summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc8655.txt
blob: 178c553e5c9303b338f1e6a5b8bb0ec4d609c19d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
Internet Engineering Task Force (IETF)                           N. Finn
Request for Comments: 8655                                        Huawei
Category: Standards Track                                     P. Thubert
ISSN: 2070-1721                                                    Cisco
                                                                B. Varga
                                                               J. Farkas
                                                                Ericsson
                                                            October 2019


                 Deterministic Networking Architecture

Abstract

   This document provides the overall architecture for Deterministic
   Networking (DetNet), which provides a capability to carry specified
   unicast or multicast data flows for real-time applications with
   extremely low data loss rates and bounded latency within a network
   domain.  Techniques used include 1) reserving data-plane resources
   for individual (or aggregated) DetNet flows in some or all of the
   intermediate nodes along the path of the flow, 2) providing explicit
   routes for DetNet flows that do not immediately change with the
   network topology, and 3) distributing data from DetNet flow packets
   over time and/or space to ensure delivery of each packet's data in
   spite of the loss of a path.  DetNet operates at the IP layer and
   delivers service over lower-layer technologies such as MPLS and Time-
   Sensitive Networking (TSN) as defined by IEEE 802.1.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8655.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Terminology
     2.1.  Terms Used in This Document
     2.2.  Dictionary of Terms Used by TSN and DetNet
   3.  Providing the DetNet Quality of Service
     3.1.  Primary Goals Defining the DetNet QoS
     3.2.  Mechanisms to Achieve DetNet QoS
       3.2.1.  Resource Allocation
       3.2.2.  Service Protection
       3.2.3.  Explicit Routes
     3.3.  Secondary Goals for DetNet
       3.3.1.  Coexistence with Normal Traffic
       3.3.2.  Fault Mitigation
   4.  DetNet Architecture
     4.1.  DetNet Stack Model
       4.1.1.  Representative Protocol Stack Model
       4.1.2.  DetNet Data-Plane Overview
       4.1.3.  Network Reference Model
     4.2.  DetNet Systems
       4.2.1.  End System
       4.2.2.  DetNet Edge, Relay, and Transit Nodes
     4.3.  DetNet Flows
       4.3.1.  DetNet Flow Types
       4.3.2.  Source Transmission Behavior
       4.3.3.  Incomplete Networks
     4.4.  Traffic Engineering for DetNet
       4.4.1.  The Application Plane
       4.4.2.  The Controller Plane
       4.4.3.  The Network Plane
     4.5.  Queuing, Shaping, Scheduling, and Preemption
     4.6.  Service Instance
     4.7.  Flow Identification at Technology Borders
       4.7.1.  Exporting Flow Identification
       4.7.2.  Flow Attribute Mapping between Layers
       4.7.3.  Flow-ID Mapping Examples
     4.8.  Advertising Resources, Capabilities, and Adjacencies
     4.9.  Scaling to Larger Networks
     4.10. Compatibility with Layer 2
   5.  Security Considerations
   6.  Privacy Considerations
   7.  IANA Considerations
   8.  Informative References
   Acknowledgements
   Authors' Addresses

1.  Introduction

   This document provides the overall architecture for Deterministic
   Networking (DetNet), which provides a capability for the delivery of
   data flows with extremely low packet loss rates and bounded end-to-
   end delivery latency.  DetNet is for networks that are under a single
   administrative control or within a closed group of administrative
   control; these include campus-wide networks and private WANs.  DetNet
   is not for large groups of domains such as the Internet.

   DetNet operates at the IP layer and delivers service over lower-layer
   technologies such as MPLS and IEEE 802.1 Time-Sensitive Networking
   (TSN).  DetNet provides a reliable and available service by
   dedicating network resources such as link bandwidth and buffer space
   to DetNet flows and/or classes of DetNet flows, and by replicating
   packets along multiple paths.  Unused reserved resources are
   available to non-DetNet packets as long as all guarantees are
   fulfilled.

   The "Deterministic Networking Problem Statement" [RFC8557] introduces
   DetNet, and "Deterministic Networking Use Cases" [RFC8578] summarizes
   the need for it.  See [DETNET-FRAMEWORK] for specific techniques that
   can be used to identify DetNet flows and assign them to specific
   paths through a network.

   A goal of DetNet is a converged network in all respects, including
   the convergence of sensitive non-IP networks onto a common network
   infrastructure.  The presence of DetNet flows does not preclude non-
   DetNet flows, and the benefits offered DetNet flows should not,
   except in extreme cases, prevent existing Quality-of-Service (QoS)
   mechanisms from operating in a normal fashion, subject to the
   bandwidth required for the DetNet flows.  A single source-destination
   pair can trade both DetNet and non-DetNet flows.  End systems and
   applications need not instantiate special interfaces for DetNet
   flows.  Networks are not restricted to certain topologies;
   connectivity is not restricted.  Any application that generates a
   data flow that can be usefully characterized as having a maximum
   bandwidth should be able to take advantage of DetNet, as long as the
   necessary resources can be reserved.  Reservations can be made by the
   application itself, via network management, centrally by an
   application's controller, or by other means, for instance, by placing
   on-demand reservation via a distributed Control Plane, e.g.,
   leveraging the Resource Reservation Protocol (RSVP) [RFC2205].  QoS
   requirements of DetNet flows can be met if all network nodes in a
   DetNet domain implement DetNet capabilities.  DetNet nodes can be
   interconnected with different sub-network technologies
   (Section 4.1.2) where the nodes of the subnet are not DetNet aware
   (Section 4.1.3).

   Many applications that are intended to be served by DetNet require
   the ability to synchronize the clocks in end systems to a sub-
   microsecond accuracy.  Some of the queue-control techniques defined
   in Section 4.5 also require time synchronization among network nodes.
   The means used to achieve time synchronization are not addressed in
   this document.  DetNet can accommodate various time-synchronization
   techniques and profiles that are defined elsewhere to address the
   needs of different market segments.

2.  Terminology

2.1.  Terms Used in This Document

   The following terms are used in the context of DetNet in this
   document:

   allocation
      The dedication of resources to support a DetNet flow.  Depending
      on an implementation, the resource may be reused by non-DetNet
      flows when it is not used by the DetNet flow.

   App-flow
      The payload (data) carried over a DetNet service.

   DetNet compound flow and DetNet member flow
      A DetNet compound flow is a DetNet flow that has been separated
      into multiple duplicate DetNet member flows for service protection
      at the DetNet service sub-layer.  Member flows are merged back
      into a single DetNet compound flow such that there are no
      duplicate packets.  "Compound" and "member" are strictly relative
      to each other, not absolutes; a DetNet compound flow comprising
      multiple DetNet member flows can, in turn, be a member of a
      higher-order compound.

   DetNet destination
      An end system capable of terminating a DetNet flow.

   DetNet domain
      The portion of a network that is DetNet aware.  It includes end
      systems and DetNet nodes.

   DetNet edge node
      An instance of a DetNet relay node that acts as a source and/or
      destination at the DetNet service sub-layer.  For example, it can
      include a DetNet service sub-layer proxy function for DetNet
      service protection (e.g., the addition or removal of packet
      sequencing information) for one or more end systems, it can start
      or terminate resource allocation at the DetNet forwarding sub-
      layer, or it can aggregate DetNet services into new DetNet flows.
      It is analogous to a Label Edge Router (LER) or a Provider Edge
      (PE) router.

   DetNet flow
      A sequence of packets that conforms uniquely to a flow identifier
      and to which the DetNet service is to be provided.  It includes
      any DetNet headers added to support the DetNet service and
      forwarding sub-layers.

   DetNet forwarding sub-layer
      DetNet functionality is divided into two sub-layers.  One of them
      is the DetNet forwarding sub-layer, which optionally provides
      resource allocation for DetNet flows over paths provided by the
      underlying network.

   DetNet intermediate node
      A DetNet relay node or DetNet transit node.

   DetNet node
      A DetNet edge node, a DetNet relay node, or a DetNet transit node.

   DetNet relay node
      A DetNet node that includes a service sub-layer function that
      interconnects different DetNet forwarding sub-layer paths to
      provide service protection.  A DetNet relay node participates in
      the DetNet service sub-layer.  It typically incorporates DetNet
      forwarding sub-layer functions as well, in which case it is
      collocated with a transit node.

   DetNet service sub-layer
      DetNet functionality is divided into two sub-layers.  One of them
      is the DetNet service sub-layer, at which a DetNet service (e.g.,
      service protection) is provided.

   DetNet service proxy
      A proxy that maps between App-flows and DetNet flows.

   DetNet source
      An end system capable of originating a DetNet flow.

   DetNet system
      A DetNet-aware end system, transit node, or relay node.  "DetNet"
      may be omitted in some text.

   DetNet transit node
      A DetNet node, operating at the DetNet forwarding sub-layer, that
      utilizes link-layer and/or network-layer switching across multiple
      links and/or sub-networks to provide paths for DetNet service sub-
      layer functions.  It typically provides resource allocation over
      those paths.  An MPLS Label Switch Router (LSR) is an example of a
      DetNet transit node.

   DetNet-UNI
      A User-to-Network Interface (UNI) with DetNet-specific
      functionalities.  It is a packet-based reference point and may
      provide multiple functions like encapsulation, status,
      synchronization, etc.

   end system
      Commonly called a "host" in the RFC series and an "end station" in
      IEEE 802 standards.  End systems of interest to this document are
      either sources or destinations of DetNet flows, and they may or
      may not be aware of DetNet forwarding sub-layers or DetNet service
      sub-layers.

   link
      A connection between two DetNet nodes.  It may be composed of a
      physical link or a sub-network technology that can provide
      appropriate traffic delivery for DetNet flows.

   Packet Elimination Function (PEF)
      A function that eliminates duplicate copies of packets to prevent
      excess packets flooding the network or duplicate packets being
      sent out of the DetNet domain.  A PEF can be implemented by a
      DetNet edge node, a DetNet relay node, or an end system.

   Packet Replication Function (PRF)
      A function that replicates DetNet flow packets and forwards them
      to one or more next hops in the DetNet domain.  The number of
      packet copies sent to the next hops is a parameter specific to the
      DetNet flow at the point of replication.  A PRF can be implemented
      by a DetNet edge node, a DetNet relay node, or an end system.

   PREOF
      A collective name for Packet Replication, Elimination, and
      Ordering Functions.

   Packet Ordering Function (POF)
      A function that reorders packets within a DetNet flow that are
      received out of order.  This function can be implemented by a
      DetNet edge node, a DetNet relay node, or an end system.

   reservation
      The set of resources allocated between a source and one or more
      destinations through DetNet nodes and subnets associated with a
      DetNet flow in order to provide the provisioned DetNet service.

2.2.  Dictionary of Terms Used by TSN and DetNet

   This section serves as a dictionary for translating the terms used by
   the Time-Sensitive Networking (TSN) Task Group [IEEE802.1TSNTG] of
   the IEEE 802.1 WG to those of the Deterministic Networking (detnet)
   WG of the IETF.

   Listener
      The term used by IEEE 802.1 for a destination of a DetNet flow.

   Relay system
      The term used by IEEE 802.1 for a DetNet intermediate node.

   Stream
      The term used by IEEE 802.1 for a DetNet flow.

   Talker
      The term used by IEEE 802.1 for the source of a DetNet flow.

3.  Providing the DetNet Quality of Service

3.1.  Primary Goals Defining the DetNet QoS

   The DetNet QoS can be expressed in terms of:

   *  Minimum and maximum end-to-end latency from source to destination,
      timely delivery, and bounded jitter (packet delay variation)
      derived from these constraints.

   *  Packet loss ratio under various assumptions as to the operational
      states of the nodes and links.

   *  An upper bound on out-of-order packet delivery.  It is worth
      noting that some DetNet applications are unable to tolerate any
      out-of-order delivery.

   It is a distinction of DetNet that it is concerned solely with worst-
   case values for the end-to-end latency, jitter, and misordering.
   Average, mean, or typical values are of little interest, because they
   do not affect the ability of a real-time system to perform its tasks.
   In general, a trivial priority-based queuing scheme will give better
   average latency to a data flow than DetNet; however, it may not be a
   suitable option for DetNet because of its worst-case latency.

   Three techniques are used by DetNet to provide these qualities of
   service:

   *  Resource allocation (Section 3.2.1)

   *  Service protection (Section 3.2.2)

   *  Explicit routes (Section 3.2.3)

   Resource allocation operates by assigning resources, e.g., buffer
   space or link bandwidth, to a DetNet flow (or flow aggregate) along
   its path.  Resource allocation greatly reduces, or even eliminates
   entirely, packet loss due to output packet contention within the
   network, but it can only be supplied to a DetNet flow that is limited
   at the source to a maximum packet size and transmission rate.  As
   DetNet flows are assumed to be rate limited and DetNet is designed to
   provide sufficient allocated resources (including provisioned
   capacity), the use of transport-layer congestion control [RFC2914]
   for App-flows is not required; however, if resources are allocated
   appropriately, use of congestion control should not impact
   transmission negatively.

   Resource allocation addresses two of the DetNet QoS requirements:
   latency and packet loss.  Given that DetNet nodes have a finite
   amount of buffer space, resource allocation necessarily results in a
   maximum end-to-end latency.  Resource allocation also addresses
   contention-related packet loss.

   Other important contributions to packet loss are random media errors
   and equipment failures.  Service protection is the name for the
   mechanisms used by DetNet to address these losses.  The mechanisms
   employed are constrained by the need to meet the users' latency
   requirements.  Packet replication and elimination (Section 3.2.2.2)
   and packet encoding (Section 3.2.2.3) are described in this document
   to provide service protection, but other mechanisms may also be
   found.  For instance, packet encoding can be used to provide service
   protection against random media errors, while packet replication and
   elimination can be used to provide service protection against
   equipment failures.  This mechanism distributes the contents of
   DetNet flows over multiple paths in time and/or space, so that the
   loss of some of the paths does need not cause the loss of any
   packets.

   The paths are typically (but not necessarily) explicit routes so that
   they do not normally suffer temporary interruptions caused by the
   convergence of routing or bridging protocols.

   These three techniques can be applied individually or applied
   together; it results that eight combinations, including none (no
   DetNet), are possible.  Some combinations, however, are of wider
   utility than others.  This separation keeps the protocol stack
   coherent and maximizes interoperability with existing and developing
   standards in the IETF and other Standards Development Organizations.
   The following are examples of typical expected combinations:

   *  The combination of explicit routes and service protection is the
      technique employed by seamless redundancy mechanisms applied on a
      ring topology, e.g., as described in [IEC-62439-3].  In this
      example, explicit routes are achieved by limiting the physical
      topology of the network to a ring.  Sequentialization,
      replication, and duplicate elimination are facilitated by packet
      tags added at the front or the end of Ethernet frames.  [RFC8227]
      provides another example in the context of MPLS.

   *  Resource allocation alone was originally offered by Audio Video
      Bridging as defined by IEEE 802.1 [IEEE802.1BA].  As long as the
      network suffers no failures, packet loss due to output packet
      contention can be eliminated through the use of a reservation
      protocol (e.g., the Multiple Stream Registration Protocol
      [IEEE802.1Q]), shapers in every bridge, and proper dimensioning.

   *  Using all three together gives maximum protection.

   There are, of course, simpler methods available (and employed today)
   to achieve levels of latency and packet loss that are satisfactory
   for many applications.  Prioritization and over-provisioning is one
   such technique.  However, these methods generally work best in the
   absence of any significant amount of noncritical traffic in the
   network (if, indeed, such traffic is supported at all).  They may
   also work only if the critical traffic constitutes only a small
   portion of the network's theoretical capacity, if all systems are
   functioning properly, or if actions by end systems that disrupt the
   network's operations are absent.

   There are any number of methods in use, defined, or in progress for
   accomplishing each of the above techniques.  It is expected that the
   DetNet architecture defined in this document will assist various
   vendors, users, and/or "vertical" Standards Development Organizations
   (dedicated to a single industry) in making selections among the
   available means of implementing DetNet networks.

3.2.  Mechanisms to Achieve DetNet QoS

3.2.1.  Resource Allocation

3.2.1.1.  Eliminate Contention Loss

   The primary means by which DetNet achieves its QoS assurances is to
   reduce, or even completely eliminate, packet loss due to output
   packet contention within a DetNet node as a cause of packet loss.
   This can be achieved only by the provision of sufficient buffer
   storage at each node through the network to ensure that no packets
   are dropped due to a lack of buffer storage.  Note that App-flows are
   generally not expected to be responsive to implicit [RFC2914] or
   explicit congestion notification [RFC3168].

   Ensuring adequate buffering requires, in turn, that the source and
   every DetNet node along the path to the destination (or nearly every
   node; see Section 4.3.3) be careful to regulate its output to not
   exceed the data rate for any DetNet flow, except for brief periods
   when making up for interfering traffic.  Any packet sent ahead of its
   time potentially adds to the number of buffers required by the next-
   hop DetNet node and may thus exceed the resources allocated for a
   particular DetNet flow.  Furthermore, rate limiting (e.g., using
   traffic policing) and shaping functions (e.g., shaping as defined in
   [RFC2475]) at the ingress of the DetNet domain must be applied.  This
   is needed for meeting the requirements of DetNet flows as well as for
   protecting non-DetNet traffic from potentially misbehaving DetNet
   traffic sources.  Note that large buffers have some issues (see,
   e.g., [BUFFERBLOAT]).

   The low-level mechanisms described in Section 4.5 provide the
   necessary regulation of transmissions by an end system or DetNet node
   to provide resource allocation.  The allocation of the bandwidth and
   buffers for a DetNet flow requires provisioning.  A DetNet node may
   have other resources requiring allocation and/or scheduling that
   might otherwise be over-subscribed and trigger the rejection of a
   reservation.

3.2.1.2.  Jitter Reduction

   A core objective of DetNet is to enable the convergence of sensitive
   non-IP networks onto a common network infrastructure.  This requires
   the accurate emulation of currently deployed mission-specific
   networks, which, for example, rely on point-to-point analog (e.g.,
   4-20mA modulation) and serial-digital cables (or buses) for highly
   reliable, synchronized, and jitter-free communications.  While the
   latency of analog transmissions is basically the speed of light,
   legacy serial links are usually slow (in the order of Kbps) compared
   to, say, Gigabit Ethernet, and some latency is usually acceptable.
   What is not acceptable is the introduction of excessive jitter, which
   may, for instance, affect the stability of control systems.

   Applications that are designed to operate on serial links usually do
   not provide services to recover the jitter, because jitter simply
   does not exist there.  DetNet flows are generally expected to be
   delivered in order, and the precise time of reception influences the
   processes.  In order to converge such existing applications, there is
   a desire to emulate all properties of the serial cable, such as clock
   transportation, perfect flow isolation, and fixed latency.  While
   minimal jitter (in the form of specifying minimum, as well as
   maximum, end-to-end latency) is supported by DetNet, there are
   practical limitations on packet-based networks in this regard.  In
   general, users are encouraged to use a combination of:

   *  Sub-microsecond time synchronization among all source and
      destination end systems, and

   *  Time-of-execution fields in the application packets.

   Jitter reduction is provided by the mechanisms described in
   Section 4.5 that also provide resource allocation.

3.2.2.  Service Protection

   Service protection aims to mitigate or eliminate packet loss due to
   equipment failures, including random media and/or memory faults.
   These types of packet loss can be greatly reduced by spreading the
   data over multiple disjoint forwarding paths.  Various service
   protection methods are described in [RFC6372], e.g., 1+1 linear
   protection.  The functional details of an additional method are
   described in Section 3.2.2.2, which can be implemented as described
   in Section 3.2.2.3 or as specified in [DETNET-MPLS] in order to
   provide 1+n hitless protection.  The appropriate service protection
   mechanism depends on the scenario and the requirements.

3.2.2.1.  In-Order Delivery

   Out-of-order packet delivery can be a side effect of service
   protection.  Packets delivered out of order impact the amount of
   buffering needed at the destination to properly process the received
   data.  Such packets also influence the jitter of a flow.  The
   guarantees of a DetNet service include a maximum amount of
   misordering as a constraint.  Zero misordering would be a valid
   service constraint to reflect that the end system(s) of the flow
   cannot tolerate any out-of-order delivery.  A DetNet Packet Ordering
   Function (POF) (Section 3.2.2.2) can be used to provide in-order
   delivery.

3.2.2.2.  Packet Replication and Elimination

   This section describes a service protection method that sends copies
   of the same packets over multiple paths.

   The DetNet service sub-layer includes the PRF, PEF, and POF for use
   in DetNet edge, relay node, and end-system packet processing.  These
   functions can be enabled in a DetNet edge node, relay node, or end
   system.  The collective name for all three functions is Packet
   Replication, Elimination, and Ordering Functions (PREOF).  The packet
   replication and elimination service protection method altogether
   involves four capabilities:

   *  Sequencing information is provided to the packets of a DetNet
      compound flow.  This may be done by adding a sequence number or
      time stamp as part of DetNet, or it may be inherent in the packet,
      e.g., in a higher-layer protocol or associated to other physical
      properties such as the precise time (and radio channel) of
      reception of the packet.  This is typically done once, at or near
      the source.

   *  The PRF replicates these packets into multiple DetNet member flows
      and typically sends them along multiple different paths to the
      destination(s), e.g., over the explicit routes described in
      Section 3.2.3.  The location within a DetNet node and the
      mechanism used for the PRF are left open for implementations.

   *  The PEF eliminates duplicate packets of a DetNet flow based on the
      sequencing information and a history of received packets.  The
      output of the PEF is always a single packet.  This may be done at
      any DetNet node along the path to save network resources further
      downstream, in particular if multiple replication points exist.
      But the most common case is to perform this operation at the very
      edge of the DetNet network, preferably in or near the receiver.
      The location within a DetNet node and the mechanism used for the
      PEF is left open for implementations.

   *  The POF uses the sequencing information to reorder a DetNet flow's
      packets that are received out of order.

   The order in which a DetNet node applies PEF, POF, and PRF to a
   DetNet flow is left open for implementations.

   Some service protection mechanisms rely on switching from one flow to
   another when a failure of a flow is detected.  Contrarily, packet
   replication and elimination combines the DetNet member flows sent
   along multiple different paths and performs a packet-by-packet
   selection of which to discard, e.g., based on sequencing information.

   In the simplest case, this amounts to 1) replicating each packet in a
   source that has two interfaces and 2) conveying them through the
   network along separate (Shared Risk Link Group (SRLG) disjoint) paths
   to the similarly dual-homed destinations that 3) reorder the packets
   and 4) discard the duplicates.  This ensures that one path remains,
   even if some DetNet intermediate node fails.  The sequencing
   information can also be used for loss detection and for reordering.

   DetNet relay nodes in the network can provide replication and
   elimination facilities at various points in the network so that
   multiple failures can be accommodated.

   This is shown in Figure 1, where the two relay nodes each replicate
   (R) the DetNet flow on input, sending the DetNet member flows to both
   the other relay node and to the end system, and eliminate duplicates
   (E) on the output interface to the right-hand end system.  Any one
   link in the network can fail, and the DetNet compound flow can still
   get through.  Furthermore, two links can fail, as long as they are in
   different segments of the network.

                > > > > > > > > > relay > > > > > > > >
               > /------------+ R node E +------------\ >
              > /                  v + ^               \ >
      end    R +                   v | ^                + E end
      system   +                   v | ^                +   system
              > \                  v + ^               / >
               > \------------+ R relay E +-----------/ >
                > > > > > > > > >  node > > > > > > > >

                Figure 1: Packet Replication and Elimination

   Packet replication and elimination does not react to and correct
   failures; it is entirely passive.  Thus, intermittent failures,
   mistakenly created packet filters, or misrouted data is handled just
   the same as the equipment failures that are handled by typical
   routing and bridging protocols.

   If member flows that take different-length paths through the network
   are combined, a merge point may require extra buffering to equalize
   the delays over the different paths.  This equalization ensures that
   the resultant compound flow will not exceed its contracted bandwidth
   even after one of the paths is restored after a failure.  The extra
   buffering can be also used to provide in-order delivery.

3.2.2.3.  Packet Encoding for Service Protection

   There are methods for using multiple paths to provide service
   protection that involve encoding the information in a packet
   belonging to a DetNet flow into multiple transmission units,
   combining information from multiple packets into any given
   transmission unit.  Such techniques, also known as "network coding",
   can be used as a DetNet service protection technique.

3.2.3.  Explicit Routes

   In networks controlled by typical dynamic control protocols such as
   IS-IS or OSPF, a network topology event in one part of the network
   can impact, at least briefly, the delivery of data in parts of the
   network remote from the failure or recovery event.  Even the use of
   redundant paths through a network, e.g., as defined by [RFC6372],
   does not eliminate the chances of packet loss.  Furthermore, out-of-
   order packet delivery can be a side effect of route changes.

   Many real-time networks rely on physical rings of two-port devices,
   with a relatively simple ring control protocol.  This supports
   redundant paths for service protection with a minimum of wiring.  As
   an additional benefit, ring topologies can often utilize different
   topology management protocols from those used for a mesh network,
   with a consequent reduction in the response time to topology changes.
   Of course, this comes at some cost in terms of increased hop count,
   and thus latency, for the typical path.

   In order to get the advantages of low hop count and still ensure
   against even very brief losses of connectivity, DetNet employs
   explicit routes where the path taken by a given DetNet flow does not
   change, at least not immediately and likely not at all, in response
   to network topology events.  Service protection (see Sections 3.2.2
   and 3.2.2.3) over explicit routes provides a high likelihood of
   continuous connectivity.  Explicit routes can be established in
   various ways, e.g., with RSVP-TE [RFC3209], with Segment Routing (SR)
   [RFC8402], via a SDN approach [RFC8453], with IS-IS [RFC7813], etc.
   Explicit routes are typically used in MPLS TE (Traffic Engineering)
   Label Switched Paths (LSPs).

   Out-of-order packet delivery can be a side effect of distributing a
   single flow over multiple paths, especially when there is a change
   from one path to another when combining the flow.  This is
   irrespective of the distribution method used and also applies to
   service protection over explicit routes.  As described in
   Section 3.2.2.1, out-of-order packets influence the jitter of a flow
   and impact the amount of buffering needed to process the data;
   therefore, the guarantees of a DetNet service include a maximum
   amount of misordering as a constraint.  The use of explicit routes
   helps to provide in-order delivery because there is no immediate
   route change with the network topology, but the changes are plannable
   as they are between the different explicit routes.

3.3.  Secondary Goals for DetNet

   Many applications require DetNet to provide additional services,
   including coexistence with other QoS mechanisms (Section 3.3.1) and
   protection against misbehaving transmitters (Section 3.3.2).

3.3.1.  Coexistence with Normal Traffic

   A DetNet network supports the dedication of a high proportion of the
   network bandwidth to DetNet flows.  But, no matter how much is
   dedicated for DetNet flows, it is a goal of DetNet to coexist with
   existing Class-of-Service schemes (e.g., DiffServ).  It is also
   important that non-DetNet traffic not disrupt the DetNet flow, of
   course (see Sections 3.3.2 and 5).  For these reasons:

   *  Bandwidth (transmission opportunities) not utilized by a DetNet
      flow is available to non-DetNet packets (though not to other
      DetNet flows).

   *  DetNet flows can be shaped or scheduled, in order to ensure that
      the highest-priority non-DetNet packet is also ensured a worst-
      case latency.

   *  When transmission opportunities for DetNet flows are scheduled in
      detail, the algorithm constructing the schedule should leave
      sufficient opportunities for non-DetNet packets to satisfy the
      needs of the users of the network.  Detailed scheduling can also
      permit the time-shared use of buffer resources by different DetNet
      flows.

   Starvation of non-DetNet traffic must be avoided, for example, by
   traffic policing and shaping functions (e.g., [RFC2475]).  Thus, the
   net effect of the presence of DetNet flows in a network on the non-
   DetNet flows is primarily a reduction in the available bandwidth.

3.3.2.  Fault Mitigation

   Robust real-time systems require reducing the number of possible
   failures.  Filters and policers should be used in a DetNet network to
   detect if DetNet packets are received on the wrong interface, at the
   wrong time, or in too great a volume.  Furthermore, filters and
   policers can take actions to discard the offending packets or flows,
   or trigger shutting down the offending flow or the offending
   interface.

   It is also essential that filters and service remarking be employed
   at the network edge to prevent non-DetNet packets from being mistaken
   for DetNet packets and thus impinging on the resources allocated to
   DetNet packets.  In particular, sending DetNet traffic into networks
   that have not been provisioned in advance to handle that DetNet
   traffic has to be treated as a fault.  The use of egress traffic
   filters, or equivalent mechanisms, to prevent this from happening are
   strongly recommended at the edges of DetNet networks and DetNet
   supporting networks.  In this context, the term 'provisioned' has a
   broad meaning, e.g., provisioning could be performed via an
   administrative decision that the downstream network has the available
   capacity to carry the DetNet traffic that is being sent into it.

   Note that the sending of App-flows that do not use transport-layer
   congestion control per [RFC2914] into a network that is not
   provisioned to handle such traffic has to be treated as a fault and
   prevented.  PRF-generated DetNet member flows also need to be treated
   as not using transport-layer congestion control even if the original
   App-flow supports transport-layer congestion control because PREOF
   can remove congestion indications at the PEF and thereby hide such
   indications (e.g., drops, ECN markings, increased latency) from end
   systems.

   The mechanisms to support these requirements are both Data Plane and
   implementation specific.  Solutions that are data-plane specific will
   be specified in the relevant data-plane solution document.  There
   also exist techniques, at present and/or in various stages of
   standardization, that can support these fault-mitigation tasks that
   deliver a high probability that misbehaving systems will have zero
   impact on well-behaved DetNet flows with the exception, of course, of
   the receiving interface(s) immediately downstream from the
   misbehaving device.  Examples of such techniques include traffic
   policing and shaping functions (e.g., those described in [RFC2475]),
   separating flows into per-flow rate-limited queues, and potentially
   applying active queue management [RFC7567].

4.  DetNet Architecture

4.1.  DetNet Stack Model

   DetNet functionality (Section 3) is implemented in two adjacent sub-
   layers in the protocol stack: the DetNet service sub-layer and the
   DetNet forwarding sub-layer.  The DetNet service sub-layer provides
   DetNet service, e.g., service protection, to higher layers in the
   protocol stack and applications.  The DetNet forwarding sub-layer
   supports DetNet service in the underlying network, e.g., by providing
   explicit routes and resource allocation to DetNet flows.

4.1.1.  Representative Protocol Stack Model

   Figure 2 illustrates a conceptual DetNet data-plane layering model.
   One may compare it to that in [IEEE802.1CB], Annex C.

              |  packets going  |        ^  packets coming   ^
              v down the stack  v        |   up the stack    |
           +-----------------------+   +-----------------------+
           |        Source         |   |      Destination      |
           +-----------------------+   +-----------------------+
           |   Service sub-layer:  |   |   Service sub-layer:  |
           |   Packet sequencing   |   | Duplicate elimination |
           |    Flow replication   |   |      Flow merging     |
           |    Packet encoding    |   |    Packet decoding    |
           +-----------------------+   +-----------------------+
           | Forwarding sub-layer: |   | Forwarding sub-layer: |
           |  Resource allocation  |   |  Resource allocation  |
           |    Explicit routes    |   |    Explicit routes    |
           +-----------------------+   +-----------------------+
           |     Lower layers      |   |     Lower layers      |
           +-----------------------+   +-----------------------+
                       v                           ^
                        \_________________________/

                 Figure 2: DetNet Data-Plane Protocol Stack

   Not all sub-layers are required for any given application, or even
   for any given network.  The functionality shown in Figure 2 is:

   Application
      Shown as "source" and "destination" in the diagram.

