I'm sure Vint Cerf - and the vast majority of Internet architects - remain certain that TCP/IP with minor improvements is the right way forward. But the European and Chinese telcos, backed by their suppliers, want a replacement called "New IP Networking." ETSI, the very powerful European standards group, calls it "non-IP.:They claim, as you can read below, "A fundamental change is needed." Deutsche Telecom and suppliers are key proponents.  

Update July 20: 

Current status of deterministic networking:

  • IETF RFC moving forward with support from Cisco, Ericsson, and Huawei
  • ETSI Special committee formed to move Non-IP forward
  • ITU Focus Group 2030 included it in final architecture, likely to be rubber stamped by Study Group 5. US may make noise that will lead to same result with slightly toned down wording.
  • Internet Society Opinion piece but no active engagement visible

Highly likely result, unless something dramatic is done: will replace TCP-IP over 5-15 years in favor of telco system. End update

Since the 1980's the telcos in the U.S. have been fighting to control the Internet, a war described as Bellheads vs Netheads. (Ask Vint Cerf or Dave Farber about this or "protocol wars.") The telcos are back big time, with proposals called "Deterministic Networking" (IETF, Ericsson, Cisco) New IP (ITU, China,) and Non-IP (ETSI, Deutsche Telekom, France Telecom.)

Telcos have an enormous advantage because they control the physical network. They are businesses dedicated to making money; of course they would like to erect a "tollbooth on the Internet." The problem they face is that Internet connectivity is very cheap to deliver. The local and long-distance phone networks were enormously profitable. 

The telcos continue to be among the most profitable companies on Earth. Verizon's net income has averaged over US$20 billion the last three years. But they are not providing investors the promised increased profits.

 The only press coverage has jumped on Huawei's role in similar at ITU, supported by China Mobile and MIIT. But it's a very strong move from the European carriers as well. The carriers are smelling massive revenue if they can guarantee QoS and latency across networks. That's built into the 3GPP core (network slicing.)

DT is preparing products, starting with offerings for the security services. (So is a major Canadian and Telefonica.) So far, only security applications have been serious about paying for the QoS.

The U.S. is going to block it at ITU general meetings, as we block almost everything of substance. The study group is dominated by CJK, so will somehow move forward.

But the real action is at ETSI, which has a special group on this. There's an IETF proposal that also looks seriously problematic to me, but I'm not a protocol engineer.

AT&T Telstra, Telecom Italia, Cisco, Vodafone, KDDI, NTT 

From ETSI: (Important note: This is the ETSI position, which I do not support.)

The TCP/IP protocol suite was designed for an age in which communication was between computers and terminals in fixed locations, and in which the user interface was text rather than dynamic media such as audio and video. Mobile operators have identified a number of problems with its use in core and access networks, and it is unsuitable for some of the new services that are proposed for 5G. Industry Specification Group (ISG) Next Generation Protocols (NGP) investigated ways to better support the huge performance and capacity improvements planned for 5G, both by evolution of TCP/IP and by use of new kinds of protocol.

Its conclusion was that a fundamental change is needed, and that a new Industry Specification Group (ISG) focussing on Non-IP Networking (NIN) should be created.

ISG NIN will also act as responsible body for the maintenance of ISG NGP Deliverables if need arises. The specifications published by NGP are accessible via the standards search on our website.

OUR ROLE & ACTIVITIES

NIN vision

The Industry Specification Group on Non-IP Networking (NIN) has been set up to standardize a digital communications technology fit for the 21st century.

Our vision is a much more efficient system that is far more responsive to its users.

We have identified a number of technical issues with the current (TCP/IP-based) technology which prevent it delivering the required levels of service without excessive complexity or, in some cases, at all.

The new protocols will provide:

virtual elimination of delays in forwarding real-world signals: not only audio and video but also tactile feedback and the position of vehicles or industrial robotsmulticasting of live content (such as sports events) to an unlimited number of subscribersmore efficient use of spectrum and of processing powerbetter security, both privacy and resilience to denial-of-servicebetter performance when accessing remote content such as web pagesways of guaranteeing network service sustainabilityextensibility: packet formats do not have to be the same throughout the system, and introducing new features such as a new kind of addressing only affects the control plane messages

What does this mean for the user?

Elimination of delays in packet forwarding equipment will make conversation more natural, especially in conference calls. A performer’s sound can be sent across the network to be mixed with other performers’ and returned to their headphones. Applications such as remote surgery become possible.

More efficient processing extends battery life in handsets.

Privacy is improved: devices do not need to have IP addresses, and a server does not need to know a client’s address or location in order to reply to its request. Before any exchange of data takes place the server can require as much or as little authentication of the client’s identity as is appropriate to the application. It will be much easier to discover where your device is sending data to.

Downloads will be faster, and there will be less “buffering delay” when watching streamed content. New business models can be explored based on improved identification of content and quality auditing.

What does it mean for the operator?

The whole system becomes much simpler and therefore cheaper to build and to operate. Many middle-box functions, such as address translation, firewalls, header compression, and transport-layer optimisers, are eliminated or incorporated into the control plane procedures. Mobility is supported natively instead of needing tunnelling layers to be added.

The service for media streams provides multicasting and ultra-low latency (typically less than 10µs per hop) as standard. As well as live broadcasting (such as of sporting events) it can be used to distribute recorded content to local caches and to distribute software updates.

Many of the protocols needed by current systems, such as DNS, ARP, SIP, SDP, and RSVP, are incorporated into the control plane procedures. This, along with a dramatic reduction in packet header sizes, reduces the amount of capacity on the air interface that is taken up by protocol overheads.

The forwarding plane can be implemented entirely in logic (hardware), and thus needs much less power than is needed for per-packet processing by software. Simplified protocols and elimination of the need for header compression reduce processing power requirements further.

How do we get there?

The new technology can be carried over IP networks, and IP packets can be carried over the new technology. Thus, the new technology can be introduced incrementally, in the form of “islands” where internal traffic benefits from the new levels of service and there is seamless transition to the legacy technology at the edge. This can be done as part of the normal processes of expanding networks and of replacing end-of-life equipment.

An example would be where a new network is being built to support 5G: core, RAN, and MEC can be implemented with the new technology. When an application connects a socket to a service, the system can check whether that service is available at the edge and if so connect directly using the new technology. This check might need more information than would be provided in the DNS look-up used in legacy systems, e.g. to see whether a cached copy of a particular piece of content is available. Otherwise, the connection goes through the User Plane Function; much of the processing of legacy packet headers is transferred from the UE to the UPF, saving battery in the UE, and the amount of processing required in the UPF is similar to the NAT procedures common in today´s Internet access.

Participation in the Non-IP Networking Industry Specification Group is open to all ETSI members as well as organizations that are not members, subject to signing ISG Agreements. For information on how to participate please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

The important dispute is whether the big telcos can force those interconnecting to adhere to a difficult and problematic reworking of protocols for QoS throughout. They want to be able to offer guaranteed QoS and low latency if the originator, perhaps the German security agency, is contracted to DT but a local government and police force is using Vodafone.

 

 

ETSI LAUNCHES NEW GROUP ON NON-IP NETWORKING ADDRESSING 5G NEW SERVICES

Sophia Antipolis, 7 April 2020

ETSI is pleased to announce the creation of a new Industry Specification Group addressing Non-IP Networking (ISG NIN). The kick-off-meeting took place on 25 March and John Grant, BSI, was elected as the ISG Chair, and Kevin Smith, Vodafone, was elected as ISG Vice Chair.

With the increasing challenges placed on modern networks to support new use cases and greater connectivity, Service Providers are looking for candidate technologies that may serve their needs better than the TCP/IP-based networking used in current systems.

ISG NIN intends to develop standards that define technologies to make more efficient use of capacity, have security by design, and provide lower latency for live media.

In 2015, several mobile operators identified problems with the TCP/IP-based technology used in 4G. These included the complex and inefficient use of spectrum resulting from adding mobility, security, quality-of-service, and other features to a protocol that was never designed for them. The subsequent fixes and workarounds designed to overcome these problems themselves incur increased cost, latency, and greater power-consumption. TCP/IP was therefore deemed as non-optimal for the more advanced 5G services.

An ETSI Industry Specification Group on Next Generation Protocols (ISG NGP), created in 2015, had the mission to analyse these problems and suggest alternative solutions. ISG NGP identified candidate technologies that would address the issues directly, dramatically reducing header sizes, per-packet processing, and latency experienced by live media, while remaining compatible with the current Internet and with newer technologies such as SDN and MPLS. ISG NGP also published a set of Key Performance Indicators that allow an objective assessment of the ability of networking protocols to meet operators’ needs.

Today, we see the evolution of ISG NGP in a new group dedicated to the specification of alternative technologies to better serve the new 5G applications, as well as being more efficient and easier to manage, with lower CapEx and OpEx, when used for current applications.

It is expected that the work of ISG NIN will be applicable initially to private mobile networks such as factory automation, and then expanded to public systems, both in the Core network and eventually end to end including the Radio elements.

The group’s first output will be a Report detailing the shortcomings of TCP/IP, and how the new alternative system would overcome those shortcomings. ISG NIN will also work on specifying how the technologies initially identified by ISG NGP will form the basis of the new protocols, as well as creating a framework for testing the efficiency and effectiveness of the new protocols, including over radio.

“I’m really happy to have been entrusted with the Chairmanship of this group. Finding new protocols for internet more suitable to the 5G era was essential. Big data and mission-critical systems such as industrial control, intelligent vehicles. and remote medicine cannot be addressed the best way with current TCP/IP-based networking” says John Grant, Chair of ISG NIN.

“The IP stack and OSI layer model have undeniably enabled global connectivity – but since they originated in the 1970s, their design reflects the demands and capabilities of that era. Reassessing the fundamental design principles of network protocols offers the opportunity to deliver performance, security and efficiency gains for 2020 access networks and use cases, and may be achieved with simplification rather than expensive add-ons. The work of ETSI ISG NIN, in co-operation with industry organizations, can provide operators with a cutting-edge protocol suite to add to their service portfolio” says Kevin Smith, Vice Chair of ISG NIN.

 

Internet Engineering Task Force (IETF) 
Request for Comments: 8655 
Category: Standards Track 
ISSN: 2070-1721
Ericsson
October 2019

Deterministic Networking Architecture

Abstract

This document provides the overall architecture for Deterministic
Networking (DetNet), which provides a capability to carry specified
unicast or multicast data flows for real-time applications with
extremely low data loss rates and bounded latency within a network
domain. Techniques used include 1) reserving data-plane resources
for individual (or aggregated) DetNet flows in some or all of the
intermediate nodes along the path of the flow, 2) providing explicit
routes for DetNet flows that do not immediately change with the
network topology, and 3) distributing data from DetNet flow packets
over time and/or space to ensure delivery of each packet's data in
spite of the loss of a path. DetNet operates at the IP layer and
delivers service over lower-layer technologies such as MPLS and Time-
Sensitive Networking (TSN) as defined by IEEE 802.1.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8655.

Copyright Notice

Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

Table of Contents

1. Introduction
2. Terminology
2.1. Terms Used in This Document
2.2. Dictionary of Terms Used by TSN and DetNet
3. Providing the DetNet Quality of Service
3.1. Primary Goals Defining the DetNet QoS
3.2. Mechanisms to Achieve DetNet QoS
3.2.1. Resource Allocation
3.2.2. Service Protection
3.2.3. Explicit Routes
3.3. Secondary Goals for DetNet
3.3.1. Coexistence with Normal Traffic
3.3.2. Fault Mitigation
4. DetNet Architecture
4.1. DetNet Stack Model
4.1.1. Representative Protocol Stack Model
4.1.2. DetNet Data-Plane Overview
4.1.3. Network Reference Model
4.2. DetNet Systems
4.2.1. End System
4.2.2. DetNet Edge, Relay, and Transit Nodes
4.3. DetNet Flows
4.3.1. DetNet Flow Types
4.3.2. Source Transmission Behavior
4.3.3. Incomplete Networks
4.4. Traffic Engineering for DetNet
4.4.1. The Application Plane
4.4.2. The Controller Plane
4.4.3. The Network Plane
4.5. Queuing, Shaping, Scheduling, and Preemption
4.6. Service Instance
4.7. Flow Identification at Technology Borders
4.7.1. Exporting Flow Identification
4.7.2. Flow Attribute Mapping between Layers
4.7.3. Flow-ID Mapping Examples
4.8. Advertising Resources, Capabilities, and Adjacencies
4.9. Scaling to Larger Networks
4.10. Compatibility with Layer 2
5. Security Considerations
6. Privacy Considerations
7. IANA Considerations
8. Informative References
Acknowledgements
Authors' Addresses

1. Introduction

This document provides the overall architecture for Deterministic
Networking (DetNet), which provides a capability for the delivery of
data flows with extremely low packet loss rates and bounded end-to-
end delivery latency. DetNet is for networks that are under a single
administrative control or within a closed group of administrative
control; these include campus-wide networks and private WANs. DetNet
is not for large groups of domains such as the Internet.

DetNet operates at the IP layer and delivers service over lower-layer
technologies such as MPLS and IEEE 802.1 Time-Sensitive Networking
(TSN). DetNet provides a reliable and available service by
dedicating network resources such as link bandwidth and buffer space
to DetNet flows and/or classes of DetNet flows, and by replicating
packets along multiple paths. Unused reserved resources are
available to non-DetNet packets as long as all guarantees are
fulfilled.

The "Deterministic Networking Problem Statement" [RFC8557] introduces
DetNet, and "Deterministic Networking Use Cases" [RFC8578] summarizes
the need for it. See [DETNET-FRAMEWORK] for specific techniques that
can be used to identify DetNet flows and assign them to specific
paths through a network.

A goal of DetNet is a converged network in all respects, including
the convergence of sensitive non-IP networks onto a common network
infrastructure. The presence of DetNet flows does not preclude non-
DetNet flows, and the benefits offered DetNet flows should not,
except in extreme cases, prevent existing Quality-of-Service (QoS)
mechanisms from operating in a normal fashion, subject to the
bandwidth required for the DetNet flows. A single source-destination
pair can trade both DetNet and non-DetNet flows. End systems and
applications need not instantiate special interfaces for DetNet
flows. Networks are not restricted to certain topologies;
connectivity is not restricted. Any application that generates a
data flow that can be usefully characterized as having a maximum
bandwidth should be able to take advantage of DetNet, as long as the
necessary resources can be reserved. Reservations can be made by the
application itself, via network management, centrally by an
application's controller, or by other means, for instance, by placing
on-demand reservation via a distributed Control Plane, e.g.,
leveraging the Resource Reservation Protocol (RSVP) [RFC2205]. QoS
requirements of DetNet flows can be met if all network nodes in a
DetNet domain implement DetNet capabilities. DetNet nodes can be
interconnected with different sub-network technologies
(Section 4.1.2) where the nodes of the subnet are not DetNet aware
(Section 4.1.3).

Many applications that are intended to be served by DetNet require
the ability to synchronize the clocks in end systems to a sub-
microsecond accuracy. Some of the queue-control techniques defined
in Section 4.5 also require time synchronization among network nodes.
The means used to achieve time synchronization are not addressed in
this document. DetNet can accommodate various time-synchronization
techniques and profiles that are defined elsewhere to address the
needs of different market segments.

2. Terminology

2.1. Terms Used in This Document

The following terms are used in the context of DetNet in this
document:

allocation
The dedication of resources to support a DetNet flow. Depending
on an implementation, the resource may be reused by non-DetNet
flows when it is not used by the DetNet flow.

App-flow
The payload (data) carried over a DetNet service.

DetNet compound flow and DetNet member flow
A DetNet compound flow is a DetNet flow that has been separated
into multiple duplicate DetNet member flows for service protection
at the DetNet service sub-layer. Member flows are merged back
into a single DetNet compound flow such that there are no
duplicate packets. "Compound" and "member" are strictly relative
to each other, not absolutes; a DetNet compound flow comprising
multiple DetNet member flows can, in turn, be a member of a
higher-order compound.

DetNet destination
An end system capable of terminating a DetNet flow.

DetNet domain
The portion of a network that is DetNet aware. It includes end
systems and DetNet nodes.

DetNet edge node
An instance of a DetNet relay node that acts as a source and/or
destination at the DetNet service sub-layer. For example, it can
include a DetNet service sub-layer proxy function for DetNet
service protection (e.g., the addition or removal of packet
sequencing information) for one or more end systems, it can start
or terminate resource allocation at the DetNet forwarding sub-
layer, or it can aggregate DetNet services into new DetNet flows.
It is analogous to a Label Edge Router (LER) or a Provider Edge
(PE) router.

DetNet flow
A sequence of packets that conforms uniquely to a flow identifier
and to which the DetNet service is to be provided. It includes
any DetNet headers added to support the DetNet service and
forwarding sub-layers.

DetNet forwarding sub-layer
DetNet functionality is divided into two sub-layers. One of them
is the DetNet forwarding sub-layer, which optionally provides
resource allocation for DetNet flows over paths provided by the
underlying network.

DetNet intermediate node
A DetNet relay node or DetNet transit node.

DetNet node
A DetNet edge node, a DetNet relay node, or a DetNet transit node.

DetNet relay node
A DetNet node that includes a service sub-layer function that
interconnects different DetNet forwarding sub-layer paths to
provide service protection. A DetNet relay node participates in
the DetNet service sub-layer. It typically incorporates DetNet
forwarding sub-layer functions as well, in which case it is
collocated with a transit node.

DetNet service sub-layer
DetNet functionality is divided into two sub-layers. One of them
is the DetNet service sub-layer, at which a DetNet service (e.g.,
service protection) is provided.

DetNet service proxy
A proxy that maps between App-flows and DetNet flows.

DetNet source
An end system capable of originating a DetNet flow.

DetNet system
A DetNet-aware end system, transit node, or relay node. "DetNet"
may be omitted in some text.

DetNet transit node
A DetNet node, operating at the DetNet forwarding sub-layer, that
utilizes link-layer and/or network-layer switching across multiple
links and/or sub-networks to provide paths for DetNet service sub-
layer functions. It typically provides resource allocation over
those paths. An MPLS Label Switch Router (LSR) is an example of a
DetNet transit node.

DetNet-UNI
A User-to-Network Interface (UNI) with DetNet-specific
functionalities. It is a packet-based reference point and may
provide multiple functions like encapsulation, status,
synchronization, etc.

end system
Commonly called a "host" in the RFC series and an "end station" in
IEEE 802 standards. End systems of interest to this document are
either sources or destinations of DetNet flows, and they may or
may not be aware of DetNet forwarding sub-layers or DetNet service
sub-layers.

link
A connection between two DetNet nodes. It may be composed of a
physical link or a sub-network technology that can provide
appropriate traffic delivery for DetNet flows.

Packet Elimination Function (PEF)
A function that eliminates duplicate copies of packets to prevent
excess packets flooding the network or duplicate packets being
sent out of the DetNet domain. A PEF can be implemented by a
DetNet edge node, a DetNet relay node, or an end system.

Packet Replication Function (PRF)
A function that replicates DetNet flow packets and forwards them
to one or more next hops in the DetNet domain. The number of
packet copies sent to the next hops is a parameter specific to the
DetNet flow at the point of replication. A PRF can be implemented
by a DetNet edge node, a DetNet relay node, or an end system.

PREOF
A collective name for Packet Replication, Elimination, and
Ordering Functions.

Packet Ordering Function (POF)
A function that reorders packets within a DetNet flow that are
received out of order. This function can be implemented by a
DetNet edge node, a DetNet relay node, or an end system.

reservation
The set of resources allocated between a source and one or more
destinations through DetNet nodes and subnets associated with a
DetNet flow in order to provide the provisioned DetNet service.

2.2. Dictionary of Terms Used by TSN and DetNet

This section serves as a dictionary for translating the terms used by
the Time-Sensitive Networking (TSN) Task Group [IEEE802.1TSNTG] of
the IEEE 802.1 WG to those of the Deterministic Networking (detnet)
WG of the IETF.

Listener
The term used by IEEE 802.1 for a destination of a DetNet flow.

Relay system
The term used by IEEE 802.1 for a DetNet intermediate node.

Stream
The term used by IEEE 802.1 for a DetNet flow.

Talker
The term used by IEEE 802.1 for the source of a DetNet flow.

3. Providing the DetNet Quality of Service

3.1. Primary Goals Defining the DetNet QoS

The DetNet QoS can be expressed in terms of:

* Minimum and maximum end-to-end latency from source to destination,
timely delivery, and bounded jitter (packet delay variation)
derived from these constraints.

* Packet loss ratio under various assumptions as to the operational
states of the nodes and links.

* An upper bound on out-of-order packet delivery. It is worth
noting that some DetNet applications are unable to tolerate any
out-of-order delivery.

It is a distinction of DetNet that it is concerned solely with worst-
case values for the end-to-end latency, jitter, and misordering.
Average, mean, or typical values are of little interest, because they
do not affect the ability of a real-time system to perform its tasks.
In general, a trivial priority-based queuing scheme will give better
average latency to a data flow than DetNet; however, it may not be a
suitable option for DetNet because of its worst-case latency.

Three techniques are used by DetNet to provide these qualities of
service:

* Resource allocation (Section 3.2.1)

* Service protection (Section 3.2.2)

* Explicit routes (Section 3.2.3)

Resource allocation operates by assigning resources, e.g., buffer
space or link bandwidth, to a DetNet flow (or flow aggregate) along
its path. Resource allocation greatly reduces, or even eliminates
entirely, packet loss due to output packet contention within the
network, but it can only be supplied to a DetNet flow that is limited
at the source to a maximum packet size and transmission rate. As
DetNet flows are assumed to be rate limited and DetNet is designed to
provide sufficient allocated resources (including provisioned
capacity), the use of transport-layer congestion control [RFC2914]
for App-flows is not required; however, if resources are allocated
appropriately, use of congestion control should not impact
transmission negatively.

Resource allocation addresses two of the DetNet QoS requirements:
latency and packet loss. Given that DetNet nodes have a finite
amount of buffer space, resource allocation necessarily results in a
maximum end-to-end latency. Resource allocation also addresses
contention-related packet loss.

Other important contributions to packet loss are random media errors
and equipment failures. Service protection is the name for the
mechanisms used by DetNet to address these losses. The mechanisms
employed are constrained by the need to meet the users' latency
requirements. Packet replication and elimination (Section 3.2.2.2)
and packet encoding (Section 3.2.2.3) are described in this document
to provide service protection, but other mechanisms may also be
found. For instance, packet encoding can be used to provide service
protection against random media errors, while packet replication and
elimination can be used to provide service protection against
equipment failures. This mechanism distributes the contents of
DetNet flows over multiple paths in time and/or space, so that the
loss of some of the paths does need not cause the loss of any
packets.

The paths are typically (but not necessarily) explicit routes so that
they do not normally suffer temporary interruptions caused by the
convergence of routing or bridging protocols.

