<?xmlversion="1.0" encoding="US-ASCII"?>version='1.0' encoding='utf-8'?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ ]> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <?rfc toc="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc iprnotified="no"?> <?rfc strict="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-ietf-detnet-data-plane-framework-06" number="8938" ipr="trust200902"submissionType="IETF">submissionType="IETF" consensus="true" obsoletes="" updates="" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 2.46.0 --> <front> <title abbrev="DetNet Data Plane Framework">DetNetDeterministic Networking (DetNet) Data Plane Framework</title> <seriesInfo name="RFC" value="8938"/> <author role="editor"fullname="Balázsfullname="Balázs Varga" initials="B." surname="Varga"> <organization>Ericsson</organization> <address> <postal> <street>Magyar Tudosok krt. 11.</street> <city>Budapest</city> <country>Hungary</country> <code>1117</code> </postal> <email>balazs.a.varga@ericsson.com</email> </address> </author> <authorfullname="Jánosfullname="János Farkas" initials="J." surname="Farkas"> <organization>Ericsson</organization> <address> <postal> <street>Magyar Tudosok krt. 11.</street> <city>Budapest</city> <country>Hungary</country> <code>1117</code> </postal> <email>janos.farkas@ericsson.com</email> </address> </author> <author fullname="Lou Berger" initials="L." surname="Berger"> <organization>LabN Consulting, L.L.C.</organization> <address> <email>lberger@labn.net</email> </address> </author> <author fullname="Andrew G. Malis"initials="A.G."initials="A." surname="Malis"> <organization>Malis Consulting</organization> <address> <email>agmalis@gmail.com</email> </address> </author> <author fullname="Stewart Bryant" initials="S." surname="Bryant"> <organization>Futurewei Technologies</organization> <address><email>stewart.bryant@gmail.com</email> </address> </author> <!-- <author fullname="Jouni Korhonen" initials="J." surname="Korhonen"> //organization abbrev="Nordic">Nordic Semiconductor</organization <address> <email>jouni.nospam@gmail.com</email><email>sb@stewartbryant.com</email> </address> </author>--><date/> <workgroup>DetNet</workgroup>month="November" year="2020"/> <abstract> <t> This document provides an overall framework for theDetNetDeterministic Networking (DetNet) data plane. It covers concepts and considerations that are generally common to anyDeterministic NetworkingDetNet data plane specification. It describes relatedcontroller planeController Plane considerations as well. </t> </abstract> </front><!-- *********************************************** IESG review comment resolutions in this version: DONE - Sabrina Tanamal, IANA, (03-12), OK - Christer Holmberg, (03-15), Ready with Nits - Yoshifumi Nishida, (04-07), Ready with Nits - Murray Kucherawy (04-12), Editorial nits mostly - Barry Leiba, (04-15), Editorial comments To be discussed: - Chris Lonvick, (03-13), Ready with Issues (Ready, as soon as I-D.ietf-detnet-security is reviewed and becomes an RFC.) *********************************************** --><middle> <sectiontitle="Introduction" anchor="sec_intro">anchor="sec_intro" numbered="true" toc="default"> <name>Introduction</name> <t> DetNet (Deterministic Networking) providesa capabilitythe ability to carry specified unicast or multicast data flows for real-time applications with extremely low packet loss rates and assured maximum end-to-end delivery latency. A description of the general background and concepts of DetNet can be found in <xreftarget="RFC8655"/>.target="RFC8655" format="default"/>. </t> <t> This document describes the concepts needed by any DetNet data plane specification (i.e., the DetNet-specific use of packet header fields) and provides considerations for any corresponding implementation. It covers the building blocks that provide the DetNet service, the DetNet servicesub-layersub&nbhy;layer, and the DetNet forwardingsub-layersub&nbhy;layer functions as described in the DetNetArchitecture.architecture <xref target="RFC8655"/>. </t> <t> The DetNetArchitecturearchitecture models theDetNet relatedDetNet-related data plane functions as being decomposed into twosub-layers:sub&nbhy;layers: a servicesub-layersub&nbhy;layer and a forwardingsub-layer.sub&nbhy;layer. The servicesub-layersub&nbhy;layer is used to provide DetNet service protection and reordering. The forwardingsub-layersub&nbhy;layer leveragesTraffic Engineeringtraffic engineering mechanisms and provides congestion protection (low loss, assured latency, and limited out-of-order delivery). A particular forwardingsub-layersub&nbhy;layer may have capabilities that are not available on otherforwarding-sub layers.forwarding sub&nbhy;layers. DetNet makes use of the existing forwardingsub-layerssub&nbhy;layers with their respective capabilities and does not require 1:1 equivalence between different forwardingsub-layersub&nbhy;layer capabilities. </t> <t> As part of the servicesub-layersub&nbhy;layer functions, this document describes typical DetNet node data plane operation. It describes the functionality and operation of the Packet Replication Function (PRF), the Packet Elimination Function (PEF), and the Packet Ordering Function (POF)functionswithin the servicesub-layer.sub&nbhy;layer. Furthermore, it describes the forwardingsub-layer.sub&nbhy;layer. </t> <t> As defined in <xreftarget="RFC8655"/>,target="RFC8655" format="default"/>, DetNet flows may be carried over network technologies that can providethe DetNet requiredservicecharacteristics.characteristics required by DetNet. For example, DetNet MPLS flows can be carried over IEEE 802.1Time Sensitive NetworkTime-Sensitive Networking (TSN) sub-networks <xreftarget="IEEE802.1TSNTG"/> sub-networks.target="IEEE802.1TSNTG" format="default"/>. However, IEEE 802.1 TSN support is not required in DetNet. TSN frame preemption is an example of a forwarding layer capability that is typically not replicated in other forwarding technologies. Most ofDetNetDetNet's benefits can be gained by running over adata linkdata-link layer that has not been specifically enhanced to support all TSNcapabilitiescapabilities, but for such networks and trafficmixesmixes, delay and jitter performance may vary due to the forwardingsub-layersub&nbhy;layer's intrinsic properties. </t> <t> Different application flows, such as Ethernet or IP, can be mapped on top of DetNet. DetNet can optionally reuse header information provided by, or shared with, applications. An example of shared header fields can be found in <xreftarget="I-D.ietf-detnet-ip"/>.target="RFC8939" format="default"/>. </t> <t> This document also covers basic concepts related to thecontroller planeController Plane and Operations, Administration, and Maintenance (OAM). Data plane OAM specifics are out of scope for this document. </t> </section> <sectiontitle="Terminology"> <section title="Termsnumbered="true" toc="default"> <name>Terminology</name> <section numbered="true" toc="default"> <name>Terms Used in ThisDocument">Document</name> <t> This document uses the terminology established in the DetNet architecture <xreftarget="RFC8655"/>,target="RFC8655" format="default"/>, and it is assumed that the reader isassumed to befamiliar with that document and its terminology. </t> </section><?rfc subcompact="yes" ?><sectiontitle="Abbreviations">numbered="true" toc="default"> <name>Abbreviations</name> <t> The following abbreviations are used in this document:<list style="hanging" hangIndent="14"> <t hangText="BGP">Border</t> <dl newline="false" indent="12"> <dt>BGP</dt> <dd>Border GatewayProtocol.</t> <t hangText="d-CW">DetNetProtocol</dd> <dt>CoS</dt> <dd>Class of Service</dd> <dt>d-CW</dt> <dd>DetNet ControlWord.</t> <t hangText="DetNet">Deterministic Networking.</t> <t hangText="DN">DetNet.</t> <t hangText="GMPLS">GeneralizedWord</dd> <dt>DetNet</dt> <dd>Deterministic Networking</dd> <dt>DN</dt> <dd>DetNet</dd> <dt>GMPLS</dt> <dd>Generalized Multiprotocol LabelSwitching.</t> <t hangText="GRE">GenericSwitching</dd> <dt>GRE</dt> <dd>Generic RoutingEncapsulation.</t> <t hangText="IPSec">IP Security.</t> <t hangText="L2">Layer 2.</t> <t hangText="LSP">LabelEncapsulation</dd> <dt>IPsec</dt> <dd>IP Security</dd> <dt>L2</dt> <dd>Layer 2</dd> <dt>LSP</dt> <dd>Label SwitchedPath.</t> <t hangText="MPLS">MultiprotocolPath</dd> <dt>MPLS</dt> <dd>Multiprotocol LabelSwitching.</t> <t hangText="OAM">Operations,Switching</dd> <dt>OAM</dt> <dd>Operations, Administration, andMaintenance.</t> <t hangText="PCEP">PathMaintenance</dd> <dt>PCEP</dt> <dd>Path Computation Element CommunicationProtocol.</t> <t hangText="PEF">PacketProtocol</dd> <dt>PEF</dt> <dd>Packet EliminationFunction.</t> <t hangText="PRF">Packet Replication Function.</t> <t hangText="PREOF">PacketFunction</dd> <dt>POF</dt> <dd>Packet Ordering Function</dd> <dt>PREOF</dt> <dd>Packet Replication,EliminationElimination, and OrderingFunctions.</t> <t hangText="POF">Packet Ordering Function.</t> <t hangText="PSN">PacketFunctions</dd> <dt>PRF</dt> <dd>Packet Replication Function</dd> <dt>PSN</dt> <dd>Packet SwitchedNetwork.</t> <t hangText="QoS">Quality of Service.</t> <t hangText="S-Label">DetNetNetwork</dd> <dt>QoS</dt> <dd>Quality of Service</dd> <dt>S-Label</dt> <dd>DetNet "service"label.</t> <t hangText="TDM">Time-Division Multiplexing.</t> <t hangText="TSN">Time-Sensitive Network.</t> <t hangText="YANG">Yetlabel</dd> <dt>TDM</dt> <dd>Time-Division Multiplexing</dd> <dt>TSN</dt> <dd>Time-Sensitive Networking</dd> <dt>YANG</dt> <dd>Yet Another NextGeneration.</t> </list> </t>Generation</dd> </dl> </section> </section><!-- end of terminology --> <?rfc subcompact="no" ?><sectiontitle="DetNetanchor="sec_dt_dp" numbered="true" toc="default"> <name>Overview of the DetNet DataPlane Overview" anchor="sec_dt_dp">Plane</name> <t> This document describes how application flows, orapp-flows,App-flows <xref target="RFC8655"/>, are carried over DetNet networks. The DetNetArchitecturearchitecture <xreftarget="RFC8655"/>target="RFC8655" format="default"/> models the DetNet-related data plane functions as decomposed into twosub-layers:sub&nbhy;layers: a servicesub-layersub&nbhy;layer and a forwardingsub-layer.sub&nbhy;layer. </t> <t> <xreftarget="ProtStack1"/>,target="ProtStack1" format="default"/>, reproduced from <xreftarget="RFC8655"/>,target="RFC8655" format="default"/>, shows a logical DetNet service with the twosub-layers.sub&nbhy;layers. </t> <figurealign="center" anchor="ProtStack1" title="DetNet data plane protocol stack">anchor="ProtStack1"> <name>DetNet Data Plane Protocol Stack</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ | packets going | ^ packets coming ^ v down the stack v | up the stack | +-----------------------+ +-----------------------+ | Source | | Destination | +-----------------------+ +-----------------------+ | Service sub-layer: | | Service sub-layer: | | Packet sequencing | | Duplicate elimination | | Flow replication | | Flow merging | | Packet encoding | | Packet decoding | +-----------------------+ +-----------------------+ | Forwarding sub-layer: | | Forwarding sub-layer: | | Resource allocation | | Resource allocation | | Explicit routes | | Explicit routes | +-----------------------+ +-----------------------+ | Lower layers | | Lower layers | +-----------------------+ +-----------------------+ v ^\_________________________/ ]]></artwork>\_________________________/]]></artwork> </figure> <t> The DetNet forwardingsub-layersub&nbhy;layer may be directly provided by the DetNet servicesub-layer,sub&nbhy;layer -- forexampleexample, by IP tunnels or MPLS. Alternatively, an overlay approach may be used in which the packet is natively carried between key nodes within the DetNet network(say(say, between PREOFnodes)nodes), and asub-layersub&nbhy;layer is used to provide the information needed to reach the next hop in the overlay. </t> <t> The forwardingsub-layersub&nbhy;layer provides theQoS relatedQoS-related functions needed by the DetNet flow. It may do this directly through the use of queuing techniques and traffic engineering methods, or it may do this through the assistance of its underlying connectivity. Forexampleexample, it may call upon Ethernet TSN capabilities defined in IEEE 802.1 TSN <xreftarget="IEEE802.1TSNTG"/>.target="IEEE802.1TSNTG" format="default"/>. The forwardingsub-layersub&nbhy;layer uses buffer resources for packet queuing, as well as reservation and allocation of bandwidth capacity resources. </t> <t> The servicesub-layersub&nbhy;layer provides additional support beyond the connectivity function of the forwardingsub-layer.sub&nbhy;layer. See <xreftarget="PREOF"/> as an example for Packet Replication, Elimination, and Ordering functions.target="PREOF" format="default"/> regarding PREOF. Theordering function (POF)POF uses sequence numbers added topacketspackets, enabling a range of packet order protection from simple ordering and dropping out-of-order packets to more complex reordering of a fixed number of out-of-order, minimally delayed packets. Reordering requires buffer resources and has an impact on the delay and jitter of packets in the DetNet flow. </t> <t> The method of instantiating each of the layers is specific to the particular DetNet data plane method, and more than one approach may be applicable to a given network type. </t> <sectiontitle="Dataanchor="sec_dp_char" numbered="true" toc="default"> <name>Data PlaneCharacteristics" anchor="sec_dp_char">Characteristics</name> <t>There areThe data plane has two majorcharacteristics to the data plane:characteristics: the technology and the encapsulation, as discussed below. </t> <sectiontitle="Dataanchor="sec_dp_tech" numbered="true" toc="default"> <name>Data PlaneTechnology" anchor="sec_dp_tech">Technology</name> <t> The DetNet data plane is provided by the DetNet service and forwardingsub layers.sub&nbhy;layers. The DetNet servicesub-layersub&nbhy;layer generally provides its functions for the DetNet application flows by using or applying existing standardized headers and/or encapsulations. TheDetnetDetNet forwardingsub-layersub&nbhy;layer may provide capabilities leveraging that same header or encapsulation technology (e.g., DN IP or DNMPLS)MPLS), or it may be achievedbyvia othertechnologiestechnologies, as shown in <xreftarget="dn_svc_encaps"/>.target="dn_svc_encaps" format="default"/> below. DetNet is currently defined for operation over packet-switched (IP) networks or label-switched (MPLS) networks. </t> </section> <sectiontitle="Encapsulation" anchor="sec_dp_encap">anchor="sec_dp_encap" numbered="true" toc="default"> <name>Encapsulation</name> <t> DetNet encodes specific flow attributes (flow identity and sequence number) in packets. For example, in DetNet IP, zero encapsulation isusedused, and no sequence number isavailable, andavailable; in DetNet MPLS, DetNet-specific information may be added explicitly to the packets in the form ofS-labelan S-Label and a d-CW <xreftarget="I-D.ietf-detnet-mpls"/> .target="DetNet-MPLS" format="default"/>. </t> <t> The encapsulation of a DetNet flow allows it to be sent over a data plane technology other than its native type. DetNet uses header information to perform traffic classification, i.e., identify DetNet flows, and provide DetNet service and forwarding functions. As mentioned above, DetNet may add headers, as is the case for DN MPLS, or may use headers that are already present, as is the caseinfor DN IP. <xreftarget="dn_svc_encaps"/>target="dn_svc_encaps" format="default"/> illustrates some relationships between the components. </t> <figureanchor="dn_svc_encaps" align="center" title="DetNetanchor="dn_svc_encaps"> <name>DetNet ServiceExamples">Examples</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ +-----+ | TSN | +-------+ +-+-----+-+ | DN IP | | DN MPLS | +--+--+----+----+ +-+---+-----+-+ | TSN | DN MPLS | | TSN | DN IP | +-----+---------++-----+-------+ ]]></artwork>+-----+-------+]]></artwork> </figure> <t> The use of encapsulation is also required if additional information (metadata) is needed by the DetNet data plane andthere iseither (1) there is no ability to include it in the client datapacket,packet orthe(2) the specification of the client data plane does not permit the modification of the packet to include additional data. An example of such metadata is the inclusion of a sequence number required bythe PREOF function.PREOF. </t> <t> Encapsulation may also be used to carry or aggregate flows for equipment with limited DetNet capability. </t> </section> </section> <sectiontitle="DetNet-specific Metadata" anchor="sec_dp_metadata">anchor="sec_dp_metadata" numbered="true" toc="default"> <name>DetNet-Specific Metadata</name> <t> The DetNet data plane can provide or carry the following metadata:<list style="numbers"> <t> Flow-ID</t><t><ol spacing="normal" type="1"> <li> Flow-ID </li> <li> SequenceNumber </t> </list> </t>number </li> </ol> <t> The DetNet data plane framework supports a Flow-ID (for identification of the flow or aggregate flow) and/or aSequence Numbersequence number (for PREOF) for each DetNet flow. The Flow-ID is used by both the service and forwardingsub-layers,sub&nbhy;layers, but the sequence number is only used by the service layer. Metadata can also be used for OAM indications and instrumentation of DetNet data plane operation. </t> <t> Metadata inclusion can be implicit or explicit. Explicit inclusions involve a dedicated header field that is used to include metadata in a DetNet packet. In the implicit method, part of analready existingalready-existing header field is used to encode the metadata. </t> <t> Explicit inclusion of metadata is possible through the use of IP options or IP extension headers. New IP options are almost impossible to get standardized or to deploy in an operational network and will not be discussed further in this text. IPv6extensionsextension headers are finding popularity in current IPv6 development work, particularly in connection with Segment Routing of IPv6 (SRv6) and IP OAM. The design of a new IPv6 extension header or the modification of an existing one is a technique available in thetool boxtoolbox of the DetNet IP data plane designer. </t> <t> Explicit inclusion of metadata in an IP packet is also possible through the inclusion of an MPLS label stack and the MPLSDetNet Control Wordd-CW, using one of the methods for carrying MPLS over IP <xreftarget="I-D.ietf-detnet-mpls-over-udp-ip"/>.target="DetNet-MPLS-over-UDP-IP" format="default"/>. This is described in more detail in <xreftarget="subnet_considerations"/>.target="subnet_considerations" format="default"/>. </t> <t> Implicit metadata in IP can be included through the use of the network programming paradigm <xreftarget="I-D.ietf-spring-srv6-network-programming"/>target="SRv6-Network-Prog" format="default"/>, in which the suffix of an IPv6 address is used to encode additional information for use by the network of the receiving host. </t> <t> An MPLS example of explicit metadata is the sequence number used bythe PREOF function,PREOF, or even the case where all the essential informationbeingis includedintoin theDetNet over MPLSDetNet-over-MPLS label stack (theDetNet Control Wordd-CW and the DetNetService label).S-Label). </t> </section> <sectiontitle="DetNetanchor="sec_dt_ip_dp" numbered="true" toc="default"> <name>DetNet IP DataPlane" anchor="sec_dt_ip_dp">Plane</name> <t> An IP data plane may operate natively or through the use of an encapsulation. Many types of IP encapsulation can satisfy DetNetrequirementsrequirements, and it is anticipated that more than one encapsulation may bedeployed,deployed -- forexampleexample, GRE,IPSec.IPsec. </t> <t> One method of operating an IP DetNet data plane without encapsulation is to use"6-tuple" based6-tuple-based flow identification, where "6-tuple" refers to information carried inIPIP-layer andhigher layerhigher-layer protocol headers. General background on the use of IPheaders,headers and"6-tuples",6-tuples to identify flows and supportQuality of Service (QoS)QoS can be found in <xreftarget="RFC3670"/>.target="RFC3670" format="default"/>. The extra field in the 6-tuple is the DSCP field in the packet. <xreftarget="RFC7657"/>target="RFC7657" format="default"/> provides useful background on differentiated services(DiffServ)(Diffserv) and"tuple" basedtuple-based flow identification. DetNet flow aggregation may be enabled via the use of wildcards, masks,prefixesprefixes, and ranges. The operation of this method is described in detail in <xreftarget="I-D.ietf-detnet-ip"/>.target="RFC8939" format="default"/>. </t> <t> The DetNet forwarding plane may use explicit route capabilities and traffic engineering capabilities to provide a forwardingsub-layersub&nbhy;layer that is responsible for providing resource allocation and explicit routes. It is possible to include such information in a native IP packetexplicitly,either explicitly or implicitly. </t> </section> <sectiontitle="DetNetanchor="sec_dt_mpls_dp" numbered="true" toc="default"> <name>DetNet MPLS DataPlane" anchor="sec_dt_mpls_dp">Plane</name> <t> MPLS provides a forwardingsub-layersub&nbhy;layer for traffic over implicit and explicit paths to the point in the network where the next DetNet servicesub-layersub&nbhy;layer action needs to take place. It does this through the use of a stack of one or more labels with various forwarding semantics. </t> <t> MPLS also provides the ability to identify a service instance that is used to process the packet through the use of a label that maps the packet to a service instance. </t> <t> In cases where metadata is needed to process anMPLS encapsulatedMPLS-encapsulated packet at the servicesub-layer,sub&nbhy;layer, the d-CW <xreftarget="I-D.ietf-detnet-mpls"/>, <xref target="RFC4385"/>target="DetNet-MPLS" format="default"/> can be used. Although such d-CWs are frequently 32 bits long, there is no architectural constraint on the size of thisstructure,structure -- only the requirement that itisbe fully understood by all parties operating on it in the DetNet servicesub-layer.sub&nbhy;layer. The operation of this method is described in detail in <xreftarget="I-D.ietf-detnet-mpls"/>.target="DetNet-MPLS" format="default"/>. </t> </section> <sectiontitle="Furtheranchor="further_dn_dp_consid" numbered="true" toc="default"> <name>Further DetNet Data PlaneConsiderations" anchor="further_dn_dp_consid">Considerations</name> <t> This section provides informative considerations related to providing DetNet service to flowswhichthat are identified based on their header information. </t> <sectiontitle="Per Flow Related Functions" anchor="further_dn_dp_pf">anchor="further_dn_dp_pf" numbered="true" toc="default"> <name>Functions Provided on a Per-Flow Basis</name> <t> At a high level, the following functions are provided on aper flowper-flow basis. </t> <sectiontitle="Reservationnumbered="true" toc="default"> <name>Reservation and Allocation ofresources">Resources</name> <t> Resources might be reserved in order to make them available for allocation to specific DetNet flows. This can eliminate packet contention and packet loss for DetNet traffic. This also can reduce jitter for DetNet traffic. Resources allocated to a DetNet flow protect it from other traffic flows. On the other hand, it is assumed that DetNet flowsare assumed tobehave in accordance withrespect tothe reserved traffic profile. It must be possible to detect misbehaving DetNet flows and to ensure that they do not compromise QoS of other flows. Queuing, policing, and shaping policies can be used to ensure that the allocation of resources reserved for DetNet is met. </t> </section> <sectiontitle="Explicit routes">numbered="true" toc="default"> <name>Explicit Routes</name> <t> A flow can be routed over a specific,pre-computedprecomputed path. This allows control ofthenetwork delay by steering the packet with the ability to influence the physical path. Explicit routes complement reservation by ensuring that a consistent path can be associated with its resources for the duration of that path. Coupled with the traffic mechanism, this limits misordering and bounds latency. Explicit route computation can encompass a wide set of constraints and can optimize the path for a certain characteristic, e.g., highest bandwidth or lowest jitter. In thesecasescases, the "best" path for any set of characteristics may not be a shortest path. The selection of the path can take into account multiple network metrics. Some of these metrics are measured and distributed by the routing system as traffic engineering metrics. </t> </section> <sectiontitle="Service protection">numbered="true" toc="default"> <name>Service Protection</name> <t> Service protection involves the use of multiple packet streams using multiplepaths,paths -- forexampleexample, 1+1 or 1:1 linear protection. For DetNet, this primarily relates to packet replication and elimination capabilities. MPLS offers a number of protection schemes. MPLS hitless protection can be used to switch traffic to analready establishedalready-established path in order to restore delivery rapidly after a failure. Path changes, even in the case of failure recovery, can lead to theout of orderout-of-order delivery of data requiringpacket ordering functionsPOFs either within the DetNet service or at a high layer in the application traffic. Establishment of new paths after a failure is out of scope for DetNet services. </t> </section> <sectiontitle="Network Coding">numbered="true" toc="default"> <name>Network Coding</name> <t> Network Coding <xreftarget="nwcrg"/>,target="nwcrg" format="default"/>, not to be confused with network programming, comprises several techniques where multiple data flows are encoded. These resulting flows can then be sent on different paths. The encoding operation can combine flows and error recovery information. When the encoded flows are decoded andrecombinedrecombined, the original flows can be recovered. Note that NetworkcodingCoding uses an alternative topacket by packetpacket-by-packet PREOF. Therefore, for certain network topologies and traffic loads, Network Coding can be used to improve a network's throughput, efficiency, latency, and scalability, as well as resilience to partition, attacks, and eavesdropping, as compared to traditional methods. DetNet could use NetworkcodingCoding as an alternative to otherprotection means.means of protection. NetworkcodingCoding is often applied in wireless networks and is being explored for other network types. </t> </section> <sectiontitle="Load sharing">numbered="true" toc="default"> <name>Load-Sharing</name> <t>UseThe use of packet-by-packetload sharingload-sharing of the same DetNet flow over multiple paths is notrecommendedrecommended, except for the cases listed above where PREOFisare utilized to improve protection of traffic and maintain order. Packet-by-packetload sharing,load-sharing, e.g., viaECMP or UCMP,Equal-Cost Multipath (ECMP) or Unequal-Cost Multipath (UCMP), impacts orderingand possiblyand, possibly, jitter. </t><!-- I think this section below should refer to OAM for the various underlying technology the one area that may be for consideration is how detnet can identify specific tunneled traffic. Of course that allows for security vulnerabilities --></section> <sectiontitle="Troubleshooting">numbered="true" toc="default"> <name>Troubleshooting</name> <t>DetnetDetNet leverages many different forwardingsub-layers,sub&nbhy;layers, each of which supports various tools to troubleshootconnectivity,connectivity -- forexampleexample, identification of misbehaving flows. The DetNetServiceservice layer can leverage existing mechanisms to troubleshoot or monitor flows, such as those in use by IP and MPLS networks. At the Applicationlayerlayer, a client of a DetNet service can use existing techniques to detect and monitor delay and loss. </t> </section> <sectiontitle="Flow recognitionnumbered="true" toc="default"> <name>Flow Recognition foranalytics">Analytics</name> <t> Network analytics can be inherited from the technologies of theServiceservice andForwarding sub-layers.forwarding sub&nbhy;layers. At the DetNet service edge, packet and bit counters(e.g.(e.g., sent, received, dropped,and out-of-sequence)out of sequence) can be maintained. </t> </section> <sectiontitle="Correlationnumbered="true" toc="default"> <name>Correlation ofeventsEvents withflows">Flows</name> <t> The provider of a DetNet service may provide other capabilities to monitor flows, such as more detailed loss statistics andtime stampingtimestamping of events.The details ofDetails regarding these capabilities are out of scope for this document. </t> </section> </section><!-- End of Per Flow Related Functions --><sectiontitle="Service Protection">numbered="true" toc="default"> <name>Service Protection</name> <t> Service protection allows DetNet services to increase reliability and maintain aDetNet Service Assurancedesired level of service assurance in the case of network congestion or network failure.DetnetDetNet relies on the underlying technology capabilities for various protection schemes. Protection schemes enable partial or complete coverage of the network paths and active protection with combinations of the PRF, PEF, and POF. </t> <sectiontitle="Linearnumbered="true" toc="default"> <name>Linear ServiceProtection">Protection</name> <t> An example DetNet MPLS network fragment and its packet flowisare illustrated in <xreftarget="dn_protection_flow"/>.target="dn_protection_flow" format="default"/>. </t> <figureanchor="dn_protection_flow" align="center" title="Exampleanchor="dn_protection_flow"> <name>Example of Packet Flowin DetNetProtectedNetwork">by DetNet</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ 1 1.1 1.1 1.2.1 1.2.1 1.2.2 CE1----EN1--------R1-------R2-------R3--------EN2-----CE2 \ 1.2.1 / / \1.2/-----+/------+ / +------R4------------------------+1.2.2 ]]></artwork>1.2.2]]></artwork> </figure> <t> In <xreftarget="dn_protection_flow"/>target="dn_protection_flow" format="default"/>, the numbers are used to identify the instance of a packet. Packet 1 is the originalpacket, and packets 1.1,packet. Packets 1.1 and 1.2 are twofirst generationfirst-generation copies of packet1. Packet1, packet 1.2.1 is asecond generationsecond-generation copy of packet 1.2,etc.and so on. Note that these numbers never appear in thepacket,packet and are not to be confused with sequence numbers,labelslabels, or any otheridentifieridentifiers thatappearsappear in the packet. They simply indicate the generation number of the original packet so that its passage through the network fragment can be identifiedtofor the reader. </t> <t> Customer Equipment device CE1 sends a packet into theDetNet enabledDetNet-enabled network. This is packet(1).1. Edge Node EN1 encapsulates the packet as a DetNet packet and sends it to RelaynodeNode R1 (packet 1.1). EN1 makes a copy of the packet (1.2), encapsulatesitit, and sends this copy to RelaynodeNode R4. </t> <t> Note thatalong the path from EN1 toR1 may be directly attached to EN1, or there may bezeroone or more nodeswhich,on the path that, for clarity, are notshown.shown in <xref target="dn_protection_flow" format="default"/>. The sameisholds true for any other path between two DetNet entities as shown in<xref target="dn_protection_flow"/>.the figure. </t> <t> RelaynodeNode R4 has been configured to send one copy of the packet to Relay Node R2 (packet 1.2.1) and one copy to Edge Node EN2 (packet 1.2.2). </t> <t> R2 receives packet copy 1.2.1 before packet copy 1.1arrives,arrives and, having been configured to perform packet elimination on this DetNet flow, forwards packet 1.2.1 to Relay Node R3. Packet copy 1.1 is of no further use and so is discarded by R2. </t> <t> Edge Node EN2 receives packet copy 1.2.2 from R4 before it receives packet copy 1.2.1 from R2 viarelayRelay Node R3. EN2 therefore strips any DetNet encapsulation from packet copy 1.2.2 and forwards the packet to CE2. When EN2 receivesthe laterpacket copy 1.2.1thislater on, the copy is discarded. </t> <t> The above is of course illustrative of many network scenarios that can be configured. </t> <t> This example also illustrates a 1:1 protectionschemescheme, meaning there is traffic over each segment of the end-to-end path. Local DetNet relay nodes determine which packets are eliminated and which packets are forwarded. A 1+1 scheme where only one path is used for traffic at a time could use the same topology. In thiscasecase, there is noPRF function <!-- we have a comment that PRF function is redundant, a F alreaady means function -->PRF, and traffic is switched upon detection of failure. An OAM scheme that monitors the paths to detect the loss of a path or traffic is required to initiate the switch. A POF may still be used in this case to prevent misordering of packets. In bothcasescases, the protection paths are established and maintained for the duration of the DetNet service. </t> </section> <sectiontitle="Pathnumbered="true" toc="default"> <name>Path DifferentialDelay">Delay</name> <t> In the preceding example, properworkingoperation of duplicate elimination and the reordering of packets are dependent on the number of out-of-order packets that can be buffered and thedelaydifference in delay of the arriving packets. DetNet uses flow-specific requirements (e.g., maximum number of out-of-order packets, maximum latency of the flow) for configuration of POF-related buffers. If the differential delay between paths is excessively large or there is excessivemis-orderingmisordering of the packets, then packets may be dropped instead of being reordered. Likewise, the PEF uses the sequence number to identify duplicate packets, and large differential delays combined with high numbers of packets may exceed the PEF's abilityof the PEFto work properly. </t> </section> <sectiontitle="Ringnumbered="true" toc="default"> <name>Ring ServiceProtection">Protection</name> <t> Ring protection may also be supported if the underlying technology supports it. Many of the same conceptsapply, howeverapply; however, rings are normally 1+1 protection for data efficiency reasons. <xreftarget="RFC8227"/> istarget="RFC8227" format="default"/> provides an example ofMPLS-TPan MPLS Transport Profile (MPLS-TP) data plane that supportsRingring protection. </t> </section> </section> <sectiontitle="Aggregation Considerations" anchor = "aggregation">anchor="aggregation" numbered="true" toc="default"> <name>Aggregation Considerations</name> <t> The DetNet data plane also allows for the aggregation of DetNet flows, which can improve scalability by reducing the per-hop state. How this is accomplished is data plane or control plane dependent. When DetNet flows are aggregated, transit nodes provide service to the aggregate and not on aper-DetNet flowper-DetNet-flow basis. When aggregating DetNet flows, the flows should be compatible, i.e., the same or very similar QoS and CoS characteristics. In this case, nodes performing aggregation will ensure that per-flow service requirements are achieved. </t> <t> If bandwidth reservations are used, the reservation should be the sum of all the individual reservations; in other words, the reservations should not add up to anover-subscriptionoversubscription of bandwidth reservation. If maximum delay bounds are used, the system should ensure that the aggregate does not exceed the delay bounds of the individual flows. </t> <t><!-- DetNet encapsulation is a data plane mechanism that can be used to aggregate traffic. Encapsulation can either be in the same service type or in a different service type see <xref target="dn_svc_encaps"/> for example.-->When an encapsulation is used, the choice of reserving a maximum resource level and then tracking the services in the aggregated service or adjusting the aggregated resources as the services are added is implementation and technology specific. </t> <t> DetNet flows at edges must be able to handle rejection to an aggregation group due to lack of resources as well as conditions where requirements are not satisfied. </t> <sectiontitle="IP Aggregation" anchor = "ip-agg">anchor="ip-agg" numbered="true" toc="default"> <name>IP Aggregation</name> <t> IP aggregation has both data plane andcontroller planeController Plane aspects. For the data plane, flows may be aggregated for treatment based on shared characteristics such as 6-tuple <xreftarget="I-D.ietf-detnet-ip"/>.target="RFC8939" format="default"/>. Alternatively, an IP encapsulation may be used to tunnel an aggregate number of DetNetFlowsflows between relay nodes. </t> </section> <sectiontitle="MPLS Aggregation" anchor = "mpls-agg">anchor="mpls-agg" numbered="true" toc="default"> <name>MPLS Aggregation</name> <t> MPLS aggregation also has data plane andcontroller planeController Plane aspects. MPLS flows are often tunneled in a forwardingsub-layer,sub&nbhy;layer, under the reservation associated with that MPLS tunnel. </t> </section> </section> <sectiontitle="End-System-Specific Considerations">numbered="true" toc="default"> <name>End-System-Specific Considerations</name> <t>Data-flowsData flows requiring DetNet service are generated and terminated onend-systems.end systems. Encapsulation depends on the application and its preferences. For example, in a DetNet MPLSdomaindomain, thesub-layersub&nbhy;layer functions use the d-CWs,S-LabelsS-Labels, and F-Labels <xref target="DetNet-MPLS"/> to provide DetNet services. However, an application may exchange furtherflow relatedflow-related parameters (e.g.,time-stamp), whichtimestamps) that are not provided by DetNet functions. </t> <t> As a general rule, DetNet domains are capable of forwarding any DetNetflowsflows, and the DetNet domain does not mandate theend-systemencapsulation format for end systems or edgenode encapsulation format.nodes. Unlessthere is a proxy ofsome form of proxy is present,end-systemsend systems peer with similarend-systemsend systems using the same application encapsulation format. For example, as shown in <xreftarget="fig_es_connect"/>,target="fig_es_connect" format="default"/>, IP applications peer with IPapplicationsapplications, and Ethernet applications peer with Ethernet applications. </t> <figuretitle="End-Systemsanchor="fig_es_connect"> <name>End Systems andThethe DetNet MPLSDomain" anchor="fig_es_connect">Domain</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ +-----+ | X | +-----+ +-----+ | X | | Eth | ________ +-----+ +-----+ _____ / \ | Eth | \ / \__/ \___ +-----+ \ / \ / 0======== tunnel-1 ========0_ | \ \ | 0========= tunnel-2 =========0 / \ __/ \ +-----+ \__ DetNet MPLS domain / \ | X | \ __ / +-----+ +-----+ \_______/ \_____/ | X | | IP | +-----+ +-----+ | IP |+-----+ ]]> </artwork></figure>+-----+]]></artwork> </figure> </section> <sectiontitle="Sub-Network Considerations" anchor="subnet_considerations">anchor="subnet_considerations" numbered="true" toc="default"> <name>Sub-network Considerations</name> <t> Any of the DetNet service types may be transported by another DetNet service. MPLS nodes may be interconnected by different sub-network technologies, which may include point-to-point links. Each of these sub-network technologies needs to provide appropriate service to DetNet flows. In some cases, e.g., on dedicated point-to-point links or TDM technologies, all that is required is for a DetNet node to appropriately queue its output traffic. In other cases, DetNet nodes will need to map DetNet flows to the flow semantics (i.e., identifiers) and mechanisms used by an underlying sub-network technology. <xreftarget="fig_dn_mpls_sn_ex"/>target="fig_dn_mpls_sn_ex" format="default"/> shows several examples ofheader formatssub-network encapsulations that can be used to carry DetNet MPLS flows over different sub-network technologies. L2 represents a genericlayer-2Layer 2 encapsulation that might be used on a point-to-point link. TSN represents the encapsulation used on an IEEE 802.1 TSN network, as described in <xreftarget="I-D.ietf-detnet-mpls-over-tsn"/>.target="DetNet-MPLS-over-TSN" format="default"/>. UDP/IP represents the encapsulation used on a DetNet IP PSN, as described in <xreftarget="I-D.ietf-detnet-mpls-over-udp-ip"/>.target="DetNet-MPLS-over-UDP-IP" format="default"/>. </t> <figuretitle="Exampleanchor="fig_dn_mpls_sn_ex"> <name>Example DetNet MPLSSub-Network Formats" anchor="fig_dn_mpls_sn_ex">Encapsulations in Sub-networks</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ +------+ +------+ +------+App-FlowApp-flow | X | | X | | X | +-----+======+--+======+--+======+-----+ DetNet-MPLS | d-CW | | d-CW | | d-CW | +------+ +------+ +------+ |Labels| |Labels| |Labels| +-----+======+--+======+--+======+-----+Sub-NetworkSub-network | L2 | | TSN | | UDP | +------+ +------+ +------+ | IP | +------+ | L2 |+------+ ]]> </artwork></figure>+------+]]></artwork> </figure> </section> </section> </section><!-- ================================================================= --><sectiontitle="Controlleranchor="cp_considerations" numbered="true" toc="default"> <name>Controller Plane (Management and Control)Considerations" anchor="cp_considerations">Considerations</name> <sectiontitle="DetNetanchor="control-management-requirements" numbered="true" toc="default"> <name>DetNet Controller PlaneRequirements" anchor="control-management-requirements">Requirements</name> <t> The Controller Plane corresponds to the aggregation of the Control and Management Planes discussed in <xreftarget="RFC7426"/>target="RFC7426" format="default"/> and <xreftarget="RFC8655"/>.target="RFC8655" format="default"/>. While more detailsofregarding any DetNetcontroller planeController Plane are out ofthescopeoffor this document, there are particular considerations and requirements forsuchthe Controller Plane that result from the unique characteristics of the DetNet architecture and data plane as defined herein. </t> <t> The primary requirements of the DetNetcontroller planeController Plane are that it must be able to:<list style="symbols"> <t></t> <ul spacing="normal"> <li> Instantiate DetNet flows in a DetNet domain (whichmaymay, for example, include some or all of the following: explicit path determination, link bandwidth reservations, restricting flows to IEEE 802.1 TSN links, node buffer and other resource reservations, specification of required queuing disciplines along the path, ability to manage bidirectional flows, etc.) as needed for a flow.</t> <t></li> <li> In the case of MPLS, manage DetNet S-Label and F-Label allocation anddistribution,distribution. In cases where the DetNet MPLS encapsulation isin usebeing used, see <xreftarget="I-D.ietf-detnet-mpls"/>. </t> <t>target="DetNet-MPLS" format="default"/>. </li> <li> Support DetNet flow aggregation.</t> <t></li> <li> Advertise static and dynamic node and link resources such as capabilities and adjacencies to other network nodes (for dynamic signaling approaches) or to network controllers (for centralized approaches).</t> <t></li> <li> Scale to handle the number of DetNet flows expected in a domain (which may require per-flow signaling or provisioning).</t> <t></li> <li> Provision flow identification information at each of the nodes along the path. Flow identification maydifferdiffer, depending on the location in the network and the DetNet functionality(e.g.(e.g., transit node vs. relay node).</t> </list> </t></li> </ul> <t> These requirements, as stated earlier, could be satisfied using distributed control protocol signaling (such as RSVP-TE), centralized network management provisioning mechanisms(such as BGP,(BGP, PCEP,YANGYANG, <xreftarget="I-D.ietf-detnet-flow-information-model"/>, etc.)target="I-D.ietf-detnet-flow-information-model" format="default"/>, etc.), or hybrid combinations of the two, and could also make use of MPLS-based segment routing. </t> <t> In the abstract, the results of either distributed signaling or centralized provisioning are equivalent from a DetNet data plane perspective--- flows are instantiated, explicit routes are determined, resources are reserved, and packets are forwarded through the domain using the DetNet data plane. </t> <t> However, from a practical and implementation standpoint,controller planeController Plane alternatives are not equivalent at all. Some approaches are more scalable than others in terms of signaling load on the network. Some alternatives can take advantage of global tracking of resources in the DetNet domain for better overall network resource optimization. Some solutions are more resilient than others if link, node, or management equipment failures occur. While a detailed analysis of the control plane alternatives is out ofthescopeoffor this document, the requirements from this document can be used as the basis of alaterfuture analysis of the alternatives. </t> </section> <sectiontitle="Genericanchor="gen_cp_considerations" numbered="true" toc="default"> <name>Generic Controller PlaneConsiderations" anchor="gen_cp_considerations">Considerations</name> <t> This section covers control plane considerations that are independent of the data plane technology used for DetNet service delivery. </t> <t> While the management plane and the controlplanesplane are traditionally considered separately, fromthea data planeperspectiveperspective, there is no practical difference based on the origin offlow provisioningflow-provisioning information, and the DetNet architecture <xreftarget="RFC8655"/>target="RFC8655" format="default"/> refers to these collectively