Internet DRAFT - draft-ietf-ppvpn-applicability-guidelines

draft-ietf-ppvpn-applicability-guidelines









Internet Engineering Task Force                              J. Sumimoto
INTERNET-DRAFT                                                       NTT
                                                               M. Carugi
Expires December 2003                                    Nortel Networks
                                                            (Co-editors)

                                                            J. De Clercq
                                                                 Alcatel
                                                            A. Nagarajan
                                                              Consultant
                                                               M. Suzuki
                                                                     NTT

                                                           June 27, 2003

           Guidelines of Applicability Statements for PPVPNs
           <draft-ietf-ppvpn-applicability-guidelines-02.txt>

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Abstract

   This document plays a role of guidelines to assist development of
   applicability statements for each specific Layer 2 and Layer 3 PPVPN
   approach. It provides a check-list which consists of metrics, each of
   which is intended to clearly point out what must be evaluated and
   written in each approach specific applicability statement document.

1. Introduction



Sumimoto, et al.         Expires December 2003                  [Page 1]

INTERNET-DRAFT                                             June 27, 2003


   The term Provider Provisioned Virtual Private Network (PPVPN) refers
   to Virtual Private Networks (VPNs) for which the service provider
   participates in management and provisioning of the VPN. PPVPNs can be
   classified into various PPVPN types based on their characteristics,
   and requirements for PPVPNs are described in three separate
   documents, [GEN REQTS], [L3 REQTS], and [L2 REQTS]. This document
   extracts metrics directly relating to protocols/mechanisms out of
   provider/service/engineering requirements for PPVPNs described in the
   three requirements documents so as to make approach specific
   applicability statements significant. The extracted metrics in this
   document form a check-list, each of which is intended to clearly
   point out what must be evaluated and written in each approach
   specific applicability statement document. Detailed description with
   regard to the metrics is out of scope of this document.
   Section 2 reviews taxonomy of PPVPN types for which metrics are
   listed in this document. Section 3 provides list and outline of
   metrics. Section 4 is for security considerations, Section 5 is for
   acknowledgement and section 6 is for references.

2. Taxonomy of PPVPNs

   The terminology used in this document is defined in [TERMINOLOGY].


                             PPVPN
               ________________|__________________
               |                                 |
             Layer 2                           Layer 3
         ______|_____                     _______|________
         |          |                     |              |
        P2P        P2M                PE-based       CE-based
       (VPWS)    ___|______        _______|_____         |
                 |        |        |           |         |
               VPLS      IPLS     RFC2547   Virtual    IPsec
                                  Style     Router

                         Figure. 2.1 PPVPN taxonomy


   The figure above presents taxonomy of PPVPN approaches. Note that
   CE-based Layer 2 PPVPNs may also be further classified as point-to-
   point (P2P) or point-to-multipoint (P2M), and P2M PPVPNs may also be
   further classified as Virtual Private LAN Service (VPLS) and IP-only
   LAN-like Service (IPLS). Definitions for layer 3 PPVPNs can be
   obtained from [L3 FWK] and definitions for layer 2 PPVPNs can be
   obtained from [L2 FWK].

3. List and outline of metrics for evaluating each PPVPN approach



Sumimoto, et al.         Expires December 2003                  [Page 2]

INTERNET-DRAFT                                             June 27, 2003


   This section provides list and outline of metrics generic to L3 and
   L2 PPVPN approaches (in Section 3.1), specific to L3 PPVPN approaches
   (in Section 3.2) and specific to L2 PPVPN approaches (in Section
   3.3). Each L3 PPVPN approach is to be evaluated by using both generic
   and L3 specific metrics. Similarly, each L2 PPVPN approach is to be
   evaluated by using both generic and L2 specific metrics. In this
   document, AS stands for Applicability Statements.

3.1 Generic metrics

   This section provides metrics generic to layer 3 and layer 2 PPVPN
   approaches.

   3.1.1 Isolated exchange of routing and data information

   Each specific AS document must clarify whether and how the following
   attributes are implemented by the concerned PPVPN approach.

    - Isolated data forwarding (mandatory)

    - Isolated routing (i.e. constrained distribution of reachability to
      only VPN sites)
      (Internal topology of VPN should not be visible to the shared
       public network (Internet))

   3.1.2 Security

   Each specific AS document must clarify whether and how the following
   attributes of user security are supported by the concerned PPVPN
   approach.

    - Confidentiality

    - Integrity

    - Authentication

    - Replay attack prevention

   Additionally, each specific AS document must clarify how the
   following security attributes with regard to setup/operation are
   protected by the concerned PPVPN approach.

    - Protocol attacks

    - Unauthorized access

    - Tampering with signaling



Sumimoto, et al.         Expires December 2003                  [Page 3]

INTERNET-DRAFT                                             June 27, 2003


   3.1.3 Tunneling

   Each specific AS document must clarify the following attributes.

    - Kind of supported tunneling techniques

    - Tunnel termination points

   3.1.4 QoS

   Each specific AS document must clarify if the following types of QoS
   are supported or not, and how they are supported.


    - Intserv/RSVP (Customer usage/Provider usage)

    - Diffserv (Customer usage/Provider usage)

    - Point to point

    - Point to cloud

   3.1.5 Auto-discovery

   Each specific AS document must clarify

    - Whether any mechanism are supported or not

      If supported, it must also clarify the following attributes.

    - Kind of mechanism

    - What is discovered by the mechanism

    - Information exchanged by the mechanism

   3.1.6 Scalability

   With regard to each of the following factors, each specific AS
   document must clarify (1) what resource is pressed by the factor
   (e.g. VFI's table size) and (2) how (in what order) is the resource
   pressed? (E.g. O(n) or O(n^2) or ...). VFI stands for Virtual
   Forwarding Instance, and VSI stands for Virtual Switching Instance
   (for more detail, see framework documents).

    - Number of VPNs
      (Especially, influence toward VFI/VSI's table size / number of
       tunnels should be considered.)



Sumimoto, et al.         Expires December 2003                  [Page 4]

INTERNET-DRAFT                                             June 27, 2003


    - Number of sites
      (Especially, influence toward VFI/VSI's table size / number of
       tunnels should be considered.)

    - Number of routes per VPN

    - Rate of configuration changes / impact of adding new site
      (Especially, influence toward increase of controlling traffic /
       average convergence time should be considered.)

    - Number of users per VPN

    - Number of addresses per VPN

    - Number of PEs and/or CEs

    - Number of VRFs/VRs and interfaces per PE (for only PE-based L3 VPN
      approaches),
      (Especially, influence toward processing overhead of a PE should
       be considered.)

    - Number of tunnels

   3.1.7 Management

   Each specific AS document must clarify (1) whether each of the
   following aspects of management are supported or not by the concerned
   PPVPN approach, and (2) how they are supported.

    - Configuration/Provisioning
      VPN membership, tunnels, network access, routing protocols, etc.

    - Performance/SLA
      Monitoring/Accounting states and statistics.

    - Security
      Access control, authentication, etc.

    - Fault
      Detection, localization, and corrective actions.

    - Customer Management
      Capabilities of customers to view the topology, operational state,
      order status, and other parameters associated with their VPN

   3.1.8 Traffic types

   Each specific AS document must clarify whether and how the following



Sumimoto, et al.         Expires December 2003                  [Page 5]

INTERNET-DRAFT                                             June 27, 2003


   types of traffic are supported or not.

    - Unicast or point-to-point

    - Multicast or point-to-multipoint

    - Broadcast

   3.1.9 Temporary access

   Besides permanent access which is mandatory to all PPVPN approach,
   each specific AS document must clarify (1) whether supported or not,
   and (2) how to support,

    - Temporary access

   3.1.10 Migration impacts

   Each specific AS document must clarify

    - Functions required to be added to legacy devices from the
      customers' and providers' point of view.

   3.1.11 Interworking

   Interworking scenarios among different solutions providing PPVPN
   services is highly desirable. If any constraints exist in a PPVPN
   approach, the corresponding specific AS document must show the
   constraints and their influence.

3.2 Metrics specific to L3 PPVPN approaches

   This section provides metrics specific to L3 PPVPN approaches. Each
   specific L3 PPVPN approach must be checked by these L3 specific
   metrics as well as generic metrics provided in the former sections.

   3.2.1 Addressing

   Each specific AS document must clarify whether overlapping customer
   IP addresses in different VPNs are supported or not.

   3.2.2 IP Routing Protocol Support for Customer

   At least the following protocols must be supported between CE and PE
   routers, or between CE routers: static routing, IGP, such as RIP,
   OSPF, IS-IS, and BGP. If there exists any restriction in a PPVPN
   approach, it must be described in the specific AS document concerning
   the PPVPN approach.



Sumimoto, et al.         Expires December 2003                  [Page 6]

INTERNET-DRAFT                                             June 27, 2003


   3.2.3 Core network requirements

   Each specific AS document must clarify the following attributes of
   concerned PPVPN approach.

    - Routing protocols applicable to SP network routing

    - Core router awareness of mechanisms used

3.3 Metrics specific to L2 PPVPN approaches

   This section provides metrics specific to L2 PPVPN approaches. Each
   specific L2 PPVPN approach must be checked by these L2 specific
   metrics as well as generic metrics provided in the former sections.
   VPLS stands for Virtual Private LAN Service (for more detail, see [L2
   FWK]).

   3.3.1 Scope/Accuracy of Emulation

   Each specific AS document must clarify the following attributes of
   concerned PPVPN approach.

    - Difference between L2 VPN protocol and specification at customer
      interface and existing native protocols and specification (if
      exists)

   3.3.2 Addressing

   Each specific AS document must clarify

    - Whether overlapping customer L2 addresses in different VPNs
      are supported or not

    - Whether overlapping VLAN IDs for different customer are supported
      or not (in case of VPLS supporting VLANs)

   3.3.3 Loop Prevention of L2 topology

   Each specific AS document must clarify

    - Whether any mechanism are supported or not. (Especially, is STP
      supported?)

      If any mechanism supported, it must also clarify the following
      attributes.

    - Kind/scope of the mechanism. (Especially, is STP supported?
      Is Split horizon scheme over mesh topology adopted?)



Sumimoto, et al.         Expires December 2003                  [Page 7]

INTERNET-DRAFT                                             June 27, 2003


   3.3.4 Packet re-ordering

   Each specific AS document must clarify the following attributes.

    - Possibility of packet re-ordering

    - Influence of packet re-ordering

   3.3.5 Minimum MTU

   Each specific AS document must clarify the following attributes.

    - Support of MTU specified for the layer 2 technology
      (including consistency with inserting VLAN tag)

    - Guarantee of prohibition of frame fragmentation

   3.3.6 Support for MAC Services (only for VPLS)

   Each specific AS document must clarify whether MAC services (see the
   following examples) are supported or not by the concerned PPVPN
   approach.

    - Filtering of frames

    - Flooding

    - Creation of address table

    - Aging of address table

   If any constraints exist in a PPVPN approach, the corresponding
   specific AS document must show the constraints and their influence.

   3.3.7 Scalability

   L2 specific scalability metrics  are listed in this section. For
   generic scalability metrics, see section 3.1.6.

   Each specific AS document must clarify scalability concern specific
   to L2 VPN control protocol including signaling. Especially,
   scalability concern caused by use of STP must be clarified in case of
   VPLS.

4. Security considerations

   There are no additional security considerations besides those already
   described in this document.



Sumimoto, et al.         Expires December 2003                  [Page 8]

INTERNET-DRAFT                                             June 27, 2003


5. Acknowledgments

   The authors of this document would like to acknowledge the
   suggestions and comments received from the entire Layer 3
   Applicability Statement Design Team formed in the ppvpn WG. Besides
   the authors, the members of the design team include Luyuan Fang, Paul
   Knight, Dave McDysan, Thomas Nadeau, Olivier Paridaens, Yakov
   Rekhter, Eric Rosen, Chandru Sargor, Benson Schliesser, Cliff Wang
   and Rick Wilder.

6.  References

6.1 Normative References

   [GEN REQTS] Nagarajan, A., "Generic Requirements for Provider
       Provisioned VPN," Work in Progress.

   [L3 REQTS] Carugi, M. et al., "Service Requirements for Provider
       Provisioned Virtual Private Networks," work in progress.

   [L2 REQTS] Augustyn, W., Serbest, Y., et al., "Service Requirements
       for Layer 2 Provider Provisioned Virtual Private Networks", work
       in progress

   [TERMINOLOGY] Andersson, L., Madsen, T., "PPVPN Terminology", work in
       progress.

6.2 Informative References

   [L3 FWK]  Callon, R. et al., "A Framework for Provider Provisioned
       Virtual Private Networks," work in progress.

   [L2 FWK] Andersson, L., et al., "L2VPN Framework", work in progress.

   [IPsecVPN AS] De Clercq, J. et al., "Applicability Statement for
       Provider Provisioned CE-based Virtual Private Networks using
       IPsec," work in progress.

   [VR AS] Nagarajan, A. et  al., "Applicability Statement for Virtual
       Router-based Layer 3 PPVPN approaches," work in progress.

   [2547BIS AS] Rosen, E. et al., "Applicability Statement for VPNs
       Based on rfc2547bis," work in progress.

7. Authors' address

      Junichi Sumimoto (Co-editor)
      NTT Information Sharing Platform Labs.



Sumimoto, et al.         Expires December 2003                  [Page 9]

INTERNET-DRAFT                                             June 27, 2003


      3-9-11, Midori-Cho
      Musashino-Shi,  Tokyo  180-8585  Japan
      Email: sumimoto.junichi@lab.ntt.co.jp

      Marco Carugi (Co-editor)
      Nortel Networks S.A.
      Parc d'activites de Magny - Les Jeunes Bois - Chateaufort
      78928 YVELINES Cedex - FRANCE
      Email: marco.carugi@nortelnetworks.com

      Jeremy De Clercq
      Alcatel
      Fr. Wellesplein 1, 2018 Antwerpen, Belgium
      Email: jeremy.de_clercq@alcatel.be

      Ananth Nagarajan
      Consultant
      Email: ananth@maoz.com

      Muneyoshi Suzuki
      NTT Information Sharing Platform Labs.
      3-9-11, Midori-cho,
      Musashino-shi, Tokyo 180-8585, Japan
      Email: suzuki.muneyoshi@lab.ntt.co.jp



























Sumimoto, et al.         Expires December 2003                 [Page 10]