These three techniques can be applied individually or applied
together; it results that eight combinations, including none (no
DetNet), are possible. Some combinations, however, are of wider
utility than others. This separation keeps the protocol stack
coherent and maximizes interoperability with existing and developing
standards in the IETF and other Standards Development Organizations.
The following are examples of typical expected combinations:

* The combination of explicit routes and service protection is the
technique employed by seamless redundancy mechanisms applied on a
ring topology, e.g., as described in [IEC-62439-3]. In this
example, explicit routes are achieved by limiting the physical
topology of the network to a ring. Sequentialization,
replication, and duplicate elimination are facilitated by packet
tags added at the front or the end of Ethernet frames. [RFC8227]
provides another example in the context of MPLS.

* Resource allocation alone was originally offered by Audio Video
Bridging as defined by IEEE 802.1 [IEEE802.1BA]. As long as the
network suffers no failures, packet loss due to output packet
contention can be eliminated through the use of a reservation
protocol (e.g., the Multiple Stream Registration Protocol
[IEEE802.1Q]), shapers in every bridge, and proper dimensioning.

* Using all three together gives maximum protection.

There are, of course, simpler methods available (and employed today)
to achieve levels of latency and packet loss that are satisfactory
for many applications. Prioritization and over-provisioning is one
such technique. However, these methods generally work best in the
absence of any significant amount of noncritical traffic in the
network (if, indeed, such traffic is supported at all). They may
also work only if the critical traffic constitutes only a small
portion of the network's theoretical capacity, if all systems are
functioning properly, or if actions by end systems that disrupt the
network's operations are absent.

There are any number of methods in use, defined, or in progress for
accomplishing each of the above techniques. It is expected that the
DetNet architecture defined in this document will assist various
vendors, users, and/or "vertical" Standards Development Organizations
(dedicated to a single industry) in making selections among the
available means of implementing DetNet networks.

3.2. Mechanisms to Achieve DetNet QoS

3.2.1. Resource Allocation

3.2.1.1. Eliminate Contention Loss

The primary means by which DetNet achieves its QoS assurances is to
reduce, or even completely eliminate, packet loss due to output
packet contention within a DetNet node as a cause of packet loss.
This can be achieved only by the provision of sufficient buffer
storage at each node through the network to ensure that no packets
are dropped due to a lack of buffer storage. Note that App-flows are
generally not expected to be responsive to implicit [RFC2914] or
explicit congestion notification [RFC3168].

Ensuring adequate buffering requires, in turn, that the source and
every DetNet node along the path to the destination (or nearly every
node; see Section 4.3.3) be careful to regulate its output to not
exceed the data rate for any DetNet flow, except for brief periods
when making up for interfering traffic. Any packet sent ahead of its
time potentially adds to the number of buffers required by the next-
hop DetNet node and may thus exceed the resources allocated for a
particular DetNet flow. Furthermore, rate limiting (e.g., using
traffic policing) and shaping functions (e.g., shaping as defined in
[RFC2475]) at the ingress of the DetNet domain must be applied. This
is needed for meeting the requirements of DetNet flows as well as for
protecting non-DetNet traffic from potentially misbehaving DetNet
traffic sources. Note that large buffers have some issues (see,
e.g., [BUFFERBLOAT]).

The low-level mechanisms described in Section 4.5 provide the
necessary regulation of transmissions by an end system or DetNet node
to provide resource allocation. The allocation of the bandwidth and
buffers for a DetNet flow requires provisioning. A DetNet node may
have other resources requiring allocation and/or scheduling that
might otherwise be over-subscribed and trigger the rejection of a
reservation.

3.2.1.2. Jitter Reduction

A core objective of DetNet is to enable the convergence of sensitive
non-IP networks onto a common network infrastructure. This requires
the accurate emulation of currently deployed mission-specific
networks, which, for example, rely on point-to-point analog (e.g.,
4-20mA modulation) and serial-digital cables (or buses) for highly
reliable, synchronized, and jitter-free communications. While the
latency of analog transmissions is basically the speed of light,
legacy serial links are usually slow (in the order of Kbps) compared
to, say, Gigabit Ethernet, and some latency is usually acceptable.
What is not acceptable is the introduction of excessive jitter, which
may, for instance, affect the stability of control systems.

Applications that are designed to operate on serial links usually do
not provide services to recover the jitter, because jitter simply
does not exist there. DetNet flows are generally expected to be
delivered in order, and the precise time of reception influences the
processes. In order to converge such existing applications, there is
a desire to emulate all properties of the serial cable, such as clock
transportation, perfect flow isolation, and fixed latency. While
minimal jitter (in the form of specifying minimum, as well as
maximum, end-to-end latency) is supported by DetNet, there are
practical limitations on packet-based networks in this regard. In
general, users are encouraged to use a combination of:

* Sub-microsecond time synchronization among all source and
destination end systems, and

* Time-of-execution fields in the application packets.

Jitter reduction is provided by the mechanisms described in
Section 4.5 that also provide resource allocation.

3.2.2. Service Protection

Service protection aims to mitigate or eliminate packet loss due to
equipment failures, including random media and/or memory faults.
These types of packet loss can be greatly reduced by spreading the
data over multiple disjoint forwarding paths. Various service
protection methods are described in [RFC6372], e.g., 1+1 linear
protection. The functional details of an additional method are
described in Section 3.2.2.2, which can be implemented as described
in Section 3.2.2.3 or as specified in [DETNET-MPLS] in order to
provide 1+n hitless protection. The appropriate service protection
mechanism depends on the scenario and the requirements.

3.2.2.1. In-Order Delivery

Out-of-order packet delivery can be a side effect of service
protection. Packets delivered out of order impact the amount of
buffering needed at the destination to properly process the received
data. Such packets also influence the jitter of a flow. The
guarantees of a DetNet service include a maximum amount of
misordering as a constraint. Zero misordering would be a valid
service constraint to reflect that the end system(s) of the flow
cannot tolerate any out-of-order delivery. A DetNet Packet Ordering
Function (POF) (Section 3.2.2.2) can be used to provide in-order
delivery.

3.2.2.2. Packet Replication and Elimination

This section describes a service protection method that sends copies
of the same packets over multiple paths.

The DetNet service sub-layer includes the PRF, PEF, and POF for use
in DetNet edge, relay node, and end-system packet processing. These
functions can be enabled in a DetNet edge node, relay node, or end
system. The collective name for all three functions is Packet
Replication, Elimination, and Ordering Functions (PREOF). The packet
replication and elimination service protection method altogether
involves four capabilities:

* Sequencing information is provided to the packets of a DetNet
compound flow. This may be done by adding a sequence number or
time stamp as part of DetNet, or it may be inherent in the packet,
e.g., in a higher-layer protocol or associated to other physical
properties such as the precise time (and radio channel) of
reception of the packet. This is typically done once, at or near
the source.

* The PRF replicates these packets into multiple DetNet member flows
and typically sends them along multiple different paths to the
destination(s), e.g., over the explicit routes described in
Section 3.2.3. The location within a DetNet node and the
mechanism used for the PRF are left open for implementations.

* The PEF eliminates duplicate packets of a DetNet flow based on the
sequencing information and a history of received packets. The
output of the PEF is always a single packet. This may be done at
any DetNet node along the path to save network resources further
downstream, in particular if multiple replication points exist.
But the most common case is to perform this operation at the very
edge of the DetNet network, preferably in or near the receiver.
The location within a DetNet node and the mechanism used for the
PEF is left open for implementations.

* The POF uses the sequencing information to reorder a DetNet flow's
packets that are received out of order.

The order in which a DetNet node applies PEF, POF, and PRF to a
DetNet flow is left open for implementations.

Some service protection mechanisms rely on switching from one flow to
another when a failure of a flow is detected. Contrarily, packet
replication and elimination combines the DetNet member flows sent
along multiple different paths and performs a packet-by-packet
selection of which to discard, e.g., based on sequencing information.

In the simplest case, this amounts to 1) replicating each packet in a
source that has two interfaces and 2) conveying them through the
network along separate (Shared Risk Link Group (SRLG) disjoint) paths
to the similarly dual-homed destinations that 3) reorder the packets
and 4) discard the duplicates. This ensures that one path remains,
even if some DetNet intermediate node fails. The sequencing
information can also be used for loss detection and for reordering.

DetNet relay nodes in the network can provide replication and
elimination facilities at various points in the network so that
multiple failures can be accommodated.

This is shown in Figure 1, where the two relay nodes each replicate
(R) the DetNet flow on input, sending the DetNet member flows to both
the other relay node and to the end system, and eliminate duplicates
(E) on the output interface to the right-hand end system. Any one
link in the network can fail, and the DetNet compound flow can still
get through. Furthermore, two links can fail, as long as they are in
different segments of the network.

> > > > > > > > > relay > > > > > > > >
> /------------+ R node E +------------\ >
> / v + ^ \ >
end R + v | ^ + E end
system + v | ^ + system
> \ v + ^ / >
> \------------+ R relay E +-----------/ >
> > > > > > > > > node > > > > > > > >

Figure 1: Packet Replication and Elimination

Packet replication and elimination does not react to and correct
failures; it is entirely passive. Thus, intermittent failures,
mistakenly created packet filters, or misrouted data is handled just
the same as the equipment failures that are handled by typical
routing and bridging protocols.

If member flows that take different-length paths through the network
are combined, a merge point may require extra buffering to equalize
the delays over the different paths. This equalization ensures that
the resultant compound flow will not exceed its contracted bandwidth
even after one of the paths is restored after a failure. The extra
buffering can be also used to provide in-order delivery.

3.2.2.3. Packet Encoding for Service Protection

There are methods for using multiple paths to provide service
protection that involve encoding the information in a packet
belonging to a DetNet flow into multiple transmission units,
combining information from multiple packets into any given
transmission unit. Such techniques, also known as "network coding",
can be used as a DetNet service protection technique.

3.2.3. Explicit Routes

In networks controlled by typical dynamic control protocols such as
IS-IS or OSPF, a network topology event in one part of the network
can impact, at least briefly, the delivery of data in parts of the
network remote from the failure or recovery event. Even the use of
redundant paths through a network, e.g., as defined by [RFC6372],
does not eliminate the chances of packet loss. Furthermore, out-of-
order packet delivery can be a side effect of route changes.

Many real-time networks rely on physical rings of two-port devices,
with a relatively simple ring control protocol. This supports
redundant paths for service protection with a minimum of wiring. As
an additional benefit, ring topologies can often utilize different
topology management protocols from those used for a mesh network,
with a consequent reduction in the response time to topology changes.
Of course, this comes at some cost in terms of increased hop count,
and thus latency, for the typical path.

In order to get the advantages of low hop count and still ensure
against even very brief losses of connectivity, DetNet employs
explicit routes where the path taken by a given DetNet flow does not
change, at least not immediately and likely not at all, in response
to network topology events. Service protection (see Sections 3.2.2
and 3.2.2.3) over explicit routes provides a high likelihood of
continuous connectivity. Explicit routes can be established in
various ways, e.g., with RSVP-TE [RFC3209], with Segment Routing (SR)
[RFC8402], via a SDN approach [RFC8453], with IS-IS [RFC7813], etc.
Explicit routes are typically used in MPLS TE (Traffic Engineering)
Label Switched Paths (LSPs).

Out-of-order packet delivery can be a side effect of distributing a
single flow over multiple paths, especially when there is a change
from one path to another when combining the flow. This is
irrespective of the distribution method used and also applies to
service protection over explicit routes. As described in
Section 3.2.2.1, out-of-order packets influence the jitter of a flow
and impact the amount of buffering needed to process the data;
therefore, the guarantees of a DetNet service include a maximum
amount of misordering as a constraint. The use of explicit routes
helps to provide in-order delivery because there is no immediate
route change with the network topology, but the changes are plannable
as they are between the different explicit routes.

3.3. Secondary Goals for DetNet

Many applications require DetNet to provide additional services,
including coexistence with other QoS mechanisms (Section 3.3.1) and
protection against misbehaving transmitters (Section 3.3.2).

3.3.1. Coexistence with Normal Traffic

A DetNet network supports the dedication of a high proportion of the
network bandwidth to DetNet flows. But, no matter how much is
dedicated for DetNet flows, it is a goal of DetNet to coexist with
existing Class-of-Service schemes (e.g., DiffServ). It is also
important that non-DetNet traffic not disrupt the DetNet flow, of
course (see Sections 3.3.2 and 5). For these reasons:

* Bandwidth (transmission opportunities) not utilized by a DetNet
flow is available to non-DetNet packets (though not to other
DetNet flows).

* DetNet flows can be shaped or scheduled, in order to ensure that
the highest-priority non-DetNet packet is also ensured a worst-
case latency.

* When transmission opportunities for DetNet flows are scheduled in
detail, the algorithm constructing the schedule should leave
sufficient opportunities for non-DetNet packets to satisfy the
needs of the users of the network. Detailed scheduling can also
permit the time-shared use of buffer resources by different DetNet
flows.

Starvation of non-DetNet traffic must be avoided, for example, by
traffic policing and shaping functions (e.g., [RFC2475]). Thus, the
net effect of the presence of DetNet flows in a network on the non-
DetNet flows is primarily a reduction in the available bandwidth.

3.3.2. Fault Mitigation

Robust real-time systems require reducing the number of possible
failures. Filters and policers should be used in a DetNet network to
detect if DetNet packets are received on the wrong interface, at the
wrong time, or in too great a volume. Furthermore, filters and
policers can take actions to discard the offending packets or flows,
or trigger shutting down the offending flow or the offending
interface.

It is also essential that filters and service remarking be employed
at the network edge to prevent non-DetNet packets from being mistaken
for DetNet packets and thus impinging on the resources allocated to
DetNet packets. In particular, sending DetNet traffic into networks
that have not been provisioned in advance to handle that DetNet
traffic has to be treated as a fault. The use of egress traffic
filters, or equivalent mechanisms, to prevent this from happening are
strongly recommended at the edges of DetNet networks and DetNet
supporting networks. In this context, the term 'provisioned' has a
broad meaning, e.g., provisioning could be performed via an
administrative decision that the downstream network has the available
capacity to carry the DetNet traffic that is being sent into it.

Note that the sending of App-flows that do not use transport-layer
congestion control per [RFC2914] into a network that is not
provisioned to handle such traffic has to be treated as a fault and
prevented. PRF-generated DetNet member flows also need to be treated
as not using transport-layer congestion control even if the original
App-flow supports transport-layer congestion control because PREOF
can remove congestion indications at the PEF and thereby hide such
indications (e.g., drops, ECN markings, increased latency) from end
systems.

The mechanisms to support these requirements are both Data Plane and
implementation specific. Solutions that are data-plane specific will
be specified in the relevant data-plane solution document. There
also exist techniques, at present and/or in various stages of
standardization, that can support these fault-mitigation tasks that
deliver a high probability that misbehaving systems will have zero
impact on well-behaved DetNet flows with the exception, of course, of
the receiving interface(s) immediately downstream from the
misbehaving device. Examples of such techniques include traffic
policing and shaping functions (e.g., those described in [RFC2475]),
separating flows into per-flow rate-limited queues, and potentially
applying active queue management [RFC7567].

4. DetNet Architecture

4.1. DetNet Stack Model

DetNet functionality (Section 3) is implemented in two adjacent sub-
layers in the protocol stack: the DetNet service sub-layer and the
DetNet forwarding sub-layer. The DetNet service sub-layer provides
DetNet service, e.g., service protection, to higher layers in the
protocol stack and applications. The DetNet forwarding sub-layer
supports DetNet service in the underlying network, e.g., by providing
explicit routes and resource allocation to DetNet flows.

4.1.1. Representative Protocol Stack Model

Figure 2 illustrates a conceptual DetNet data-plane layering model.
One may compare it to that in [IEEE802.1CB], Annex C.

| packets going | ^ packets coming ^
v down the stack v | up the stack |
+-----------------------+ +-----------------------+
| Source | | Destination |
+-----------------------+ +-----------------------+
| Service sub-layer: | | Service sub-layer: |
| Packet sequencing | | Duplicate elimination |
| Flow replication | | Flow merging |
| Packet encoding | | Packet decoding |
+-----------------------+ +-----------------------+
| Forwarding sub-layer: | | Forwarding sub-layer: |
| Resource allocation | | Resource allocation |
| Explicit routes | | Explicit routes |
+-----------------------+ +-----------------------+
| Lower layers | | Lower layers |
+-----------------------+ +-----------------------+
v ^
\_________________________/

Figure 2: DetNet Data-Plane Protocol Stack

Not all sub-layers are required for any given application, or even
for any given network. The functionality shown in Figure 2 is:

Application
Shown as "source" and "destination" in the diagram.

Packet sequencing
As part of the DetNet service sub-layer, the packet sequencing
function supplies the sequence number for packet replication and
elimination for DetNet service protection (Section 3.2.2.2); thus,
its peer is duplicate elimination. This sub-layer is not needed
if a higher-layer protocol is expected to perform any packet
sequencing and duplicate elimination required by the DetNet flow
replication.

Duplicate elimination
As part of the DetNet service sub-layer, based on the sequence
number supplied by its peer (packet sequencing), duplicate
elimination discards any duplicate packets generated by DetNet
flow replication. It can operate on member flows, compound flows,
or both. The replication may also be inferred from other
information such as the precise time of reception in a scheduled
network. The duplicate elimination sub-layer may also perform
resequencing of packets to restore packet order in a flow that was
disrupted by the loss of packets on one or another of the multiple
paths taken.

Flow replication
As part of DetNet service protection, packets that belong to a
DetNet compound flow are replicated into two or more DetNet member
flows. This function is separate from packet sequencing. Flow
replication can be an explicit replication and remarking of
packets or can be performed by, for example, techniques similar to
ordinary multicast replication, albeit with resource allocation
implications. Its peer is DetNet flow merging.

Flow merging
As part of the DetNet service sub-layer, the flow merging function
combines DetNet member flows together for packets coming up the
stack belonging to a specific DetNet compound flow. DetNet flow
merging, together with packet sequencing, duplicate elimination,
and DetNet flow replication perform packet replication and
elimination (Section 3.2.2). Its peer is DetNet flow replication.

Packet encoding
As part of DetNet service protection, as an alternative to packet
sequencing and flow replication, packet encoding combines the
information in multiple DetNet packets, perhaps from different
DetNet compound flows, and transmits that information in packets
on different DetNet member flows. Its peer is packet decoding.

Packet decoding
As part of DetNet service protection, as an alternative to flow
merging and duplicate elimination, packet decoding takes packets
from different DetNet member flows and computes from those packets
the original DetNet packets from the compound flows input to
packet encoding. Its peer is packet encoding.

Resource allocation
The DetNet forwarding sub-layer provides resource allocation. See
Section 4.5. The actual queuing and shaping mechanisms are
typically provided by the underlying subnet. These can be closely
associated with the means of providing paths for DetNet flows.
The path and the resource allocation are conflated in this figure.

Explicit routes
Explicit routes are arrangements of fixed paths operated at the
DetNet forwarding sub-layer that are determined in advance to
avoid the impact of network convergence on DetNet flows.

Operations, Administration, and Maintenance (OAM) leverages in-band
and out-of-band signaling that validates whether the service is
effectively obtained within QoS constraints. OAM is not shown in
Figure 2; it may reside in any number of the layers. OAM can involve
specific tagging added in the packets for tracing implementation or
network configuration errors; traceability enables finding whether a
packet is a replica, which DetNet relay node performed the
replication, and which segment was intended for the replica. Active
and hybrid OAM methods require additional bandwidth to perform fault
management and performance monitoring of the DetNet domain. OAM may,
for instance, generate special test probes or add OAM information
into the data packet.

The packet replication and elimination functions may be performed
either at the source and destination ends of a DetNet compound flow
or in a DetNet relay node.

4.1.2. DetNet Data-Plane Overview

A "Deterministic Network" will be composed of DetNet-enabled end
systems, DetNet edge nodes, and DetNet relay nodes, which
collectively deliver DetNet services. DetNet relay and edge nodes
are interconnected via DetNet transit nodes (e.g., LSRs), which
support DetNet but are not DetNet service aware. All DetNet nodes
are connected to sub-networks, where a point-to-point link is also
considered a simple sub-network. These sub-networks provide DetNet-
compatible service for support of DetNet traffic. Examples of sub-
network technologies include MPLS TE, TSN as defined by IEEE 802.1,
and OTN (Optical Transport Network). Of course, multilayer DetNet
systems may also be possible, where one DetNet appears as a sub-
network and provides service to a higher-layer DetNet system. A
simple DetNet concept network is shown in Figure 3. Note that in
this and following figures, "Forwarding" and "Fwd" refer to the
DetNet forwarding sub-layer, and "Service" and "Svc" refer to the
DetNet service sub-layer; both of these sub-layers are described in
detail in Section 4.1.1.

TSN Edge Transit Relay DetNet
End System Node Node Node End System

+----------+ +.........+ +----------+
| Appl. |<--:Svc Proxy:-- End-to-End Service -------->| Appl. |
+----------+ +---------+ +---------+ +----------+
| TSN | |TSN| |Svc|<- DetNet flow --: Service :-->| Service |
+----------+ +---+ +---+ +--------+ +---------+ +----------+
|Forwarding| |Fwd| |Fwd| | Fwd | |Fwd| |Fwd| |Forwarding|
+-------.--+ +-.-+ +-.-+ +--.----.+ +-.-+ +-.-+ +---.------+
: Link : / ,-----. \ : Link : / ,-----. \
+........+ +-[ Sub- ]-+ +.......+ +-[ Sub- ]-+
[network] [network]
'-----' '-----'

Figure 3: A Simple DetNet-Enabled Network

DetNet Data Plane is divided into two sub-layers: the DetNet service
sub-layer and the DetNet forwarding sub-layer. This helps to explore
and evaluate various combinations of the data-plane solutions
available. Some of them are illustrated in Figure 4. This
separation of DetNet sub-layers, while helpful, should not be
considered a formal requirement. For example, some technologies may
violate these strict sub-layers and still be able to deliver a DetNet
service.

.
.
+-----------------------------+
| DetNet Service sub-layer | PW, UDP, GRE
+-----------------------------+
| DetNet Forwarding sub-layer | IPv6, IPv4, MPLS TE LSPs, MPLS SR
+-----------------------------+
.
.

Figure 4: DetNet Adaptation to Data Plane

In some networking scenarios, the end system initially provides a
DetNet flow encapsulation, which contains all information needed by
DetNet nodes (e.g., DetNet flow based on the Real-time Transport
Protocol (RTP) [RFC3550] that is carried over a native UDP/IP network
or pseudowire (PW)). In other scenarios, the encapsulation formats
might differ significantly.

There are many valid options to create a data-plane solution for
DetNet traffic by selecting a technology approach for the DetNet
service sub-layer and also selecting a technology approach for the
DetNet forwarding sub-layer. There are a large number of valid
combinations.

