One document matched: draft-finn-detnet-problem-statement-05.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<rfc category="std" ipr="trust200902" docName="draft-finn-detnet-problem-statement-05">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc authorship="yes"?>
<?rfc tocappendix="yes"?>
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="no" ?>
<front>
<title>Deterministic Networking Problem Statement</title>
<author initials="N" surname="Finn" fullname="Norm Finn" >
<organization abbrev="Cisco">
Cisco Systems
</organization>
<address>
<postal>
<street>510 McCarthy Blvd</street>
<street>SJ-24</street>
<city>Milpitas</city>
<code>95035</code>
<region>California</region>
<country>USA</country>
</postal>
<phone> +1 408 526 4495</phone>
<email>nfinn@cisco.com</email>
</address>
</author>
<author initials="P" surname="Thubert" fullname="Pascal Thubert">
<organization abbrev="Cisco">
Cisco Systems
</organization>
<address>
<postal>
<street>Village d'Entreprises Green Side</street>
<street>400, Avenue de Roumanille</street>
<street>Batiment T3</street>
<city>Biot - Sophia Antipolis</city>
<code>06410</code>
<country>FRANCE</country>
</postal>
<phone>+33 4 97 23 26 34</phone>
<email>pthubert@cisco.com</email>
</address>
</author>
<date/>
<area>Internet</area>
<workgroup>detnet</workgroup>
<abstract>
<t>
This paper documents the needs in various
industries to establish multi-hop paths
for characterized flows with deterministic properties .
</t>
</abstract>
</front>
<middle>
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<section anchor='introduction' title="Introduction">
<t>The
<xref target="I-D.grossman-detnet-use-cases">Deterministic Networking
Use Cases</xref> document illustrates that beyond the classical case
of industrial automation and control systems (IACS), there are in fact
multiple industries with strong and yet relatively similar needs for
deterministic network services with latency guarantees and ultra-low
packet loss.
</t><t>
The generalization of the needs for more deterministic networks have led
to the IEEE 802.1 AVB Task Group becoming the
<xref target="IEEE802.1TSNTG">Time-Sensitive Networking (TSN)</xref>
Task Group (TG), with a much-expanded constituency from the industrial and
vehicular markets.
</t><t>
Along with this expansion, the networks in consideration are becoming
larger and structured, requiring deterministic forwarding beyond the LAN
boundaries. For instance, IACS segregates the network along the broad
lines of the Purdue Enterprise Reference Architecture (PERA)
<xref target="ISA95"/>, typically using deterministic local area networks
for level 2 control systems, whereas public infrastructures such as
Electricity Automation require deterministic properties over the Wide Area.
The realization is now coming that the convergence of IT and Operational
Technology (OT) networks requires Layer-3, as well as Layer-2, capabilities.
</t><t>
While the initial user base has focused almost entirely on Ethernet physical
media and Ethernet-based bridging protocol (from several Standards Development
Organizations), the need for Layer-3 expressed above, must not be confined
to Ethernet and Ethernet-like media, and while such media must be encompassed
by any useful DetNet architecture, cooperation between IETF and other
SDOs must not be limited to IEEE or IEEE 802. Furthermore, while the work
completed and ongoing in other SDOs, and in IEEE 802 in particular, provide
an obvious starting point for a DetNet architecture, we must not assume that
these other SDOs' work confines the space in which the DetNet architecture
progresses.
</t><t>
The properties of deterministic networks will have specific requirements
for the use of routed networks to support these applications and a new
model must be proposed to integrate determinism in IT technology.
The proposed model should enable a fully scheduled operation orchestrated
by a central controller, and may support a more distributed operation with
probably lesser capabilities. In any fashion, the model should not
compromise the ability of a network to keep carrying the sorts of traffic
that is already carried today in conjunction with new, more deterministic
flows.
</t><t>
Once the abstract model is agreed upon, the IETF will need to specify the
signaling elements to be used to establish a path and the tagging elements
to be used identify the flows that are to be forwarded along that path.
The IETF will also need to specify the necessary protocols, or protocol
additions, based on relevant IETF technologies, to implement the selected
model.
