1 / 13

Dynamic Virtual Networks (DVNE)

Dynamic Virtual Networks (DVNE). Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China. Two Drafts. DVNE Framework https://datatracker.ietf.org/doc/draft-mrw-dvne-fw/ Explains how Dynamic Virtual Networks are constructed DVNE Protocol

kitty
Télécharger la présentation

Dynamic Virtual Networks (DVNE)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China

  2. Two Drafts • DVNE Framework • https://datatracker.ietf.org/doc/draft-mrw-dvne-fw/ • Explains how Dynamic Virtual Networks are constructed • DVNE Protocol • https://datatracker.ietf.org/doc/draft-mrw-dvne-prot/ • Describes a provisioning protocol to dynamically provision a Dynamic Virtual Networks

  3. Static Virtual Networks Internet NAT B4 A1 NAT CGN A4 A2 B1 A3 B3 B2

  4. Issues to Address • Node-to-Node Virtual Networks • Connectivity can be hard to establish due to NATs, IPv4-to-IPv6 coexistence technologies, firewalls, etc. • Large Virtual Networks are unmanageable due to need to configure virtual network parameters on every node. • Remote endpoint addresses, credentials, etc. • Each node maintains state for every other node in the network, even if they never communicate • Site-to-Site Virtual Networks • No consistent end-to-end security • Security depends on physical topology • No support for flexible, centralized administration and provisioning

  5. B2 Functional Elements DVNE Mediator VN Node VN Node VN Node Edge Network

  6. Basic Operation of Mediator • Client desires DVNE connection to another host in the VN, asks mediator • Mediator authenticates client • Mediator provisions both end of the connection • Local IP addrss, address list for peer, STUN server address, credentials for secure tunnel, etc. • VPN connection is established by endpoints • Using IPsec tunnel or DTLS • May use ICE, STUN or other mechanisms as needed to establish connectivity

  7. B2 Dynamic, On-Demand Connection DVNE Mediator VN Node Node B Node A Edge Network • - Node A requests connection to Node B • Mediator provisions Node A & Node B • Secure connection from Node A to Node B

  8. B2 Dynamic Virtual Network Internet NAT B4 A1 NAT CGN A4 A2 B1 A3 B3

  9. Current IETF Solutions Used • Various VPN/secure tunnel solutions • Such as IPsec or DTLS • TLS for authentication • ICE/STUN for NAT traversal • The DVNE protocol does not replace these technologies, it provisions nodes with the information to use them

  10. Missing Piece • IETF has no generic service provisioning protocol to use for Client-to-Mediator communication • Existing management protocols have different model • “Configure yourself”, rather than “provision me” • No ability to trigger provisioning of service across multiple nodes • Existing data models (MIBs, Yang modules) could be used to hold data

  11. Status of DVNE Work • Current work focuses on a DVNE protocol for network authentication and DVNE service provisioning and virtual network set-up • Work underway on national Standard in China for DVNE Framework • Combined work of Huawei Symantec, ZTE, and China Mobile • Prototype code up and running

  12. Specific vs. General in IETF • Specific need for a Dynamic Virtual Network provisioning protocol • IETF may have more general need for a generic Service Provisioning protocol that could be applied to this space and others. • Which should we pursue in the IETF?

  13. Questions • Should we work on this topic in the IETF? • Should we pursue a specific or general solution? • Specific: DVNE protocol to provision VNs • Generic: Generic service provisioning protocol, PLUS data model for provisioning VNs. • Should we do the work here in the Ops Area WG? In separate Ops/NM WG? Elsewhere?

More Related