rfc9543.original.xml   rfc9543.xml 
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc [
<!ENTITY RFC3290 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.3290.xml">
<!ENTITY RFC3393 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.3393.xml">
<!ENTITY RFC4208 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.4208.xml">
<!ENTITY RFC4303 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.4303.xml">
<!ENTITY RFC4364 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.4364.xml">
<!ENTITY RFC4397 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.4397.xml">
<!ENTITY RFC5212 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.5212.xml">
<!ENTITY RFC5440 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.5440.xml">
<!ENTITY RFC6020 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.6020.xml">
<!ENTITY RFC6241 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.6241.xml">
<!ENTITY RFC7239 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7239.xml">
<!ENTITY RFC7665 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7665.xml">
<!ENTITY RFC7679 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7679.xml">
<!ENTITY RFC7680 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7680.xml">
<!ENTITY RFC7926 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7926.xml">
<!ENTITY RFC7950 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.7950.xml">
<!ENTITY RFC8040 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8040.xml">
<!ENTITY RFC8300 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8300.xml">
<!ENTITY RFC8309 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8309.xml">
<!ENTITY RFC8453 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8453.xml">
<!ENTITY RFC8454 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8454.xml">
<!ENTITY RFC8596 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.8596.xml">
<!ENTITY RFC9408 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.R
FC.9408.xml">
<!ENTITY I-D.ietf-spring-nsh-sr SYSTEM "http://xml2rfc.ietf.org/public/rfc/bib <!DOCTYPE rfc [
xml3/reference.I-D.ietf-spring-nsh-sr.xml"> <!ENTITY nbsp "&#160;">
<!ENTITY I-D.ietf-spring-resource-aware-segments SYSTEM "http://xml2rfc.ietf.o <!ENTITY zwsp "&#8203;">
rg/public/rfc/bibxml3/reference.I-D.ietf-spring-resource-aware-segments.xml"> <!ENTITY nbhy "&#8209;">
<!ENTITY I-D.ietf-teas-applicability-actn-slicing SYSTEM "http://xml2rfc.ietf. <!ENTITY wj "&#8288;">
org/public/rfc/bibxml3/reference.I-D.ietf-teas-applicability-actn-slicing.xml">
<!ENTITY I-D.ietf-teas-enhanced-vpn SYSTEM "http://xml2rfc.ietf.org/public/rfc
/bibxml3/reference.I-D.ietf-teas-enhanced-vpn.xml">
<!ENTITY I-D.ietf-teas-ietf-network-slice-use-cases SYSTEM "http://xml2rfc.iet
f.org/public/rfc/bibxml3/reference.I-D.ietf-teas-ietf-network-slice-use-cases.xm
l">
<!ENTITY I-D.openconfig-rtgwg-gnmi-spec SYSTEM "http://xml2rfc.ietf.org/public
/rfc/bibxml3/reference.I-D.openconfig-rtgwg-gnmi-spec.xml">
]> ]>
<?rfc toc="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
<?rfc tocompact="yes"?> -ietf-teas-ietf-network-slices-25" number="9543" submissionType="IETF" category=
<?rfc tocdepth="3"?> "info" consensus="true" obsoletes="" updates="" xml:lang="en" tocInclude="true"
<?rfc tocindent="yes"?> tocDepth="3" symRefs="true" sortRefs="true" version="3">
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
-ietf-teas-ietf-network-slices-25" category="info" obsoletes="" updates="" submi
ssionType="IETF" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sor
tRefs="true" version="3">
<front> <front>
<title abbrev="IETF Network Slices">A Framework for Network Slices in Networ ks Built from IETF Technologies</title> <title abbrev="IETF Network Slices">A Framework for Network Slices in Networ ks Built from IETF Technologies</title>
<seriesInfo name="RFC" value="9543"/>
<seriesInfo name="Internet-Draft" value="draft-ietf-teas-ietf-network-slices
-25"/>
<author initials="A." surname="Farrel" fullname="Adrian Farrel" role="editor "> <author initials="A." surname="Farrel" fullname="Adrian Farrel" role="editor ">
<organization>Old Dog Consulting</organization> <organization>Old Dog Consulting</organization>
<address> <address>
<postal> <postal>
<street/>
<city/>
<country>United Kingdom</country> <country>United Kingdom</country>
</postal> </postal>
<email>adrian@olddog.co.uk</email> <email>adrian@olddog.co.uk</email>
</address> </address>
</author> </author>
<author initials="J." surname="Drake" fullname="John Drake" role="editor"> <author initials="J." surname="Drake" fullname="John Drake" role="editor">
<organization>Juniper Networks</organization> <organization>Individual</organization>
<address> <address>
<postal> <postal>
<street/>
<city/>
<country>United States of America</country> <country>United States of America</country>
</postal> </postal>
<email>jdrake@juniper.net</email> <email>je_drake@yahoo.com</email>
</address> </address>
</author> </author>
<author fullname="Reza Rokui" initials="R." surname="Rokui"> <author fullname="Reza Rokui" initials="R." surname="Rokui">
<organization>Ciena</organization> <organization>Ciena</organization>
<address> <address>
<email>rrokui@ciena.com</email> <email>rrokui@ciena.com</email>
</address> </address>
</author> </author>
<author fullname="Shunsuke Homma" initials="S." surname="Homma"> <author fullname="Shunsuke Homma" initials="S." surname="Homma">
<organization abbrev="NTT">NTT</organization> <organization abbrev="NTT">NTT</organization>
<address> <address>
<postal> <postal>
<street/>
<city/>
<country>Japan</country> <country>Japan</country>
</postal> </postal>
<email>shunsuke.homma.ietf@gmail.com</email> <email>shunsuke.homma.ietf@gmail.com</email>
</address> </address>
</author> </author>
<author fullname="Kiran Makhijani" initials="K." surname="Makhijani"> <author fullname="Kiran Makhijani" initials="K." surname="Makhijani">
<organization abbrev="Futurewei">Futurewei</organization> <organization abbrev="Futurewei">Futurewei</organization>
<address> <address>
<postal> <postal>
<street/>
<city/>
<country>United States of America</country> <country>United States of America</country>
</postal> </postal>
<email>kiranm@futurewei.com</email> <email>kiran.ietf@gmail.com</email>
</address> </address>
</author> </author>
<author fullname="Luis M. Contreras" initials="L." surname="Contreras">
<author fullname="Luis M. Contreras" initials="L.M." surname="Contreras">
<organization abbrev="Telefonica">Telefonica</organization> <organization abbrev="Telefonica">Telefonica</organization>
<address> <address>
<postal> <postal>
<street/>
<city/>
<country>Spain</country> <country>Spain</country>
</postal> </postal>
<email>luismiguel.contrerasmurillo@telefonica.com</email> <email>luismiguel.contrerasmurillo@telefonica.com</email>
</address> </address>
</author> </author>
<author fullname="Jeff Tantsura" initials="J." surname="Tantsura"> <author fullname="Jeff Tantsura" initials="J." surname="Tantsura">
<organization abbrev="Nvidia">Nvidia</organization> <organization abbrev="Nvidia">Nvidia</organization>
<address> <address>
<email>jefftant.ietf@gmail.com</email> <email>jefftant.ietf@gmail.com</email>
</address> </address>
</author> </author>
<date year="2024" month="March"/>
<date year="2023"/> <area>rtg</area>
<workgroup>teas</workgroup>
<keyword>Network Slicing</keyword> <keyword>Network Slicing</keyword>
<abstract> <abstract>
<t>This document describes network slicing in the context of networks buil <t>This document describes network slicing in the context of networks
t from IETF built from IETF technologies. It defines the term "IETF Network Slice"
technologies. It defines the term "IETF Network Slice" to describe thi to describe this type of network slice and establishes the general
s type of principles of network slicing in the IETF context.</t>
network slice, and establishes the general principles of network slicin
g in the IETF
context.</t>
<t>The document discusses the general framework for requesting and operati <t>The document discusses the general framework for requesting and
ng IETF operating IETF Network Slices, the characteristics of an IETF Network
Network Slices, the characteristics of an IETF Network Slice, the neces Slice, the necessary system components and interfaces, and the mapping
sary system of abstract requests to more specific technologies. The document also
components and interfaces, and how abstract requests can be mapped to m discusses related considerations with monitoring and security.</t>
ore specific
technologies. The document also discusses related considerations with
monitoring
and security.</t>
<t>This document also provides definitions of related terms to enable cons <t>This document also provides definitions of related terms to enable
istent usage consistent usage in other IETF documents that describe or use aspects of
in other IETF documents that describe or use aspects of IETF Network Sl IETF Network Slices.</t>
ices.</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section anchor="introduction" numbered="true" toc="default"> <section anchor="introduction" numbered="true" toc="default">
<name>Introduction</name> <name>Introduction</name>
<t>A number of use cases would benefit from a network service that supplem <t>A number of use cases would benefit from a network service that
ents connectivity, supplements connectivity, such as that offered by a VPN service, with an
such as that offered by a VPN service, with an assurance of meeting a s assurance of meeting a set of specific network performance objectives.
et of specific This connectivity and resource commitment is referred to as a "network
network performance objectives. This connectivity and resource commitm slice" and is expressed in terms of connectivity constructs (see <xref
ent is referred to as target="objectives" format="default"/>) and service objectives (see
a network slice and is expressed in terms of connectivity constructs (s <xref target="NS-Char" format="default"/>). Since the term "network
ee slice" is rather generic and has wider or different interpretations
<xref target="objectives" format="default"/>) and service objectives within other standards bodies, the qualifying term "IETF" is used in
(see <xref target="NS-Char" format="default"/>). Since the term networ this document to limit the scope of the network slices described to
k slice network technologies defined and standardized by the IETF. This
is rather generic and has wider or different interpretations within oth document defines the concept of "IETF Network Slices" that provide
er standards bodies, connectivity coupled with a set of specific commitments of network
the qualifying term "IETF" is used in this document to limit the scope resources between a number of endpoints (known as Service Demarcation
of the network Points (SDPs); see Sections <xref target="Terms" format="counter"/> and <x
slices described to network technologies described and standardized by ref
the IETF. This document defines target="sdp" format="counter"/>) over a shared underlay network that
the concept of "IETF Network Slices" that provide connectivity coupled utilizes IETF technology. The term "IETF Network Slice Service" is also
with a set of specific introduced to describe the service requested by and provided to the
commitments of network resources between a number of endpoints (known a service provider&apos;s customer.</t>
s Service Demarcation Points (SDPs)
- see <xref target="Terms" format="default"/> and <xref target="sdp" fo
rmat="default"/>) over a shared
underlay network that utilizes IETF technology. The term "IETF Network
Slice Service" is also introduced to
describe the service requested by and provided to the service provider&
apos;s customer.</t>
<t>RFC EDITOR NOTE: Please replace both occurrences of XXXX in the paragraph tha
t follows with the RFC number assigned
to this document, and remove this note.</t>
<t>It is intended that the terms "IETF Network Slice" and "IETF Network Sl <t>It is intended that the terms "IETF Network Slice" and "IETF Network
ice Service" are used only this document. Slice Service" be used only in this document. Other documents that need
Other documents that need to indicate the type of network slice or netw to indicate the type of network slice or network slice service described
ork slice service described in this in this document can use the terms "RFC 9543 Network Slice" and "RFC
document can use the terms "RFC XXXX Network Slice" and "RFC XXXX Netwo 9543 Network Slice Service".</t>
rk Slice Service".</t>
<t>This document also provides a general framework for requesting and oper <t>This document also provides a general framework for requesting and
ating IETF Network Slices. operating IETF Network Slices. The framework is intended as a structure
The framework is intended as a structure for discussing interfaces and for discussing interfaces and technologies.</t>
technologies.</t>
<t>Services that might benefit from IETF Network Slices include, but are n <t>Services that might benefit from IETF Network Slices include but are
ot limited to:</t> not limited to:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>5G services (e.g., eMBB, URLLC, mMTC - see <xref target="TS23501" <li>5G services (e.g., enhanced Mobile Broadband (eMBB),
format="default"/>)</li> Ultra-Reliable and Low Latency Communications (URLLC), and massive
Machine Type Communications (mMTC) -- see <xref target="TS23.501"
format="default"/>)</li>
<li>Network wholesale services</li> <li>Network wholesale services</li>
<li>Network infrastructure sharing among operators</li> <li>Network infrastructure sharing among operators</li>
<li>Network Functions Virtualization (NFV) <xref target="NFVArch" /> c <li>Network Function Virtualization (NFV) <xref target="NFVArch" />
onnectivity and Data Center Interconnect</li> connectivity and Data Center Interconnect</li>
</ul> </ul>
<t>Further analysis of the needs of IETF Network Slice Service customers i <t>Further analysis of the needs of IETF Network Slice Service customers
s provided in is provided in <xref target="I-D.ietf-teas-ietf-network-slice-use-cases"
<xref target="I-D.ietf-teas-ietf-network-slice-use-cases" format="defau format="default" />.</t>
lt" />.</t>
<t>IETF Network Slices are created and managed within the scope of one or <t>IETF Network Slices are created and managed within the scope of one
more network technologies or more network technologies (e.g., IP, MPLS, and optical) that use an
(e.g., IP, MPLS, optical) that use an IETF-specified data plane and/or IETF-specified data plane and/or management/control plane. They are
management/control plane. intended to enable a diverse set of applications with different
They are intended to enable a diverse set of applications with differen requirements to coexist over a shared underlay network. A request for
t an IETF Network Slice Service is agnostic to the technology in the
requirements to coexist over a shared underlay network. A request for underlay network so as to allow customers to describe their network
an IETF Network Slice Service is connectivity objectives in a common format, independent of the underlay
agnostic to the technology in the underlay network so as to allow custo technologies used.</t>
mers to describe their network connectivity objectives in
a common format, independent of the underlay technologies used.</t>
<t>Many pre-existing approaches to service delivery and traffic engineerin <t>Many preexisting approaches to service delivery and traffic
g already use mechanisms that engineering already use mechanisms that can be considered as network
can be considered as network slicing. For example, virtual private net slicing. For example, Virtual Private Networks (VPNs) have served the
works (VPNs) have served the industry well as a means of providing industry well as a means of providing different groups of users with
different groups of users with logically isolated access to a common ne logically isolated access to a common network. The common or base
twork. The common or base network network that is used to support the VPNs is often referred to as an
that is used to support the VPNs is often referred to as an underlay ne "underlay network", and the VPN is often called an "overlay network".
twork, and the VPN is often called An overlay network may, in turn, serve as an underlay network to support
an overlay network. An overlay network may, in turn, serve as an under another overlay network.</t>
lay network to
support another overlay network.</t>
<t>Note that it is conceivable that extensions to IETF technologies are ne <t>Note that it is conceivable that extensions to IETF technologies are
eded in order to fully support needed in order to fully support all the capabilities that can be
all the capabilities that can be implemented with network slices. Eval implemented with network slices. Evaluation of existing
uation of existing technologies, proposed extensions technologies, proposed extensions to existing protocols and
to existing protocols and interfaces, and the creation of new protocols interfaces, and creation of new protocols or interfaces are outside
or interfaces are outside the scope of the scope of this document.</t>
this document.</t>
</section> </section>
<section anchor="bg" numbered="true" toc="default"> <section anchor="bg" numbered="true" toc="default">
<name>Background</name> <name>Background</name>
<t>The concept of network slicing has <t>The concept of network slicing has gained traction, driven largely by
gained traction driven largely by needs surfacing from 5G (<xref target needs surfacing from 5G (see <xref target="NGMN-NS-Concept" format="defaul
="NGMN-NS-Concept" format="default"/>, <xref target="TS23501" format="default"/> t"/>,
, and <xref target="TS23.501" format="default"/>, and <xref
<xref target="TS28530" format="default"/>). In <xref target="TS23501" target="TS28.530" format="default"/>). In <xref target="TS23.501"
format="default"/>, a Network Slice is defined as "a logical network format="default"/>, a Network Slice is defined as a "logical network
that provides specific network capabilities and network characteristics that provides specific network capabilities and network
", and a Network Slice Instance is characteristics", and a Network Slice Instance is defined as a "set of
defined as "A set of Network Function instances and the required resour Network Function instances and the required resources (e.g. compute,
ces (e.g., compute, storage and storage and networking resources) which form a deployed Network Slice".
networking resources) which form a deployed Network Slice." According According to <xref target="TS28.530" format="default"/>, an end-to-end (E2
to <xref target="TS28530" format="default"/>, an E)
end-to-end network slice consists of three major types of network segme network slice consists of three major types of network segments: Radio
nts: Radio Access Network (RAN), Access Network (RAN), Transport Network (TN), and Core Network (CN). An
Transport Network (TN) and Core Network (CN). An IETF Network Slice pr IETF Network Slice provides the required connectivity between different
ovides the required connectivity entities in RAN and CN segments of an end-to-end network slice, with a
between different entities in RAN and CN segments of an end-to-end netw specific performance commitment (for example, serving as a TN slice).
ork slice, with a specific For each end-to-end network slice, the topology and performance
performance commitment (for example, serving as a TN slice). For each requirement on a customer&apos;s use of an IETF Network Slice can be
end-to-end network slice, the topology and performance requirement on very different, which requires the underlay network to have the
a customer&apos;s use of an IETF Network Slice can be very different, w capability of supporting multiple different IETF Network Slices.</t>
hich requires the underlay network to <t>While network slices are commonly discussed in the context of 5G, it
have the capability of supporting multiple different IETF Network Slice is important to note that IETF Network Slices are a narrower concept
s.</t> with a broader usage profile and focus primarily on particular
network connectivity aspects. Other systems, including 5G deployments,
<t>While network slices are commonly discussed in the context of 5G, it is may use IETF Network Slices as a component to create entire systems and
important to note that IETF Network concatenated constructs that match their needs, including end-to-end
Slices are a narrower concept with a broader usage profile, and focus p connectivity.</t>
rimarily on particular network connectivity aspects. Other systems,
including 5G deployments, may use IETF Network Slices as a component to
create entire systems and concatenated
constructs that match their needs, including end-to-end connectivity.</
t>
<t>An IETF Network Slice could span multiple technologies and multiple adm <t>An IETF Network Slice could span multiple technologies and multiple
inistrative domains. Depending on the administrative domains. Depending on the IETF Network Slice Service
IETF Network Slice Service customer&apos;s requirements, an IETF Networ customer&apos;s requirements, an IETF Network Slice could be isolated
k Slice could be isolated from other, often from other, often concurrent, IETF Network Slices in terms of data,
concurrent IETF Network Slices in terms of data, control, and managemen control, and management planes.</t>
t planes.</t>
<t>The customer expresses requirements for a particular IETF Network Slice <t>The customer expresses requirements for a particular IETF Network
Service by specifying what is required rather Slice Service by specifying what is required rather than how the
than how the requirement is to be fulfilled. That is, the IETF Network requirement is to be fulfilled. That is, the IETF Network Slice Service
Slice Service customer&apos;s view of an IETF customer&apos;s view of an IETF Network Slice Service is an abstract
Network Slice Service is an abstract one.</t> one.</t>
<t>Thus, there is a need to create logical network structures with require <t>Thus, there is a need to create logical network structures with
d characteristics. The customer of required characteristics. The customer of such a logical network can
such a logical network can require a level of isolation and performance require a level of isolation and performance that previously might not
that previously might not have been have been satisfied by overlay VPNs. Additionally, the IETF Network
satisfied by overlay VPNs. Additionally, the IETF Network Slice Servic Slice Service customer might ask for some level of control to, e.g.,
e customer might ask for some level customize the service paths in a network slice.</t>
of control to, e.g., customize the service paths in a network slice.</t
>
<t>This document specifies definitions and a framework for the provision o <t>This document specifies definitions and a framework for the provision
f an IETF Network Slice Service. of an IETF Network Slice Service. <xref target="realize"
<xref target="realize" format="default"/> briefly indicates some candid format="default"/> briefly indicates some candidate technologies for
ate technologies for realizing IETF Network Slices.</t> realizing IETF Network Slices.</t>
</section> </section>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Terms and Abbreviations</name> <name>Terms and Abbreviations</name>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Abbreviations</name> <name>Abbreviations</name>
<t>The following abbreviations are used in this document.</t> <t>The following abbreviations are used in this document.</t>
<ul spacing="normal"> <dl spacing="normal" newline="false" indent="7">
<li>NSC: Network Slice Controller</li> <dt>NSC:</dt> <dd>Network Slice Controller</dd>
<li>SDP: Service Demarcation Point</li> <dt>SDP:</dt> <dd>Service Demarcation Point</dd>
<li>SLA: Service Level Agreement</li> <dt>SLA:</dt> <dd>Service Level Agreement</dd>
<li>SLE: Service Level Expectation</li> <dt>SLE:</dt> <dd>Service Level Expectation</dd>
<li>SLI: Service Level Indicator</li> <dt>SLI:</dt> <dd>Service Level Indicator</dd>
<li>SLO: Service Level Objective</li> <dt>SLO:</dt> <dd>Service Level Objective</dd>
</ul> </dl>
<t>The meaning of these abbreviations is defined in greater detail in th e remainder of this document.</t> <t>The meaning of these abbreviations is defined in greater detail in th e remainder of this document.</t>
</section> </section>
<section anchor="Terms" numbered="true" toc="default"> <section anchor="Terms" numbered="true" toc="default">
<name>Core Terminology</name> <name>Core Terminology</name>
<t>The following terms are presented here to give context. Other termin ology is defined in the remainder of this document.</t> <t>The following terms are presented here to give context. Other termin ology is defined in the remainder of this document.</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>Customer:</dt> <dt>Customer:</dt>
<dd>A customer is the requester of an IETF Network Slice Service. C <dd>The requester of an IETF Network Slice Service.
