From mavs-bounces@ietf.org Fri Feb 03 13:44:41 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F55vF-0004y9-Am; Fri, 03 Feb 2006 13:44:41 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F55vC-0004py-Sg for MAVS@megatron.ietf.org; Fri, 03 Feb 2006 13:44:38 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28197 for ; Fri, 3 Feb 2006 13:42:39 -0500 (EST) Received: from hostedexchange.hostedservice.com ([217.28.130.38]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F566T-000724-SK for mavs@ietf.org; Fri, 03 Feb 2006 13:56:20 -0500 Received: from THHS2EXBE2X.hostedservice2.net ([192.168.33.21]) by hostedexchange.hostedservice.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 3 Feb 2006 18:44:12 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 3 Feb 2006 18:44:12 -0000 Message-ID: Thread-Index: AcYo8dI1zT//PnmRTki1l0FCS+nlSQ== From: "David Page" To: X-OriginalArrivalTime: 03 Feb 2006 18:44:12.0182 (UTC) FILETIME=[D32D2B60:01C628F1] X-Spam-Score: 0.5 (/) X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3 Subject: [Mavs] (no subject) X-BeenThere: mavs@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Multiprovider End-to-end VPN Services List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0032992998==" Sender: mavs-bounces@ietf.org Errors-To: mavs-bounces@ietf.org This is a multi-part message in MIME format. --===============0032992998== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C628F1.D3155ACF" This is a multi-part message in MIME format. ------_=_NextPart_001_01C628F1.D3155ACF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I am interested in this alias' view of the following observation: =20 "Some operators tend to think of an MPLS interconnect as an NNI. = Accordingly, they ascribe MPLS interconnects with commonly held = attributes of NNIs; namely that NNIs are core network constructs that = ideally maintain little or no customer-specific state or configuration. = Diametrically opposed to this view are other operators. They see MPLS = interconnect as a multi-enterprise hub site, an outsource of hub site = capabilities, and therefore a point of customer-specific service = creation and control. Both refer to MPLS interconnect; each are solving = different problems." ------_=_NextPart_001_01C628F1.D3155ACF Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I =0A= am interested in this alias' view of the =0A= following observation:
=0A=
 
=0A=
"Some =0A= operators tend to think of an MPLS interconnect as an NNI. = Accordingly, =0A= they ascribe MPLS interconnects with commonly held attributes of NNIs; = namely =0A= that NNIs are core network constructs that ideally maintain little or no =0A= customer-specific state or configuration. Diametrically opposed to this = view are =0A= other operators. They see MPLS interconnect as a multi-enterprise = hub site, =0A= an outsource of hub site capabilities, and therefore a point of =0A= customer-specific service creation and control. Both refer to MPLS = interconnect; =0A= each are solving different problems."
------_=_NextPart_001_01C628F1.D3155ACF-- --===============0032992998== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Mavs mailing list Mavs@ietf.org https://www1.ietf.org/mailman/listinfo/mavs --===============0032992998==-- From mavs-bounces@ietf.org Mon Feb 13 20:12:26 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8ojy-0002Db-O0; Mon, 13 Feb 2006 20:12:26 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8ojv-0002B5-Bd for MAVS@megatron.ietf.org; Mon, 13 Feb 2006 20:12:23 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA07877 for ; Mon, 13 Feb 2006 20:10:36 -0500 (EST) Received: from psg.com ([147.28.0.62] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8oxX-00051D-7i for MAVS@ietf.org; Mon, 13 Feb 2006 20:26:34 -0500 Received: from localhost ([127.0.0.1]) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from ) id 1F8ojl-000KxS-HK; Tue, 14 Feb 2006 01:12:14 +0000 Message-ID: <43F12E71.1070402@psg.com> Date: Tue, 14 Feb 2006 02:12:17 +0100 From: dimitri papadimitriou User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050728 X-Accept-Language: en-us, en MIME-Version: 1.0 To: JACQUENET Christian RD-TCH-REN Subject: Re: [Mavs] MAVS Requirements Draft posted References: <8AA97249241F7148BE6D3D8B93D83F5A0916213B@FTRDMEL2.rd.francetelecom.fr> In-Reply-To: <8AA97249241F7148BE6D3D8B93D83F5A0916213B@FTRDMEL2.rd.francetelecom.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 41bbd14f62483004bcdc6c6d42f94cb2 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id UAA07877 Cc: MAVS@ietf.org, "Jim Guichard \(jguichar\)" X-BeenThere: mavs@ietf.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dpapadimitriou@psg.com, dimitri.papadimitriou@alcatel.be List-Id: Multiprovider End-to-end VPN Services List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mavs-bounces@ietf.org Errors-To: mavs-bounces@ietf.org hi christian, there is indeed lot's of progress achieved in terms of requirements for=20 activating multi-AS/SP VPNs; imho, starting with topological, security=20 and management should received most of the attention (as first step); concerning "QoS" it would be appropriate to come with a sort of first=20 layout because as far as my memory goes a discussion had been initiated=20 in Yokohama on QoS for VPN that lead to a short section in RFC4364 and=20 as the document also explains very few is available in terms of std's on=20 which this multi-AS/SP QoS could rely on; so, from the QoS perspective=20 the starting point is different than for inst. the topological aspects the provided classification and the selected items should be completed=20 by a detailed work plan with set of "actions" that would be part of a=20 charter relationship with the work carried out as part of other working groups=20 (SIDR, DCP, etc.) could then be determined i would be willing to help in this process much thanks, - dimitri. JACQUENET Christian RD-TCH-REN wrote: > Dear all, >=20 > FWIW, please find enclosed the aforementioned draft that has just been > posted to the IETF web site. Your feedback on this document is more tha= n > welcome, especially because it may condition the organization of a BoF > session on this subject during the upcoming IETF meeting of Dallas. >=20 > Cheers, >=20 > Jim, Martin, and Christian. > <>=20 >=20 > _________________ ________ ______ ______=20 > /_____________ /__ /_ _ / / / / / Christian Jacquenet > - France Telecom R&D/TCH/NOR=20 > /_________/ / / / / / / / / /__/ Tel: +33 2 99 12 49 > 40 Cell: +33 6 73 67 73 53=20 > / / /___/__/___/_____/_/__/____ "I got my mojo > workin',=20 > /__/ /__________________________/_ But I'm pinned again.= " >=20 > /_______________________________/ - Pincushion. > =20 >=20 >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 > TBD M.Halstead, Ed=20 > Internet Draft Nexagent Ltd=20 > Expires: July 2006 =20 > Jim Guichard, Ed=20 > Cisco Systems, Inc.= =20 > =20 > Christian Jacquenet, Ed= =20 > France Telecom=20 > =20 > January 26, 2006=20 > =20 > =20 > IETF Internet Draft=20 > =20 > Document: draft-Halstead-Guichard-MAVS-Requirements-01=20 > =20 > Requirements for Multi Autonomous System VPN Services=20 >=20 >=20 > Status of this Memo=20 >=20 > This memo provides information for the Internet community. It does=20 > not specify an Internet standard of any kind. Distribution of this=20 > memo is unlimited. Internet-Drafts are working documents of the=20 > Internet Engineering Task Force (IETF), its areas, and its working=20 > groups. Note that other groups may also distribute working document= s=20 > as Internet-Drafts. Internet-Drafts are draft documents valid for a=20 > maximum of six months and may be updated, replaced, or obsoleted by=20 > other documents at any time.=20 >=20 > The list of current Internet-Drafts can be accessed at=20 >=20 > http://www.ietf.org/ietf/1id-abstracts.txt.=20 >=20 > The list of Internet-Draft Shadow Directories can be accessed at=20 > http://www.ietf.org/shadow.html.=20 >=20 > Copyright Notice=20 >=20 > Copyright (C) The Internet Society (2006). All Rights Reserved.=20 >=20 > Abstract=20 >=20 > This document complements [RFC4031] and defines requirements that ar= e=20 > specific to the delivery of BGP/MPLS-based [RFC-2547bis] VPN service= s=20 > across multiple administrative domains. These requirements are=20 > independent of underlying technologies or the number of Autonomous=20 > Systems such VPNs may span. It lists the requirements of the=20 > =20 > =20 > =20 > Expires July 26, 2006 [Page 1]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > different parties that are involved in the administration of these=20 > Autonomous Systems and may therefore be involved in the delivery of=20 > the VPN service offerings. =20 >=20 > Conventions used in this document =20 >=20 > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",=20 > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this= =20 > document are to be interpreted as described in RFC-2119. =20 >=20 > Table of Contents=20 >=20 > =20 > 1. Introduction................................................3=20 > 2. Definitions.................................................5=20 > 2.1. Multi Domain Environment (MDE)..........................5=20 > 2.2. VPN Service Provider (VSP)..............................5=20 > 2.3. VPN Peering Location (VPL)..............................6=20 > 2.4. Agent..................................................6=20 > 3. Problem Statement...........................................6=20 > 4. Multi Domain Environment Reference Model.....................7=20 > 4.1. Distributed Policy Enforcement Example..................8=20 > 4.2. Centralized Policy Enforcement Example..................8=20 > 5. Topological Requirements.....................................8=20 > 5.1. Remote Service Interconnect Requirement.................8=20 > 5.2. Optimal Interconnect Selection Requirement..............8=20 > 5.3. Redundant Interconnect Requirement.....................10=20 > 5.4. VPN Topology Requirement...............................10=20 > 5.5. End-to-end Unicast and Multicast Routing Requirements...11=20 > 5.5.1. Generic Routing Considerations....................11=20 > 5.5.2. IGP Routing Considerations........................12=20 > 5.5.3. BGP Routing Considerations........................12=20 > 5.5.3.1. BGP AS_PATH Attribute Considerations..........12=20 > 5.5.3.2. Route Distinguisher Allocation Considerations.13=20 > 5.5.3.1. Route Target Allocation Considerations........13=20 > 5.5.3.2. Traffic Load Balancing Considerations.........13=20 > 5.5.4. Multicast Routing Considerations..................14=20 > 6. QoS Requirements...........................................14=20 > 6.1. Differentiated Services Policy Considerations..........15=20 > 6.1.1. QoS Policy Transparency...........................16=20 > 6.2. Consistent Metric Considerations.......................16=20 > 6.3. Traffic Engineering/Routing Policy Considerations.......17=20 > 6.4. Metrology Considerations...............................17=20 > 7. Security Requirements.......................................18=20 > 7.1. Encryption Requirements................................19=20 > 7.2. Label Spoofing Protection..............................20=20 > 7.3. Authentication Requirements............................20=20 > =20 > =20 > Expires July 26, 2006 [Page 2]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > 7.3.1. Authentication of Network Elements................20=20 > 7.3.2. VPN Route Authentication and Filtering............20=20 > 8. Management Requirements.....................................22=20 > 8.1. Performance Metric Statistic Requirements..............22=20 > 8.2. Capital Scaling Requirements...........................22=20 > 8.3. Operational Scaling Requirements.......................22=20 > 8.3.1. Service Independence Requirements.................23=20 > 8.3.2. Minimize Network Integration Requirements..........23=20 > 8.3.3. Third Party Interconnect Requirements.............24=20 > 8.4. IPVPN Services Demarcation Requirements................24=20 > 8.4.1. Fully Managed Service Demarcation.................24=20 > 8.4.2. Mixed Management Service Demarcation..............25=20 > 8.5. Remote CE Management Requirement.......................25=20 > 8.6. End-to-End Combined Services Requirement...............26=20 > 8.6.1. Combined VPN and Internet Access Requirement.......26=20 > 8.6.2. Combined IP and non-IP Application Transport Requiremen= t > ........................................................26=20 > 9. Conclusions................................................27=20 > 10. Acknowledgements..........................................27=20 > 11. References................................................27=20 > 11.1. Normative References..................................27=20 > 11.2. Informative References................................28=20 > Editor's Addresses............................................29=20 > 12. Intellectual Property Statement............................29=20 > Disclaimer of Validity........................................30=20 > Copyright Statement...........................................30=20 > =20 >=20 > 1. Introduction=20 >=20 > This document summarizes requirements that apply to all parties=20 > involved in the delivery of BGP/MPLS-based [RFC-2547bis] VPN service= s=20 > that span multiple Autonomous Systems (ASes). Such parties include,=20 > but are not limited to, Network Service Providers (NSP), Systems=20 > Integrators (SI), Network Integrators (NI), Cable Operators (CO),=20 > Mobile Operators (MO) and Virtual Network Operators (VNO). =20 >=20 > BGP/MPLS-based [RFC-2547bis] services may be delivered between ASes=20 > of the same company (commonly referred to as "Inter-AS" services), o= r=20 > different companies (commonly referred to as "Inter-provider"=20 > services). This document aims to provide requirements for either typ= e=20 > of service delivery.=20 >=20 > BGP/MPLS-based [RFC-2547bis] VPN services are deployed and operated=20 > due to the combined activation of a set of elementary capabilities.=20 > This document is organized to take the requirements for activating=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 3]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > these capabilities across multiple ASes into account using the=20 > following taxonomy:=20 >=20 > - Topological considerations: These correspond to the information=20 > needed for the deployment of BGP/MPLS-based [RFC-2547bis] VPN=20 > topologies. This information includes, but is not limited to,=20 > identification of the endpoints that will be interconnected via=20 > the VPN, forwarding and routing policies to be enforced by the=20 > VPN network elements, and the topology of VPN membership.=20 >=20 > - QoS considerations: These correspond to the information, with QoS=20 > parameters, that may characterize the level of quality provided=20 > with the VPN service offering. QoS parameters include, but are=20 > not limited to, VPN traffic classification and marking=20 > capabilities, traffic conditioning and scheduling capabilities,=20 > as well as VPN traffic engineering capabilities.=20 >=20 > - Security considerations: Any BGP/MPLS-based [RFC-2547bis] VPN=20 > that is deployed and operated across multiple ASes may require=20 > the need for identification, authentication and potentially, VPN=20 > traffic encryption capabilities. This includes the possible=20 > identification and authentication of the resources that=20 > participate in the establishment and operation of a VPN, as well=20 > as the ability to check the integrity of VPN route announcements=20 > exchanged between ASes.=20 >=20 > - Management considerations: It is assumed that the operation of=20 > QoS-based BGP/MPLS-based [RFC-2547bis] VPN services is part of=20 > the management tasks performed by service providers within their=20 > own ASes. Additional operational tasks are however needed in=20 > order to enable the management of VPN services across multiple=20 > ASes.=20 >=20 > - Measurement and monitoring considerations: the ability to measure=20 > and monitor service delivery is of paramount importance,=20 > especially when such services span multiple ASes.=20 >=20 > This document is therefore organized as follows: =20 >=20 > - Section 2 defines terminology specific to the delivery of=20 > BGP/MPLS-based [RFC-2547bis] VPN services that span multiple=20 > ASes. This terminology aims at facilitating the overall=20 > understanding of the issues and requirements expressed in this=20 > document.=20 >=20 > - Section 3 describes some of the drivers for the deployment of=20 > Multi-AS BGP/MPLS-based [RFC-2547bis] VPN services. =20 > =20 > =20 > Expires July 26, 2006 [Page 4]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > - Section 4 introduces a reference model that depicts the context=20 > for the deployment and the operation of BGP/MPLS-based [RFC- > 2547bis] VPN service offerings that span multiple ASes. In=20 > addition, use cases illustrate examples of different business and= =20 > operational process interaction between the various parties. =20 >=20 > - Section 5 describes topological requirements that include traffic=20 > forwarding and routing considerations, VPN traffic load balancing= =20 > capabilities, as well as VPL-specific interconnect design=20 > considerations.=20 >=20 > - Section 6 describes VPN-specific Multi-AS QoS policy enforcement=20 > requirements which include forwarding, routing and measurement=20 > considerations.=20 >=20 > - Section 7 describes VPN-specific Multi-AS security policy=20 > enforcement requirements which include identification,=20 > authentication and encryption considerations.=20 >=20 > - Section 8 describes VPN-specific Multi-AS management policy=20 > enforcement requirements which include configuration, fault=20 > detection, performance and accounting management tasks.=20 >=20 > 2. Definitions=20 >=20 > Some of the terminology used in this document is taken from [RFC- > 4026] and [RFC-4031]. "VPN" in the context of this document refers=20 > specifically to BGP/MPLS-based [RFC-2547bis] VPN services. In order=20 > to clarify the requirements listed in this document, it is necessary= =20 > to further define and introduce new terminology, specific to multi=20 > provider VPN services as follows: =20 >=20 > 2.1. Multi Domain Environment (MDE) =20 >=20 > Two or more Autonomous Systems that may or may not be owned by=20 > separate administrative authorities, and which are used to=20 > interconnect service endpoints (sites) of one or more VPNs.=20 >=20 > 2.2. VPN Service Provider (VSP) =20 >=20 > A VSP is an operator who participates in the delivery of a single=20 > domain, or multi-domain (MDE-wide) VPN service. In delivering the VP= N=20 > service, the VSP may own a subset, or all of the participating=20 > network elements. Examples of VSPs include Network Service Providers= =20 > (NSP), Systems Integrators (SI), Network Integrator (NI), Cable=20 > Operator (CO), Mobile Operator (MO) and Virtual Network Operators=20 > (VNO). =20 > =20 > =20 > Expires July 26, 2006 [Page 5]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > 2.3. VPN Peering Location (VPL) =20 >=20 > A VPL is a physical location where VPN services delivered by one or=20 > more VSPs are interconnected. Examples of VPLs include a network=20 > operator hotel, SP central offices, a collocation facility or any=20 > building common to one or more VSPs. A VPL could be operated by a=20 > single VSP, consortium of VSPs or a neutral 3rd-party..=20 >=20 > 2.4. Agent =20 >=20 > For the purposes of this document, an Agent is a VSP who is=20 > responsible for the management of multi-party business processes,=20 > negotiations and fulfillment that allow the multi-provider VPN to=20 > function. The Agent manages this responsibility by either=20 > operationally complying with or coordinating policies across all=20 > parties involved in delivering their customer's end-to-end service.=20 > Policy compliance or multi-party policy coordination is achieved=20 > either in a distributed or centralized manner. =20 >=20 > For distributed policy enforcement, cooperating VSPs agree upon the=20 > enforcement of consistent policies for VPN service provisioning=20 > purposes. In this case, end-to-end policy enforcement is distributed= =20 > across multiple VSPs, each of which is a stakeholder in the supply=20 > and enforcement of a fixed set of policies within the shared MDE. A=20 > VPN customer defines their VPN service requirements with an Agent wh= o=20 > then maps these requirements to the set of pre-agreed policies. =20 >=20 > For centralized policy enforcement, the Agent coordinates per=20 > customer, a set of policies related to the management of the=20 > customer's VPN service. In contrast to a shared MDE where policy=20 > enforcement is distributed across multiple VSPs, this Agent will=20 > coordinate policies and integrate VPN services per customer, thereby= =20 > creating a MDE that is dedicated to the Agent's customers only. The=20 > Agent may independently agree and manage SLSs with each partner VSP=20 > and offer an aggregated end-to-end SLS to their customer's.=20 >=20 > 3. Problem Statement=20 >=20 > No single network can deliver VPN services that provide optimal pric= e=20 > and performance for all customers and all customer locations. For=20 > regulatory, commercial, resiliency and other reasons, customer=20 > requirements for VPN services may not be compatible with a single VS= P=20 > owned network infrastructure.=20 >=20 > Alternatively, some customers may have requirements for VPNs that ar= e=20 > difficult and/or expensive for a single VSP to deliver. In this case= =20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 6]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > the VSP has incentives to cooperate with other VSPs that may offer=20 > similar VPN services, along with broadly compatible SLSs.=20 >=20 > For customers (whether they solicit an Agent or not), end-to-end VPN= =20 > service delivery is paramount. Controllable, predictable and reliabl= e=20 > VPN service must be delivered regardless of the characteristics of=20 > the MDE. The challenge however for the Agent in controlling 'global'= =20 > service policy in an MDE is the lack of homogenous policies amongst=20 > VSPs and the difficulty VSPs have in adapting their VPN service=20 > domains to the customer's Agent-defined VPN service policy. =20 >=20 > =20 >=20 > 4. Multi Domain Environment Reference Model=20 >=20 > Figure 1 shows a generic reference model for a Multi Domain=20 > Environment. It shows the relationships that exist between the=20 > various parties involved in the establishment of VPN services that=20 > span multiple VSP-administered networks. =20 >=20 > =20 > |<------------Multi Domain Environment----------->|=20 > | |=20 > | Customer |=20 > | | |=20 > | +----------------- Agent ------------------+ |=20 > | | | | | | |=20 > | | VSP1 VPL1 VSP2 | |=20 > | | ^ ^ ^ | |=20 > | 1..n 1..n 1..n 1..n 1..n |=20 > | V V V V V |=20 > |Site1 <---> AS1<---> (VPL1) <---> AS2 <---> Site2|=20 > =20 > Figure 1 - MDE Reference Model=20 > =20 > The MDE consists of sites, interconnected via ASes. ASes are then=20 > interconnected via VPLs, within the context of delivering VPN servic= e=20 > offerings. There is potentially a one-to-many relationship between=20 > VSPs and ASes, similarly there is potentially a one-to-many=20 > relationship between VPL operators and VPLs. =20 >=20 > With reference to Figure 1, the following sections detail examples o= f=20 > the coordination of the various parties in the enforcement of a set=20 > of policies. These policies relate to the provisioning of an MDE-wid= e=20 > VPN service and include (but are not limited to) addressing, routing= ,=20 > QoS and security. =20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 7]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > 4.1. Distributed Policy Enforcement Example=20 >=20 > The customer's Agent is a single VSP (VSP1 in this example). VSP1=20 > manages the relationship with the customer, which includes the=20 > specification, instantiation, possible negotiation and invocation of= =20 > the customer's SLS (Service Level Specification). Cooperating VSPs,=20 > VSP1 and VSP2 have pre-agreed an enforced set of policies, including= =20 > the management of VPL1. The customer's requirements are mapped by=20 > VSP1 to the pre-agreed policies of VSP1 and VSP2. =20 >=20 > 4.2. Centralized Policy Enforcement Example=20 >=20 > The customer's Agent is a Systems Integrator (SI). The SI does not=20 > own the network infrastructure (the VPN networking elements), but=20 > manages the VPLs, as well as the processes involved in connecting th= e=20 > VPLs with each relevant VSP owned AS. VSP1 and VSP2 independently=20 > provide customer-specific VPN services and associated SLS=20 > instantiated templates to the SI who is then responsible for=20 > integrating each VSP's VPN service components and=20 > negotiating/invoking an end-to-end SLS with/for their customer. =20 >=20 > =20 >=20 > 5. Topological Requirements=20 >=20 > 5.1. Remote Service Interconnect Requirement=20 >=20 > In an MDE, Agent(s) will select VSPs according to the needs of their= =20 > customer. VSP owned ASes may or may not be collocated at the same=20 > VPL. For those ASes that are collocated at the same VPL,=20 > interconnection of VPN services can take place locally. However, in=20 > the example of an end-to-end chain of three VSP owned ASes and two=20 > VPLs, local VPN interconnection will happen twice; once at the first= =20 > VPL (first to second AS) and once at the second (second to third AS)= .=20 > However, in some situations, the Agent may choose not to use the VPN= =20 > service of the second (middle) VSP. Instead, the Agent may wish to=20 > interconnect the VPN services of the first and third VSPs remotely.=20 > There is, therefore, an Agent-driven requirement to be able to=20 > remotely interconnect services of non-collocated VSP owned ASes in a= n=20 > MDE. =20 >=20 > 5.2. Optimal Interconnect Selection Requirement=20 >=20 > VSP multi-homing is the scenario in which a VSP needs to interconnec= t=20 > their AS at two or more VPLs. By ensuring that traffic passes betwee= n=20 > ASes at pre-determined VPLs, the desired end-to-end VPN service=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 8]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > delivery can be established and retained for any customer sites. VSP= =20 > networks can therefore be utilized more efficiently. =20 >=20 > As an example, consider a customer site in the middle of the USA. It= =20 > is connected to a VSP's AS that is interconnected at VPLs in both Ne= w=20 > York and Los Angeles. In order to minimize latency, traffic must be=20 > sent to Tokyo via the LA VPL and not via New York. From a network=20 > utilization perspective, routing Tokyo-bound traffic via New York=20 > incurs an inefficient, resource-consuming round trip traversal of th= e=20 > USA. Similarly, the same site might also send traffic to London. The= =20 > optimal route for this traffic will be via New York rather than LA. = =20 >=20 > Although this scenario may be taken care of by standard IP routing,=20 > the specifics of a VSPs BGP routing policy, or traffic engineering=20 > implementation, may force some traffic to be forwarded away from the= =20 > best path. Therefore, for multi-homed ASes, there is a requirement=20 > for interconnects at multiple VPLs to be optimally selectable for=20 > each source-destination site pair within an MDE. Nevertheless, the=20 > notion of optimality should not necessarily be expressed in terms of= =20 > hop count metrics. The selection of the optimal interconnecting=20 > points should rely upon a variety of criteria that include (but are=20 > not necessarily limited to):=20 >=20 > - The minimum number of hops that need to be crossed to reach a=20 > given (set of) VPN destination(s), =20 >=20 > - The minimum value of the one-way transit delay to reach a given=20 > (set of) VPN destination(s),=20 >=20 > - The minimum value of the inter-packet delay variation to reach a=20 > given (set of) VPN destination(s),=20 >=20 > - The minimum value of the packet loss rate to reach a given (set=20 > of) VPN destination(s),=20 >=20 > - The preservation of the confidentiality of the traffic that may=20 > be exchanged between a given set of VPN locations,=20 >=20 > - The maximum VPN prefix length that should be announced at VPL=20 > locations,=20 >=20 > - The use of VPL locations that should not share network resources=20 > involved in the forwarding of Internet traffic,=20 >=20 > - The required traffic symmetry to allow a given source-destination=20 > pair to be forwarded on the same path in both directions so as to= =20 > avoid packet mis-ordering=20 > =20 > =20 > Expires July 26, 2006 [Page 9]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > - The available bandwidth capacity at the VPL (in the case where=20 > overbooking policies are in effect at the VPL)=20 >=20 > - Any combination of the above criteria.=20 >=20 > 5.3. Redundant Interconnect Requirement=20 >=20 > Part of the end-to-end VPN service offering provided by one or more=20 > Agents involves the provision of appropriate levels of redundancy fo= r=20 > their MDE use case. In some VPLs, where business justifications=20 > exist, Agents or VSPs may choose to enhance interconnect reliability= =20 > by implementing a redundant interconnect complex. =20 >=20 > The resulting interconnects might exist in the same building or in=20 > different buildings within a city or in different buildings in=20 > different cities. This is in addition to the Optimal Interconnect=20 > Selection requirement in that a customer service will be designed to= =20 > traverse each redundant interconnect, rather than a specific, optima= l=20 > interconnect. =20 >=20 > There is therefore a requirement to support customer services across= =20 > redundant interconnects.=20 >=20 > 5.4. VPN Topology Requirement=20 >=20 > Although VSP owned ASes offer the possibility for any customer site=20 > to communicate with any other customer site, in certain situations=20 > this is not desirable. There are many possible reasons why a custome= r=20 > might want to restrict communication amongst sites so that their end= -=20 > to-end service becomes segmented. For instance, it may be that=20 > security is a concern or it may be that customer sites or divisions=20 > must only use connectivity they have paid for. Furthermore, the=20 > traffic flows associated with specific applications may require a=20 > partial topology specifically sized to accommodate the aggregate=20 > traffic flows. =20 >=20 > The segmentation might need to exist on a geographical basis, region= -=20 > by-region and country-by country. Alternatively, segmentation might=20 > need to exist on a corporate basis, division-by-division or site-by- > site. Segmentation might even exist within customer sites. However,=20 > today, there are no standards for or agreement of how VPN topologies= =20 > are constructed amongst VSPs. Consequently, VSPs use different=20 > methods for establishing the logical topology of a VPN and use=20 > different schemas to define VPN membership. =20 >=20 > For instance, one VSP might use standard community values to=20 > establish layer-2 topologies whilst another might use extended=20 > =20 > =20 > Expires July 26, 2006 [Page 10]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > community values. Yet another VSP may use a combination of both=20 > techniques. Alternatively, VSPs may segment VPNs using layer-3=20 > routing techniques. In fact, some VSPs might combine layer-2 and=20 > layer-3 segmentation techniques. =20 >=20 > Additionally, each VSP will implement a schema for VPN membership=20 > that is proprietary, with membership values that are likely to=20 > overlap and conflict with other VSP assigned values. VPN membership=20 > allocation schemas tend to be difficult to modify due to the 'hard=20 > coding' of the schema in each network operator's OSS and BSS systems= . =20 >=20 > Conflicting VPN membership schemas and different methods for=20 > establishing logical topologies make it very difficult for the Agent= =20 > to establish an end-to-end VPN service. Moreover, an inventory of th= e=20 > topology consisting of the network elements/interfaces and set of=20 > paths that traffic may take through the network could in addition be= =20 > difficult for the VSP to be made available to the Agent. =20 >=20 > These elements will most likely constitute a partial topological vie= w=20 > of the network but may be sufficient and required for the purpose of= =20 > QoS policy definition. =20 >=20 > There is therefore, a requirement to be able to establish an end-to- > end VPN topology, including the publishing of network elements and=20 > interface inventories per VSP throughout an MDE.=20 >=20 > 5.5. End-to-end Unicast and Multicast Routing Requirements=20 >=20 > 5.5.1. Generic Routing Considerations=20 >=20 > Routing and forwarding configuration information deals with the=20 > decision criteria that should be taken by a network element in order= =20 > to forward VPN specific traffic according to a given VPN routing=20 > policy. From this perspective, VSP owned network elements should be=20 > provided as a minimum with the following information: =20 >=20 > - Relevant metric information so that network elements can=20 > dynamically assign these metric values. Such metric values could=20 > be assigned on either long or (very) short-term basis. Examples=20 > of assigned 'long-term' metrics include packet loss and delay=20 > thresholds, usually expressed as percentiles of available=20 > resources. Short-term metrics may include available or reserved=20 > bandwidth, typically provided via real-time or near real-time=20 > SNMP MIB queries.=20 >=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 11]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > - The configuration information related to any static route that=20 > may identify a VPN endpoint (or VPL) as the next hop to reach a=20 > given VPN destination prefix.=20 >=20 > 5.5.2. IGP Routing Considerations=20 >=20 > Today there are no standards for, or agreement of, how VPN routing=20 > policy based upon the policing of the admission and distribution of=20 > VPN routing information (classification and filtering of routing=20 > information) is implemented amongst VSPs. =20 >=20 > Consequently, VSPs enforce VPN routing policies within a defined=20 > customer topology in different ways. For example, in an MDE, where=20 > the EF-inferred IGP policy [RFC2676] of AS1 relies upon the=20 > computation of routes with a maximum one-way transit delay of 120 ms= =20 > in order to reach a set of destination prefixes, and AS2 defines the= =20 > equivalent EF-inferred IGP policy with a different QoS parameter=20 > (e.g. maxLossRate=3D0%), then there is a risk of jeopardizing the=20 > overall quality of service of the multi-AS VPN. Conflicting routing=20 > policies amongst VSPs therefore make it difficult to establish an=20 > end-to-end unicast routing policy throughout an MDE. =20 >=20 > There is, therefore, a requirement to be able to enforce a consisten= t=20 > IGP routing policy throughout an MDE.=20 >=20 > 5.5.3. BGP Routing Considerations=20 >=20 > VSP owned network elements should be provided with relevant BGP-4=20 > [RFC-1771] reachability information, including the attributes taken=20 > into account by the network element's route selection process in=20 > order to decide whether or not traffic should be forwarded along a=20 > given VPN route.=20 >=20 > 5.5.3.1. BGP AS_PATH Attribute Considerations=20 >=20 > Where BGP-4 is used as the PE-CE routing protocol, the use of a=20 > single private [RFC-1930] AS Number (ASN) across all customer sites=20 > hosted by multiple VSPs could raise issues for each VSP as they=20 > commonly use the 'as-override' command on PE-CE neighbors. =20 >=20 > Where VPN-IPv4 routes are advertised across multiple ASes, VSP owned= =20 > public Autonomous System Numbers (ASNs) could be pre-pended to=20 > private route updates. The 'as-override' feature will not then=20 > operate over PE-CE IPv4 links where public and private ASN numbers=20 > are advertised within the same VPN address prefix. =20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 12]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > Network elements located at a VPL should therefore be capable of=20 > removing or changing public or private ASNs from the BGP AS_PATH=20 > attribute on a per neighbor basis. This per neighbor AS path match=20 > and removal policy should be capable of being performed on ingress o= r=20 > egress across the entire AS path.=20 >=20 > 5.5.3.2. Route Distinguisher Allocation Considerations=20 >=20 > VPN-IPv4 routes [RFC2547bis] are made unique across a domain by=20 > combining an IPv4 address with an 8 byte 'Route Distinguisher' (RD)=20 > value. The advertisement of RD values end-to-end between VSPs,=20 > combined with the customer's use of private [RFC1918] addressing=20 > could result in Route Reflectors (RR) making incorrect best path=20 > decisions for identical routes received from external as well as=20 > internal PE network elements. This will occur where RD and customer=20 > address space overlap across VSP ASes. Although the probability of=20 > this scenario is small, the consequences could be severe and=20 > difficult to isolate, therefore VSP owned RRs and PE's SHOULD NOT=20 > receive VPN-IPv4 routes that have RD values assigned by another VSP.= =20 > In order to ensure that RD values that transit VPLs are unique, RD=20 > values MUST be pre-pended by a public registered AS number ([RFC- > 2547bis], section (4.1).=20 >=20 > 5.5.3.1. Route Target Allocation Considerations=20 >=20 > VSPs usually have difficulty in provisioning extended (Route Target)= =20 > or standard BGP community values on their PE network elements that=20 > are assigned by external parties such as the end customers Agent or=20 > another VSP. This difficulty is due to the VSP having automated or=20 > manual OSS systems and operational procedures that typically apply t= o=20 > per VSP ASes only. These systems and processes are difficult to=20 > change due to schema conflicts brought about by attempting to=20 > incorporate externally assigned RT allocation schemas. In addition,=20 > not all VSPs allocate RT values that are pre-pended with a publicly=20 > registered ASN or IP address. RT values to be applied on VSP PEs=20 > therefore should be assigned by the operator of the PE. In order to=20 > ensure that BGP extended community values are unique between ASes, R= T=20 > values that are advertised across the VPL MUST be pre-pended by a=20 > public registered ASN. This follows the specification detailed in th= e=20 > 'Identifiers' section of [RFC-4031] and assists in the prevention of= =20 > cross-connection for VPN services. =20 >=20 > 5.5.3.2. Traffic Load Balancing Considerations=20 >=20 > VSPs use various traffic load-balancing techniques between customer=20 > sites to optimize traffic flows within their own ASes. As described=20 > in [RFC2547bis], this necessitates the use of different RD values=20 > =20 > =20 > Expires July 26, 2006 [Page 13]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > provisioned across VRFs to which the customer is multi-homed. Simila= r=20 > mechanisms SHOULD be available when VSP owned ASes are multi-homed=20 > across multiple VPLs and where the VSP wishes to optimize customer=20 > traffic via load balancing. Such mechanisms may require that the=20 > signaling protocol support the advertisement of all available paths=20 > so that optimal path selection is available as well as backup paths=20 > in case of optimal path failure.=20 >=20 > 5.5.4. Multicast Routing Considerations=20 >=20 > IP multicast transmission schemas may be used by some applications=20 > such as videoconferencing or TV broadcasting in order to optimize VP= N=20 > network resources.=20 >=20 > As a result, VSP owned network elements should support multicast=20 > routing capabilities for the dynamic establishment and maintenance o= f=20 > distribution trees within the VPN and should therefore be provisione= d=20 > with the relevant yet consistent configuration information. =20 >=20 > There are currently however no standards for, or agreement of, an=20 > enforcement of consistent multicast routing policies amongst VSPs.=20 > There is therefore a requirement to be able to enforce an end-to-end= =20 > multicast routing policy for the sake of the establishment and=20 > maintenance of consistent distribution trees throughout an MDE. =20 >=20 > 6. QoS Requirements=20 >=20 > Quality of service is a very generic term, which is sometimes=20 > misused, especially when applied to IP/MPLS environments. In this=20 > document, the design and the enforcement of a QoS policy within VPN- > specific MDE environments relies upon the following dimensions:=20 >=20 > - A forwarding dimension, which consists of ensuring that a VSP=20 > owned network element behaves differently, depending on the kind=20 > of traffic it has to process and subsequently forward. This=20 > yields a need for VPN traffic identification, classification and=20 > possibly activation of traffic conditioning, policing, scheduling= =20 > and optionally, discarding mechanisms. The forwarding dimension=20 > of a QoS policy is a notion that is local to a network element,=20 > independent from the expected behaviors of the other network=20 > elements within the MDE. The DiffServ (Differentiated Services)=20 > architecture, as described in [RFC-2475], is generally seen as=20 > the cornerstone of the forwarding dimension, introducing the=20 > notion of classes of service as well as Behavior Aggregates (BA).= =20 >=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 14]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > - A metric definition dimension, which consists of defining=20 > consistent metrics such as delay, jitter and loss, so as to=20 > support QoS meaningfully across multiple VSPs.=20 >=20 > - A routing dimension, which consists of enforcing a VPN-specific=20 > traffic engineering policy at the scale of a MDE. Traffic=20 > engineering is a set of capabilities that allow the (hopefully=20 > dynamic) computation and selection of paths that will be used to=20 > convey different kinds of VPN traffic. It may be necessary to=20 > route QoS-sensitive traffic to different VSPs or along different=20 > paths other than those selected by best effort traffic. Path=20 > selection is dependant on the (QoS) characteristics of such=20 > paths, which comply with the QoS requirements that have been=20 > expressed and negotiated by the Agent with their VPN customers. = =20 >=20 > - A monitoring dimension, which consists of qualifying how=20 > efficient a QoS policy is enforced within a MDE, based upon the=20 > use and measurement of well-defined indicators. Due to the=20 > multiple parties involved in the delivery of QoS, it is necessary= =20 > to have well defined methods for measurement of QoS, ways to=20 > monitor the performance of different network elements, and ways=20 > to report performance consistently among VSPs. Such indicators=20 > include (but may not be limited to) one-way transit delay, one- > way inter-packet delay variation (sometimes called jitter), one- > way packet loss rate or any combination of such indicators. =20 >=20 > =20 >=20 > 6.1. Differentiated Services Policy Considerations=20 >=20 > Currently, there are no standards for or agreement of service=20 > definitions as defined in the Diffserv architecture amongst VSPs.=20 > [RFC-3644] defines QoS policy within a single Diffserv domain as=20 > being dependent upon three types of information: =20 >=20 > - The topology of the network elements under management; =20 >=20 > - The particular type of QoS methodology used (e.g. Diffserv), and; = =20 >=20 > - The business rules and requirements for specifying service(s)=20 > delivered by the network. =20 >=20 > These information types vary across VSP ASes. Consequently, VSPs=20 > deploy different numbers of classes of service (COS) and specify=20 > service definitions in proprietary ways. Fixed mappings of classes o= f=20 > service between any two VSPs may result in compromised service acros= s=20 > the two. This is in part because fixed mappings cannot always utiliz= e=20 > =20 > =20 > Expires July 26, 2006 [Page 15]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > the full service envelope available from the interconnected VSPs (a=20 > VSP with three classes of service can only utilize 3/5ths of the=20 > service envelope of a VSP with five classes of service). Furthermore= , =20 > fixed mappings may be adequate for some Agent's customers, but not=20 > for others. This is because QoS policy is often applied in different= =20 > ways for each application used in each customer environment=20 >=20 > When three or more VSP ASes are used to provide connectivity between= =20 > customer sites, two or more VPLs are required and, therefore, a=20 > multiple, compounding service compromise exists. =20 >=20 > In an MDE of many VSP ASes and VPLs, it is clear that numerous and=20 > compounding compromises in service will take place and end-to-end Qo= S=20 > policy enforcement may be hard to achieve. =20 >=20 > There is a requirement, therefore, for a relationship to exist=20 > between VSP classes of service that may vary from one customer to=20 > another, and that can also utilize the full service envelope of all=20 > VSPs within an MDE. =20 >=20 > 6.1.1. QoS Policy Transparency=20 >=20 > There is general agreement that customer packets should not be=20 > remarked (that is, have their DSCP values modified) as they transit=20 > the MDE. At the same time, it is often necessary for the VSP to=20 > impose a QoS treatment on customer packets that differs from that=20 > which might be indicated by the customer's DSCP (such as is the case= =20 > for non-conforming traffic downgraded to best effort). However, even= =20 > if the packets are treated as best effort by the VSP, the customer=20 > wishes to retain the original DSCP marking for their own use when th= e=20 > packets arrive at their remote site. This requirement is defined as=20 > "QoS transparency", where the transparency in question refers to the= =20 > tunneling of the customer QoS policy, unmodified, from ingress to=20 > egress across an MDE. [RFC-4031] describes this requirement as a=20 > 'Carrier's Carrier' model where one VSP is the customer of another=20 > VSP. Such a VSP should be able to resell VPN services to their=20 > customers independent of the DSCP mapping solution employed by the=20 > 'Carrier's Carrier' VSP. =20 >=20 > There is a requirement, therefore, for enterprise QoS policy=20 > transparency throughout an MDE.=20 >=20 > 6.2. Consistent Metric Considerations=20 >=20 > Currently, there are no standards for, or agreement of metric=20 > definitions between VSPs. As an example, the Low Latency service=20 > class is generally characterized by three network performance=20 > =20 > =20 > Expires July 26, 2006 [Page 16]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > metrics; latency, packet loss, and jitter. These metrics are=20 > generally reported as two-way or one-way derived from two-way=20 > measurements, but are generally defined differently between VSPs. =20 >=20 > There is therefore a requirement to produce service classes with=20 > metrics that can be meaningfully concatenated, so as to provide=20 > reasonable commonality of metrics across VSPs.=20 >=20 > 6.3. Traffic Engineering/Routing Policy Considerations =20 >=20 > In a true MDE environment there may be many alternate paths between=20 > customer sites. The preferred path among VSPs is typically determine= d=20 > by BGP policies. However, when multiple classes of service exist, it= =20 > may be desirable to route some traffic preferentially via VSPs who=20 > support the enhanced QoS class(es) while best effort traffic takes=20 > the conventional route. That is to say, there may be cases in which=20 > the current route selection capabilities of BGP, which yield only a=20 > single best path for a given prefix, may not be sufficient. The=20 > deployment of traffic engineering capabilities in VPL owned network=20 > elements is of importance when considering the joint forwarding of=20 > "triple-play" services where data, video and voice traffic is=20 > forwarded within a given VPN. =20 >=20 > Within a MDE, VSPs or Agents should provide configuration informatio= n=20 > parameters that will allow network elements to choose appropriate VP= N=20 > paths to a given destination based on "Service Contexts". These path= s=20 > are chosen according to application-specific constraints, available=20 > service characteristics and/or requirements. =20 >=20 > These constraints and/or requirements may be expressed in terms of=20 > time duration (e.g. the use of a VPN route on a weekly basis),=20 > traffic characterization (e.g. all IP multicast traffic should be=20 > forwarded along a set of specific VPN routes), security concerns=20 > (e.g. use trusted network elements along the path towards specific=20 > destinations), and/or QoS considerations (e.g. marked VPN traffic=20 > with a specific DiffServ Code Point (DSCP) value should always use a= =20 > configured set of traffic-engineered VPN routes, or available exit=20 > point that exhibits the desired "Service Context"). =20 >=20 > 6.4. Metrology Considerations=20 >=20 > Currently, there are no standards for, or agreement of, measurement=20 > methods amongst VSPs. VSPs define measurements differently and=20 > measure different service end points. In a MDE environment,=20 > measurement methodology differences, particularly differences in the= =20 > statistical nature of the measurements, make it impossible to combin= e=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 17]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > VSP measurement reports so that the overall quality of the VPN=20 > service can be qualified. =20 >=20 > As VSP reports can be so different, it is tedious and time consuming= =20 > to analyze whether an individual VSP or VPL operator has met its=20 > performance targets. When end-to-end services fail, it may be very=20 > difficult to analyze VSP measurement data in order to detect and=20 > isolate faults amongst VSPs or VPL operators. =20 >=20 > In an MDE, where the customer's Agent(s) are responsible for end-to- > end service, this may be untenable. In addition, whilst windows for=20 > scheduled and unscheduled maintenance will remain difficult for the=20 > Agent(s) to control or coordinate, any measurement methodology must=20 > take these windows into account in any performance assessments of th= e=20 > QoS policy that are made. =20 >=20 > There is, therefore, a requirement for statistically homogenous=20 > measurement throughout an MDE as well as the ability to place=20 > measurement instrumentation/sources at VPL locations in order to aid= =20 > fault detection and isolation.=20 >=20 > 7. Security Requirements=20 >=20 > Security is a requirement of any business, but the requirement=20 > becomes more important where that business collaborates with others=20 > to provide a service [RFC-4111]. Potential threats might emanate fro= m=20 > a number of sources, for instance, other VSPs, VPL operators and=20 > customers. =20 >=20 > Clearly, the vulnerability of a customer service to threats from=20 > these sources is of paramount importance. Of equal importance is the= =20 > vulnerability of a VSP AS to threats from these sources. An attack o= n=20 > a VSP AS could detrimentally affect numerous customers, including=20 > those attached to other VSP owned ASes. =20 >=20 > Enforcement of a security policy at the scale of a MDE assumes the=20 > availability of the following capabilities as a minimum: =20 >=20 > - The identification and the authentication of the users who may be=20 > entitled to access the VPN service, =20 >=20 > - The identification and authentication of network elements that=20 > will not only participate in the deployment and the operation of=20 > the VPN, but also in VPN route information propagation,=20 >=20 > - The preservation of the confidentiality of information within a=20 > VPN. =20 > =20 > =20 > Expires July 26, 2006 [Page 18]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > VSPs should therefore be provided with configuration information=20 > related to the aforementioned security parameters. This does not mea= n=20 > that VSP owned network elements have to maintain a dynamically=20 > updated user database, rather, they should be provided with the=20 > following configuration information as a minimum: =20 >=20 > - Identification information for IP networks that may exchange data=20 > through the VPN and/or the configuration information required for= =20 > the activation of an identification/authentication mechanism such= =20 > as RADIUS (Remote Authentication Dial-In User Service), [RFC- > 2865], =20 >=20 > - Identification information for VSP owned network elements that=20 > support endpoint(s) of the MP-BGP peer and possibly configuration= =20 > information related to the activation of a mechanism for=20 > identifying and authenticating such peers (such a mechanism could= =20 > be based upon the use of a SHA-1 (Secure Hash Algorithm) digital=20 > signature for example),=20 >=20 > - Configuration information required for encryption purposes. This=20 > requirement is further expanded on in section 7.1. =20 >=20 > There is a requirement, therefore, to secure VSP ASes and customer=20 > services in an MDE as well as securely forward VPN related security=20 > parameters between VSPs and Agents.=20 >=20 > 7.1. Encryption Requirements=20 >=20 > VPN customers may require all or part of their encrypted traffic to=20 > be preserved, independent of the number of VSP owned ASes within the= =20 > MDE supporting their VPN service.=20 >=20 > There is therefore a need for the MDE to support any relevant=20 > encryption technique that preserves the confidentiality of the VPN=20 > traffic. This implies that:=20 >=20 > - The VSP owned network elements that compose the MDE should=20 > support protocols of the IPsec suite [RFC-4301],=20 >=20 > - The MDE should be capable of supporting an adequate means for=20 > identifying and authenticating any participating device involved=20 > in the forwarding of VPN traffic,=20 >=20 > - The MDE should be capable of supporting an adequate means for=20 > identifying and authenticating any participating VSP owned=20 > network element involved in the enforcement of the VPN-specific=20 > routing policy. Such means should enable any VSP owned network=20 > =20 > =20 > Expires July 26, 2006 [Page 19]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > element to check the integrity of received VPN route=20 > announcements,=20 >=20 > - The MDE should be capable of supporting and enforcing any dynamic=20 > key management scheme suitable for the dynamic establishment of=20 > Secure Associations (SA) between relevant VSP owned network=20 > elements,=20 >=20 > - VSPs that are involved in the dynamic establishment of SA=20 > associations across their ASes should be provided with relevant=20 > configuration information (keys, passwords) in a timely manner,=20 > that is, the provisioning of such configuration information=20 > should not jeopardize the time to deliver the VPN service=20 > offering to the customer with the required level of security. =20 >=20 > 7.2. Label Spoofing Protection=20 >=20 > Whenever labels are exchanged between two VSP peers it is possible=20 > that the spoofing of such labels may occur either toward the interna= l=20 > infrastructure of the said VSPs, or within the VPNs that are=20 > supported by such VSPs. There is therefore a requirement to provide=20 > mechanisms that prevent the spoofing of labels in the forwarding=20 > path.=20 >=20 > 7.3. Authentication Requirements=20 >=20 > 7.3.1. Authentication of Network Elements=20 >=20 > Within a MDE, every VSP owned network element that participates in=20 > the deployment and the operation of a VPN service offering should be= =20 > trusted. There is therefore a requirement to provide acceptable=20 > authentication processes in order for a network element to=20 > participate in the deployment and operation of a VPN service. This=20 > implies that every VSP owned network element must be identified and=20 > authenticated typically via processes owned by relevant Agents or=20 > VSPs.=20 >=20 > 7.3.2. VPN Route Authentication and Filtering=20 >=20 > Within a MDE, every VSP owned network element is permitted to=20 > announce VPN routes to some or all of its pre-authenticated peers,=20 > assuming the requirements expressed in section 8.2.1. have been=20 > addressed.=20 >=20 > VSPs have existing mechanisms and operational processes that prevent= =20 > the cross connection of VPNs within their own ASes. These mechanisms= =20 > include manual or automated systems for VPN membership allocations=20 > =20 > =20 > Expires July 26, 2006 [Page 20]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > that include per customer RT values. Where the VSP extends VPN=20 > services via an MDE, incorrect or malicious configuration of VPN=20 > membership information could result in cross connection or incorrect= =20 > announcement of VPN membership attributes across an MDE. These route= =20 > announcements could in addition expose the VPN topology of the VSP. = =20 >=20 > The integrity of the contents of such VPN route announcements must b= e=20 > authenticated by any receiving peer and/or by some kind of VPN route= =20 > server capability that could be embedded in the relevant Agent or VS= P=20 > owned facility before the receiving peer accepts the announced route= .=20 > Draft [VPN-VERIFICATION] could assist with this route authentication= =20 > requirement. =20 >=20 > It should be possible to enforce further VPN route-specific filterin= g=20 > policies at appropriate locations within an MDE. Additional route=20 > filtering criteria could be based upon (but not necessarily limited=20 > to):=20 >=20 > - Intra-VPL communication restriction where, for example, RT value=20 > announcements are filtered such that they only include interested= =20 > parties across VPL locations. This filtering policy is=20 > particularly relevant where the VSP owned network elements peer=20 > with more than one network element at a VPL. This function is=20 > described further in [RT-CONSTRAIN]=20 >=20 > - Intra-VPN communication restrictions, where, for example, not all=20 > sites are permitted to communicate=20 >=20 > - The contracted metrics with the VPN customer and between VSPs for=20 > routing table size, routing protocol type, and end-to-end routing= =20 > policy.=20 >=20 > - The required end-to-end convergence time to avoid the case where=20 > restoration policies, timer values, or fast convergence protocols= =20 > (such as BFD), differ between VSPs.=20 >=20 > - Inter-AS routing restrictions, where, for example, some VPN=20 > traffic shouldn't be transported across one or more ASes within=20 > an MDE=20 >=20 > - Time based restrictions, where, for example, some destinations=20 > cannot be reached during working hours,=20 >=20 > - QoS based restrictions, where, for example, traffic should not be=20 > bound for VPN route sources that experience more than a 100 ms=20 > one-way transit delay. Traffic route sources that experience=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 21]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > delay over a certain threshold should not then be announced at=20 > selected VPLs. =20 >=20 > 8. Management Requirements=20 >=20 > 8.1. Performance Metric Statistic Requirements=20 >=20 > Agents have stringent usage requirements for an MDE. From this=20 > perspective, VSPs should permit an Agent to have access to=20 > statistical information based upon, (but not necessarily limited to)= : =20 >=20 > - The volume of traffic that has been conveyed by the entire VPN, a=20 > specific VPN route, forwarded by a specific network element or=20 > over a given period of time that may include a distinction=20 > between incoming and outgoing traffic, =20 >=20 > - The volume of VPN traffic that has been dropped by network=20 > elements within a given period of time, =20 >=20 > - IPPM (IP Performance Metrics) [RFC-2330] related information that=20 > is relevant to tunnel usage: such information includes one-way=20 > transit delay, inter-packet delay variation etc.=20 >=20 > 8.2. Capital Scaling Requirements=20 >=20 > In an MDE, there might be one or more VPLs. At each VPL there may be= =20 > one or more interconnected VSP ASes, or a single VSP that uses the=20 > VPL for connectivity between their own ASes. =20 >=20 > Traditionally, the interconnection of two VSP ASes has resulted in=20 > the deployment of network element resources that are either dedicate= d=20 > to those two VSPs, or leased from the VPL operator. =20 >=20 > Where there is a need for a VSP to interconnect with multiple other=20 > VSPs, scaling cost efficiency could result if interconnected network= =20 > elements could be shared across all VSPs. This multilateral approach= =20 > to VPL design will have increasing benefit as the number of=20 > interconnected VSPs at a VPL increases. =20 >=20 > Interconnected network elements at VPLs must therefore be shared=20 > multilaterally. =20 >=20 > 8.3. Operational Scaling Requirements=20 >=20 > Cost of operations is of great concern to a VSP, whether or not VPN=20 > services span their own ASes or those of their VSP partners. Compare= d=20 > to the capital cost of MDE interconnection at a VPL, operational cos= t=20 > =20 > =20 > Expires July 26, 2006 [Page 22]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > easily dominates. In an MDE, some, and perhaps all VSPs, might play = a=20 > part in delivering services to an individual customer's VPN. =20 >=20 > Within a customer VPN, sites, physical and logical connectivity,=20 > VSPs, VPLs and VPN-specific policies might be variously moved, added= ,=20 > changed or deleted (MACD) at any time. In fact, different components= =20 > of the VPN will, at times, undergo MACD concurrently. =20 >=20 > Service MACD lifecycle is part of any customer VPN and will happen a= s=20 > needed throughout the VPN's service life. As an MDE evolves, with=20 > increasing numbers of VSPs, VPLs and customers, the amount of servic= e=20 > MACD will increase and place a continual and increasing burden on VS= P=20 > operators throughout an MDE unless a scalable approach is taken.=20 > Operational scaling criteria could be based upon (but are not=20 > necessarily limited to) the following sections.=20 >=20 > 8.3.1. Service Independence Requirements=20 >=20 > In an MDE, it is inevitable that dependencies will exist between the= =20 > services of individual VSPs. For example, a lack of forethought by=20 > the VPL operator by implementing a 'tightly-coupled' VPL interconnec= t=20 > environment would result in single VSP changes to topology,=20 > bandwidth, routing, QoS, etc., requiring all other VSPs to modify=20 > their definitions of existing services. =20 >=20 > Service dependencies amongst VSPs in a MDE must therefore be=20 > minimized.=20 >=20 > 8.3.2. Minimize Network Integration Requirements=20 >=20 > Currently there is no common agreement for how VSPs implement the=20 > interconnection of their VPN networks. This means that each inter-AS= =20 > interconnect agreement at a VPL by VSP pairs will be a unique=20 > project, each of which potentially having different design goals and= =20 > compromises. =20 >=20 > Each unique inter-AS interconnect agreement will usually take=20 > considerable time and consume highly skilled resources in both=20 > organizations. As the number of VPLs increases, so the load on the=20 > organizations will increase. In an MDE, the required number of uniqu= e=20 > inter-AS interconnect agreements could rapidly become untenable.