DMM WG S. Gundavelli Internet-Draft Cisco Intended status: Informational S. Jeon Expires: March 2, 2018 Sungkyunkwan University August 29, 2017 DMM Deployment Models and Architectural Considerations draft-ietf-dmm-deployment-models-02.txt Abstract This document identifies the deployment models for Distributed Mobility Management architecture. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 2, 2018. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Gundavelli & Jeon Expires March 2, 2018 [Page 1] Internet-Draft DMM Deployment Models August 2017 Table of Contents 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 3. DMM Architectural Overview . . . . . . . . . . . . . . . . . . 4 3.1. DMM Service Primitives . . . . . . . . . . . . . . . . . . 4 3.2. DMM Functions and Interfaces . . . . . . . . . . . . . . . 5 3.2.1. Home Control-Plane Anchor (H-CPA): . . . . . . . . . . 5 3.2.2. Home Data-Plane Anchor (H-DPA): . . . . . . . . . . . 6 3.2.3. Access Control Plane Node (Access-CPN) . . . . . . . . 6 3.2.4. Access Data Plane Node (Access-DPN) . . . . . . . . . 6 3.2.5. DMM Function Mapping to other Architectures . . . . . 6 4. Deployment Models . . . . . . . . . . . . . . . . . . . . . . 7 4.1. Model-1: Split Home Anchor Mode . . . . . . . . . . . . . 7 4.2. Model-2: Seperated Control and User Plane Mode . . . . . . 8 4.3. Model-3: Centralized Control Plane Mode . . . . . . . . . 9 4.4. Model-4: Data Plane Abstraction Mode . . . . . . . . . . . 10 4.5. On-Demand Control Plane Orchestration Mode . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 7. Work Team . . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Gundavelli & Jeon Expires March 2, 2018 [Page 2] Internet-Draft DMM Deployment Models August 2017 1. Overview One of the key aspects of the Distributed Mobility Management (DMM) architecture is the separation of control plane (CP) and data plane (DP) functions of a network element. While data plane elements continue to reside on customized networking hardware, the control plane resides as a software element in the cloud. This is usually referred to as CP-DP separation and is the basis for the IETF's DMM Architecture. This approach of centralized control plane and distributed data plane allows elastic scaling of control plane and efficient use of common data plane that is agnostic to access architectures. This document identifies the functions in the DMM architecture and the supported deployment models. 2. Conventions and Terminology 2.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2.2. Terminology All the mobility related terms are to interpreted as defined in [RFC6275], [RFC5213], [RFC5844], [RFC7333], [RFC7429], [I-D.ietf-sfc-nsh] and [I-D.ietf-dmm-fpc-cpdp]. Additionally, this document uses the following terms: Home Control-Plane Anchor (H-CPA) The Home-CPA function hosts the mobile node's mobility session. There can be more than one mobility session for a mobile node [MN] and those sessions may be anchored on the same or different Home- CPA's. The home-CPA will interface with the home-dpa for managing the forwarding state. Home Data Plane Anchor (Home-DPA) The Home-DPA is the topological anchor for the mobile node's IP address/prefix(es). The Home-DPA is chosen by the Home-CPA on a session-basis. The Home-DPA is in the forwarding path for all the mobile node's IP traffic. Access Control Plane Node (Access-CPN) Gundavelli & Jeon Expires March 2, 2018 [Page 3] Internet-Draft DMM Deployment Models August 2017 The Access-CPN is responsible for interfacing with the mobile node's Home-CPA and with the Access-DPN. The Access-CPN has a protocol interface to the Home-CPA. Access Data Plane Node (Access-DPN) The Access-DPN function is hosted on the first-hop router where the mobile node is attached. This function is not hosted on a layer-2 bridging device such as a eNode(B) or Access Point. 3. DMM Architectural Overview Following are the key goals of the Distributed Mobility Management architecture. 1. Separation of control and data Plane 2. Aggregation of control plane for elastic scaling 3. Distribution of the data plane for efficient network usage 4. Elimination of mobility state from the data plane 5. Dynamic selection of control and data plane nodes 6. Enabling the mobile node with network properties 7. Relocation of anchor functions for efficient network usage 3.1. DMM Service Primitives The functions in the DMM architecture support a set of service primitives. Each of these service primitives identifies a specific service capability with the exact service definition. The functions in the DMM architecture are required to support a specific set of service primitives that are mandatory for that service function. Not all service primitives are applicable to all DMM functions. The below table identifies the service primitives that each of the DMM function SHOULD support. The marking "X" indicates the service primitive on that row needs to be supported by the identified DMM function on the corresponding column; for example, the IP address management must be supported by Home-CPA function. Gundavelli & Jeon Expires March 2, 2018 [Page 4] Internet-Draft DMM Deployment Models August 2017 +=================+=======+=======+=======+=======+=======+=======+ | Service | H-CPA | H-DPA | A-CPN | A-DPN | MC | RC | | Primitive | | | | | | | +=================+=======+=======+=======+=======+=======+=======+ | IP Management | X | | | | X | | +-----------------+-------+-------+-------+-------+-------+-------+ | IP Anchoring | | X | | | | | +-----------------+-------+-------+-------+-------+-------+-------+ | MN Detect | | | X | X | | | +-----------------+-------+-------+-------+-------+-------+-------+ | Routing | | X | | X | | | +-----------------+-------+-------+-------+-------+-------+-------+ | Tunneling | | X | | X | | | +-----------------+-------+-------+-------+-------+-------+-------+ | QoS Enforcement | | X | | X | | | +-----------------+-------+-------+-------+-------+-------+-------+ | FPC Client | X | | X | | X | | +-----------------+-------+-------+-------+-------+-------+-------+ | FPC Agent | | X | | X | | X | +-----------------+-------+-------+-------+-------+-------+-------+ | NSH Classifier | | X | | X | | | +-----------------+-------+-------+-------+-------+-------+-------+ Figure 1: Mapping of DMM functions 3.2. DMM Functions and Interfaces 3.2.1. Home Control-Plane Anchor (H-CPA): The Home-CPA function hosts the mobile node's mobility session. There can be more than one mobility session for a mobile node and those sessions may be anchored on the same or different Home-CPA's. The home-CPA will interface with the homd-dpa for managing the forwarding state. There can be more than one Home-CPA serving the same mobile node at a given point of time, each hosting a different control plane session. The Home-CPA is responsible for life cycle management of the session, interfacing with the policy infrastructure, policy control and interfacing with the Home-DPA functions. The Home-CPA function typically stays on the same node. In some special use-cases (Ex: Geo-Redundancy), the session may be migrated to a different node and with the new node assuming the Home-CPA role for that session. Gundavelli & Jeon Expires March 2, 2018 [Page 5] Internet-Draft DMM Deployment Models August 2017 3.2.2. Home Data-Plane Anchor (H-DPA): The Home-DPA is the topological anchor for the mobile node's IP address/prefix(es). The Home-DPA is chosen by the Home-CPA/MC on a session-basis. The Home-DPA is in the forwarding path for all the mobile node's IP traffic. As the mobile node roams in the mobile network, the mobile node's access-DPN may change, however, the Home-DPA does not change, unless the session is migrated to a new node. The Home-DPA interfaces with the Home-CPA/MC for all IP forwarding and QoS rules enforcement. The Home-DPA and the Access-DPN functions may be collocated on the same node. 3.2.3. Access Control Plane Node (Access-CPN) The Access-CPN is responsible for interfacing with the mobile node's Home-CPA and with the Access-DPN. The Access-CPN has a protocol interface to the Home-CPA. The Access-CPN is responsible for the mobile node's Home-CPA selection based on: Mobile Node's Attach Preferences, Access and Subscription Policy, Topological Proximity and Other Considerations. The Access-CPN function is responsible for MN's service authorization. It will interface with the access network authorization functions. 3.2.4. Access Data Plane Node (Access-DPN) The Access-DPN function is hosted on the first-hop router where the mobile node is attached. This function is not hosted on a layer-2 bridging device such as a eNode(B) or Access Point. The Access-DPA will have a protocol interface to the Access-CPA. The Access-DPN and the Home-DPA functions may be collocated on the same node. 3.2.5. DMM Function Mapping to other Architectures Following table identifies the potential mapping of DMM functions to protocol functions in other system architectures. Gundavelli & Jeon Expires March 2, 2018 [Page 6] Internet-Draft DMM Deployment Models August 2017 +===========+==========+==========+==========+==========+==========+ | FUNCTION | PMIPv6 | MIPv6 | IPsec | 3GPP | Broadband| +===========+==========+==========+==========+==========+==========+ | Home-CPA | LMA-CPA | HA-CPA | IKE-CPA | PGW-CPA | BNG-CPA | +-----------+----------+----------+----------+----------+----------+ | Home-DPA | LMA-DPA | HA-DPA | IKE-DPA | PGW-DPA | BNG-DPA | +-----------+----------+----------+----------+----------+----------+ |Access-CPN | MAG-CPN | - | - | SGW-CPN | RG-CPN | +-----------+----------+----------+----------+----------+----------+ |Access-DPN | MAG-DPN | - | - | SGW-DPN | RG-DPN | +-----------+----------+----------+----------+----------+----------+ Figure 2: Mapping of DMM functions 4. Deployment Models This section identifies the key deployment models for the DMM architecture. 4.1. Model-1: Split Home Anchor Mode In this model, the control and the data plane functions of the home anchor are separated and deployed on different nodes. The control plane function of the Home anchor is handled by the Home-CPA and where as the data plane function is handled by the Home-DPA. In this model, the access node operates in the legacy mode with the integrated control and user plane functions. The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the control plane functions to interact with the data plane for the subscriber's forwarding state management. Gundavelli & Jeon Expires March 2, 2018 [Page 7] Internet-Draft DMM Deployment Models August 2017 +============+ | Policy | . . . . . . .| Function |. . . . . . . . +============+ . . . . . +============+ {PMIPv6/GTP} +============+ | |- - - - - - - - - - - - -| Home-CPA | | | +============+ | | . | | . FPC | Access Node| . | | . | (CPN + DPN)| . | | +============+ | Legacy |. . . . . . . . . . . . .| Home-DPA | +============+ UP {Tunnel/Route} +============+ . . +--+ |MN| +--+ Figure 3: Split Home Anchor Mode 4.2. Model-2: Seperated Control and User Plane Mode In this model, the control and the data plane functions on both the home anchor and the access node are seperated and deployed on different nodes. The control plane function of the Home anchor is handled by the Home-CPA and where as the data plane function is handled by the Home-DPA. The control plane function of the access node is handled by the Access-CPN and where as the data plane function is handled by the Access-DPN. The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the control plane functions of the home and access nodes to interact with the respective data plane functions for the subscriber's forwarding state management. Gundavelli & Jeon Expires March 2, 2018 [Page 8] Internet-Draft DMM Deployment Models August 2017 +============+ | Policy | . . . . . . .| Function |. . . . . . . . +============+ . . . . . . . . . +============+ {PMIPv6/GTP} +============+ | Access-CPN |- - - - - - - - - - - - | Home-CPA | +============+ +============+ . . . FPC . FPC . . . . . . +============+ +============+ | Access-DPN |. . . . . . . . . . . | Home-DPA | +============+ UP {Tunnel/Route} +============+ . . [MN] Figure 4: Seperated Control and User Plane Mode 4.3. Model-3: Centralized Control Plane Mode In this model, the control-plane functions of the home and the access nodes are collapsed. This is a flat architecture with no signaling protocol between the access node and home anchors. The interface between the Home-CPA and the Access-DPN is internal to the system. The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the mobility controller to interact with the respective data plane functions for the subscriber's forwarding state management. Gundavelli & Jeon Expires March 2, 2018 [Page 9] Internet-Draft DMM Deployment Models August 2017 +=======================+ +============+ | Home-CPA + Access-CPN | | Policy | | |-----| Function | +=======================+ +============+ . . . . . FPC . . FPC . . . . +============+ +============+ | Access-DPN |. . . . . . . . . .| Home-DPA | +============+ UP {Tunnel/Route} +============+ . . [MN] Figure 5: Centralized Control Plane Mode 4.4. Model-4: Data Plane Abstraction Mode In this model, the data plane network is completely abstracted from the control plane. There is a new network element, Routing Controller which abstracts the entire data plane network and offers data plane services to the control plane functions. The control plane functions, Home-CPA and the Access-CPN interface with the Routing Controller for the forwarding state management. The FPC interface defined in [I-D.ietf-dmm-fpc-cpdp] allows the Home- CPA and Access-CPN functions to interface with the Routing Controller for subscriber's forwarding state management. Gundavelli & Jeon Expires March 2, 2018 [Page 10] Internet-Draft DMM Deployment Models August 2017 +============+ | Policy | . . . . . . .| Function |. . . . . . . . +============+ . . . . . . . +============+ {PMIPv6/GTP} +============+ | Access-CPN |- - - - - - - - - - - - | Home-CPA | +============+ +============+ . . . . . . . +============+ . . . . . . . | Routing | . . . . . . . | Controller | +============+ . . . . . BGP/Others . . . . . . +============+ +============+ | Access-DPN |. . . . . . . . . .| Home-DPA | +============+ UP {Tunnel/Route} +============+ . . [MN] Figure 6: Data Plane Abstraction Mode 4.5. On-Demand Control Plane Orchestration Mode In this model, there is a new function Mobility Controller which manages the orchestration of Access-CPN and Home-CPA functions. The Mobility Controller allocates the Home-CPA and Access-DPN Gundavelli & Jeon Expires March 2, 2018 [Page 11] Internet-Draft DMM Deployment Models August 2017 + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ | +----------+ +----------+ +----------+ | |Access-CPN| |Access-CPN| |Access-CPN| | +----------+ +----------+ +----------+ | | +----------+ +----------+ +----------+ | | Home-CPA | | Home-CPA | | Home-CPA | | +----------+ +----------+ +----------+ | + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ . . . . . . . +============+ +============+ . | Mobility | | Policy | . | Controller |-----| Function | . +============+ +============+ . . . . +============+ . . . . . .| Routing | | Controller | +============+ . . . + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ | +----------+ +----------+ +----------+ | |Access-DPN| |Access-DPN| |Access-DPN| | +----------+ +----------+ +----------+ | | +----------+ +----------+ +----------+ | | Home-DPA | | Home-DPA | | Home-DPA | | +----------+ +----------+ +----------+ | + - - - - - - - - - - - - - - - - - - - - - - - - - - -+ Figure 7: On-Demand CP Orchestration Mode 5. IANA Considerations This document does not require any IANA actions. Gundavelli & Jeon Expires March 2, 2018 [Page 12] Internet-Draft DMM Deployment Models August 2017 6. Security Considerations The control-plane messages exchanged between a Home-CPA and the Home- DPA must be protected using end-to-end security associations with data-integrity and data-origination capabilities. IPsec ESP in transport mode with mandatory integrity protection should be used for protecting the signaling messages. IKEv2 should be used to set up security associations between the Home-CPA and Home-DPA. There are no additional security considerations other than what is presented in the document. 7. Work Team This document reflects contributions from the following work team members: Younghan Kim younghak@ssu.ac.kr Vic Liu liuzhiheng@chinamobile.com Danny S Moses danny.moses@intel.com Marco Liebsch liebsch@neclab.eu Carlos Jesus Bernardos Cano cjbc@it.uc3m.es 8. Acknowledgements This document is a result of DMM WT#4 team discussions and ideas taken from several DMM WG presentations and documents including, draft-sijeon-dmm-deployment-models, draft-liu-dmm-deployment-scenario and others. The work teams would like to thank the authors of these documents and additionally the discussions in DMM Working group that Gundavelli & Jeon Expires March 2, 2018 [Page 13] Internet-Draft DMM Deployment Models August 2017 helped shape this document. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, . 9.2. Informative References [I-D.ietf-dmm-fpc-cpdp] Matsushima, S., Bertz, L., Liebsch, M., Gundavelli, S., Moses, D., and C. Perkins, "Protocol for Forwarding Policy Configuration (FPC) in DMM", draft-ietf-dmm-fpc-cpdp-07 (work in progress), March 2017. [I-D.ietf-sfc-nsh] Quinn, P., Elzur, U., and C. Pignataro, "Network Service Header (NSH)", draft-ietf-sfc-nsh-19 (work in progress), August 2017. [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, DOI 10.17487/RFC5213, August 2008, . [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy Mobile IPv6", RFC 5844, DOI 10.17487/RFC5844, May 2010, . [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 2011, . [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. Korhonen, "Requirements for Distributed Mobility Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, . [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and CJ. Bernardos, "Distributed Mobility Management: Current Practices and Gap Analysis", RFC 7429, DOI 10.17487/ RFC7429, January 2015, . Gundavelli & Jeon Expires March 2, 2018 [Page 14] Internet-Draft DMM Deployment Models August 2017 Authors' Addresses Sri Gundavelli Cisco 170 West Tasman Drive San Jose, CA 95134 USA Email: sgundave@cisco.com Seil Jeon Sungkyunkwan University 2066 Seobu-ro, Jangan-gu Suwon, Gyeonggi-do Korea Email: seiljeon@skku.edu Gundavelli & Jeon Expires March 2, 2018 [Page 15]