idnits 2.17.1 draft-zhou-nmrg-digitaltwin-network-concepts-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (2 December 2021) is 866 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-09) exists of draft-irtf-nmrg-ibn-concepts-definitions-05 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Research Task Force C. Zhou 3 Internet-Draft H. Yang 4 Intended status: Informational X. Duan 5 Expires: 5 June 2022 China Mobile 6 D. Lopez 7 A. Pastor 8 Telefonica I+D 9 Q. Wu 10 Huawei 11 M. Boucadair 12 C. Jacquenet 13 Orange 14 2 December 2021 16 Digital Twin Network: Concepts and Reference Architecture 17 draft-zhou-nmrg-digitaltwin-network-concepts-06 19 Abstract 21 Digital Twin technology has been seen as a rapid adoption technology 22 in Industry 4.0. The application of Digital Twin technology in the 23 networking field is meant to realize efficient and intelligent 24 management and accelerate network innovation. 26 This document presents an overview of the concepts of Digital Twin 27 Network, provides the basic definitions and a reference architecture, 28 lists a set of application scenarios, and discusses the benefits and 29 key challenges of such technology. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on 5 June 2022. 48 Copyright Notice 50 Copyright (c) 2021 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 55 license-info) in effect on the date of publication of this document. 56 Please review these documents carefully, as they describe your rights 57 and restrictions with respect to this document. Code Components 58 extracted from this document must include Revised BSD License text as 59 described in Section 4.e of the Trust Legal Provisions and are 60 provided without warranty as described in the Revised BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 66 3. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 4 67 4. Definition of Digital Twin Network . . . . . . . . . . . . . 4 68 5. Expected Benefits of Digital Twin Network . . . . . . . . . . 6 69 5.1. Optimized Network Total Cost of Operation . . . . . . . . 7 70 5.2. Optimized Decision Making . . . . . . . . . . . . . . . . 7 71 5.3. Safer Assessment of Innovative Network Capabilities . . . 7 72 5.4. Privacy and Regulatory Compliance . . . . . . . . . . . . 8 73 5.5. Customized Network Operation Training . . . . . . . . . . 8 74 6. A Reference Architecture of Digital Twin Network . . . . . . 8 75 7. Challenges to Build Digital Twin Network . . . . . . . . . . 11 76 8. Interaction with IBN . . . . . . . . . . . . . . . . . . . . 12 77 9. Sample Application Scenarios . . . . . . . . . . . . . . . . 12 78 9.1. Human Training . . . . . . . . . . . . . . . . . . . . . 13 79 9.2. ML Training . . . . . . . . . . . . . . . . . . . . . . . 13 80 9.3. DevOps-Oriented Certification . . . . . . . . . . . . . . 13 81 9.4. Network Fuzzing . . . . . . . . . . . . . . . . . . . . . 14 82 10. Research Perspectives: A Summary . . . . . . . . . . . . . . 14 83 11. Security Considerations . . . . . . . . . . . . . . . . . . . 14 84 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 85 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 86 14. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 15 87 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 88 15.1. Normative References . . . . . . . . . . . . . . . . . . 15 89 15.2. Informative References . . . . . . . . . . . . . . . . . 15 90 Appendix A. Change Logs . . . . . . . . . . . . . . . . . . . . 16 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 93 1. Introduction 95 The fast growing of network scale and the increased demand placed on 96 these networks, requires them to accommodate and adapt dynamically to 97 customer needs, implying a big challenge to network operators. 98 Indeed, network operation and maintenance are becoming more complex 99 due to higher complexity of the managed networks and the 100 sophisticated services they are delivering. As such, providing 101 innovations on network technologies, management and operation will be 102 more and more challenging due to the high risk of interfering with 103 existing services and the higher trial costs if no reliable emulation 104 platforms are available. 106 A Digital Twin is the real-time representation of a physical entity 107 in the digital world. It has the characteristics of virtual-reality 108 interrelation and real-time interaction, iterative operation and 109 process optimization, full life-cycle and full business data-driven. 110 So far, this paradigm has been successfully applied in the fields of 111 intelligent manufacturing, smart city, or complex system operation 112 and maintenance to help with not only object design and testing, but 113 also management aspects [Tao2019]. See more in Section 4. 115 A digital twin network platform can be built by applying Digital Twin 116 technologies to networks and creating a virtual image of physical 117 network facilities (called herein, emulation). Basically, the 118 digital twin network is an expansion platform of network simulation. 