One of the most fundamental differences between different potential
data-plane options is the basic headers used by DetNet nodes. For
example, the basic service can be delivered based on an MPLS label or
an IP header. This decision impacts the basic forwarding logic for
the DetNet service sub-layer. Note that in both cases, IP addresses
are used to address DetNet nodes. The selected DetNet forwarding
sub-layer technology also needs to be mapped to the subnet technology
used to interconnect DetNet nodes. For example, DetNet flows will
need to be mapped to TSN Streams.

4.1.3. Network Reference Model

Figure 5 shows another view of the DetNet service-related reference
points and main components.

DetNet DetNet
End System End System
_ _
/ \ +----DetNet-UNI (U) / \
/App\ | /App\
/-----\ | /-----\
| NIC | v ________ | NIC |
+--+--+ _____ / \ DetNet-UNI (U) --+ +--+--+
| / \__/ \ | |
| / +----+ +----+ \_____ | |
| / | | | | \_______ | |
+------U PE +----+ P +----+ \ _ v |
| | | | | | | ___/ \ |
| +--+-+ +----+ | +----+ | / \_ |
\ | | | | | / \ |
\ | +----+ +--+-+ +--+PE |------ U-----+
\ | | | | | | | | | \_ _/
\ +---+ P +----+ P +--+ +----+ | \____/
\___ | | | | /
\ +----+__ +----+ DetNet-1 DetNet-2
| \_____/ \___________/ |
| |
| | End-to-End Service | | | |
<------------------------------------------------------------->
| | DetNet Service | | | |
| <------------------------------------------------> |
| | | | | |

Figure 5: DetNet Service Reference Model (Multidomain)

DetNet User-to-Network Interfaces (DetNet-UNIs) ("U" in Figure 5) are
assumed in this document to be packet-based reference points and
provide connectivity over the packet network. A DetNet-UNI may
provide multiple functions. For example, it may:

* add encapsulation specific to networking technology to the DetNet
flows if necessary,

* provide status of the availability of the resources associated
with a reservation,

* provide a synchronization service for the end system, or

* carry enough signaling to place the reservation in a network
without a controller or in a network where the controller only
deals with the network but not the end systems.

Internal reference points of end systems (between the application and
the Network Interface Card (NIC)) are more challenging from the
control perspective, and they may have extra requirements (e.g., in-
order delivery is expected in end system internal reference points,
whereas it is considered optional over the DetNet-UNI).

4.2. DetNet Systems

4.2.1. End System

The traffic characteristics of an App-flow can be CBR (constant bit
rate) or VBR (variable bit rate) and can have Layer 1, Layer 2, or
Layer 3 encapsulation (e.g., TDM (time-division multiplexing)
Ethernet, IP). These characteristics are considered as input for
resource reservation and might be simplified to ensure determinism
during packet forwarding (e.g., making reservations for the peak rate
of VBR traffic, etc.).

An end system may or may not be aware of the DetNet forwarding sub-
layer or DetNet service sub-layer. That is, an end system may or may
not contain DetNet-specific functionality. End systems with DetNet
functionalities may have the same or different forwarding sub-layer
as the connected DetNet domain. Categorization of end systems are
shown in Figure 6.

End system
|
|
| DetNet aware ?
/ \
+------< >------+
NO | \ / | YES
| v |
DetNet-unaware |
End system |
| Service/Forwarding
| sub-layer
/ \ aware ?
+--------< >-------------+
f-aware | \ / | s-aware
| v |
| | both |
| | |
DetNet f-aware | DetNet s-aware
End system | End system
v
DetNet sf-aware
End system

Figure 6: Categorization of End Systems

The following are some known use case examples for end systems:

DetNet unaware
The classic case requiring service proxies.

DetNet f-aware
A system that is aware of the DetNet forwarding sub-layer. It
knows about some TSN functions (e.g., reservation) but not about
service protection.

DetNet s-aware
A system that is aware of the DetNet service sub-layer. It
supplies sequence numbers but doesn't know about resource
allocation.

DetNet sf-aware
A fully functioning DetNet end system. It has DetNet
functionalities and usually the same forwarding paradigm as the
connected DetNet domain. It can be treated as an integral part of
the DetNet domain.

4.2.2. DetNet Edge, Relay, and Transit Nodes

As shown in Figure 3, DetNet edge nodes providing proxy service and
DetNet relay nodes providing the DetNet service sub-layer are DetNet
aware, and DetNet transit nodes need only be aware of the DetNet
forwarding sub-layer.

In general, if a DetNet flow passes through one or more DetNet-
unaware network nodes between two DetNet nodes providing the DetNet
forwarding sub-layer for that flow, there is a potential for
disruption or failure of the DetNet QoS. A network administrator
needs to 1) ensure that the DetNet-unaware network nodes are
configured to minimize the chances of packet loss and delay and 2)
provision enough extra buffer space in the DetNet transit node
following the DetNet-unaware network nodes to absorb the induced
latency variations.

4.3. DetNet Flows

4.3.1. DetNet Flow Types

A DetNet flow can have different formats while its packets are
forwarded between the peer end systems depending on the type of the
end systems. Corresponding to the end system types, the following
possible types/formats of a DetNet flow are distinguished in this
document. The different flow types have different requirements to
DetNet nodes.

App-flow
The payload (data) carried over a DetNet flow between DetNet-
unaware end systems. An App-flow does not contain any DetNet-
related attributes and does not imply any specific requirement on
DetNet nodes.

DetNet-f-flow
The specific format of a DetNet flow. It only requires the
resource allocation features provided by the DetNet forwarding
sub-layer.

DetNet-s-flow
The specific format of a DetNet flow. It only requires the
service protection feature ensured by the DetNet service sub-
layer.

DetNet-sf-flow
The specific format of a DetNet flow. It requires both the DetNet
service sub-layer and the DetNet forwarding sub-layer functions
during forwarding.

4.3.2. Source Transmission Behavior

For the purposes of resource allocation, DetNet flows can be
synchronous or asynchronous. In synchronous DetNet flows, at least
the DetNet nodes (and possibly the end systems) are closely time
synchronized, typically to better than 1 microsecond. By
transmitting packets from different DetNet flows or classes of DetNet
flows at different times, using repeating schedules synchronized
among the DetNet nodes, resources such as buffers and link bandwidth
can be shared over the time domain among different DetNet flows.
There is a trade-off among techniques for synchronous DetNet flows
between the burden of fine-grained scheduling and the benefit of
reducing the required resources, especially buffer space.

In contrast, asynchronous DetNet flows are not coordinated with a
fine-grained schedule, so relay and end systems must assume worst-
case interference among DetNet flows contending for buffer resources.
Asynchronous DetNet flows are characterized by:

* A maximum packet size;

* An observation interval; and

* A maximum number of transmissions during that observation
interval.

These parameters, together with knowledge of the protocol stack used
(and thus the size of the various headers added to a packet), provide
the bandwidth that is needed for the DetNet flow.

The source is required not to exceed these limits in order to obtain
DetNet service. If the source transmits less data than this limit
allows, then the unused resource, such as link bandwidth, can be made
available by the DetNet system to non-DetNet packets as long as all
guarantees are fulfilled. However, making those resources available
to DetNet packets in other DetNet flows would serve no purpose.
Those other DetNet flows have their own dedicated resources, on the
assumption that all DetNet flows can use all of their resources over
a long period of time.

There is no expectation in DetNet for App-flows to be responsive to
congestion control [RFC2914] or explicit congestion notification
[RFC3168]. The assumption is that a DetNet flow, to be useful, must
be delivered in its entirety. That is, while any useful application
is written to expect a certain number of lost packets, the real-time
applications of interest to DetNet demand that the loss of data due
to the network is a rare event.

Although DetNet strives to minimize the changes required of an
application to allow it to shift from a special-purpose digital
network to an Internet Protocol network, one fundamental shift in the
behavior of network applications is impossible to avoid: the
reservation of resources before the application starts. In the first
place, a network cannot deliver finite latency and practically zero
packet loss to an arbitrarily high offered load. Secondly, achieving
practically zero packet loss for DetNet flows means that DetNet nodes
have to dedicate buffer resources to specific DetNet flows or to
classes of DetNet flows. The requirements of each reservation have
to be translated into the parameters that control each DetNet
system's queuing, shaping, and scheduling functions, and they have to
be delivered to the DetNet nodes and end systems.

All nodes in a DetNet domain are expected to support the data
behavior required to deliver a particular DetNet service. If a node
itself is not DetNet service aware, the DetNet nodes that are
adjacent to them must ensure that the node that is non-DetNet aware
is provisioned to appropriately support the DetNet service. For
example, a TSN node (as defined by IEEE 802.1) may be used to
interconnect DetNet-aware nodes, and these DetNet nodes can map
DetNet flows to 802.1 TSN flows. As another example, an MPLS-TE or
MPLS-TP (Transport Profile) domain may be used to interconnect
DetNet-aware nodes, and these DetNet nodes can map DetNet flows to TE
LSPs, which can provide the QoS requirements of the DetNet service.

4.3.3. Incomplete Networks

The presence in the network of intermediate nodes or subnets that are
not fully capable of offering DetNet services complicates the ability
of the intermediate nodes and/or controller to allocate resources, as
extra buffering must be allocated at points downstream from the non-
DetNet intermediate node for a DetNet flow. This extra buffering may
increase latency and/or jitter.

4.4. Traffic Engineering for DetNet

Traffic Engineering Architecture and Signaling (TEAS) [TEAS] defines
traffic-engineering architectures for generic applicability across
packet and nonpacket networks. From a TEAS perspective, Traffic
Engineering (TE) refers to techniques that enable operators to
control how specific traffic flows are treated within their networks.

Because of its very nature of establishing explicit optimized paths,
DetNet can be seen as a new, specialized branch of TE, and it
inherits its architecture with a separation into planes.

The DetNet architecture is thus composed of three planes: a (User)
Application Plane, a Controller Plane, and a Network Plane. This
echoes the composition of Figure 1 of "Software-Defined Networking
(SDN): Layers and Architecture Terminology" [RFC7426] and the
controllers identified in [RFC8453] and [RFC7149].

4.4.1. The Application Plane

Per [RFC7426], the Application Plane includes both applications and
services. In particular, the Application Plane incorporates the User
Agent, a specialized application that interacts with the end user and
operator and performs requests for DetNet services via an abstract
Flow Management Entity (FME), which may or may not be collocated with
(one of) the end systems.

At the Application Plane, a management interface enables the
negotiation of flows between end systems. An abstraction of the flow
called a Traffic Specification (TSpec) provides the representation.
This abstraction is used to place a reservation over the (Northbound)
Service Interface and within the Application Plane. It is associated
with an abstraction of location, such as IP addresses and DNS names,
to identify the end systems and possibly specify DetNet nodes.

4.4.2. The Controller Plane

The Controller Plane corresponds to the aggregation of the Control
and Management Planes in [RFC7426], though Common Control and
Measurement Plane (CCAMP) (as defined by the CCAMP Working Group
[CCAMP]) makes an additional distinction between management and
measurement. When the logical separation of the Control,
Measurement, and other Management entities is not relevant, the term
"Controller Plane" is used for simplicity to represent them all, and
the term "Controller Plane Function (CPF)" refers to any device
operating in that plane, whether it is a Path Computation Element
(PCE) [RFC4655], a Network Management Entity (NME), or a distributed
control protocol. The CPF is a core element of a controller, in
charge of computing deterministic paths to be applied in the Network
Plane.

A (Northbound) Service Interface enables applications in the
Application Plane to communicate with the entities in the Controller
Plane as illustrated in Figure 7.

One or more CPFs collaborate to implement the requests from the FME
as per-flow, per-hop behaviors installed in the DetNet nodes for each
individual flow. The CPFs place each flow along a deterministic
arrangement of DetNet nodes so as to respect per-flow constraints
such as security and latency, and to optimize the overall result for
metrics such as an abstract aggregated cost. The deterministic
arrangement can typically be more complex than a direct arrangement
and include redundant paths with one or more packet replication and
elimination points. Scaling to larger networks is discussed in
Section 4.9.

4.4.3. The Network Plane

The Network Plane represents the network devices and protocols as a
whole, regardless of the layer at which the network devices operate.
It includes the Data Plane and Operational Plane (e.g., OAM) aspects.

The Network Plane comprises the Network Interface Cards (NICs) in the
end systems, which are typically IP hosts, and DetNet nodes, which
are typically IP routers and MPLS switches.

A Southbound (Network) Interface enables the entities in the
Controller Plane to communicate with devices in the Network Plane as
illustrated in Figure 7. This interface leverages and extends TEAS
to describe the physical topology and resources in the Network Plane.

End End
System System

-+-+-+-+-+-+-+ Northbound -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

CPF CPF CPF CPF

-+-+-+-+-+-+-+ Southbound -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

DetNet DetNet DetNet DetNet
Node Node Node Node
NIC NIC
DetNet DetNet DetNet DetNet
Node Node Node Node

Figure 7: Northbound and Southbound Interfaces

The DetNet nodes (and possibly the end systems' NICs) expose their
capabilities and physical resources to the controller (the CPF) and
update the CPFs with their dynamic perception of the topology across
the Southbound Interface. In return, the CPFs set the per-flow paths
up, providing a Flow Characterization that is more tightly coupled to
the DetNet node operation than a TSpec.

At the Network Plane, DetNet nodes may exchange information regarding
the state of the paths, between adjacent DetNet nodes and possibly
with the end systems, and forward packets within constraints
associated to each flow, or, when unable to do so, perform a last-
resort operation such as drop or declassify.

This document focuses on the Southbound interface and the operation
of the Network Plane.

4.5. Queuing, Shaping, Scheduling, and Preemption

DetNet achieves bounded delivery latency by reserving bandwidth and
buffer resources at each DetNet node along the path of the DetNet
flow. The reservation itself is not sufficient, however.
Implementors and users of a number of proprietary and standard real-
time networks have found that standards for specific data-plane
techniques are required to enable these assurances to be made in a
multivendor network. The fundamental reason is that latency
variation in one DetNet system results in the need for extra buffer
space in the next-hop DetNet system(s), which in turn increases the
worst-case per-hop latency.

Standard queuing and transmission-selection algorithms allow TE
(Section 4.4) to compute the latency contribution of each DetNet node
to the end-to-end latency, to compute the amount of buffer space
required in each DetNet node for each incremental DetNet flow, and
most importantly, to translate from a flow specification to a set of
values for the managed objects that control each relay or end system.
For example, the IEEE 802.1 WG has specified (and is specifying) a
set of queuing, shaping, and scheduling algorithms that enable each
DetNet node, and/or a central controller, to compute these values.
These algorithms include:

* A credit-based shaper [IEEE802.1Qav] (incorporated to
[IEEE802.1Q]).

* Time-gated queues governed by a rotating time schedule based on
synchronized time [IEEE802.1Qbv] (incorporated to [IEEE802.1Q]).

* Synchronized double (or triple) buffers driven by synchronized
time ticks. [IEEE802.1Qch] (incorporated to [IEEE802.1Q]).

* Preemption of an Ethernet packet in transmission by a packet with
a more stringent latency requirement, followed by the resumption
of the preempted packet [IEEE802.1Qbu] (incorporated to
[IEEE802.1Q]) [IEEE802.3br] (incorporated to [IEEE802.3]).

While these techniques are currently embedded in Ethernet [IEEE802.3]
and bridging standards, we can note that they are all, except perhaps
for packet preemption, equally applicable to media other than
Ethernet and to routers as well as bridges. Other media may have
their own methods (see, e.g., [TSCH-ARCH] and [RFC7554]). Further
techniques are defined by the IETF (e.g., [RFC8289] and [RFC8033]).
DetNet may include such definitions in the future or may define how
these techniques can be used by DetNet nodes.

4.6. Service Instance

A service instance represents all the functions required on a DetNet
node to allow the end-to-end service between the UNIs.

The DetNet network general reference model is shown in Figure 8 for a
DetNet service scenario (i.e., between two DetNet-UNIs). In this
figure, end systems ("A" and "B") are connected directly to the edge
nodes of an IP/MPLS network ("PE1" and "PE2"). End systems
participating in DetNet communication may require connectivity before
setting up an App-flow that requires the DetNet service. Such a
connectivity-related service instance and the one dedicated for
DetNet service share the same access. Packets belonging to a DetNet
flow are selected by a filter configured on the access ("F1" and
"F2"). As a result, data-flow-specific access ("access-A + F1" and
"access-B + F2") is terminated in the flow-specific service instance
("SI-1" and "SI-2"). A tunnel is used to provide connectivity
between the service instances.

The tunnel is exclusively used for the packets of the DetNet flow
between "SI-1" and "SI-2". The service instances are configured to
implement DetNet functions and a flow-specific DetNet forwarding.
The service instance and the tunnel may or may not be shared by
multiple DetNet flows. Sharing the service instance by multiple
DetNet flows requires properly populated forwarding tables of the
service instance.

access-A access-B
<-----> <-------- tunnel ----------> <----->

+---------+ ___ _ +---------+
End system | +----+ | / \/ \_ | +----+ | End system
"A" -------F1+ | | / \ | | +F2----- "B"
| | +========+ IP/MPLS +=======+ | |
| |SI-1| | \__ Net._/ | |SI-2| |
| +----+ | \____/ | +----+ |
|PE1 | | PE2|
+---------+ +---------+

Figure 8: DetNet Network General Reference Model

The tunnel between the service instances may have some special
characteristics. For example, in case of a DetNet L3 service, there
are differences in the usage of the PW for DetNet traffic compared to
the network model described in [RFC6658]. In the DetNet scenario,
the PW is likely to be used exclusively by the DetNet flow, whereas
[RFC6658] states:

| The packet PW appears as a single point-to-point link to the
| client layer. Network-layer adjacency formation and maintenance
| between the client equipments will follow the normal practice
| needed to support the required relationship in the client layer.

and

| This packet pseudowire is used to transport all of the required
| layer 2 and layer 3 protocols between LSR1 and LSR2.

Further details are network technology specific and can be found in
[DETNET-FRAMEWORK].

4.7. Flow Identification at Technology Borders

This section discusses what needs to be done at technology borders
including Ethernet as one of the technologies. Flow identification
for MPLS and IP Data Planes are described in [DETNET-MPLS] and
[DETNET-IP], respectively.

4.7.1. Exporting Flow Identification

A DetNet node may need to map specific flows to lower-layer flows (or
Streams) in order to provide specific queuing and shaping services
for specific flows. For example:

* A non-IP, strictly L2 source end system X may be sending multiple
flows to the same L2 destination end system Y. Those flows may
include DetNet flows with different QoS requirements and may
include non-DetNet flows.

* A router may be sending any number of flows to another router.
Again, those flows may include DetNet flows with different QoS
requirements and may include non-DetNet flows.

* Two routers may be separated by bridges. For these bridges to
perform any required per-flow queuing and shaping, they must be
able to identify the individual flows.

* A Label Edge Router (LER) may have a Label Switched Path (LSP) set
up for handling traffic destined for a particular IP address
carrying only non-DetNet flows. If a DetNet flow to that same
address is requested, a separate LSP may be needed in order for
all of the Label Switch Routers (LSRs) along the path to the
destination to give that flow special queuing and shaping.

The need for a lower-layer node to be aware of individual higher-
layer flows is not unique to DetNet. But, given the endless
complexity of layering and relayering over tunnels that is available
to network designers, DetNet needs to provide a model for flow
identification that is better than packet inspection. That is not to
say that packet inspection to Layer 4 or Layer 5 addresses will not
be used or the capability standardized; however, there are
alternatives.

A DetNet relay node can connect DetNet flows on different paths using
different flow identification methods. For example:

* A single unicast DetNet flow passing from router A through a
bridged network to router B may be assigned a TSN Stream
identifier that is unique within that bridged network. The
bridges can then identify the flow without accessing higher-layer
headers. Of course, the receiving router must recognize and
accept that TSN Stream.

* A DetNet flow passing from LSR A to LSR B may be assigned a
different label than that used for other flows to the same IP
destination.

In any of the above cases, it is possible that an existing DetNet
flow can be an aggregate carrying multiple other DetNet flows (not to
be confused with DetNet compound vs. member flows). Of course, this
requires that the aggregate DetNet flow be provisioned properly to
carry the aggregated flows.

Thus, rather than packet inspection, there is the option to export
higher-layer information to the lower layer. The requirement to
support one or the other method for flow identification (or both) is
a complexity that is part of DetNet control models.

4.7.2. Flow Attribute Mapping between Layers

Forwarding of packets of DetNet flows over multiple technology
domains may require that lower layers are aware of specific flows of
higher layers. Such an "exporting of flow identification" is needed
each time when the forwarding paradigm is changed on the forwarding
path (e.g., two LSRs are interconnected by an L2 bridged domain,
etc.). The three representative forwarding methods considered for
DetNet are:

* IP routing

* MPLS label switching

* Ethernet bridging

A packet with corresponding Flow-IDs is illustrated in Figure 9,
which also indicates where each Flow-ID can be added or removed.

add/remove add/remove
Eth Flow-ID IP Flow-ID
| |
v v
+-----------------------------------------------------------+
| | | | |
| Eth | MPLS | IP | Application data |
| | | | |
+-----------------------------------------------------------+
^
|
add/remove
MPLS Flow-ID

Figure 9: Packet with Multiple Flow-IDs

The additional (domain-specific) Flow-ID can be:

* created by a domain-specific function or

* derived from the Flow-ID added to the App-flow.

The Flow-ID must be unique inside a given domain. Note that the
Flow-ID added to the App-flow is still present in the packet, but
some nodes may lack the function to recognize it; that's why the
additional Flow-ID is added.

4.7.3. Flow-ID Mapping Examples

IP nodes and MPLS nodes are assumed to be configured to push such an
additional (domain-specific) Flow-ID when sending traffic to an
Ethernet switch (as shown in the examples below).

Figure 10 shows a scenario where an IP end system ("IP-A") is
connected via two Ethernet switches ("ETH-n") to an IP router ("IP-
1").

IP domain
<-----------------------------------------------

+======+ +======+
|L3-ID | |L3-ID |
+======+ /\ +-----+ +======+
/ \ Forward as | |
/IP-A\ per ETH-ID |IP-1 | Recognize
Push ------> +-+----+ | +---+-+ <----- ETH-ID
ETH-ID | +----+-----+ |
| v v |
| +-----+ +-----+ |
+------+ | | +---------+
+......+ |ETH-1+----+ETH-2| +======+
.L3-ID . +-----+ +-----+ |L3-ID |
+======+ +......+ +======+
|ETH-ID| .L3-ID . |ETH-ID|
+======+ +======+ +------+
|ETH-ID|
+======+

Ethernet domain
<---------------->

Figure 10: IP Nodes Interconnected by an Ethernet Domain

End system "IP-A" uses the original App-flow-specific ID ("L3-ID"),
but as it is connected to an Ethernet domain, it has to push an
Ethernet-domain-specific Flow-ID ("ETH-ID") before sending the packet
to "ETH-1". Ethernet switch "ETH-1" can recognize the data flow
based on the "ETH-ID", and it does forwarding toward "ETH-2". "ETH-
2" switches the packet toward the IP router. "IP-1" must be
configured to receive the Ethernet Flow-ID-specific multicast flow,
but (as it is an L3 node) it decodes the data flow ID based on the
"L3-ID" fields of the received packet.