as the'Controller Plane'."Controller Plane". This document therefore does not distinguish between information provided by distributed control planeprotocols, e.g.,protocols (e.g., RSVP-TE <xreftarget="RFC3209"/> andtarget="RFC3209" format="default"/> <xreftarget="RFC3473"/>,target="RFC3473" format="default"/>) orbycentralized network managementmechanisms, e.g., RestConfmechanisms (e.g., RESTCONF <xreftarget="RFC8040"/>,target="RFC8040" format="default"/>, YANG <xreftarget="RFC7950"/>, and the Path Computation Element Communication Protocol (PCEP)target="RFC7950" format="default"/>, PCEP <xreftarget="I-D.ietf-pce-pcep-extension-for-pce-controller"/>target="I-D.ietf-pce-pcep-extension-for-pce-controller" format="default"/>), or any combination thereof. Specific considerations and requirements for the DetNet Controller Plane are discussed in <xreftarget="control-management-requirements"/>.target="control-management-requirements" format="default"/>. </t> <t> Each respective data plane document also covers the control plane considerations for that technology. For example, <xreftarget="I-D.ietf-detnet-ip"/>target="RFC8939" format="default"/> also covers IP control plane normativeconsiderationsconsiderations, and <xreftarget="I-D.ietf-detnet-mpls"/>target="DetNet-MPLS" format="default"/> also covers MPLS control plane normative considerations. </t> <sectiontitle="Flownumbered="true" toc="default"> <name>Flow AggregationControl">Control</name> <t> Flow aggregation means that multipleapp-flowsApp-flows are served by a single new DetNet flow. There are many techniques to achieve aggregation. For example, in the case of IP, IP flows that share 6-tuple attributes or flow identifiers at the DetNetsub-layersub&nbhy;layer can be grouped. Another example includes aggregation accomplished through the use of hierarchical LSPs in MPLS and tunnels. </t> <t> Control of aggregation involves a set of procedures listed here. Aggregation may use some or all of thesecapabilitiescapabilities, and the order may vary:<list style="symbols"> <t> Traffic</t> <dl newline="true" spacing="normal"> <dt>Traffic engineering resource collection anddistribution: <list style="empty"> <t> Availabledistribution:</dt> <dd>Available resources are tracked through control plane or management plane databases and distributed amongst controllers or nodes that can manageresources. </t> </list> </t> <t> Pathresources.</dd> <dt>Path computation and resourceallocation: <list style="empty"> <t> Whenallocation:</dt> <dd>When DetNet services are provisioned or requested, one or more paths meeting the requirements are selected and the resources verified andrecorded. </t> </list> </t> <t> Resourcerecorded.</dd> <dt>Resource assignment and data planeco-ordination: <list style="empty"> <t> Thecoordination:</dt> <dd>The assignment of resources along the path depends on the technology and includes assignment of specific links, coordination ofqueueing,queuing, and other traffic management capabilities such as policing andshaping. </t> </list> </t> <t> Assigned Resourceshaping.</dd> <dt>Assigned resource recording andupdating: <list style="empty"> <t> Dependingupdating:</dt> <dd>Depending on the specific technology, the assigned resources are updated and distributed in the databases, preventingover-subscription. </t> </list> </t> </list> </t>oversubscription.</dd> </dl> </section> <sectiontitle="Explicit Routes">numbered="true" toc="default"> <name>Explicit Routes</name> <t> Explicit routes are used to ensure that packets are routed through the resources that have been reserved forthem,them and hence provide the DetNet application with the required service. A requirement for the DetNet Controller Plane will be the ability to assign a particular identified DetNet IP flow to a path through the DetNet domain that has been assigned the required per-node resources. This provides the appropriate traffic treatment for the flow and also includes particular links as a part of the path that are able to support the DetNet flow. For example, by using IEEE 802.1 TSN links (as discussed in <xreftarget="I-D.ietf-detnet-mpls-over-tsn"/> )target="DetNet-MPLS-over-TSN" format="default"/>), DetNet parameters can be maintained. Further considerations and requirements for the DetNet Controller Plane are discussed in <xreftarget="control-management-requirements"/>.target="control-management-requirements" format="default"/>. </t> <t> Whether configuring,calculatingcalculating, and instantiating these routes is a single-stage or multi-stage process, or is performed in a centralized or distributed manner, is out of scopeoffor this document. </t> <t> There are several approaches that could be used to provide explicit routes and resource allocation in the DetNet forwardingsub-layer.sub&nbhy;layer. For example:<list style="symbols"> <t></t> <ul spacing="normal"> <li> The path could be explicitly set up by a controllerwhichthat calculates the path and explicitly configures each node along that path with the appropriate forwarding and resource allocation information.</t> <t></li> <li> The path could use a distributed control plane such as <xreftarget="RFC2205">RSVP</xref>target="RFC2205" format="default">RSVP</xref> or RSVP-TE <xreftarget="RFC3473"/>target="RFC3473" format="default"/> extended to support DetNet IP flows.</t> <t></li> <li> The path could be implemented using IPv6-based segment routing when extended to support resource allocation.</t> </list></li> </ul> <t> See <xreftarget="control-management-requirements"/>target="control-management-requirements" format="default"/> for further discussion of these alternatives. In addition, <xreftarget="RFC2386"/>target="RFC2386" format="default"/> contains useful background information on QoS-based routing, and <xreftarget="RFC5575"/> (beingtarget="RFC5575" format="default"/> (which will be updated by <xreftarget="I-D.ietf-idr-rfc5575bis"/>)target="I-D.ietf-idr-rfc5575bis" format="default"/>) discusses a specific mechanism used by BGP for traffic flow specification and policy-based routing. </t> </section> <sectiontitle="Contentionnumbered="true" toc="default"> <name>Contention Loss and JitterReduction">Reduction</name> <t>As discussed in <xref target="sec_intro"/>, thisThis document does not specify the mechanisms needed to eliminate packetcontention,contention or packet loss or to reduce jitter for DetNet flows at the DetNet forwardingsub-layer.sub&nbhy;layer. The ability to manage node and link resources to be able to provide these functions is a necessary part of the DetNetcontroller plane.Controller Plane. It is also necessary to be able to control the required queuing mechanisms used to provide these functions along a flow's path through the network. See <xreftarget="I-D.ietf-detnet-ip"/>target="RFC8939" format="default"/> and <xreftarget="control-management-requirements"/>target="control-management-requirements" format="default"/> for further discussion of these requirements. Some forms of protection may minimize packet loss or change jitter characteristics in the cases where packets are reordered when out-of-order packets are received at the servicesub-layer.sub&nbhy;layer. </t> </section> <sectiontitle="Bidirectional Traffic">numbered="true" toc="default"> <name>Bidirectional Traffic</name> <t> In manycasescases, DetNet flows can be considered unidirectional and independent. However, there are cases where the DetNet service requires bidirectional traffic from a DetNet application service perspective. IP and MPLS typically treat each direction separately and do not force interdependence of each direction. The IETF MPLS Working Group hasconsideredstudied bidirectional trafficrequirements and the MPLSrequirements. The definitionsfromprovided in <xreftarget="RFC5654"/>target="RFC5654" format="default"/> are useful to illustrate terms such as associated bidirectional flows and co-routed bidirectional flows. MPLS defines a point-to-point associated bidirectional LSP as consisting of two unidirectional point-to-point LSPs, one from A to B and the other from B to A, which are regarded as providing a single logical bidirectional forwarding path. This is analogous to standard IP routing. MPLS defines a point-to-point co-routed bidirectional LSP as an associated bidirectional LSPwhichthat satisfies the additional constraint that its two unidirectional component LSPs follow the same path (in terms of both nodes and links) in both directions. An important property of co-routed bidirectional LSPs is that their unidirectional component LSPs share fate. In both types of bidirectional LSPs, resource reservations may differ in each direction. The concepts of associated bidirectional flows andco-routedco&nbhy;routed bidirectional flows can also be applied to DetNet IP flows. </t> <t> While the DetNet IP data plane must support bidirectional DetNet flows, there are no special bidirectional features with respect to the data plane other than the need for the two directions of aco-routedco&nbhy;routed bidirectional flow to take the same path. That is tosay thatsay, bidirectional DetNet flows are