   Packet sequencing
      As part of the DetNet service sub-layer, the packet sequencing
      function supplies the sequence number for packet replication and
      elimination for DetNet service protection (Section 3.2.2.2); thus,
      its peer is duplicate elimination.  This sub-layer is not needed
      if a higher-layer protocol is expected to perform any packet
      sequencing and duplicate elimination required by the DetNet flow
      replication.

   Duplicate elimination
      As part of the DetNet service sub-layer, based on the sequence
      number supplied by its peer (packet sequencing), duplicate
      elimination discards any duplicate packets generated by DetNet
      flow replication.  It can operate on member flows, compound flows,
      or both.  The replication may also be inferred from other
      information such as the precise time of reception in a scheduled
      network.  The duplicate elimination sub-layer may also perform
      resequencing of packets to restore packet order in a flow that was
      disrupted by the loss of packets on one or another of the multiple
      paths taken.

   Flow replication
      As part of DetNet service protection, packets that belong to a
      DetNet compound flow are replicated into two or more DetNet member
      flows.  This function is separate from packet sequencing.  Flow
      replication can be an explicit replication and remarking of
      packets or can be performed by, for example, techniques similar to
      ordinary multicast replication, albeit with resource allocation
      implications.  Its peer is DetNet flow merging.

   Flow merging
      As part of the DetNet service sub-layer, the flow merging function
      combines DetNet member flows together for packets coming up the
      stack belonging to a specific DetNet compound flow.  DetNet flow
      merging, together with packet sequencing, duplicate elimination,
      and DetNet flow replication perform packet replication and
      elimination (Section 3.2.2).  Its peer is DetNet flow replication.

   Packet encoding
      As part of DetNet service protection, as an alternative to packet
      sequencing and flow replication, packet encoding combines the
      information in multiple DetNet packets, perhaps from different
      DetNet compound flows, and transmits that information in packets
      on different DetNet member flows.  Its peer is packet decoding.

   Packet decoding
      As part of DetNet service protection, as an alternative to flow
      merging and duplicate elimination, packet decoding takes packets
      from different DetNet member flows and computes from those packets
      the original DetNet packets from the compound flows input to
      packet encoding.  Its peer is packet encoding.

   Resource allocation
      The DetNet forwarding sub-layer provides resource allocation.  See
      Section 4.5.  The actual queuing and shaping mechanisms are
      typically provided by the underlying subnet.  These can be closely
      associated with the means of providing paths for DetNet flows.
      The path and the resource allocation are conflated in this figure.

   Explicit routes
      Explicit routes are arrangements of fixed paths operated at the
      DetNet forwarding sub-layer that are determined in advance to
      avoid the impact of network convergence on DetNet flows.

   Operations, Administration, and Maintenance (OAM) leverages in-band
   and out-of-band signaling that validates whether the service is
   effectively obtained within QoS constraints.  OAM is not shown in
   Figure 2; it may reside in any number of the layers.  OAM can involve
   specific tagging added in the packets for tracing implementation or
   network configuration errors; traceability enables finding whether a
   packet is a replica, which DetNet relay node performed the
   replication, and which segment was intended for the replica.  Active
   and hybrid OAM methods require additional bandwidth to perform fault
   management and performance monitoring of the DetNet domain.  OAM may,
   for instance, generate special test probes or add OAM information
   into the data packet.

   The packet replication and elimination functions may be performed
   either at the source and destination ends of a DetNet compound flow
   or in a DetNet relay node.

4.1.2.  DetNet Data-Plane Overview

   A "Deterministic Network" will be composed of DetNet-enabled end
   systems, DetNet edge nodes, and DetNet relay nodes, which
   collectively deliver DetNet services.  DetNet relay and edge nodes
   are interconnected via DetNet transit nodes (e.g., LSRs), which
   support DetNet but are not DetNet service aware.  All DetNet nodes
   are connected to sub-networks, where a point-to-point link is also
   considered a simple sub-network.  These sub-networks provide DetNet-
   compatible service for support of DetNet traffic.  Examples of sub-
   network technologies include MPLS TE, TSN as defined by IEEE 802.1,
   and OTN (Optical Transport Network).  Of course, multilayer DetNet
   systems may also be possible, where one DetNet appears as a sub-
   network and provides service to a higher-layer DetNet system.  A
   simple DetNet concept network is shown in Figure 3.  Note that in
   this and following figures, "Forwarding" and "Fwd" refer to the
   DetNet forwarding sub-layer, and "Service" and "Svc" refer to the
   DetNet service sub-layer; both of these sub-layers are described in
   detail in Section 4.1.1.

   TSN               Edge        Transit         Relay        DetNet
   End System        Node         Node           Node        End System

   +----------+   +.........+                               +----------+
   |  Appl.   |<--:Svc Proxy:-- End-to-End Service -------->|  Appl.   |
   +----------+   +---------+                 +---------+   +----------+
   |   TSN    |   |TSN| |Svc|<- DetNet flow --: Service :-->| Service  |
   +----------+   +---+ +---+   +--------+    +---------+   +----------+
   |Forwarding|   |Fwd| |Fwd|   |  Fwd   |    |Fwd| |Fwd|   |Forwarding|
   +-------.--+   +-.-+ +-.-+   +--.----.+    +-.-+ +-.-+   +---.------+
           :  Link  :    /  ,-----. \   : Link  :    /  ,-----.  \
           +........+    +-[  Sub- ]-+  +.......+    +-[  Sub- ]-+
                           [network]                   [network]
                            `-----'                     `-----'

                 Figure 3: A Simple DetNet-Enabled Network

   DetNet Data Plane is divided into two sub-layers: the DetNet service
   sub-layer and the DetNet forwarding sub-layer.  This helps to explore
   and evaluate various combinations of the data-plane solutions
   available.  Some of them are illustrated in Figure 4.  This
   separation of DetNet sub-layers, while helpful, should not be
   considered a formal requirement.  For example, some technologies may
   violate these strict sub-layers and still be able to deliver a DetNet
   service.

                   .
                   .
     +-----------------------------+
     |  DetNet Service sub-layer   | PW, UDP, GRE
     +-----------------------------+
     | DetNet Forwarding sub-layer | IPv6, IPv4, MPLS TE LSPs, MPLS SR
     +-----------------------------+
                   .
                   .

                 Figure 4: DetNet Adaptation to Data Plane

   In some networking scenarios, the end system initially provides a
   DetNet flow encapsulation, which contains all information needed by
   DetNet nodes (e.g., DetNet flow based on the Real-time Transport
   Protocol (RTP) [RFC3550] that is carried over a native UDP/IP network
   or pseudowire (PW)).  In other scenarios, the encapsulation formats
   might differ significantly.

   There are many valid options to create a data-plane solution for
   DetNet traffic by selecting a technology approach for the DetNet
   service sub-layer and also selecting a technology approach for the
   DetNet forwarding sub-layer.  There are a large number of valid
   combinations.

   One of the most fundamental differences between different potential
   data-plane options is the basic headers used by DetNet nodes.  For
   example, the basic service can be delivered based on an MPLS label or
   an IP header.  This decision impacts the basic forwarding logic for
   the DetNet service sub-layer.  Note that in both cases, IP addresses
   are used to address DetNet nodes.  The selected DetNet forwarding
   sub-layer technology also needs to be mapped to the subnet technology
   used to interconnect DetNet nodes.  For example, DetNet flows will
   need to be mapped to TSN Streams.

4.1.3.  Network Reference Model

   Figure 5 shows another view of the DetNet service-related reference
   points and main components.

   DetNet                                                     DetNet
   End System                                                 End System
      _                                                             _
     / \     +----DetNet-UNI (U)                                   / \
    /App\    |                                                    /App\
   /-----\   |                                                   /-----\
   | NIC |   v         ________                                  | NIC |
   +--+--+   _____    /        \             DetNet-UNI (U) --+  +--+--+
      |     /     \__/          \                             |     |
      |    / +----+    +----+    \_____                       |     |
      |   /  |    |    |    |          \_______               |     |
      +------U PE +----+ P  +----+             \          _   v     |
          |  |    |    |    |    |              |     ___/ \        |
          |  +--+-+    +----+    |       +----+ |    /      \_      |
          \     |                |       |    | |   /         \     |
           \    |   +----+    +--+-+  +--+PE  |------         U-----+
            \   |   |    |    |    |  |  |    | |   \_      _/
             \  +---+ P  +----+ P  +--+  +----+ |     \____/
              \___  |    |    |    |           /
                  \ +----+__  +----+     DetNet-1    DetNet-2
      |            \_____/  \___________/                           |
      |                                                             |
      |      |     End-to-End Service         |     |         |     |
      <------------------------------------------------------------->
      |      |     DetNet Service             |     |         |     |
      |      <------------------------------------------------>     |
      |      |                                |     |         |     |

           Figure 5: DetNet Service Reference Model (Multidomain)

   DetNet User-to-Network Interfaces (DetNet-UNIs) ("U" in Figure 5) are
   assumed in this document to be packet-based reference points and
   provide connectivity over the packet network.  A DetNet-UNI may
   provide multiple functions.  For example, it may:

   *  add encapsulation specific to networking technology to the DetNet
      flows if necessary,

   *  provide status of the availability of the resources associated
      with a reservation,

   *  provide a synchronization service for the end system, or

   *  carry enough signaling to place the reservation in a network
      without a controller or in a network where the controller only
      deals with the network but not the end systems.

   Internal reference points of end systems (between the application and
   the Network Interface Card (NIC)) are more challenging from the
   control perspective, and they may have extra requirements (e.g., in-
   order delivery is expected in end system internal reference points,
   whereas it is considered optional over the DetNet-UNI).

4.2.  DetNet Systems

4.2.1.  End System

   The traffic characteristics of an App-flow can be CBR (constant bit
   rate) or VBR (variable bit rate) and can have Layer 1, Layer 2, or
   Layer 3 encapsulation (e.g., TDM (time-division multiplexing)
   Ethernet, IP).  These characteristics are considered as input for
   resource reservation and might be simplified to ensure determinism
   during packet forwarding (e.g., making reservations for the peak rate
   of VBR traffic, etc.).