Figure 11 shows a scenario where MPLS domain nodes ("PE-n" and "P-m")
are connected via two Ethernet switches ("ETH-n").

MPLS domain
<----------------------------------------------->

+=======+ +=======+
|MPLS-ID| |MPLS-ID|
+=======+ +-----+ +-----+ +=======+ +-----+
| | Forward as | | | |
|PE-1 | per ETH-ID | P-2 +-----------+ PE-2|
Push -----> +-+---+ | +---+-+ +-----+
ETH-ID | +-----+----+ | \ Recognize
| v v | +-- ETH-ID
| +-----+ +-----+ |
+---+ | | +----+
+.......+ |ETH-1+----+ETH-2| +=======+
.MPLS-ID. +-----+ +-----+ |MPLS-ID|
+=======+ +=======+
|ETH-ID | +.......+ |ETH-ID |
+=======+ .MPLS-ID. +-------+
+=======+
|ETH-ID |
+=======+
Ethernet domain
<---------------->

Figure 11: MPLS Nodes Interconnected by an Ethernet Domain

"PE-1" uses the MPLS-specific ID ("MPLS-ID"), but as it is connected
to an Ethernet domain, it has to push an Ethernet-domain-specific
Flow-ID ("ETH-ID") before sending the packet to "ETH-1". Ethernet
switch "ETH-1" can recognize the data flow based on the "ETH-ID", and
it does forwarding toward "ETH-2". "ETH-2" switches the packet
toward the MPLS node ("P-2"). "P-2" must be configured to receive
the Ethernet Flow-ID-specific multicast flow, but (as it is an MPLS
node) it decodes the data flow ID based on the "MPLS-ID" fields of
the received packet.

One can appreciate from the above example that, when the means used
for DetNet flow identification is altered or exported, the means for
encoding the sequence number information must similarly be altered or
exported.

4.8. Advertising Resources, Capabilities, and Adjacencies

Provisioning of DetNet requires knowledge about:

* Details of the DetNet system's capabilities that are required in
order to accurately allocate that DetNet system's resources, as
well as other DetNet systems' resources. This includes, for
example, which specific queuing and shaping algorithms are
implemented (Section 4.5), the number of buffers dedicated for
DetNet allocation, and the worst-case forwarding delay and
misordering.

* The actual state of a DetNet node's DetNet resources.

* The identity of the DetNet system's neighbors and the
characteristics of the link(s) between the DetNet systems,
including the latency of the links (in nanoseconds).

4.9. Scaling to Larger Networks

Reservations for individual DetNet flows require considerable state
information in each DetNet node, especially when adequate fault
mitigation (Section 3.3.2) is required. The DetNet Data Plane, in
order to support larger numbers of DetNet flows, must support the
aggregation of DetNet flows. Such aggregated flows can be viewed by
the DetNet nodes' Data Plane largely as individual DetNet flows.
Without such aggregation, the per-relay system may limit the scale of
DetNet networks. Example techniques that may be used include MPLS
hierarchy and IP DiffServ Code Points (DSCPs).

4.10. Compatibility with Layer 2

Standards providing similar capabilities for bridged networks (only)
have been and are being generated in the IEEE 802 LAN/MAN Standards
Committee. The present architecture describes an abstract model that
can be applicable both at Layer 2 and Layer 3, and over links not
defined by IEEE 802.

DetNet-enabled end systems and DetNet nodes can be interconnected by
sub-networks, i.e., Layer 2 technologies. These sub-networks will
provide DetNet compatible service for support of DetNet traffic.
Examples of sub-network technologies include MPLS TE, TSN as defined
by IEEE 802.1, and a point-to-point OTN link. Of course, multilayer
DetNet systems may be possible too, where one DetNet appears as a
sub-network and provides service to a higher-layer DetNet system.

5. Security Considerations

Security considerations for DetNet are described in detail in
[DETNET-SECURITY]. This section considers exclusively security
considerations that are specific to the DetNet architecture.

Security aspects that are unique to DetNet are those whose aim is to
provide the specific QoS aspects of DetNet, which are primarily to
deliver data flows with extremely low packet loss rates and bounded
end-to-end delivery latency. A DetNet may be implemented using MPLS
and/or IP (including both v4 and v6) technologies and thus inherits
the security properties of those technologies at both the Data Plane
and the Controller Plane.

Security considerations for DetNet are constrained (compared to, for
example, the open Internet) because DetNet is defined to operate only
within a single administrative domain (see Section 1). The primary
considerations are to secure the request and control of DetNet
resources, maintain confidentiality of data traversing the DetNet,
and provide the availability of the DetNet QoS.

To secure the request and control of DetNet resources, authentication
and authorization can be used for each device connected to a DetNet
domain, most importantly to network controller devices. Control of a
DetNet network may be centralized or distributed (within a single
administrative domain). In the case of centralized control,
precedent for security considerations as defined for Abstraction and
Control of Traffic Engineered Networks (ACTN) can be found in
Section 9 of [RFC8453]. In the case of distributed control
protocols, DetNet security is expected to be provided by the security
properties of the protocols in use. In any case, the result is that
manipulation of administratively configurable parameters is limited
to authorized entities.

To maintain confidentiality of data traversing the DetNet,
application flows can be protected through whatever means is provided
by the underlying technology. For example, encryption may be used,
such as that provided by IPsec [RFC4301], for IP flows and by MACSec
[IEEE802.1AE] for Ethernet (Layer 2) flows.

DetNet flows are identified on a per-flow basis, which may provide
attackers with additional information about the data flows (when
compared to networks that do not include per-flow identification).
This is an inherent property of DetNet that has security implications
that should be considered when determining if DetNet is a suitable
technology for any given use case.

To provide uninterrupted availability of the DetNet QoS, provisions
can be made against DoS attacks and delay attacks. To protect
against DoS attacks, excess traffic due to malicious or
malfunctioning devices can be prevented or mitigated, for example,
through the use of traffic admission control applied at the input of
a DetNet domain as described in Section 3.2.1 and through the fault-
mitigation methods described in Section 3.3.2. To prevent DetNet
packets from being delayed by an entity external to a DetNet domain,
DetNet technology definition can allow for the mitigation of man-in-
the-middle attacks, for example, through use of authentication and
authorization of devices within the DetNet domain.

Because DetNet mechanisms or applications that rely on DetNet can
make heavy use of methods that require precise time synchronization,
the accuracy, availability, and integrity of time synchronization is
of critical importance. Extensive discussion of this topic can be
found in [RFC7384].

DetNet use cases are known to have widely divergent security
requirements. The intent of this section is to provide a baseline
for security considerations that are common to all DetNet designs and
implementations, without burdening individual designs with specifics
of security infrastructure that may not be germane to the given use
case. Designers and implementors of DetNet systems are expected to
take use-case-specific considerations into account in their DetNet
designs and implementations.

6. Privacy Considerations

DetNet provides a QoS, and the generic considerations for such
mechanisms apply. In particular, such markings allow for an attacker
to correlate flows or to select particular types of flow for more
detailed inspection.

However, the requirement for every (or almost every) node along the
path of a DetNet flow to identify DetNet flows may present an
additional attack surface for privacy should the DetNet paradigm be
found useful in broader environments.

7. IANA Considerations

This document has no IANA actions.

8. Informative References

[BUFFERBLOAT]
Gettys, J. and K. Nichols, "Bufferbloat: Dark Buffers in
the Internet", DOI 10.1145/2063176.2063196, Communications
of the ACM, Volume 55, Issue 1, January 2012,
.

[CCAMP] IETF, "Common Control and Measurement Plane (ccamp)",
October 2019,
.

[DETNET-FRAMEWORK]
Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
Bryant, S., and J. Korhonen, "DetNet Data Plane
Framework", Work in Progress, Internet-Draft, draft-ietf-
detnet-data-plane-framework-02, 13 September 2019,
framework-02>.

[DETNET-IP]
Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
Bryant, S., and J. Korhonen, "DetNet Data Plane: IP", Work
in Progress, Internet-Draft, draft-ietf-detnet-ip-01, 1
July 2019,
.

[DETNET-MPLS]
Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
Bryant, S., and J. Korhonen, "DetNet Data Plane: MPLS",
Work in Progress, Internet-Draft, draft-ietf-detnet-mpls-
01, 1 July 2019,
.

[DETNET-SECURITY]
Mizrahi, T., Grossman, E., Hacker, A., Das, S., Dowdell,
J., Austad, H., Stanton, K., and N. Finn, "Deterministic
Networking (DetNet) Security Considerations", Work in
Progress, Internet-Draft, draft-ietf-detnet-security-05,
29 August 2019, detnet-security-05>.

[IEC-62439-3]
IEC, "Industrial communication networks - High
availability automation networks - Part 3: Parallel
Redundancy Protocol (PRP) and High-availability Seamless
Redundancy (HSR)", TC 65 / SC 65C, IEC 62439-3:2016, March
2016, .

[IEEE802.1AE]
IEEE, "IEEE Standard for Local and metropolitan area
networks-Media Access Control (MAC) Security", IEEE
802.1AE-2018,
.

[IEEE802.1BA]
IEEE, "IEEE Standard for Local and metropolitan area
networks--Audio Video Bridging (AVB) Systems", IEEE
802.1BA-2011,
.

[IEEE802.1CB]
IEEE, "IEEE Standard for Local and metropolitan area
networks--Frame Replication and Elimination for
Reliability", DOI 10.1109/IEEESTD.2017.8091139, IEEE
802.1CB-2017, October 2019,
.

[IEEE802.1Q]
IEEE, "IEEE Standard for Local and Metropolitan Area
Network--Bridges and Bridged Networks", IEEE 802.1Q-2018,
.

[IEEE802.1Qav]
IEEE, "IEEE Standard for Local and Metropolitan Area
Networks - Virtual Bridged Local Area Networks Amendment
12: Forwarding and Queuing Enhancements for Time-Sensitive
Streams", IEEE 802.1Qav-2009,
.

[IEEE802.1Qbu]
IEEE, "IEEE Standard for Local and metropolitan area
networks -- Bridges and Bridged Networks -- Amendment 26:
Frame Preemption", IEEE 802.1Qbu-2016,
.

[IEEE802.1Qbv]
IEEE, "IEEE Standard for Local and metropolitan area
networks -- Bridges and Bridged Networks - Amendment 25:
Enhancements for Scheduled Traffic", IEEE 802.1Qbv-2015,
.

[IEEE802.1Qch]
IEEE, "IEEE Standard for Local and metropolitan area
networks--Bridges and Bridged Networks--Amendment 29:
Cyclic Queuing and Forwarding", IEEE 802.1Qch-2017,
.

[IEEE802.1TSNTG]
IEEE, "Time-Sensitive Networking (TSN) Task Group",
.

[IEEE802.3]
IEEE, "IEEE Standard for Ethernet", IEEE 802.3-2018,
.

[IEEE802.3br]
IEEE, "IEEE Standard for Ethernet Amendment 5:
Specification and Management Parameters for Interspersing
Express Traffic", IEEE 802.3br,
.

[RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S.
Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
Functional Specification", RFC 2205, DOI 10.17487/RFC2205,
September 1997, .

[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
.

[RFC2914] Floyd, S., "Congestion Control Principles", BCP 41,
RFC 2914, DOI 10.17487/RFC2914, September 2000,
.

[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP",
RFC 3168, DOI 10.17487/RFC3168, September 2001,
.

[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
.

[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
July 2003, .

[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, .

[RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path
Computation Element (PCE)-Based Architecture", RFC 4655,
DOI 10.17487/RFC4655, August 2006,
.

[RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport
Profile (MPLS-TP) Survivability Framework", RFC 6372,
DOI 10.17487/RFC6372, September 2011,
.

[RFC6658] Bryant, S., Ed., Martini, L., Swallow, G., and A. Malis,
"Packet Pseudowire Encapsulation over an MPLS PSN",
RFC 6658, DOI 10.17487/RFC6658, July 2012,
.

[RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined
Networking: A Perspective from within a Service Provider
Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014,
.

[RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in
Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384,
October 2014, .

[RFC7426] Haleplidis, E., Ed., Pentikousis, K., Ed., Denazis, S.,
Hadi Salim, J., Meyer, D., and O. Koufopavlou, "Software-
Defined Networking (SDN): Layers and Architecture
Terminology", RFC 7426, DOI 10.17487/RFC7426, January
2015, .

[RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
Internet of Things (IoT): Problem Statement", RFC 7554,
DOI 10.17487/RFC7554, May 2015,
.

[RFC7567] Baker, F., Ed. and G. Fairhurst, Ed., "IETF
Recommendations Regarding Active Queue Management",
BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015,
.

[RFC7813] Farkas, J., Ed., Bragg, N., Unbehagen, P., Parsons, G.,
Ashwood-Smith, P., and C. Bowers, "IS-IS Path Control and
Reservation", RFC 7813, DOI 10.17487/RFC7813, June 2016,
.

[RFC8033] Pan, R., Natarajan, P., Baker, F., and G. White,
"Proportional Integral Controller Enhanced (PIE): A
Lightweight Control Scheme to Address the Bufferbloat
Problem", RFC 8033, DOI 10.17487/RFC8033, February 2017,
.

[RFC8227] Cheng, W., Wang, L., Li, H., van Helvoort, H., and J.
Dong, "MPLS-TP Shared-Ring Protection (MSRP) Mechanism for
Ring Topology", RFC 8227, DOI 10.17487/RFC8227, August
2017, .

[RFC8289] Nichols, K., Jacobson, V., McGregor, A., Ed., and J.
Iyengar, Ed., "Controlled Delay Active Queue Management",
RFC 8289, DOI 10.17487/RFC8289, January 2018,
.

[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, .

[RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
Abstraction and Control of TE Networks (ACTN)", RFC 8453,
DOI 10.17487/RFC8453, August 2018,
.

[RFC8557] Finn, N. and P. Thubert, "Deterministic Networking Problem
Statement", RFC 8557, DOI 10.17487/RFC8557, May 2019,
.

[RFC8578] Grossman, E., Ed., "Deterministic Networking Use Cases",
RFC 8578, DOI 10.17487/RFC8578, May 2019,
.

[TEAS] IETF, "Traffic Engineering Architecture and Signaling
(teas)", October 2019,
.

[TSCH-ARCH]
Thubert, P., "An Architecture for IPv6 over the TSCH mode
of IEEE 802.15.4", Work in Progress, Internet-Draft,
draft-ietf-6tisch-architecture-26, 27 August 2019,
architecture-26>.

Acknowledgements

The authors wish to thank Lou Berger, David Black, Stewart Bryant,
Rodney Cummings, Ethan Grossman, Craig Gunther, Marcel Kiessling,
Rudy Klecka, Jouni Korhonen, Erik Nordmark, Shitanshu Shah, Wilfried
Steiner, George Swallow, Michael Johas Teener, Pat Thaler, Thomas
Watteyne, Patrick Wetterwald, Karl Weber, and Anca Zamfir for their
various contributions to this work.

Authors' Addresses

Norman Finn
Huawei
3101 Rio Way
Spring Valley, California 91977
United States of America

Phone: +1 925 980 6430
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Pascal Thubert
Cisco Systems
Batiment T3
Village d'Entreprises Green Side, 400, Avenue de Roumanille
06410 Biot - Sophia Antipolis
France

Phone: +33 4 97 23 26 34
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Balázs Varga
Ericsson
Budapest
Magyar tudosok korutja 11
1117
Hungary

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

János Farkas
Ericsson
Budapest
Magyar tudosok korutja 11
1117
Hungary

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The world needs a good news source on Internet and telecom policy. I hope to create one. Catch a mistake? Email me please.  Dave Burstein

Latest

Professor Noam's "Many Internets" http://bit.ly/ManyNets

Until about 2010, everyone agreed the Net was a "network of networks," not a monolithic entity. There was a central authority, ICANN, keeping track of domain names, but that was a minor administrative function.
Columbia Professor Noam suggests we might be better off accepting that some nations or groups might want to organize their networks differently. It's easy to see demand for an Internet with much more effective filters against material some think harmful to children. (Any 10 year old can easily find porn today. Many do.)
Internet translation is getting better very quickly. You might want an "Internet" that translates everything into your language. Google Chrome translation isn't perfect but I was able to research most of this story on Russian language sites. With a few more years progress, I might welcome an alternate that brings me everything in English, including caching for better performance.
De facto, Internet news is already split, as hundreds of millions only get their news from Facebook. Google AMP pages, including for news, also favor selected parts of the net
Centralizing the DNS doesn't prevent censorship, as the Chinese have demonstrated. There are many Jewish and Muslim fundamentalists who want to block what they consider blasphemy and limit free speech. See http://www.nytimes.com/2012/05/21/nyregion/ultra-orthodox-jews-hold-rally-on-internet-at-citi-field.html . More from Noam http://bit.ly/ManyNets

Russia Orders Alternate Root Internet System http://bit.ly/RussiaDNS
It's actually practical and not necessarily a problem.The Security Council of the Russian Federation, headed by Vladimir Putin, has ordered the "government to develop an independent internet infrastructure for BRICS nations, which would continue to work in the event of global internet malfunctions ... This system would be used by countries of the BRICS bloc – Brazil, Russia, India, China and South Africa." RT
Columbia University Professor Eli Noam and then ICANN CEO Fadi Chehadé have both said such a system is perfectly practical as long as there is robust interconnection.
Actually, the battle over ICANN and domain names is essentially symbolic. Managing the DNS is a relatively insignificant task, more clerical than governing. ICANN Chair Steve Crocker pointed out they had very little to do with policy.
Some will claim this is about blocking free speech but that's rhetoric. Russia doesn't need to fiddle with the DNS for censorship, as the Chinese have demonstrated. The wonders of the Internet will continue so long as the resulting nets" are robustly connected. The ICANN and U.S. policy goal should be to help create that system for interconnection.
I expect contentions that “The Russians are taking over our Internet” and “They are splitting the Internet.” The Internet is a “Network of Networks.” It is not a monolith so what would “splitting” it mean or do?
After the WCIT, China realized that ICANN and the DNS are side issues not worth bothering about. They have been building alternate institutions including the World Internet Summit in Wuzhan and the BRICs conferences.  The Chinese have put their main work where decisions that matter are made. Wireless standards are set by 3GPP, where nothing can be approved without China's consent.
The American battle at ITU is proving to be a historic mistake.
Why does Russia want an independent Internet?
They fear that Western sanctions on Russia could cripple the Russian Net. Communications minister, Nikolay Nikiforov, worries about, "a scenario where our esteemed partners would suddenly decide to disconnect us from the internet." I think that's highly unlikely but Nikiforov points out, “Recently, Russia is being addressed in a language of unilateral sanctions: first, our credit cards are being cut off; then the European Parliament says that they’ll disconnect us from SWIFT."
It makes sense for the Russians to be prepared for such a contingency as the Cold War has been warming up on both sides. "Britain's top military chief Air Chief Marshal Sir Stuart Peach just made headlines warning Russian subs "could CRIPPLE Britain by cutting undefended undersea internet cables." Much more http://bit.ly/RussiaDNS

ICANN Continues Excluding Russia & China From the Board http://bit.ly/CEOPromises
No wonder Russia wants an alternate root. Three years ago, ICANN CEO Fadi Chehadé promised "a seat at the table" to Chinese Premier Li. ICANN welched and this year added two more Americans.
Almost all the ICANN board is from the U.S. and close allies; only about 4 of the 18 board members are from countries on the other side of the North/South divide in Internet policy.  Claiming ICANN represents the Global Internet is inappropriate. China is 1/3rd of the Internet but has no representation on the board.
I know many of the board members. They are all basically honorable but generally share a strong opinion on North-South issues.
Larry Strickling of the U.S. government knew just what he was doing with the IANA transition. He handed over to a board with similar positions as the U.S. government.
"The system is unsustainable while it excludes half the world," I have been saying since 2012. More, including the transcript of Fadi's statements,http://bit.ly/CEOPromises

Sorry, Ajit Pai: Smaller Telcos Did Not Reduce Investment After NN Ruling http://bit.ly/SorryPai
Pai justifies his NN choice with the claim, "The impact has been particularly serious for smaller Internet service providers." #wrong (Actually, NN has minimal effects on investment, up or down, I’m convinced. Competition, new technology, customer demand and similar are far more important.)
The two largest suppliers to “smaller ISPs” saw sales go up. Adtran's sales the most recent nine months were $540M, up from $473M the year before. 2016 was $636M, 2015 $600M. Calix the last nine months sold $372M, up from $327M. The full year 2016 was $459M, up from $407M in 2015. Clearfield, a supplier of fiber optic gear, was up 8% in sales in the smaller ISPs.
There is nothing in the data from others that suggests an alternate trend. Anyone could have found this data in a few minutes from the company quarterly reports.
The results in larger companies are ambiguous. I can "prove" capex went up or went down by selecting the right data. The four largest companies' capex - two/thirds of the total - went up from $52.7B in 2015 to $55.7B in 2016. The result remains positive after making sensible adjustments for mergers and acquisitions. That's as close to "proving" that NN led to increased spending as the facts chosen to prove the opposite.
Actually, whether capex went up or down in 2016 tells us almost nothing about the choice on neutrality. Everyone knows a single datapoint could be random or due to other causes. Much more, including the source of the errors http://bit.ly/SorryPai

Elders Bearing Witness: Vint, Timbl, & Many More http://bit.ly/VintTim
Vint Cerf, Tim Berners-Lee, Steve Wozniak and more than a dozen true Internet pioneers wrote Congress to protect Neutrality. The best Congress money can buy didn't listen but I wanted to reproduce their letter.
I hope they are wrong believing "is an imminent threat to the Internet we worked so hard to create." My take is the impact will be moderate in the short run.
From the letter:
We are the pioneers and technologists who created and now operate the Internet, and some of the innovators and business people who, like many others, depend on it for our livelihood. ... The FCC’s proposed Order is based on a flawed and factually inaccurate understanding of Internet technology. These flaws and inaccuracies were documented in detail in a 43-page-long joint comment signed by over 200 of the most prominent Internet pioneers and engineers and submitted to the FCC on July 17, 2017.
Despite this comment, the FCC did not correct its misunderstandings, but instead premised the proposed Order on the very technical flaws the comment explained. The technically-incorrect proposed Order ... More, including the full list, http://bit.ly/VintTim