solely represented at the management plane and control plane levels, without specific support or knowledge within the DetNet data plane.Fate sharingFate-sharing and associated orco-routedco&nbhy;routed bidirectionalflows,flows can be managed at the control level. </t> <t> DetNet's use of PREOF may increase the complexity of usingco-routingco&nbhy;routing bidirectional flows,sincebecause if PREOFisare used,thenthe replication points in one direction would have to match the elimination points in the other direction, and vice versa. In suchcasescases, the optimal points for these functions in one direction may not match the optimal points in the other, due to network and traffic constraints. Furthermore, due to theper packetper-packet service protection nature, bidirectional forwardingper packetmay not be ensured. The first packet of received member flows is selected by the elimination function independently of which path it has taken through the network. </t> <t> Control and management mechanisms need to support bidirectional flows, but the specification of such mechanismsareis out of scopeoffor this document. Example control plane solutions for MPLS can be found in <xreftarget="RFC3473"/> ,target="RFC3473" format="default"/>, <xreftarget="RFC6387"/>target="RFC6387" format="default"/>, and <xreftarget="RFC7551"/>.target="RFC7551" format="default"/>. These requirements are included in <xreftarget="control-management-requirements"/>.target="control-management-requirements" format="default"/>. </t><!-- --></section> </section> <sectiontitle="Packetanchor="PREOF" numbered="true" toc="default"> <name>Packet Replication, Elimination, and Ordering(PREOF)" anchor="PREOF">Functions (PREOF)</name> <t> Thecontroller planeController Plane protocol solution required for managing thePREOFprocessing of PREOF is outside the scope of this document. That said, it should be noted that the ability to determine, for a particular flow, optimal packet replication and elimination points in the DetNet domain requires explicit support. There may be existing capabilities that can beused,used orextended,extended -- forexampleexample, GMPLS end-to-end recovery <xreftarget="RFC4872"/>target="RFC4872" format="default"/> and GMPLS segment recovery <xreftarget="RFC4873"/>.target="RFC4873" format="default"/>. </t> </section> </section><!-- ===================================================================== --><sectiontitle="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t> Security considerations for DetNet are described in detail in <xreftarget="I-D.ietf-detnet-security"/>.target="DetNet-Security" format="default"/>. General security considerations for the DetNet architecture are described in <xreftarget="RFC8655"/>.target="RFC8655" format="default"/>. This section considers architecture-level DetNet security considerations applicable to all data planes. </t> <t> Part of what makes DetNet unique is its ability to provide specific and reliablequality of serviceQoS (delivering data flows with extremely low packet loss rates and bounded end-to-end delivery latency), and the security-related aspects of protecting thatquality of serviceQoS are similarly unique. </t> <t> As for all communications protocols, the primary consideration for the data plane is to maintain integrity of data and delivery of the associated DetNet service traversing the DetNet network. Application flows can be protected through whatever means is provided by the underlying technology. For example, encryption may be used, such as that provided byIPSecIPsec <xreftarget="RFC4301"/>target="RFC4301" format="default"/> for IP flows and/or by an underlyingsub-netsub-network usingMACSecMACsec <xreftarget="IEEE802.1AE-2018"/>target="IEEE802.1AE-2018" format="default"/> for Ethernet(Layer-2)(Layer 2) flows. </t> <t> At the management and controllevellevels, DetNet flows are identified on a per-flow basis, which may providecontroller planeController Plane attackers with additional information about the data flows (when compared tocontroller planesController Planes that do not include per-flow identification). This is an inherent property of DetNetwhichthat has security implications that should be considered when determining if DetNet is a suitable technology for any given use case. </t> <t> To provide uninterrupted availability of the DetNet service, provisions can be made againstDOSDoS attacks and delay attacks. To protect againstDOSDoS attacks, excess traffic due to malicious or malfunctioning devices can be prevented ormitigated,mitigated -- forexampleexample, through the use of existing mechanisms such as policing and shaping applied at the input of a DetNet domain. To prevent DetNet packets from being delayed by an entity external to a DetNet domain, DetNet technologydefinitiondefinitions can allow for the mitigation ofMan-In-The-Middle attacks,man-in-the-middle attacks -- forexampleexample, through the use of authentication and authorization of devices within the DetNet domain. </t> <t> In order to prevent or mitigate DetNet attacks on other networks via flow escape, edge devicescancan, forexampleexample, use existingmechanismmechanisms such as policing and shaping applied at the output of a DetNet domain. </t> </section> <section anchor="iana"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t> This documentmakeshas no IANArequests. </t> </section> <section anchor="acks" title="Acknowledgements"> <t> The authors wish to thank Pat Thaler, Norman Finn, Loa Anderson, David Black, Rodney Cummings, Ethan Grossman, Tal Mizrahi, David Mozes, Craig Gunther, George Swallow, Yuanlong Jiang and Carlos J. Bernardos for their various contributions to this work. </t> </section> <section anchor="contrib" title="Contributors"> <t> The following people contributed substantially to the content of this document: <?rfc subcompact="yes" ?> <list style=""> <t> Don Fedyk </t> <t> Jouni Korhonen</t> </list> <?rfc subcompact="no" ?>actions. </t> </section> </middle> <back><references title="Normative References"> <?rfc include="reference.RFC.8655"?><displayreference target="I-D.ietf-pce-pcep-extension-for-pce-controller" to="PCECC"/> <displayreference target="I-D.ietf-detnet-flow-information-model" to="DetNet-Flow-Info"/> <displayreference target="I-D.ietf-idr-rfc5575bis" to="Flow-Spec-Rules"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8655.xml"/> </references><references title="Informative References"> <?rfc include="reference.RFC.3209"?> <?rfc include="reference.RFC.3473"?> <?rfc include="reference.RFC.4385"?> <?rfc include="reference.RFC.2205"?> <?rfc include="reference.RFC.2386"?> <?rfc include="reference.RFC.4872"?> <?rfc include="reference.RFC.4873"?> <?rfc include="reference.RFC.7657"?> <?rfc include="reference.RFC.3670"?> <?rfc include="reference.RFC.5575"?> <?rfc include="reference.RFC.5654"?> <?rfc include="reference.RFC.6387"?> <?rfc include="reference.RFC.7950"?> <?rfc include="reference.RFC.7551"?> <?rfc include="reference.RFC.8040"?> <?rfc include="reference.RFC.8227"?> <?rfc include="reference.RFC.4301"?> <?rfc include="reference.RFC.7426"?> <?rfc include="reference.I-D.ietf-pce-pcep-extension-for-pce-controller"?> <?rfc include="reference.I-D.ietf-detnet-flow-information-model"?> <?rfc include="reference.I-D.ietf-detnet-ip"?> <?rfc include="reference.I-D.ietf-detnet-mpls"?> <?rfc include="reference.I-D.ietf-detnet-mpls-over-tsn"?> <?rfc include="reference.I-D.ietf-detnet-mpls-over-udp-ip"?> <?rfc include="reference.I-D.ietf-detnet-security"?> <?rfc include="reference.I-D.ietf-idr-rfc5575bis"?> <!--reference anchor='I-D.ietf-detnet-ip-over-tsn'><references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3209.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3473.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2205.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2386.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4872.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4873.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7657.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3670.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5575.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5654.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6387.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7551.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8227.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4301.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7426.xml"/> <!-- draft-ietf-pce-pcep-extension-for-pce-controller (I-D Exists) --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-ietf-pce-pcep-extension-for-pce-controller.xml"/> <!-- draft-ietf-detnet-flow-information-model (Waiting for Writeup) --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-ietf-detnet-flow-information-model.xml"/> <!-- draft-ietf-detnet-ip (RFC 8939) --> <reference anchor="RFC8939" target="https://www.rfc-editor.org/info/rfc8939"> <front> <title>Deterministic Networking (DetNet) Data Plane: IP</title> <author initials="B" surname="Varga" fullname="Balazs Varga" role="editor"> <organization/> </author> <author initials="J" surname="Farkas" fullname="Janos Farkas"> <organization/> </author> <author initials="L" surname="Berger" fullname="Lou Berger"> <organization/> </author> <author initials="D" surname="Fedyk" fullname="Don Fedyk"> <organization/> </author> <author initials="S" surname="Bryant" fullname="Stewart Bryant"> <organization/> </author> <date month='November' year='2020'/> </front> <seriesInfo name="RFC" value="8939"/> <seriesInfo name="DOI" value="10.17487/RFC8939"/> </reference> <!-- draft-ietf-detnet-mpls (RFC-EDITOR) --> <!-- Have to do long way; Balazs Varga is an editor --> <reference anchor="DetNet-MPLS" target="https://tools.ietf.org/html/draft-ietf-detnet-mpls-13"> <front> <title>DetNet Data Plane:IPMPLS</title> <author initials="B" surname="Varga" fullname="Balazs Varga" role="editor"> <organization/> </author> <author initials="J" surname="Farkas" fullname="Janos Farkas"> <organization/> </author> <author initials="L" surname="Berger" fullname="Lou Berger"> <organization/> </author> <author initials="A" surname="Malis" fullname="Andrew Malis"> <organization/> </author> <author initials="S" surname="Bryant" fullname="Stewart Bryant"> <organization/> </author> <author initials="J" surname="Korhonen" fullname="Jouni Korhonen"> <organization/> </author> <date month="October" day="11" year="2020"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-detnet-mpls-13"/> </reference> <!-- draft-ietf-detnet-mpls-over-tsn (I-D Exists) --> <!-- Have to do long way; Balazs Varga is an editor --> <reference anchor="DetNet-MPLS-over-TSN" target="https://tools.ietf.org/html/draft-ietf-detnet-mpls-over-tsn-04"> <front> <title>DetNet Data Plane: MPLS over IEEE 802.1 Time Sensitive Networking(TSN) </title> <author> <organization>Korhonen, J., Varga, B.</organization>(TSN)</title> <author initials="B" surname="Varga" fullname="Balazs Varga" role="editor"> <organization/> </author> <author initials="J" surname="Farkas" fullname="Janos Farkas"> <organization/> </author> <author initials="A" surname="Malis" fullname="Andrew Malis"> <organization/> </author> <author initials="S" surname="Bryant" fullname="Stewart Bryant"> <organization/> </author> <dateyear='2018' />month="November" day="2" year="2020"/> </front></reference--> <?rfc include="reference.I-D.ietf-spring-srv6-network-programming"?> <!--reference anchor="IEEE8021Q" target="http://standards.ieee.org/about/get/"><seriesInfo name="Internet-Draft" value="draft-ietf-detnet-mpls-over-tsn-04"/> </reference> <!-- draft-ietf-detnet-mpls-over-udp-ip (Waiting for Writeup) --> <!-- Have to do long way; Balazs Varga is an editor --> <reference anchor="DetNet-MPLS-over-UDP-IP" target="https://tools.ietf.org/html/draft-ietf-detnet-mpls-over-udp-ip-07"> <front><title>Standard<title>DetNet Data Plane: MPLS over UDP/IP</title> <author initials="B" surname="Varga" fullname="Balazs Varga" role="editor"> <organization/> </author> <author initials="J" surname="Farkas" fullname="Janos Farkas"> <organization/> </author> <author initials="L" surname="Berger" fullname="Lou Berger"> <organization/> </author> <author initials="A" surname="Malis" fullname="Andrew Malis"> <organization/> </author> <author initials="S" surname="Bryant" fullname="Stewart Bryant"> <organization/> </author> <date month="October" day="11" year="2020"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-detnet-mpls-over-udp-ip-07"/> </reference> <!-- draft-ietf-detnet-security (Waiting forLocal and metropolitan area networks-Bridges and Bridged Networks (IEEE Std 802.1Q-2014) </title> <author> <organization>IEEE 802.1</organization>Writeup) --> <!-- Have to do long way; Ethan Grossman is an editor --> <reference anchor="DetNet-Security" target="https://tools.ietf.org/html/draft-ietf-detnet-security-12"> <front> <title>Deterministic Networking (DetNet) Security Considerations</title> <author initials="E" surname="Grossman" fullname="Ethan Grossman" role="editor"> <organization/> </author> <author initials="T" surname="Mizrahi" fullname="Tal Mizrahi"> <organization/> </author> <author initials="A" surname="Hacker" fullname="Andrew Hacker"> <organization/> </author> <dateyear="2014"/>month="October" day="2" year="2020"/> </front><format type="PDF" target="http://standards.ieee.org/about/get/"/> </reference--><seriesInfo name="Internet-Draft" value="draft-ietf-detnet-security-12"/> </reference> <!-- draft-ietf-idr-rfc5575bis (MISSREF) --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-ietf-idr-rfc5575bis.xml"/> <!-- draft-ietf-spring-srv6-network-programming (ESG Eval::AD Followup) --> <!-- Had to do long way; 2 coauthors are also editors --> <reference anchor="SRv6-Network-Prog" target="https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programming-24"> <front> <title>SRv6 Network Programming</title> <author initials="C" surname="Filsfils" fullname="Clarence Filsfils" role="editor"> <organization/> </author> <author initials="P" surname="Camarillo" fullname="Pablo Camarillo" role="editor"> <organization/> </author> <author initials="J" surname="Leddy" fullname="John Leddy"> <organization/> </author> <author initials="D" surname="Voyer" fullname="Daniel Voyer"> <organization/> </author> <author initials="S" surname="Matsushima" fullname="Satoru Matsushima"> <organization/> </author> <author initials="Z" surname="Li" fullname="Zhenbin Li"> <organization/> </author> <date month="October" day="7" year="2020"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-spring-srv6-network-programming-24"/> </reference> <reference anchor="IEEE802.1TSNTG"target="http://www.ieee802.org/1/tsn">target="https://1.ieee802.org/tsn/"> <front><title>IEEE 802.1 Time-Sensitive<title>Time-Sensitive Networking (TSN) Task Group</title> <author><organization>IEEE Standards Association</organization><organization>IEEE</organization> </author><date></date><date/> </front> </reference> <reference anchor="IEEE802.1AE-2018" target="https://ieeexplore.ieee.org/document/8585421"> <front> <title>IEEEStd 802.1AE-2018 MAC Security (MACsec)</title>Standard for Local and metropolitan area networks-Media Access Control (MAC) Security</title> <author><organization>IEEE Standards Association</organization><organization>IEEE</organization> </author> <dateyear="2018" />month="December" year="2018"/> </front> <seriesInfo name='IEEE Std' value='802.1AE-2018' /> <seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8585421"/> </reference> <reference anchor="nwcrg" target="https://datatracker.ietf.org/rg/nwcrg/about"> <front> <title>Coding for efficient NetWork Communications Research Group (nwcrg)</title> <author> <organization>IRTF</organization> </author> <!-- <dateyear="" />year=""/> --> </front> </reference><!--reference anchor="IEEE8021CB" target="http://www.ieee802.org/1/files/private/cb-drafts/d2/802-1CB-d2-1.pdf"> <front> <title>Draft Standard for Local and metropolitan area networks - Seamless Redundancy</title> <author initials="N. F." surname="Finn"</references> </references> <section anchor="acks" numbered="false" toc="default"> <name>Acknowledgements</name> <t> The authors wish to thank <contact fullname="Pat Thaler"/>, <contact fullname="NormanFinn"> <organization>IEEE 802.1</organization> </author> <date month="December" year="2015"/> </front> <seriesInfo name="IEEE P802.1CB /D2.1" value="P802.1CB"/> <format type="PDF" target="http://www.ieee802.org/1/files/private/cb-drafts/d2/802-1CB-d2-1.pdf"/> </reference--> <!--reference anchor="G.8275.1" target="https://www.itu.int/rec/T-REC-G.8275.1/en"> <front> <title>Precision time protocol telecom profile for phase/time synchronization with full timing support from the network</title> <author> <organization>International Telecommunication Union</organization> </author> <date month="June" year="2016"/> </front> <seriesInfo name="ITU-T G.8275.1/Y.1369.1" value="G.8275.1"/> </reference--> <!--reference anchor="G.8275.2" target="https://www.itu.int/rec/T-REC-G.8275.2/en"> <front> <title>Precision time protocol telecom profileFinn"/>, <contact fullname="Loa Andersson"/>, <contact fullname="David Black"/>, <contact fullname="Rodney Cummings"/>, <contact fullname="Ethan Grossman"/>, <contact fullname="Tal Mizrahi"/>, <contact fullname="David Mozes"/>, <contact fullname="Craig Gunther"/>, <contact fullname="George Swallow"/>, <contact fullname="Yuanlong Jiang"/>, and <contact fullname="Carlos J. Bernardos"/> forphase/time synchronization with partial timing support fromtheir various contributions to this work. </t> </section> <section anchor="contrib" numbered="false" toc="default"> <name>Contributors</name> <t> The following people contributed substantially to thenetwork</title> <author> <organization>International Telecommunication Union</organization> </author> <date month="June" year="2016"/> </front> <seriesInfo name="ITU-T G.8275.2/Y.1369.2" value="G.8275.2"/> </reference--> </references>content of this document:</t> <ul empty="true" spacing="compact"> <li><t><contact fullname="Don Fedyk"/></t></li> <li><t><contact fullname="Jouni Korhonen"/></t></li> </ul> </section> </back> </rfc>