   An end system may or may not be aware of the DetNet forwarding sub-
   layer or DetNet service sub-layer.  That is, an end system may or may
   not contain DetNet-specific functionality.  End systems with DetNet
   functionalities may have the same or different forwarding sub-layer
   as the connected DetNet domain.  Categorization of end systems are
   shown in Figure 6.

                End system
                    |
                    |
                    |  DetNet aware ?
                   / \
           +------<   >------+
        NO |       \ /       | YES
           |        v        |
    DetNet-unaware           |
      End system             |
                             | Service/Forwarding
                             |  sub-layer
                            / \  aware ?
                  +--------<   >-------------+
          f-aware |         \ /              | s-aware
                  |          v               |
                  |          | both          |
                  |          |               |
          DetNet f-aware     |        DetNet s-aware
            End system       |         End system
                             v
                       DetNet sf-aware
                         End system

                  Figure 6: Categorization of End Systems

   The following are some known use case examples for end systems:

   DetNet unaware
      The classic case requiring service proxies.

   DetNet f-aware
      A system that is aware of the DetNet forwarding sub-layer.  It
      knows about some TSN functions (e.g., reservation) but not about
      service protection.

   DetNet s-aware
      A system that is aware of the DetNet service sub-layer.  It
      supplies sequence numbers but doesn't know about resource
      allocation.

   DetNet sf-aware
      A fully functioning DetNet end system.  It has DetNet
      functionalities and usually the same forwarding paradigm as the
      connected DetNet domain.  It can be treated as an integral part of
      the DetNet domain.

4.2.2.  DetNet Edge, Relay, and Transit Nodes

   As shown in Figure 3, DetNet edge nodes providing proxy service and
   DetNet relay nodes providing the DetNet service sub-layer are DetNet
   aware, and DetNet transit nodes need only be aware of the DetNet
   forwarding sub-layer.

   In general, if a DetNet flow passes through one or more DetNet-
   unaware network nodes between two DetNet nodes providing the DetNet
   forwarding sub-layer for that flow, there is a potential for
   disruption or failure of the DetNet QoS.  A network administrator
   needs to 1) ensure that the DetNet-unaware network nodes are
   configured to minimize the chances of packet loss and delay and 2)
   provision enough extra buffer space in the DetNet transit node
   following the DetNet-unaware network nodes to absorb the induced
   latency variations.

4.3.  DetNet Flows

4.3.1.  DetNet Flow Types

   A DetNet flow can have different formats while its packets are
   forwarded between the peer end systems depending on the type of the
   end systems.  Corresponding to the end system types, the following
   possible types/formats of a DetNet flow are distinguished in this
   document.  The different flow types have different requirements to
   DetNet nodes.

   App-flow
      The payload (data) carried over a DetNet flow between DetNet-
      unaware end systems.  An App-flow does not contain any DetNet-
      related attributes and does not imply any specific requirement on
      DetNet nodes.

   DetNet-f-flow
      The specific format of a DetNet flow.  It only requires the
      resource allocation features provided by the DetNet forwarding
      sub-layer.

   DetNet-s-flow
      The specific format of a DetNet flow.  It only requires the
      service protection feature ensured by the DetNet service sub-
      layer.

   DetNet-sf-flow
      The specific format of a DetNet flow.  It requires both the DetNet
      service sub-layer and the DetNet forwarding sub-layer functions
      during forwarding.

4.3.2.  Source Transmission Behavior

   For the purposes of resource allocation, DetNet flows can be
   synchronous or asynchronous.  In synchronous DetNet flows, at least
   the DetNet nodes (and possibly the end systems) are closely time
   synchronized, typically to better than 1 microsecond.  By
   transmitting packets from different DetNet flows or classes of DetNet
   flows at different times, using repeating schedules synchronized
   among the DetNet nodes, resources such as buffers and link bandwidth
   can be shared over the time domain among different DetNet flows.
   There is a trade-off among techniques for synchronous DetNet flows
   between the burden of fine-grained scheduling and the benefit of
   reducing the required resources, especially buffer space.

   In contrast, asynchronous DetNet flows are not coordinated with a
   fine-grained schedule, so relay and end systems must assume worst-
   case interference among DetNet flows contending for buffer resources.
   Asynchronous DetNet flows are characterized by:

   *  A maximum packet size;

   *  An observation interval; and

   *  A maximum number of transmissions during that observation
      interval.

   These parameters, together with knowledge of the protocol stack used
   (and thus the size of the various headers added to a packet), provide
   the bandwidth that is needed for the DetNet flow.

   The source is required not to exceed these limits in order to obtain
   DetNet service.  If the source transmits less data than this limit
   allows, then the unused resource, such as link bandwidth, can be made
   available by the DetNet system to non-DetNet packets as long as all
   guarantees are fulfilled.  However, making those resources available
   to DetNet packets in other DetNet flows would serve no purpose.
   Those other DetNet flows have their own dedicated resources, on the
   assumption that all DetNet flows can use all of their resources over
   a long period of time.

   There is no expectation in DetNet for App-flows to be responsive to
   congestion control [RFC2914] or explicit congestion notification
   [RFC3168].  The assumption is that a DetNet flow, to be useful, must
   be delivered in its entirety.  That is, while any useful application
   is written to expect a certain number of lost packets, the real-time
   applications of interest to DetNet demand that the loss of data due
   to the network is a rare event.

   Although DetNet strives to minimize the changes required of an
   application to allow it to shift from a special-purpose digital
   network to an Internet Protocol network, one fundamental shift in the
   behavior of network applications is impossible to avoid: the
   reservation of resources before the application starts.  In the first
   place, a network cannot deliver finite latency and practically zero
   packet loss to an arbitrarily high offered load.  Secondly, achieving
   practically zero packet loss for DetNet flows means that DetNet nodes
   have to dedicate buffer resources to specific DetNet flows or to
   classes of DetNet flows.  The requirements of each reservation have
   to be translated into the parameters that control each DetNet
   system's queuing, shaping, and scheduling functions, and they have to
   be delivered to the DetNet nodes and end systems.

   All nodes in a DetNet domain are expected to support the data
   behavior required to deliver a particular DetNet service.  If a node
   itself is not DetNet service aware, the DetNet nodes that are
   adjacent to them must ensure that the node that is non-DetNet aware
   is provisioned to appropriately support the DetNet service.  For
   example, a TSN node (as defined by IEEE 802.1) may be used to
   interconnect DetNet-aware nodes, and these DetNet nodes can map
   DetNet flows to 802.1 TSN flows.  As another example, an MPLS-TE or
   MPLS-TP (Transport Profile) domain may be used to interconnect
   DetNet-aware nodes, and these DetNet nodes can map DetNet flows to TE
   LSPs, which can provide the QoS requirements of the DetNet service.

4.3.3.  Incomplete Networks

   The presence in the network of intermediate nodes or subnets that are
   not fully capable of offering DetNet services complicates the ability
   of the intermediate nodes and/or controller to allocate resources, as
   extra buffering must be allocated at points downstream from the non-
   DetNet intermediate node for a DetNet flow.  This extra buffering may
   increase latency and/or jitter.

4.4.  Traffic Engineering for DetNet

   Traffic Engineering Architecture and Signaling (TEAS) [TEAS] defines
   traffic-engineering architectures for generic applicability across
   packet and nonpacket networks.  From a TEAS perspective, Traffic
   Engineering (TE) refers to techniques that enable operators to
   control how specific traffic flows are treated within their networks.

   Because of its very nature of establishing explicit optimized paths,
   DetNet can be seen as a new, specialized branch of TE, and it
   inherits its architecture with a separation into planes.

   The DetNet architecture is thus composed of three planes: a (User)
   Application Plane, a Controller Plane, and a Network Plane.  This
   echoes the composition of Figure 1 of "Software-Defined Networking
   (SDN): Layers and Architecture Terminology" [RFC7426] and the
   controllers identified in [RFC8453] and [RFC7149].

4.4.1.  The Application Plane

   Per [RFC7426], the Application Plane includes both applications and
   services.  In particular, the Application Plane incorporates the User
   Agent, a specialized application that interacts with the end user and
   operator and performs requests for DetNet services via an abstract
   Flow Management Entity (FME), which may or may not be collocated with
   (one of) the end systems.

   At the Application Plane, a management interface enables the
   negotiation of flows between end systems.  An abstraction of the flow
   called a Traffic Specification (TSpec) provides the representation.
   This abstraction is used to place a reservation over the (Northbound)
   Service Interface and within the Application Plane.  It is associated
   with an abstraction of location, such as IP addresses and DNS names,
   to identify the end systems and possibly specify DetNet nodes.

4.4.2.  The Controller Plane

   The Controller Plane corresponds to the aggregation of the Control
   and Management Planes in [RFC7426], though Common Control and
   Measurement Plane (CCAMP) (as defined by the CCAMP Working Group
   [CCAMP]) makes an additional distinction between management and
   measurement.  When the logical separation of the Control,
   Measurement, and other Management entities is not relevant, the term
   "Controller Plane" is used for simplicity to represent them all, and
   the term "Controller Plane Function (CPF)" refers to any device
   operating in that plane, whether it is a Path Computation Element
   (PCE) [RFC4655], a Network Management Entity (NME), or a distributed
   control protocol.  The CPF is a core element of a controller, in
   charge of computing deterministic paths to be applied in the Network
   Plane.

   A (Northbound) Service Interface enables applications in the
   Application Plane to communicate with the entities in the Controller
   Plane as illustrated in Figure 7.

   One or more CPFs collaborate to implement the requests from the FME
   as per-flow, per-hop behaviors installed in the DetNet nodes for each
   individual flow.  The CPFs place each flow along a deterministic
   arrangement of DetNet nodes so as to respect per-flow constraints
   such as security and latency, and to optimize the overall result for
   metrics such as an abstract aggregated cost.  The deterministic
   arrangement can typically be more complex than a direct arrangement
   and include redundant paths with one or more packet replication and
   elimination points.  Scaling to larger networks is discussed in
   Section 4.9.

4.4.3.  The Network Plane

   The Network Plane represents the network devices and protocols as a
   whole, regardless of the layer at which the network devices operate.
   It includes the Data Plane and Operational Plane (e.g., OAM) aspects.

   The Network Plane comprises the Network Interface Cards (NICs) in the
   end systems, which are typically IP hosts, and DetNet nodes, which
   are typically IP routers and MPLS switches.

   A Southbound (Network) Interface enables the entities in the
   Controller Plane to communicate with devices in the Network Plane as
   illustrated in Figure 7.  This interface leverages and extends TEAS
   to describe the physical topology and resources in the Network Plane.

       End                                                     End
       System                                               System

      -+-+-+-+-+-+-+ Northbound -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

                CPF         CPF              CPF              CPF

      -+-+-+-+-+-+-+ Southbound -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

                 DetNet     DetNet     DetNet     DetNet
                  Node       Node       Node       Node
       NIC                                                     NIC
                 DetNet     DetNet     DetNet     DetNet
                  Node       Node       Node       Node

               Figure 7: Northbound and Southbound Interfaces

   The DetNet nodes (and possibly the end systems' NICs) expose their
   capabilities and physical resources to the controller (the CPF) and
   update the CPFs with their dynamic perception of the topology across
   the Southbound Interface.  In return, the CPFs set the per-flow paths
   up, providing a Flow Characterization that is more tightly coupled to
   the DetNet node operation than a TSpec.

   At the Network Plane, DetNet nodes may exchange information regarding
   the state of the paths, between adjacent DetNet nodes and possibly
   with the end systems, and forward packets within constraints
   associated to each flow, or, when unable to do so, perform a last-
   resort operation such as drop or declassify.

   This document focuses on the Southbound interface and the operation
   of the Network Plane.

4.5.  Queuing, Shaping, Scheduling, and Preemption

   DetNet achieves bounded delivery latency by reserving bandwidth and
   buffer resources at each DetNet node along the path of the DetNet
   flow.  The reservation itself is not sufficient, however.
   Implementors and users of a number of proprietary and standard real-
   time networks have found that standards for specific data-plane
   techniques are required to enable these assurances to be made in a
   multivendor network.  The fundamental reason is that latency
   variation in one DetNet system results in the need for extra buffer
   space in the next-hop DetNet system(s), which in turn increases the
   worst-case per-hop latency.

   Standard queuing and transmission-selection algorithms allow TE
   (Section 4.4) to compute the latency contribution of each DetNet node
   to the end-to-end latency, to compute the amount of buffer space
   required in each DetNet node for each incremental DetNet flow, and
   most importantly, to translate from a flow specification to a set of
   values for the managed objects that control each relay or end system.
   For example, the IEEE 802.1 WG has specified (and is specifying) a
   set of queuing, shaping, and scheduling algorithms that enable each
   DetNet node, and/or a central controller, to compute these values.
   These algorithms include:

   *  A credit-based shaper [IEEE802.1Qav] (incorporated to
      [IEEE802.1Q]).

   *  Time-gated queues governed by a rotating time schedule based on
      synchronized time [IEEE802.1Qbv] (incorporated to [IEEE802.1Q]).

   *  Synchronized double (or triple) buffers driven by synchronized
      time ticks.  [IEEE802.1Qch] (incorporated to [IEEE802.1Q]).

   *  Preemption of an Ethernet packet in transmission by a packet with
      a more stringent latency requirement, followed by the resumption
      of the preempted packet [IEEE802.1Qbu] (incorporated to
      [IEEE802.1Q]) [IEEE802.3br] (incorporated to [IEEE802.3]).

   While these techniques are currently embedded in Ethernet [IEEE802.3]
   and bridging standards, we can note that they are all, except perhaps
   for packet preemption, equally applicable to media other than
   Ethernet and to routers as well as bridges.  Other media may have
   their own methods (see, e.g., [TSCH-ARCH] and [RFC7554]).  Further
   techniques are defined by the IETF (e.g., [RFC8289] and [RFC8033]).
   DetNet may include such definitions in the future or may define how
   these techniques can be used by DetNet nodes.

4.6.  Service Instance

   A service instance represents all the functions required on a DetNet
   node to allow the end-to-end service between the UNIs.

   The DetNet network general reference model is shown in Figure 8 for a
   DetNet service scenario (i.e., between two DetNet-UNIs).  In this
   figure, end systems ("A" and "B") are connected directly to the edge
   nodes of an IP/MPLS network ("PE1" and "PE2").  End systems
   participating in DetNet communication may require connectivity before
   setting up an App-flow that requires the DetNet service.  Such a
   connectivity-related service instance and the one dedicated for
   DetNet service share the same access.  Packets belonging to a DetNet
   flow are selected by a filter configured on the access ("F1" and
   "F2").  As a result, data-flow-specific access ("access-A + F1" and
   "access-B + F2") is terminated in the flow-specific service instance
   ("SI-1" and "SI-2").  A tunnel is used to provide connectivity
   between the service instances.

   The tunnel is exclusively used for the packets of the DetNet flow
   between "SI-1" and "SI-2".  The service instances are configured to
   implement DetNet functions and a flow-specific DetNet forwarding.
   The service instance and the tunnel may or may not be shared by
   multiple DetNet flows.  Sharing the service instance by multiple
   DetNet flows requires properly populated forwarding tables of the
   service instance.

             access-A                                     access-B
              <----->    <-------- tunnel ---------->     <----->

                 +---------+        ___  _        +---------+
   End system    |  +----+ |       /   \/ \_      | +----+  | End system
       "A" -------F1+    | |      /         \     | |    +F2----- "B"
                 |  |    +========+ IP/MPLS +=======+    |  |
                 |  |SI-1| |      \__  Net._/     | |SI-2|  |
                 |  +----+ |         \____/       | +----+  |
                 |PE1      |                      |      PE2|
                 +---------+                      +---------+

              Figure 8: DetNet Network General Reference Model

   The tunnel between the service instances may have some special
   characteristics.  For example, in case of a DetNet L3 service, there
   are differences in the usage of the PW for DetNet traffic compared to
   the network model described in [RFC6658].  In the DetNet scenario,
   the PW is likely to be used exclusively by the DetNet flow, whereas
   [RFC6658] states:

   |  The packet PW appears as a single point-to-point link to the
   |  client layer.  Network-layer adjacency formation and maintenance
   |  between the client equipments will follow the normal practice
   |  needed to support the required relationship in the client layer.

   and

   |  This packet pseudowire is used to transport all of the required
   |  layer 2 and layer 3 protocols between LSR1 and LSR2.

   Further details are network technology specific and can be found in
   [DETNET-FRAMEWORK].

4.7.  Flow Identification at Technology Borders

   This section discusses what needs to be done at technology borders
   including Ethernet as one of the technologies.  Flow identification
   for MPLS and IP Data Planes are described in [DETNET-MPLS] and
   [DETNET-IP], respectively.

4.7.1.  Exporting Flow Identification

   A DetNet node may need to map specific flows to lower-layer flows (or
   Streams) in order to provide specific queuing and shaping services
   for specific flows.  For example:

   *  A non-IP, strictly L2 source end system X may be sending multiple
      flows to the same L2 destination end system Y.  Those flows may
      include DetNet flows with different QoS requirements and may
      include non-DetNet flows.

   *  A router may be sending any number of flows to another router.
      Again, those flows may include DetNet flows with different QoS
      requirements and may include non-DetNet flows.

   *  Two routers may be separated by bridges.  For these bridges to
      perform any required per-flow queuing and shaping, they must be
      able to identify the individual flows.

   *  A Label Edge Router (LER) may have a Label Switched Path (LSP) set
      up for handling traffic destined for a particular IP address
      carrying only non-DetNet flows.  If a DetNet flow to that same
      address is requested, a separate LSP may be needed in order for
      all of the Label Switch Routers (LSRs) along the path to the
      destination to give that flow special queuing and shaping.

   The need for a lower-layer node to be aware of individual higher-
   layer flows is not unique to DetNet.  But, given the endless
   complexity of layering and relayering over tunnels that is available
   to network designers, DetNet needs to provide a model for flow
   identification that is better than packet inspection.  That is not to
   say that packet inspection to Layer 4 or Layer 5 addresses will not
   be used or the capability standardized; however, there are
   alternatives.

   A DetNet relay node can connect DetNet flows on different paths using
   different flow identification methods.  For example:

   *  A single unicast DetNet flow passing from router A through a
      bridged network to router B may be assigned a TSN Stream
      identifier that is unique within that bridged network.  The
      bridges can then identify the flow without accessing higher-layer
      headers.  Of course, the receiving router must recognize and
      accept that TSN Stream.

   *  A DetNet flow passing from LSR A to LSR B may be assigned a
      different label than that used for other flows to the same IP
      destination.

   In any of the above cases, it is possible that an existing DetNet
   flow can be an aggregate carrying multiple other DetNet flows (not to
   be confused with DetNet compound vs. member flows).  Of course, this
   requires that the aggregate DetNet flow be provisioned properly to
   carry the aggregated flows.

   Thus, rather than packet inspection, there is the option to export
   higher-layer information to the lower layer.  The requirement to
   support one or the other method for flow identification (or both) is
   a complexity that is part of DetNet control models.

4.7.2.  Flow Attribute Mapping between Layers

   Forwarding of packets of DetNet flows over multiple technology
   domains may require that lower layers are aware of specific flows of
   higher layers.  Such an "exporting of flow identification" is needed
   each time when the forwarding paradigm is changed on the forwarding
   path (e.g., two LSRs are interconnected by an L2 bridged domain,
   etc.).  The three representative forwarding methods considered for
   DetNet are:

   *  IP routing

   *  MPLS label switching

   *  Ethernet bridging

   A packet with corresponding Flow-IDs is illustrated in Figure 9,
   which also indicates where each Flow-ID can be added or removed.

       add/remove     add/remove
       Eth Flow-ID    IP Flow-ID
           |             |
           v             v
        +-----------------------------------------------------------+
        |      |      |      |                                      |
        | Eth  | MPLS |  IP  |     Application data                 |
        |      |      |      |                                      |
        +-----------------------------------------------------------+
                  ^
                  |
              add/remove
             MPLS Flow-ID

                  Figure 9: Packet with Multiple Flow-IDs

   The additional (domain-specific) Flow-ID can be:

   *  created by a domain-specific function or

   *  derived from the Flow-ID added to the App-flow.

   The Flow-ID must be unique inside a given domain.  Note that the
   Flow-ID added to the App-flow is still present in the packet, but
   some nodes may lack the function to recognize it; that's why the
   additional Flow-ID is added.

4.7.3.  Flow-ID Mapping Examples

   IP nodes and MPLS nodes are assumed to be configured to push such an
   additional (domain-specific) Flow-ID when sending traffic to an
   Ethernet switch (as shown in the examples below).

   Figure 10 shows a scenario where an IP end system ("IP-A") is
   connected via two Ethernet switches ("ETH-n") to an IP router ("IP-
   1").

                                     IP domain
                  <-----------------------------------------------

           +======+                                       +======+
           |L3-ID |                                       |L3-ID |
           +======+  /\                           +-----+ +======+
                    /  \       Forward as         |     |
                   /IP-A\      per ETH-ID         |IP-1 |      Recognize
   Push  ------>  +-+----+         |              +---+-+  <----- ETH-ID
   ETH-ID           |         +----+-----+            |
                    |         v          v            |
                    |      +-----+    +-----+         |
                    +------+     |    |     +---------+
           +......+        |ETH-1+----+ETH-2|           +======+
           .L3-ID .        +-----+    +-----+           |L3-ID |
           +======+             +......+                +======+
           |ETH-ID|             .L3-ID .                |ETH-ID|
           +======+             +======+                +------+
                                |ETH-ID|
                                +======+

                             Ethernet domain
                           <---------------->

          Figure 10: IP Nodes Interconnected by an Ethernet Domain

   End system "IP-A" uses the original App-flow-specific ID ("L3-ID"),
   but as it is connected to an Ethernet domain, it has to push an
   Ethernet-domain-specific Flow-ID ("ETH-ID") before sending the packet
   to "ETH-1".  Ethernet switch "ETH-1" can recognize the data flow
   based on the "ETH-ID", and it does forwarding toward "ETH-2".  "ETH-
   2" switches the packet toward the IP router.  "IP-1" must be
   configured to receive the Ethernet Flow-ID-specific multicast flow,
   but (as it is an L3 node) it decodes the data flow ID based on the
   "L3-ID" fields of the received packet.

   Figure 11 shows a scenario where MPLS domain nodes ("PE-n" and "P-m")
   are connected via two Ethernet switches ("ETH-n").

                                    MPLS domain
                  <----------------------------------------------->

       +=======+                                  +=======+
       |MPLS-ID|                                  |MPLS-ID|
       +=======+  +-----+                 +-----+ +=======+ +-----+
                  |     |   Forward as    |     |           |     |
                  |PE-1 |   per ETH-ID    | P-2 +-----------+ PE-2|
   Push   ----->  +-+---+        |        +---+-+           +-----+
   ETH-ID           |      +-----+----+       |  \ Recognize
                    |      v          v       |   +-- ETH-ID
                    |   +-----+    +-----+    |
                    +---+     |    |     +----+
           +.......+    |ETH-1+----+ETH-2|   +=======+
           .MPLS-ID.    +-----+    +-----+   |MPLS-ID|
           +=======+                         +=======+
           |ETH-ID |         +.......+       |ETH-ID |
           +=======+         .MPLS-ID.       +-------+
                             +=======+
                             |ETH-ID |
                             +=======+
                          Ethernet domain
                        <---------------->

         Figure 11: MPLS Nodes Interconnected by an Ethernet Domain

   "PE-1" uses the MPLS-specific ID ("MPLS-ID"), but as it is connected
   to an Ethernet domain, it has to push an Ethernet-domain-specific
   Flow-ID ("ETH-ID") before sending the packet to "ETH-1".  Ethernet
   switch "ETH-1" can recognize the data flow based on the "ETH-ID", and
   it does forwarding toward "ETH-2".  "ETH-2" switches the packet
   toward the MPLS node ("P-2").  "P-2" must be configured to receive
   the Ethernet Flow-ID-specific multicast flow, but (as it is an MPLS
   node) it decodes the data flow ID based on the "MPLS-ID" fields of
   the received packet.

   One can appreciate from the above example that, when the means used
   for DetNet flow identification is altered or exported, the means for
   encoding the sequence number information must similarly be altered or
   exported.

4.8.  Advertising Resources, Capabilities, and Adjacencies

   Provisioning of DetNet requires knowledge about:

   *  Details of the DetNet system's capabilities that are required in
      order to accurately allocate that DetNet system's resources, as
      well as other DetNet systems' resources.  This includes, for
      example, which specific queuing and shaping algorithms are
      implemented (Section 4.5), the number of buffers dedicated for
      DetNet allocation, and the worst-case forwarding delay and
      misordering.

   *  The actual state of a DetNet node's DetNet resources.

   *  The identity of the DetNet system's neighbors and the
      characteristics of the link(s) between the DetNet systems,
      including the latency of the links (in nanoseconds).

4.9.  Scaling to Larger Networks

   Reservations for individual DetNet flows require considerable state
   information in each DetNet node, especially when adequate fault
   mitigation (Section 3.3.2) is required.  The DetNet Data Plane, in
   order to support larger numbers of DetNet flows, must support the
   aggregation of DetNet flows.  Such aggregated flows can be viewed by
   the DetNet nodes' Data Plane largely as individual DetNet flows.
   Without such aggregation, the per-relay system may limit the scale of
   DetNet networks.  Example techniques that may be used include MPLS
   hierarchy and IP DiffServ Code Points (DSCPs).

4.10.  Compatibility with Layer 2

   Standards providing similar capabilities for bridged networks (only)
   have been and are being generated in the IEEE 802 LAN/MAN Standards
   Committee.  The present architecture describes an abstract model that
   can be applicable both at Layer 2 and Layer 3, and over links not
   defined by IEEE 802.

   DetNet-enabled end systems and DetNet nodes can be interconnected by
   sub-networks, i.e., Layer 2 technologies.  These sub-networks will
   provide DetNet compatible service for support of DetNet traffic.
   Examples of sub-network technologies include MPLS TE, TSN as defined
   by IEEE 802.1, and a point-to-point OTN link.  Of course, multilayer
   DetNet systems may be possible too, where one DetNet appears as a
   sub-network and provides service to a higher-layer DetNet system.

5.  Security Considerations

   Security considerations for DetNet are described in detail in
   [DETNET-SECURITY].  This section considers exclusively security
   considerations that are specific to the DetNet architecture.

   Security aspects that are unique to DetNet are those whose aim is to
   provide the specific QoS aspects of DetNet, which are primarily to
   deliver data flows with extremely low packet loss rates and bounded
   end-to-end delivery latency.  A DetNet may be implemented using MPLS
   and/or IP (including both v4 and v6) technologies and thus inherits
   the security properties of those technologies at both the Data Plane
   and the Controller Plane.

   Security considerations for DetNet are constrained (compared to, for
   example, the open Internet) because DetNet is defined to operate only
   within a single administrative domain (see Section 1).  The primary
   considerations are to secure the request and control of DetNet
   resources, maintain confidentiality of data traversing the DetNet,
   and provide the availability of the DetNet QoS.

   To secure the request and control of DetNet resources, authentication
   and authorization can be used for each device connected to a DetNet
   domain, most importantly to network controller devices.  Control of a
   DetNet network may be centralized or distributed (within a single
   administrative domain).  In the case of centralized control,
   precedent for security considerations as defined for Abstraction and
   Control of Traffic Engineered Networks (ACTN) can be found in
   Section 9 of [RFC8453].  In the case of distributed control
   protocols, DetNet security is expected to be provided by the security
   properties of the protocols in use.  In any case, the result is that
   manipulation of administratively configurable parameters is limited
   to authorized entities.

   To maintain confidentiality of data traversing the DetNet,
   application flows can be protected through whatever means is provided
   by the underlying technology.  For example, encryption may be used,
   such as that provided by IPsec [RFC4301], for IP flows and by MACSec
   [IEEE802.1AE] for Ethernet (Layer 2) flows.

   DetNet flows are identified on a per-flow basis, which may provide
   attackers with additional information about the data flows (when
   compared to networks that do not include per-flow identification).
   This is an inherent property of DetNet that has security implications
   that should be considered when determining if DetNet is a suitable
   technology for any given use case.

   To provide uninterrupted availability of the DetNet QoS, provisions
   can be made against DoS attacks and delay attacks.  To protect
   against DoS attacks, excess traffic due to malicious or
   malfunctioning devices can be prevented or mitigated, for example,
   through the use of traffic admission control applied at the input of
   a DetNet domain as described in Section 3.2.1 and through the fault-
   mitigation methods described in Section 3.3.2.  To prevent DetNet
   packets from being delayed by an entity external to a DetNet domain,
   DetNet technology definition can allow for the mitigation of man-in-
   the-middle attacks, for example, through use of authentication and
   authorization of devices within the DetNet domain.

   Because DetNet mechanisms or applications that rely on DetNet can
   make heavy use of methods that require precise time synchronization,
   the accuracy, availability, and integrity of time synchronization is
   of critical importance.  Extensive discussion of this topic can be
   found in [RFC7384].

   DetNet use cases are known to have widely divergent security
   requirements.  The intent of this section is to provide a baseline
   for security considerations that are common to all DetNet designs and
   implementations, without burdening individual designs with specifics
   of security infrastructure that may not be germane to the given use
   case.  Designers and implementors of DetNet systems are expected to
   take use-case-specific considerations into account in their DetNet
   designs and implementations.

6.  Privacy Considerations

   DetNet provides a QoS, and the generic considerations for such
   mechanisms apply.  In particular, such markings allow for an attacker
   to correlate flows or to select particular types of flow for more
   detailed inspection.

   However, the requirement for every (or almost every) node along the
   path of a DetNet flow to identify DetNet flows may present an
   additional attack surface for privacy should the DetNet paradigm be
   found useful in broader environments.

7.  IANA Considerations

   This document has no IANA actions.

8.  Informative References

   [BUFFERBLOAT]
              Gettys, J. and K. Nichols, "Bufferbloat: Dark Buffers in
              the Internet", DOI 10.1145/2063176.2063196, Communications
              of the ACM, Volume 55, Issue 1, January 2012,
              <https://doi.org/10.1145/2063176.2063196>.

   [CCAMP]    IETF, "Common Control and Measurement Plane (ccamp)",
              October 2019,
              <https://datatracker.ietf.org/wg/ccamp/charter/>.

   [DETNET-FRAMEWORK]
              Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
              Bryant, S., and J. Korhonen, "DetNet Data Plane
              Framework", Work in Progress, Internet-Draft, draft-ietf-
              detnet-data-plane-framework-02, 13 September 2019,
              <https://tools.ietf.org/html/draft-ietf-detnet-data-plane-
              framework-02>.

   [DETNET-IP]
              Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
              Bryant, S., and J. Korhonen, "DetNet Data Plane: IP", Work
              in Progress, Internet-Draft, draft-ietf-detnet-ip-01, 1
              July 2019,
              <https://tools.ietf.org/html/draft-ietf-detnet-ip-01>.