ustomers may request Customers may request monitoring of SLOs. A customer may be an
monitoring of SLOs. A customer may be an entity such as an ente entity such as an enterprise network or a network operator, an
rprise network or a network operator, an individual working at such an entity, a private individual
individual working at such an entity, a private individual contr contracting for a service, or an application or software
acting for a service, or an application or component. A customer may be an external party (classically, a
software component. A customer may be an external party (classi paying customer) or a division of a network operator that uses the
cally a paying customer) or a division of a service provided by another division of the same operator. Other
network operator that uses the service provided by another divis terms that have been applied to the customer role are "client" and
ion of the same operator. Other terms that "consumer".</dd>
have been applied to the customer role are "client" and "consume
r".</dd>
<dt>Provider:</dt> <dt>Provider:</dt> <dd>The organization that
<dd>A provider is the organization that delivers an IETF Network Sli delivers an IETF Network Slice Service. A provider is the network
ce Service. A provider operator that controls the network resources used to construct the
is the network operator that controls the network resources used network slice (that is, the network that is sliced). The
to construct the network slice (that is, the provider&apos;s network may be a physical network or a
network that is sliced). The provider&apos;s network may be a p virtual network created within the operator&apos;s network or
hysical network, or may be a virtual network supplied by another service provider.</dd>
created within the operator&apos;s network or supplied by anothe
r service provider.</dd>
<dt>Customer Edge (CE):</dt> <dt>Customer Edge (CE):</dt>
<dd>The customer device that provides connectivity to a service prov <dd>The customer device that provides connectivity to a service
ider. Examples provider. Examples include routers, Ethernet switches, firewalls,
include routers, Ethernet switches, firewalls, 4G/5G RAN or Core 4G/5G RAN or Core nodes, application accelerators, server load
nodes, application accelerators, server load balancers, HTTP header enrichment functions (such as proxy
balancers, HTTP header enrichment functions (such as proxy compo components adding the Forwarded HTTP Extension Header <xref
nents adding the Forwarded HTTP Extension Header target="RFC7239" />), and Performance Enhancing Proxies (PEPs). In
<xref target="RFC7239" />), and PEPs (Performance Enhancing Prox some circumstances, CEs are provided to the customer and managed
y). In some circumstances CEs are provided to by the provider.</dd>
the customer and managed by the provider.</dd>
<dt>Provider Edge (PE):</dt> <dt>Provider Edge (PE):</dt>
<dd>The device within the provider network to which a CE is attached <dd>The device within the provider network to which a CE is
. A CE may be attached attached. A CE may be attached to multiple PEs, and multiple CEs
to multiple PEs, and multiple CEs may be attached to a given PE. may be attached to a given PE.</dd>
</dd>
<dt>Attachment Circuit (AC):</dt> <dt>Attachment Circuit (AC):</dt>
<dd>A channel connecting a CE and a PE over which packets that belon <dd>A channel connecting a CE and a PE over which packets that
g to an IETF Network Slice Service are exchanged. An AC is, belong to an IETF Network Slice Service are exchanged. An AC is,
by definition, technology specific: that is, the AC defines how by definition, technology specific: that is, the AC defines how
customer traffic is presented to the provider network. The customer customer traffic is presented to the provider network. The
and provider agree (for example, through configuration) on which customer and provider agree (for example, through configuration)
values in which combination of layer 2 and layer 3 header and payload fields wi on which values in which combination of Layer 2 (L2) and Layer 3
thin a (L3) header and payload fields within a packet identify to which
packet identify to which {IETF Network Slice Service, connectivi {IETF Network Slice Service, connectivity construct, and
ty construct, and SLOs/SLEs} that packet is assigned. SLOs/SLEs} that packet is assigned. The customer and provider may
The customer and provider may agree on a per {IETF Network Slice agree to police or shape traffic, based on the specific IETF
Service, connectivity construct, and SLOs/SLEs} basis Network Slice Service including connectivity construct and
to police or shape traffic on the AC in both the ingress (CE to SLOs/SLEs, on the AC in both the ingress (CE to PE) direction and
PE) direction and egress (PE to CE) direction. This ensures that egress (PE to CE) direction. This ensures that the traffic is
the traffic is within the capacity profile that is agreed in an within the capacity profile that is agreed upon in an IETF Network
IETF Network Slice Service. Excess traffic Slice Service. Excess traffic is dropped by default, unless
is dropped by default, unless specific out-of-profile policies a specific out-of-profile policies are agreed upon between the
re agreed between the customer and the provider. As customer and the provider. As described in <xref target="sdp"
described in <xref target="sdp" format="default"/> the AC may be format="default"/>, the AC may be part of the IETF Network Slice
part of the IETF Network Slice Service or may be external to it. Service or may be external to it. Because SLOs and SLEs
Because SLOs and SLEs characterize the performance of the underl characterize the performance of the underlay network between a
ay network between a sending SDP and a set of receiving SDPs, sending SDP and a set of receiving SDPs, the traffic policers and
the traffic policers and traffic shapers apply to a specific con traffic shapers apply to a specific connectivity construct on an
nectivity construct on an AC.</dd> AC.</dd>
<dt>Service Demarcation Point (SDP):</dt> <dt>Service Demarcation Point (SDP):</dt>
<dd> <dd>
<t>The point at which an IETF Network Slice Service is delivered b <t>The point at which an IETF Network Slice Service is delivered
y a by a service provider to a customer. Depending on the service
service provider to a customer. Depending on the service deliv delivery model (see <xref target="sdp" format="default"/>), this
ery model (see <xref target="sdp" format="default"/>) this may be may be a CE or a PE and could be a device, a software
a CE or a PE, and could be a device, a software component, or a component, or an abstract virtual function supported within the
n abstract virtual function supported within the provider&apos;s provider&apos;s network. Each SDP must have a unique identifier
network. Each SDP must have a unique identifier (e.g., an IP a (e.g., an IP address or Media Access Control (MAC) address) within
ddress or MAC address) within a given IETF Network Slice Service a given IETF Network
and may use the same identifier in multiple IETF Network Slice Slice Service and may use the same identifier in multiple IETF
Services.</t> Network Slice Services.</t>
<t>An SDP may be abstracted as a Service Attachment Point (SAP) <x <t>An SDP may be abstracted as a Service Attachment Point (SAP)
ref target="RFC9408" format="default"/> <xref target="RFC9408" format="default"/> for the purpose of
for the purpose of generalizing the concept across multiple ser generalizing the concept across multiple service types and
vice types and representing it in management and representing it in management and configuration systems.</t>
configuration systems.</t>
</dd> </dd>
<dt>Connectivity Construct:</dt> <dt>Connectivity Construct:</dt>
<dd>A set of SDPs together with a communication type <dd>A set of SDPs together with a communication type
that defines how traffic flows between the SDPs. An IETF Networ k that defines how traffic flows between the SDPs. An IETF Networ k
Slice Service is specified in terms of a set of SDPs, the associ ated Slice Service is specified in terms of a set of SDPs, the associ ated
connectivity constructs and the service objectives that the cust omer connectivity constructs, and the service objectives that the cus tomer
wishes to see fulfilled. Connectivity constructs may be grouped for wishes to see fulfilled. Connectivity constructs may be grouped for
administrative purposes.</dd> administrative purposes.</dd>
</dl> </dl>
</section> </section>
</section> </section>
<section anchor="objectives" numbered="true" toc="default"> <section anchor="objectives" numbered="true" toc="default">
<name>IETF Network Slice</name> <name>IETF Network Slice</name>
<t>IETF Network Slices are created to meet specific <t>IETF Network Slices are created to meet specific requirements,
requirements, typically expressed as bandwidth, latency, latency variat typically expressed as bandwidth, latency, latency variation, and other
ion, desired or required characteristics. Creation of an IETF Network Slice
and other desired or required characteristics. Creation of an IETF Net is initiated by a management system or other application used to specify
work Slice is initiated by a network-related conditions for particular traffic flows in response to
management system or other application used to specify network-related an actual or logical IETF Network Slice Service request.</t>
conditions for particular traffic flows in response to an actual or log
ical IETF Network Slice Service request.</t>
<t>Once created, these slices can be monitored, <t>Once created, these slices can be monitored, modified, deleted, and
modified, deleted, and otherwise managed.</t> otherwise managed.</t>
<t>Applications and components will be able to use <t>Applications and components will be able to use these IETF Network
these IETF Network Slices to move packets between the specified endpoin Slices to move packets between the specified endpoints of the service in
ts of accordance with specified characteristics.</t>
the service in accordance with specified characteristics.</t>
<t>A clear distinction should be made between the "IETF Network <t>A clear distinction should be made between the "IETF Network Slice
Slice Service" which is the function delivered to the customer Service" and the IETF Network Slice:</t>
(see <xref target="NS-Service" format="default" />) and which is agnost
ic to the technologies and <dl newline="false" spacing="normal">
mechanisms used by the service provider, and the "IETF Network <dt>IETF Network Slice Service:</dt>
Slice" which is the realization of the service in the provider&apos;s <dd>The function delivered to the customer (see <xref
network achieved by partitioning network resources and by target="NS-Service" format="default" />). It is agnostic to the
applying certain tools and techniques within the network (see technologies and mechanisms used by the service provider.
<xref target="defns" format="default" /> and </dd>
<xref target="realize" format="default" />).</t>
<dt>IETF Network Slice:</dt>
<dd>The realization of the service in the
provider&apos;s network achieved by partitioning network resources and
by applying certain tools and techniques within the network (see
Sections <xref target="defns" format="counter" /> and <xref
target="realize" format="counter"/>).
</dd>
</dl>
<section anchor="defns" numbered="true" toc="default"> <section anchor="defns" numbered="true" toc="default">
<name>Definition and Scope of IETF Network Slice</name> <name>Definition and Scope of IETF Network Slice</name>
<t>The term "Slice" refers to a set of characteristics and behaviors tha <t>The term "Slice" refers to a set of characteristics and behaviors
t differentiate one type of that differentiate one type of user traffic from another within a
user-traffic from another within a network. An IETF Network Slice is network. An IETF Network Slice is a logical partition of a network
a logical partition of a network that that uses IETF technology. An IETF Network Slice assumes that an
uses IETF technology. An IETF Network Slice assumes that an underlay underlay network is capable of changing the configurations of the
network is capable network devices on demand, through in-band signaling, or via
of changing the configurations of the network devices on demand, thro controllers.</t>
ugh in-band signaling,
or via controllers.</t>
<t>An IETF Network Slice enables connectivity between a set of SDPs with
specific Service Level
Objectives (SLOs) and Service Level Expectations (SLEs)
(see <xref target="NS-Char" format="default"/>) over a common underla
y network. The SLOs and
SLEs characterize the performance of the underlay network between a s
ending SDP and a set of
receiving SDPs. Thus, an IETF Network Slice delivers a service to a
customer by meeting
connectivity resource requirements and associated network capabilitie
s such as bandwidth,
latency, jitter, and network functions with other resource behaviors
such as compute and
storage availability.</t>
<t>IETF Network Slices may be combined hierarchically, so that a network <t>An IETF Network Slice enables connectivity between a set of SDPs
slice may with specific Service Level Objectives (SLOs) and Service Level
itself be sliced. They may also be combined sequentially so that var Expectations (SLEs) (see <xref target="NS-Char" format="default"/>)
ious different over a common underlay network. The SLOs and SLEs characterize the
networks can each be sliced and the network slices placed into a sequ performance of the underlay network between a sending SDP and a set of
ence to provide an receiving SDPs. Thus, an IETF Network Slice delivers a service to a
end-to-end service. This form of sequential combination is utilized customer by meeting connectivity resource requirements and associated
in some services network capabilities such as bandwidth, latency, jitter, and network
such as in 3GPP&apos;s 5G network <xref target="TS23501" format="defa functions with other resource behaviors such as compute and storage
ult"/>.</t> availability.</t>
<t>RFC EDITOR NOTE: Please replace XXXX in the paragraph that follows with the R <t>IETF Network Slices may be combined hierarchically so that a
FC number assigned network slice may itself be sliced. They may also be combined
to this document, and remove this note.</t> sequentially so that various different networks can each be sliced and
the network slices placed into a sequence to provide an
end-to-end service. This form of sequential combination is utilized
in some services such as in 3GPP&apos;s 5G network <xref
target="TS23.501" format="default"/>.</t>
<t>It is intended that the term "IETF Network Slice" is used only this d <t>It is intended that the term "IETF Network Slice" be used only in thi
ocument. s
Other documents that need to indicate the type of network slice descr document. Other documents that need to indicate the type of network
ibed in this slice described in this document can use the term "RFC 9543 Network
document can use the term "RFC XXXX Network Slice".</t> Slice".</t>
</section> </section>
<section anchor="NS-Service" numbered="true" toc="default"> <section anchor="NS-Service" numbered="true" toc="default">
<name>IETF Network Slice Service</name> <name>IETF Network Slice Service</name>
<t>A service provider delivers an IETF Network Slice Service for a custo <t>A service provider delivers an IETF Network Slice Service for a
mer by realizing customer by realizing an IETF Network Slice in the underlay network.
an IETF Network Slice in the underlay network. The IETF Network Slic The IETF Network Slice Service is agnostic to the technology of the
e Service is agnostic to the technology of underlay network, and its realization may be selected based upon
the underlay network, and its realization may be selected based upon multiple considerations, including its service requirements and the
multiple considerations capabilities of the underlay network. This allows an IETF Network
including its service requirements and the capabilities of the underl Slice Service customer to describe their network connectivity and
ay network. This relevant objectives in a common format, independent of the underlay
allows an IETF Network Slice Service customer to describe their netwo technologies used.</t>
rk connectivity and
relevant objectives in a common format, independent of the underlay t
echnologies used.</t>
<t>The IETF Network Slice Service is specified in terms of a set of SDPs <t>The IETF Network Slice Service is specified in terms of a set of
, a set of one or more SDPs, a set of one or more connectivity constructs between subsets of
connectivity constructs between subsets of these SDPs, and a set of S these SDPs, and a set of SLOs and SLEs (see <xref target="NS-Char"
LOs and SLEs (see format="default"/>) for each SDP sending to each connectivity
<xref target="NS-Char" format="default"/>) for each SDP sending to ea construct. A communication type (Point-to-Point (P2P),
ch connectivity Point-to-Multipoint (P2MP), or Any-to-Any (A2A)) is specified for each
construct. A communication type (point-to-point (P2P), point-to-mult connectivity construct. That is, in a given IETF Network Slice Service:<
ipoint (P2MP), or /t>
any-to-any (A2A)) is specified for each connectivity construct. That
is, in a given IETF
Network Slice Service there may be one or more connectivity construct
s of the same or
different type, each connectivity construct may be between a differen
t subset of SDPs, for
a given connectivity construct each sending SDP has its own set of SL
Os and SLEs, and the
SLOs and SLEs in each set may be different. Note that different conn
ectivity constructs
can be specified in the service request, but the service provider may
decide how many
connectivity constructs per IETF Network Slice Service it wishes to s
upport such that an
IETF Network Slice Service may be limited to one connectivity constru
ct or may support
many.</t>
<t>An IETF Network Slice Service customer may provide IETF Network Slice <ul spacing="normal">
Services to other customers in a mode sometimes referred to as <li>
"carrier's carrier" (see Section 9 of <xref target="RFC4364" format=" There may be one or more connectivity constructs of the same
default"/>). In this case, the relationship between IETF Network or different type.
Slice Service providers may be internal to a commercial organization, </li>
or may be external through service provision contracts. As noted in
<xref target="ExtConcept" format="default"/>, network slices may be c
omposed hierarchically or serially.</t>
<t><xref target="sdp" format="default"/> provides a description of SDPs <li>
as endpoints in the context of IETF network slicing. For a given Each connectivity construct may be between a different subset of SDP
IETF Network Slice Service, the customer and provider agree, on a s.
per-SDP basis which end of the attachment circuit provides the SDP (i </li>
.e., whether the attachment
circuit is inside or outside the IETF Network Slice Service). This d
etermines whether the attachment circuit is subject
to the set of SLOs and SLEs at the specific SDP.</t>
<t>RFC EDITOR NOTE: Please replace XXXX in the paragraph that follows with the R <li>
FC number assigned Each sending SDP has its own set of SLOs and SLEs for a given connec
to this document, and remove this note.</t> tivity
construct, and the SLOs and SLEs in each set may be different.
</li>
</ul>
<t>It is intended that the term "IETF Network Slice Service" is used onl <t>Note that different connectivity
y this document. constructs can be specified in the service request, but the service
Other documents that need to indicate the type of network slice servi provider may decide how many connectivity constructs per IETF Network
ce described in this Slice Service it wishes to support such that an IETF Network Slice
document can use the term "RFC XXXX Network Slice Service".</t> Service may be limited to one connectivity construct or may support
many.</t>
<t>An IETF Network Slice Service customer may provide IETF Network
Slice Services to other customers in a mode sometimes referred to as
"carrier's carrier" (see <xref target="RFC4364" sectionFormat="of"
section="9"/>). In this case, the relationship between IETF Network
Slice Service providers may be internal to a commercial organization
or may be external through service provision contracts. As noted in
<xref target="ExtConcept" format="default"/>, network slices may be
composed hierarchically or serially.</t>
<t><xref target="sdp" format="default"/> provides a description of
SDPs as endpoints in the context of IETF network slicing. For a given
IETF Network Slice Service, the customer and provider agree, on a
per-SDP basis, which end of the attachment circuit provides the SDP
(i.e., whether the attachment circuit is inside or outside the IETF
Network Slice Service). This determines whether the attachment
circuit is subject to the set of SLOs and SLEs at the specific
SDP.</t>
<t>It is intended that the term "IETF Network Slice Service" be used
only in this document. Other documents that need to indicate the type o
f
network slice service described in this document can use the term "RFC
9543 Network Slice Service".</t>
<section anchor="ConCon" numbered="true" toc="default"> <section anchor="ConCon" numbered="true" toc="default">
<name>Connectivity Constructs</name> <name>Connectivity Constructs</name>
<t>The approach of specifying a Network Slice Service as a set of SDPs <t>The approach of specifying a Network Slice Service as a set of
with connectivity constructs, SDPs with connectivity constructs results in the following possible
results in the following possible connectivity constructs:</t> connectivity constructs:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>For a P2P connectivity construct, there is one sending SDP and o <li>For a P2P connectivity construct, there is one sending SDP and
ne receiving SDP. This construct is like a private one receiving SDP. This construct is like a private wire or a
wire or a tunnel. All traffic injected at the sending SDP is in tunnel. All traffic injected at the sending SDP is intended to be
tended to be received by the receiving SDP. The received by the receiving SDP. The SLOs and SLEs apply at the
SLOs and SLEs apply at the sender (and implicitly at the receive sender (and implicitly, at the receiver).</li>
r).</li>
<li>For a P2MP connectivity construct, there is only one sending SDP <li>For a P2MP connectivity construct, there is only one sending
and more than one receiving SDP. This is like a SDP and more than one receiving SDP. This is like a P2MP tunnel
P2MP tunnel or multi-access VLAN segment. All traffic from the or multi-access VLAN segment. All traffic from the sending SDP is
sending SDP is intended to be received by all intended to be received by all the receiving SDPs. There is one
the receiving SDPs. There is one set of SLOs and SLEs that appl set of SLOs and SLEs that applies at the sending SDP (and
ies at the sending SDP (and implicitly at all implicitly, at all receiving SDPs).</li>
receiving SDPs).</li>
<li> <li>
<t>With an A2A connectivity construct, any sending SDP may send to <t>With an A2A connectivity construct, any sending SDP may send
any one receiving SDP or any set of receiving SDPs in to any one receiving SDP or any set of receiving SDPs in the
the construct. There is an implicit level of routing in this c construct. There is an implicit level of routing in this
onnectivity construct that is not present in the other connectivity construct that is not present in the other
connectivity constructs because the provider&apos;s network mus connectivity constructs because the provider&apos;s network must
t determine to which receiving SDPs to deliver each packet. determine to which receiving SDPs to deliver each packet. This
This construct may be used to support P2P traffic between any p construct may be used to support P2P traffic between any pair of
air of SDPs, or to support multicast or broadcast traffic SDPs or to support multicast or broadcast traffic from one SDP
from one SDP to a set of other SDPs. In the latter case, wheth to a set of other SDPs. In the latter case, whether the service
er the service is delivered using multicast within the is delivered using multicast within the provider&apos;s network
provider&apos;s network or using "ingress replication" or some or using "ingress replication" or some other means is out of
other means is out of scope of the specification of the service. scope of the specification of the service. A service provider
A service provider may choose to support A2A constructs, but to may choose to support A2A constructs but to limit the traffic
limit the traffic to unicast.</t> to unicast.</t>
<t>The SLOs/SLEs in an A2A connectivity construct apply to individ <t>The SLOs/SLEs in an A2A connectivity construct apply to
ual sending SDPs regardless of the receiving SDPs, and there individual sending SDPs regardless of the receiving SDPs, and
is no linkage between sender and receiver in the specification there is no linkage between sender and receiver in the
of the connectivity construct. A sending SDP may be "disappointed" if the recei specification of the connectivity construct. A sending SDP may
ver is over-subscribed. be "disappointed" if the receiver is over-subscribed. If a
If a customer wants to be more specific about different behavio customer wants to be more specific about different behaviors
rs from one SDP to another SDP, they should use P2P from one SDP to another SDP, they should use P2P connectivity
connectivity constructs.</t> constructs.</t>
</li> </li>
</ul> </ul>
<t>A given sending SDP may be part of multiple connectivity constructs <t>A given sending SDP may be part of multiple connectivity
within a single IETF Network Slice Service, and the SDP may have constructs within a single IETF Network Slice Service, and the SDP
different SLOs and SLEs for each connectivity construct to which it may have different SLOs and SLEs for each connectivity construct to
is sending. Note that a given sending SDP&apos;s SLOs and SLEs which it is sending. Note that a given sending SDP&apos;s SLOs and
for a given connectivity construct apply between it and each of the SLEs for a given connectivity construct apply between it and each of
receiving SDPs for that connectivity construct.</t> the receiving SDPs for that connectivity construct.</t>
<t>An IETF Network Slice Service provider may freely make a deployment <t>An IETF Network Slice Service provider may freely make a
choice as to whether to offer a 1:1 relationship deployment choice as to whether to offer a 1:1 relationship between
between IETF Network Slice Service and connectivity construct, or t an IETF Network Slice Service and connectivity construct or to support
o support multiple connectivity constructs in a single multiple connectivity constructs in a single IETF Network Slice
IETF Network Slice Service. In the former case, the provider might Service. In the former case, the provider might need to deliver
need to deliver multiple IETF Network Slice Services multiple IETF Network Slice Services to achieve the function of the
to achieve the function of the second case.</t> second case.</t>
</section> </section>
<section anchor="Traflow" numbered="true" toc="default"> <section anchor="Traflow" numbered="true" toc="default">
<name>Mapping Traffic Flows to Network Realizations</name> <name>Mapping Traffic Flows to Network Realizations</name>
<t>A customer traffic flow may be unicast or multicast, and various ne <t>A customer traffic flow may be unicast or multicast, and various
twork realizations are possible:</t> network realizations are possible:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>Unicast traffic may be mapped to a P2P connectivity construct <li>Unicast traffic may be mapped to a P2P connectivity
for direct delivery, or to an A2A connectivity construct for direct delivery or to an A2A connectivity
construct for the service provider to perform routing to the d construct for the service provider to perform routing to the
estination SDP. It would destination SDP. It would be unusual to use a P2MP connectivity
be unusual to use a P2MP connectivity construct to deliver uni construct to deliver unicast traffic because all receiving SDPs
cast traffic because all receiving SDPs would would get a copy, but this can still be done if the receivers
get a copy, but this can still be done if the receivers are ca are capable of dropping the unwanted traffic.</li>
pable of dropping the unwanted traffic.</li>
<li>A bidirectional unicast service can be constructed by specifyi <li>A bidirectional unicast service can be constructed by
ng two P2P connectivity constructs. An specifying two P2P connectivity constructs. An additional SLE
additional SLE may specify fate-sharing in this case.</li> may specify fate-sharing in this case.</li>
<li>Multicast traffic may be mapped to a set of P2P connectivity c <li>Multicast traffic may be mapped to a set of P2P connectivity
onstructs, a single P2MP connectivity construct, constructs, a single P2MP connectivity construct, or a mixture
or a mixture of P2P and P2MP connectivity constructs. Multica of P2P and P2MP connectivity constructs. Multicast may also be
st may also be supported by an A2A connectivity construct. supported by an A2A connectivity construct. The choice clearly
The choice clearly influences how and where traffic is replica influences how and where traffic is replicated in the network.
ted in the network. With a P2MP or A2A connectivity With a P2MP or A2A connectivity construct, it is the
construct, it is the operator&apos;s choice whether to realize operator&apos;s choice whether to realize the construct with
the construct with ingress replication, multicast in ingress replication, multicast in the core, P2MP tunnels, or
the core, P2MP tunnels, or hub-and-spoke. This choice should hub-and-spoke. This choice should not change how the customer
not change how the customer perceives the service.</li> perceives the service.</li>
<li>The concept of a multipoint-to-point (MP2P) service can be rea <li>The concept of a Multipoint-to-Point (MP2P) service can be
lized with multiple P2P connectivity constructs. realized with multiple P2P connectivity constructs. Note that,
Note that, in this case, the egress may simultaneously receive in this case, the egress may simultaneously receive traffic from
traffic from all ingresses. The SLOs at the all ingresses. The SLOs at the sending SDPs must be set with
sending SDPs must be set with this in mind because the provide this in mind because the provider&apos;s network is not capable
r&apos;s network is not capable of coordinating the policing of traffic across of coordinating the policing of traffic across multiple distinct
multiple distinct source SDPs. It is assumed that the custome source SDPs. It is assumed that the customer, requesting SLOs
r, requesting SLOs for the various P2P connectivity for the various P2P connectivity constructs, is aware of the
constructs, is aware of the capabilities of the receiving SDP. capabilities of the receiving SDP. If the receiver receives
If the receiver receives more traffic than more traffic than it can handle, it may drop some and introduce
it can handle, it may drop some and introduce queuing delays.< queuing delays.</li>
/li>
<li>The concept of a multipoint-to-multipoint (MP2MP) service can <li>The concept of a Multipoint-to-Multipoint (MP2MP) service
best be realized using a set of P2MP connectivity can best be realized using a set of P2MP connectivity
constructs, but could be delivered over an A2A connectivity co constructs but could be delivered over an A2A connectivity
nstruct if each sender is using multicast. As construct if each sender is using multicast. As with MP2P, the
with MP2P, the customer is assumed to be familiar with the cap customer is assumed to be familiar with the capabilities of all
abilities of all receivers. A customer may wish receivers. A customer may wish to achieve an MP2MP service
to achieve an MP2MP service using a hub-and-spoke architecture using a hub-and-spoke architecture where they control the hub;
where they control the hub: that is, the hub may that is, the hub may be an SDP or an ancillary CE (see <xref
be an SDP or an ancillary CE (see <xref target="ancillary" for target="ancillary" format="default"/>), and the service may be
mat="default"/>) and the service may be achieved achieved by using a set of P2P connectivity constructs to the
by using a set of P2P connectivity constructs to the hub, and hub and a single P2MP connectivity construct from the hub.</li>
a single P2MP connectivity construct from the hub.</li>
</ul> </ul>
<t>From the above, it can be seen that the SLOs of the senders define <t>From the above, it can be seen that the SLOs of the senders
the SLOs for the receivers on any connectivity define the SLOs for the receivers on any connectivity construct.
construct. That is, and in particular, the network may be expected In particular, the network may be expected to handle
to handle the traffic volume from a sender to the traffic volume from a sender to all destinations. This extends
all destinations. This extends to all connectivity constructs in a to all connectivity constructs in an IETF Network Slice Service.</t>
n IETF Network Slice Service.</t>
<t>Note that the realization of an IETF Network Slice Service does not <t>Note that the realization of an IETF Network Slice Service does
need to map the connectivity constructs one-to-one onto underlying not need to map the connectivity constructs one-to-one onto
network constructs (such as tunnels). The service provided to underlying network constructs (such as tunnels). The service
the customer is distinct from how the provider decides to deliver t provided to the customer is distinct from how the provider decides
hat to deliver that service.</t>
service.</t>
<t>If a CE has multiple attachment circuits to PEs within a given IETF <t>If a CE has multiple attachment circuits to PEs within a given
Network Slice Service and they are operating in single-active IETF Network Slice Service and they are operating in single-active
mode, then all traffic between the CE and its attached PEs transits mode, then all traffic between the CE and its attached PEs transits
a single attachment circuit; if they are operating a single attachment circuit; if they are operating in all-active
in all-active mode, then traffic between the CE and its attached PE mode, then traffic between the CE and its attached PEs is
s is distributed across all of the active attachment distributed across all of the active attachment circuits.</t>
circuits.</t>
</section> </section>
<section anchor="ancillary" numbered="true" toc="default"> <section anchor="ancillary" numbered="true" toc="default">
<name>Ancillary CEs</name> <name>Ancillary CEs</name>
<t>It may be the case that the set of SDPs that delimits an IETF Netwo <t>It may be the case that the set of SDPs that delimits an IETF
rk Slice Service needs to be supplemented with additional Network Slice Service needs to be supplemented with additional
senders or receivers within the network that are not customer sites senders or receivers within the network that are not customer sites.
. An additional sender could be, for example, an IPTV or An additional sender could be, for example, an IPTV or DNS server
DNS server either within the provider&apos;s network or attached to either within the provider&apos;s network or attached to it, while
it, while an extra receiver could be, for example, a node an extra receiver could be, for example, a node reachable via the
reachable via the Internet. This is modelled in the Network Slicin Internet. This is modeled in the Network Slicing architecture as a
g architecture as a set of ancillary CEs which supplement set of ancillary CEs that supplement the other SDPs in one or more
the other SDPs in one or more connectivity constructs, or which are connectivity constructs or that are linked by their own
linked by their own connectivity constructs. Note that connectivity constructs. Note that an ancillary CE can either have
an ancillary CE can either have a resolvable address (e.g., an IP a a resolvable address (e.g., an IP address or MAC address), or it may
ddress or MAC address) or it may be a placeholder (e.g., be a placeholder (e.g., a named IPTV or DNS service or server) that
a named IPTV or DNS service or server) which is resolved within the is resolved within the provider&apos;s network when the IETF Network
provider&apos;s network when the IETF Network Slice Slice Service is instantiated.</t>
Service is instantiated.</t>
<t>Thus, an ancillary CE may be a node within the provider network (i. <t>Thus, an ancillary CE may be a node within the provider network
e., not a node at the edge of the customer&apos;s network). (i.e., not a node at the edge of the customer&apos;s network). An
An example is a node that provides a service function. Another exa example is a node that provides a service function. Another example
mple is a node that acts as a hub. There will be times is a node that acts as a hub. There will be times when the customer
when the customer wishes to explicitly select one of these. Altern wishes to explicitly select one of these. Alternatively, an
atively, an ancillary CE may be a service function at an ancillary CE may be a service function at an unknown point in the
unknown point in the provider&apos;s network. In this case, the fu provider&apos;s network. In this case, the function may be a
nction may be a placeholder that has its addresses resolved placeholder that has its addresses resolved as part of the
as part of the realization of the slice service.</t> realization of the slice service.</t>
<t><xref target="APPA3" /> and <xref target="APPA4" /> give simple wor <t>Appendices <xref target="APPA3" format="counter"/> and <xref
ked examples of the use of ancillary CEs that may aid understanding the target="APPA4" format="counter"/> give simple worked examples of the
concept.</t> use of ancillary CEs that may aid understanding the concept.</t>
</section> </section>
</section> </section>
</section> </section>
<section anchor="NS-Char" numbered="true" toc="default"> <section anchor="NS-Char" numbered="true" toc="default">
<name>IETF Network Slice System Characteristics</name> <name>IETF Network Slice System Characteristics</name>
<t>The following subsections describe the characteristics of IETF Network Slices in addition to the list of SDPs, the <t>The following subsections describe the characteristics of IETF Network Slices in addition to the list of SDPs, the
connectivity constructs, and the technology of the ACs.</t> connectivity constructs, and the technology of the ACs.</t>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Objectives for IETF Network Slices</name> <name>Objectives for IETF Network Slices</name>
<t>An IETF Network Slice Service is defined in terms of quantifiable cha <t>An IETF Network Slice Service is defined in terms of quantifiable
racteristics known as characteristics known as Service Level Objectives (SLOs) and
Service Level Objectives (SLOs) and unquantifiable characteristics kn unquantifiable characteristics known as Service Level Expectations
own as Service Level (SLEs). SLOs are expressed in terms Service Level Indicators (SLIs)
Expectations (SLEs). SLOs are expressed in terms Service Level Indic and together with the SLEs form the contractual agreement between
ators (SLIs), and service customer and service provider known as a Service Level
together with the SLEs form the contractual agreement between service Agreement (SLA).</t>
customer and service
provider known as a Service Level Agreement (SLA).</t>
<t>The terms are defined as follows:</t> <t>The terms are defined as follows:</t>
<ul spacing="normal"> <dl spacing="normal" newline="false">
<li>A Service Level Indicator (SLI) is a quantifiable measure of an <dt>Service Level Indicator (SLI):</dt>
aspect of the performance <dd>A quantifiable measure of an aspect of the performance of a
of a network. For example, it may be a measure of throughput in network. For example, it may be a measure of throughput in bits
bits per second, or it may per second, or it may be a measure of latency in
be a measure of latency in milliseconds.</li> milliseconds.</dd>
<li>A Service Level Objective (SLO) is a target value or range for t <dt>Service Level Objective (SLO):</dt>
he measurements returned <dd>A target value or range for the measurements returned by
by observation of an SLI. For example, an SLO may be expressed observation of an SLI. For example, an SLO may be expressed as
as "SLI &lt;= target", or "SLI &lt;= target" or "lower bound &lt;= SLI &lt;= upper bound".
"lower bound &lt;= SLI &lt;= upper bound". A customer can deter A customer can determine whether the provider is meeting the SLOs
mine whether the provider by performing measurements on the traffic.</dd>
is meeting the SLOs by performing measurements on the traffic.</
li>
<li>A Service Level Expectation (SLE) is an expression of an unmeasu <dt>Service Level Expectation (SLE):</dt>
rable service-related request <dd>An expression of an unmeasurable service-related request
that a customer of an IETF Network Slice Service makes of the pr that a customer of an IETF Network Slice Service makes of the
ovider. An SLE is distinct from an provider. An SLE is distinct from an SLO because the customer may
SLO because the customer may have little or no way of determinin have little or no way of determining whether the SLE is being met,
g whether the SLE is being met, but they still contract with the provider for a service that meets
but they still contract with the provider for a service that mee the expectation.</dd>
ts the expectation.</li>
<li>A Service Level Agreement (SLA) is an explicit or implicit contr <dt>Service Level Agreement (SLA):</dt>
act between the customer of an <dd>An explicit or implicit contract between the customer of an
IETF Network Slice Service and the provider of the slice. The S IETF Network Slice Service and the provider of the slice. The SLA
LA is expressed in terms of a is expressed in terms of a set of SLOs and SLEs that are to be
set of SLOs and SLEs that are to be applied for a given connecti applied for a given connectivity construct between a sending SDP
vity construct between a sending and the set of receiving SDPs. The SLA may describe the extent to
SDP and the set of receiving SDPs, and may describe the extent t which divergence from individual SLOs and SLEs can be tolerated,
o which divergence from individual and commercial terms as well as any consequences for violating
SLOs and SLEs can be tolerated, and commercial terms as well as these SLOs and SLEs.</dd>
any consequences </dl>
for violating these SLOs and SLEs.</li>
</ul>
<section anchor="SLO" numbered="true" toc="default"> <section anchor="SLO" numbered="true" toc="default">
<name>Service Level Objectives</name> <name>Service Level Objectives</name>
<t>SLOs define a set of measurable network attributes and characterist <t>SLOs define a set of measurable network attributes and
ics that describe an IETF characteristics that describe an IETF Network Slice Service. SLOs
Network Slice Service. SLOs do not describe how an IETF Network Sl do not describe how an IETF Network Slice Service is implemented or
ice Service is implemented or realized in realized in the underlying network layers. Instead, they are
the underlying network layers. Instead, they are defined in terms defined in terms of dimensions of operation (time, capacity, etc.),
of dimensions of operation (time, capacity, etc.), availability, and other attributes.</t>
availability, and other attributes.</t>
<t>An IETF Network Slice Service may include multiple connectivity con structs that associate sets of <t>An IETF Network Slice Service may include multiple connectivity con structs that associate sets of
endpoints (SDPs). SLOs apply to a given connectivity construct and apply to a specific direction of traffic endpoints (SDPs). SLOs apply to a given connectivity construct and apply to a specific direction of traffic
flow. That is, they apply to a specific sending SDP and the set of receiving SDPs.</t> flow. That is, they apply to a specific sending SDP and the set of receiving SDPs.</t>
<section anchor="cmnSLOs" numbered="true" toc="default"> <section anchor="cmnSLOs" numbered="true" toc="default">
<name>Some Common SLOs</name> <name>Some Common SLOs</name>
<t>SLOs can be described as 'Directly Measurable Objectives': they a <t>SLOs can be described as "Directly Measurable Objectives"; they
re always measurable. See <xref target="SLE" format="default"/> are always measurable. See <xref target="SLE" format="default"/>
for the description of Service Level Expectations which are unmea for the description of Service Level Expectations, which are
surable service-related requests sometimes unmeasurable service-related requests sometimes known as
known as 'Indirectly Measurable Objectives'.</t> "Indirectly Measurable Objectives".</t>
<t>Objectives such as guaranteed minimum bandwidth, guaranteed maxim <t>Objectives such as guaranteed minimum bandwidth, guaranteed
um latency, maximum permissible delay maximum latency, maximum permissible delay variation, maximum
variation, maximum permissible packet loss ratio, and availabilit permissible packet loss ratio, and availability are "Directly
y are 'Directly Measurable Objectives'. Measurable Objectives". Future specifications (such as IETF
Future specifications (such as IETF Network Slice Service YANG mo Network Slice Service YANG models) may precisely define these
dels) may precisely define these SLOs, and SLOs, and other SLOs may be introduced as described in <xref
other SLOs may be introduced as described in <xref target="otherS target="otherSLO" format="default"/>.</t>
LO" format="default"/>.</t>
<t>The definition of these objectives are as follows:</t> <t>The definition of these objectives are as follows:</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>Guaranteed Minimum Bandwidth:</dt> <dt>Guaranteed Minimum Bandwidth:</dt>
<dd>Minimum guaranteed bandwidth between two endpoints at any ti <dd>Minimum guaranteed bandwidth between two endpoints at any
me. The bandwidth is measured in time. The bandwidth is measured in data rate units of bits
data rate units of bits per second and is measured unidirect per second and is measured unidirectionally.</dd>
ionally.</dd>
<dt>Guaranteed Maximum Latency:</dt> <dt>Guaranteed Maximum Latency:</dt>
<dd>Upper bound of network latency when transmitting between two <dd>Upper bound of network latency when transmitting between
endpoints. The latency is measured two endpoints. The latency is measured in terms of network
in terms of network characteristics (excluding application-l characteristics (excluding application-level latency). <xref
evel latency). target="RFC7679" format="default"/> discusses one-way
<xref target="RFC7679" format="default"/> discusses one-way metrics.</dd>
metrics.</dd>
<dt>Maximum Permissible Delay Variation:</dt> <dt>Maximum Permissible Delay Variation:</dt>
<dd>Packet delay variation (PDV) as defined by <xref target="RFC <dd>Packet Delay Variation (PDV) as defined by <xref
3393" format="default"/>, is the difference in the one-way target="RFC3393" format="default"/> is the difference in the
delay between sequential packets in a flow. This SLO sets a one-way delay between sequential packets in a flow. This SLO
maximum value PDV for packets between two sets a maximum value PDV for packets between two
endpoints.</dd> endpoints.</dd>
<dt>Maximum Permissible Packet Loss Ratio:</dt> <dt>Maximum Permissible Packet Loss Ratio:</dt>
<dd>The ratio of packets dropped to packets transmitted between <dd>The ratio of packets dropped to packets transmitted
two endpoints over a period between two endpoints over a period of time. See <xref
of time. See <xref target="RFC7680" format="default"/>.</dd target="RFC7680" format="default"/>.</dd>
>
<dt>Availability:</dt> <dt>Availability:</dt>
<dd>The ratio of uptime to the sum of uptime and downtime, where <dd>The ratio of uptime to the sum of uptime and downtime,
uptime is the time the where uptime is the time the connectivity construct is
connectivity construct is available in accordance with all o available in accordance with all of the SLOs associated with
f the SLOs associated with it. it. Availability will often be expressed along with
Availability will often be expressed along with the time per the time period over which the availability is
iod over which the availability is measured and the maximum allowed single period of
measured, and specifying the maximum allowed single period o downtime.</dd>
f downtime.</dd>
</dl> </dl>
</section> </section>
<section anchor="otherSLO" numbered="true" toc="default"> <section anchor="otherSLO" numbered="true" toc="default">
<name>Other Service Level Objectives</name> <name>Other Service Level Objectives</name>
<t>Additional SLOs may be defined to provide additional description <t>Additional SLOs may be defined to provide additional
of description of the IETF Network Slice Service that a customer
the IETF Network Slice Service that a customer requests. These wo requests. These would be specified in further documents.</t>
uld
be specified in further documents.</t>
<t>If the IETF Network Slice Service is traffic-aware, other traffic <t>If the IETF Network Slice Service is traffic-aware, other
specific characteristics may be valuable including MTU, traffic ty traffic-specific characteristics may be valuable including MTU,
pe traffic type (e.g., IPv4, IPv6, Ethernet, or unstructured), or a
(e.g., IPv4, IPv6, Ethernet, or unstructured), or a higher-level higher-level behavior to process traffic according to user
behavior to process traffic according to user application (which m application (which may be realized using network functions).</t>
ay
be realized using network functions).</t>
</section> </section>
</section> </section>
<section anchor="SLE" numbered="true" toc="default"> <section anchor="SLE" numbered="true" toc="default">
<name>Service Level Expectations</name> <name>Service Level Expectations</name>
<t>SLEs define a set of network attributes and characteristics that <t>SLEs define a set of network attributes and characteristics that
describe an IETF Network Slice Service, but which are not directly describe an IETF Network Slice Service but are not directly
measurable by the customer (e.g., diversity, isolation, and geograp measurable by the customer (e.g., diversity, isolation, and
hical geographical restrictions). Even though the delivery of an SLE
restrictions). Even though the delivery of an SLE cannot usually b cannot usually be determined by the customer, the SLEs form an
e important part of the contract between customer and provider.</t>
determined by the customer, the SLEs form an important part of the
contract between customer and provider.</t>
<t>Quite often, an SLE will imply some details of how an IETF Network <t>Quite often, an SLE will imply some details of how an IETF
Slice Service is realized by the provider, although most aspects of Network Slice Service is realized by the provider, although most
the implementation in the underlying network layers remain a free aspects of the implementation in the underlying network layers
choice for the provider. For example, activating unicast or multic remain a free choice for the provider. For example, activating
ast unicast or multicast capabilities to deliver an IETF Network Slice
capabilities to deliver an IETF Network Slice Service could be expl Service could be explicitly requested by a customer or could be left
icitly as an engineering decision for the service provider based on
requested by a customer or could be left as an engineering decision capabilities of the network and operational choices.</t>
for the service provider based on capabilities of the network and
operational choices.</t>
<t>SLEs may be seen as aspirational on the part of the customer, and <t>SLEs may be seen as aspirational on the part of the customer, and
they are expressed as behaviors that the provider is expected to they are expressed as behaviors that the provider is expected to
apply to the network resources used to deliver the IETF Network Sli apply to the network resources used to deliver the IETF Network
ce Slice Service. Of course, over time, it is possible that mechanisms
Service. Of course, over time, it is possible that mechanisms will will be developed that enable a customer to verify the provision of
be an SLE, at which point it effectively becomes an SLO.</t>
developed that enable a customer to verify the provision of an SLE,
at
which point it effectively becomes an SLO.</t>
<t>An IETF Network Slice Service may include multiple connectivity con <t>An IETF Network Slice Service may include multiple connectivity
structs that associate sets of constructs that associate sets of endpoints (SDPs). SLEs apply to a
endpoints (SDPs). SLEs apply to a given connectivity construct and given connectivity construct and apply to specific directions of
apply to specific directions of traffic traffic flow. That is, they apply to a specific sending SDP and the
flow. That is, they apply to a specific sending SDP and the set of set of receiving SDPs. However, being more general in nature than
receiving SDPs. However, being more SLOs, SLEs may commonly be applied to all connectivity constructs in
general in nature than SLOs, SLEs may commonly be applied to all co an IETF Network Slice Service.</t>
nnectivity constructs in an IETF
Network Slice Service.</t>
<section anchor="cmnSLEs" numbered="true" toc="default"> <section anchor="cmnSLEs" numbered="true" toc="default">
<name>Some Common SLEs</name> <name>Some Common SLEs</name>
<t>SLEs can be described as 'Indirectly Measurable Objectives': they <t>SLEs can be described as "Indirectly Measurable Objectives";
are they are not generally directly measurable by the customer.</t>
not generally directly measurable by the customer.</t>
<t>Security, geographic restrictions, maximum occupancy level, and <t>Security, geographic restrictions, maximum occupancy level, and
isolation are example SLEs as follows.</t> isolation are example SLEs as follows.</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>Security:</dt> <dt>Security:</dt>
<dd> <dd>
<t>A customer may request that the provider applies encryption <t>A customer may request that the provider applies
or other security techniques to traffic encryption or other security techniques to traffic flowing
flowing between SDPs of a connectivity construct within an between SDPs of a connectivity construct within an IETF
IETF Network Slice Service. For example, the customer could Network Slice Service. For example, the customer could
request that only network links that have MACsec <xref targ request that only network links that have Media Access
et="MACsec" format="default"/> enabled are used to Control Security (MACsec) <xref target="MACsec"
realize the connectivity construct.</t> format="default"/> enabled are used to realize the
<t>This SLE may include a request for encryption (e.g., <xref connectivity construct.</t>
target="RFC4303" format="default"/>) between the two
SDPs explicitly to meet the architectural recommendations i <t>This SLE may include a request for encryption (e.g.,
n <xref target="TS33.210" format="default"/> or for <xref target="RFC4303" format="default"/>) between the two
compliance with <xref target="HIPAA" format="default"/> or SDPs explicitly to meet the architectural recommendations in
<xref target="PCI" format="default"/>.</t> <xref target="TS33.210" format="default"/> or for compliance
<t>Whether or not the provider has met this SLE is generally n with the HIPAA Security Rule <xref target="HIPAA"
ot directly observable by the customer format="default"/> or the PCI Data Security Standard <xref
and cannot be measured as a quantifiable metric.</t> target="PCI" format="default"/>.</t>
<t>Whether or not the provider has met this SLE is generally
not directly observable by the customer and cannot be
measured as a quantifiable metric.</t>
<t>Please see further discussion on security in <xref target=" security-considerations" format="default"/>.</t> <t>Please see further discussion on security in <xref target=" security-considerations" format="default"/>.</t>
</dd> </dd>
<dt>Geographic Restrictions:</dt> <dt>Geographic Restrictions:</dt>
<dd> <dd>
<t>A customer may request that certain geographic limits are a pplied <t>A customer may request that certain geographic limits are a pplied
to how the provider routes traffic for the IETF Network Sli ce to how the provider routes traffic for the IETF Network Sli ce
Service. For example, the customer may have a preference t hat its Service. For example, the customer may have a preference t hat its
traffic does not pass through a particular country for poli tical traffic does not pass through a particular country for poli tical
or security reasons.</t> or security reasons.</t>
skipping to change at line 770 skipping to change at line 916
<t>Again, a customer may not be able to fully determine whethe r this <t>Again, a customer may not be able to fully determine whethe r this
SLE is being met by the provider.</t> SLE is being met by the provider.</t>
</dd> </dd>
<dt>Isolation:</dt> <dt>Isolation:</dt>
<dd> <dd>
<t>As described in <xref target="isolation" format="default"/> , a customer may request that its traffic <t>As described in <xref target="isolation" format="default"/> , a customer may request that its traffic
within its IETF Network Slice Service is isolated from the effects within its IETF Network Slice Service is isolated from the effects
of other network services supported by the same provider. That of other network services supported by the same provider. That
is, if another service exceeds capacity or has a burst of t raffic, is, if another service exceeds capacity or has a burst of t raffic,
the customer&apos;s IETF Network Slice Service should remai n unaffected the customer&apos;s IETF Network Slice Service should remai n unaffected,
and there should be no noticeable change to the quality of traffic and there should be no noticeable change to the quality of traffic
delivered.</t> delivered.</t>
<t>In general, a customer cannot tell whether a service provid er is <t>In general, a customer cannot tell whether a service provid er is
meeting this SLE. They cannot tell whether the variation o f an SLI is meeting this SLE. They cannot tell whether the variation o f an SLI is
because of changes in the underlay network or because of because of changes in the underlay network or because of
interference from other services carried by the network. I f interference from other services carried by the network. I f
the service varies within the allowed bounds of the SLOs, t here the service varies within the allowed bounds of the SLOs, t here
may be no noticeable indication that this SLE has been viol ated.</t> may be no noticeable indication that this SLE has been viol ated.</t>
</dd> </dd>
<dt>Diversity:</dt> <dt>Diversity:</dt>
<dd> <dd>
<t>A customer may request that different connectivity construc <t>A customer may request that different connectivity
ts use constructs use different underlay network resources. This
different underlay network resources. This might be done t might be done to enhance the availability of the
o enhance the availability connectivity constructs within an IETF Network Slice
of the connectivity constructs within an IETF Network Slice Service.</t>
Service.</t> <t>While availability is a measurable objective (see <xref
<t>While availability is a measurable objective (see <xref tar target="cmnSLOs" format="default"/>), this SLE requests a
get="cmnSLOs" format="default"/>) finer grade of control and is not directly measurable
this SLE requests a finer grade of control and is not direc (although the customer might become suspicious if two
tly measurable connectivity constructs fail at the same time).</t>
(although the customer might become suspicious if two conne
ctivity constructs fail at
the same time).</t>
</dd> </dd>
</dl> </dl>
</section> </section>
</section> </section>
</section> </section>
skipping to change at line 814 skipping to change at line 963
connectivity between sets of SDPs with specific SLOs and SLEs. connectivity between sets of SDPs with specific SLOs and SLEs.
<xref target="NS-Service" format="default"/> goes on to <xref target="NS-Service" format="default"/> goes on to
describe how the IETF Network Slice Service is composed of a set of describe how the IETF Network Slice Service is composed of a set of
one or more connectivity constructs that describe connectivity betwee n one or more connectivity constructs that describe connectivity betwee n
the Service Demarcation Points (SDPs) across the underlay network.</t > the Service Demarcation Points (SDPs) across the underlay network.</t >
<t>The characteristics of IETF Network Slice SDPs are as follows.</t> <t>The characteristics of IETF Network Slice SDPs are as follows.</t>
<ul spacing="normal"> <ul spacing="normal">
<li>An SDP is the point of attachment to an IETF Network Slice Servi <li>An SDP is the point of attachment to an IETF Network Slice
ce. As such, SDPs serve as the Service. As such, SDPs serve as the IETF Network Slice
IETF Network Slice ingress/egress points.</li> ingress/egress points.</li>
<li>An SDP is identified by a unique identifier in the context of an <li>An SDP is identified by a unique identifier in the context of
IETF Network Slice Service customer.</li> an IETF Network Slice Service customer.</li>
<li>The provider associates each SDP with a set of provider-scope id <li>The provider associates each SDP with a set of provider-scope
entifiers identifiers such as IP addresses, encapsulation-specific
such as IP addresses, encapsulation-specific identifiers (e.g., identifiers (e.g., VLAN tag and MPLS Label), interface/port numbers,
VLAN tag, MPLS Label), interface/port numbers, node ID, etc.</li node ID, etc.</li>
>
<li> <li>
<t>SDPs are mapped to endpoints of services/tunnels/paths within <t>SDPs are mapped to endpoints of services/tunnels/paths within
the IETF Network Slice during its initialization and realizatio the IETF Network Slice during its initialization and
n.</t> realization.</t>
<ul spacing="normal"> <ul spacing="normal">
<li>A combination of the SDP identifier and SDP provider-networ <li>A combination of the SDP identifier and SDP
k-scope identifiers provider-network-scope identifiers define an SDP in the
define an SDP in the context of the Network Slice Controlle context of the Network Slice Controller (NSC) (see <xref
r (NSC) (see <xref target="nsc" format="default"/>).</li> target="nsc" format="default"/>).</li>
<li>The NSC will use the SDP provider-network-scope identifiers <li>The NSC will use the SDP provider-network-scope
as part of the identifiers as part of the process of realizing the IETF
process of realizing the IETF Network Slice.</li> Network Slice.</li>
</ul> </ul>
</li> </li>
</ul> </ul>
<t>Note that an ancillary CE (see <xref target="ancillary" format="defau <t>Note that an ancillary CE (see <xref target="ancillary"
lt"/>) is the endpoint of a connectivity format="default"/>) is the endpoint of a connectivity construct and so
construct and so is an SDP in this discussion.</t> is an SDP in this discussion.</t>
<t>For a given IETF Network Slice Service, the <t>For a given IETF Network Slice Service, the customer and provider
customer and provider agree where the SDP is located. This determine agree where the SDP is located. This determines what resources at the
s what resources at the edge of the network form part of the IETF Network Slice and are
edge of the network form part of the IETF Network Slice and are subject to the set of SLOs and SLEs for a specific SDP.</t>
subject to the set of SLOs and SLEs for a specific SDP.</t>
<t><xref target="fig_ep" format="default"/> shows different potential sc <t><xref target="fig_ep" format="default"/> shows different potential
opes of an IETF Network Slice scopes of an IETF Network Slice that are consistent with the different
that are consistent with the different SDP locations. For the SDP locations. For the purpose of this discussion and without loss of
purpose of this discussion and without loss of generality, the figure generality, the figure shows Customer
shows Edge (CE) and Provider Edge (PE) nodes connected by Attachment
customer edge (CE) and provider edge (PE) nodes connected by attachme Circuits (ACs). Notes after the figure give some
nt explanations.</t>
circuits (ACs). Notes after the figure give some explanations.</t>
<figure anchor="fig_ep"> <figure anchor="fig_ep">
<name>Positioning IETF Service Demarcation Points</name> <name>Positioning IETF Service Demarcation Points</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ |<---------------------- (1) ---------------------->|
|<---------------------- (1) ---------------------->| | |
| | | |<-------------------- (2) -------------------->| |
| |<-------------------- (2) -------------------->| | | | | |
| | | | | | |<----------- (3) ----------->| | |
| | |<----------- (3) ----------->| | | | | | | | |
| | | | | | | | | |<-------- (4) -------->| | | |
| | | |<-------- (4) -------->| | | | | | | | | | | |
| | | | | | | | V V AC V V V V AC V V
V V AC V V V V AC V V +-----+ | +-----+ +-----+ | +-----+
+-----+ | +-----+ +-----+ | +-----+ | |--------| | | |--------| |
| |--------| | | |--------| | | CE1 | | | PE1 |. . . . . . . . .| PE2 | | | CE2 |
| CE1 | | | PE1 |. . . . . . . . .| PE2 | | | CE2 | | |--------| | | |--------| |
| |--------| | | |--------| | +-----+ | +-----+ +-----+ | +-----+
+-----+ | +-----+ +-----+ | +-----+ ^ ^ ^ ^
^ ^ ^ ^ | | | |
| | | | | | | |
| | | | Customer Provider Provider Customer
Customer Provider Provider Customer Edge 1 Edge 1 Edge 2 Edge 2]]></artwork>
Edge 1 Edge 1 Edge 2 Edge 2
]]>
</artwork>
</figure> </figure>
<t>Explanatory notes for <xref target="fig_ep" format="default"/> are as follows:</t> <t>Explanatory notes for <xref target="fig_ep" format="default"/> are as follows:</t>
<ol spacing="normal" type="1"> <ol spacing="normal" type="1">
<li>If the CE is operated by the IETF Network Slice Service provider , <li>If the CE is operated by the IETF Network Slice Service provider ,
then the edge of the IETF Network Slice may be within the CE. I n then the edge of the IETF Network Slice may be within the CE. I n
this case the IETF Network Slicing process may utilize resources from within this case, the IETF Network Slicing process may utilize resource s from within
the CE such as buffers and queues on the outgoing interfaces.</l i> the CE such as buffers and queues on the outgoing interfaces.</l i>
<li>The IETF Network Slice may be extended as far as the CE, to <li>The IETF Network Slice may be extended as far as the CE to
include the AC, but not to include any part of the CE. In this include the AC but not to include any part of the CE. In this
case, the CE may be operated by the customer or the provider. case, the CE may be operated by the customer or the provider.
Slicing the resources on the AC may require the use of traffic Slicing the resources on the AC may require the use of traffic
tagging (such as through Ethernet VLAN tags) or may require tagging (such as through Ethernet VLAN tags) or may require
traffic policing at the AC link ends.</li> traffic policing at the AC link ends.</li>
<li>The SDPs of the IETF Network Slice are the <li>The SDPs of the IETF Network Slice are the
customer-facing ports on the PEs. This case can be managed in a customer-facing ports on the PEs. This case can be managed in a
way that is similar to a port-based VPN: each port (AC) or way that is similar to a port-based VPN: each port (AC) or
virtual port (e.g., VLAN tag) identifies the IETF Network Slice virtual port (e.g., VLAN tag) identifies the IETF Network Slice
and maps to an IETF Network Slice SDP.</li> and maps to an IETF Network Slice SDP.</li>
<li>Finally, the SDP may be within the <li>Finally, the SDP may be within the
PE. In this mode, the PE classifies the traffic coming from the PE. In this mode, the PE classifies the traffic coming from the
AC according to information (such as the source and destination IP AC according to information (such as the source and destination IP
addresses, payload protocol and port numbers, etc.) in order to addresses, payload protocol and port numbers, etc.) in order to
place it onto an IETF Network Slice.</li> place it onto an IETF Network Slice.</li>
</ol> </ol>
<t>The choice of which of these options to apply is entirely up to the n etwork <t>The choice of which of these options to apply is entirely up to the n etwork
operator. It may limit or enable the provisioning of particular mana ged services operator. It may limit or enable the provisioning of particular mana ged services,
and the operator will want to consider how they want to manage CEs an d and the operator will want to consider how they want to manage CEs an d
what control they wish to offer the customer over AC resources.</t> what control they wish to offer the customer over AC resources.</t>
<t>Note that <xref target="fig_ep" format="default"/> shows a symmetrica l positioning of SDPs, but <t>Note that <xref target="fig_ep" format="default"/> shows a symmetrica l positioning of SDPs, but
this decision can be taken on a per-SDP basis through agreement this decision can be taken on a per-SDP basis through agreement
between the customer and provider.</t> between the customer and provider.</t>
<t>In practice, it may be necessary to map traffic not only onto an IETF <t>In practice, it may be necessary to map traffic not only onto an IETF
Network Slice, but also onto a specific connectivity construct if the Network Slice but also onto a specific connectivity construct if the
IETF Network Slice supports more than one with a IETF Network Slice supports more than one with a
source at the specific SDP. The mechanism used will be one of source at the specific SDP. The mechanism used will be one of
the mechanisms described above, dependent on how the SDP is the mechanisms described above, dependent on how the SDP is
realized.</t> realized.</t>
<t>Finally, note (as described in <xref target="Terms" format="default"/ >) that an SDP is an abstract <t>Finally, note (as described in <xref target="Terms" format="default"/ >) that an SDP is an abstract
endpoint of an IETF Network Slice Service and as such may be a device , interface, or software endpoint of an IETF Network Slice Service and as such may be a device , interface, or software
component. An ancillary CE (<xref target="ancillary" format="default "/>) should also be thought of component. An ancillary CE (<xref target="ancillary" format="default "/>) should also be thought of
as an SDP.</t> as an SDP.</t>
</section> </section>
<section anchor="ExtConcept" numbered="true" toc="default"> <section anchor="ExtConcept" numbered="true" toc="default">
<name>IETF Network Slice Composition</name> <name>IETF Network Slice Composition</name>
<t>Operationally, an IETF Network Slice may be composed of two or more I ETF Network Slices as specified below. <t>Operationally, an IETF Network Slice may be composed of two or more I ETF Network Slices as specified below.
Decomposed network slices are independently realized and managed.</t> Decomposed network slices are independently realized and managed.</t>
<ul spacing="normal"> <dl spacing="normal" newline="false">
<li>Hierarchical (i.e., recursive) composition: An IETF Network Slic <dt>Hierarchical (i.e., recursive) composition:</dt>
e can be further sliced into other network <dd>An IETF Network Slice can be further sliced into other network
slices. Recursive composition allows an IETF Network Slice at o slices. Recursive composition allows an IETF Network Slice at one
ne layer to be used by the other layers. layer to be used by the other layers. This type of multi-layer
This type of multi-layer vertical IETF Network Slice associates vertical IETF Network Slice associates resources at different
resources at different layers.</li> layers.</dd>
<li>Sequential composition: Different IETF Network Slices can be pla <dt>Sequential composition:</dt>
ced into a sequence to provide an end-to-end <dd>Different IETF Network Slices can be placed into a sequence to
service. In sequential composition, each IETF Network Slice wou provide an end-to-end service. In sequential composition, each
ld potentially support different dataplanes IETF Network Slice would potentially support different data planes
that need to be stitched together.</li> that need to be stitched together.</dd>
</ul> </dl>
</section> </section>
</section> </section>
<section anchor="framework" numbered="true" toc="default"> <section anchor="framework" numbered="true" toc="default">
<name>Framework</name> <name>Framework</name>
<t>A number of IETF Network Slice Services will typically be provided over a shared <t>A number of IETF Network Slice Services will typically be provided over a shared
underlay network infrastructure. Each IETF Network Slice consists of bo th the underlay network infrastructure. Each IETF Network Slice consists of bo th the
overlay connectivity and a specific set of dedicated network resources a nd/or overlay connectivity and a specific set of dedicated network resources a nd/or
functions allocated in a shared underlay network to satisfy the needs of the functions allocated in a shared underlay network to satisfy the needs of the
IETF Network Slice Service customer. In at least some examples of under lay network IETF Network Slice Service customer. In at least some examples of under lay network
technologies, integration between the overlay and various underlay technologies, integration between the overlay and various underlay
resources is needed to ensure the guaranteed performance requested for resources is needed to ensure the guaranteed performance requested for
different IETF Network Slices.</t> different IETF Network Slices.</t>
<t>This section sets out the the principal stakeholders in an IETF Network <t>This section sets out the principal stakeholders in an IETF Network Sli
Slice and describes ce and describes
how the the IETF Network Slice Service customer requests connectivity. how the IETF Network Slice Service customer requests connectivity. It
It then introduces then introduces
the IETF Network Slice Controller (the functional component responsible for receiving the IETF Network Slice Controller (the functional component responsible for receiving
requests from customers and converting them into network configuration commands) and describes requests from customers and converting them into network configuration commands) and describes
its interfaces.</t> its interfaces.</t>
<section anchor="actors" numbered="true" toc="default"> <section anchor="actors" numbered="true" toc="default">
<name>IETF Network Slice Stakeholders</name> <name>IETF Network Slice Stakeholders</name>
<t>An IETF Network Slice and its realization involve the following sta keholders.</t> <t>An IETF Network Slice and its realization involve the following sta keholders.</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>Orchestrator:</dt> <dt>Orchestrator:</dt>
<dd>An orchestrator is an entity that composes different services, r esource, <dd>An orchestrator is an entity that composes different services, r esource,
and network requirements. It interfaces with the IETF NSC when composing a complex and network requirements. It interfaces with the IETF NSC when composing a complex
service such as an end-to-end network slice.</dd> service such as an end-to-end network slice.</dd>
<dt>IETF Network Slice Controller (NSC):</dt> <dt>IETF Network Slice Controller (NSC):</dt>
<dd>The NSC realizes an IETF Network Slice in the underlay <dd>The NSC realizes an IETF Network Slice in the underlay network
network, and maintains and monitors the run-time state of resour and maintains and monitors the run-time state of resources and
ces and topologies associated with it. topologies associated with it. A well-defined interface is needed
A well-defined interface is needed to support interworking betwe to support interworking between different NSC implementations and
en different NSC implementations and different orchestrator implementations.</dd>
different orchestrator implementations.</dd>
<dt>Network Controller:</dt> <dt>Network Controller:</dt>
<dd>The Network Controller is a form of network infrastructure contr oller that offers network <dd>The Network Controller is a form of network infrastructure contr oller that offers network
resources to the NSC to realize a particular network slice. Thi s may be an existing network controller resources to the NSC to realize a particular network slice. Thi s may be an existing network controller
associated with one or more specific technologies that may be ad apted to the function of realizing associated with one or more specific technologies that may be ad apted to the function of realizing
IETF Network Slices in a network.</dd> IETF Network Slices in a network.</dd>
</dl> </dl>
<t>The IETF Network Slice Service customer and IETF Network Slice Serv <t>The IETF Network Slice Service customer and IETF Network Slice
ice provider Service provider (see <xref target="Terms" format="default"/>) are
(see <xref target="Terms" format="default"/>) are also stakeholders also stakeholders. Clearly, the service provider operates the
. Clearly the service provider network that is sliced to provide the IETF Network Slice Service to
operates the network that is sliced to provide the IETF Network Sli the customer. The Network Controller and NSC are management
ce Service to the customer. The components used by the service provider to operate their networks
Network Controller and NSC are management components used by the se and deliver IETF Network Slice Services. As indicated in Figures
rvice provider to operate their <xref target="fig_interfaces" format="counter" /> and <xref
networks and deliver IETF Network Slice Services. As indicated in target="fig_mgmt" format="counter" />, the Orchestrator may be a
<xref target="fig_interfaces" format="default" /> component in the customer environment that requests and coordinates
and <xref target="fig_mgmt" format="default" />, the Orchestrator m IETF Network Slice Services from one or more service providers. In
ay be a component in the customer other circumstances, however, the Orchestrator may be a component
environment that requests and coordinates IETF Network Slice Servic used by the service provider to request and administer IETF Network
es from one or more service Slices to deliver them to customers or to construct an
providers. In other circumstances, however, the Orchestrator may b infrastructure to deliver other services to the customer.</t>
e a component used by the service
provider to request and administer IETF Network Slices to deliver t
hem to customers or to construct
an infrastructure to deliver other services to the customer.</t>
</section> </section>
<section anchor="intents" numbered="true" toc="default"> <section anchor="intents" numbered="true" toc="default">
<name>Expressing Connectivity Intents</name> <name>Expressing Connectivity Intents</name>
<t>An IETF Network Slice Service customer communicates with the NSC usin g the IETF Network Slice Service Interface.</t> <t>An IETF Network Slice Service customer communicates with the NSC usin g the IETF Network Slice Service Interface.</t>
<t>An IETF Network Slice Service customer may be a network operator who, in turn, uses the <t>An IETF Network Slice Service customer may be a network operator who, in turn, uses the
IETF Network Slice to provide a service for another IETF Network Slic e Service customer.</t> IETF Network Slice to provide a service for another IETF Network Slic e Service customer.</t>
skipping to change at line 1027 skipping to change at line 1192
limited (or no) visibility into the provider network&apos;s actual to pology and limited (or no) visibility into the provider network&apos;s actual to pology and
resource availability information.</t> resource availability information.</t>
<t>This should be true even if both the customer and provider are associ ated with <t>This should be true even if both the customer and provider are associ ated with
a single administrative domain, in order to reduce the potential for adverse a single administrative domain, in order to reduce the potential for adverse
interactions between IETF Network Slice Service customers and other u sers of the interactions between IETF Network Slice Service customers and other u sers of the
underlay network infrastructure.</t> underlay network infrastructure.</t>
<t>The benefits of this model can include the following.</t> <t>The benefits of this model can include the following.</t>
<ul spacing="normal"> <dl spacing="normal" newline="false">
<li>Security: The underlay network components are less exposed to at <dt>Security:</dt>
tack because the underlay network (or network operator) does not need <dd>The underlay network components are less exposed to
to expose network details (topology, capacity, etc.) to the IETF attack because the underlay network (or network operator) does not
Network Slice need to expose network details (topology, capacity, etc.) to the
Service customers.</li> IETF Network Slice Service customers.</dd>
<li>Layered Implementation: The underlay network comprises network e <dt>Layered Implementation:</dt>
lements that <dd>The underlay network comprises network elements that belong to
belong to a different layer network than customer applications. a different layer network than customer applications. Network
Network information (advertisements, protocols, etc.) that a customer
information (advertizements, protocols, etc.) that a customer can cannot interpret or respond to is not exposed to the customer.
not interpret (Note that a customer should not rely on network information not
or respond to is not exposed to the customer. (Note - a customer exposed directly to the customer by the network operator, such
should not rely as via the IETF Network Slice Service Interface.)</dd>
network information not exposed directly by to the customer by th
e network operator,
such as via the IETF Network Slice Service Interface.)</li>
<li>Scalability: Customers do not need to know any information conce <dt>Scalability:</dt>
rning network topology, capabilities, <dd>Customers do not need to know any information
or state beyond that which is exposed via the IETF Network Slice concerning network topology, capabilities, or state beyond that
Service Interface. This protects which is exposed via the IETF Network Slice Service Interface.
the customer site from having to hold and process extra informat This protects the customer site from having to hold and process
ion, and from receiving frequent extra information and from receiving frequent updates about the
updates about the status of the network.</li> status of the network.</dd>
</ul> </dl>
<t>The general issues of abstraction in a Traffic Engineered (TE) networ <t>The general issues of abstraction in a Traffic Engineered (TE)
k are described more fully in network are described more fully in <xref target="RFC7926"
<xref target="RFC7926" format="default"/>.</t> format="default"/>.</t>
<t>This framework document does not assume any particular technology lay <t>This framework document does not assume any particular technology
er at which IETF layer at which IETF Network Slices operate. A number of layers
Network Slices operate. A number of layers (including virtual L2, Et (including virtual L2, Ethernet, or IP connectivity) could be
hernet, or employed.</t>
IP connectivity) could be employed.</t>
<t>Data models and interfaces are needed to set up IETF Network Slices, <t>Data models and interfaces are needed to set up IETF Network
and specific interfaces may have capabilities that allow creation of Slices, and specific interfaces may have capabilities that allow
slices within specific creation of slices within specific technology layers.</t>
technology layers.</t>
<t>Layered virtual connections are comprehensively discussed in other IE <t>Layered virtual connections are comprehensively discussed in other
TF documents. IETF documents.
See, for instance, GMPLS-based networks <xref target="RFC5212" format
="default"/>
and <xref target="RFC4397" format="default"/>, or Abstraction and Con
trol of TE Networks (ACTN)
<xref target="RFC8453" format="default"/> and <xref target="RFC8454"
format="default"/>. The principles and mechanisms
associated with layered networking are applicable to IETF Network
Slices.</t>
<t>There are several IETF-defined mechanisms for expressing the need for For instance, GMPLS-based networks are discussed in <xref target="RFC521
a desired 2" format="default"/> and <xref
logical network. The IETF Network Slice Service Interface carries da target="RFC4397" format="default"/>, and Abstraction and Control of TE N
ta either in a protocol-defined format, or etworks (ACTN) is discussed in <xref
in a formalism associated with a modeling language.</t> target="RFC8453" format="default"/> and <xref target="RFC8454"
format="default"/>.
The principles and mechanisms associated with layered
networking are applicable to IETF Network Slices.</t>
<t>There are several IETF-defined mechanisms for expressing the need
for a desired logical network. The IETF Network Slice Service
Interface carries data either in a protocol-defined format or in a
formalism associated with a modeling language.</t>
<t>For instance:</t> <t>For instance:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>The Path Computation Element (PCE) Communication Protocol (PCEP) <li>The Path Computation Element (PCE) Communication Protocol
<xref target="RFC5440" format="default"/> and (PCEP) <xref target="RFC5440" format="default"/> and GMPLS
GMPLS User-Network Interface (UNI) using RSVP-TE <xref target="R User-Network Interface (UNI) using RSVP-TE <xref target="RFC4208"
FC4208" format="default"/> use a TLV-based format="default"/> use a TLV-based binary encoding to transmit
binary encoding to transmit data.</li> data.</li>
<li>The Network Configuration Protocol (NETCONF) <xref target="RFC62 <li>The Network Configuration Protocol (NETCONF) <xref
41" format="default"/> and RESTCONF Protocol target="RFC6241" format="default"/> and RESTCONF Protocol <xref
<xref target="RFC8040" format="default"/> use XML and JSON encod target="RFC8040" format="default"/> use XML and JSON
ing.</li> encoding.</li>
<li>gRPC/GNMI <xref target="I-D.openconfig-rtgwg-gnmi-spec" format=" <li>gRPC and gRPC Network Management Interface (gNMI) <xref
default"/> uses a binary encoded target="I-D.openconfig-rtgwg-gnmi-spec" format="default"/> use a
programmable interface. ProtoBufs can be used to model gRPC and binary encoded programmable interface. ProtoBufs can be used to
GNMI data.</li> model gRPC and gNMI data.</li>
<li>For data modeling, YANG (<xref target="RFC6020" format="default" <li>For data modeling, YANG <xref target="RFC6020"
/> and <xref target="RFC7950" format="default"/>) may be used to model format="default"/> <xref target="RFC7950" format="default"/> may
configuration and other data for NETCONF, RESTCONF, and GNMI, am be used to model configuration and other data for NETCONF,
ong others. RESTCONF, and gNMI, among others.</li>
</li>
</ul> </ul>
<t>While several generic formats and data models for specific purposes e xist, <t>While several generic formats and data models for specific purposes e xist,
it is expected that IETF Network Slice management may require enhance ment or it is expected that IETF Network Slice management may require enhance ment or
augmentation of existing data models. Further, it is possible that m echanisms augmentation of existing data models. Further, it is possible that m echanisms
will be needed to determine the feasibility of service requests befor e they will be needed to determine the feasibility of service requests befor e they
are actually made.</t> are actually made.</t>
</section> </section>
<section anchor="nsc" numbered="true" toc="default"> <section anchor="nsc" numbered="true" toc="default">
<name>IETF Network Slice Controller (NSC)</name> <name>IETF Network Slice Controller (NSC)</name>
<t>An IETF NSC takes requests for IETF Network Slice Services and implem ents them using a suitable underlay <t>An IETF NSC takes requests for IETF Network Slice Services and implem ents them using a suitable underlay
technology. An IETF NSC is the key component for control and managem ent of the IETF Network Slice. It technology. An IETF NSC is the key component for control and managem ent of the IETF Network Slice. It
provides the creation/modification/deletion, monitoring, and optimiza tion of IETF Network Slices in a multi-domain, provides the creation/modification/deletion, monitoring, and optimiza tion of IETF Network Slices in a multi-domain,
multi-technology, and multi-vendor environment.</t> multi-technology, and multi-vendor environment.</t>
<t>The main task of an IETF NSC is to map abstract IETF Network Slice Se <t>The main task of an IETF NSC is to map abstract IETF Network Slice
rvice requirements Service requirements to concrete technologies and establish required
to concrete technologies and establish required connectivity ensuring connectivity, ensuring that resources are allocated to the IETF
that Network Slice as necessary.</t>
resources are allocated to the IETF Network Slice as necessary.</t>
<t>The IETF Network Slice Service Interface is used for communicating de <t>The IETF Network Slice Service Interface is used for communicating
tails of an IETF Network Slice Service (configuration, details of an IETF Network Slice Service (configuration, selected
selected policies, operational state, etc.), as well as information a policies, operational state, etc.) as well as information about status
bout status and performance of the IETF Network and performance of the IETF Network Slice. The details for this IETF
Slice. The details for this IETF Network Slice Service Interface are Network Slice Service Interface are not in scope for this document,
not in scope for this document, but further but further considerations of the requirements are discussed in <xref
considerations of the requirements are discussed in <xref target="I-D target="I-D.ietf-teas-ietf-network-slice-use-cases" format="default"
.ietf-teas-ietf-network-slice-use-cases" format="default" />.</t> />.</t>
<t>The controller provides the following functions.</t> <t>The controller provides the following functions.</t>
<ul spacing="normal"> <ul spacing="normal">
<li>Exposes an IETF Network Slice Service Interface for creation/mod <li>Exposes an IETF Network Slice Service Interface for
ification/deletion of the IETF Network creation/modification/deletion of the IETF Network Slices that are
Slices that is agnostic to the technology of the underlay networ agnostic to the technology of the underlay network. This API
k. This API communicates the Service communicates the Service Demarcation Points of the IETF Network
Demarcation Points of the IETF Network Slice, SLO parameters (an Slice, SLO parameters (and possibly monitoring thresholds),
d possibly monitoring thresholds), applicable input selection (filtering), and various policies. If
applicable input selection (filtering) and various policies. If SLEs have been agreed between the customer and the network
SLEs have been agreed between the operator, and if they are supported for the IETF Network Slice
customer and the network operator, and if they are supported for Service, the API will also allow SLEs to be selected for the IETF
the IETF Network Slice Service, the Network Slice and will allow any associated parameters to be set.
API will also allow SLEs to be selected for the IETF Network Sli The API also provides a way to monitor the slice.</li>
ce, and will allow any associated
parameters to be set. The API also provides a way to monitor th
e slice.</li>
<li>Determines an abstract topology connecting the SDPs of the IETF <li>Determines an abstract topology connecting the SDPs of the
Network Slice that meets criteria IETF Network Slice that meets criteria specified via the IETF
specified via the IETF Network Slice Service Interface. The NSC Network Slice Service Interface. The NSC also retains information
also retains information about the about the mapping of this abstract topology to underlay components
mapping of this abstract topology to underlay components of the of the IETF Network Slice as necessary to monitor IETF Network
IETF Network Slice as necessary to Slice status and performance.</li>
monitor IETF Network Slice status and performance.</li>
<li><t>Supports "Mapping Functions" for the realization of IETF Netw <li><t>Supports "Mapping Functions" for the realization of IETF
ork Slices. In other words, it will use the Network Slices. In other words, it will use the mapping functions
mapping functions that:</t> that:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>Map IETF Network Slice Service Interface requests that ar <li>Map IETF Network Slice Service Interface requests that
e agnostic to the technology of the underlay network to are agnostic to the technology of the underlay network to
technology-specific network configuration interfaces.</li> technology-specific network configuration interfaces.</li>
<li>Map filtering/selection information to entities in the un <li>Map filtering/selection information to entities in the
derlay network so that those entities are able to identify underlay network so that those entities are able to
what traffic is associated with which connectivity constr identify which traffic is associated with which connectivity
uct and IETF network slice.</li> construct and IETF Network Slice.</li>
<li>Depending on the realization solution, map to entities in <li>Depending on the realization solution, map to entities
the underlay network according to how traffic should be in the underlay network according to how traffic should be
treated to meet the SLOs and SLEs of the connectivity con treated to meet the SLOs and SLEs of the connectivity
struct.</li> construct.</li>
</ul> </ul>
</li> </li>
<li>Collects telemetry data (e.g., OAM results, statistics, states, <li>Collects telemetry data (e.g., Operations, Administration, and
etc.) Maintenance (OAM) results, statistics, states, etc.) via a
via a network configuration interface for all network configuration interface for all elements in the abstract
elements in the abstract topology used to realize the IETF Netwo topology used to realize the IETF Network Slice.</li>
rk Slice.</li>
<li>Evaluates the current performance against IETF Network Slice SLO <li>Evaluates the current performance against IETF Network Slice
parameters using telemetry data from the underlying SLO parameters using telemetry data from the underlying
realization of an IETF Network Slice (e.g., services/paths/tunne realization of an IETF Network Slice (e.g.,
ls). Exposes this performance to the IETF Network services, paths, and tunnels). Exposes this performance to the IETF
Slice Service customer via the IETF Network Slice Service Interf Network Slice Service customer via the IETF Network Slice Service
ace. The IETF Network Slice Service Interface may also Interface. The IETF Network Slice Service Interface may also
include the capability to provide notifications if the IETF Netw include the capability to provide notifications if the IETF
ork Slice performance reaches threshold values Network Slice performance reaches threshold values defined by the
defined by the IETF Network Slice Service customer.</li> IETF Network Slice Service customer.</li>
</ul> </ul>
<section anchor="interfaces" numbered="true" toc="default"> <section anchor="interfaces" numbered="true" toc="default">
<name>IETF Network Slice Controller Interfaces</name> <name>IETF Network Slice Controller Interfaces</name>
<t>The interworking and interoperability among the different stakehold <t>The interworking and interoperability among the different
ers to provide stakeholders to provide common means of provisioning, operating, and
common means of provisioning, operating and monitoring the IETF Net monitoring the IETF Network Slices is enabled by the following
work Slices is communication interfaces (see <xref target="fig_interfaces"
enabled by the following communication interfaces (see <xref target format="default"/>).</t>
="fig_interfaces" format="default"/>).</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>IETF Network Slice Service Interface:</dt> <dt>IETF Network Slice Service Interface:</dt>
<dd>The IETF Network Slice Service Interface is an interface betwe <dd>An interface between a customer&apos;s higher-level
en a customer&apos;s higher level operation system (e.g., a network operation system (e.g., a network slice orchestrator or a
slice orchestrator or a customer network management system) an customer network management system) and an NSC. It is agnostic
d an NSC. It is agnostic to the technology of the underlay network. The custom to the technology of the underlay network. The customer can use
er this interface to communicate the requested characteristics and
can use this interface to communicate the requested characteri other requirements for the IETF Network Slice Service, and an
stics and other NSC can use the interface to report the operational state of an
requirements for the IETF Network Slice Service, and an NSC ca IETF Network Slice Service to the customer. More discussion of
n use the the functionalities for the IETF Network Slice Service Interface
interface to report the operational state of an IETF Network S can be found in <xref
lice Service to the customer. More discussion of the target="I-D.ietf-teas-ietf-network-slice-use-cases"
functionalities for the IETF Network Slice Service Interface c format="default" />.</dd>
an be found in
<xref target="I-D.ietf-teas-ietf-network-slice-use-cases" form
at="default" />.</dd>
<dt>Network Configuration Interface:</dt> <dt>Network Configuration Interface:</dt>
<dd>The Network Configuration Interface is an interface <dd>An interface between an NSC and network controllers. It is
between an NSC and network controllers. It is technology-spec technology specific and may be built around the many network
ific and may be built around models already defined within the IETF.</dd>
the many network models already defined within the IETF.</dd>
</dl> </dl>
<t>These interfaces can be considered in the context of the Service Mo <t>These interfaces can be considered in the context of the Service
del and Network Model described in Model and Network Service Model described in <xref target="RFC8309"
<xref target="RFC8309" format="default"/> and, together with the De format="default"/> and, together with the Device Configuration
vice Configuration Interface used by the Network Interface used by the Network Controllers, provides a consistent
Controllers, provides a consistent view of service delivery and rea view of service delivery and realization.</t>
lization.</t>
<figure anchor="fig_interfaces"> <figure anchor="fig_interfaces">
<name>Interfaces of the IETF Network Slice Controller</name> <name>Interfaces of the IETF Network Slice Controller</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ +------------------------------------------+
+------------------------------------------+ | Customer higher-level operation system |
| Customer higher level operation system | | (e.g., E2E network slice orchestrator, |
| (e.g., E2E network slice orchestrator, | | customer network management system) |
| customer network management system) | +------------------------------------------+
+------------------------------------------+ A
A | IETF Network Slice Service Interface
| IETF Network Slice Service Interface V
V +------------------------------------------+
+------------------------------------------+ | IETF Network Slice Controller (NSC) |
| IETF Network Slice Controller (NSC) | +------------------------------------------+
+------------------------------------------+ A
A | Network Configuration Interface
| Network Configuration Interface V
V +------------------------------------------+
+------------------------------------------+ | Network Controllers |
| Network Controllers | +------------------------------------------+]]></artwork>
+------------------------------------------+
]]>
</artwork>
</figure> </figure>
<section anchor="nbi" numbered="true" toc="default"> <section anchor="nbi" numbered="true" toc="default">
<name>IETF Network Slice Service Interface</name> <name>IETF Network Slice Service Interface</name>
<t>The IETF Network Slice Controller provides an IETF Network Slice Service Interface <t>The IETF Network Slice Controller provides an IETF Network Slice Service Interface
that allows customers to manage IETF Network Slice Services. Cus tomers operate on abstract IETF Network Slice Services, that allows customers to manage IETF Network Slice Services. Cus tomers operate on abstract IETF Network Slice Services,
with details related to their realization hidden.</t> with details related to their realization hidden.</t>
<t>The IETF Network Slice Service Interface is also independent of t he type of network functions or services <t>The IETF Network Slice Service Interface is also independent of t he type of network functions or services
that need to be connected, i.e., it is independent of any specifi c that need to be connected, i.e., it is independent of any specifi c
storage, software, protocol, or platform used to realize physical or storage, software, protocol, or platform used to realize physical or
virtual network connectivity or functions in support of IETF Netw ork virtual network connectivity or functions in support of IETF Netw ork
Slices.</t> Slices.</t>
<t>The IETF Network Slice Service Interface uses protocol mechanisms <t>The IETF Network Slice Service Interface uses protocol
and information mechanisms and information passed over those mechanisms to convey
passed over those mechanisms to convey desired attributes for desired attributes for IETF Network Slices and their status. The
IETF Network Slices and their status. The information is expecte information is expected to be represented as a well-defined data
d to be model and should include at least SDP and connectivity
represented as a well-defined data model, and should include at information, SLO/SLE specification, and status information.</t>
least SDP and connectivity information, SLO/SLE specification, an
d
status information.</t>
</section> </section>
</section> </section>
<section anchor="mgmt_arch" numbered="true" toc="default"> <section anchor="mgmt_arch" numbered="true" toc="default">
<name>Management Architecture</name> <name>Management Architecture</name>
<t>The management architecture described in <xref target="fig_interfac es" format="default"/> may be further <t>The management architecture described in <xref target="fig_interfac es" format="default"/> may be further
decomposed as shown in <xref target="fig_mgmt" format="default"/>. This should also be seen in the decomposed as shown in <xref target="fig_mgmt" format="default"/>. This should also be seen in the
context of the component architecture shown in <xref target="archfi g" format="default"/> and context of the component architecture shown in <xref target="archfi g" format="default"/> and
corresponds to the architecture in <xref target="RFC8309" format="d efault"/>.</t> corresponds to the architecture in <xref target="RFC8309" format="d efault"/>.</t>
<t>Note that the customer higher level operation system of <xref targe t="fig_interfaces" format="default"/> <t>Note that the customer higher-level operation system of <xref targe t="fig_interfaces" format="default"/>
and the Network Slice Orchestrator of <xref target="fig_mgmt" forma t="default"/> may be considered and the Network Slice Orchestrator of <xref target="fig_mgmt" forma t="default"/> may be considered
equivalent to the Service Management &amp; Orchestration (SMO) of < xref target="ORAN" format="default" />.</t> equivalent to the Service Management &amp; Orchestration (SMO) of < xref target="ORAN" format="default" />.</t>
<figure anchor="fig_mgmt"> <figure anchor="fig_mgmt">
<name>Interface of IETF Network Slice Management Architecture</name> <name>Interface of IETF Network Slice Management Architecture</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ --------------
-------------- | Network |
| Network | | Slice |
| Slice | | Orchestrator |
| Orchestrator | --------------
-------------- | IETF Network Slice
| IETF Network Slice | Service Request
| Service Request | Customer view
| Customer view ....|................................
....|................................ -v------------------- Operator view
-v------------------- Operator view |Controller |
|Controller | | ------------ |
| ------------ | | | IETF | |
| | IETF | | | | Network | |--> Virtual Network
| | Network | |--> Virtual Network | | Slice | |
| | Slice | | | | Controller | |
| | Controller | | | | (NSC) | |
| | (NSC) | | | ------------ |
| ------------ | ..| | Network |............
..| | Network |............ | | Configuration | Underlay Network
| | Configuration | Underlay Network | v |
| v | | ------------ |
| ------------ | | | Network | |
| | Network | | | | Controller | |
| | Controller | | | | (NC) | |
| | (NC) | | | ------------ |
| ------------ | ---------------------
--------------------- | Device Configuration
| Device Configuration v]]></artwork>
v
]]>
</artwork>
</figure> </figure>
</section> </section>
</section> </section>
</section> </section>
<section anchor="realize" numbered="true" toc="default"> <section anchor="realize" numbered="true" toc="default">
<name>Realizing IETF Network Slices</name> <name>Realizing IETF Network Slices</name>
<t>Realization of IETF Network Slices is a mapping of the definition of th e <t>Realization of IETF Network Slices is a mapping of the definition of th e
IETF Network Slice to the underlying infrastructure and is necessarily IETF Network Slice to the underlying infrastructure and is necessarily
technology-specific and achieved by an NSC over the Network Configurati on technology specific and achieved by an NSC over the Network Configurati on
Interface. Details of how realizations may be achieved is out of scope Interface. Details of how realizations may be achieved is out of scope
of this document, however, this section provides an overview of the of this document; however, this section provides an overview of the
components and processes involved in realizing an IETF Network Slice.</ t> components and processes involved in realizing an IETF Network Slice.</ t>
<section anchor="arch" numbered="true" toc="default"> <section anchor="arch" numbered="true" toc="default">
<name>An Architecture to Realize IETF Network Slices</name> <name>An Architecture to Realize IETF Network Slices</name>
<t>The architecture described in this section is deliberately at a high <t>The architecture described in this section is deliberately at a high
level. It is not intended to be prescriptive: implementations and level. It is not intended to be prescriptive: implementations and
technical solutions may vary freely. However, this approach provides technical solutions may vary freely. However, this approach provides
a common framework that other documents may reference in order to a common framework that other documents may reference in order to
facilitate a shared understanding of the work.</t> facilitate a shared understanding of the work.</t>
<t><xref target="archfig" format="default"/> shows the architectural com <t><xref target="archfig" format="default"/> shows the architectural
ponents of a components of a network managed to provide IETF Network Slices. The
network managed to provide IETF Network Slices. The customer&apos;s customer&apos;s view is of individual IETF Network Slice Services with
view is of individual IETF Network Slice Services with their SDPs, an their SDPs and connectivity constructs. Requests for IETF Network
d Slice Services are delivered to an NSC.</t>
connectivity constructs. Requests for IETF Network Slice Services ar
e delivered
to an NSC.</t>
<t>The figure shows, without loss of generality, the CEs, ACs, and PEs, <t><xref target="archfig" format="default"/> shows, without loss of
that generality, the CEs, ACs, and PEs that exist in the network. The SDPs
exist in the network. The SDPs are not shown and can be placed in an are not shown and can be placed in any of the ways described in <xref
y of target="sdp" format="default"/>.</t>
the ways described in <xref target="sdp" format="default"/>.</t>
<figure anchor="archfig"> <figure anchor="archfig">
<name>Architecture of an IETF Network Slice</name> <name>Architecture of an IETF Network Slice</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ -- -- --
-- -- -- |CE| |CE| |CE|
|CE| |CE| |CE| -- -- --
-- -- -- AC : AC : AC :
AC : AC : AC : ---------------------- -------
---------------------- ------- ( |PE|....|PE|....|PE| ) ( IETF )
( |PE|....|PE|....|PE| ) ( IETF ) IETF Network ( --: -- :-- ) ( Network )
IETF Network ( --: -- :-- ) ( Network ) Slice Service ( :............: ) ( Slice )
Slice Service ( :............: ) ( Slice ) Request ( IETF Network Slice ) ( ) Customer
Request ( IETF Network Slice ) ( ) Customer v ---------------------- ------- View
v ---------------------- ------- View v ............................\........./...............
v ............................\........./............... v \ / Provider
v \ / Provider v >>>>>>>>>>>>>>> Grouping/Mapping v v View
v >>>>>>>>>>>>>>> Grouping/Mapping v v View v ^ -----------------------------------------
v ^ ----------------------------------------- v ^ ( |PE|.......|PE|........|PE|.......|PE| )
v ^ ( |PE|.......|PE|........|PE|.......|PE| ) --------- ( --: -- :-- -- )
--------- ( --: -- :-- -- ) | | ( :...................: )
| | ( :...................: ) | NSC | ( Network Resource Partition )
| NSC | ( Network Resource Partition ) | | -----------------------------------------
| | ----------------------------------------- | | ^
| | ^ | |>>>>> Resource Partitioning |
| |>>>>> Resource Partitioning | --------- of Filtered Topology |
--------- of Filtered Topology | v v |
v v | v v ----------------------------- --------
v v ----------------------------- -------- v v (|PE|..-..|PE|... ..|PE|..|PE|) ( )
v v (|PE|..-..|PE|... ..|PE|..|PE|) ( ) v v ( :-- |P| -- :-: -- :-- ) ( Filter )
v v ( :-- |P| -- :-: -- :-- ) ( Filter ) v v ( :.- -:.......|P| :- ) ( Topology )
v v ( :.- -:.......|P| :- ) ( Topology ) v v ( |P|...........:-:.......|P| ) ( )
v v ( |P|...........:-:.......|P| ) ( ) v v ( - Filtered Topology ) --------
v v ( - Filtered Topology ) -------- v v ----------------------------- ^
v v ----------------------------- ^ v >>>>>>>>>>>> Topology Filter ^ /
v >>>>>>>>>>>> Topology Filter ^ / v ...........................\............../...........
