diff options
Diffstat (limited to 'doc/rfc/rfc4176.txt')
-rw-r--r-- | doc/rfc/rfc4176.txt | 1179 |
1 files changed, 1179 insertions, 0 deletions
diff --git a/doc/rfc/rfc4176.txt b/doc/rfc/rfc4176.txt new file mode 100644 index 0000000..d85d258 --- /dev/null +++ b/doc/rfc/rfc4176.txt @@ -0,0 +1,1179 @@ + + + + + + +Network Working Group Y. El Mghazli, Ed. +Request for Comments: 4176 Alcatel +Category: Informational T. Nadeau + Cisco + M. Boucadair + France Telecom + K. Chan + Nortel + A. Gonguet + Alcatel + October 2005 + + + Framework for Layer 3 Virtual Private Networks (L3VPN) + Operations and Management + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2005). + +Abstract + + This document provides a framework for the operation and management + of Layer 3 Virtual Private Networks (L3VPNs). This framework intends + to produce a coherent description of the significant technical issues + that are important in the design of L3VPN management solutions. The + selection of specific approaches, and making choices among + information models and protocols are outside the scope of this + document. + + + + + + + + + + + + + + + + +El Mghazli, et al. Informational [Page 1] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +Table of Contents + + 1. Introduction ................................................. 2 + 1.1. Terminology ............................................ 2 + 1.2. Management functions ................................... 4 + 1.3. Reference Models ....................................... 5 + 2. Customer Service Operations and Management ................... 7 + 2.1. Customer Service Management Information Model .......... 7 + 2.2. Customer Management Functions .......................... 8 + 2.2.1. Fault Management ............................... 8 + 2.2.2. Configuration Management ....................... 9 + 2.2.3. Accounting ..................................... 9 + 2.2.4. Performance Management ......................... 10 + 2.2.5. Security Management ............................ 10 + 2.3. Customer Management Functional Description ............. 11 + 2.3.1. L3VPN Service Offering Management .............. 11 + 2.3.2. L3VPN Service Order Management ................. 12 + 2.3.3. L3VPN Service Assurance ........................ 12 + 3. Provider Network Manager ..................................... 12 + 3.1. Provider Network Management Definition ................. 12 + 3.2. Network Management Functions ........................... 13 + 3.2.1. Fault Management ............................... 13 + 3.2.2. Configuration Management ....................... 14 + 3.2.3. Accounting ..................................... 17 + 3.2.4. Performance Management ......................... 17 + 3.2.5. Security Management ............................ 17 + 4. L3VPN Devices ................................................ 18 + 4.1. Information Model ...................................... 18 + 4.2. Communication .......................................... 18 + 5. Security Considerations ...................................... 19 + 6. Acknowledgements ............................................. 19 + 7. Normative References ......................................... 19 + +1. Introduction + +1.1. Terminology + + In this document, the following terms are used and defined as + follows: + + VPN: + + Virtual Private Network. A set of transmission and switching + resources that will be used over a shared infrastructure to + process the (IP) traffic that characterizes communication services + between the sites or premises interconnected via this VPN. See + [RFC4026]. + + + + +El Mghazli, et al. Informational [Page 2] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + L3VPN: + + An L3VPN interconnects sets of hosts and routers based on Layer 3 + addresses. See [RFC4026]. + + VPN Instance: + + From a management standpoint, a VPN instance is the collection of + configuration information associated with a specific VPN, residing + on a PE router. + + VPN Site: + + A VPN customer's location that is connected to the Service + Provider network via a CE-PE link, which can access at least one + VPN. + + VPN Service Provider (SP): + + A Service Provider that offers VPN-related services. + + VPN Customer: + + Refers to a customer that bought VPNs from a VPN service provider. + + Customer Agent: + + Denotes the entity that is responsible for requesting VPN + customer-specific information. + + Service Level Agreement(SLA): + + Contractual agreement between the Service Provider and Customer, + which includes qualitative and quantitative metrics that define + service quality guarantees and retribution procedures when service + levels are not being met. + + Service Level Specifications (SLS): + + Internally-focused service performance specifications used by the + Service Provider to manage customer service quality levels. + + + + + + + + + + +El Mghazli, et al. Informational [Page 3] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +1.2. Management functions + + For any type of Layer-3 VPN (PE or CE-based VPNs), having a + management platform where the VPN-related information could be + collected and managed is recommended. The Service and Network + Management System may centralize information related to instances of + a VPN and allow users to configure and provision each instance from a + central location. + + An SP must be able to manage the capabilities and characteristics of + their VPN services. Customers should have means to ensure + fulfillment of the VPN service to which they subscribed. To the + extent possible, automated operations and interoperability with + standard management protocols should be supported. + + Two main management functions are identified: + + A customer service management function: + + This function provides the means for a customer to query, + configure, and receive (events/alarms) customer-specific VPN + service information. Customer-specific information includes data + related to contact, billing, site, access network, IP address, + routing protocol parameters, etc. It may also include + confidential data, such as encryption keys. Several solutions + could be used: + + * Proprietary network management system + + * SNMP manager + + * PDP function + + * Directory service, etc. + + A provider network management function: + + This function is responsible for planning, building, provisioning, + and maintaining network resources in order to meet the VPN + service-level agreements outlined in the SLA offered to the + customer. This mainly consists of (1) setup and configuration of + physical links, (2) provisioning of logical VPN service + configurations, and (3) life-cycle management of VPN service, + including the addition, modification, and deletion of VPN + configurations. + + + + + + +El Mghazli, et al. Informational [Page 4] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + There may be relationships between the customer service and + provider network management functions, as the provider network is + managed to support/realize/provide the customer service. One + example use of this relationship is to provide the VPN-SLS + assurance for verifying the fulfillment of the subscribed VPN + agreement. + +1.3. Reference Models + + The ITU-T Telecommunications Management Network has the following + generic requirements structure: + + o Engineer, deploy and manage the switching, routing, and + transmission resources supporting the service from a network + perspective (network element management); + + o Manage the VPNs deployed over these resources (network + management); + + o Manage the VPN service (service management); + + - - - - - - - - - - - - - - - - - - - - - - - -:- - - - - - - - - + Service +-------------+ : +----------+ + Management | Service |<------------------:----->| Customer | + Layer | Manager | : | Agent | + +-------------+ : +----------+ + - - - - - - - - - - ^ - - - - - - - - - - - - -:- - - - - - - - - + Network | +------------+ : + Management | | Provider | : + Layer | | Network | Customer + +------>| Manager | Interface + +------------+ : + - - - - - - - - - - - - - - - - - ^ - - - - - -:- - - - - - - - - + Network Element | : + Management | +------+ : +------+ + Layer | | | : | CE | + +->| PE | : |device| + |device| : | of | + | |--:--|VPN A| + +------+ : +------+ + ---------------------------------------------->:<---------------- + SP network : Customer Network + + Figure 1: Reference Model for PE-based L3VPN Management + + + + + + + +El Mghazli, et al. Informational [Page 5] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + - - - - - - - - - - - - - - - - - - - - - - - -:- - - - - - - - - + Service +-------------+ : +----------+ + Management | Service |<------------------:----->| Customer | + Layer | Manager | : | Agent | + +-------------+ : +----------+ + - - - - - - - - - - ^ - - - - - - - - - - - - -:- - - - - - - - - + Network | +------------+ : + Management | | Provider | : + Layer | | Network | Customer + +------>| Manager | Interface + +------------+ : + - - - - - - - - - - - - - - - -^- - - -^- - - -:- - - - - - - - - + Network Element | +-------:---------------+ + Management | +------+ : +------+ | + Layer | | | : | CE | | + +---->| PE | : |device|<----+ + |device| : | of | + | |--:--|VPN A| + +------+ : +------+ + ---------------------------------------------->:<---------------- + SP network : Customer Network + + Figure 2: Reference Model for CE-based L3VPN Management + + Above, Figures 1 and 2 present the reference models for both PE and + CE-based L3VPN management, according to the aforementioned generic + structure. + + In both models, the service manager administrates customer-specific + attributes, such as customer Identifier (ID), personal information + (e.g., name, address, phone number, credit card number, etc.), + subscription services and parameters, access control policy + information, billing and statistical information, etc. + + In the PE-based reference model, the provider network manager + administrates device attributes and their relationships, covering PE + devices and other devices that construct the corresponding PE-based + VPN. + + In the CE-based reference model, the provider network manager + administrates device attributes and their relationships, covering PE + and CE devices that construct the corresponding CE-based VPN. + + Network and customer service management systems that are responsible + for managing VPN networks have several challenges, depending on the + type of VPN network(s) they are required to manage. + + + + + +El Mghazli, et al. Informational [Page 6] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +2. Customer Service Operations and Management + + Services offered by providers can be viewed from the customer's or + the provider's perspective. This section describes service + management from the customer's perspective, focusing on the Customer + Management function. + + The Customer Management function's goal is to manage the + service-based operations like service ordering, service subscription, + activation, etc. + + The Customer Management function resides in the L3VPN service manager + at the Service Management Layer (SML). It mainly consists of + defining the L3VPN services offered by the SP, collecting and + consolidating the customer L3VPN services requirements, as well as + performing some reporting for the customer. This function is + correlated with the Network Management function at the Network + Management Layer (NML) for initiating the L3VPN services + provisioning, and getting some service reporting. + +2.1. Customer Service Management Information Model + + This section presents a framework that is used for L3VPN customer + service management at the SML. The information framework represents + the data that need to be managed, and the way they are represented. + At the SML, the information framework that is foreseen is composed of + Service Level Agreements (SLA) and Service Level Specifications + (SLS). + + Services are described through Service Level Agreements (SLA), which + are contractual documents between customers and service providers. + The technical part of the service description is called the Service + Level Specification (SLS). The SLS groups different kinds of + parameters. Some are more related to the description of the + transport of the packets, and some to the specification of the + service itself. + + A Service Level Specification (SLS) may be defined per access network + connection, per VPN, per VPN site, and/or per VPN route. The service + provider may define objectives and the measurement intervals, for at + least the SLS, using the following Service Level Objective (SLO) + parameters: + + o QoS and traffic parameters + + o Availability for the site, VPN, or access connection + + o Duration of outage intervals per site, route, or VPN + + + +El Mghazli, et al. Informational [Page 7] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + o Service activation interval (e.g., time to turn up a new site) + + o Trouble report response time interval + + o Time to repair interval + + o Total incoming/outgoing traffic from a site or a (VPN) route, or + that has transited through the whole VPN + + o Measurement of non-conforming incoming/outgoing traffic + (compliance of traffic should deserve some elaboration because of + many perspectives - security, QoS, routing, etc.) from a site or a + (VPN) route, or that has transited through the whole VPN + + The service provider and the customer may negotiate contractual + penalties in the case(s) where the provider does not meet a (set of) + SLS performance objective(s). + + Traffic parameters and actions should be defined for incoming and + outgoing packets that go through the demarcation between the service + provider premises and the customer's premises. For example, traffic + policing functions may be activated at the ingress of the service + provider's network, while traffic shaping capabilities could be + activated at the egress of the service provider's network. + +2.2. Customer Management Functions + + This section presents detailed customer management functions in the + traditional fault, configuration, accounting, performance, and + security (FCAPS) management categories. + +2.2.1. Fault Management + + The fault management function of the Customer Service Manager relies + upon the manipulation of network layer failure information, and it + reports incidents to the impacted customers. Such reports should be + based upon and related to the VPN service offering to which the + customer is subscribed. The Customer Management function support for + fault management includes: + + o Indication of customer's services impacted by failure + + o Incident recording or logs + + o Frequency of tests + + o Ability to invoke probes from the customer and provider + + + + +El Mghazli, et al. Informational [Page 8] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + o Ability to uncover faults before the customer notices them + +2.2.2. Configuration Management + + The configuration management function of the Customer Manager must be + able to configure L3VPN service parameters with the level of detail + that the customer is able to specify, according to service templates + defined by the provider. + + A service template contains fields which, when instantiated, yield a + definite service requirement or policy. For example, a template for + an IPsec tunnel [RFC2401] would contain fields such as tunnel end + points, authentication modes, encryption and authentication + algorithms, shared keys (if any), and traffic filters. + + Other examples: a BGP/MPLS-based VPN service template would contain + fields such as the customer premises that need to be interconnected + via the VPN, and a QoS agreement template would contain fields such + as one-way transit delay, inter-packet delay variation, throughput, + and packet loss thresholds. + +2.2.3. Accounting + + The accounting management function of the Customer Manager is + provided with network layer measurements information and manages this + information. The Customer Manager is responsible for the following + accounting functions: + + o Retrieval of accounting information from the Provider Network + Manager + + o Analysis, storage, and administration of measurements + + Some providers may require near-real time reporting of measurement + information, and may offer this as part of a customer network + management service. + + If an SP supports "Dynamic Bandwidth Management" service, then the + schedule and the amount of the bandwidth required to perform + requested bandwidth allocation change(s) must be traceable for + monitoring and accounting purposes. + + Solutions should state compliance with accounting requirements, as + described in section 1.7 of [RFC2975]. + + + + + + + +El Mghazli, et al. Informational [Page 9] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +2.2.4. Performance Management + + From the Customer Manager's perspective, performance management + includes functions involved in the determination of the conformance + level with the Service Level Specifications, such as QoS and + availability measurements. The objective is to correlate accounting + information with performance and fault management information to + produce billing that takes into account SLA provisions for periods of + time where the service level objectives are not met. + + The performance information should reflect the quality of the + subscribed VPN service as perceived by the customer. This + information could be measured by the provider or controlled by a + third party. The parameters that will be used to reflect the + performance level could be negotiated and agreed upon between the + service provider and the customer during the VPN service negotiation + phase. + + Performance management should also support analysis of important + aspects of an L3VPN, such as bandwidth utilization, response time, + availability, QoS statistics, and trends based on collected data. + +2.2.5. Security Management + + From the Customer Manager's perspective, the security management + function includes management features to guarantee the security of + the VPN. This includes security of devices, configuration data, and + access connections. Authentication and authorization (access + control) also fall into this category. + +2.2.5.1. Access Control + + Management access control determines the privileges that a user has + for particular applications and parts of the network. Without such + control, only the security of the data and control traffic is + protected (leaving the devices providing the L3VPN network + unprotected) among other equipment or resources. Access control + capabilities protect these devices to ensure that users have access + to only those resources and applications they are granted to use. + +2.2.5.2. Authentication + + Authentication is the process of verifying the identity of a VPN + user. + + + + + + + +El Mghazli, et al. Informational [Page 10] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +2.3. Customer Management Functional Description + + This section provides a high-level example of an architecture for the + L3VPN management framework, with regard to the SML layer. The goal + is to map the customer management functions described in Section 2.2 + to architectural yet functional blocks, and to describe the + communication with the other L3VPN management functions. + + + - - - - - - - - - - - - - - - - - - - - - - - - - + + | Service +----------------+ +----------------+ | + | Management | VPN Offering| | VPN Order | | + | | Management | | Management | | + | +----------------+ +----------------+ | + | +----------------+ +----------------+ | + | | VPN | | VPN-based | | + | | Assurance | | SLS Management | | + | +----------------+ +----------------+ | + + - - - - - - - - - - - - - - - - - - - - - - - - - + + + Figure 3: Overview of the Service Management + + A customer must have a means to view the topology, operational state, + order status, and other parameters associated with the VPN service + offering that has been subscribed. + + All aspects of management information about CE devices and customer + attributes of an L3VPN, manageable by a SP, should be capable of + being configured and maintained by an authenticated, authorized + Service manager. + + A customer agent should be able to make dynamic requests for changing + the parameters that describe a service. A customer should be able to + receive responses from the SP network in response to these requests + (modulo the existence of necessary agreements). Communication + between customer Agents and (VPN) service providers will rely upon a + query/response mechanism. + + A customer who may not be able to afford the resources to manage its + CPEs should be able to outsource the management of the VPN to the + service provider(s) supporting the network. + +2.3.1. L3VPN Service Offering Management + + Hopefully, the deployment of a VPN addresses customers' requirements. + Thus, the provider must have the means to advertise the VPN-based + services it offers. Then, the potential customers could select the + service to which they want to subscribe. Additional features could + be associated to this subscription phase, such as the selection of a + + + +El Mghazli, et al. Informational [Page 11] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + level of quality associated to the delivery of the VPN service, the + level of management of the VPN service performed by the SP, security + options, etc. + +2.3.2. L3VPN Service Order Management + + This operation aims at managing the requests initiated by the + customers and tracks the status of the achievement of the related + operations. The activation of the orders is conditioned by the + availability of the resources that meet the customer's requirements + with the agreed guarantees (note that it could be a result of a + negotiation phase between the customer and the provider). + +2.3.3. L3VPN Service Assurance + + The customer may require the means to evaluate the fulfillment of the + contracted SLA with the provider. Thus, the provider should monitor, + measure, and provide statistical information to the customer, + assuming an agreement between both parties on the measurement + methodology, as well as the specification of the corresponding (set + of) quality of service indicators. + +3. Provider Network Manager + +3.1. Provider Network Management Definition + + When implementing a VPN architecture within a domain (or a set of + domains managed by a single SP), the SP must have a means to view the + physical and logical topology of the VPN premises, the VPN + operational status, the VPN service ordering status, the VPN service + handling, the VPN service activation status, and other aspects + associated with each customer's VPN. + + From a provider's perspective, the management of a VPN service + consists mainly of: + + o Managing the customers (the term "customer" denotes a role rather + than the end user, thus an SP could be a customer) and end-users + in terms of SLA + + o Managing the VPN premises (especially creating, modifying, and + deleting operations, editing the related information to a specific + link, or supervising the AAA [RFC2903] [RFC2906] operations) + + o Managing the CE-PE links (particularly creating, modifying, and + deleting links, editing the related information to a specific VPN) + + + + + +El Mghazli, et al. Informational [Page 12] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + o Managing the service ordering, such as Quality of Service, in + terms of supported classes of service, traffic isolation, etc. + + Currently, proprietary methods are often used to manage VPNs. The + additional expense associated with operators having to use multiple, + proprietary, configuration-related management methods (e.g., Command + Line Interface (CLI) languages) to access such systems is not + recommended, because it affects the overall cost of the service + (including the exploitation costs), especially when multiple vendor + technologies (hence multiple expertise) are used to support the VPN + service offering. Therefore, devices should provide standards-based + interfaces. From this perspective, additional requirements on + possible interoperability issues and availability of such + standardized management interfaces need to be investigated. + +3.2. Network Management Functions + + In addition, there can be internal service provided by the SP for + satisfying the customer service requirements. Some of these may + include the notion of dynamic deployment of resources for supporting + the customer-visible services, high availability service for the + customer that may be supported by automatic failure detection, and + automatic switchover to back-up VPNs. These are accomplished by + inter-working with the FCAPS capabilities of the Provider Network + Manager. + +3.2.1. Fault Management + + The Provider Network Manager support for fault management includes: + + o Fault detection (incidents reports, alarms, failure visualization) + + o Fault localization (analysis of alarms reports, diagnostics) + + o Corrective actions (data path, routing, resource allocation) + + Since L3VPNs rely upon a common network infrastructure, the Provider + Network Manager provides a means to inform the Service Manager about + the VPN customers impacted by a failure in the infrastructure. The + Provider Network Manager should provide pointers to the related + customer configuration information to contribute to the procedures of + fault isolation and the determination of corrective actions. + + It is desirable to detect faults caused by configuration errors, + because these may cause VPN service to fail, or not meet other + requirements (e.g., traffic and routing isolation). One approach + + + + + +El Mghazli, et al. Informational [Page 13] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + could be a protocol that systematically checks that all constraints + have been taken into account, and that consistency checks have been + enforced during the tunnel configuration process. + + A capability that aims at checking IP reachability within a VPN must + be provided for diagnostic purposes. + + A capability that aims at checking the configuration of a VPN device + must be provided for diagnostic purposes. + +3.2.2. Configuration Management + + The Provider Network Manager must support configuration management + capabilities in order to deploy VPNs. To do so, a Provider Network + Manager must provide configuration management that provisions at + least the following L3VPN components: PE, CE, hierarchical tunnels, + access connections, routing, and QoS, as detailed in this section. + If access to the Internet is provided, then this option must also be + configurable. + + Provisioning for adding or removing VPN customer premises should be + as automated as possible. + + Finally, the Provider Network Manager must ensure that these devices + and protocols are provisioned consistently and correctly. The + solution should provide a means for checking whether a service order + is correctly provisioned. This would represent one method of + diagnosing configuration errors. Configuration errors can arise due + to a variety of reasons: manual configuration, intruder attacks, and + conflicting service requirements. + + Requirements for L3VPN configuration management are: + + o The Provider Network Manager must support configuration of VPN + membership. + + o The Provider Network Manager should use identifiers for SPs, + L3VPNs, PEs, CEs, hierarchical tunnels, and access connections. + + o Tunnels must be configured between PE/CE devices. This requires + coordination of tunnel identifiers, paths, VPNs, and any + associated service information, for example, a QoS service. + + o Routing protocols running between PE routers and CE devices must + be configured. For multicast services, multicast routing + protocols must also be configurable. + + + + + +El Mghazli, et al. Informational [Page 14] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + o Routing protocols running between PE routers, and between PE and P + routers, must also be configured. + + PE-based only: + + o Routing protocols running between PE routers and CE devices, if + any, must be configured on a per-VPN basis. The Provider Network + Manager must support configuration of a CE routing protocol for + each access connection. + + o The configuration of a PE-based L3VPN should be coordinated with + the configuration of the underlying infrastructure, including + Layer 1 and 2 networks that interconnect components of an L3VPN. + +3.2.2.1. Provisioning Routing-based Configuration Information + + If there is an IGP running within the L3VPN, the Provider Network + Manager must provision the related parameters. This includes + metrics, capacity, QoS capability, and restoration parameters. + +3.2.2.2. Provisioning Access-based Configuration Information + + The Provider Network Manager must provision network access between + SP-managed PE and CE equipment. + +3.2.2.3. Provisioning Security Services-based Configuration Information + + When a security service is requested, the Provider Network Manager + must provision the entities and associated parameters involved in the + provisioning of the service. For example, IPsec services, tunnels, + options, keys, and other parameters should be provisioned at either + the CE and/or the PE routers. In the case of an intrusion detection + service, the filtering and detection rules should be provisioned on a + VPN basis. + +3.2.2.4. Provisioning VPN Resource Parameters + + A service provider should have a means to dynamically provision + resources associated with VPN services. For example, in a PE-based + service, the number and size of virtual switching and forwarding + table instances should be provisioned. + + If an SP supports a "Dynamic Bandwidth Management" service, then the + dates, times, amounts, and intervals required to perform requested + bandwidth allocation change(s) may be traceable for accounting + purposes. + + + + + +El Mghazli, et al. Informational [Page 15] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + If an SP supports a "Dynamic Bandwidth Management" service, then the + provisioning system must be able to make requested changes within the + ranges and bounds specified in the Service Level Specifications. + Examples of QoS parameters are the response time and the probability + of being able to service such a request. + + Dynamic VPN resource allocation is crucial to cope with the frequent + requests for changes that are expressed by customers (e.g., sites + joining or leaving a VPN), as well as to achieve scalability. The PE + routers should be able to dynamically assign the VPN resources. This + capability is especially important for dial-up and wireless VPN + services. + +3.2.2.5. Provisioning Value-Added Service Access + + An L3VPN service provides controlled access between a set of sites + over a common backbone. However, many service providers also offer a + range of value-added services, for example: Internet access, firewall + services, intrusion detection, IP telephony and IP Centrex, + application hosting, backup, etc. It is outside the scope of this + document to define if and how these different services interact with + the VPN service offering. However, the VPN service should be able to + provide access to these various types of value-added services. + + A VPN service should allow the SP to supply the customer with + different kinds of well-known IP services (e.g., DNS, NTP, RADIUS, + etc.) needed for ordinary network operation and management. The + provider should be able to provide IP services to multiple customers + from one or many servers. + + A firewall function may be required to restrict access to the L3VPN + from the Internet [Y.1311]. + + Managed firewalls may be supported on a per-VPN basis, although + multiple VPNs will be supported by the same physical device. In such + cases, managed firewalls should be provided at the access point(s) of + the L3VPN. Such services may be embedded in the CE or PE devices, or + implemented in stand-alone devices. + + The Provider Network Manager should allow a customer to outsource the + management of an IP service to the SP providing the VPN or to a third + party. + + The management system should support the collection of information + necessary for optimal allocation of IP services in response to + customers' orders, in correlation with provider-provisioned resources + supporting the service. + + + + +El Mghazli, et al. Informational [Page 16] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + If Internet access is provided, reachability to and from the Internet + from/to sites within a VPN should be configurable by an SP. + Configuring routing policy to control distribution of VPN routes + advertised to the Internet may realize this. + +3.2.2.6. Provisioning Hybrid VPN Services + + Configuration of interworking L3VPN solutions should also be + supported, taking security and end-to-end QoS issues into account. + +3.2.3. Accounting + + The Provider Network Manager is responsible for the measurements of + resource utilization. + +3.2.4. Performance Management + + From the Provider Network Manager's perspective, performance + management includes functions involved in monitoring and collecting + performance data regarding devices, facilities, and services. + + The Provider Network Manager must monitor the devices' behavior to + evaluate performance metrics associated with an SLS. Different + measurement techniques may be necessary, depending on the service for + which an SLA is provided. Example services are QoS, security, + multicast, and temporary access. These techniques may be either + intrusive or non-intrusive, depending on the parameters being + monitored. + + The Provider Network Manager must also monitor aspects of the VPN + that are not directly associated with an SLS, such as resource + utilization, status of devices and transmission facilities, as well + as control of monitoring resources, such as probes and remote agents + at network access points used by customers and mobile users. + + Devices supporting L3VPN whose level of quality is defined by SLSes + should have real-time performance measurements that have indicators + and threshold crossing alerts. Such thresholds should be + configurable. + +3.2.5. Security Management + + From the Provider Network Manager's perspective, the security + management function of the Provider Network Manager must include + management features to guarantee the preservation of the + confidentiality of customers' traffic and control data, as described + in [RFC3809]. + + + + +El Mghazli, et al. Informational [Page 17] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +3.2.5.1. Authentication Management + + The Provider Network Manager must support standard methods for + authenticating users attempting to access VPN services. + + Scalability is critical, as the number of nomadic/mobile clients is + increasing rapidly. The authentication scheme implemented for such + deployments must be manageable for large numbers of users and VPN + access points. + + Support for strong authentication schemes needs to be supported to + ensure the security of both VPN access point-to-VPN access point (PE + to PE) and client-to-VPN Access point (CE-to-PE) communications. + This is particularly important to prevent VPN access point (VPN AP) + spoofing. VPN Access Point Spoofing is the situation where an + attacker tries to convince a PE or a CE that the attacker is the VPN + Access Point. If an attacker succeeds, then the device will send VPN + traffic to the attacker (who could forward it on to the actual (and + granted) access point after compromising confidentiality and/or + integrity). + + In other words, a non-authenticated VPN AP can be spoofed with a man- + in-the-middle attack, because the endpoints rarely verify each other. + A weakly authenticated VPN AP may be subject to such an attack. + However, strongly authenticated VPN APs are not subject to such + attacks, because the man-in-the-middle cannot authenticate as the + real AP, due to the strong authentication algorithms. + +4. L3VPN Devices + +4.1. Information Model + + Each L3VPN solution must specify the management information (MIBs, + PIBs, XML schemas, etc.) for network elements involved in L3VPN + services. This is an essential requirement in network provisioning. + The approach should identify any L3VPN-specific information not + contained in a standards track MIB module. + +4.2. Communication + + The deployment of a VPN may span a wide range of network equipment, + potentially including equipment from multiple vendors. Therefore, + the provisioning of a unified network management view of the VPN + shall be simplified by means of standard management interfaces and + models. This will also facilitate customer self-managed (monitored) + network devices or systems. + + + + + +El Mghazli, et al. Informational [Page 18] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + In cases where significant configuration is required whenever a new + service is to be provisioned, it is important, for scalability + reasons, that the NMS provides a largely automated mechanism for the + relevant configuration operations. Manual configuration of VPN + services (i.e., new sites, or re-provisioning existing ones) could + lead to scalability issues, and should be avoided. It is thus + important for network operators to maintain visibility of the + complete picture of the VPN through the NMS system. This should be + achieved by using standards track protocols such as SNMP. Use of + proprietary command-line interfaces is not recommended. + +5. Security Considerations + + This document describes a framework for L3VPN Operations and + Management. Although this document discusses and addresses some + security concerns in Section 2.2.5 and Section 3.2.5 above, it does + not introduce any new security concerns. + +6. Acknowledgements + + Special Thanks to Nathalie Charton, Alban Couturier, Christian + Jacquenet, and Harmen Van Der Linde for their review of the document + and their valuable suggestions. + +7. Normative References + + [RFC2975] Aboba, B., Arkko, J., and D. Harrington, "Introduction to + Accounting Management", RFC 2975, October 2000. + + [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for the + Internet Protocol", RFC 2401, November 1998. + + [RFC2903] de Laat, C., Gross, G., Gommans, L., Vollbrecht, J., and + D. Spence, "Generic AAA Architecture", RFC 2903, August + 2000. + + [RFC2906] Farrell, S., Vollbrecht, J., Calhoun, P., Gommans, L., + Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., and + D. Spence, "AAA Authorization Requirements", RFC 2906, + August 2000. + + [RFC3809] Nagarajan, A., "Generic Requirements for Provider + Provisioned Virtual Private Networks (PPVPN)", RFC 3809, + June 2004. + + [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual + Private Network (VPN) Terminology", RFC 4026, March 2005. + + + + +El Mghazli, et al. Informational [Page 19] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + + [Y.1311] ITU, "Network-based IP VPN over MPLS architecture", + ITU-T Y.1311.1, 2001. + +Authors' Addresses + + Yacine El Mghazli (Editor) + Alcatel + Route de Nozay + Marcoussis 91460 + France + + EMail: yacine.el_mghazli@alcatel.fr + + + Thomas D. Nadeau + Cisco Systems, Inc. + 300 Beaver Brook Road + Boxborough, MA 01719 + + Phone: +1-978-936-1470 + EMail: tnadeau@cisco.com + + + Mohamed Boucadair + France Telecom + 42, rue des Coutures + Caen 14066 + France + + EMail: mohamed.boucadair@francetelecom.com + + + Kwok Ho Chan + Nortel Networks + 600 Technology Park Drive + Billerica, MA 01821 + USA + + EMail: khchan@nortel.com + + + Arnaud Gonguet + Alcatel + Route de Nozay + Marcoussis 91460 + France + + EMail: arnaud.gonguet@alcatel.fr + + + +El Mghazli, et al. Informational [Page 20] + +RFC 4176 L3VPN Operations and Management Framework October 2005 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2005). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at ietf- + ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + +El Mghazli, et al. Informational [Page 21] + |