=20 > Unique network inter-AS interconnect agreements amongst VSP pairs=20 > must therefore be minimized. =20 >=20 >=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 23]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > 8.3.3. Third Party Interconnect Requirements=20 >=20 > Agents or VSPs require the ability to provide end-to-end services=20 > within an MDE. These Agents or VSPs may however have no desire or be= =20 > unable to administer the coordination of business and operational=20 > processes involved in establishing an MDE. In order for an MDE to be= =20 > established, the Agent or VSP may therefore require a third party=20 > operator to provide these business and operational process services.= =20 >=20 > It may be that the third party is another VSP, a systems integrator,= =20 > a network integrator or another type of service provider. To achieve= =20 > end-to-end service, it is critical that the third party operator is=20 > able to control and coordinate global service business and=20 > operational process policy throughout the MDE. =20 >=20 > There is, therefore, a requirement for the business and operational=20 > processes involved in establishing an MDE to be administered by a=20 > third party operator.=20 >=20 > 8.4. IPVPN Services Demarcation Requirements=20 >=20 > 8.4.1. Fully Managed Service Demarcation=20 >=20 > [RFC-2547bis]-based VPN services may encompass a 'fully managed'=20 > Customer Edge (CE) to CE service with associated SLSs. In an MDE,=20 > this 'fully managed' service is interconnected to other VSP-owned=20 > services via VPLs. For SLS demarcation purposes, the VSP may express= =20 > a preference to collocate a dedicated network element at each VPL.=20 > The VPL collocated network elements will, from an operational=20 > perspective function identically to a CE. In contrast to a standard=20 > CE however, each VPL collocated network element will usually support= =20 > more than a single VPN across one or more customers and/or VSPs. Fro= m=20 > a scalability perspective, this is particularly advantageous for the= =20 > VSP when interconnecting multiple VPN services at each VPL on behalf= =20 > of one or more Agents. The SLS offered by the VSP to each Agent=20 > partner will in addition to CE-to-CE connectivity, include=20 > connectivity from each CE to one or more VPL collocated network=20 > elements. =20 >=20 > For contractual and/or technical reasons, the VSP may decide for=20 > example to collocate a network element per Agent, per group of Agent= s=20 > or per VPN. In all cases, consistent, unambiguous service boundaries= =20 > for the fully managed service offering are essential. =20 >=20 > There is a requirement, therefore for consistent SLS demarcation=20 > points across 'fully managed' VPN service offerings within an MDE.=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 24]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > 8.4.2. Mixed Management Service Demarcation=20 >=20 > In addition to 'fully managed' services, VSPs also offer VPN service= s=20 > that allow for a third party such as the VSPs customers to manage=20 > their own CE network elements. IPVPN connectivity of the customers'=20 > CEs via the VSP-owned ASes is done via VSP-owned access facilities.=20 > This type of VPN network outsourcing is known as an 'unbundled' or=20 > 'wires-only' service. SLSs are negotiated between the VSP and their=20 > customers that allow the customer managed CE's to intercommunicate.=20 >=20 > In an MDE, when an 'unbundled' service is procured from a VSP by an=20 > Agent, the Agent may want to use the 'unbundled' service to extend=20 > the geographic reach of their VPN footprint by connecting this=20 > service to one or more VPLs. Again, for SLS demarcation purposes, th= e=20 > VSP may express a preference to collocate a network element at each=20 > VPL. =20 >=20 > SLS demarcation points for the selling VSP may then include VPL=20 > collocated network elements that are shared across one or more Agent= s=20 > and/or VPNs, access facilities linking the Agent-owned CEs, and=20 > common [RFC-2547bis]-based VPN services that span the VSP-owned=20 > AS(es). The Agent must then offer SLSs to their customer that=20 > encompass the VSPs 'unbundled' service and associated SLS(s), as wel= l=20 > as their managed CE offering. =20 >=20 > There is a requirement, therefore, for consistent 'unbundled' servic= e=20 > SLS demarcation points across an MDE. =20 >=20 > 8.5. Remote CE Management Requirement=20 >=20 > For contractual and/or technical reasons, Agents or customers have a= =20 > requirement to manage Customer Edge (CE) network elements that are=20 > interconnected as part of a [RFC-2547bis]-based VPN service. In an=20 > MDE, the ASes supporting these VPNs may or may not be operated by th= e=20 > Agent. The Agent will in addition to managing VPN services on behalf= =20 > of their customers, usually operate a management network to which=20 > their end customers have restricted or no access. The management=20 > network is used to provide as a minimum IP-based connectivity betwee= n=20 > CEs and the Agent's operations staff, typically located in one or=20 > more operations centers.=20 >=20 > In order for an Agent to directly manage CEs connected to ASes that=20 > they do not operate, the Agent will procure 'unbundled' VPN services= =20 > from one or more VSP partners. In addition to SLSs that are=20 > negotiated between the Agent and the selling VSP for CE-to-CE=20 > communication, the Agent requires SLSs that encompass the connection= =20 > of each CE to the Agent's management network.=20 > =20 > =20 > Expires July 26, 2006 [Page 25]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > There is a requirement, therefore, for an Agent to remotely manage C= E=20 > network elements that are directly interconnected through one or mor= e=20 > ASes that are operated by the Agent's VSP partners. The VSP partner=20 > should therefore be capable of supporting one or more common=20 > management network connectivity methods selected by the Agent. =20 >=20 > 8.6. End-to-End Combined Services Requirement=20 >=20 > 8.6.1. Combined VPN and Internet Access Requirement=20 >=20 > It is common for VSPs to offer combined Internet access and VPN=20 > services via a shared networking infrastructure, e.g. based upon=20 > [RFC-2547bis]. In an MDE, when an Agent offers this service, it is=20 > sometimes advantageous for the Agent if their VSP partners could=20 > support the local 'breakout' of traffic destined for the Internet=20 > within the VSPs own ASes. An alternative to this is for all customer= s=20 > Internet and VPN traffic to be transported by the Agent's VSP=20 > partners across VPLs to Internet 'breakout' location(s) in other=20 > ASes. These traffic paths are inevitably suboptimal, raising=20 > performance concerns with the Agent's customers. In addition, the=20 > service is potentially expensive to deliver for the Agent, as there=20 > is little or no differentiation between traffic paths carrying=20 > mission-critical VPN traffic and Internet destined best effort=20 > traffic as all traffic will be forwarded by the VSP partner across=20 > one or more VPLs.=20 >=20 > There is a requirement, therefore, in an MDE for VSPs to provide=20 > consistent Internet 'breakout' services that are compatible with an=20 > Agents combined Internet access and VPN services. These compatibilit= y=20 > requirements include (but are not limited to):=20 >=20 > - Security, Authentication, Intrusion Detection, Virus protection=20 > services etc.=20 >=20 > - Consistent QoS policies across VSPs for best effort or better=20 > than best effort Internet-destined traffic.=20 >=20 > 8.6.2. Combined IP and non-IP Application Transport Requirement=20 >=20 > Some VSPs offer managed services that include the transporting of=20 > non-IP application traffic across a shared networking infrastructure= =20 > based on [RFC-2547bis]. These 'legacy' applications use networking=20 > protocols (for example X.25, SNA and IPX) that typically do not=20 > support an IP network layer header and therefore cannot natively be=20 > transported across VSP operated ASes. The non-IP packets must=20 > therefore be 'tunneled' across VSP ASes by adding IP and MPLS header= s=20 > to the packets. Either end of a 'legacy' application transport tunne= l=20 > =20 > =20 > Expires July 26, 2006 [Page 26]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > must support configurations that are based on non-IP application=20 > specific configuration parameters for mapping non-IP network layer=20 > application sources to destination tunnel network element IP=20 > addresses. In an MDE, the non-IP transport tunnel could span one or=20 > more VSP-owned ASes. Network elements that originate and terminate=20 > packets that are forwarded across these non-IP tunnels could=20 > therefore be operated by different VSPs.=20 >=20 > There is a requirement, therefore, in an MDE for consistent non-IP=20 > application transport tunnels to be supported by participating VSPs=20 > in an MDE. Tunnel transport consistency per non-IP protocol must tak= e=20 > into account amongst others, agreements on MTU sizing, SLS=20 > conformance, vendor proprietary and standardized encapsulation=20 > techniques etc. =20 >=20 > 9. Conclusions=20 >=20 > 10. Acknowledgements=20 >=20 > This document is the combined effort of the co-editors and the=20 > following contributing authors: Dimitri Papadimitriou, James=20 > Humphris, Colin Simpson, Matthew Ford, William Copeland and David=20 > Page.=20 >=20 > 11. References =20 >=20 > 11.1. Normative References=20 >=20 > [RFC-1771] Rekhter, Y., Li, T., et al., "A Border Gateway Protocol = 4=20 > (BGP-4)", RFC 1771, March 1995.=20 >=20 > [RFC-1930] Hawkinson, J., Bates, T., "Guidelines for creation,=20 > selection, and registration of an Autonomous System=20 > (AS)", RFC 1930, March 1996.=20 >=20 > [RFC-2330] Paxson, V., et al., "Framework for IP Performance=20 > Metrics", RFC 2330, May 1998.=20 >=20 > [RFC-2475] Blake, S., et al., "An Architecture for Differentiated=20 > Services", RFC 2475, December 1998.=20 >=20 > [RFC-2676] Apostolopoulos, G., et al., "QoS Routing Mechanisms and=20 > OSPF Extensions", RFC 2676, August 1999.=20 >=20 > =20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 27]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > [RFC-2865] Rigney, C., et al., "Remote Authentication Dial-In User=20 > Service (RADIUS)", RFC 2865, June 2000.=20 >=20 > [RFC-3644] Snir, Y., et al., "Policy Quality of Service (QoS)=20 > Information Model", RFC 3644, November 2003.=20 >=20 > [RFC-4026] Andersson, L., Madsen, T., "Provider-Provisioned Virtual= =20 > Private Network (VPN) Terminology", RFC 4026, March 2005= .=20 >=20 > [RFC-4031] Carugi, M., et al., "Service Requirements for Layer 3=20 > Provider Provisioned Virtual Private Networks (PPVPNs)",= =20 > RFC 4031, April 2005.=20 >=20 > [RFC-4111] Fang, L., et al., "Security Framework for Provider- > Provisioned Virtual Private Networks (PPVPNs)", RFC 4111= ,=20 > July 2005.=20 >=20 > [RFC-4301] Kent, S., Seo, K., "Security Architecture for the=20 > Internet Protocol", RFC 4301, December 2005.=20 >=20 > =20 >=20 > 11.2. Informative References=20 >=20 > [RFC-2547bis] Rosen, E., Rekhter, Y., "BGP/MPLS VPNs", draft-ietf- > l3vpn-rfc2547bis-03.txt, Work in Progress, October 2004.= =20 >=20 > [VPN-VERIFICATION] Behringer, M., et al., "Layer-3 VPN Import/Expor= t=20 > Verification", draft- -ietf-l3vpn-vpn-verification- > 00.txt, Work in Progress, March 2005.=20 >=20 > =20 >=20 > =20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 28]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > Editor's Addresses =20 >=20 > Jim Guichard=20 > Cisco Systems, Inc=20 > 300 Beaver Brook Rd=20 > Boxborough=20 > MA =20 > Email: jguichar@cisco.com=20 > =20 > Martin Halstead=20 > Nexagent Ltd=20 > Thames Tower=20 > 37-45 Station Road=20 > Reading=20 > Berkshire=20 > UK=20 > RG1 1LX=20 > Email: mhalstead@nexagent.com=20 > =20 > Christian Jacquenet=20 > France Telecom=20 > 4, rue du Clos Courtel=20 > BP 91226=20 > 35512 Cesson-S=E9vign=E9 Cedex=20 > France=20 > Email: christian.jacquenet@francetelecom.com =20 > =20 >=20 > 12. Intellectual Property Statement=20 >=20 > The IETF takes no position regarding the validity or scope of any=20 > Intellectual Property Rights or other rights that might be claimed t= o=20 > pertain to the implementation or use of the technology described in=20 > this document or the extent to which any license under such rights=20 > might or might not be available; nor does it represent that it has=20 > made any independent effort to identify any such rights. Informatio= n=20 > on the procedures with respect to rights in RFC documents can be=20 > found in BCP 78 and BCP 79.=20 >=20 > Copies of IPR disclosures made to the IETF Secretariat and any=20 > assurances of licenses to be made available, or the result of an=20 > attempt made to obtain a general license or permission for the use o= f=20 > such proprietary rights by implementers or users of this=20 > specification can be obtained from the IETF on-line IPR repository a= t=20 > http://www.ietf.org/ipr.=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 29]=20 >=20 >=20 > Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 200= 6=20 > =20 >=20 > The IETF invites any interested party to bring to its attention any=20 > copyrights, patents or patent applications, or other proprietary=20 > rights that may cover technology that may be required to implement=20 > this standard. Please address the information to the IETF at=20 > ietf-ipr@ietf.org.=20 >=20 > Disclaimer of Validity=20 >=20 > This document and the information contained herein are provided on a= n=20 > "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENT= S=20 > OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET=20 > ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,=20 > INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE=20 > INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED=20 > WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.=20 >=20 > Copyright Statement=20 >=20 > Copyright (C) The Internet Society (2006).=20 >=20 > This document is subject to the rights, licenses and restrictions=20 > contained in BCP 78, and except as set forth therein, the authors=20 > retain all their rights.=20 >=20 > =20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > =20 > =20 > Expires July 26, 2006 [Page 30]=20 >=20 >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 > _______________________________________________ > Mavs mailing list > Mavs@ietf.org > https://www1.ietf.org/mailman/listinfo/mavs _______________________________________________ Mavs mailing list Mavs@ietf.org https://www1.ietf.org/mailman/listinfo/mavs From mavs-bounces@ietf.org Tue Feb 14 11:17:39 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F92rz-0008Ec-TC; Tue, 14 Feb 2006 11:17:39 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F92rx-0008Cr-Tq for MAVS@megatron.ietf.org; Tue, 14 Feb 2006 11:17:38 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07899 for ; Tue, 14 Feb 2006 11:15:52 -0500 (EST) Received: from p-mail1.rd.francetelecom.com ([195.101.245.15]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F935k-0007BG-CW for MAVS@ietf.org; Tue, 14 Feb 2006 11:31:56 -0500 Received: from FTRDMEL2.rd.francetelecom.fr ([10.193.117.153]) by ftrdsmtp1.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.1830); Tue, 14 Feb 2006 17:17:30 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [Mavs] MAVS Requirements Draft posted Date: Tue, 14 Feb 2006 17:17:26 +0100 Message-ID: <8AA97249241F7148BE6D3D8B93D83F5A0945D177@FTRDMEL2.rd.francetelecom.fr> Thread-Topic: [Mavs] MAVS Requirements Draft posted Thread-Index: AcYxA9b8N+pBWaT1Th2LMSIVq/HklwAAKfKg From: "JACQUENET Christian RD-TCH-REN" To: , X-OriginalArrivalTime: 14 Feb 2006 16:17:30.0971 (UTC) FILETIME=[27CA32B0:01C63182] X-Spam-Score: 0.0 (/) X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0 Content-Transfer-Encoding: quoted-printable Cc: MAVS@ietf.org, "Jim Guichard \(jguichar\)" X-BeenThere: mavs@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Multiprovider End-to-end VPN Services List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mavs-bounces@ietf.org Errors-To: mavs-bounces@ietf.org Dimitri, Many thanks for your comments...and for re-activating this list :-) More = below.=20 -----Message d'origine----- De : dimitri papadimitriou [mailto:dpapadimitriou@psg.com]=20 Envoy=E9 : mardi 14 f=E9vrier 2006 02:12 =C0 : JACQUENET Christian RD-TCH-REN Cc : MAVS@ietf.org; Jim Guichard (jguichar) Objet : Re: [Mavs] MAVS Requirements Draft posted hi christian, there is indeed lot's of progress achieved in terms of requirements for=20 activating multi-AS/SP VPNs; imho, starting with topological, security=20 and management should received most of the attention (as first step); CJ: thanks for your encouragement - I'm sure all the editors will = appreciate :-) concerning "QoS" it would be appropriate to come with a sort of first=20 layout because as far as my memory goes a discussion had been initiated=20 in Yokohama on QoS for VPN that lead to a short section in RFC4364 and=20 as the document also explains very few is available in terms of std's on = which this multi-AS/SP QoS could rely on; so, from the QoS perspective=20 the starting point is different than for inst. the topological aspects CJ: I'm not sure I fully understand this comment. In the QoS section, we = tried to insist on the current issues and requirements we'd like to deal = with as far as the provisioning of inter-domain VPN services with the = required level of quality (as expressed and potentially negotiated with = the customer) is concerned. What we tried to suggest is, e.g., to = encourage the ability of exhanging of QoS information between domains = assuming common understanding of such information, hence hopefully = yielding a *consistent* metrology to qualify how efficiently a = VPN-specific QoS policy is enforced, based upon commonly understood QoS = indicators, for example. So, the "layoout" you mention in your comment = could consist in encouraging the standardization of a SLS template to = (reliably) exchange (and negotiate) QoS information not only between a = customer and a specific VSP, but also between VSPs. the provided classification and the selected items should be completed=20 by a detailed work plan with set of "actions" that would be part of a=20 charter relationship with the work carried out as part of other working groups=20 (SIDR, DCP, etc.) could then be determined CJ: agreed. i would be willing to help in this process CJ: cool, let me suggest you send the editors the corresponding text of = this presumably new section of the draft. Cheers, Christian. _______________________________________________ Mavs mailing list Mavs@ietf.org https://www1.ietf.org/mailman/listinfo/mavs From mavs-bounces@ietf.org Wed Feb 15 11:26:58 2006 Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9PUX-0003SY-Up; Wed, 15 Feb 2006 11:26:57 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9PUW-0003MI-NQ for MAVS@megatron.ietf.org; Wed, 15 Feb 2006 11:26:56 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02608 for ; Wed, 15 Feb 2006 11:25:09 -0500 (EST) Received: from hostedexchange.hostedservice.com ([217.28.130.38]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F9PiS-0003nw-5Q for MAVS@ietf.org; Wed, 15 Feb 2006 11:41:25 -0500 Received: from THHS2EXBE2X.hostedservice2.net ([192.168.33.20]) by hostedexchange.hostedservice.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 15 Feb 2006 16:26:46 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Wed, 15 Feb 2006 16:26:45 -0000 Message-ID: thread-topic: MAVS draft has now been posted thread-index: AcYxA9b8N+pBWaT1Th2LMSIVq/HklwAAKfKgAFHMLqA= From: "Martin Halstead" To: X-OriginalArrivalTime: 15 Feb 2006 16:26:46.0254 (UTC) FILETIME=[9D2D68E0:01C6324C] X-Spam-Score: 0.0 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Content-Transfer-Encoding: quoted-printable Cc: Subject: [Mavs] MAVS draft has now been posted X-BeenThere: mavs@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Multiprovider End-to-end VPN Services List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mavs-bounces@ietf.org Errors-To: mavs-bounces@ietf.org All Just to let you know that the 'official' version of this draft has been posted today. Please comment so that we can make sure that your requirements are captured in future versions. ----- Message: 2 Date: Wed, 15 Feb 2006 10:50:01 -0500 From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-halstead-guichard-mavs-requirements-01.txt=20 To: i-d-announce@ietf.org Message-ID: Content-Type: text/plain; charset=3D"us-ascii" A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Requirements for Multi Autonomous System VPN Services Author(s) : M. Halstead, et al. Filename : draft-halstead-guichard-mavs-requirements-01.txt Pages : 30 Date : 2006-2-13 =09 This document complements [RFC4031] and defines requirements that are=20 specific to the delivery of BGP/MPLS-based [RFC-2547bis] VPN services=20 across multiple administrative domains. These requirements are=20 independent of underlying technologies or the number of Autonomous=20 Systems such VPNs may span. It lists the requirements of the=20 different parties that are involved in the administration of these=20 Autonomous Systems and may therefore be involved in the delivery of=20 the VPN service offerings. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-halstead-guichard-mavs-require ments-01.txt Regards Martin _______________________________________________ Mavs mailing list Mavs@ietf.org https://www1.ietf.org/mailman/listinfo/mavs