v ...........................\............../........... v \ / Underlay
v \ / Underlay ---------- \ / (Physical)
---------- \ / (Physical) | | \ / Network
| | \ / Network | Network | ----------------------------------------------
| Network | ---------------------------------------------- |Controller| ( |PE|.....-.....|PE|...... |PE|.......|PE| )
|Controller| ( |PE|.....-.....|PE|...... |PE|.......|PE| ) | | ( -- |P| -- :-...:-- -..:-- )
| | ( -- |P| -- :-...:-- -..:-- ) ---------- ( : -:.............|P|.........|P| )
---------- ( : -:.............|P|.........|P| ) v ( -......................:-:..- - )
v ( -......................:-:..- - ) >>>>>>> ( |P|.........................|P|......: )
>>>>>>> ( |P|.........................|P|......: ) Program the ( - - )
Program the ( - - ) Network ----------------------------------------------]]></artwork>
Network ----------------------------------------------
]]>
</artwork>
</figure> </figure>
<t>The network itself (at the bottom of the figure) comprises an underla <t>The network itself (at the bottom of <xref target="archfig"
y format="default"/>) comprises an underlay network. This could be a
network. This could be a physical network, but may be a virtual netw physical network but may be a virtual network. The underlay network
ork. is provisioned through network controllers <xref target="RFC8309"
The underlay network is provisioned through network controllers <xref format="default"/> that may, themselves, utilize device
target="RFC8309" format="default"/> controllers.</t>
that may, themselves, utilize device controllers.</t>
<t>The underlay network may optionally be filtered or customized by the <t>The underlay network may optionally be filtered or customized by
network operator to produce a number of the network operator to produce a number of network topologies that we
network topologies that we call Filtered Topologies. Customization i call "Filtered Topologies". Customization is just a way of selecting
s just a way of selecting specific resources specific resources (e.g., nodes and links) from the underlay network
(e.g., nodes and links) from the underlay network according to their according to their capabilities and connectivity in the underlay
capabilities and connectivity in the underlay network. Filtering and customization are configuration options or
network. Filtering and customization are configuration options or op operator policies that preselect links and nodes with certain
erator policies that preselect links and nodes with certain performance characteristics to enable easier construction of Network
performance characteristics to enable easier construction of Network Resource Partitions (NRPs; see below) that can reliably support
Resource Partition (NRPs, see below) that can reliably support specific specific IETF Network Slice SLAs, for example, preselection of links
IETF Network Slice SLAs: for example, preselection of links with cert with certain security characteristics, preselection of links with
ain security characteristics, preselection of specific geographic properties, or mapping to colored topologies. The
links with specific geographic properties, or mapping to colored topo resulting topologies can be used as candidates to host IETF Network
logies. The resulting topologies can be used as Slices and provide a useful way for the network operator to know in
candidates to host IETF Network Slices and provide a useful way for t advance that all of the resources they are using to plan an IETF
he network operator to know in advance that Network Slice would be able to meet specific SLOs and SLEs. The
all of the resources they are using to plan an IETF Network Slice wou creation of a Filtered Topology could be an offline planning activity
ld be able to meet specific SLOs and SLEs. or could be performed dynamically as new demands arise. The use of
The creation of a Filtered Topology could be an offline planning acti Filtered Topologies is entirely optional in the architecture, and IETF
vity or could be performed dynamically as new Network Slices could be hosted directly on the underlay network.</t>
demands arise. The use of Filtered Topologies is entirely optional i
n the architecture, and IETF Network Slices
could be hosted directly on the underlay network.</t>
<t>Recall that an IETF Network Slice is a service requested by / provide <t>Recall that an IETF Network Slice is a service requested by and/or
d for the customer. The IETF Network Slice provided for the customer. The IETF Network Slice Service is
Service is expressed in terms of one or more connectivity constructs. expressed in terms of one or more connectivity constructs. An
An implementation or operator is free to implementation or operator is free to limit the number of connectivity
limit the number of connectivity constructs in an IETF Network Slice constructs in an IETF Network Slice to exactly one. Each connectivity
to exactly one. Each connectivity construct is associated construct is associated within the IETF Network Slice Service request
within the IETF Network Slice Service request with a set of SLOs and with a set of SLOs and SLEs. The set of SLOs and SLEs does not need
SLEs. The set of SLOs and SLEs does not need to be the same for every connectivity construct in the IETF Network
to be the same for every connectivity construct in the IETF Network S Slice, but an implementation or operator is free to require that all
lice, but an implementation or operator is free connectivity constructs in an IETF Network Slice have the same set of
to require that all connectivity constructs in an IETF Network Slice SLOs and SLEs.</t>
have the same set of SLOs and SLEs.</t>
<t>An NRP is a subset of the buffer/queuing/scheduling resources and ass <t>An NRP is a subset of the buffer/queuing/scheduling resources and
ociated policies on associated policies on each of a connected set of links in the
each of a connected set of links in the underlay network (for example underlay network (for example, as achieved in <xref
, as achieved in <xref target="I-D.ietf-spring-resource-aware-segments" format="default"/>).
target="I-D.ietf-spring-resource-aware-segments" format="default"/>). The connected set of links could be the entire set of links with all
The connected set of links could be the entire of their buffer/queuing/scheduling resources and behaviors in the
set of links with all of their buffer/queuing/scheduling resources an underlay network, and in this case, there would be just one NRP
d behaviors in the underlay network and in this supported in the underlay network. The amount and granularity of
case there would be just one NRP supported in the underlay network. resources allocated in an NRP is flexible and depends on the
The amount and granularity of resources allocated operator&apos;s policy. Some NRP realizations may build NRPs with
in an NRP is flexible and depends on the operator&apos;s policy. Som dedicated topologies, while other realizations may use a shared
e NRP realizations may build NRPs with dedicated topology for multiple NRPs. Realizations of an NRP may be built on a
topologies, while other realizations may use a shared topology for mu range of existing or new technologies, and this document does not
ltiple NRPs. Realizations of an NRP may be built constrain solution technologies.</t>
on a range of existing or new technologies, and this document does no
t constrain solution technologies.</t>
<t>One or more connectivity constructs from one or more IETF Network Sli <t>One or more connectivity constructs from one or more IETF Network
ces are mapped to an NRP. A single connectivity Slices are mapped to an NRP. A single connectivity construct is
construct is mapped to only one NRP (that is, the relationship is man mapped to only one NRP (that is, the relationship is many to one).
y to one). Thus, all traffic flows in a Thus, all traffic flows in a connectivity construct assigned to an NRP
connectivity construct assigned to an NRP are assigned to that NRP. are assigned to that NRP. Further, all PEs connected by a
Further, all PEs connected by a connectivity connectivity construct must be present in the NRP to which that
construct must be present in the NRP to which that connectivity const connectivity construct is assigned.</t>
ruct is assigned.</t>
<t>An NRP may be chosen to support a specific connectivity construct bec <t>An NRP may be chosen to support a specific connectivity construct
ause of its ability to support because of its ability to support a specific set of SLOs and SLEs,
a specific set of SLOs and SLEs, or its ability to support particular its ability to support particular connectivity constructs, or any
connectivity constructs, or for any administrative administrative or operational reason. An implementation or operator
or operational reason. An implementation or operator is free to map is free to map each connectivity construct to a separate NRP, although
each connectivity construct to a separate NRP, there may be scaling implications depending on the solution
although there may be scaling implications depending on the solution implemented. Thus, the connectivity constructs from one slice may be
implemented. Thus, the connectivity constructs mapped to one or more NRPs. By implication from the above, an
from one slice may be mapped to one or more NRPs. By implication fro implementation or operator is free to map all the connectivity
m the above, an implementation or operator is free constructs in a slice to a single NRP and to not share that NRP with
to map all the connectivity constructs in a slice to a single NRP, an connectivity constructs from another slice.</t>
d to not share that NRP with connectivity
constructs from another slice.</t>
<t>An NRP may use work-conserving schedulers, non-work conserving schedu <t>An NRP may use work-conserving schedulers, non-work-conserving
lers, or both (see Section 2 of <xref target="RFC3290" format="default" />) schedulers, or both (see <xref target="RFC3290" sectionFormat="of"
according to the function that it needs to deliver. The choice of ho section="2"/>) according to the function that it needs to deliver.
w network resources are allocated and The choice of how network resources are allocated and managed for an
managed for an NRP, and whether a work-conserving scheduling approach NRP, and whether a work-conserving scheduling approach or a
or a non-work conserving non-work-conserving scheduling approach is adopted, is technology
scheduling approach is adopted, is technology specific: an implementa specific: an implementation or operator is free to choose the set of
tion or techniques for NRP realization.</t>
operator is free to choose the set of techniques for NRP realization.
</t>
<t>The process of determining the NRP may be made easier if the underlay <t>The process of determining the NRP may be made easier if the
network topology is first filtered into a underlay network topology is first filtered into a Filtered Topology
Filtered Topology in order to be aware of the subset of network resou in order to be aware of the subset of network resources that are
rces that are suitable for specific NRPs. In suitable for specific NRPs. In this case, each Filtered Topology is
this case, each Filtered Topology is treated as an underlay network o treated as an underlay network on which NRPs can be constructed. The
n which NRPs can be constructed. The stage of stage of generating Filtered Topologies is optional within this
generating Filtered Topologies is optional within this framework.</t> framework.</t>
<t>The steps described here can be applied in a variety of orders accord ing to implementation and deployment <t>The steps described here can be applied in a variety of orders accord ing to implementation and deployment
preferences. Furthermore, the steps may be iterative so that the com ponents are continually refined and preferences. Furthermore, the steps may be iterative so that the com ponents are continually refined and
modified as network conditions change and as service requests are rec eived or relinquished, and even the modified as network conditions change and as service requests are rec eived or relinquished, and even the
underlay network could be extended if necessary to meet the customers &apos; demands.</t> underlay network could be extended if necessary to meet the customers &apos; demands.</t>
</section> </section>
<section anchor="reality" numbered="true" toc="default"> <section anchor="reality" numbered="true" toc="default">
<name>Procedures to Realize IETF Network Slices</name> <name>Procedures to Realize IETF Network Slices</name>
<t>There are a number of different technologies that can be used in the <t>There are a number of different technologies that can be used in the
underlay, including physical connections, MPLS, time-sensitive underlay, including physical connections, MPLS, Time-Sensitive
networking (TSN), Flex-E, etc.</t> Networking (TSN), Flex-E, etc.</t>
<t>An IETF Network Slice can be realized in a network, using specific <t>An IETF Network Slice can be realized in a network, using specific
underlay technology or technologies. The creation of a new IETF underlay technology or technologies. The creation of a new IETF
Network Slice will be realized with following steps:</t> Network Slice will be realized with the following steps:</t>
<ul spacing="normal"> <ol spacing="normal" type="1">
<li>An NSC exposes the network slicing capabilities that it offers <li>An NSC exposes the network slicing capabilities that it offers
for the network it manages so that the customer can determine for the network it manages so that the customer can determine
whether to request services and what features are in scope.</li> whether to request services and what features are in scope.</li>
<li>The customer may issue a request to determine whether a specific <li>The customer may issue a request to determine whether a
IETF specific IETF Network Slice Service could be supported by the
Network Slice Service could be supported by the network. An NSC network. An NSC may respond indicating a simple yes or no and
may respond may supplement a negative response with information about what it
indicating a simple yes or no, and may supplement a negative res could support were the customer to change some requirements.</li>
ponse
with information about what it could support were the customer t
o change
some requirements.</li>
<li>The customer requests an IETF Network Slice Service. An NSC may <li>The customer requests an IETF Network Slice Service. An NSC
respond that may respond that the slice has or has not been created and may
the slice has or has not been created, and may supplement a nega supplement a negative response with information about what it
tive response could support were the customer to change some requirements.</li>
with information about what it could support were the customer t
o change
some requirements.</li>
<li>When processing a customer request for an IETF Network Slice Ser <li>When processing a customer request for an IETF Network Slice
vice, an NSC maps Service, an NSC maps the request to the network capabilities and
the request to the network capabilities and applies provider pol applies provider policies before creating or supplementing the
icies before NRP.</li>
creating or supplementing the NRP.</li>
</ul> </ol>
<t>Regardless of how an IETF Network Slice is <t>Regardless of how an IETF Network Slice is realized in the network
realized in the network (e.g., using tunnels of different types), the (e.g., using tunnels of different types), the definition of the IETF
definition of the IETF Network Slice Service does not change at all. Network Slice Service does not change at all. The only difference is
The how the slice is realized. The following sections briefly introduce
only difference is how the slice is realized. The following sections how some existing architectural approaches can be applied to realize
briefly introduce how some existing architectural approaches can be IETF Network Slices.</t>
applied to realize IETF Network Slices.</t>
</section> </section>
<section anchor="actn" numbered="true" toc="default"> <section anchor="actn" numbered="true" toc="default">
<name>Applicability of ACTN to IETF Network Slices</name> <name>Applicability of ACTN to IETF Network Slices</name>
<t>Abstraction and Control of TE Networks (ACTN - <xref target="RFC8453" <t>Abstraction and Control of TE Networks (ACTN) <xref
format="default"/>) target="RFC8453" format="default"/> is a management architecture and
is a management architecture and toolkit used to create virtual netwo toolkit used to create virtual networks (VNs) on top of a TE underlay
rks network. The VNs can be presented to customers for them to operate as
(VNs) on top of a TE underlay network. The VNs can be presented to private networks.</t>
customers for them to operate as private networks.</t>
<t>In many ways, the function of ACTN is similar to IETF network <t>In many ways, the function of ACTN is similar to IETF network
slicing. Customer requests for connectivity-based overlay services slicing. Customer requests for connectivity-based overlay services
are mapped to dedicated or shared resources in the underlay network are mapped to dedicated or shared resources in the underlay network in
in a way that meets customer guarantees for service level objectives a way that meets customer guarantees for SLOs and
and for separation from other customers&apos; traffic. <xref target= for separation from other customers&apos; traffic. <xref
"RFC8453" format="default"/> target="RFC8453" format="default"/> describes the function of ACTN as
describes the function of ACTN as collecting resources to establish a collecting resources to establish a logically dedicated virtual
logically network over one or more TE networks. Thus, in the case of a
dedicated virtual network over one or more TE networks. Thus, in the TE-enabled underlay network, the ACTN VN can be used as a basis to
case of a TE-enabled underlay network, the ACTN VN can be used as a realize IETF network slicing.</t>
basis to realize IETF network slicing.</t>
<t>While the ACTN framework is a generic VN framework that can be used <t>While the ACTN framework is a generic VN framework that can be used
for VN services beyond the IETF Network Slice, it is also a suitable for VN services beyond the IETF Network Slice, it is also a suitable
basis for delivering and realizing IETF Network Slices.</t> basis for delivering and realizing IETF Network Slices.</t>
<t>Further discussion of the applicability of ACTN to IETF Network <t>Further discussion of the applicability of ACTN to IETF Network
Slices including a discussion of the relevant YANG models can be Slices, including a discussion of the relevant YANG models, can be found
found in <xref target="I-D.ietf-teas-applicability-actn-slicing" form in <xref target="I-D.ietf-teas-applicability-actn-slicing"
at="default"/>.</t> format="default"/>.</t>
</section> </section>
<section anchor="eVPN" numbered="true" toc="default"> <section anchor="eVPN" numbered="true" toc="default">
<name>Applicability of Enhanced VPNs to IETF Network Slices</name> <name>Applicability of Enhanced VPNs to IETF Network Slices</name>
<t>An enhanced VPN (VPN+) is designed to support the needs of new <t>An enhanced VPN is designed to support the needs of new
applications, particularly applications that are associated with 5G applications, particularly applications that are associated with 5G
services. The approach is based on existing VPN and TE technologies, services. The approach is based on existing VPN and TE technologies
but adds characteristics that specific services require over and abov but adds characteristics that specific services require over and above
e those previously associated with VPN services.</t>
those previously associated with VPN services.</t>
<t>An enhanced VPN can be used to provide enhanced connectivity services <t>An enhanced VPN can be used to provide enhanced connectivity
between customer sites and can be used to create the infrastructure t services between customer sites and can be used to create the
o infrastructure to underpin an IETF Network Slice Service.</t>
underpin an IETF Network Slice Service.</t>
<t>It is envisaged that enhanced VPNs will be delivered using a <t>It is envisaged that enhanced VPNs will be delivered using a
combination of existing, modified, and new networking technologies.</ combination of existing, modified, and new networking
t> technologies.</t>
<t><xref target="I-D.ietf-teas-enhanced-vpn" format="default"/> describe <t><xref target="I-D.ietf-teas-enhanced-vpn" format="default"/>
s the framework describes the framework for enhanced VPN
for Enhanced Virtual Private Network (VPN+) services.</t> services.</t>
</section> </section>
<section anchor="aggie" numbered="true" toc="default"> <section anchor="aggie" numbered="true" toc="default">
<name>Network Slicing and Aggregation in IP/MPLS Networks</name> <name>Network Slicing and Aggregation in IP/MPLS Networks</name>
<t>Network slicing provides the ability to partition a physical network <t>Network slicing provides the ability to partition a physical network
into multiple logical networks of varying sizes, structures, into multiple logical networks of varying sizes, structures,
and functions so that each slice can be dedicated to specific and functions so that each slice can be dedicated to specific
services or customers. The support of resource preemption between services or customers. The support of resource preemption between
IETF network slices is deployment specific.</t> IETF Network Slices is deployment specific.</t>
<t>Many approaches are currently being worked on to support IETF Network Slices in <t>Many approaches are currently being worked on to support IETF Network Slices in
IP and MPLS networks with or without the use of Segment Routing. Mos t of these IP and MPLS networks with or without the use of Segment Routing. Mos t of these
approaches utilize a way of marking packets so that network nodes can apply approaches utilize a way of marking packets so that network nodes can apply
specific routing and forwarding behaviors to packets that belong to d ifferent specific routing and forwarding behaviors to packets that belong to d ifferent
IETF Network Slices. Different mechanisms for marking packets have b een proposed IETF Network Slices. Different mechanisms for marking packets have b een proposed
(including using MPLS labels and Segment Routing segment IDs) and tho se mechanisms (including using MPLS labels and Segment Routing segment IDs), and th ose mechanisms
are agnostic to the path control technology used within the underlay network.</t> are agnostic to the path control technology used within the underlay network.</t>
<t>These approaches are also sensitive to the scaling concerns of suppor ting a large <t>These approaches are also sensitive to the scaling concerns of suppor ting a large
number of IETF Network Slices within a single IP or MPLS network, and so offer number of IETF Network Slices within a single IP or MPLS network and so offer
ways to aggregate the connectivity constructs of slices (or whole sli ces) so that ways to aggregate the connectivity constructs of slices (or whole sli ces) so that
the packet markings indicate an aggregate or grouping where all of th e packets are the packet markings indicate an aggregate or grouping where all of th e packets are
subject to the same routing and forwarding behavior.</t> subject to the same routing and forwarding behavior.</t>
<t>At this stage, it is inappropriate to cite any of these proposed solu tions <t>At this stage, it is inappropriate to cite any of these proposed solu tions
that are currently work in progress and not yet adopted as IETF work. </t> that are currently work in progress and not yet adopted as IETF work. </t>
</section> </section>
<section anchor="sfc" numbered="true" toc="default"> <section anchor="sfc" numbered="true" toc="default">
skipping to change at line 1572 skipping to change at line 1820
placeholders (i.e., the SFs are identified, but not their locators).< /t> placeholders (i.e., the SFs are identified, but not their locators).< /t>
<t>Service Function Chaining (SFC) <xref target="RFC7665" format="defaul t"/> <t>Service Function Chaining (SFC) <xref target="RFC7665" format="defaul t"/>
techniques can be used by a provider to instantiate such an IETF Netw ork techniques can be used by a provider to instantiate such an IETF Netw ork
Slice Service. An NSC may proceed as follows.</t> Slice Service. An NSC may proceed as follows.</t>
<ul spacing="normal"> <ul spacing="normal">
<li>Expose a set of ancillary CEs that are hosted in the underlay net work.</li> <li>Expose a set of ancillary CEs that are hosted in the underlay net work.</li>
<li>Capture the SFC requirements (including, traffic performance <li>Capture the SFC requirements (including traffic performance
metrics) from the customer. One or more service chains may be metrics) from the customer. One or more service chains may be
associated with the same IETF Network Slice Service as connectivi associated with the same IETF Network Slice Service as connectivity
ty constructs.</li>
constructs.</li>
<li>Execute an SF placement algorithm to decide where to locate the <li>Execute an SF placement algorithm to decide where to locate the
ancillary CEs in order to fulfill the service objectives.</li> ancillary CEs in order to fulfill the service objectives.</li>
<li> <li>
<t>Generate SFC classification rules to identify (part of) the slic <t>Generate SFC classification rules to identify part of the
e slice traffic that will be bound to an SFC. These classification
traffic that will be bound to an SFC. These classification rule rules may be the same as or distinct from the identification
s rules used to bind incoming traffic to the associated IETF
may be the same as or distinct from the identification rules use Network Slice.</t>
d
to bind incoming traffic to the associated IETF Network Slice.</
t>
<t>An NSC also generates a set of SFC forwarding policies that <t>An NSC also generates a set of SFC forwarding policies that
govern how the traffic will be forwarded along a service functio govern how the traffic will be forwarded along a Service Function
n Path (SFP).</t>
path (SFP).</t>
</li> </li>
<li>Identify the appropriate Classifiers in the underlay network and <li>Identify the appropriate Classifiers in the underlay network
provision them with the classification rules. Likewise, an NSC and provision them with the classification rules. Likewise, an NSC
communicates the SFC forwarding polices to the appropriate Servic communicates the SFC forwarding policies to the appropriate Service
e Function Forwarders (SFFs).</li>
Function Forwarders (SFF).</li>
</ul> </ul>
<t>The provider can enable an SFC data plane mechanism, such as <t>The provider can enable an SFC data plane mechanism, such as those
<xref target="RFC8300" format="default"/>, <xref target="RFC8596" for described in <xref target="RFC8300" format="default"/>, <xref
mat="default"/>, target="RFC8596" format="default"/>, or <xref target="RFC9491"
or <xref target="I-D.ietf-spring-nsh-sr" format="default"/>.</t> format="default"/>.</t>
</section> </section>
</section> </section>
<section anchor="isolation" numbered="true" toc="default"> <section anchor="isolation" numbered="true" toc="default">
<name>Isolation in IETF Network Slices</name> <name>Isolation in IETF Network Slices</name>
<section anchor="isoslo" numbered="true" toc="default"> <section anchor="isoslo" numbered="true" toc="default">
<name>Isolation as a Service Requirement</name> <name>Isolation as a Service Requirement</name>
<t>An IETF Network Slice Service customer may request that the IETF Netw ork <t>An IETF Network Slice Service customer may request that the IETF Netw ork
Slice delivered to them is such that changes to other Slice delivered to them is such that changes to other
IETF Network Slices or to other services do not have any negative imp act on IETF Network Slices or to other services do not have any negative imp act on
the delivery of the IETF Network Slice. The IETF Network Slice Servic e the delivery of the IETF Network Slice. The IETF Network Slice Servic e
customer may specify the extent to which their IETF Network Slice Ser vice customer may specify the extent to which their IETF Network Slice Ser vice
is unaffected by changes in the provider network or by the behavior is unaffected by changes in the provider network or by the behavior
of other IETF Network Slice Service customers. The customer may expr ess of other IETF Network Slice Service customers. The customer may expr ess
this via an SLE it agrees with the provider. This concept is termed this via an SLE it agrees with the provider. This concept is termed
'isolation'.</t> "isolation".</t>
<t>In general, a customer cannot tell whether a service provider is <t>In general, a customer cannot tell whether a service provider is
meeting an isolation SLE. If the service varies such that an SLO meeting an isolation SLE. If the service varies such that an SLO
is breached then the customer will become aware of the problem, and is breached, then the customer will become aware of the problem, and
if the service varies within the allowed bounds of the SLOs, there if the service varies within the allowed bounds of the SLOs, there
may be no noticeable indication that this SLE has been violated.</t> may be no noticeable indication that this SLE has been violated.</t>
</section> </section>
<section anchor="isoreal" numbered="true" toc="default"> <section anchor="isoreal" numbered="true" toc="default">
<name>Isolation in IETF Network Slice Realization</name> <name>Isolation in IETF Network Slice Realization</name>
<t>Isolation may be achieved in the underlay network by various forms <t>Isolation may be achieved in the underlay network by various forms
of resource partitioning ranging from dedicated allocation of of resource partitioning, ranging from dedicated allocation of
resources for a specific IETF Network Slice, to sharing of resources resources for a specific IETF Network Slice to sharing of resources
with safeguards. For example, traffic separation between different with safeguards. For example, traffic separation between different
IETF Network Slices may be achieved using VPN technologies, such as IETF Network Slices may be achieved using VPN technologies, such as
L3VPN, L2VPN, EVPN, etc. Interference avoidance may be achieved by L3VPN, L2VPN, EVPN, etc. Interference avoidance may be achieved by
network capacity planning, allocating dedicated network resources, network capacity planning, allocating dedicated network resources,
traffic policing or shaping, prioritizing in using shared network traffic policing or shaping, prioritizing in using shared network
resources, etc. Finally, service continuity may be ensured by resources, etc. Finally, service continuity may be ensured by
reserving backup paths for critical traffic and dedicating specific reserving backup paths for critical traffic and dedicating specific
network resources for a selected number of IETF Network Slices.</t> network resources for a selected number of IETF Network Slices.</t>
</section> </section>
skipping to change at line 1667 skipping to change at line 1917
</section> </section>
<section anchor="security-considerations" numbered="true" toc="default"> <section anchor="security-considerations" numbered="true" toc="default">
<name>Security Considerations</name> <name>Security Considerations</name>
<t>This document specifies terminology and has no direct effect on the sec urity of <t>This document specifies terminology and has no direct effect on the sec urity of
implementations or deployments. In this section, a few of the security aspects are identified.</t> implementations or deployments. In this section, a few of the security aspects are identified.</t>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>Conformance to security constraints:</dt> <dt>Conformance to security constraints:</dt> <dd>Specific security
<dd>Specific security requests from customer-defined IETF requests from customer-defined IETF Network Slice Services will be
Network Slice Services will be mapped to their realization in the mapped to their realization in the underlay networks. Underlay
underlay networks. networks will require capabilities to conform to customer&apos;s
Underlay networks will require capabilities to conform to customer requests as some aspects of security may be expressed in SLEs.</dd>
&apos;s requests as
some aspects of security may be expressed in SLEs.</dd>
<dt>IETF NSC authentication:</dt> <dt>IETF NSC authentication:</dt>
<dd>Underlay networks need to be protected against <dd>Underlay networks need to be protected against attacks from an
attacks from an adversary NSC as this could destabilize overall ne adversary NSC as this could destabilize overall network operations.
twork operations. An IETF Network Slice may span different networks; therefore, an NSC
An IETF Network Slice may span different networks, therefore, should have strong authentication with each of these networks.
an NSC should have strong authentication with each of these networ Furthermore, both the IETF Network Slice Service Interface and the
ks. Furthermore, both the Network Configuration Interface need to be secured with a robust
IETF Network Slice Service Interface and the Network Configuration authentication and authorization mechanism and associated auditing
Interface need to be secured mechanism.</dd>
with a robust authentication and authorization; and associated aud
iting mechanism.</dd>
<dt>Specific isolation criteria:</dt> <dt>Specific isolation criteria:</dt>
<dd>The nature of conformance to isolation requests means that it shou <dd>The nature of conformance to isolation requests means that it
ld should not be possible to attack an IETF Network Slice Service by
not be possible to attack an IETF Network Slice Service by varying varying the traffic on other services or slices carried by the same
the traffic on other services underlay network. In general, isolation is expected to strengthen
or slices carried by the same underlay network. In general, isola the IETF Network Slice security.</dd>
tion is expected to strengthen
the IETF Network Slice security.</dd>
<dt>Data Confidentiality and Integrity of an IETF Network Slice:</dt> <dt>Data confidentiality and integrity of an IETF Network Slice:</dt>
<dd>An IETF Network Slice might include encryption and other security <dd>An IETF Network Slice might include encryption and other
features as part of the service security features as part of the service (for example, as SLEs).
(for example, as SLEs). However, a customer wanting to guarantee However, a customer wanting to guarantee that their data is secure
that their data is secure from from inspection or modification as it passes through the network of
inspection or modification as it passes through the network of the the operator that provides the IETF Network Slice Service will need
operator that provides the IETF to provision their own security solutions (e.g., with IPsec) or send
Network Slice Service will need to provision their own security so only already otherwise-encrypted traffic through the slice.</dd>
lutions (e.g., with IPsec) or
send only already otherwise-encrypted traffic through the slice.</
dd>
</dl> </dl>
<t>Note: See <xref target="NGMN_SEC" format="default"/> on 5G network slic <t>See <xref target="NGMN-SEC" format="default"/> on 5G network slice
e security for discussion relevant to security for discussion relevant to this section.</t>
this section.</t>
<t>IETF Network Slices might use underlying virtualized networking. All t <t>IETF Network Slices might use underlying virtualized networking. All
ypes of types of virtual networking require special consideration to be given to
virtual networking require special consideration to be given to the sep the separation of traffic between distinct virtual networks, as well as
aration some amount of protection from effects of traffic use of underlay
of traffic between distinct virtual networks, as well as some amount of network (and other) resources from other virtual networks sharing those
protection from effects of traffic use of underlay network (and other) resources.</t>
resources from other virtual networks sharing those resources.</t>
<t>For example, if a service requires a specific upper bound on latency, t hen that <t>For example, if a service requires a specific upper bound on latency, t hen that
service could be degraded with added delay caused by the processing of packets from service could be degraded with added delay caused by the processing of packets from
another service or application that shares the same network resources. Thus, without another service or application that shares the same network resources. Thus, without
careful planning or traffic policing, it may be possible to attack an I ETF Network careful planning or traffic policing, it may be possible to attack an I ETF Network
Slice Service simply by increasing the traffic on another service in th e network.</t> Slice Service simply by increasing the traffic on another service in th e network.</t>
<t>Similarly, in a network with virtual functions, noticeably impeding acc ess to <t>Similarly, in a network with virtual functions, noticeably impeding acc ess to
a function used by another IETF Network Slice (for instance, compute re sources) a function used by another IETF Network Slice (for instance, compute re sources)
can be just as service-degrading as delaying physical transmission of a ssociated can be just as service-degrading as delaying physical transmission of a ssociated
skipping to change at line 1740 skipping to change at line 1996
<t>In this sense, it is of paramount importance that the system uses the p rivacy <t>In this sense, it is of paramount importance that the system uses the p rivacy
protection mechanism defined for the specific underlay technologies tha t support the slice, protection mechanism defined for the specific underlay technologies tha t support the slice,
including in particular those mechanisms designed to preclude acquiring including in particular those mechanisms designed to preclude acquiring
identifying information associated with any IETF Network Slice Service customer.</t> identifying information associated with any IETF Network Slice Service customer.</t>
</section> </section>
<section anchor="iana-considerations" numbered="true" toc="default"> <section anchor="iana-considerations" numbered="true" toc="default">
<name>IANA Considerations</name> <name>IANA Considerations</name>
<t>This document makes no requests for IANA action.</t> <t>This document has no IANA actions.</t>
</section>
<section anchor="acknowledgments" numbered="false" toc="default">
<name>Acknowledgments</name>
<t>The entire TEAS Network Slicing design team and everyone participating
in related
discussions has contributed to this document. Some text fragments in t
he document
have been copied from the <xref target="I-D.ietf-teas-enhanced-vpn" for
mat="default"/>, for which we are
grateful.</t>
<t>Significant contributions to this document were gratefully received fro
m
the contributing authors listed in the "Contributors" section. In addi
tion
we would like to also thank those others who have attended one or more
of
the design team meetings, including the following people not listed els
ewhere:</t>
<ul spacing="normal">
<li>Aihua Guo</li>
<li>Bo Wu</li>
<li>Greg Mirsky</li>
<li>Lou Berger</li>
<li>Rakesh Gandhi</li>
<li>Ran Chen</li>
<li>Sergio Belotti</li>
<li>Stewart Bryant</li>
<li>Tomonobu Niwa</li>
<li>Xuesong Geng</li>
</ul>
<t>Further useful comments were received from Daniele Ceccarelli, Uma Chun
duri, Pavan Beeram, Tarek Saad,
Kenichi Ogaki, Oscar Gonzalez de Dios, Xiaobing Niu, Dan Voyer, Igor Br
yskin, Luay Jalil, Joel Halpern,
John Scudder, John Mullooly, Krzysztof Szarkowicz, Jingrong Xie, Jia He
, Reese Enghardt, Dirk Von Hugo,
Erik Kline, and Eric Vyncke.</t>
<t>This work is partially supported by the European Commission under Horiz
on 2020 grant agreement number 101015857
Secured autonomic traffic management for a Tera of SDN flows (Teraflow)
.</t>
</section> </section>
<section anchor="contributors" numbered="false" toc="default"> </middle>
<name>Contributors</name>
<t>The following authors contributed significantly to this document:</t>
<artwork name="" type="" align="left" alt="">
<![CDATA[
Eric Gray
(The original editor of the foundation documents)
Retired
Jari Arkko
Ericsson
Email: jari.arkko@piuha.net
Mohamed Boucadair
Orange
Email: mohamed.boucadair@orange.com
Dhruv Dhody <back>
Huawei, India
Email: dhruv.ietf@gmail.com
Jie Dong <displayreference target="I-D.ietf-spring-resource-aware-segments" to="RESOUR
Huawei CE-AWARE-SEGMENTS"/>
Email: jie.dong@huawei.com <displayreference target="I-D.ietf-teas-applicability-actn-slicing" to="ACTN-
NS"/>
<displayreference target="I-D.ietf-teas-enhanced-vpn" to="ENHANCED-VPN"/>
<displayreference target="I-D.ietf-teas-ietf-network-slice-use-cases" to="USE
-CASES"/>
<displayreference target="I-D.openconfig-rtgwg-gnmi-spec" to="GNMI"/>
Xufeng Liu <references>
Volta Networks <name>Informative References</name>
Email: xufeng.liu.ietf@gmail.com
]]>
</artwork>
</section> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3290.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3393.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4208.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4303.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4364.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4397.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5212.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5440.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7239.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7665.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7679.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7680.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7926.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8300.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8309.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8453.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8454.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8596.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9408.xml"
/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9491.xml"
/>
</middle> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-sp ring-resource-aware-segments.xml"/>
<back> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-te as-applicability-actn-slicing.xml"/>
<references> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-te
<name>Informative References</name> as-enhanced-vpn.xml"/>
&RFC3290; <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-te
&RFC3393; as-ietf-network-slice-use-cases.xml"/>
&RFC4208;
&RFC4303;
&RFC4364;
&RFC4397;
&RFC5212;
&RFC5440;
&RFC6020;
&RFC6241;
&RFC7239;
&RFC7665;
&RFC7679;
&RFC7680;
&RFC7926;
&RFC7950;
&RFC8040;
&RFC8300;
&RFC8309;
&RFC8453;
&RFC8454;
&RFC8596;
&RFC9408;
&I-D.ietf-spring-nsh-sr; <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.opencon
&I-D.ietf-spring-resource-aware-segments; fig-rtgwg-gnmi-spec.xml"/>
&I-D.ietf-teas-applicability-actn-slicing;
&I-D.ietf-teas-enhanced-vpn;
&I-D.ietf-teas-ietf-network-slice-use-cases;
&I-D.openconfig-rtgwg-gnmi-spec;
<reference anchor="NFVArch" target="http://www.etsi.org/deliver/etsi_gs/nf v/001_099/002/01.01.01_60/gs_nfv002v010101p.pdf"> <reference anchor="NFVArch" target="http://www.etsi.org/deliver/etsi_gs/nf v/001_099/002/01.01.01_60/gs_nfv002v010101p.pdf">
<front> <front>
<title>Network Functions Virtualisation (NFV): Architectural Framework </title> <title>Network Functions Virtualisation (NFV); Architectural Framework </title>
<author> <author>
<organization>ETSI</organization> <organization>ETSI</organization>
</author> </author>
<date month="October" year="2013"/> <date month="October" year="2013"/>
</front> </front>
<seriesInfo name="ETSI" value="GS NFV 002"/> <seriesInfo name="ETSI GS" value="NFV 002"/>
<refcontent>V1.1.1</refcontent>
</reference> </reference>
<reference anchor="NGMN-NS-Concept"> <reference anchor="NGMN-NS-Concept" target="https://ngmn.org/wp-content/up loads/160113_NGMN_Network_Slicing_v1_0.pdf">
<front> <front>
<title>Description of Network Slicing Concept</title> <title>Description of Network Slicing Concept</title>
<author> <author>
<organization>NGMN Alliance</organization> <organization>NGMN Alliance</organization>
</author> </author>
<date year="2016"/> <date month="January" year="2016"/>
</front> </front>
<seriesInfo name="https://www.ngmn.org/uploads/media/161010_NGMN_Network _Slicing_framework_v1.0.8.pdf" value=""/>
</reference> </reference>
<reference anchor="TS23501"> <reference anchor="TS23.501">
<front> <front>
<title>System architecture for the 5G System (5GS)</title> <title>System architecture for the 5G System (5GS)</title>
<author> <author>
<organization>3GPP</organization> <organization>3GPP</organization>
</author> </author>
<date year="2019"/> <date year="2019"/>
</front> </front>
<seriesInfo name="3GPP" value="TS 23.501"/> <seriesInfo name="3GPP TS" value="23.501"/>
</reference> </reference>
<reference anchor="TS28530"> <reference anchor="TS28.530">
<front> <front>
<title>Management and orchestration; Concepts, use cases and requireme nts</title> <title>Management and orchestration; Concepts, use cases and requireme nts</title>
<author> <author>
<organization>3GPP</organization> <organization>3GPP</organization>
</author> </author>
<date year="2019"/> <date year="2019"/>
</front> </front>
<seriesInfo name="3GPP" value="TS 28.530"/> <seriesInfo name="3GPP TS" value="28.530"/>
</reference> </reference>
<reference anchor="TS33.210" target="https://portal.3gpp.org/desktopmodule s/Specifications/SpecificationDetails.aspx?specificationId=2279"> <reference anchor="TS33.210" target="https://portal.3gpp.org/desktopmodule s/Specifications/SpecificationDetails.aspx?specificationId=2279">
<front> <front>
<title>3G security; Network Domain Security (NDS); IP network layer se curity (Release 14).</title> <title>Network Domain Security (NDS); IP network layer security</title >
<author> <author>
<organization>3GPP</organization> <organization>3GPP</organization>
</author> </author>
<date month="December" year="2016"/> <date month="December" year="2016"/>
</front> </front>
<refcontent>Release 14</refcontent>
</reference> </reference>
<reference anchor="HIPAA" target="https://www.hhs.gov/hipaa/for-profession als/security/index.html"> <reference anchor="HIPAA" target="https://www.hhs.gov/hipaa/for-profession als/security/index.html">
<front> <front>
<title>Health Insurance Portability and Accountability Act - The Secur ity Rule</title> <title>The Security Rule</title>
<author> <author>
<organization>HHS</organization> <organization>HHS</organization>
</author> </author>
<date month="February" year="2003"/>
</front> </front>
</reference> </reference>
<reference anchor="PCI" target="https://www.pcisecuritystandards.org"> <reference anchor="PCI" target="https://www.pcisecuritystandards.org/docum ent_library">
<front> <front>
<title>PCI DSS</title> <title>PCI DSS</title>
<author> <author>
<organization>PCI Security Standards Council</organization> <organization>PCI Security Standards Council</organization>
</author> </author>
<date month="May" year="2018"/> <date month="March" year="2022"/>
</front> </front>
</reference> </reference>
<reference anchor="NGMN_SEC" target="https://www.ngmn.org/wp-content/uploa ds/Publications/2016/160429_NGMN_5G_Security_Network_Slicing_v1_0.pdf"> <reference anchor="NGMN-SEC" target="https://www.ngmn.org/wp-content/uploa ds/Publications/2016/160429_NGMN_5G_Security_Network_Slicing_v1_0.pdf">
<front> <front>
<title>NGMN 5G Security - Network Slicing</title> <title>5G security recommendations Package #2 - Network Slicing</title >
<author> <author>
<organization>NGMN Alliance</organization> <organization>NGMN</organization>
</author> </author>
<date month="April" year="2016"/> <date month="April" year="2016"/>
</front> </front>
</reference> </reference>
<reference anchor="MACsec" target="https://1.ieee802.org/security/802-1ae" > <reference anchor="MACsec" target="https://ieeexplore.ieee.org/document/85 85421">
<front> <front>
<title>IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Security</title> <title>IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Security</title>
<author> <author>
<organization>IEEE</organization> <organization>IEEE</organization>
</author> </author>
<date year="2018"/> <date month="December" year="2018"/>
</front> </front>
<seriesInfo name="IEEE Std" value="802.1AE-2018"/>
<seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8585421"/>
</reference> </reference>
<reference anchor="ORAN" target="https://orandownloadsweb.azurewebsites.ne t/specifications"> <reference anchor="ORAN" target="https://orandownloadsweb.azurewebsites.ne t/specifications">
<front> <front>
<title>O-RAN Working Group 1 Slicing Architecture</title> <title>O-RAN Working Group 1 Slicing Architecture</title>
<author> <author>
<organization>O-RAN</organization> <organization>O-RAN</organization>
</author> </author>
<date year="2022"/> <date year="2022"/>
</front> </front>
<seriesInfo name="O-RAN.WG1" value="v06.00"/> <refcontent>O-RAN.WG1 v06.00</refcontent>
</reference> </reference>
</references> </references>
<section anchor="APPA" title="Examples"> <section anchor="APPA" title="Examples">
<t>This appendix contains realisation examples. This is not intended to b <t>This appendix contains realization examples. This is not intended to
e a complete set of be a complete set of possible deployments, nor does it provide
possible deployments, nor does it provide definitive ways to realize th definitive ways to realize these deployments.</t>
ese deployments.</t>
<t>The examples shown here must not be considered to be normative. The de <t>The examples shown here must not be considered to be normative. The
scriptions of terms and descriptions of terms and concepts in the body of the document take
concepts in the body of the document take precedence.</t> precedence.</t>
<section anchor="APPA2" title="Multi-Point to Point Service"> <section anchor="APPA2" title="Multi-Point to Point Service">
<t>As described in <xref target="NS-Service" format="default" /> an MP2P <t>As described in <xref target="NS-Service" format="default"/>, an
service can be realized with multiple MP2P service can be realized with multiple P2P connectivity
P2P connectivity constructs. <xref target="mp2pfig" format="default" constructs. <xref target="mp2pfig" format="default" /> shows a simple
/> shows a simple MP2P service where MP2P service where traffic is sent from any of CE1, CE2, and CE3 to
traffic is sent from any of CE1, CE2, and CE3, to the receiver which the receiver, which is CE4. The service comprises three P2P
is CE4. The service comprises three connectivity constructs: CE1-CE4, CE2-CE4, and CE3-CE4.</t>
P2P connectivity constructs CE1-CE4, CE2-CE4, and CE3-CE4.</t>
<figure anchor="mp2pfig"> <figure anchor="mp2pfig">
<name>Example MP2P Service with P2P Connections</name> <name>Example MP2P Service with P2P Connections</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1
CE1 ___|________
___|________ / \ \
/ \ \ ( \______ )
( \______ ) ( \)
( \) CE2---(--------------)---CE4
CE2---(--------------)---CE4 ( _______/)
( _______/) ( / )
( / ) \___|________/
\___|________/ |
| CE3]]></artwork>
CE3
]]>
</artwork>
</figure> </figure>
</section> </section>
<section anchor="APPA3" title="Service Function Chaining and Ancillary CEs "> <section anchor="APPA3" title="Service Function Chaining and Ancillary CEs ">
<t><xref target="ancillary" format="default" /> introduces the concept o f ancillary CEs. <t><xref target="ancillary" format="default" /> introduces the concept o f ancillary CEs.
<xref target="ancfig" format="default" /> shows a simple example of I ETF Network Slices <xref target="ancfig" format="default" /> shows a simple example of I ETF Network Slices
with connectivity constructs that are used to deliver traffic from CE 1 to CE3 taking in with connectivity constructs that are used to deliver traffic from CE 1 to CE3, taking in
a service function along the path.</t> a service function along the path.</t>
<figure anchor="ancfig"> <figure anchor="ancfig">
<name>Example With Ancillary CEs</name> <name>Example with Ancillary CEs</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1 CE2 CE3
xo* * * *ox
CE1 CE2 CE3 ____xo*_________*_*_________*ox____
xo* * * *ox _/ xo* * * *ox \_
____xo*_________*_*_________*ox____ / xo*********** ***********ox \
_/ xo* * * *ox \_ ( xo ox )
/ xo*********** ***********ox \ ( xooooooooo(ACE1)oooooooooox )
( xo ox ) ( x x )
( xooooooooo(ACE1)oooooooooox ) ( x ------------------ x )
( x x ) ( x | Service Function | x )
( x ------------------ x ) ( x | ....(ACE2).... | x )
( x | Service Function | x ) ( x | : : | x )
( x | ....(ACE2).... | x ) ( xxxx.:....(ACE3)....:.xxxxx )
( x | : : | x ) ( | : : | )
( xxxx.:....(ACE3)....:.xxxxx ) ( | ....(ACE4).... | )
( | : : | ) ( | | )
( | ....(ACE4).... | ) ( ------------------ )
( | | ) ( )
( ------------------ ) \_ Operator Network _/
( ) \___________________________________/]]></artwork>
\_ Operator Network _/
\___________________________________/
]]>
</artwork>
</figure> </figure>
<t>A customer may want to utilize a service where traffic is delivered f <t>A customer may want to utilize a service where traffic is delivered
rom CE1 to CE3 from CE1 to CE3, including a service function sited within the
including a service function sited within the customer&apos;s network customer&apos;s network at CE2. To achieve this, the customer may
at CE2. To request an IETF Network Slice Service comprising two P2P connectivity
achieve this, the customer may request an IETF Network Slice Service constructs: CE1-CE2 and CE2-CE3 (represented with "*" in <xref
comprising two target="ancfig" format="default" />).</t>
P2P connectivity constructs (CE1-CE2 and CE2-CE3 represented as *** i
n the figure).</t>
<t>Alternatively, the service function for the same CE1 to CE3 flow may <t>Alternatively, the service function for the same CE1 to CE3 flow
be hosted at a may be hosted at a node within the network operator&apos;s
node within the network operator&apos;s infrastructure. This is an a infrastructure. This is an ancillary CE in the IETF Network Slice
ncillary CE in the IETF Network Service that the customer requests. This service contains two P2P
Slice Service that the customer requests. This service contains two connectivity constructs: CE1-ACE1 and ACE1-CE3 (represented with "o" in
P2P connectivity <xref target="ancfig" format="default" />). How the customer knows of
constructs (CE1-ACE1 and ACE1-CE3 represented as ooo in the figure). the existence of the ancillary CE and the service functions it
How the customer offers is a matter for agreement between the customer and the network
knows of the existence of the ancillary CE, and the service functions operator.</t>
it offers, is a
matter for agreement between the customer and the network operator.</
t>
<t>Finally, it may be that the customer knows that the network operator <t>Finally, it may be that the customer knows that the network
is able to operator is able to provide the service function but does not know the
provide the service function, but not know the location of the ancill location of the ancillary CE at which the service function is hosted.
ary CE at which Indeed, it may be that the service function is hosted at a number of
the service function is hosted. Indeed, it may be that the service f ancillary CEs (ACE2, ACE3, and ACE4 in <xref target="ancfig"
unction is hosted format="default" />); the customer may know the identities of the
at a number of ancillary CEs (ACE2, ACE3, and ACE4 in the figure): th ancillary CEs but be unwilling or unable to choose one, or the
e customer may customer may not know about the ancillary CEs. In this case, the IETF
know the identities of the ancillary CEs, but be unwilling or unable Network Slice Service request contains two P2P connectivity constructs:
to choose one; or CE1-ServiceFunction and ServiceFunction-CE3 (represented with "x" in
the customer may not know about the ancillary CEs. In this case, the <xref target="ancfig" format="default" />). It is left as a choice
IETF Network Slice for the network operator as to which ancillary CE to use and how to
Service request contains two P2P connectivity constructs (CE1-Service realize the connectivity constructs.</t>
Function and
ServiceFunction-CE3 represented as xxx in the figure). It is left as
a choice for
the network operator which ancillary CE to use and how to realize the
connectivity
constructs.</t>
</section> </section>
<section anchor="APPA4" title="Hub and Spoke"> <section anchor="APPA4" title="Hub and Spoke">
<t>Hub and spoke is a popular way to realize any-to-any connectivity in <t>Hub and spoke is a popular way to realize A2A connectivity
support of multiple P2P traffic flows in support of multiple P2P traffic flows (where the hub performs
(where the hub performs routing), or of P2MP flows (where the hub is routing) or P2MP flows (where the hub is responsible for
responsible for replication). In replication). In many cases, it is the network operator&apos;s choice
many cases, it is the network operator&apos;s choice whether to use h whether to use hub and spoke to realize a mesh of P2P connectivity
ub and spoke to realize a mesh of constructs or P2MP connectivity constructs; this is entirely their
P2P connectivity constructs or P2MP connectivity constructs: this is business as the customer is not aware of how the connectivity
entirely their business as the constructs are supported within the network.</t>
customer is not aware of how the connectivity constructs are supporte
d within the network.</t>
<t>However, it may be the case that the customer wants to control the be <t>However, it may be the case that the customer wants to control the
havior and location of the hub. behavior and location of the hub. In this case, the hub appears as an
In this case, the hub appears as an ancillary CE as shown in <xref ta ancillary CE as shown in <xref target="hns1fig" format="default"/>.</t>
rget="hns1fig" format="default" />.</t>
<t>For the P2P mesh case, the customer does not specify a mesh of P2P co <t>For the P2P mesh case, the customer does not specify a mesh of P2P
nnectivity constructs connectivity constructs (such as CE1-CE2, CE1-CE3, CE2-CE3, and the
(such as CE1-CE2, CE1-CE3, CE2-CE3 and the equivalent reverse directi equivalent reverse direction connectivity) but connects each CE to the
on connectivity), but connects hub with P2P connectivity constructs (as CE1-Hub, CE2-Hub, CE3-Hub,
each CE to the hub with P2P connectivity constructs (as CE1-Hub, CE2- and the equivalent reverse direction connectivity). This scales
Hub, CE3-Hub and the equivalent better in terms of provisioning compared to a full mesh but requires
reverse direction connectivity). This scales better in terms of prov that the hub is capable of routing traffic between connectivity
isioning compared to a full mesh, constructs.</t>
but does require that the hub is capable of routing traffic between c
onnectivity constructs.</t>
<t>For the P2MP case, the customer does not specify a single P2MP connec <t>For the P2MP case, the customer does not specify a single P2MP
tivity construct (in this case, CE3-{CE1+CE2}), connectivity construct (in this case, CE3-{CE1+CE2}) but requests
but requests three P2P connectivity constructs (as CE3-Hub, Hub-CE1, three P2P connectivity constructs (as CE3-Hub, Hub-CE1, and Hub-CE2).
and Hub-CE2). It is the hub&apos;s It is the hub&apos;s responsibility to replicate the traffic from CE3
responsibility to replicate the traffic from CE3 and send it to both and send it to both CE1 and CE2.</t>
CE1 and CE2.</t>
<figure anchor="hns1fig"> <figure anchor="hns1fig">
<name>Example Hub and Spoke Under Customer Control</name> <name>Example Hub and Spoke under Customer Control</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ ------------
------------ CE1 | Hub | CE2
CE1 | Hub | CE2 || ------------ ||
|| ------------ || ___||_____||__||__||_____||___
___||_____||__||__||_____||___ / || || || || || \
/ || || || || || \ ( ====== || ====== )
( ====== || ====== ) ( || )
( || ) ( || )
( || ) \______________||______________/
\______________||______________/ ||
|| CE3]]></artwork>
CE3
]]>
</artwork>
</figure> </figure>
</section> </section>
<section anchor="APPA5" title="Layer 3 VPN"> <section anchor="APPA5" title="Layer 3 VPN">
<t>Layer 3 VPNs are a common service offered by network operators to the <t>Layer 3 VPNs are a common service offered by network operators to
ir customers. They may be modelled as an their customers. They may be modeled as an A2A service but
any-to-any service, but are often realized as a mesh of P2P connectio are often realized as a mesh of P2P connections, or if multicast is
ns, or if multicast is supported, they may supported, they may be realized as a mesh of P2MP connections.</t>
be realized as a mesh of P2MP connections.</t>
<t><xref target="vpnfig" format="default" /> shows an IETF Network Slice <t><xref target="vpnfig" format="default" /> shows an IETF Network
Service with a single A2A connectivity Slice Service with a single A2A connectivity construct between the
construct between the SDPs CE1, CE2, CE3, and CE4. It is a free choi SDPs CE1, CE2, CE3, and CE4. It is a free choice how the network
ce how the network operator realizes this operator realizes this service. They may use a full mesh of P2P
service. They may use a full mesh of P2P connections, a hub and spok connections, a hub-and-spoke configuration, or some combination of
e configuration, or some combination of these approaches.</t>
these approaches.</t>
<figure anchor="vpnfig"> <figure anchor="vpnfig">
<name>Example L3VPN Service</name> <name>Example L3VPN Service</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1 CE2
CE1 CE2 ____|_______________|____
____|_______________|____ / :...............: \
/ :...............: \ ( :. . : )
( :. . : ) ( : ...... . : )
( : ...... . : ) ( : ..... : )
( : ..... : ) ( : .... . : )
( : .... . : ) ( : . .... : )
( : . .... : ) ( : . . : )
( : . . : ) ( :...............: )
( :...............: ) \____:_______________:____/
\____:_______________:____/ | |
| | CE3 CE4]]></artwork>
CE3 CE4
]]>
</artwork>
</figure> </figure>
</section> </section>
<section anchor="APPA6" title="Hierarchical Composition of Network Slices" > <section anchor="APPA6" title="Hierarchical Composition of Network Slices" >
<t>As mentioned in <xref target="ExtConcept" format="default" />, IETF N <t>As mentioned in <xref target="ExtConcept" format="default" />, IETF
etwork Slices may be arranged hierarchically. There is nothing Network Slices may be arranged hierarchically. There is nothing
special or novel about such an arrangement, and it models the hierarch special or novel about such an arrangement, and it models the
ical arrangement of services of virtual networks hierarchical arrangement of services of virtual networks in many other
in many other environments.</t> environments.</t>
<t>As shown in <xref target="hierfig" format="default" />, an Operator&a <t>As shown in <xref target="hierfig" format="default" />, an
pos;s Controller (NSC) that is requested to provide an IETF Network Slice Servic Operator&apos;s Controller (NSC) that is requested to provide an IETF
e for a Network Slice Service for a customer may, in turn, request an IETF
customer may, in turn, request an IETF Network Slice Service from ano Network Slice Service from another carrier. The Operator&apos;s NSC
ther carrier. The Operator&apos;s NSC may manage and control the may manage and control the underlay IETF Network Slice by modifying
underlay IETF Network Slice by modifying the requested connectivity c the requested connectivity constructs and changing the SLAs. The
onstructs and changing the SLAs. The customer is entirely customer is entirely unaware of the hierarchy of slices, and the
unaware of the hierarchy of slices, and the underlay carrier is entir underlay carrier is entirely unaware of how its slice is being
ely unaware of how its slice is being used.</t> used.</t>
<t>This "stacking" of IETF Network Slice constructs is not different to <t>This stacking of IETF Network Slice constructs is not different
the way virtual networks may be arranged.</t> to the way virtual networks may be arranged.</t>
<figure anchor="hierfig"> <figure anchor="hierfig">
<name>Example Hierarchical Arrangement of IETF Network Slices</name> <name>Example Hierarchical Arrangement of IETF Network Slices</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ --------------
-------------- | Network |
| Network | | Slice |
| Slice | | Orchestrator |
| Orchestrator | --------------
-------------- | IETF Network Slice
| IETF Network Slice | Service Request
| Service Request | Customer view
| Customer view ....|................................
....|................................ -v---------------- Operator view
-v---------------- Operator view |Controller |
|Controller | | ------------ |
| ------------ | | | IETF | |
| | IETF | | | | Network |---|---
| | Network |---|--- | | Slice | | |
| | Slice | | | | | Controller | | |
| | Controller | | | | | (NSC) | | |
| | (NSC) | | | | ------------ | |
| ------------ | | ------------------ |
------------------ | | IETF Network Slice
| IETF Network Slice | Service Request
| Service Request |
| .........................|.....................
.........................|..................... ----------v------- Carrier view
----------v------- Carrier view |Controller |
|Controller | | ------------ |
| ------------ | | | IETF | |
| | IETF | | | | Network | |
| | Network | | | | Slice | |
| | Slice | | | | Controller | |
| | Controller | | | | (NSC) | |
| | (NSC) | | | ------------ |
| ------------ | ....| | Network |............
....| | Network |............ | | Configuration | Underlay Network
| | Configuration | Underlay Network | v |
| v | | ------------ |
| ------------ | | | Network | |
| | Network | | | | Controller | |
| | Controller | | | | (NC) | |
| | (NC) | | | ------------ |
| ------------ | ------------------
------------------ | Device Configuration
| Device Configuration v]]></artwork>
v
]]>
</artwork>
</figure> </figure>
<t>In this case, the network hierarchy may also be used to provide conne <t>In this case, the network hierarchy may also be used to provide
ctivity between points in the higher layer network as shown in connectivity between points in the higher-layer network, as shown in
<xref target="bridgefig" format="default" />. Here, an IETF Network <xref target="bridgefig" format="default" />. Here, an IETF Network
Slice may be requested of the lower layer network to provide Slice may be requested of the lower-layer network to provide the
the desired connectivity constructs to supplement the connectivity in desired connectivity constructs to supplement the connectivity in the
the higher layer network where this connectivity might be presented higher-layer network where this connectivity might be presented as a
as a virtual link.</t> virtual link.</t>
<figure anchor="bridgefig"> <figure anchor="bridgefig">
<name>Example Hierarchical Arrangement of IETF Network Slices to Bridg e Connectivity</name> <name>Example Hierarchical Arrangement of IETF Network Slices to Bridg e Connectivity</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1 CE2
CE1 CE2 | |
| | | |
| | _|_________________________________________|_
_|_________________________________________|_ ( : : )
( : : ) ( :.............. ..............: )
( :.............. ..............: ) (_______________:_____________:_______________)
(_______________:_____________:_______________) __|_____________|__
__|_____________|__ ( : : )
( : : ) ( :.............: )
( :.............: ) (___________________)]]></artwork>
(___________________)
]]>
</artwork>
</figure> </figure>
</section> </section>
<section anchor="APPA7" title="Horizontal Composition of Network Slices"> <section anchor="APPA7" title="Horizontal Composition of Network Slices">
<t>It may be that end-to-end connectivity is achieved using a set of coo perating networks as described in <xref target="ExtConcept" format="default" />. <t>It may be that end-to-end connectivity is achieved using a set of coo perating networks as described in <xref target="ExtConcept" format="default" />.
For example, there may be multiple interconnected networks that provi de the required connectivity as shown in <xref target="peerfig" format="default" />. For example, there may be multiple interconnected networks that provi de the required connectivity as shown in <xref target="peerfig" format="default" />.
The networks may utilize different technologies and may be under sepa rate administrative control.</t> The networks may utilize different technologies and may be under sepa rate administrative control.</t>
<figure anchor="peerfig"> <figure anchor="peerfig">
<name>Example Customer View of Interconnected Networks Providing End-t o-End Connectivity</name> <name>Example Customer View of Interconnected Networks Providing End-t o-End Connectivity</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1 CE2
CE1 CE2 | |
| | SDP1 SDP2
SDP1 SDP2 | |
| | _|____ ______ ______ ____|_
_|____ ______ ______ ____|_ ( ) ( ) ( ) ( )
( ) ( ) ( ) ( ) ( )---( )---( )---( )
( )---( )---( )---( ) (______) (______) (______) (______)]]></artwork>
(______) (______) (______) (______)
]]>
</artwork>
</figure> </figure>
<t>In this scenario, the customer (represented by CE1 and CE2) may reque <t>In this scenario, the customer (represented by CE1 and CE2) may
st an IETF Network Slice Service connecting the CEs. The customer considers the request an IETF Network Slice Service connecting the CEs. The
SDPs at the edge (shown as SDP1 and SDP2 in <xref target="peerfig" fo customer considers the SDPs at the edge (shown as SDP1 and SDP2 in
rmat="default" />) and might not be aware of how the end-to-end connectivity is <xref target="peerfig" format="default" />) and might not be aware of
composed.</t> how the end-to-end connectivity is composed.</t>
<t>However, because the various networks may be of different technologie <t>However, because the various networks may be of different
s and under separate administrative control, the networks are sliced individuall technologies and under separate administrative control, the networks
y and are sliced individually, and coordination is necessary to deliver the
coordination is necessary to deliver the desired connectivity. The n desired connectivity. The Network-to-Network Interfaces (NNIs) are
etwork to network interfaces (NNIs) are present as SDPs for the IETF Network Sli present as SDPs for the IETF Network Slices in each network, so that
ces in each network is individually sliced. In the example in <xref
each network so that each network is individually sliced. In the exa target="peerdlvrfig" format="default" />, this is illustrated as
mple in <xref target="peerdlvrfig" format="default" />, this is illustrated as n network 1 (N/w1) being sliced between SDP1 and SDPX, N/w2 being sliced
etwork 1 between SDPY and SDPU, etc. The coordination activity involves
(N/w1) being sliced between SDP1 and SDPX, N/w2 being sliced between binding the SDPs, and hence the connectivity constructs, to achieve
SDPY and SDPU, etc. The coordination activity involves binding the SDPs, and he end-to-end connectivity with the required SLOs and SLEs. In this way,
nce simple and complex end-to-end connectivity can be achieved with a
the connectivity constructs, to achieve end-to-end connectivity with variety of connectivity constructs in the IETF Network Slices of
the required SLOs and SLEs. In this way, simple and complex end-to-end connecti different networks "stitched" together.</t>
vity can be achieved with a variety
of connectivity constructs in the IETF Network Slices of different ne
tworks "stitched" together.</t>
<figure anchor="peerdlvrfig"> <figure anchor="peerdlvrfig">
<name>Example Delivery of An End-to-End IETF Network Slice with Interc <name>Example Delivery of an End-to-End IETF Network Slice with Interc
onnected Networks</name> onnected Networks</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ CE1 CE2
CE1 CE2 | |
| | SDP1 SDP2
SDP1 SDP2 | |
| | _|____ ______ ______ ____|_
_|____ ______ ______ ____|_ ( ) SDPX ( ) SDPU ( ) SDPS ( )
( ) SDPX ( ) SDPU ( ) SDPS ( ) ( N/w1 )------( N/w2 )------( N/w3 )------( N/w4 )
( N/w1 )------( N/w2 )------( N/w3 )------( N/w4 ) (______) SDPY (______) SDPV (______) SDPT (______)]]></artwork>
(______) SDPY (______) SDPV (______) SDPT (______)
]]>
</artwork>
</figure> </figure>
<t>The controller/coordinator relationship is shown in <xref target="coo rdfig" format="default" />.</t> <t>The controller/coordinator relationship is shown in <xref target="coo rdfig" format="default" />.</t>
<figure anchor="coordfig"> <figure anchor="coordfig">
<name>Example Relationship of IETF Network Slice Coordination</name> <name>Example Relationship of IETF Network Slice Coordination</name>
<artwork align="center" name="" type="" alt=""> <artwork align="center" name="" type="" alt=""><![CDATA[
<![CDATA[ --------------
-------------- | Network |
| Network | | Slice |
| Slice | | Orchestrator |
| Orchestrator | --------------
-------------- | IETF Network Slice
| IETF Network Slice | Service Request
| Service Request | Customer view
| Customer view ....|................................
....|................................ -v---------------- Coordinator view
-v---------------- Coordinator view |Coordinator |
|Coordinator | | |
| | ------------------
------------------ | |_________________
| |_________________ | |
| | | |
| | ....|....................... ....|.....................
....|....................... ....|..................... -v-------------- -v--------------
-v-------------- -v-------------- |Controller1 | Operator1 |Controller2 | Operator2
|Controller1 | Operator1 |Controller2 | Operator2 | ------------ | | ------------ |
| ------------ | | ------------ | | | IETF | | | | IETF | |
| | IETF | | | | IETF | | | | Network | | | | Network | |
| | Network | | | | Network | | | | Slice | | | | Slice | |
| | Slice | | | | Slice | | | | Controller | | | | Controller | |
| | Controller | | | | Controller | | | | (NSC) | | | | (NSC) | |
| | (NSC) | | | | (NSC) | | | ------------ | | ------------ |
| ------------ | | ------------ | ....| | Network |............ | | Network |............
....| | Network |............ | | Network |............ | | Config | Underlay1 | | Config | Underlay2
| | Config | Underlay1 | | Config | Underlay2 | v | | v |
| v | | v | | ------------ | | ------------ |
| ------------ | | ------------ | | | Network | | | | Network | |
| | Network | | | | Network | | | | Controller | | | | Controller | |
| | Controller | | | | Controller | | | | (NC) | | | | (NC) | |
| | (NC) | | | | (NC) | | | ------------ | | ------------ |
| ------------ | | ------------ | ---------------- ----------------
---------------- ---------------- | Device Configuration
| Device Configuration v]]></artwork>
v
]]>
</artwork>
</figure> </figure>
</section> </section>
</section> </section>
</back> <section anchor="acknowledgments" numbered="false" toc="default">
<name>Acknowledgments</name>
<t>The entire TEAS Network Slicing design team and everyone
participating in related discussions has contributed to this document.
Some text fragments in the document have been copied from the <xref
target="I-D.ietf-teas-enhanced-vpn" format="default"/>, for which we are
grateful.</t>
<t>Significant contributions to this document were gratefully received
from the contributing authors listed in the "<xref target="contributors"
format="title"/>" section. In addition, we would like to also thank
those others who have attended one or more of the design team meetings,
including the following people not listed elsewhere:</t>
<ul spacing="compact">
<li><t><contact fullname="Aihua Guo"/></t></li>
<li><t><contact fullname="Bo Wu"/></t></li>
<li><t><contact fullname="Greg Mirsky"/></t></li>
<li><t><contact fullname="Lou Berger"/></t></li>
<li><t><contact fullname="Rakesh Gandhi"/></t></li>
<li><t><contact fullname="Ran Chen"/></t></li>
<li><t><contact fullname="Sergio Belotti"/></t></li>
<li><t><contact fullname="Stewart Bryant"/></t></li>
<li><t><contact fullname="Tomonobu Niwa"/></t></li>
<li><t><contact fullname="Xuesong Geng"/></t></li>
</ul>
<t>Further useful comments were received from <contact fullname="Daniele
Ceccarelli"/>, <contact fullname="Uma Chunduri"/>, <contact
fullname="Pavan Beeram"/>, <contact fullname="Tarek Saad"/>, <contact
fullname="Kenichi Ogaki"/>, <contact fullname="Oscar Gonzalez de
Dios"/>, <contact fullname="Xiaobing Niu"/>, <contact fullname="Dan
Voyer"/>, <contact fullname="Igor Bryskin"/>, <contact fullname="Luay
Jalil"/>, <contact fullname="Joel Halpern"/>, <contact fullname="John
Scudder"/>, <contact fullname="John Mullooly"/>, <contact
fullname="Krzysztof Szarkowicz"/>, <contact fullname="Jingrong Xie"/>,
<contact fullname="Jia He"/>, <contact fullname="Reese Enghardt"/>,
<contact fullname="Dirk Von Hugo"/>, <contact fullname="Erik Kline"/>,
and <contact fullname="Éric Vyncke"/>.</t>
<t>This work is partially supported by the European Commission under
Horizon 2020 grant agreement number 101015857 Secured autonomic traffic
management for a Tera of SDN flows (Teraflow).</t>
</section>
<section anchor="contributors" numbered="false" toc="default">
<name>Contributors</name>
<t>The following people contributed substantially to the content of this
document and should be considered coauthors. <contact fullname="Eric
Gray"/> was the original editor of the fundation documents.</t>
<contact fullname="Eric Gray" >
<organization>Retired</organization>
</contact>
<contact fullname="Jari Arkko" >
<organization>Ericsson</organization>
<address>
<email>jari.arkko@piuha.net</email>
</address>
</contact>
<contact fullname="Mohamed Boucadair" >
<organization>Orange</organization>
<address>
<email>mohamed.boucadair@orange.com</email>
</address>
</contact>
<contact fullname="Dhruv Dhody" >
<organization>Huawei</organization>
<address>
<postal>
<country>India</country>
</postal>
<email>dhruv.ietf@gmail.com</email>
</address>
</contact>
<contact fullname="Jie Dong" >
<organization>Huawei</organization>
<address>
<email>jie.dong@huawei.com</email>
</address>
</contact>
<contact fullname="Xufeng Liu" >
<organization>Volta Networks</organization>
<address>
<email>xufeng.liu.ietf@gmail.com</email>
</address>
</contact>
</section>
</back>
</rfc> </rfc>
 End of changes. 262 change blocks. 
1898 lines changed or deleted 1643 lines changed or added

This html diff was produced by rfcdiff 1.48.