Re: [Mavs] MAVS Requirements Draft posted

dimitri papadimitriou <dpapadimitriou@psg.com> Tue, 14 February 2006 01:12 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8ojy-0002Db-O0; Mon, 13 Feb 2006 20:12:26 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8ojv-0002B5-Bd for MAVS@megatron.ietf.org; Mon, 13 Feb 2006 20:12:23 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA07877 for <MAVS@ietf.org>; Mon, 13 Feb 2006 20:10:36 -0500 (EST)
Received: from psg.com ([147.28.0.62] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8oxX-00051D-7i for MAVS@ietf.org; Mon, 13 Feb 2006 20:26:34 -0500
Received: from localhost ([127.0.0.1]) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <dpapadimitriou@psg.com>) id 1F8ojl-000KxS-HK; Tue, 14 Feb 2006 01:12:14 +0000
Message-ID: <43F12E71.1070402@psg.com>
Date: Tue, 14 Feb 2006 02:12:17 +0100
From: dimitri papadimitriou <dpapadimitriou@psg.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050728
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: JACQUENET Christian RD-TCH-REN <christian.jacquenet@francetelecom.com>
Subject: Re: [Mavs] MAVS Requirements Draft posted
References: <8AA97249241F7148BE6D3D8B93D83F5A0916213B@FTRDMEL2.rd.francetelecom.fr>
In-Reply-To: <8AA97249241F7148BE6D3D8B93D83F5A0916213B@FTRDMEL2.rd.francetelecom.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 41bbd14f62483004bcdc6c6d42f94cb2
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id UAA07877
Cc: MAVS@ietf.org, "Jim Guichard \(jguichar\)" <jguichar@cisco.com>
X-BeenThere: mavs@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dpapadimitriou@psg.com, dimitri.papadimitriou@alcatel.be
List-Id: Multiprovider End-to-end VPN Services <mavs.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mavs>, <mailto:mavs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/mavs>
List-Post: <mailto:mavs@ietf.org>
List-Help: <mailto:mavs-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mavs>, <mailto:mavs-request@ietf.org?subject=subscribe>
Sender: mavs-bounces@ietf.org
Errors-To: mavs-bounces@ietf.org

hi christian,

there is indeed lot's of progress achieved in terms of requirements for 
activating multi-AS/SP VPNs; imho, starting with topological, security 
and management should received most of the attention (as first step);

concerning "QoS" it would be appropriate to come with a sort of first 
layout because as far as my memory goes a discussion had been initiated 
in Yokohama on QoS for VPN that lead to a short section in RFC4364 and 
as the document also explains very few is available in terms of std's on 
which this multi-AS/SP QoS could rely on; so, from the QoS perspective 
the starting point is different than for inst. the topological aspects

the provided classification and the selected items should be completed 
by a detailed work plan with set of "actions" that would be part of a 
charter

relationship with the work carried out as part of other working groups 
(SIDR, DCP, etc.) could then be determined

i would be willing to help in this process

much thanks,
- dimitri.



JACQUENET Christian RD-TCH-REN wrote:

> Dear all,
> 
> FWIW, please find enclosed the aforementioned draft that has just been
> posted to the IETF web site. Your feedback on this document is more than
> welcome, especially because it may condition the organization of a BoF
> session on this subject during the upcoming IETF meeting of Dallas.
> 
> Cheers,
> 
> Jim, Martin, and Christian.
>  <<draft-Halstead-Guichard-MAVS-Requirements-01.txt>> 
> 
>      _________________    ________  ______  ______ 
>    /_____________   /__ /_    _ / /     / /     /   Christian Jacquenet
> - France Telecom R&D/TCH/NOR 
>       /_________/  /  /   /  /   /  /  / /  /__/    Tel: +33 2 99 12 49
> 40 Cell: +33 6 73 67 73 53 
>                /  /  /___/__/___/_____/_/__/____   "I got my mojo
> workin', 
>               /__/  /__________________________/_ But I'm pinned again."
> 
>                 /_______________________________/ - Pincushion.
>  
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> TBD                                                     M.Halstead, Ed 
> Internet Draft                                            Nexagent Ltd 
> Expires: July 2006                                                    
>                                                       Jim Guichard, Ed 
>                                                     Cisco Systems, Inc. 
>                                                                        
>                                                 Christian Jacquenet, Ed 
>                                                         France Telecom 
>  
>                                                       January 26, 2006 
>  
>                                                                        
> IETF Internet Draft 
>  
> Document: draft-Halstead-Guichard-MAVS-Requirements-01 
>                                       
>            Requirements for Multi Autonomous System VPN Services 
> 
> 
> Status of this Memo 
> 
>    This memo provides information for the Internet community. It does 
>    not specify an Internet standard of any kind. Distribution of this 
>    memo is unlimited. Internet-Drafts are working documents of the 
>    Internet Engineering Task Force (IETF), its areas, and its working 
>    groups.  Note that other groups may also distribute working documents 
>    as Internet-Drafts. Internet-Drafts are draft documents valid for a 
>    maximum of six months and may be updated, replaced, or obsoleted by 
>    other documents at any time. 
> 
> The list of current Internet-Drafts can be accessed at 
> 
> http://www.ietf.org/ietf/1id-abstracts.txt. 
> 
> The list of Internet-Draft Shadow Directories can be accessed at 
> http://www.ietf.org/shadow.html. 
> 
> Copyright Notice 
> 
>    Copyright (C) The Internet Society (2006).  All Rights Reserved. 
> 
> Abstract 
> 
>    This document complements [RFC4031] and defines requirements that are 
>    specific to the delivery of BGP/MPLS-based [RFC-2547bis] VPN services 
>    across multiple administrative domains. These requirements are 
>    independent of underlying technologies or the number of Autonomous 
>    Systems such VPNs may span. It lists the requirements of the 
>  
>  
>  
>                        Expires July 26, 2006                 [Page 1] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    different parties that are involved in the administration of these 
>    Autonomous Systems and may therefore be involved in the delivery of 
>    the VPN service offerings.  
> 
> Conventions used in this document  
> 
>    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
>    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
>    document are to be interpreted as described in RFC-2119.  
> 
> Table of Contents 
> 
>     
>    1. Introduction................................................3 
>    2. Definitions.................................................5 
>       2.1. Multi Domain Environment (MDE)..........................5 
>       2.2. VPN Service Provider (VSP)..............................5 
>       2.3. VPN Peering Location (VPL)..............................6 
>       2.4. Agent..................................................6 
>    3. Problem Statement...........................................6 
>    4. Multi Domain Environment Reference Model.....................7 
>       4.1. Distributed Policy Enforcement Example..................8 
>       4.2. Centralized Policy Enforcement Example..................8 
>    5. Topological Requirements.....................................8 
>       5.1. Remote Service Interconnect Requirement.................8 
>       5.2. Optimal Interconnect Selection Requirement..............8 
>       5.3. Redundant Interconnect Requirement.....................10 
>       5.4. VPN Topology Requirement...............................10 
>       5.5. End-to-end Unicast and Multicast Routing Requirements...11 
>          5.5.1. Generic Routing Considerations....................11 
>          5.5.2. IGP Routing Considerations........................12 
>          5.5.3. BGP Routing Considerations........................12 
>             5.5.3.1. BGP AS_PATH Attribute Considerations..........12 
>             5.5.3.2. Route Distinguisher Allocation Considerations.13 
>             5.5.3.1. Route Target Allocation Considerations........13 
>             5.5.3.2. Traffic Load Balancing Considerations.........13 
>          5.5.4. Multicast Routing Considerations..................14 
>    6. QoS Requirements...........................................14 
>       6.1. Differentiated Services Policy Considerations..........15 
>          6.1.1. QoS Policy Transparency...........................16 
>       6.2. Consistent Metric Considerations.......................16 
>       6.3. Traffic Engineering/Routing Policy Considerations.......17 
>       6.4. Metrology Considerations...............................17 
>    7. Security Requirements.......................................18 
>       7.1. Encryption Requirements................................19 
>       7.2. Label Spoofing Protection..............................20 
>       7.3. Authentication Requirements............................20 
>  
>  
>                        Expires July 26, 2006                 [Page 2] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>          7.3.1. Authentication of Network Elements................20 
>          7.3.2. VPN Route Authentication and Filtering............20 
>    8. Management Requirements.....................................22 
>       8.1. Performance Metric Statistic Requirements..............22 
>       8.2. Capital Scaling Requirements...........................22 
>       8.3. Operational Scaling Requirements.......................22 
>          8.3.1. Service Independence Requirements.................23 
>          8.3.2. Minimize Network Integration Requirements..........23 
>          8.3.3. Third Party Interconnect Requirements.............24 
>       8.4. IPVPN Services Demarcation Requirements................24 
>          8.4.1. Fully Managed Service Demarcation.................24 
>          8.4.2. Mixed Management Service Demarcation..............25 
>       8.5. Remote CE Management Requirement.......................25 
>       8.6. End-to-End Combined Services Requirement...............26 
>          8.6.1. Combined VPN and Internet Access Requirement.......26 
>          8.6.2. Combined IP and non-IP Application Transport Requirement
>           ........................................................26 
>    9. Conclusions................................................27 
>    10. Acknowledgements..........................................27 
>    11. References................................................27 
>       11.1. Normative References..................................27 
>       11.2. Informative References................................28 
>    Editor's Addresses............................................29 
>    12. Intellectual Property Statement............................29 
>    Disclaimer of Validity........................................30 
>    Copyright Statement...........................................30 
>     
> 
> 1. Introduction 
> 
>    This document summarizes requirements that apply to all parties 
>    involved in the delivery of BGP/MPLS-based [RFC-2547bis] VPN services 
>    that span multiple Autonomous Systems (ASes). Such parties include, 
>    but are not limited to, Network Service Providers (NSP), Systems 
>    Integrators (SI), Network Integrators (NI), Cable Operators (CO), 
>    Mobile Operators (MO) and Virtual Network Operators (VNO).  
> 
>    BGP/MPLS-based [RFC-2547bis] services may be delivered between ASes 
>    of the same company (commonly referred to as "Inter-AS" services), or 
>    different companies (commonly referred to as "Inter-provider" 
>    services). This document aims to provide requirements for either type 
>    of service delivery. 
> 
>    BGP/MPLS-based [RFC-2547bis] VPN services are deployed and operated 
>    due to the combined activation of a set of elementary capabilities. 
>    This document is organized to take the requirements for activating 
> 
>  
>  
>                        Expires July 26, 2006                 [Page 3] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    these capabilities across multiple ASes into account using the 
>    following taxonomy: 
> 
>    - Topological considerations: These correspond to the information 
>       needed for the deployment of BGP/MPLS-based [RFC-2547bis] VPN 
>       topologies. This information includes, but is not limited to, 
>       identification of the endpoints that will be interconnected via 
>       the VPN, forwarding and routing policies to be enforced by the 
>       VPN network elements, and the topology of VPN membership. 
> 
>    - QoS considerations: These correspond to the information, with QoS 
>       parameters, that may characterize the level of quality provided 
>       with the VPN service offering. QoS parameters include, but are 
>       not limited to, VPN traffic classification and marking 
>       capabilities, traffic conditioning and scheduling capabilities, 
>       as well as VPN traffic engineering capabilities. 
> 
>    - Security considerations: Any BGP/MPLS-based [RFC-2547bis] VPN 
>       that is deployed and operated across multiple ASes may require 
>       the need for identification, authentication and potentially, VPN 
>       traffic encryption capabilities. This includes the possible 
>       identification and authentication of the resources that 
>       participate in the establishment and operation of a VPN, as well 
>       as the ability to check the integrity of VPN route announcements 
>       exchanged between ASes. 
> 
>    - Management considerations: It is assumed that the operation of 
>       QoS-based BGP/MPLS-based [RFC-2547bis] VPN services is part of 
>       the management tasks performed by service providers within their 
>       own ASes. Additional operational tasks are however needed in 
>       order to enable the management of VPN services across multiple 
>       ASes. 
> 
>    - Measurement and monitoring considerations: the ability to measure 
>       and monitor service delivery is of paramount importance, 
>       especially when such services span multiple ASes. 
> 
>    This document is therefore organized as follows:  
> 
>    - Section 2 defines terminology specific to the delivery of 
>       BGP/MPLS-based [RFC-2547bis] VPN services that span multiple 
>       ASes. This terminology aims at facilitating the overall 
>       understanding of the issues and requirements expressed in this 
>       document. 
> 
>    - Section 3 describes some of the drivers for the deployment of 
>       Multi-AS BGP/MPLS-based [RFC-2547bis] VPN services.  
>  
>  
>                        Expires July 26, 2006                 [Page 4] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    - Section 4 introduces a reference model that depicts the context 
>       for the deployment and the operation of BGP/MPLS-based [RFC-
>       2547bis] VPN service offerings that span multiple ASes. In 
>       addition, use cases illustrate examples of different business and 
>       operational process interaction between the various parties.  
> 
>    - Section 5 describes topological requirements that include traffic 
>       forwarding and routing considerations, VPN traffic load balancing 
>       capabilities, as well as VPL-specific interconnect design 
>       considerations. 
> 
>    - Section 6 describes VPN-specific Multi-AS QoS policy enforcement 
>       requirements which include forwarding, routing and measurement 
>       considerations. 
> 
>    - Section 7 describes VPN-specific Multi-AS security policy 
>       enforcement requirements which include identification, 
>       authentication and encryption considerations. 
> 
>    - Section 8 describes VPN-specific Multi-AS management policy 
>       enforcement requirements which include configuration, fault 
>       detection, performance and accounting management tasks. 
> 
> 2. Definitions 
> 
>    Some of the terminology used in this document is taken from [RFC-
>    4026] and [RFC-4031]. "VPN" in the context of this document refers 
>    specifically to BGP/MPLS-based [RFC-2547bis] VPN services. In order 
>    to clarify the requirements listed in this document, it is necessary 
>    to further define and introduce new terminology, specific to multi 
>    provider VPN services as follows:  
> 
> 2.1. Multi Domain Environment (MDE)  
> 
>    Two or more Autonomous Systems that may or may not be owned by 
>    separate administrative authorities, and which are used to 
>    interconnect service endpoints (sites) of one or more VPNs. 
> 
> 2.2. VPN Service Provider (VSP)  
> 
>    A VSP is an operator who participates in the delivery of a single 
>    domain, or multi-domain (MDE-wide) VPN service. In delivering the VPN 
>    service, the VSP may own a subset, or all of the participating 
>    network elements. Examples of VSPs include Network Service Providers 
>    (NSP), Systems Integrators (SI), Network Integrator (NI), Cable 
>    Operator (CO), Mobile Operator (MO) and Virtual Network Operators 
>    (VNO).  
>  
>  
>                        Expires July 26, 2006                 [Page 5] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
> 2.3. VPN Peering Location (VPL)  
> 
>    A VPL is a physical location where VPN services delivered by one or 
>    more VSPs are interconnected. Examples of VPLs include a network 
>    operator hotel, SP central offices, a collocation facility or any 
>    building common to one or more VSPs. A VPL could be operated by a 
>    single VSP, consortium of VSPs or a neutral 3rd-party.. 
> 
> 2.4. Agent  
> 
>    For the purposes of this document, an Agent is a VSP who is 
>    responsible for the management of multi-party business processes, 
>    negotiations and fulfillment that allow the multi-provider VPN to 
>    function. The Agent manages this responsibility by either 
>    operationally complying with or coordinating policies across all 
>    parties involved in delivering their customer's end-to-end service. 
>    Policy compliance or multi-party policy coordination is achieved 
>    either in a distributed or centralized manner.   
> 
>    For distributed policy enforcement, cooperating VSPs agree upon the 
>    enforcement of consistent policies for VPN service provisioning 
>    purposes. In this case, end-to-end policy enforcement is distributed 
>    across multiple VSPs, each of which is a stakeholder in the supply 
>    and enforcement of a fixed set of policies within the shared MDE. A 
>    VPN customer defines their VPN service requirements with an Agent who 
>    then maps these requirements to the set of pre-agreed policies.  
> 
>    For centralized policy enforcement, the Agent coordinates per 
>    customer, a set of policies related to the management of the 
>    customer's VPN service. In contrast to a shared MDE where policy 
>    enforcement is distributed across multiple VSPs, this Agent will 
>    coordinate policies and integrate VPN services per customer, thereby 
>    creating a MDE that is dedicated to the Agent's customers only. The 
>    Agent may independently agree and manage SLSs with each partner VSP 
>    and offer an aggregated end-to-end SLS to their customer's. 
> 
> 3. Problem Statement 
> 
>    No single network can deliver VPN services that provide optimal price 
>    and performance for all customers and all customer locations. For 
>    regulatory, commercial, resiliency and other reasons, customer 
>    requirements for VPN services may not be compatible with a single VSP 
>    owned network infrastructure. 
> 
>    Alternatively, some customers may have requirements for VPNs that are 
>    difficult and/or expensive for a single VSP to deliver. In this case 
> 
>  
>  
>                        Expires July 26, 2006                 [Page 6] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    the VSP has incentives to cooperate with other VSPs that may offer 
>    similar VPN services, along with broadly compatible SLSs. 
> 
>    For customers (whether they solicit an Agent or not), end-to-end VPN 
>    service delivery is paramount. Controllable, predictable and reliable 
>    VPN service must be delivered regardless of the characteristics of 
>    the MDE. The challenge however for the Agent in controlling 'global' 
>    service policy in an MDE is the lack of homogenous policies amongst 
>    VSPs and the difficulty VSPs have in adapting their VPN service 
>    domains to the customer's Agent-defined VPN service policy.   
> 
>     
> 
> 4. Multi Domain Environment Reference Model 
> 
>    Figure 1 shows a generic reference model for a Multi Domain 
>    Environment. It shows the relationships that exist between the 
>    various parties involved in the establishment of VPN services that 
>    span multiple VSP-administered networks.  
> 
>     
>    |<------------Multi Domain Environment----------->| 
>    |                                                 | 
>    |                     Customer                    | 
>    |                        |                        | 
>    |  +-----------------  Agent ------------------+  | 
>    |  |          |          |         |           |  | 
>    |  |         VSP1       VPL1     VSP2          |  | 
>    |  |          ^          ^         ^           |  | 
>    | 1..n       1..n      1..n       1..n       1..n | 
>    |  V          V          V         V           V  | 
>    |Site1 <---> AS1<---> (VPL1) <---> AS2 <---> Site2| 
>     
>                       Figure 1 - MDE Reference Model 
>     
>    The MDE consists of sites, interconnected via ASes. ASes are then 
>    interconnected via VPLs, within the context of delivering VPN service 
>    offerings. There is potentially a one-to-many relationship between 
>    VSPs and ASes, similarly there is potentially a one-to-many 
>    relationship between VPL operators and VPLs.    
> 
>    With reference to Figure 1, the following sections detail examples of 
>    the coordination of the various parties in the enforcement of a set 
>    of policies. These policies relate to the provisioning of an MDE-wide 
>    VPN service and include (but are not limited to) addressing, routing, 
>    QoS and security.   
> 
>  
>  
>                        Expires July 26, 2006                 [Page 7] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
> 4.1. Distributed Policy Enforcement Example 
> 
>    The customer's Agent is a single VSP (VSP1 in this example). VSP1 
>    manages the relationship with the customer, which includes the 
>    specification, instantiation, possible negotiation and invocation of 
>    the customer's SLS (Service Level Specification). Cooperating VSPs, 
>    VSP1 and VSP2 have pre-agreed an enforced set of policies, including 
>    the management of VPL1. The customer's requirements are mapped by 
>    VSP1 to the pre-agreed policies of VSP1 and VSP2.  
> 
> 4.2. Centralized Policy Enforcement Example 
> 
>    The customer's Agent is a Systems Integrator (SI). The SI does not 
>    own the network infrastructure (the VPN networking elements), but 
>    manages the VPLs, as well as the processes involved in connecting the 
>    VPLs with each relevant VSP owned AS. VSP1 and VSP2 independently 
>    provide customer-specific VPN services and associated SLS 
>    instantiated templates to the SI who is then responsible for 
>    integrating each VSP's VPN service components and 
>    negotiating/invoking an end-to-end SLS with/for their customer.  
> 
>       
> 
> 5. Topological Requirements 
> 
> 5.1. Remote Service Interconnect Requirement 
> 
>    In an MDE, Agent(s) will select VSPs according to the needs of their 
>    customer. VSP owned ASes may or may not be collocated at the same 
>    VPL. For those ASes that are collocated at the same VPL, 
>    interconnection of VPN services can take place locally. However, in 
>    the example of an end-to-end chain of three VSP owned ASes and two 
>    VPLs, local VPN interconnection will happen twice; once at the first 
>    VPL (first to second AS) and once at the second (second to third AS). 
>    However, in some situations, the Agent may choose not to use the VPN 
>    service of the second (middle) VSP. Instead, the Agent may wish to 
>    interconnect the VPN services of the first and third VSPs remotely. 
>    There is, therefore, an Agent-driven requirement to be able to 
>    remotely interconnect services of non-collocated VSP owned ASes in an 
>    MDE.  
> 
> 5.2. Optimal Interconnect Selection Requirement 
> 
>    VSP multi-homing is the scenario in which a VSP needs to interconnect 
>    their AS at two or more VPLs. By ensuring that traffic passes between 
>    ASes at pre-determined VPLs, the desired end-to-end VPN service 
> 
>  
>  
>                        Expires July 26, 2006                 [Page 8] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    delivery can be established and retained for any customer sites. VSP 
>    networks can therefore be utilized more efficiently.  
> 
>    As an example, consider a customer site in the middle of the USA. It 
>    is connected to a VSP's AS that is interconnected at VPLs in both New 
>    York and Los Angeles. In order to minimize latency, traffic must be 
>    sent to Tokyo via the LA VPL and not via New York. From a network 
>    utilization perspective, routing Tokyo-bound traffic via New York 
>    incurs an inefficient, resource-consuming round trip traversal of the 
>    USA. Similarly, the same site might also send traffic to London. The 
>    optimal route for this traffic will be via New York rather than LA.  
> 
>    Although this scenario may be taken care of by standard IP routing, 
>    the specifics of a VSPs BGP routing policy, or traffic engineering 
>    implementation, may force some traffic to be forwarded away from the 
>    best path. Therefore, for multi-homed ASes, there is a requirement 
>    for interconnects at multiple VPLs to be optimally selectable for 
>    each source-destination site pair within an MDE. Nevertheless, the 
>    notion of optimality should not necessarily be expressed in terms of 
>    hop count metrics. The selection of the optimal interconnecting 
>    points should rely upon a variety of criteria that include (but are 
>    not necessarily limited to): 
> 
>    - The minimum number of hops that need to be crossed to reach a 
>       given (set of) VPN destination(s),  
> 
>    - The minimum value of the one-way transit delay to reach a given 
>       (set of) VPN destination(s), 
> 
>    - The minimum value of the inter-packet delay variation to reach a 
>       given (set of) VPN destination(s), 
> 
>    - The minimum value of the packet loss rate to reach a given (set 
>       of) VPN destination(s), 
> 
>    - The preservation of the confidentiality of the traffic that may 
>       be exchanged between a given set of VPN locations, 
> 
>    - The maximum VPN prefix length that should be announced at VPL 
>       locations, 
> 
>    - The use of VPL locations that should not share network resources 
>       involved in the forwarding of Internet traffic, 
> 
>    - The required traffic symmetry to allow a given source-destination 
>       pair to be forwarded on the same path in both directions so as to 
>       avoid packet mis-ordering 
>  
>  
>                        Expires July 26, 2006                 [Page 9] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    - The available bandwidth capacity at the VPL (in the case where 
>       overbooking policies are in effect at the VPL) 
> 
>    - Any combination of the above criteria. 
> 
> 5.3. Redundant Interconnect Requirement 
> 
>    Part of the end-to-end VPN service offering provided by one or more 
>    Agents involves the provision of appropriate levels of redundancy for 
>    their MDE use case. In some VPLs, where business justifications 
>    exist, Agents or VSPs may choose to enhance interconnect reliability 
>    by implementing a redundant interconnect complex.  
> 
>    The resulting interconnects might exist in the same building or in 
>    different buildings within a city or in different buildings in 
>    different cities. This is in addition to the Optimal Interconnect 
>    Selection requirement in that a customer service will be designed to 
>    traverse each redundant interconnect, rather than a specific, optimal 
>    interconnect.  
> 
>    There is therefore a requirement to support customer services across 
>    redundant interconnects. 
> 
> 5.4. VPN Topology Requirement 
> 
>    Although VSP owned ASes offer the possibility for any customer site 
>    to communicate with any other customer site, in certain situations 
>    this is not desirable. There are many possible reasons why a customer 
>    might want to restrict communication amongst sites so that their end- 
>    to-end service becomes segmented. For instance, it may be that 
>    security is a concern or it may be that customer sites or divisions 
>    must only use connectivity they have paid for. Furthermore, the 
>    traffic flows associated with specific applications may require a 
>    partial topology specifically sized to accommodate the aggregate 
>    traffic flows.  
> 
>    The segmentation might need to exist on a geographical basis, region- 
>    by-region and country-by country. Alternatively, segmentation might 
>    need to exist on a corporate basis, division-by-division or site-by-
>    site. Segmentation might even exist within customer sites. However, 
>    today, there are no standards for or agreement of how VPN topologies 
>    are constructed amongst VSPs. Consequently, VSPs use different 
>    methods for establishing the logical topology of a VPN and use 
>    different schemas to define VPN membership.  
> 
>    For instance, one VSP might use standard community values to 
>    establish layer-2 topologies whilst another might use extended 
>  
>  
>                        Expires July 26, 2006                [Page 10] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    community values. Yet another VSP may use a combination of both 
>    techniques. Alternatively, VSPs may segment VPNs using layer-3 
>    routing techniques. In fact, some VSPs might combine layer-2 and 
>    layer-3 segmentation techniques.  
> 
>    Additionally, each VSP will implement a schema for VPN membership 
>    that is proprietary, with membership values that are likely to 
>    overlap and conflict with other VSP assigned values. VPN membership 
>    allocation schemas tend to be difficult to modify due to the 'hard 
>    coding' of the schema in each network operator's OSS and BSS systems.  
> 
>    Conflicting VPN membership schemas and different methods for 
>    establishing logical topologies make it very difficult for the Agent 
>    to establish an end-to-end VPN service. Moreover, an inventory of the 
>    topology consisting of the network elements/interfaces and set of 
>    paths that traffic may take through the network could in addition be 
>    difficult for the VSP to be made available to the Agent.  
> 
>    These elements will most likely constitute a partial topological view 
>    of the network but may be sufficient and required for the purpose of 
>    QoS policy definition.  
> 
>    There is therefore, a requirement to be able to establish an end-to-
>    end VPN topology, including the publishing of network elements and 
>    interface inventories per VSP throughout an MDE. 
> 
> 5.5. End-to-end Unicast and Multicast Routing Requirements 
> 
>    5.5.1. Generic Routing Considerations 
> 
>    Routing and forwarding configuration information deals with the 
>    decision criteria that should be taken by a network element in order 
>    to forward VPN specific traffic according to a given VPN routing 
>    policy. From this perspective, VSP owned network elements should be 
>    provided as a minimum with the following information:  
> 
>    - Relevant metric information so that network elements can 
>       dynamically assign these metric values. Such metric values could 
>       be assigned on either long or (very) short-term basis. Examples 
>       of assigned 'long-term' metrics include packet loss and delay 
>       thresholds, usually expressed as percentiles of available 
>       resources. Short-term metrics may include available or reserved 
>       bandwidth, typically provided via real-time or near real-time 
>       SNMP MIB queries. 
> 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 11] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    - The configuration information related to any static route that 
>       may identify a VPN endpoint (or VPL) as the next hop to reach a 
>       given VPN destination prefix. 
> 
>    5.5.2. IGP Routing Considerations 
> 
>    Today there are no standards for, or agreement of, how VPN routing 
>    policy based upon the policing of the admission and distribution of 
>    VPN routing information (classification and filtering of routing 
>    information) is implemented amongst VSPs.  
> 
>    Consequently, VSPs enforce VPN routing policies within a defined 
>    customer topology in different ways. For example, in an MDE, where 
>    the EF-inferred IGP policy [RFC2676] of AS1 relies upon the 
>    computation of routes with a maximum one-way transit delay of 120 ms 
>    in order to reach a set of destination prefixes, and AS2 defines the 
>    equivalent EF-inferred IGP policy with a different QoS parameter 
>    (e.g. maxLossRate=0%), then there is a risk of jeopardizing the 
>    overall quality of service of the multi-AS VPN. Conflicting routing 
>    policies amongst VSPs therefore make it difficult to establish an 
>    end-to-end unicast routing policy throughout an MDE.  
> 
>    There is, therefore, a requirement to be able to enforce a consistent 
>    IGP routing policy throughout an MDE. 
> 
>    5.5.3. BGP Routing Considerations 
> 
>    VSP owned network elements should be provided with relevant BGP-4 
>    [RFC-1771] reachability information, including the attributes taken 
>    into account by the network element's route selection process in 
>    order to decide whether or not traffic should be forwarded along a 
>    given VPN route. 
> 
>      5.5.3.1. BGP AS_PATH Attribute Considerations 
> 
>    Where BGP-4 is used as the PE-CE routing protocol, the use of a 
>    single private [RFC-1930] AS Number (ASN) across all customer sites 
>    hosted by multiple VSPs could raise issues for each VSP as they 
>    commonly use the 'as-override' command on PE-CE neighbors.  
> 
>    Where VPN-IPv4 routes are advertised across multiple ASes, VSP owned 
>    public Autonomous System Numbers (ASNs) could be pre-pended to 
>    private route updates. The 'as-override' feature will not then 
>    operate over PE-CE IPv4 links where public and private ASN numbers 
>    are advertised within the same VPN address prefix.  
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 12] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    Network elements located at a VPL should therefore be capable of 
>    removing or changing public or private ASNs from the BGP AS_PATH 
>    attribute on a per neighbor basis. This per neighbor AS path match 
>    and removal policy should be capable of being performed on ingress or 
>    egress across the entire AS path. 
> 
>      5.5.3.2. Route Distinguisher Allocation Considerations 
> 
>    VPN-IPv4 routes [RFC2547bis] are made unique across a domain by 
>    combining an IPv4 address with an 8 byte 'Route Distinguisher' (RD) 
>    value. The advertisement of RD values end-to-end between VSPs, 
>    combined with the customer's use of private [RFC1918] addressing 
>    could result in Route Reflectors (RR) making incorrect best path 
>    decisions for identical routes received from external as well as 
>    internal PE network elements. This will occur where RD and customer 
>    address space overlap across VSP ASes. Although the probability of 
>    this scenario is small, the consequences could be severe and 
>    difficult to isolate, therefore VSP owned RRs and PE's SHOULD NOT 
>    receive VPN-IPv4 routes that have RD values assigned by another VSP. 
>    In order to ensure that RD values that transit VPLs are unique, RD 
>    values MUST be pre-pended by a public registered AS number ([RFC-
>    2547bis], section (4.1). 
> 
>      5.5.3.1. Route Target Allocation Considerations 
> 
>    VSPs usually have difficulty in provisioning extended (Route Target) 
>    or standard BGP community values on their PE network elements that 
>    are assigned by external parties such as the end customers Agent or 
>    another VSP. This difficulty is due to the VSP having automated or 
>    manual OSS systems and operational procedures that typically apply to 
>    per VSP ASes only. These systems and processes are difficult to 
>    change due to schema conflicts brought about by attempting to 
>    incorporate externally assigned RT allocation schemas. In addition, 
>    not all VSPs allocate RT values that are pre-pended with a publicly 
>    registered ASN or IP address. RT values to be applied on VSP PEs 
>    therefore should be assigned by the operator of the PE. In order to 
>    ensure that BGP extended community values are unique between ASes, RT 
>    values that are advertised across the VPL MUST be pre-pended by a 
>    public registered ASN. This follows the specification detailed in the 
>    'Identifiers' section of [RFC-4031] and assists in the prevention of 
>    cross-connection for VPN services.  
> 
>      5.5.3.2. Traffic Load Balancing Considerations 
> 
>    VSPs use various traffic load-balancing techniques between customer 
>    sites to optimize traffic flows within their own ASes. As described 
>    in [RFC2547bis], this necessitates the use of different RD values 
>  
>  
>                        Expires July 26, 2006                [Page 13] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    provisioned across VRFs to which the customer is multi-homed. Similar 
>    mechanisms SHOULD be available when VSP owned ASes are multi-homed 
>    across multiple VPLs and where the VSP wishes to optimize customer 
>    traffic via load balancing. Such mechanisms may require that the 
>    signaling protocol support the advertisement of all available paths 
>    so that optimal path selection is available as well as backup paths 
>    in case of optimal path failure. 
> 
>    5.5.4. Multicast Routing Considerations 
> 
>    IP multicast transmission schemas may be used by some applications 
>    such as videoconferencing or TV broadcasting in order to optimize VPN 
>    network resources. 
> 
>    As a result, VSP owned network elements should support multicast 
>    routing capabilities for the dynamic establishment and maintenance of 
>    distribution trees within the VPN and should therefore be provisioned 
>    with the relevant yet consistent configuration information.  
> 
>    There are currently however no standards for, or agreement of, an 
>    enforcement of consistent multicast routing policies amongst VSPs. 
>    There is therefore a requirement to be able to enforce an end-to-end 
>    multicast routing policy for the sake of the establishment and 
>    maintenance of consistent distribution trees throughout an MDE.  
> 
> 6. QoS Requirements 
> 
>    Quality of service is a very generic term, which is sometimes 
>    misused, especially when applied to IP/MPLS environments. In this 
>    document, the design and the enforcement of a QoS policy within VPN-
>    specific MDE environments relies upon the following dimensions: 
> 
>    - A forwarding dimension, which consists of ensuring that a VSP 
>       owned network element behaves differently, depending on the kind 
>       of traffic it has to process and subsequently forward. This 
>       yields a need for VPN traffic identification, classification and 
>       possibly activation of traffic conditioning, policing, scheduling 
>       and optionally, discarding mechanisms. The forwarding dimension 
>       of a QoS policy is a notion that is local to a network element, 
>       independent from the expected behaviors of the other network 
>       elements within the MDE. The DiffServ (Differentiated Services) 
>       architecture, as described in [RFC-2475], is generally seen as 
>       the cornerstone of the forwarding dimension, introducing the 
>       notion of classes of service as well as Behavior Aggregates (BA). 
> 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 14] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    - A metric definition dimension, which consists of defining 
>       consistent metrics such as delay, jitter and loss, so as to 
>       support QoS meaningfully across multiple VSPs. 
> 
>    - A routing dimension, which consists of enforcing a VPN-specific 
>       traffic engineering policy at the scale of a MDE. Traffic 
>       engineering is a set of capabilities that allow the (hopefully 
>       dynamic) computation and selection of paths that will be used to 
>       convey different kinds of VPN traffic. It may be necessary to 
>       route QoS-sensitive traffic to different VSPs or along different 
>       paths other than those selected by best effort traffic. Path 
>       selection is dependant on the (QoS) characteristics of such 
>       paths, which comply with the QoS requirements that have been 
>       expressed and negotiated by the Agent with their VPN customers.   
> 
>    - A monitoring dimension, which consists of qualifying how 
>       efficient a QoS policy is enforced within a MDE, based upon the 
>       use and measurement of well-defined indicators. Due to the 
>       multiple parties involved in the delivery of QoS, it is necessary 
>       to have well defined methods for measurement of QoS, ways to 
>       monitor the performance of different network elements, and ways 
>       to report performance consistently among VSPs. Such indicators 
>       include (but may not be limited to) one-way transit delay, one-
>       way inter-packet delay variation (sometimes called jitter), one-
>       way packet loss rate or any combination of such indicators.   
> 
>      
> 
> 6.1. Differentiated Services Policy Considerations 
> 
>    Currently, there are no standards for or agreement of service 
>    definitions as defined in the Diffserv architecture amongst VSPs. 
>    [RFC-3644] defines QoS policy within a single Diffserv domain as 
>    being dependent upon three types of information:  
> 
>    - The topology of the network elements under management;  
> 
>    - The particular type of QoS methodology used (e.g. Diffserv), and;  
> 
>    - The business rules and requirements for specifying service(s) 
>       delivered by the network.  
> 
>    These information types vary across VSP ASes. Consequently, VSPs 
>    deploy different numbers of classes of service (COS) and specify 
>    service definitions in proprietary ways. Fixed mappings of classes of 
>    service between any two VSPs may result in compromised service across 
>    the two. This is in part because fixed mappings cannot always utilize 
>  
>  
>                        Expires July 26, 2006                [Page 15] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    the full service envelope available from the interconnected VSPs (a 
>    VSP with three classes of service can only utilize 3/5ths of the 
>    service envelope of a VSP with five classes of service). Furthermore,  
>    fixed mappings may be adequate for some Agent's customers, but not 
>    for others. This is because QoS policy is often applied in different 
>    ways for each application used in each customer environment 
> 
>    When three or more VSP ASes are used to provide connectivity between 
>    customer sites, two or more VPLs are required and, therefore, a 
>    multiple, compounding service compromise exists.  
> 
>    In an MDE of many VSP ASes and VPLs, it is clear that numerous and 
>    compounding compromises in service will take place and end-to-end QoS 
>    policy enforcement may be hard to achieve.  
> 
>    There is a requirement, therefore, for a relationship to exist 
>    between VSP classes of service that may vary from one customer to 
>    another, and that can also utilize the full service envelope of all 
>    VSPs within an MDE.  
> 
>    6.1.1. QoS Policy Transparency 
> 
>    There is general agreement that customer packets should not be 
>    remarked (that is, have their DSCP values modified) as they transit 
>    the MDE. At the same time, it is often necessary for the VSP to 
>    impose a QoS treatment on customer packets that differs from that 
>    which might be indicated by the customer's DSCP (such as is the case 
>    for non-conforming traffic downgraded to best effort). However, even 
>    if the packets are treated as best effort by the VSP, the customer 
>    wishes to retain the original DSCP marking for their own use when the 
>    packets arrive at their remote site. This requirement is defined as 
>    "QoS transparency", where the transparency in question refers to the 
>    tunneling of the customer QoS policy, unmodified, from ingress to 
>    egress across an MDE. [RFC-4031] describes this requirement as a 
>    'Carrier's Carrier' model where one VSP is the customer of another 
>    VSP. Such a VSP should be able to resell VPN services to their 
>    customers independent of the DSCP mapping solution employed by the 
>    'Carrier's Carrier' VSP.  
> 
>    There is a requirement, therefore, for enterprise QoS policy 
>    transparency throughout an MDE. 
> 
> 6.2. Consistent Metric Considerations 
> 
>    Currently, there are no standards for, or agreement of metric 
>    definitions between VSPs. As an example, the Low Latency service 
>    class is generally characterized by three network performance 
>  
>  
>                        Expires July 26, 2006                [Page 16] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    metrics; latency, packet loss, and jitter. These metrics are 
>    generally reported as two-way or one-way derived from two-way 
>    measurements, but are generally defined differently between VSPs.  
> 
>    There is therefore a requirement to produce service classes with 
>    metrics that can be meaningfully concatenated, so as to provide 
>    reasonable commonality of metrics across VSPs. 
> 
> 6.3. Traffic Engineering/Routing Policy Considerations  
> 
>    In a true MDE environment there may be many alternate paths between 
>    customer sites. The preferred path among VSPs is typically determined 
>    by BGP policies. However, when multiple classes of service exist, it 
>    may be desirable to route some traffic preferentially via VSPs who 
>    support the enhanced QoS class(es) while best effort traffic takes 
>    the conventional route. That is to say, there may be cases in which 
>    the current route selection capabilities of BGP, which yield only a 
>    single best path for a given prefix, may not be sufficient. The 
>    deployment of traffic engineering capabilities in VPL owned network 
>    elements is of importance when considering the joint forwarding of 
>    "triple-play" services where data, video and voice traffic is 
>    forwarded within a given VPN.   
> 
>    Within a MDE, VSPs or Agents should provide configuration information 
>    parameters that will allow network elements to choose appropriate VPN 
>    paths to a given destination based on "Service Contexts". These paths 
>    are chosen according to application-specific constraints, available 
>    service characteristics and/or requirements.  
> 
>    These constraints and/or requirements may be expressed in terms of 
>    time duration (e.g. the use of a VPN route on a weekly basis), 
>    traffic characterization (e.g. all IP multicast traffic should be 
>    forwarded along a set of specific VPN routes), security concerns 
>    (e.g. use trusted network elements along the path towards specific 
>    destinations), and/or QoS considerations (e.g. marked VPN traffic 
>    with a specific DiffServ Code Point (DSCP) value should always use a 
>    configured set of traffic-engineered VPN routes, or available exit 
>    point that exhibits the desired "Service Context").  
> 
> 6.4. Metrology Considerations 
> 
>    Currently, there are no standards for, or agreement of, measurement 
>    methods amongst VSPs. VSPs define measurements differently and 
>    measure different service end points. In a MDE environment, 
>    measurement methodology differences, particularly differences in the 
>    statistical nature of the measurements, make it impossible to combine 
> 
>  
>  
>                        Expires July 26, 2006                [Page 17] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    VSP measurement reports so that the overall quality of the VPN 
>    service can be qualified.  
> 
>    As VSP reports can be so different, it is tedious and time consuming 
>    to analyze whether an individual VSP or VPL operator has met its 
>    performance targets. When end-to-end services fail, it may be very 
>    difficult to analyze VSP measurement data in order to detect and 
>    isolate faults amongst VSPs or VPL operators.  
> 
>    In an MDE, where the customer's Agent(s) are responsible for end-to-
>    end service, this may be untenable. In addition, whilst windows for 
>    scheduled and unscheduled maintenance will remain difficult for the 
>    Agent(s) to control or coordinate, any measurement methodology must 
>    take these windows into account in any performance assessments of the 
>    QoS policy that are made.  
> 
>    There is, therefore, a requirement for statistically homogenous 
>    measurement throughout an MDE as well as the ability to place 
>    measurement instrumentation/sources at VPL locations in order to aid 
>    fault detection and isolation. 
> 
> 7. Security Requirements 
> 
>    Security is a requirement of any business, but the requirement 
>    becomes more important where that business collaborates with others 
>    to provide a service [RFC-4111]. Potential threats might emanate from 
>    a number of sources, for instance, other VSPs, VPL operators and 
>    customers.  
> 
>    Clearly, the vulnerability of a customer service to threats from 
>    these sources is of paramount importance. Of equal importance is the 
>    vulnerability of a VSP AS to threats from these sources. An attack on 
>    a VSP AS could detrimentally affect numerous customers, including 
>    those attached to other VSP owned ASes.  
> 
>    Enforcement of a security policy at the scale of a MDE assumes the 
>    availability of the following capabilities as a minimum:  
> 
>    - The identification and the authentication of the users who may be 
>       entitled to access the VPN service,  
> 
>    - The identification and authentication of network elements that 
>       will not only participate in the deployment and the operation of 
>       the VPN, but also in VPN route information propagation, 
> 
>    - The preservation of the confidentiality of information within a 
>       VPN.  
>  
>  
>                        Expires July 26, 2006                [Page 18] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    VSPs should therefore be provided with configuration information 
>    related to the aforementioned security parameters. This does not mean 
>    that VSP owned network elements have to maintain a dynamically 
>    updated user database, rather, they should be provided with the 
>    following configuration information as a minimum:  
> 
>    - Identification information for IP networks that may exchange data 
>       through the VPN and/or the configuration information required for 
>       the activation of an identification/authentication mechanism such 
>       as RADIUS (Remote Authentication Dial-In User Service), [RFC-
>       2865],  
> 
>    - Identification information for VSP owned network elements that 
>       support endpoint(s) of the MP-BGP peer and possibly configuration 
>       information related to the activation of a mechanism for 
>       identifying and authenticating such peers (such a mechanism could 
>       be based upon the use of a SHA-1 (Secure Hash Algorithm) digital 
>       signature for example), 
> 
>    - Configuration information required for encryption purposes. This 
>       requirement is further expanded on in section 7.1.  
> 
>    There is a requirement, therefore, to secure VSP ASes and customer 
>    services in an MDE as well as securely forward VPN related security 
>    parameters between VSPs and Agents. 
> 
> 7.1. Encryption Requirements 
> 
>    VPN customers may require all or part of their encrypted traffic to 
>    be preserved, independent of the number of VSP owned ASes within the 
>    MDE supporting their VPN service. 
> 
>    There is therefore a need for the MDE to support any relevant 
>    encryption technique that preserves the confidentiality of the VPN 
>    traffic. This implies that: 
> 
>    - The VSP owned network elements that compose the MDE should 
>       support protocols of the IPsec suite [RFC-4301], 
> 
>    - The MDE should be capable of supporting an adequate means for 
>       identifying and authenticating any participating device involved 
>       in the forwarding of VPN traffic, 
> 
>    - The MDE should be capable of supporting an adequate means for 
>       identifying and authenticating any participating VSP owned 
>       network element involved in the enforcement of the VPN-specific 
>       routing policy. Such means should enable any VSP owned network 
>  
>  
>                        Expires July 26, 2006                [Page 19] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>       element to check the integrity of received VPN route 
>       announcements, 
> 
>    - The MDE should be capable of supporting and enforcing any dynamic 
>       key management scheme suitable for the dynamic establishment of 
>       Secure Associations (SA) between relevant VSP owned network 
>       elements, 
> 
>    - VSPs that are involved in the dynamic establishment of SA 
>       associations across their ASes should be provided with relevant 
>       configuration information (keys, passwords) in a timely manner, 
>       that is, the provisioning of such configuration information 
>       should not jeopardize the time to deliver the VPN service 
>       offering to the customer with the required level of security.  
> 
> 7.2. Label Spoofing Protection 
> 
>    Whenever labels are exchanged between two VSP peers it is possible 
>    that the spoofing of such labels may occur either toward the internal 
>    infrastructure of the said VSPs, or within the VPNs that are 
>    supported by such VSPs. There is therefore a requirement to provide 
>    mechanisms that prevent the spoofing of labels in the forwarding 
>    path. 
> 
> 7.3. Authentication Requirements 
> 
>    7.3.1. Authentication of Network Elements 
> 
>    Within a MDE, every VSP owned network element that participates in 
>    the deployment and the operation of a VPN service offering should be 
>    trusted. There is therefore a requirement to provide acceptable 
>    authentication processes in order for a network element to 
>    participate in the deployment and operation of a VPN service. This 
>    implies that every VSP owned network element must be identified and 
>    authenticated typically via processes owned by relevant Agents or 
>    VSPs. 
> 
>    7.3.2. VPN Route Authentication and Filtering 
> 
>    Within a MDE, every VSP owned network element is permitted to 
>    announce VPN routes to some or all of its pre-authenticated peers, 
>    assuming the requirements expressed in section 8.2.1. have been 
>    addressed. 
> 
>    VSPs have existing mechanisms and operational processes that prevent 
>    the cross connection of VPNs within their own ASes. These mechanisms 
>    include manual or automated systems for VPN membership allocations 
>  
>  
>                        Expires July 26, 2006                [Page 20] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    that include per customer RT values. Where the VSP extends VPN 
>    services via an MDE, incorrect or malicious configuration of VPN 
>    membership information could result in cross connection or incorrect 
>    announcement of VPN membership attributes across an MDE. These route 
>    announcements could in addition expose the VPN topology of the VSP.  
> 
>    The integrity of the contents of such VPN route announcements must be 
>    authenticated by any receiving peer and/or by some kind of VPN route 
>    server capability that could be embedded in the relevant Agent or VSP 
>    owned facility before the receiving peer accepts the announced route. 
>    Draft [VPN-VERIFICATION] could assist with this route authentication 
>    requirement.   
> 
>    It should be possible to enforce further VPN route-specific filtering 
>    policies at appropriate locations within an MDE. Additional route 
>    filtering criteria could be based upon (but not necessarily limited 
>    to): 
> 
>    - Intra-VPL communication restriction where, for example, RT value 
>       announcements are filtered such that they only include interested 
>       parties across VPL locations. This filtering policy is 
>       particularly relevant where the VSP owned network elements peer 
>       with more than one network element at a VPL. This function is 
>       described further in [RT-CONSTRAIN] 
> 
>    - Intra-VPN communication restrictions, where, for example, not all 
>       sites are permitted to communicate 
> 
>    - The contracted metrics with the VPN customer and between VSPs for 
>       routing table size, routing protocol type, and end-to-end routing 
>       policy. 
> 
>    - The required end-to-end convergence time to avoid the case where 
>       restoration policies, timer values, or fast convergence protocols 
>       (such as BFD), differ between VSPs. 
> 
>    - Inter-AS routing restrictions, where, for example, some VPN 
>       traffic shouldn't be transported across one or more ASes within 
>       an MDE 
> 
>    - Time based restrictions, where, for example, some destinations 
>       cannot be reached during working hours, 
> 
>    - QoS based restrictions, where, for example, traffic should not be 
>       bound for VPN route sources that experience more than a 100 ms 
>       one-way transit delay. Traffic route sources that experience 
> 
>  
>  
>                        Expires July 26, 2006                [Page 21] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>       delay over a certain threshold should not then be announced at 
>       selected VPLs.  
> 
> 8. Management Requirements 
> 
> 8.1. Performance Metric Statistic Requirements 
> 
>    Agents have stringent usage requirements for an MDE. From this 
>    perspective, VSPs should permit an Agent to have access to 
>    statistical information based upon, (but not necessarily limited to):  
> 
>    - The volume of traffic that has been conveyed by the entire VPN, a 
>       specific VPN route, forwarded by a specific network element or 
>       over a given period of time that may include a distinction 
>       between incoming and outgoing traffic,  
> 
>    - The volume of VPN traffic that has been dropped by network 
>       elements within a given period of time,   
> 
>    - IPPM (IP Performance Metrics) [RFC-2330] related information that 
>       is relevant to tunnel usage: such information includes one-way 
>       transit delay, inter-packet delay variation etc. 
> 
> 8.2. Capital Scaling Requirements 
> 
>    In an MDE, there might be one or more VPLs. At each VPL there may be 
>    one or more interconnected VSP ASes, or a single VSP that uses the 
>    VPL for connectivity between their own ASes.  
> 
>    Traditionally, the interconnection of two VSP ASes has resulted in 
>    the deployment of network element resources that are either dedicated 
>    to those two VSPs, or leased from the VPL operator.  
> 
>    Where there is a need for a VSP to interconnect with multiple other 
>    VSPs, scaling cost efficiency could result if interconnected network 
>    elements could be shared across all VSPs. This multilateral approach 
>    to VPL design will have increasing benefit as the number of 
>    interconnected VSPs at a VPL increases.  
> 
>    Interconnected network elements at VPLs must therefore be shared 
>    multilaterally.  
> 
> 8.3. Operational Scaling Requirements 
> 
>    Cost of operations is of great concern to a VSP, whether or not VPN 
>    services span their own ASes or those of their VSP partners. Compared 
>    to the capital cost of MDE interconnection at a VPL, operational cost 
>  
>  
>                        Expires July 26, 2006                [Page 22] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    easily dominates. In an MDE, some, and perhaps all VSPs, might play a 
>    part in delivering services to an individual customer's VPN.  
> 
>    Within a customer VPN, sites, physical and logical connectivity, 
>    VSPs, VPLs and VPN-specific policies might be variously moved, added, 
>    changed or deleted (MACD) at any time. In fact, different components 
>    of the VPN will, at times, undergo MACD concurrently.  
> 
>    Service MACD lifecycle is part of any customer VPN and will happen as 
>    needed throughout the VPN's service life. As an MDE evolves, with 
>    increasing numbers of VSPs, VPLs and customers, the amount of service 
>    MACD will increase and place a continual and increasing burden on VSP 
>    operators throughout an MDE unless a scalable approach is taken. 
>    Operational scaling criteria could be based upon (but are not 
>    necessarily limited to) the following sections. 
> 
>    8.3.1. Service Independence Requirements 
> 
>    In an MDE, it is inevitable that dependencies will exist between the 
>    services of individual VSPs. For example, a lack of forethought by 
>    the VPL operator by implementing a 'tightly-coupled' VPL interconnect 
>    environment would result in single VSP changes to topology, 
>    bandwidth, routing, QoS, etc., requiring all other VSPs to modify 
>    their definitions of existing services.  
> 
>    Service dependencies amongst VSPs in a MDE must therefore be 
>    minimized. 
> 
>    8.3.2. Minimize Network Integration Requirements 
> 
>    Currently there is no common agreement for how VSPs implement the 
>    interconnection of their VPN networks. This means that each inter-AS 
>    interconnect agreement at a VPL by VSP pairs will be a unique 
>    project, each of which potentially having different design goals and 
>    compromises.  
> 
>    Each unique inter-AS interconnect agreement will usually take 
>    considerable time and consume highly skilled resources in both 
>    organizations. As the number of VPLs increases, so the load on the 
>    organizations will increase. In an MDE, the required number of unique 
>    inter-AS interconnect agreements could rapidly become untenable. 
>    Unique network inter-AS interconnect agreements amongst VSP pairs 
>    must therefore be minimized.  
> 
> 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 23] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    8.3.3. Third Party Interconnect Requirements 
> 
>    Agents or VSPs require the ability to provide end-to-end services 
>    within an MDE. These Agents or VSPs may however have no desire or be 
>    unable to administer the coordination of business and operational 
>    processes involved in establishing an MDE. In order for an MDE to be 
>    established, the Agent or VSP may therefore require a third party 
>    operator to provide these business and operational process services.  
> 
>    It may be that the third party is another VSP, a systems integrator, 
>    a network integrator or another type of service provider. To achieve 
>    end-to-end service, it is critical that the third party operator is 
>    able to control and coordinate global service business and 
>    operational process policy throughout the MDE.  
> 
>    There is, therefore, a requirement for the business and operational 
>    processes involved in establishing an MDE to be administered by a 
>    third party operator. 
> 
> 8.4. IPVPN Services Demarcation Requirements 
> 
>    8.4.1. Fully Managed Service Demarcation 
> 
>    [RFC-2547bis]-based VPN services may encompass a 'fully managed' 
>    Customer Edge (CE) to CE service with associated SLSs. In an MDE, 
>    this 'fully managed' service is interconnected to other VSP-owned 
>    services via VPLs. For SLS demarcation purposes, the VSP may express 
>    a preference to collocate a dedicated network element at each VPL. 
>    The VPL collocated network elements will, from an operational 
>    perspective function identically to a CE. In contrast to a standard 
>    CE however, each VPL collocated network element will usually support 
>    more than a single VPN across one or more customers and/or VSPs. From 
>    a scalability perspective, this is particularly advantageous for the 
>    VSP when interconnecting multiple VPN services at each VPL on behalf 
>    of one or more Agents. The SLS offered by the VSP to each Agent 
>    partner will in addition to CE-to-CE connectivity, include 
>    connectivity from each CE to one or more VPL collocated network 
>    elements.  
> 
>    For contractual and/or technical reasons, the VSP may decide for 
>    example to collocate a network element per Agent, per group of Agents 
>    or per VPN. In all cases, consistent, unambiguous service boundaries 
>    for the fully managed service offering are essential.  
> 
>    There is a requirement, therefore for consistent SLS demarcation 
>    points across 'fully managed' VPN service offerings within an MDE. 
> 
>  
>  
>                        Expires July 26, 2006                [Page 24] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    8.4.2. Mixed Management Service Demarcation 
> 
>    In addition to 'fully managed' services, VSPs also offer VPN services 
>    that allow for a third party such as the VSPs customers to manage 
>    their own CE network elements. IPVPN connectivity of the customers' 
>    CEs via the VSP-owned ASes is done via VSP-owned access facilities. 
>    This type of VPN network outsourcing is known as an 'unbundled' or 
>    'wires-only' service. SLSs are negotiated between the VSP and their 
>    customers that allow the customer managed CE's to intercommunicate. 
> 
>    In an MDE, when an 'unbundled' service is procured from a VSP by an 
>    Agent, the Agent may want to use the 'unbundled' service to extend 
>    the geographic reach of their VPN footprint by connecting this 
>    service to one or more VPLs. Again, for SLS demarcation purposes, the 
>    VSP may express a preference to collocate a network element at each 
>    VPL.  
> 
>    SLS demarcation points for the selling VSP may then include VPL 
>    collocated network elements that are shared across one or more Agents 
>    and/or VPNs, access facilities linking the Agent-owned CEs, and 
>    common [RFC-2547bis]-based VPN services that span the VSP-owned 
>    AS(es). The Agent must then offer SLSs to their customer that 
>    encompass the VSPs 'unbundled' service and associated SLS(s), as well 
>    as their managed CE offering.  
> 
>    There is a requirement, therefore, for consistent 'unbundled' service 
>    SLS demarcation points across an MDE.  
> 
> 8.5. Remote CE Management Requirement 
> 
>    For contractual and/or technical reasons, Agents or customers have a 
>    requirement to manage Customer Edge (CE) network elements that are 
>    interconnected as part of a [RFC-2547bis]-based VPN service. In an 
>    MDE, the ASes supporting these VPNs may or may not be operated by the 
>    Agent. The Agent will in addition to managing VPN services on behalf 
>    of their customers, usually operate a management network to which 
>    their end customers have restricted or no access. The management 
>    network is used to provide as a minimum IP-based connectivity between 
>    CEs and the Agent's operations staff, typically located in one or 
>    more operations centers. 
> 
>    In order for an Agent to directly manage CEs connected to ASes that 
>    they do not operate, the Agent will procure 'unbundled' VPN services 
>    from one or more VSP partners. In addition to SLSs that are 
>    negotiated between the Agent and the selling VSP for CE-to-CE 
>    communication, the Agent requires SLSs that encompass the connection 
>    of each CE to the Agent's management network. 
>  
>  
>                        Expires July 26, 2006                [Page 25] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    There is a requirement, therefore, for an Agent to remotely manage CE 
>    network elements that are directly interconnected through one or more 
>    ASes that are operated by the Agent's VSP partners. The VSP partner 
>    should therefore be capable of supporting one or more common 
>    management network connectivity methods selected by the Agent.  