</t><t>
As a result of this work, it will be possible to establish a multi-hop
path over the IP network, for a particular flow with given timing and
precise throughput requirements, and carry this particular flow along the
multi-hop path with such characteristics as low latency and ultra-low
jitter, duplication and elimination of packets over non-congruent paths
for a higher delivery ratio, and/or zero congestion loss, regardless of
the amount of other flows in the network.
</t><t>
Depending on the network capabilities and on the current state, requests
to establish a path by an end-node or a network management entity may be
granted or rejected, an existing path may be moved or removed, and DetNet
flows exceeding their contract may face packet declassification and drop.
</t>
</section>
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in <xref target="RFC2119"/>.</t>
</section>
<section title="On Deterministic Networking">
<t>
The Internet is not the only digital network that has grown dramatically over
the last 30-40 years. Video and audio entertainment, and control systems for
machinery, manufacturing processes, and vehicles are also ubiquitous, and are
now based almost entirely on digital technologies. Over the past 10 years,
engineers in these fields have come to realize that significant advantages in
both cost and in the ability to accelerate growth can be obtained by basing all
of these disparate digital technologies on packet networks.
</t><t>
The goals of Deterministic Networking are to enable the migration of
applications that use special-purpose fieldbus technologies (HDMI, CANbus,
ProfiBus, etc... even RS-232!) to packet technologies in general, and the
Internet Protocol in particular, and to support both these new applications,
and existing packet network applications, over the same physical network.
</t><t>
Considerable experience (<xref target="ODVA"/>,<xref target="AVnu"/>,
<xref target="Profinet"/>,<xref target="IEC62439"/>, etc...)
has shown that these applications need a some or all of a suite of features that
includes:
<list style="numbers"> <t>
Time synchronization of all host and network nodes (routers and/or bridges),
accurate to something between 10 nanoseconds and 10 microseconds, depending on
the application.
</t> <t>
Support for critical packet flows that:
<list style="symbols"> <t>
Can be unicast or multicast;
</t> <t>
Need absolute guarantees of minimum and maximum latency end-to-end across
the network; sometimes a tight jitter is required as well;
</t> <t>
Need a packet loss ratio beyond the classical range for a particular medium,
in the range of 1.0e-9 to 1.0e-12, or better, on Ethernet, and in the
order of 1.0e-5 in Wireless Sensor mesh Networks;
</t> <t>
Can, in total, absorb more than half of the network's available bandwidth
(that is, massive over-provisioning is ruled out as a solution);
</t> <t>
Cannot suffer throttling, congestion feedback, or any other network-imposed
transmission delay, although the flows can be meaningfully characterized
either by a fixed, repeating transmission schedule, or by a maximum
bandwidth and packet size;
</t> </list>
</t> <t>
Multiple methods to schedule, shape, limit, and otherwise control the
transmission of critical packets at each hop through the network data
plane;
</t> <t>
Robust defenses against misbehaving hosts, routers, or bridges, both in the
data and control planes, with guarantees that a critical flow within its
guaranteed resources cannot be affected by other flows whatever the
pressures on the network;
</t> <t>
One or more methods to reserve resources in bridges and routers to carry
these flows.
</t> </list>
</t>
<t>
Time synchronization techniques need not be addressed by an IETF Working Group;
there are a number of standards available for this purpose, including IEEE 1588,
IEEE 802.1AS, and more.
</t> <t>
The multicast, latency, loss ratio, and non-throttling needs are made necessary
by the algorithms employed by the applications.
They are not simply the transliteration of fieldbus needs to a packet-based
fieldbus simulation, but reflect fundamental mathematics of the control of a
physical system.
</t> <t>
With classical forwarding latency- and loss-sensitive packets across a network,
interactions among different critical flows introduce fundamental uncertainties
in delivery schedules. The details of the queuing, shaping, and scheduling
algorithms employed by each bridge or router to control the output sequence
on a given port affect the detailed makeup of the output stream, e.g. how
finely a given flow's packets are mixed among those of other flows.
</t> <t>
This, in turn, has a strong effect on the buffer requirements, and hence the
latency guarantees deliverable, by the next bridge or router along the path.
For this reason, the IEEE 802.1 Time-Sensitive Networking Task Group has defined
a new set of queuing, shaping, and scheduling algorithms that enable each bridge
or router to compute the exact number of buffers to be allocated for each flow
or class of flows.
</t> <t>
Robustness is a common need for networking protocols, but plays a more important
part in real-time control networks, where expensive equipment, and even lives,
can be lost due to misbehaving equipment.
</t> <t>
Reserving resources before packet transmission is the one fundamental shift in
the behavior of network applications that is impossible to avoid.
In the first place, a network cannot deliver finite latency and practically zero
packet loss to an arbitrarily high offered load. Secondly, achieving
practically zero packet loss for un-throttled (though bandwidth limited) flows
means that bridges and routers have to dedicate buffer resources to specific
flows or to classes of flows. The requirements of each reservation have to be
translated into the parameters that control each host's, bridge's, and router's
queuing, shaping, and scheduling functions and delivered to the hosts, bridges,
and routers.
</t>
</section>
<!--
<section anchor="rel" title="Related IETF work">
<section title="Technologies that may be leveraged by DetNet">
<section anchor="te" title="Traffic Engineering">
<t>DetNet operates in the general context of Traffic Engineering (TE)
<xref target="RFC3272"/>, which is defined as that aspect of Internet
network engineering dealing with the issue of performance evaluation
and performance optimization of operational IP networks.
To enable TE, the classical Link State Protocol IS-IS (see <xref target="RFC5305"/>)
and OSPF (see <xref target="RFC3630"/>, <xref target="RFC4203"/> and <xref target="RFC5329"/>)
were augmented to transport topological information which can be used in a
distributed fashion <xref target="mplste"/> or in a centralized fashion
<xref target="pce"/>.
</t>
</section>
<section anchor="mplste" title="Multi-Protocol Label Switching">
<t>Essentially, Multi-Protocol Label Switching (MPLS) <xref target="RFC3031"/>
establishes a layer-2.5 tunnel between an ingress (aka headend) and an
egress router, along a pinned Label-Switched Path (LSP).
MPLS provides a tagging system that enables to identify a flow and forward
independently of the network protocol used bin the packet.
MPLS is widely used for Traffic Engineering
(TE) <xref target="RFC2702"/>
and Virtual Private Network (VPN) applications <xref target="RFC2547"/>.
</t><t>
Typically, the following steps would take place:
<list style="numbers">
<t>
Link-state protocols carry link attributes as TE extensions
</t><t>
A constrained path is calculated with Constrained Shortest Path First (CSPF)
</t><t>
The path is installed using RSVP-TE
</t><t>
Traffic flows are transported through the MPLS-TE tunnel, using a label
switching operation at each hop.
</t></list>
</t>
</section>
<section anchor="gmpls" title="Generalized Multi-Protocol Label Switching ">
<t>
Generalized Multi-Protocol Label Switching (GMPLS) <xref target="RFC3945"/>
extends MPLS to manage further classes of interfaces and switching
technologies other than packet interfaces and switching, such as time
division multiplexing (TDM), layer-2 switching, wavelength switching and fiber-switching.
<xref target="I-D.ietf-6tisch-architecture">6TiSCH</xref> track
switching is considered a GMPLS technology.
Work on GMPLS is being conducted at the <xref target="CCAMP">CCAMP</xref> WG.
</t>
</section>
<section anchor="pce" title="Path Computation Element">
<t> The <xref target="PCE">PCE</xref> WG, is chartered to specify the
required protocols so as to enable a Path Computation Element (PCE)-based
architecture for the computation of paths for MPLS and GMPLS Point to Point
and Point to Multi-point Traffic Engineered LSPs.
</t><t>
The topological information is stored in a so-called traffic engineering database
(TED); the PCE uses the TED to compute a new LSP or move existing paths around
make room for larger reservations or de-fragment the network. The
PCE architecture is documented in <xref target="RFC4655"/>.
</t><t>
Current PCE solutions rely on external services, typically a passive
participation to a Link State IGP with TE extensions (IS-IS or OSPF)
<xref target="te"/> to discover a topology.
As such, the PCE will leverage a Link State Database as it stands in memory
and does not need to serialize a representation of the topology between
entities.
</t><t>
It can be expected that in some DetNet use cases, the IGP running within
the network may not be sufficient to build a full TED. For example, a
network may run an routing protocol without the TE extensions (e.g. RPL), or
some OSPF/IS-IS routers in the network may not support the TE extensions.
In these cases, the TED must be constructed in a supplemental manner, and
updated as network resources are reserved or released. The protocol to
expose the topology and the topology model are left to be defined.
</t><t>
The <xref target="RFC5440">PCE Communication Protocol (PCEP) </xref>
can be used to setup a network path in a traditional TE fashion
by instantiating a network path at the head end node, which subsequently sends a
signaling message to complete a network path reservation.
Extensions to PCEP are proposed to configure the network elements in a
direct fashion from the PCE to each individual node
<xref target="I-D.zhao-pce-pcep-extension-for-pce-controller"/>.
</t><t>
Being based on TCP, the PCEP protocol as it stands may not be adapted to
the most constrained cases such as 6TiSCH and bindings to new transports such
as the <xref target="RFC5440">Constrained Application Protocol (CoAP)</xref>
may be required.
</t>
</section>
<section anchor="teas" title="TEAS Yang Models">
<t>
The Traffic Engineering Architecture and Signaling <xref target="TEAS">(TEAS)</xref>
WG is responsible for defining MPLS and GMPLS traffic engineering architecture,
standardizing the RSVP-TE signaling protocol, and identifying required related
control-protocol functions, i.e., routing and path computation element functions.
</t><t>
In particular the WG defines Information Models for topologies and services
such as the <xref target="I-D.ietf-teas-yang-te-topo"> YANG Data Model
for TE Topologies </xref>,
which could be augmented for DetNet to add such things as device capabilities
and timing precision. In turn, the DetNet models may be augmented for 6TiSCH
tracks or other deterministic Medium Access Control technologies to add specific
capabilities or constraints.
</t>
</section>
</section>
<section title="Technologies that may be improved by DetNet">
<section anchor="L2VPN" title="L2VPN">
<t>
L2VPNs <xref target="RFC4664"/> federate a partitioned Layer-2 domain over
Layer-3 connections.
With deterministic networking capabilities, L2VPN services may maintain
deterministic properties that exist in the partitions across the Layer-3
domain that is traversed by the VPN.
</t>
</section>
<section anchor="pw" title="Pseudowire">
<t>
Pseudowires emulate networking links such as T1/E1 leased line, frame relay,
Ethernet, ATM, T1-TDM, or SONET/SDH over packet-switched networks based on
Ethernet, IP, or MPLS <xref target="RFC3985"/>.
With deterministic networking capabilities, the emulation of
a serial link can provide a synchronized clock and guarantee a constant
throughput, to the point that the emulation is no more distinguishable from
the original service.
</t>
</section>
</section>
<section anchor="del" title='Deterministic PHB'>
<t>
<xref target="I-D.svshah-tsvwg-deterministic-forwarding"/>
defines a Differentiated Services Per-Hop-Behavior
(PHB) Group called Deterministic Forwarding (DF). The document
describes the purpose and semantics of this PHB. It also describes
creation and forwarding treatment of the service class,
and how the code-point can be mapped into one of the
aggregated Diffserv service classes <xref target="RFC5127"/>.
</t>
</section>
<section anchor="sixt" title='6TiSCH'>
<t>
Industrial process control already leverages deterministic
wireless Low power and Lossy Networks (LLNs) to interconnect critical
resource-constrained devices and form wireless mesh networks, with
standards such as <xref target="ISA100.11a"/> and <xref target="WirelessHART"/>.
</t> <t>
These standards rely on variations of the <xref target="IEEE802154"/>
<xref target="RFC7554">timeSlotted Channel Hopping (TSCH)
</xref> Medium Access Control (MAC), and a form of centralized Path
Computation Element (PCE), to deliver deterministic capabilities.
</t> <t>
The TSCH MAC benefits include high reliability against interference, low
power consumption on characterized flows, and Traffic Engineering
capabilities. Typical applications are open and closed control loops,
as well as supervisory control flows and management.
</t> <t>
The 6TiSCH Working Group focuses only on the TSCH mode of the IEEE802.15.4e
standard. The WG currently defines a framework for managing the TSCH schedule.
Future work will standardize deterministic operations over so-called tracks
as described in <xref target="I-D.ietf-6tisch-architecture"/>.
Tracks are an instance of a deterministic path, and the DetNet work
is a prerequisite to specify track operations and serve process control
applications. The dependencies that 6TiSCH has on PCE and DetNet work
are further discussed in <xref target='I-D.grossman-detnet-use-cases'/>.
</t><t>
<xref target="RFC5673"/> and
<xref target="I-D.ietf-roll-rpl-industrial-applicability"/> section 2.1.3
and next discuss application-layer paradigms, such as Source-sink (SS)
that is a Multipeer to Multipeer (MP2MP) model that is primarily used for
alarms and alerts, Publish-subscribe (PS, or pub/sub) that is typically
used for sensor data, as well as Peer-to-peer (P2P) and Peer-to-multipeer
(P2MP) communications. Additional considerations on Duocast and its N-cast
generalization are also provided for improved reliability.
</t> <t>
</t>
</section>
</section>
<section anchor="RelatedIEEE" title="Related work in other standards organizations">
<t>
There are classically 2 models for optimization, either per-layer of cross-layer.
Per-Layer is simpler to achieve since it is agnostic to the operations at the
lower and uppoer layers, but it might lead to globally unoptimized paths is
the selection of a short path at a certain layer leads to a long path at another.
</t>
<t>It may thus be desirable to optimize based independently of the layers,
considering both routers and switches as boxes connected by links. This
approach also simplifies the configuration by an operator or a controller,
and the operation of the systems that to not need to connect to different
controllers using different protocols to configure the operations at the
various layers.
</t> <t>
The cross-layer operation may require a deep coordination between the IETF and
the other SDOs, typically the IEEE for IEEE802.1 and IEEE802.15.4. Related work
at IEEEE includes:
</t>
<section anchor="BridgedSolutions" title="Bridged solutions">
<t>
Completed and ongoing work in other standards bodies have, to date, produced
viable solutions, suitable for carrying IP traffic for a subset of the
applications of interest to DetNet, but only over bridged
networks, not through routers. Among these are:
<list style="symbols">
<t>
<xref target="IEEE802.1BA-2011">IEEE 802 Audio-Video Bridging</xref>.
</t><t>
<xref target="IEEE802.1TSNTG">IEEE 802 Time-Sensitive Networking (TSN)
Task Group (TG)</xref>
</t><t>
<xref target="IEC62439">ISO/IEC HSR and PRP</xref>.
</t>
</list>
</t>
</section>
<section anchor="Shaping" title="Queuing and shaping">
<t>
A number of standards are completed or in progress in the IEEE 802.1 (bridging)
and IEEE 802.3 (Ethernet) Working Groups related to the queuing and transmission
of Ethernet frames. Most of these standards could be applied to
non-Ethernet or non-802 media with equal facility, and so will likely be
of use to DetNet. See <xref target="I-D.finn-detnet-architecture">the DetNet
architecture draft</xref> for a detailed list.
</t>
</section>
</section>
-->
<section anchor="ps" title="Problem Statement">
<section anchor="arch" title="Supported topologies">
<t>In some use cases, the end point which run the application is involved
in the deterministic networking operation, for instance by controlling certain
aspects of its throughput such as rate or precise time of emission. In that
case, the deterministic path is end-to-end from application host to
application host.
</t>
<t>
On the other end, the deterministic portion of a path may be a tunnel between
and ingress and an egress router. In any case, routers and switches in
between should not need to be aware whether the path is end-to-end of a tunnel.
</t>
<t>While it is clear that DetNet does not aim at setting up deterministic
paths over the global Internet, there is still a lack of clarity on the
limits of a domain where a deterministic path can be set up. These limits
may depend in the technology that is used to seu th epath up, whether it is
centralized or distributed.
</t>
</section>
<section anchor="flow" title="Flow Characterization">
<t>
Deterministic forwarding can only apply on flows with well-defined
characteristics such as periodicity and burstiness. Before a path can be
established to serve them, the expression of those characteristics, and how
the network can serve them, for instance in shaping and forwarding
operations, must be specified.
</t>
</section>
<section anchor="pcep" title="Centralized Path Computation and Installation">
<t>
A centralized routing model, such as provided with a PCE, enables global and
per-flow optimizations. The model is attractive but a number of issues are
left to be solved.
In particular:
<list style="symbols"> <t>whether and how the path computation can
be installed by 1) an end device or 2) a Network Management entity,
</t><t>
and how
the path is set up, either by installing state at each hop with a direct
interaction between the forwarding device and the PCE, or along a path by
injecting a source-routed request at one end of the path following classical
Traffic Engineering (TE) models.
</t> </list>
</t>
<t>To enable a centralized model,
DetNet should produce the complete SDN architecture with describes
at a high level the interaction and data models to:
<list style="symbols">
<t>report the topology and device capabilities to the central controller;
</t><t>establish a direct interface between the centralized PCE to each
device under its control in order to enable a vertical signaling
</t><t>request a path setup for a new flow with particular characteristics
over the service interface and control it through its life cycle;
</t><t>support for life cycle management for a path (instantiate/modify/update/delete)
</t><t>support for adaptability to cope with various events such as loss of a link, etc...
</t><t>expose the status of the path to the end devices (UNI interface)
</t><t>provide additional reliability through redundancy, in particular with
packet replication and elimination;
</t><t>indicate the flows and packet sequences in-band with the flows;
</t>
</list>
</t>
</section>
<section anchor="dc" title="Distributed Path Setup">
<t> Whether a distributed alternative without a PCE can be valuable could
be studied as well. Such an alternative could for instance inherit from the
<xref target="RFC3209">Resource ReSerVation Protocol</xref> (RSVP-TE) flows.
But the focus of the work should be to deliver the centralized approach
first.
</t><t>
To enable a RSVP-TE like functionality, the following steps would take place:
<list style="numbers">
<t>
Neighbors and their capabilities are discovered and exposed to compute a
path that fits the DetNet constraints, typically of latency, time precision
and resource availability.
</t><t>
A constrained path is calculated with an improved version of CSPF that is
aware of DetNet.
</t><t>
The path is installed using RSVP-TE, associated with flow identification,
per-hop behavior such as replication and elimination, blocked resources,
and flow timing information.
</t><t>
Traffic flows are transported through the MPLS-TE tunnel, using the reserved
resources for this flow at each hop.
</t></list>
</t>
</section>
<section anchor="DupFormat" title="Duplicated data format">
<t>
In some cases the duplication and elimination of packets over
non-congruent paths is required to achieve a sufficiently high
delivery ratio to meet application needs. In these cases, a
small number of packet formats and supporting protocols are
required (preferably, just one) to serialize the packets of
a DetNet stream at one point in the network,
replicate them at one or more points in the network, and
discard duplicates at one or more other points in the network,
including perhaps the destination host. Using an existing
solution would be preferable to inventing a new one.
</t>
</section>
</section>
<section title="Security Considerations">
<t>
Security in the context of Deterministic Networking has an added
dimension; the time of delivery of a packet can be just as important
as the contents of the packet, itself. A man-in-the-middle attack,
for example, can impose, and then systematically adjust, additional
delays into a link, and thus disrupt or subvert a real-time
application without having to crack any encryption methods employed.
See <xref target="RFC7384"/> for an
exploration of this issue in a related context.
</t>
<t>Typical control networks today rely on complete physical isolation to
prevent rogue access to network resources. DetNet enables the virtualization
of those networks over a converged IT/OT infrastructure. Doing so, DetNet
introduces an additional risk that flows interact and interfere with one
another as they share physical resources such as Ethernet trunks and radio
spectrum. The requirement is that there is no possible data leak from and
into a deterministic flow, and in a more general fashion there is no possible
influence whatsoever from the outside on a deterministic flow. The expectation
is that physical resources are effectively associated with a given flow at a
given point of time. In that model, Time Sharing of physical resources
becomes transparent to the individual flows which have no clue whether the
resources are used by other flows at other times.
</t>
<t>Security must cover:
<list style="symbols"> <t>
the protection of the signaling protocol
</t><t>
the authentication and authorization of the controlling nodes
</t><t>
the identification and shaping of the flows
</t><t>
the isolation of flows from leakage and other influences from any
activity sharing physical resources.
</t> </list>
</t>
</section>
<section title="IANA Considerations">
<t>This document does not require an action from IANA.
</t>
</section>
<section title="Acknowledgments">
<t>The authors wish to thank Lou Berger,
Jouni Korhonen, Erik Nordmark, George Swallow,
Rudy Klecka, Anca Zamfir, David Black, Thomas Watteyne, Shitanshu Shah,
Craig Gunther, Rodney Cummings, Wilfried Steiner, Marcel Kiessling, Karl Weber,
Ethan Grossman, Patrick Wetterwald, Subha Dhesikan, Rudy Klecka and Pat Thaler
for their various contribution to this work.</t>
</section>
</middle>
<back>
<references title='Normative References'>
<?rfc include="reference.RFC.2119"?>
</references>
<references title='Informative References'>
<?rfc include='reference.I-D.grossman-detnet-use-cases'?>
<?rfc include='reference.I-D.zhao-pce-pcep-extension-for-pce-controller'?>
<?rfc include='reference.I-D.svshah-tsvwg-deterministic-forwarding'?>
<?rfc include='reference.I-D.ietf-roll-rpl-industrial-applicability'?>
<?rfc include='reference.I-D.ietf-6tisch-architecture'?>
<?rfc include='reference.I-D.finn-detnet-architecture'?>
<?rfc include='reference.I-D.ietf-teas-yang-te-topo'>
<?rfc include='reference.RFC.2205'?>
<?rfc include='reference.RFC.2547'?>
<?rfc include='reference.RFC.2702'?>
<?rfc include='reference.RFC.3031'?>
<?rfc include='reference.RFC.3209'?>
<?rfc include='reference.RFC.3272'?>
<?rfc include='reference.RFC.3630'?>
<?rfc include='reference.RFC.3945'?>
<?rfc include='reference.RFC.3985'?>
<?rfc include='reference.RFC.4203'?>
<?rfc include='reference.RFC.4655'?>
<?rfc include='reference.RFC.4664'?>
<?rfc include='reference.RFC.5127'?>
<?rfc include='reference.RFC.5151'?>
<?rfc include='reference.RFC.5305'?>
<?rfc include='reference.RFC.5329'?>
<?rfc include='reference.RFC.5440'?>
<?rfc include='reference.RFC.5673'?>
<?rfc include='reference.RFC.7384'?>
<?rfc include='reference.RFC.7426'?> <!-- SDN IRTF -->
<?rfc include='reference.RFC.7554'?> <!-- 6TiSCH TSCH -->
<reference anchor="IEEE802.1Qav"
target="http://standards.ieee.org/getieee802/download/802.1Qav-2009.pdf">
<front>
<title>Forwarding and Queuing (IEEE 802.1Qav-2009)</title>
<author>
<organization>IEEE</organization>
</author>
<date year="2009" />
</front>
</reference>
<reference anchor="IEEE802.1Qat-2010"
target="http://standards.ieee.org/getieee802/download/802.1Qat-2010.pdf">
<front>
<title>Stream Reservation Protocol (IEEE 802.1Qat-2010)</title>
<author>
<organization>IEEE</organization>
</author>
<date year="2010" />
</front>
</reference>
<reference anchor="IEEE802.1AS-2011"
target="http://standards.ieee.org/getieee802/download/802.1AS-2011.pdf">
<front>
<title>Timing and Synchronizations (IEEE 802.1AS-2011)</title>
<author>
<organization>IEEE</organization>
</author>
<date year="2011" />
</front>
</reference>
<reference anchor="IEEE802.1BA-2011"
target="http://standards.ieee.org/getieee802/download/802.1BA-2011.pdf">
<front>
<title>AVB Systems (IEEE 802.1BA-2011)</title>
<author>
<organization>IEEE</organization>
</author>
<date year="2011" />
</front>
</reference>
<reference anchor="IEEE802.1Q-2011"
target="http://standards.ieee.org/getieee802/download/802.1Q-2011.pdf">
<front>
<title>MAC Bridges and VLANs (IEEE 802.1Q-2011</title>
<author>
<organization>IEEE</organization>
</author>
<date year="2011" />
</front>
</reference>
<reference anchor="ISA100.11a"
target=" http://www.isa100wci.org/en-US/Documents/PDF/3405-ISA100-WirelessSystems-Future-broch-WEB-ETSI.aspx">
<front>
<title>ISA100.11a, Wireless Systems for Automation, also IEC 62734</title>
<author>
<organization>ISA/IEC</organization>
</author>
<date year="2011" />
</front>
</reference>
<reference anchor="IEEE802.1TSNTG" target="http://www.ieee802.org/1/pages/avbridges.html">
<front>
<title>IEEE 802.1 Time-Sensitive Networks Task Group</title>
<author>
<organization>IEEE Standards Association</organization>
</author>
<date year="2013" />
</front>
</reference>
<reference anchor="IEEE802154e">
<front>
<title>IEEE std. 802.15.4e, Part. 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs) Amendment 1: MAC sublayer</title>
<author>
<organization>IEEE standard for Information Technology</organization>
</author>
<date month="April" year="2012"/>
</front>
</reference>
<reference anchor="IEEE802154">
<front>
<title>IEEE std. 802.15.4, Part. 15.4: Wireless Medium Access Control
(MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless
Personal Area Networks</title>
<author>
<organization>IEEE standard for Information Technology</organization>
</author>
<date/>
</front>
</reference>
<reference anchor="WirelessHART">
<front>
<title>Industrial Communication Networks - Wireless Communication
Network and Communication Profiles - WirelessHART - IEC 62591</title>
<author>
<organization>www.hartcomm.org</organization>
</author>
<date year="2010" />
</front>
</reference>
<reference anchor="HART">
<front>
<title>Highway Addressable Remote Transducer, a group of
specifications for industrial process and control devices
administered by the HART Foundation</title>
<author>
<organization>www.hartcomm.org</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="ODVA">
<front>
<title>The organization that supports network technologies built on
the Common Industrial Protocol (CIP) including EtherNet/IP.</title>
<author>
<organization>http://www.odva.org/</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="ISA95" target="https://www.isa.org/isa95/">
<front>
<title>Enterprise-Control System Integration Part 1: Models and Terminology</title>
<author>
<organization>ANSI/ISA</organization>
</author>
<date year="2000" />
</front>
</reference>
<reference anchor="AVnu">
<front>
<title>The AVnu Alliance tests and certifies devices for
interoperability, providing a simple and reliable networking
solution for AV network implementation based on the IEEE Audio
Video Bridging (AVB) and Time-Sensitive Networking (TSN)
standards.</title>
<author>
<organization>http://www.avnu.org/</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="EIP" target="http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00138R3_CIP_Adv_Tech_Series_EtherNetIP.pdf">
<front>
<title> EtherNet/IP provides users with the network tools to deploy
standard Ethernet technology (IEEE 802.3 combined with the TCP/IP
Suite) for industrial automation applications while enabling Internet
and enterprise connectivity data anytime, anywhere.</title>
<author>
<organization>http://www.odva.org/</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="Profinet" target="http://us.profinet.com/technology/profinet/">
<front>
<title>PROFINET is a standard for industrial networking in
automation. </title>
<author>
<organization>http://us.profinet.com/technology/profinet/</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="IEC62439" target="https://webstore.iec.ch/publication/7018">
<front>
<title>Industrial communication networks - High availability automation networks - Part 3: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR) - IEC62439-3</title>
<author>
<organization>IEC</organization>
</author>
<date year="2012" />
</front>
</reference>
<reference anchor="TEAS" target="https://datatracker.ietf.org/doc/charter-ietf-teas/">
<front>
<title>Traffic Engineering Architecture and Signaling</title>
<author>
<organization>IETF</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="PCE" target="https://datatracker.ietf.org/doc/charter-ietf-pce/">
<front>
<title>Path Computation Element</title>
<author>
<organization>IETF</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="CCAMP" target="https://datatracker.ietf.org/doc/charter-ietf-ccamp/">
<front>
<title>Common Control and Measurement Plane</title>
<author>
<organization>IETF</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="MPLS" target="https://datatracker.ietf.org/doc/charter-ietf-mpls/">
<front>
<title>Multiprotocol Label Switching</title>
<author>
<organization>IETF</organization>
</author>
<date></date>
</front>
</reference>
<reference anchor="TiSCH" target="https://datatracker.ietf.org/doc/charter-ietf-6tisch/">
<front>
<title>IPv6 over the TSCH mode over 802.15.4</title>
<author>
<organization>IETF</organization>
</author>
<date></date>
</front>
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 22:46:30 |