119 The main difference compared to traditional network management system 120 is the use of interactive virtual-real mapping to build closed-loop 121 network automation. Through the real-time data interaction between 122 the physical network and its twin network(s), the digital twin 123 network platform might help the network designers to achieve more 124 simplification, automatic, resilient, and full life-cycle operation 125 and maintenance. 127 Having an emulation platform that allows to reliably represent the 128 state of a network is more dependable than a simulation platform. 129 The emulated platform can, thus, be used to assess specific behaviors 130 (including network transformation) before actual implementation in 131 the physical network, tweak the network for better optimized 132 behavior, run 'what-if' scenarios that cannot be tested and evaluated 133 easily in the physical network. Service impact analysis tasks will 134 also be facilitated. 136 2. Requirements Language 138 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 139 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 140 "OPTIONAL" in this document are to be interpreted as described in BCP 141 14 [RFC2119][RFC8174] when, and only when, they appear in all 142 capitals, as shown here. 144 3. Definitions and Acronyms 146 PLM: Product Lifecycle Management 148 IBN: Intent-Based Networking 150 AI: Artificial Intelligence 152 ML: Machine Learning 154 OAM: Operations, Administration, and Maintenance 156 CI/CD: Continuous Integration / Continuous Delivery 158 4. Definition of Digital Twin Network 160 The concept of a virtual equivalent to a physical product or the 161 digital twin was first introduced in the Product Lifecycle Management 162 (PLM) course in 2003 by Scholar Michael Grieves [Grieves2014]. It 163 has been since then widely acknowledged in both industry and academic 164 publications. And some researchers have also tried to apply the 165 concept of digital twin to the networking field, such as [Dong2019], 166 [Dai2020] and [Nguyen2021]. So far, there is no standard definition 167 of "digital twin network" within the networking industry and SDOs. 169 This document defines digital twin network as a virtual 170 representation of the physical network. Such virtual representation 171 of the network is meant to be used to analyze, diagnose, emulate, and 172 then control the physical network based on data, models, and 173 interfaces. To that aim, a real-time and interactive mapping is 174 required between the physical network and its virtual twin network. 176 As shown in Figure 1, the digital twin network involves four key 177 technology elements: data, mapping, models, and interfaces. 179 +-------------+ +--------------+ 180 | | | | 181 | Mapping | | Interface | 182 | | | | 183 +-------------+-----------------+--------------+ 184 | | 185 | Analyze, Diagnose | 186 | | 187 | +----------------------+ | 188 | | Digital Twin Network | | 189 | +----------------------+ | 190 +------------+ +------------+ 191 | | Emulate, Control | | 192 | Models | | Data | 193 | |------------------------| | 194 +------------+ +------------+ 196 Figure 1: Key Elements of Digital Twin Network 198 Data: A digital twin network should maintain historical data and/or 199 real time data (configuration data, operational state data, 200 topology data, trace data, metric data, process data, etc.) about 201 its real-world twin (i.e., physical network) that are required by 202 the models to represent and understand the states and behaviors of 203 the real-world twin. The data is characterized as the single 204 source of "truth" and populated in the data repository, which 205 provides timely and accurate data service support for building 206 various models. 208 Models: Techniques that involve collecting data from one or more 209 sources in the real-world twin and developing a comprehensive 210 representation of the data (e.g., system, entity, process) using 211 specific models. They are used as emulation and diagnosis basis 212 to provide dynamics and elements on how the live physical network 213 operates and generates reasoning data utilized for decision- 214 making. Various models such as service models, data models, 215 dataset models, or knowledge graph can be used to represent the 216 physical network assets and then instantiated to serve various 217 network applications. 219 Interfaces: Standardized interfaces can ensure the interoperability 220 of digital twin network. There are two major types of interfaces: 222 * The interface between the digital twin network platform and the 223 physical network infrastructure. 225 * The interface between digital twin network platform and 226 applications. 228 The former provides real time data collection and control on the 229 physical network. The latter helps deliver application requests 230 to the digital twin network platform and expose the various 231 platform capabilities to applications. 233 Mapping: Is used to identify the digital twin and the underlying 234 entities and establish a real-time interactive relation between 235 the physical network and the twin network or between two twin 236 networks. The mapping can be: 238 * One to one (pairing, vertical): Synchronize between a physical 239 network and its virtual twin network with continuous flows. 241 * One to many (coupling, horizontal): Synchronize among virtual 242 twin networks with occasional data exchange. 244 Such mappings provides good visibility of actual status, making 245 the digital twin suitable to analyze and understand what is going 246 on in the physical network. It also allows using the digital twin 247 to optimize the performance and maintenance of the physical 248 network. 250 The digital twin network constructed based on the four core 251 technology elements can analyze, diagnose, emulate, and control the 252 physical network in its whole life cycle with the help of 253 optimization algorithms, management methods, and expert knowledge. 254 One of the objectives of such control is to master the digital twin 255 network environment and its elements to derive the required system 256 behavior, e.g., provide: 258 * repeatability: that is the capacity to replicate network 259 conditions on-demand. 261 * reproducibility: i.e., the ability to replay successions of 262 events, possibly under controlled variations. 264 5. Expected Benefits of Digital Twin Network 266 Digital twin network can help enabling closed-loop network management 267 across the entire lifecycle, from deployment and emulation, to 268 visualized assessment, physical deployment, and continuous 269 verification. By doing so, network operators (and end-users to some 270 extent, as allowed by specific application interfaces) can maintain a 271 global, systemic, and consistent view of the network. Also, network 272 operators can safely exercise the enforcement of network planning 273 policies, deployment procedures, etc., without jeopardizing the daily 274 operation of the physical network. 276 The benefits of digital twin network can be categorized as follows: 277 lower cost of network, optimized and safer decision-making, safer 278 testing of innovative network capabilities (including "what-if" 279 scenarios), privacy and regulatory compliance, and customized network 280 operation training. The following subsections further elaborate on 281 such benefits. 283 5.1. Optimized Network Total Cost of Operation 285 Large scale networks are complex to operate. Since there is no 286 effective platform for simulation, network optimization designs have 287 to be tested on the physical network at the cost of jeopardizing its 288 daily operation and possibly degrading the quality of the services 289 supported by the network. Such assessment greatly increases network 290 operator's Operational Expenditure (OPEX) budgets too. 292 With a digital twin network platform, network operators can safely 293 emulate candidate optimization solutions before deploying them in the 294 physical network. In addition, operator's OPEX on the real physical 295 network deployment will be greatly decreased accordingly at the cost 296 of the complexity of the assessment and the resources involved. 298 5.2. Optimized Decision Making 300 Traditional network operation and management mainly focus on 301 deploying and managing running services, but hardly support 302 predictive maintenance techniques. 304 Digital twin network can combine data acquisition, big data 305 processing, and AI modeling to assess the status of the network, but 306 also to predict future trends, and better organize predictive 307 maintenance. The ability to reproduce network behaviors under 308 various conditions facilitates the corresponding assessment of the 309 various evolution options as often as required. 311 5.3. Safer Assessment of Innovative Network Capabilities 313 Testing a new feature in an operational network is not only complex, 314 but also extremely risky. Service impact analysis is required to be 315 adequately achieved prior to effective activation of a new feature. 317 Digital twin network can greatly help assessing innovative network 318 capabilities without jeopardizing the daily operation of the physical 319 network. In addition, it helps researchers to explore network 320 innovation (e.g., new network protocols, network AI/ML applications) 321 efficiently, and network operators to deploy new technologies quickly 322 with lower risks. Take AI/ ML application as example, it is a 323 conflict between the continuous high reliability requirement (i.e., 324 99.999%) and the slow learning speed or phase-in learning steps of 325 AI/ML algorithms. With digital twin network, AI/ML can complete the 326 learning and training with the sufficient data before deploying the 327 model in the real network. This would encourage more network AI 328 innovations in future networks. 330 5.4. Privacy and Regulatory Compliance 332 The requirements on data confidentiality and privacy on network 333 providers increase the complexity of network management, as decisions 334 made by computation logics such as an SDN controller may rely upon 335 the packet payloads. As a result, the improvement of data-driven 336 management requires complementary techniques that can provide a 337 strict control based upon security mechanisms to guarantee data 338 privacy protection and regulatory compliance. This may range from 339 flow identification (using the archetypal five-tuple of addresses, 340 ports and protocol) to techniques requiring some degree of payload 341 inspection, all of them considered suitable to be associated to an 342 individual person, and hence requiring strong protection and/or data 343 anonymization mechanisms. 345 With strong modeling capability provided by the digital twin network, 346 very limited real data (if at all) will be needed to achieve similar 347 or even higher level of data-driven intelligent analysis. This way, 348 a lower demand of sensitive data will permit to satisfy privacy 349 requirements and simplify the use of privacy-preserving techniques 350 for data-driven operation. 352 5.5. Customized Network Operation Training 354 Network architectures can be complex, and their operation requires 355 expert personnel. Digital twin network offers an opportunity to 356 train staff for customized networks and specific user needs. Two 357 salient examples are the application of new network architectures and 358 protocols or the use of "cyber-ranges" to train security experts in 359 threat detection and mitigation. 361 6. A Reference Architecture of Digital Twin Network 363 Based on the definition of the key digital twin network technology 364 elements introduced in Section 4, a digital twin network architecture 365 is depicted in Figure 2. This digital twin network architecture is 366 broken down into three layers: Application Layer, Digital Twin Layer, 367 and Physical Network Layer. 369 +---------------------------------------------------------+ 370 | +-------+ +-------+ +-------+ | 371 | | App 1 | | App 2 | ... | App n | Application| 372 | +-------+ +-------+ +-------+ | 373 +-------------^-------------------+-----------------------+ 374 |Capability Exposure| Intent Input 375 | | 376 +-------------+-------------------v-----------------------+ 377 | Instance of Digital Twin Network | 378 | +--------+ +------------------------+ +--------+ | 379 | | | | Service Mapping Models | | | | 380 | | | | +------------------+ | | | | 381 | | Data +---> |Functional Models | +---> Digital| | 382 | | Repo- | | +-----+-----^------+ | | Twin | | 383 | | sitory | | | | | | Entity | | 384 | | | | +-----v-----+------+ | | Mgmt | | 385 | | <---+ | Basic Models | <---+ | | 386 | | | | +------------------+ | | | | 387 | +--------+ +------------------------+ +--------+ | 388 +--------^----------------------------+-------------------+ 389 | | 390 | data collection | control 391 +--------+----------------------------v-------------------+ 392 | Physical Network | 393 | | 394 +---------------------------------------------------------+ 396 Figure 2: Reference Architecture of Digital Twin Network 398 1. Physical Network: All or subset of network elements in the 399 physical network exchange massive network data and control with a 400 network digital twin instance, through twin-physical control 401 interfaces. The physical network can be a mobile access network, 402 a transport network, a mobile core, a backbone, etc. The 403 physical network can also be a data center network, a campus 404 enterprise network, an industrial Internet of Things, etc. Also, 405 the physical network can span across a single network 406 administrative domain or multiple network administrative domains. 408 2. Digital Twin Layer: This layer includes three key subsystems: 409 Data Repository subsystem, Service Mapping Models subsystem, and 410 Digital Twin Entity Management subsystem. One or multiple 411 digital twin network instances can be built and maintained. 413 * Data Repository subsystem is responsible for collecting and 414 storing various network data for building various models by 415 collecting and updating the real-time operational data of 416 various network elements through the twin southbound 417 interface, and providing data services (e.g., fast retrieval, 418 concurrent conflict handling, batch service) and unified 419 interfaces to Service Mapping Models subsystem. 421 * Service Mapping Models complete data modeling, provide data 422 model instances for various network applications, and 423 maximizes the agility and programmability of network services. 424 The data models include two major types: basic and functional 425 models. 427 - Basic models refer to the network element model(s) and 428 network topology model(s) of the network digital twin based 429 on the basic configuration, environment information, 430 operational state, link topology and other information of 431 the network element(s), to complete the real-time accurate 432 characterization of the physical network. 434 - Functional models refer to various data models used for 435 network analysis, emulation, diagnosis, prediction, 436 assurance, etc. The functional models can be constructed 437 and expanded by multiple dimensions: by network type, there 438 can be models serving for a single or multiple network 439 domains; by function type, it can be divided into state 440 monitoring, traffic analysis, security exercise, fault 441 diagnosis, quality assurance and other models; by network 442 lifecycle management, it can be divided into planning, 443 construction, maintenance, optimization and operation. 444 Functional models can also be divided into general models 445 and special-purpose models. Specifically, multiple 446 dimensions can be combined to create a data model for more 447 specific application scenarios. 449 New applications might need new functional models that do 450 not exist yet. If a new model is needed, 'Service Mapping 451 Models' subsystem will be triggered to help creating new 452 models based on data retrieved from 'Data Repository'. 454 * Digital Twin Entity Management fulfils the management function 455 of digital twin network, records the life-cycle transactions 456 of the entity, monitors the performance and resource 457 consumption of the entity or even of individual models, 458 visualizes and controls various elements of the network 459 digital twin, including topology management, model management 460 and security management. 462 Notes: 'Data collection' and 'change control' are regarded as 463 southbound interfaces between virtual and physical network. From 464 implementation perspective, they can optionally form a sub-layer 465 or sub-system to provide common functionalities of data 466 collection and change control, enabled by a specific 467 infrastructure supporting bi-directional flows and facilitating 468 data aggregation, action translation, pre-processing and 469 ontologies. 471 3. Application Layer: Various applications (e.g., Operations, 472 Administration, and Maintenance (OAM)) can effectively run over a 473 digital twin network platform to implement either conventional or 474 innovative network operations, with low cost and less service 475 impact on real networks. Network applications make requests that 476 need to be addressed by the digital twin network. Such requests 477 are exchanged through a northbound interface, so they are applied 478 by service emulation at the appropriate twin instance(s). 480 7. Challenges to Build Digital Twin Network 482 As mentioned in Section 5, digital twin network can bring many 483 benefits to network management as well as facilitate the introduction 484 of innovative network capabilities. However, building an effective 485 and efficient digital twin network system remains a challenge. The 486 following is a list of major challenges: 488 Large scale challenge: A digital twin of large-scale networks will 489 significantly increase the complexity of data acquisition and 490 storage, the design and implementation of relevant models. The 491 requirements of software and hardware of the digital twin network 492 system will be even more constraining. 494 Interoperability: It is difficult to establish a unified digital 495 twin network system with a unified data model in a network domain 496 due to the inconsistency of technical implementations and the 497 heterogeneity of vendor technologies. 499 Data modeling difficulties: Based on large-scale network data, data 500 modeling should not only focus on ensuring the accuracy of model 501 functions, but also has to consider the flexibility and 502 scalability induced by the model. Balancing these requirements 503 further increases the complexity of building efficient and 504 hierarchical functional data models. 506 Real-time requirements: For services with real-time requirements, 507 the processing of model simulation and verification through a 508 digital twin network will increase the service delay, so the 509 function and process of the data model need to be based on 510 automated processing mechanism under various network application 511 scenarios; at the same time, the real-time requirements will 512 further increase performance requirements on the system software 513 and hardware. 515 Security risks: A digital twin network has to synchronize all or 516 subset of the data related to involved physical networks in real 517 time, which inevitably augments the attack surface, with a higher 518 risk of information leakage, in particular. 520 To address these challenges, digital twin network needs continuous 521 optimization and breakthrough on key enabling technologies including 522 data acquisition, data storage, data modeling, network visualization, 523 interface standardization, and security assurance, so as to meet the 524 requirements of compatibility, reliability, real-time, and security. 526 8. Interaction with IBN 528 Implementing Intent-Based Networking (IBN) is an innovative 529 technology for life-cycle network management. Future networks will 530 be possibly Intent-based, which means that users can input their 531 abstract 'intent' to the network, instead of detailed policies or 532 configurations on the network devices. 533 [I-D.irtf-nmrg-ibn-concepts-definitions] clarifies the concept of 534 "Intent" and provides an overview of IBN functionalities. The key 535 characteristic of an IBN system is that user intent can be assured 536 automatically via continuously adjusting the policies and validating 537 the real-time situation. 539 IBN can be envisaged in a digital twin network context to show how 540 digital twin network improves the efficiency of deploying network 541 innovation. To lower the impact on real networks, several rounds of 542 adjustment and validation can be emulated on the digital twin network 543 platform instead of directly on physical network. Therefore, digital 544 twin network can be an important enabler platform to implement IBN 545 systems and speed up their deployment. 547 9. Sample Application Scenarios 549 Digital twin network can be applied to solve different problems in 550 network management and operation. 552 9.1. Human Training 554 The usual approach to network OAM with procedures applied by humans 555 is open to errors in all these procedures, with impact in network 556 availability and resilience. Response procedures and actions for 557 most relevant operational requests and incidents are commonly defined 558 to reduce errors to a minimum. The progressive automation of these 559 procedures, such as predictive control or closed-loop management, 560 reduce the faults and response time, but still there is the need of a 561 human-in-the-loop for multiples actions. These processes are not 562 intuitive and require training to learn how to respond. 564 The use of digital twin network for this purpose in different network 565 management activities will improve the operators performance. One 566 common example is cybersecurity incident handling, where "cyber- 567 range" exercises are executed periodically to train security 568 practitioners. Digital twin network will offer realistic 569 environments, fitted to the real production networks. 571 9.2. ML Training 573 Machine Learning requires data and their context to be available in 574 order to apply it. A common approach in the network management 575 environment has been to simulate or import data in a specific 576 environment (the ML developer lab), where they are used to train the 577 selected model, while later, when the model is deployed in 578 production, re-train or adjust to the production environment context. 579 This demands a specific adaption period. 581 Digital twin network simplifies the complete ML lifecycle development 582 by providing a realistic environment, including network topologies, 583 to generate the data required in a well-aligned context. Dataset 584 generated belongs to the digital twin network and not to the 585 production network, allowing information access by third parties, 586 without impacting data privacy. 588 9.3. DevOps-Oriented Certification 590 The potential application of CI/CD models network management 591 operations increases the risk associated to deployment of non- 592 validated updates, what conflicts with the goal of the certification 593 requirements applied by network service providers. A solution for 594 addressing these certification requirements is to verify the specific 595 impacts of updates on service assurance and SLAs using a digital twin 596 network environment replicating the network particularities, as a 597 previous step to production release. 599 Digital twin network control functional block supports such dynamic 600 mechanisms required by DevOps procedures. 602 9.4. Network Fuzzing 604 Network management dependency on programmability increases systems 605 complexity. The behavior of new protocol stacks, API parameters, and 606 interactions among complex software components are examples that 607 imply higher risk to errors or vulnerabilities in software and 608 configuration. 610 Digital twin network allows to apply fuzzing testing techniques on a 611 twin network environment, with interactions and conditions similar to 612 the production network, permitting to identify and solve 613 vulnerabilities, bugs and zero-days attacks before production 614 delivery. 616 10. Research Perspectives: A Summary 618 Research on digital twin network has just started. This document 619 presents an overview of the digital twin network concepts and 620 reference architecture. Looking forward, further elaboration on 621 digital twin network scenarios, requirements, architecture, and key 622 enabling technologies should be investigated by the industry, so as 623 to accelerate the implementation and deployment of digital twin 624 network. 626 11. Security Considerations 628 This document describes concepts and definitions of digital twin 629 network. As such, the following security considerations remain high 630 level, i.e., in the form of principles, guidelines or requirements. 632 Security considerations of the digital twin network include: 634 * Secure the digital twin system itself. 636 * Data privacy protection. 638 Securing the digital twin network system aims at making the digital 639 twin system operationally secure by implementing security mechanisms 640 and applying security best practices. In the context of digital twin 641 network, such mechanisms and practices may consist in data 642 verification and model validation, mapping operations between 643 physical network and digital counterpart network by authenticated and 644 authorized users only. 646 Synchronizing the data between the physical and the digital twin 647 networks may increase the risk of sensitive data and information 648 leakage. Strict control and security mechanisms must be provided and 649 enabled to prevent data leaks. 651 12. Acknowledgements 653 Diego Lopez and Antonio Pastor were partly supported by the European 654 Commission under Horizon 2020 grant agreement no. 833685 (SPIDER), 655 and grant agreement no. 871808 (INSPIRE-5Gplus). 657 13. IANA Considerations 659 This document has no requests to IANA. 661 14. Open issues 663 * Investigate related digital twin network work and identify the 664 differences and commonalities, e.g., how is this concept and 665 architecture different from digital twin for industry application? 667 15. References 669 15.1. Normative References 671 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 672 Requirement Levels", BCP 14, RFC 2119, 673 DOI 10.17487/RFC2119, March 1997, 674 . 676 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 677 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 678 May 2017, . 680 15.2. Informative References 682 [Dai2020] Dai, Y. Dai., Zhang, K. Zhang., Maharjan, S. Maharjan., 683 and Yan Zhang. Zhang, "Deep Reinforcement Learning for 684 Stochastic Computation Offloading in Digital Twin 685 Networks. IEEE Transactions on Industrial Informatics, 686 vol. 17, no. 17", August 2020. 688 [Dong2019] Dong, R. Dong., She, C. She., HardjawanaLiu, W. 689 Hardjawana., Li, Y. Li., and B. Vucetic. Vucetic, "Deep 690 Learning for Hybrid 5G Services in Mobile Edge Computing 691 Systems: Learn from a Digital Twin. IEEE Transactions on 692 Wireless Communications,vol. 18, no. 10", July 2019. 694 [Grieves2014] 695 Grieves, M. Grieves., "Digital twin: Manufacturing 696 excellence through virtual factory replication", 2003. 698 [I-D.irtf-nmrg-ibn-concepts-definitions] 699 Clemm, A., Ciavaglia, L., Granville, L. Z., and J. 700 Tantsura, "Intent-Based Networking - Concepts and 701 Definitions", Work in Progress, Internet-Draft, draft- 702 irtf-nmrg-ibn-concepts-definitions-05, 2 September 2021, 703 . 706 [Nguyen2021] 707 Nguyen, H. X. Nguyen., Trestian, R. Trestian., To, D. To., 708 and M. Tatipamula. Tatipamula, "Digital Twin for 5G and 709 Beyond. IEEE Communications Magazine, vol. 59, no. 2", 710 February 2021. 712 [Tao2019] Tao, F. Tao., Zhang, H. Zhang., Liu, A. Liu., and A. Y. C. 713 Nee. Nee, "Digital Twin in Industry: State-of-the-Art. 714 IEEE Transactions on Industrial Informatics, vol. 15, no. 715 4.", April 2019. 717 Appendix A. Change Logs 719 v05 - v06 721 * Remove acronym DTN to avoid conflict with 'Delay Tolerant 722 Network'; 724 * Elaborate the descriptoin of Digital Twin Network architecture 725 that supports multiple instances; 727 * Other Editorial changes. 729 04 - v05 731 * Clarify the difference between digital twin network platform and 732 traditional network management system; 734 * Add more references of researches on applying digital twin to 735 network field; 737 * Clarify the benefit of 'Privacy and Regulatory Compliance'; 739 * Refine the description of reference architecture; 741 * Other Editorial changes. 743 v03 - v04 745 * Update data definition and models definitions to clarify their 746 difference. 748 * Remove the orchestration element and consolidated into control 749 functionality building block in the digital twin network. 751 * Clarify the mapping relation (one to one, and one to many) in the 752 mapping definition. 754 * Add explanation text for continuous verification. 756 v02 - v03 758 * Split interaction with IBN part as a separate section. 760 * Fill security section; 762 * Clarify the motivation in the introduction section; 764 * Use new boilerplate for requirements language section; 766 * Key elements definition update. 768 * Other editorial changes. 770 * Add open issues section. 772 * Add section on application scenarios. 774 Authors' Addresses 776 Cheng Zhou 777 China Mobile 778 Beijing 779 100053 780 China 782 Email: zhouchengyjy@chinamobile.com 784 Hongwei Yang 785 China Mobile 786 Beijing 787 100053 788 China 789 Email: yanghongwei@chinamobile.com 791 Xiaodong Duan 792 China Mobile 793 Beijing 794 100053 795 China 797 Email: duanxiaodong@chinamobile.com 799 Diego Lopez 800 Telefonica I+D 801 Seville 802 Spain 804 Email: diego.r.lopez@telefonica.com 806 Antonio Pastor 807 Telefonica I+D 808 Madrid 809 Spain 811 Email: antonio.pastorperales@telefonica.com 813 Qin Wu 814 Huawei 815 101 Software Avenue, Yuhua District 816 Nanjing 817 Jiangsu, 210012 818 China 820 Email: bill.wu@huawei.com 822 Mohamed Boucadair 823 Orange 824 Rennes 35000 825 France 827 Email: mohamed.boucadair@orange.com 828 Christian Jacquenet 829 Orange 830 Rennes 35000 831 France 833 Email: christian.jacquenet@orange.com