> 
> 8.6. End-to-End Combined Services Requirement 
> 
>    8.6.1. Combined VPN and Internet Access Requirement 
> 
>    It is common for VSPs to offer combined Internet access and VPN 
>    services via a shared networking infrastructure, e.g. based upon 
>    [RFC-2547bis]. In an MDE, when an Agent offers this service, it is 
>    sometimes advantageous for the Agent if their VSP partners could 
>    support the local 'breakout' of traffic destined for the Internet 
>    within the VSPs own ASes. An alternative to this is for all customers 
>    Internet and VPN traffic to be transported by the Agent's VSP 
>    partners across VPLs to Internet 'breakout' location(s) in other 
>    ASes. These traffic paths are inevitably suboptimal, raising 
>    performance concerns with the Agent's customers. In addition, the 
>    service is potentially expensive to deliver for the Agent, as there 
>    is little or no differentiation between traffic paths carrying 
>    mission-critical VPN traffic and Internet destined best effort 
>    traffic as all traffic will be forwarded by the VSP partner across 
>    one or more VPLs. 
> 
>    There is a requirement, therefore, in an MDE for VSPs to provide 
>    consistent Internet 'breakout' services that are compatible with an 
>    Agents combined Internet access and VPN services. These compatibility 
>    requirements include (but are not limited to): 
> 
>    - Security, Authentication, Intrusion Detection, Virus protection 
>       services etc. 
> 
>    - Consistent QoS policies across VSPs for best effort or better 
>       than best effort Internet-destined traffic. 
> 
>    8.6.2. Combined IP and non-IP Application Transport Requirement 
> 
>    Some VSPs offer managed services that include the transporting of 
>    non-IP application traffic across a shared networking infrastructure 
>    based on [RFC-2547bis]. These 'legacy' applications use networking 
>    protocols (for example X.25, SNA and IPX) that typically do not 
>    support an IP network layer header and therefore cannot natively be 
>    transported across VSP operated ASes. The non-IP packets must 
>    therefore be 'tunneled' across VSP ASes by adding IP and MPLS headers 
>    to the packets. Either end of a 'legacy' application transport tunnel 
>  
>  
>                        Expires July 26, 2006                [Page 26] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    must support configurations that are based on non-IP application 
>    specific configuration parameters for mapping non-IP network layer 
>    application sources to destination tunnel network element IP 
>    addresses. In an MDE, the non-IP transport tunnel could span one or 
>    more VSP-owned ASes. Network elements that originate and terminate 
>    packets that are forwarded across these non-IP tunnels could 
>    therefore be operated by different VSPs. 
> 
>    There is a requirement, therefore, in an MDE for consistent non-IP 
>    application transport tunnels to be supported by participating VSPs 
>    in an MDE. Tunnel transport consistency per non-IP protocol must take 
>    into account amongst others, agreements on MTU sizing, SLS 
>    conformance, vendor proprietary and standardized encapsulation 
>    techniques etc.   
> 
> 9. Conclusions 
> 
> 10. Acknowledgements 
> 
>    This document is the combined effort of the co-editors and the 
>    following contributing authors: Dimitri Papadimitriou, James 
>    Humphris, Colin Simpson, Matthew Ford, William Copeland and David 
>    Page. 
> 
> 11. References  
> 
> 11.1. Normative References 
> 
>     [RFC-1771] Rekhter, Y., Li, T., et al., "A Border Gateway Protocol 4 
>                (BGP-4)", RFC 1771, March 1995. 
> 
>     [RFC-1930] Hawkinson, J., Bates, T., "Guidelines for creation, 
>                selection, and registration of an Autonomous System 
>                (AS)", RFC 1930, March 1996. 
> 
>     [RFC-2330] Paxson, V., et al., "Framework for IP Performance 
>                Metrics", RFC 2330, May 1998. 
> 
>     [RFC-2475] Blake, S., et al., "An Architecture for Differentiated 
>                Services", RFC 2475, December 1998. 
> 
>     [RFC-2676] Apostolopoulos, G., et al., "QoS Routing Mechanisms and 
>                OSPF Extensions", RFC 2676, August 1999. 
> 
>      
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 27] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>     [RFC-2865] Rigney, C., et al., "Remote Authentication Dial-In User 
>                Service (RADIUS)", RFC 2865, June 2000. 
> 
>     [RFC-3644] Snir, Y., et al., "Policy Quality of Service (QoS) 
>                Information Model", RFC 3644, November 2003. 
> 
>     [RFC-4026] Andersson, L., Madsen, T., "Provider-Provisioned Virtual 
>                Private Network (VPN) Terminology", RFC 4026, March 2005. 
> 
>     [RFC-4031] Carugi, M., et al., "Service Requirements for Layer 3 
>                Provider Provisioned Virtual Private Networks (PPVPNs)", 
>                RFC 4031, April 2005. 
> 
>     [RFC-4111] Fang, L., et al., "Security Framework for Provider-
>                Provisioned Virtual Private Networks (PPVPNs)", RFC 4111, 
>                July 2005. 
> 
>     [RFC-4301] Kent, S., Seo, K., "Security Architecture for the 
>                Internet Protocol", RFC 4301, December 2005. 
> 
>     
> 
> 11.2. Informative References 
> 
>    [RFC-2547bis] Rosen, E., Rekhter, Y., "BGP/MPLS VPNs", draft-ietf-
>                l3vpn-rfc2547bis-03.txt, Work in Progress, October 2004. 
> 
>     [VPN-VERIFICATION] Behringer, M., et al., "Layer-3 VPN Import/Export 
>                Verification", draft- -ietf-l3vpn-vpn-verification-
>                00.txt, Work in Progress, March 2005. 
> 
>     
> 
>     
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 28] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
> Editor's Addresses  
> 
>    Jim Guichard 
>    Cisco Systems, Inc 
>    300 Beaver Brook Rd 
>    Boxborough 
>    MA   
>    Email: jguichar@cisco.com 
>     
>    Martin Halstead 
>    Nexagent Ltd 
>    Thames Tower 
>    37-45 Station Road 
>    Reading 
>    Berkshire 
>    UK 
>    RG1 1LX 
>    Email: mhalstead@nexagent.com 
>     
>    Christian Jacquenet 
>    France Telecom 
>    4, rue du Clos Courtel 
>    BP 91226 
>    35512 Cesson-Sévigné Cedex 
>    France 
>    Email: christian.jacquenet@francetelecom.com    
>     
> 
> 12. Intellectual Property Statement 
> 
>    The IETF takes no position regarding the validity or scope of any 
>    Intellectual Property Rights or other rights that might be claimed to 
>    pertain to the implementation or use of the technology described in 
>    this document or the extent to which any license under such rights 
>    might or might not be available; nor does it represent that it has 
>    made any independent effort to identify any such rights.  Information 
>    on the procedures with respect to rights in RFC documents can be 
>    found in BCP 78 and BCP 79. 
> 
>    Copies of IPR disclosures made to the IETF Secretariat and any 
>    assurances of licenses to be made available, or the result of an 
>    attempt made to obtain a general license or permission for the use of 
>    such proprietary rights by implementers or users of this 
>    specification can be obtained from the IETF on-line IPR repository at 
>    http://www.ietf.org/ipr. 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 29] 
> 
> 
> Internet-Draft draft-Halstead-Guichard-MAVS-Requirements-01 January 2006 
>     
> 
>    The IETF invites any interested party to bring to its attention any 
>    copyrights, patents or patent applications, or other proprietary 
>    rights that may cover technology that may be required to implement 
>    this standard.  Please address the information to the IETF at 
>    ietf-ipr@ietf.org. 
> 
> Disclaimer of Validity 
> 
>    This document and the information contained herein are provided on an 
>    "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 
>    OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 
>    ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 
>    INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 
>    INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 
>    WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
> 
> Copyright Statement 
> 
>    Copyright (C) The Internet Society (2006). 
> 
>    This document is subject to the rights, licenses and restrictions 
>    contained in BCP 78, and except as set forth therein, the authors 
>    retain all their rights. 
> 
>      
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
>  
>                        Expires July 26, 2006                [Page 30] 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Mavs mailing list
> Mavs@ietf.org
> https://www1.ietf.org/mailman/listinfo/mavs

_______________________________________________
Mavs mailing list
Mavs@ietf.org
https://www1.ietf.org/mailman/listinfo/mavs