   [DETNET-MPLS]
              Varga, B., Farkas, J., Berger, L., Fedyk, D., Malis, A.,
              Bryant, S., and J. Korhonen, "DetNet Data Plane: MPLS",
              Work in Progress, Internet-Draft, draft-ietf-detnet-mpls-
              01, 1 July 2019,
              <https://tools.ietf.org/html/draft-ietf-detnet-mpls-01>.

   [DETNET-SECURITY]
              Mizrahi, T., Grossman, E., Hacker, A., Das, S., Dowdell,
              J., Austad, H., Stanton, K., and N. Finn, "Deterministic
              Networking (DetNet) Security Considerations", Work in
              Progress, Internet-Draft, draft-ietf-detnet-security-05,
              29 August 2019, <https://tools.ietf.org/html/draft-ietf-
              detnet-security-05>.

   [IEC-62439-3]
              IEC, "Industrial communication networks - High
              availability automation networks - Part 3: Parallel
              Redundancy Protocol (PRP) and High-availability Seamless
              Redundancy (HSR)", TC 65 / SC 65C, IEC 62439-3:2016, March
              2016, <https://webstore.iec.ch/publication/24447>.

   [IEEE802.1AE]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks-Media Access Control (MAC) Security", IEEE 
              802.1AE-2018,
              <https://ieeexplore.ieee.org/document/8585421>.

   [IEEE802.1BA]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks--Audio Video Bridging (AVB) Systems", IEEE 
              802.1BA-2011,
              <https://ieeexplore.ieee.org/document/6032690>.

   [IEEE802.1CB]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks--Frame Replication and Elimination for
              Reliability", DOI 10.1109/IEEESTD.2017.8091139, IEEE 
              802.1CB-2017, October 2019,
              <https://ieeexplore.ieee.org/document/8091139>.

   [IEEE802.1Q]
              IEEE, "IEEE Standard for Local and Metropolitan Area
              Network--Bridges and Bridged Networks", IEEE 802.1Q-2018,
              <https://ieeexplore.ieee.org/document/8403927>.

   [IEEE802.1Qav]
              IEEE, "IEEE Standard for Local and Metropolitan Area
              Networks - Virtual Bridged Local Area Networks Amendment
              12: Forwarding and Queuing Enhancements for Time-Sensitive
              Streams", IEEE 802.1Qav-2009,
              <https://ieeexplore.ieee.org/document/5375704>.

   [IEEE802.1Qbu]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks -- Bridges and Bridged Networks -- Amendment 26:
              Frame Preemption", IEEE 802.1Qbu-2016,
              <https://ieeexplore.ieee.org/document/7553415>.

   [IEEE802.1Qbv]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks -- Bridges and Bridged Networks - Amendment 25:
              Enhancements for Scheduled Traffic", IEEE 802.1Qbv-2015,
              <https://ieeexplore.ieee.org/document/7440741>.

   [IEEE802.1Qch]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks--Bridges and Bridged Networks--Amendment 29:
              Cyclic Queuing and Forwarding", IEEE 802.1Qch-2017,
              <https://ieeexplore.ieee.org/document/7961303>.

   [IEEE802.1TSNTG]
              IEEE, "Time-Sensitive Networking (TSN) Task Group",
              <https://1.ieee802.org/tsn/>.

   [IEEE802.3]
              IEEE, "IEEE Standard for Ethernet", IEEE 802.3-2018,
              <https://ieeexplore.ieee.org/document/8457469>.

   [IEEE802.3br]
              IEEE, "IEEE Standard for Ethernet Amendment 5:
              Specification and Management Parameters for Interspersing
              Express Traffic", IEEE 802.3br,
              <https://ieeexplore.ieee.org/document/7900321>.

   [RFC2205]  Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S.
              Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
              Functional Specification", RFC 2205, DOI 10.17487/RFC2205,
              September 1997, <https://www.rfc-editor.org/info/rfc2205>.

   [RFC2475]  Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
              and W. Weiss, "An Architecture for Differentiated
              Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
              <https://www.rfc-editor.org/info/rfc2475>.

   [RFC2914]  Floyd, S., "Congestion Control Principles", BCP 41,
              RFC 2914, DOI 10.17487/RFC2914, September 2000,
              <https://www.rfc-editor.org/info/rfc2914>.

   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
              of Explicit Congestion Notification (ECN) to IP",
              RFC 3168, DOI 10.17487/RFC3168, September 2001,
              <https://www.rfc-editor.org/info/rfc3168>.

   [RFC3209]  Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
              and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
              Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
              <https://www.rfc-editor.org/info/rfc3209>.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
              July 2003, <https://www.rfc-editor.org/info/rfc3550>.

   [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
              Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
              December 2005, <https://www.rfc-editor.org/info/rfc4301>.

   [RFC4655]  Farrel, A., Vasseur, J.-P., and J. Ash, "A Path
              Computation Element (PCE)-Based Architecture", RFC 4655,
              DOI 10.17487/RFC4655, August 2006,
              <https://www.rfc-editor.org/info/rfc4655>.

   [RFC6372]  Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport
              Profile (MPLS-TP) Survivability Framework", RFC 6372,
              DOI 10.17487/RFC6372, September 2011,
              <https://www.rfc-editor.org/info/rfc6372>.

   [RFC6658]  Bryant, S., Ed., Martini, L., Swallow, G., and A. Malis,
              "Packet Pseudowire Encapsulation over an MPLS PSN",
              RFC 6658, DOI 10.17487/RFC6658, July 2012,
              <https://www.rfc-editor.org/info/rfc6658>.

   [RFC7149]  Boucadair, M. and C. Jacquenet, "Software-Defined
              Networking: A Perspective from within a Service Provider
              Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014,
              <https://www.rfc-editor.org/info/rfc7149>.

   [RFC7384]  Mizrahi, T., "Security Requirements of Time Protocols in
              Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384,
              October 2014, <https://www.rfc-editor.org/info/rfc7384>.

   [RFC7426]  Haleplidis, E., Ed., Pentikousis, K., Ed., Denazis, S.,
              Hadi Salim, J., Meyer, D., and O. Koufopavlou, "Software-
              Defined Networking (SDN): Layers and Architecture
              Terminology", RFC 7426, DOI 10.17487/RFC7426, January
              2015, <https://www.rfc-editor.org/info/rfc7426>.

   [RFC7554]  Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
              IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
              Internet of Things (IoT): Problem Statement", RFC 7554,
              DOI 10.17487/RFC7554, May 2015,
              <https://www.rfc-editor.org/info/rfc7554>.

   [RFC7567]  Baker, F., Ed. and G. Fairhurst, Ed., "IETF
              Recommendations Regarding Active Queue Management",
              BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015,
              <https://www.rfc-editor.org/info/rfc7567>.

   [RFC7813]  Farkas, J., Ed., Bragg, N., Unbehagen, P., Parsons, G.,
              Ashwood-Smith, P., and C. Bowers, "IS-IS Path Control and
              Reservation", RFC 7813, DOI 10.17487/RFC7813, June 2016,
              <https://www.rfc-editor.org/info/rfc7813>.

   [RFC8033]  Pan, R., Natarajan, P., Baker, F., and G. White,
              "Proportional Integral Controller Enhanced (PIE): A
              Lightweight Control Scheme to Address the Bufferbloat
              Problem", RFC 8033, DOI 10.17487/RFC8033, February 2017,
              <https://www.rfc-editor.org/info/rfc8033>.

   [RFC8227]  Cheng, W., Wang, L., Li, H., van Helvoort, H., and J.
              Dong, "MPLS-TP Shared-Ring Protection (MSRP) Mechanism for
              Ring Topology", RFC 8227, DOI 10.17487/RFC8227, August
              2017, <https://www.rfc-editor.org/info/rfc8227>.

   [RFC8289]  Nichols, K., Jacobson, V., McGregor, A., Ed., and J.
              Iyengar, Ed., "Controlled Delay Active Queue Management",
              RFC 8289, DOI 10.17487/RFC8289, January 2018,
              <https://www.rfc-editor.org/info/rfc8289>.

   [RFC8402]  Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
              Decraene, B., Litkowski, S., and R. Shakir, "Segment
              Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
              July 2018, <https://www.rfc-editor.org/info/rfc8402>.

   [RFC8453]  Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
              Abstraction and Control of TE Networks (ACTN)", RFC 8453,
              DOI 10.17487/RFC8453, August 2018,
              <https://www.rfc-editor.org/info/rfc8453>.

   [RFC8557]  Finn, N. and P. Thubert, "Deterministic Networking Problem
              Statement", RFC 8557, DOI 10.17487/RFC8557, May 2019,
              <https://www.rfc-editor.org/info/rfc8557>.

   [RFC8578]  Grossman, E., Ed., "Deterministic Networking Use Cases",
              RFC 8578, DOI 10.17487/RFC8578, May 2019,
              <https://www.rfc-editor.org/info/rfc8578>.

   [TEAS]     IETF, "Traffic Engineering Architecture and Signaling
              (teas)", October 2019,
              <https://datatracker.ietf.org/doc/charter-ietf-teas/>.

   [TSCH-ARCH]
              Thubert, P., "An Architecture for IPv6 over the TSCH mode
              of IEEE 802.15.4", Work in Progress, Internet-Draft,
              draft-ietf-6tisch-architecture-26, 27 August 2019,
              <https://tools.ietf.org/html/draft-ietf-6tisch-
              architecture-26>.

Acknowledgements

   The authors wish to thank Lou Berger, David Black, Stewart Bryant,
   Rodney Cummings, Ethan Grossman, Craig Gunther, Marcel Kiessling,
   Rudy Klecka, Jouni Korhonen, Erik Nordmark, Shitanshu Shah, Wilfried
   Steiner, George Swallow, Michael Johas Teener, Pat Thaler, Thomas
   Watteyne, Patrick Wetterwald, Karl Weber, and Anca Zamfir for their
   various contributions to this work.

Authors' Addresses

   Norman Finn
   Huawei
   3101 Rio Way
   Spring Valley, California 91977
   United States of America

   Phone: +1 925 980 6430
   Email: nfinn@nfinnconsulting.com


   Pascal Thubert
   Cisco Systems
   Batiment T3
   Village d'Entreprises Green Side, 400, Avenue de Roumanille
   06410 Biot - Sophia Antipolis
   France

   Phone: +33 4 97 23 26 34
   Email: pthubert@cisco.com


   Balázs Varga
   Ericsson
   Budapest
   Magyar tudosok korutja 11
   1117
   Hungary

   Email: balazs.a.varga@ericsson.com


   János Farkas
   Ericsson
   Budapest
   Magyar tudosok korutja 11
   1117
   Hungary

   Email: janos.farkas@ericsson.com