< draft-ietf-teas-actn-info-model-08.txt | draft-ietf-teas-actn-info-model-09.txt > | |||
---|---|---|---|---|
Teas Working Group Young Lee | Teas Working Group Young Lee | |||
Internet Draft Huawei | Internet Draft Huawei | |||
Intended status: Informational Sergio Belotti | Intended status: Informational Sergio Belotti | |||
Nokia | Nokia | |||
Expires: November 3, 2018 | Expires: December 15, 2018 | |||
Dhruv Dhody | Dhruv Dhody | |||
Huawei | Huawei | |||
Daniele Ceccarelli | Daniele Ceccarelli | |||
Ericsson | Ericsson | |||
Bin Yeong Yoon | Bin Yeong Yoon | |||
ETRI | ETRI | |||
May 3, 2018 | June 15, 2018 | |||
Information Model for Abstraction and Control of TE Networks (ACTN) | Information Model for Abstraction and Control of TE Networks (ACTN) | |||
draft-ietf-teas-actn-info-model-08.txt | draft-ietf-teas-actn-info-model-08.txt | |||
Abstract | Abstract | |||
This draft provides an information model for Abstraction and Control | This draft provides an information model for Abstraction and Control | |||
of Traffic Engineered Networks (ACTN). | of Traffic Engineered Networks (ACTN). | |||
skipping to change at page 2, line 7 ¶ | skipping to change at page 2, line 7 ¶ | |||
Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
months and may be updated, replaced, or obsoleted by other documents | months and may be updated, replaced, or obsoleted by other documents | |||
at any time. It is inappropriate to use Internet-Drafts as | at any time. It is inappropriate to use Internet-Drafts as | |||
reference material or to cite them other than as "work in progress." | reference material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on November 3, 2018. | This Internet-Draft will expire on December 15, 2018. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 21, line 14 ¶ | skipping to change at page 21, line 14 ¶ | |||
<TE Topology Update> ::= <TE-topology-list> | <TE Topology Update> ::= <TE-topology-list> | |||
<Path Compute Request> ::= <TE Tunnel Characteristics> | <Path Compute Request> ::= <TE Tunnel Characteristics> | |||
<Path Compute Reply> ::= <TE Computed Path> | <Path Compute Reply> ::= <TE Computed Path> | |||
<TE Tunnel Characteristics> | <TE Tunnel Characteristics> | |||
9. Security Considerations | 9. Security Considerations | |||
The ACTN information model described in this document defines key | The ACTN information model does not directly introduce security | |||
interfaces for managed traffic engineered networks. Securing the | issues. Rather, it defines a set of interfaces for traffic | |||
request and control of resources, confidentiality of the | engineered networks. The underlying protocols, procedures, and | |||
information, and availability of function, should all be critical | implementations used to exchange the information model described | |||
security considerations when deploying and operating ACTN platforms. | in this draft will need to secure the request and control of | |||
resources with proper authentication and authorization mechanisms. | ||||
In addition, the data exchanged over the ACTN interfaces discussed | ||||
in this document requires verification of data integrity. Backup or | ||||
redundancies SHOULD also be available to restore the affected data | ||||
to its correct state. | ||||
Several distributed ACTN functional components are required, and | Implementations of the ACTN framework will have distributed | |||
implementations should consider encrypting data that flows between | functional components that will exchange this information model. | |||
components, especially when they are implemented at remote nodes, | Implementations SHOULD encrypt data that flows between them, | |||
regardless of these data flows are on external or internal network | especially when they are implemented at remote nodes and | |||
interfaces. | irrespective of whether these data flows are on external or internal | |||
network interfaces. The information model may contain customer, | ||||
application and network data that for business or privacy reasons | ||||
may be considered sensitive. It SHOULD be stored only in an | ||||
encrypted data store. | ||||
The ACTN security discussion is further split into two specific | The ACTN security discussion is further split into two specific | |||
categories described in the following sub-sections: | interfaces: | |||
- Interface between the Customer Network Controller and Multi Domain | - Interface between the Customer Network Controller and Multi | |||
Service Coordinator (MDSC), CNC-MDSC Interface (CMI) | Domain Service Coordinator (MDSC), CNC-MDSC Interface (CMI) | |||
- Interface between the Multi Domain Service Coordinator and | - Interface between the Multi Domain Service Coordinator and | |||
Provisioning Network Controller (PNC), MDSC-PNC Interface (MPI) | Provisioning Network Controller (PNC), MDSC-PNC Interface (MPI) | |||
From a security and reliability perspective, ACTN may encounter many | See the detailed discussion of the CMI and MPI in Sections 9.1 and | |||
risks such as malicious attack and rogue elements attempting to | 9.2, respectively in [ACTN-Frame]. | |||
connect to various ACTN components. Furthermore, some ACTN | ||||
components represent a single point of failure and threat vector, | ||||
and must also manage policy conflicts, and eavesdropping of | ||||
communication between different ACTN components. | ||||
The conclusion is that all data models and protocols used to realize | The conclusion is that all data models and protocols used to | |||
the ACTN info model should have rich security features, and | realize the ACTN info model should have rich security features as | |||
customer, application and network data should be stored in encrypted | discussed in this section. Additional security risks may still | |||
data stores. Additional security risks may still exist. Therefore, | exist. Therefore, discussion and applicability of specific security | |||
discussion and applicability of specific security functions and | functions and protocols will be better described in documents that | |||
protocols will be better described in documents that are use case | are use case and environment specific | |||
and environment specific. | ||||
10. IANA Considerations | 10. IANA Considerations | |||
This document has no actions for IANA. | This document has no actions for IANA. | |||
11. References | 11. References | |||
11.1. Normative References | 11.1. Normative References | |||
[ACTN-REQ] Y. Lee, et al., "Requirements for Abstraction and Control | [ACTN-REQ] Y. Lee, et al., "Requirements for Abstraction and Control | |||
End of changes. 10 change blocks. | ||||
31 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |