | Access Node| . 304 | | . 305 | (CPN + DPN)| . 306 | | +============+ 307 | Legacy |. . . . . . . . . . . . .| Home-DPA | 308 +============+ UP {Tunnel/Route} +============+ 309 . 310 . 311 [MN] 313 Figure 3: Split Home Anchor Mode 315 4.2. Model-2: Seperated Control and User Plane Mode 317 In this model, the control and the data plane functions on both the 318 home anchor and the access node are seperated and deployed on 319 different nodes. The control plane function of the Home anchor is 320 handled by the Home-CPA and where as the data plane function is 321 handled by the Home-DPA. The control plane function of the access 322 node is handled by the Access-CPN and where as the data plane 323 function is handled by the Access-DPN. 325 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 326 control plane functions of the home and access nodes to interact with 327 the respective data plane functions for the subscriber's forwarding 328 state management. 330 +============+ 331 | Policy | 332 . . . . . . .| Function |. . . . . . . 333 . +============+ . 334 . . 335 . . 336 . . 337 . . 338 +============+ {PMIPv6/GTP} +============+ 339 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 340 +============+ +============+ 341 . . 342 . FPC . FPC 343 . . 344 . . 345 . . 346 +============+ +============+ 347 | Access-DPN |. . . . . . . . . . . | Home-DPA | 348 +============+ UP {Tunnel/Route} +============+ 349 . 350 . 351 [MN] 353 Figure 4: Seperated Control and User Plane Mode 355 4.3. Model-3: Centralized Control Plane Mode 357 In this model, the control-plane functions of the home and the access 358 nodes are collapsed. This is a flat architecture with no signaling 359 protocol between the access node and home anchors. The interface 360 between the Home-CPA and the Access-DPN is internal to the system. 362 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the 363 mobility controller to interact with the respective data plane 364 functions for the subscriber's forwarding state management. 366 +=======================+ +============+ 367 | Home-CPA + Access-CPN | | Policy | 368 | |-----| Function | 369 +=======================+ +============+ 370 . 371 . . 372 . . 373 FPC . . FPC 374 . . 375 . . 376 +============+ +============+ 377 | Access-DPN |. . . . . . . . . .| Home-DPA | 378 +============+ UP {Tunnel/Route} +============+ 379 . 380 . 381 [MN] 383 Figure 5: Centralized Control Plane Mode 385 4.4. Model-4: Data Plane Abstraction Mode 387 In this model, the data plane network is completely abstracted from 388 the control plane. There is a new network element, Routing 389 Controller which abstracts the entire data plane network and offers 390 data plane services to the control plane functions. The control 391 plane functions, Home-CPA and the Access-CPN interface with the 392 Routing Controller for the forwarding state management. 394 The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the Home- 395 CPA and Access-CPN functions to interface with the Routing Controller 396 for subscriber's forwarding state management. 398 +============+ 399 | Policy | 400 . . . . . . .| Function |. . . . . . . 401 . +============+ . 402 . . 403 . . 404 . . 405 +============+ {PMIPv6/GTP} +============+ 406 | Access-CPN |- - - - - - - - - - - - | Home-CPA | 407 +============+ +============+ 408 . . 409 . . 410 . . 411 . +============+ . 412 . . . . . . | Routing | . . . . . . . 413 | Controller | 414 +============+ 415 . 416 . . 417 . . BGP/Others 418 . . 419 . . 420 . . 421 +============+ +============+ 422 | Access-DPN |. . . . . . . . . .| Home-DPA | 423 +============+ UP {Tunnel/Route} +============+ 424 . 425 . 426 [MN] 428 Figure 6: Data Plane Abstraction Mode 430 4.5. On-Demand Control Plane Orchestration Mode 432 In this model, there is a new function Mobility Controller which 433 manages the orchestration of Access-CPN and Home-CPA functions. The 434 Mobility Controller allocates the Home-CPA and Access-DPN 435 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 436 | +----------+ +----------+ +----------+ | 437 |Access-CPN| |Access-CPN| |Access-CPN| 438 | +----------+ +----------+ +----------+ | 440 | +----------+ +----------+ +----------+ | 441 | Home-CPA | | Home-CPA | | Home-CPA | 442 | +----------+ +----------+ +----------+ | 443 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 444 . . 445 . . 446 . . 447 . +============+ +============+ 448 . | Mobility | | Policy | 449 . | Controller |-----| Function | 450 . +============+ +============+ 451 . 452 . 453 . 454 . +============+ 455 . . . . . .| Routing | 456 | Controller | 457 +============+ 458 . 459 . 460 . 461 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 462 | +----------+ +----------+ +----------+ | 463 |Access-DPN| |Access-DPN| |Access-DPN| 464 | +----------+ +----------+ +----------+ | 466 | +----------+ +----------+ +----------+ | 467 | Home-DPA | | Home-DPA | | Home-DPA | 468 | +----------+ +----------+ +----------+ | 469 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ 471 Figure 7: On-Demand CP Orchestration Mode 473 5. IANA Considerations 475 This document does not require any IANA actions. 477 6. Security Considerations 479 The control-plane messages exchanged between a Home-CPA and the Home- 480 DPA must be protected using end-to-end security associations with 481 data-integrity and data-origination capabilities. 483 IPsec ESP in transport mode with mandatory integrity protection 484 should be used for protecting the signaling messages. IKEv2 should 485 be used to set up security associations between the Home-CPA and 486 Home-DPA. 488 There are no additional security considerations other than what is 489 presented in the document. 491 7. Work Team 493 This document reflects contributions from the following work team 494 members: 496 Seil Jeon 498 seiljeon@av.it.pt 500 Younghan Kim 502 younghak@ssu.ac.kr 504 Vic Liu 506 liuzhiheng@chinamobile.com 508 Danny S Moses 510 danny.moses@intel.com 512 Marco Liebsch 514 liebsch@neclab.eu 516 Carlos Jesus Bernardos Cano 518 cjbc@it.uc3m.es 520 8. Acknowledgements 522 This document is a result of DMM WT#4 team discussions and ideas 523 taken from several DMM WG presentations and documents including, 524 draft-sijeon-dmm-deployment-models, draft-liu-dmm-deployment-scenario 525 and others. The work teams would like to thank the authors of these 526 documents and additionally the discussions in DMM Working group that 527 helped shape this document. 529 9. References 531 9.1. Normative References 533 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 534 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 535 RFC2119, March 1997, 536 . 538 9.2. Informative References 540 [I-D.ietf-dmm-fpc-cpdp] 541 Liebsch, M., Matsushima, S., Gundavelli, S., Moses, D., 542 and L. Bertz, "Protocol for Forwarding Policy 543 Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-03 544 (work in progress), March 2016. 546 [I-D.ietf-sfc-nsh] 547 Quinn, P. and U. Elzur, "Network Service Header", 548 draft-ietf-sfc-nsh-04 (work in progress), March 2016. 550 [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., 551 Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", 552 RFC 5213, DOI 10.17487/RFC5213, August 2008, 553 . 555 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 556 Mobile IPv6", RFC 5844, DOI 10.17487/RFC5844, May 2010, 557 . 559 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 560 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, 561 July 2011, . 563 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. 564 Korhonen, "Requirements for Distributed Mobility 565 Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, 566 . 568 [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and 569 CJ. Bernardos, "Distributed Mobility Management: Current 570 Practices and Gap Analysis", RFC 7429, DOI 10.17487/ 571 RFC7429, January 2015, 572 . 574 Author's Address 576 Sri Gundavelli 577 Cisco 578 170 West Tasman Drive 579 San Jose, CA 95134 580 USA 582 Email: sgundave@cisco.com