Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim

Linda Dunbar <ldunbar@futurewei.com> Mon, 07 June 2021 14:56 UTC

Return-Path: <ldunbar@futurewei.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5D03A1974; Mon, 7 Jun 2021 07:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oyd-_eorVs4y; Mon, 7 Jun 2021 07:56:17 -0700 (PDT)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam08on2101.outbound.protection.outlook.com [40.107.102.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 713A63A1978; Mon, 7 Jun 2021 07:56:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gL3RiUJ4GzgtlMPJx2ChJf5ui44sLnrC3oR0WqI2thwdzUXOwiL2DdAR57yOiJjHszx7injayKsoGP9DWdqh5oVoQVubNJN+sPwUu99hA+1/TMkTZiOeYl4Ydxgq3PhRMOszC63rXtr+qHs33HPThIKqUpnX7SCkFPqCmLEwFWVlEPcRVcbLfT+m76YICZYALdTu+10CLpPje62H5ynL93Djpx8eoDUX98xQ0Miu01ulZOxImTwscdU29BoednM+zyxJf054pwjlpifYC/qWAYspZjM/lw+sLGU1vnMHpkOWJQ3194Ddohp0hxgQyDD8COdhI4eiVLyRkDCCfTT+zA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z0vVlUjVaxfgEq2uUPYOnXmnK4ZTpY7GN6TH3Nm3RgY=; b=npvhF9GN5quHKqmbkcsierpuY8NwZPPZFWgNF6+vq0sQb4scntandEgEWK6oXWNVcFdy22iw0uAmjFXMzGULFak4TnawPgslOXnOT3F0eqirkTQJz6lFwWoOtGPm6dLN/iNKJyY0P0OljBsvltFhN+p+cZSUCm9oQnwwZUrziY/CLpwjKc6AZ0u1hMVYfuM08Y5BSY8C/lrUJeRE1FduppZjjBK7WUzrRJDNN5Dm1a8iqaKkwUPcYrRBtLiV6BUoBRSNJHN/RRxR+5szI721wU3BIL2QmGo6mbg5aTxuNXha73HQXGXDdPeL8iSY381YI0MvIjYfXnTkqrdjzrVvrg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z0vVlUjVaxfgEq2uUPYOnXmnK4ZTpY7GN6TH3Nm3RgY=; b=IXi48WVR2JyQt1kTPsHjb2j14q+QWLOlyBdCld6VpD6rzjnRV5MlFAeGaaqsw9n9PyJnUcxCdg7kmAUQ9ora2KUnyQcu/KNtbcDPcAumhp+xIRaK/epJE1kV9d6SAFTXk6iNV2NRuJOMlK3JaT60zoz+sru1mS5tPkaSiE0uOaI=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by CO1PR13MB5064.namprd13.prod.outlook.com (2603:10b6:303:f2::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.9; Mon, 7 Jun 2021 14:56:15 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::c5a5:fb7c:259f:b00d]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::c5a5:fb7c:259f:b00d%3]) with mapi id 15.20.4219.019; Mon, 7 Jun 2021 14:56:15 +0000
From: Linda Dunbar <ldunbar@futurewei.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rtgwg@ietf.org" <rtgwg@ietf.org>, "apn@ietf.org" <apn@ietf.org>
Thread-Topic: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim
Thread-Index: AQHXWV8xS9XsZRp9ZEaa3aw75+8/PKsEG1CwgAAYX4CAAAf0wIABdX4AgAL0NDA=
Date: Mon, 07 Jun 2021 14:56:15 +0000
Message-ID: <CO1PR13MB49209D61044189A1CD10EEFAA9389@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <PH0PR13MB4922A88EFE55FA2398651301A9239@PH0PR13MB4922.namprd13.prod.outlook.com> <c78e1bae-042b-e0bb-be4a-c2223d039b11@sandelman.ca> <PH0PR13MB4922EF9BAC0CCC4BB8CC38E6A93B9@PH0PR13MB4922.namprd13.prod.outlook.com> <13268.1622832941@localhost> <PH0PR13MB4922C32FD7938D6C6391C98FA93B9@PH0PR13MB4922.namprd13.prod.outlook.com> <362.1622914856@localhost>
In-Reply-To: <362.1622914856@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [2603:8081:1700:ab:c8b3:e08c:64c8:4ca0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f7ed2b30-7630-45c6-b228-08d929c46668
x-ms-traffictypediagnostic: CO1PR13MB5064:
x-microsoft-antispam-prvs: <CO1PR13MB50646CC5AAA795BF2075E3B1A9389@CO1PR13MB5064.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UUq0C5TynpM+uNFoLWi+xym9fRnTGY0lnShWGxvPKnHDbRWguHa02lJlLl3uIKh3gBKqflVKcREGh/fh/vBAh//ggU/oMK6pSj3tDHq3xpKQHpNMCB96U4/q5eUOlsm3A3Gb0h7QeiCdix/+tQCdd2nBU6UFzBESotJ6uZvDaW5cNvjh4ZjbrSZWZfKJMQb4dW6Uuu7gGLHgAgzyrI/2UHf37Q74Jd1YEGpgDNiQVhfXSHVj3XaG3N6WUSbzgRefFtVS4/eOkjMWHar4uWVi1UaWHz+IX+9J4/06yzkaCJiGoso8IENYW9Lk9XmZkA3uvcvwsstdfAoJziTuJHV82ssQWxgydr2S9wNo5pjUiYdGfyPjP2aeFM3oUKDllM7DFTBUEpsRYRp+6bbfi89APx3ezS7cFe5xZFQxXGkh2/p+pXTxB+Ip4bAXymweTITVcEjjAFNHAR+vb2CNQ1ODn5DLV9KB0dWugrDyYE+Rg8ck1Jdhwcr/8Ep6rRSVTIsD3UWjznaJ5mLrAcX1xBKU2nbYYk15Th3uispm1qqW2LqjfctUfg7zQ01FSh8Eh1rMgg4W3CDeYNxdeq/LJfnXYFWVvmy1Pr7p9ZMqHpYXVPuHDyh48686r1534kH8hW2yT7CVYtnkXybUs30UXK64BJ6YuHlOaqNlRbJd9ZqtkTx8Jp5misn9o5WfL455YIWVFWMsbWjAREEgi+D3K4YHRg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(376002)(39830400003)(366004)(966005)(38100700002)(53546011)(6506007)(186003)(122000001)(55016002)(9686003)(2906002)(478600001)(7696005)(86362001)(5660300002)(52536014)(66574015)(110136005)(316002)(15650500001)(76116006)(8936002)(83380400001)(66946007)(66556008)(66446008)(64756008)(66476007)(33656002)(8676002)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: LE+qDXpZcuLJw0Sjdq+7++NSfJTMYRd7dRVf1jzzVUwsfE/+pdjFPX+dAq4kbBk8wk3VSA9gsKWM51E1p3+o1i5tBUU0MgteYxTuZJ6c5mmoTF794L63mw2vBf/BCrp0HNbcPiNwHVlmgdahL3kefRDOBEiYh1IJ+uYo/p6InMS3vccSUMfe28IINNRz7WgLroFBzs6gFgYFibyRh7B31y8U2mC3y/+MLvn5z4AGd6JE2LO1p33Ruqsc5g+5mOldXdXexfU7h8DsUwa1HzBRSLf+qW7GtrjbMcj7AzhbOIFr1bSwBvgU8aG49Ai88toopy6luhEKEDIf4cWbRiuMjjprG5BnBgcAmHOEG1S8mPr49ucR2ZY2OZjbKSTnVC6KyItaRq1XBzxkWwpUywdUV3LtK7Kq4aaBSK7m1cm9gdR64SlQ/+uF+1nmIGxp6qlGjN5pRBIMb+OgG9Xvj/CaIpH7FUFzmcdN+2598/PrXuU+e5PE63K61T3/4GxqI1n3YBJQZetK4Z0SlgZ2b36UU0ff8RpC26D/DG9MNj4f6+VMY1Dc5IR6gzOSJgqVrsQ5nYMNPWmQrnfsTTpOJTYx0CpJw3gQugP0Zzj6WqhPsmJF7WRPhOSwWUCnVbwOAdkaoH0A7wFjN+uc8gj6w3zOJatynGtBofH40IkIUVMb/FSPMRTMyEWZXAZ9f1sCAnlEHjagsFjl7s5hFEdMIKMzkf6OJnVZB9npa7Cn9/LdwrdWvZR/9pBmCNbOfyqUb0fP2IBn7wHxORMU6+1tVHxlZLimV8hU64GaKOUr+jlm/GNJtX3MOwZLGl1y2B6ndnSVk61tF0Qf2qPJsSh6FiKxEc+za+NHSZnaJt/RTMs8ZYt9X2GNagFt3BnFy/QLGzFnNvzRCSxUwlhozGn2PlQQXWNSzzGKlZZHtYVLnLmmm/7WZ147J1OZbyDFn6gh8kZHYmqGjZWHx75C+pKlzGR5+qYuNHAtP3F+GqfCSQg8dSoCo/RbKZHl9ND8H0ano2LJXzyWbHQxMXi3/RmS66ZYLk99xIp3LRjuSYhFkj8eJ6sEW/P73tyd40mJm68EEwJvCNn8ri47/iIJDE57FfcMUKadb7AlAQ89GOdsaCDUqqe0ai7ezSzoQqSKNgU1IGuNkvObQTphWGKQjrreJIYRNdt2WdgSnwGIouZjqwJ0imy1Ue8URMsr19fq0O1xkIwhEMvjhuHFHg4vTbfgSdgoewJsjoT7UPg7aIszVyN+PB7+S+LO3q6zcsbl228+f48c1cmL5uu8/rT1Mj4pze/MYLSrSmLIAGAzzDwfE35fxKc6UKSx/dq1N7qgWXBfiV1RDAvZIW+eTc4fVnIXM5tLasuXgQe8Lmin7L4eIctXjJWXlPVcgsHHAIhzmjb+ru8u
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7ed2b30-7630-45c6-b228-08d929c46668
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2021 14:56:15.7365 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mqh0oEG+RX3dRgg88ddAEueo+ZlMh3SH1ghEtfxLP1LJDSPMmun8HsgW28Y3Do7/8nohgk7DWVF6OkS6d+hzwg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR13MB5064
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/pZGzsWxnEdhbNmXA61P5kKG2fK0>
Subject: Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 14:56:23 -0000

Michael, 

Closed Loop Networks still have nodes from different vendors, like UPFs can be from vendor A and B, routers connecting the edge servers to UPFs can be from Vendor X/Y/Z. 
Therefore,  Closed Loop Networks still need standardization. E.g. IETF DETNET is used for closed loop networks. 

If using RSVP+Diffserv, extension is needed to represent finer grade of services. I assume that APN is meant to address those extensions. 
The draft-peng-apn-scope-gap-analysis has more detailed analysis. 

Linda Dunbar

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca> 
Sent: Saturday, June 5, 2021 12:41 PM
To: Linda Dunbar <ldunbar@futurewei.com>; rtgwg@ietf.org; apn@ietf.org
Subject: Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim


Linda Dunbar <ldunbar@futurewei.com> wrote:
    > I meant to say that APN is useful in those "Closed Loop Networks",
    > which are becoming more common for the 5G enabled special services.

So what parts of the Close Loop Network needs standards work?

    > The "end user" or services that need APN are the one who have special
    > contracts with the operators. Not all services.

I'm rather convinced that you could use RSVP+Diffserv (aka "diffedge") to do this then.  diffedge did not, AFAIK, ever make it out of ID.
     https://www.ietf.org/archive/id/draft-bernet-diffedge-01.txt

While Joel mentioned many things that made "Intserv" (just RSVP) undeployable in the Internet, it was deployable within Enterprises, and there are now 20+ years of improvements to forwarding plane and control plane CPUs.
Given that you have a closed environment, it seems like diffedge + SDN ought to do what you want.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide