Skip to main content

Mapping RTP streams to CLUE Media Captures
draft-ietf-clue-rtp-mapping-12

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 8849.
Authors Roni Even , Jonathan Lennox
Last updated 2017-01-19 (Latest revision 2017-01-14)
RFC stream Internet Engineering Task Force (IETF)
Formats
Reviews
Additional resources Mailing list discussion
Stream WG state Submitted to IESG for Publication
Revised I-D Needed - Issue raised by WGLC
Document shepherd Paul Kyzivat
Shepherd write-up Show Last changed 2016-12-16
IESG IESG state Became RFC 8849 (Proposed Standard)
Consensus boilerplate Yes
Telechat date (None)
Needs a YES. Needs 10 more YES or NO OBJECTION positions to pass.
Responsible AD Alissa Cooper
Send notices to "Paul Kyzivat" <pkyzivat@alum.mit.edu>
IANA IANA review state IANA - Not OK
draft-ietf-clue-rtp-mapping-12
TEAS Working Group                                               J. Dong
Internet-Draft                                                    Huawei
Intended status: Informational                                 S. Bryant
Expires: 27 June 2024                               University of Surrey
                                                                   Z. Li
                                                            China Mobile
                                                             T. Miyasaka
                                                        KDDI Corporation
                                                                  Y. Lee
                                                                 Samsung
                                                        25 December 2023

       A Framework for NRP-based Enhanced Virtual Private Network
                    draft-ietf-teas-enhanced-vpn-17

Abstract

   This document describes the framework for NRP-based Enhanced Virtual
   Private Networks (VPNs) to support the needs of applications with
   specific traffic performance requirements (e.g., low latency, bounded
   jitter).  NRP-based Enhanced VPNs leverage the VPN and Traffic
   Engineering (TE) technologies and adds characteristics that specific
   services require beyond those provided by conventional VPNs.
   Typically, an NRP-based enhanced VPN will be used to underpin network
   slicing, but could also be of use in its own right providing enhanced
   connectivity services between customer sites.  This document also
   provides an overview of relevant technologies in different network
   layers, and identifies some areas for potential new work.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 27 June 2024.

Dong, et al.              Expires 27 June 2024                  [Page 1]
Internet-Draft           Enhanced VPN Framework            December 2023

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   6
   3.  Overview of the Requirements  . . . . . . . . . . . . . . . .   7
     3.1.  Performance Guarantees  . . . . . . . . . . . . . . . . .   7
     3.2.  Interaction between Enhanced VPN Services . . . . . . . .   9
       3.2.1.  Requirements on Traffic Isolation . . . . . . . . . .   9
       3.2.2.  Limited Interaction with Other Services . . . . . . .  10
       3.2.3.  Realization of Limited Interaction Between Enhanced VPN
               Services  . . . . . . . . . . . . . . . . . . . . . .  11
     3.3.  Integration with Network Resources and Service
           Functions . . . . . . . . . . . . . . . . . . . . . . . .  12
       3.3.1.  Abstraction . . . . . . . . . . . . . . . . . . . . .  12
     3.4.  Dynamic Changes . . . . . . . . . . . . . . . . . . . . .  12
     3.5.  Customized Control  . . . . . . . . . . . . . . . . . . .  13
     3.6.  Applicability to Overlay Technologies . . . . . . . . . .  14
     3.7.  Inter-Domain and Inter-Layer Network  . . . . . . . . . .  14
   4.  The Architecture of NRP-based Enhanced VPNs . . . . . . . . .  14
     4.1.  Layered Architecture  . . . . . . . . . . . . . . . . . .  16
     4.2.  Connectivity Types  . . . . . . . . . . . . . . . . . . .  19
     4.3.  Application-Specific Data Types . . . . . . . . . . . . .  19
     4.4.  Scalable Service Mapping  . . . . . . . . . . . . . . . .  20
   5.  Candidate Technologies  . . . . . . . . . . . . . . . . . . .  20
     5.1.  Forwarding Resource Partitioning  . . . . . . . . . . . .  21
       5.1.1.  Flexible Ethernet . . . . . . . . . . . . . . . . . .  21
       5.1.2.  Dedicated Queues  . . . . . . . . . . . . . . . . . .  21
       5.1.3.  Time Sensitive Networking . . . . . . . . . . . . . .  22
     5.2.  Data Plane Encapsulation and Forwarding . . . . . . . . .  22
       5.2.1.  Deterministic Networking  . . . . . . . . . . . . . .  22
       5.2.2.  MPLS Traffic Engineering (MPLS-TE)  . . . . . . . . .  23
       5.2.3.  Segment Routing . . . . . . . . . . . . . . . . . . .  23
       5.2.4.  New Encapsulation Extensions  . . . . . . . . . . . .  24
     5.3.  Non-Packet Data Plane . . . . . . . . . . . . . . . . . .  24

Dong, et al.              Expires 27 June 2024                  [Page 2]
Internet-Draft           Enhanced VPN Framework            December 2023

     5.4.  Control Plane . . . . . . . . . . . . . . . . . . . . . .  24
     5.5.  Management Plane  . . . . . . . . . . . . . . . . . . . .  26
     5.6.  Applicability of Service Data Models to Enhanced VPNs . .  27
   6.  Applicability in Network Slice Realization  . . . . . . . . .  28
     6.1.  NRP Planning  . . . . . . . . . . . . . . . . . . . . . .  28
     6.2.  NRP Creation  . . . . . . . . . . . . . . . . . . . . . .  29
     6.3.  Network Slice Service Provisioning  . . . . . . . . . . .  29
     6.4.  Network Slice Traffic Steering and Forwarding . . . . . .  29
   7.  Scalability Considerations  . . . . . . . . . . . . . . . . .  30
     7.1.  Maximum Stack Depth of SR . . . . . . . . . . . . . . . .  31
     7.2.  RSVP-TE Scalability . . . . . . . . . . . . . . . . . . .  31
     7.3.  SDN Scaling . . . . . . . . . . . . . . . . . . . . . . .  31
   8.  Manageability Considerations  . . . . . . . . . . . . . . . .  31
     8.1.  OAM Considerations  . . . . . . . . . . . . . . . . . . .  32
     8.2.  Telemetry Considerations  . . . . . . . . . . . . . . . .  32
   9.  Enhanced Resiliency . . . . . . . . . . . . . . . . . . . . .  32
   10. Operational Considerations  . . . . . . . . . . . . . . . . .  34
   11. Security Considerations . . . . . . . . . . . . . . . . . . .  34
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  35
   13. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  35
   14. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  35
   15. Informative References  . . . . . . . . . . . . . . . . . . .  36
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  42

1.  Introduction

   RFC Editor Note: Please replace "RFC XXXX" in this document with the
   RFC number assigned to [I-D.ietf-teas-ietf-network-slices], and
   remove this note.

   Virtual Private Networks (VPNs) have served the industry well as a
   means of providing different groups of users with logically isolated
   connectivity over a common network.  The common (base) network that
   is used to provide the VPNs is often referred to as the underlay, and
   the VPN is often called an overlay.

   Customers of a network operator may request connectivity services
   with advanced characteristics, such as low latency guarantees,
   bounded jitter, or isolation from other services or customers so that
   changes in some other services (e.g., changes in network load, or
   events such as congestion or outages) have no or only acceptable
   effect on the observed throughput or latency of the services
   delivered to the customer.  These services are referred to as
   "enhanced VPNs", as they are similar to VPN services providing the
   customer with the required connectivity, but in addition they also
   provide enhanced characteristics.

Dong, et al.              Expires 27 June 2024                  [Page 3]
Internet-Draft           Enhanced VPN Framework            December 2023Even & Lennox             Expires July 18, 2017                 [Page 7]
Internet-Draft             RTP mapping to CLUE              January 2017

   Note to the RFC Editor: Please replace RFCXXXX with this RFC number.

9.  Security Considerations

   The security considerations of the RTP specification, the RTP/SAVPF
   profile, and the various RTP/RTCP extensions and RTP payload formats
   that form the complete protocol suite described in this memo apply.
   It is not believed there are any new security considerations
   resulting from the combination of these various protocol extensions.

   The Extended Secure RTP Profile for Real-time Transport Control
   Protocol (RTCP)-Based Feedback [RFC5124] (RTP/SAVPF) provides
   handling of fundamental issues by offering confidentiality, integrity
   and partial source authentication.  CLUE endpoints MUST support RTP/
   SAVPF and DTLS-SRTP keying [RFC5764].

   RTCP packets convey a Canonical Name (CNAME) identifier that is used
   to associate RTP packet streams that need to be synchronised across
   related RTP sessions.  Inappropriate choice of CNAME values can be a
   privacy concern, since long-term persistent CNAME identifiers can be
   used to track users across multiple calls.  CLUE endpoint MUST
   generate short-term persistent RTCP CNAMES, as specified in RFC7022
   [RFC7022], resulting in untraceable CNAME values that alleviate this
   risk.

   Some potential denial of service attacks exist if the RTCP reporting
   interval is configured to an inappropriate value.  This could be done
   by configuring the RTCP bandwidth fraction to an excessively large or
   small value using the SDP "b=RR:" or "b=RS:" lines [RFC3556], or some
   similar mechanism, or by choosing an excessively large or small value
   for the RTP/AVPF minimal receiver report interval (if using SDP, this
   is the "a=rtcp-fb:... trr-int" parameter) [RFC4585]  The risks are as
   follows:

   1.  the RTCP bandwidth could be configured to make the regular
       reporting interval so large that effective congestion control
       cannot be maintained, potentially leading to denial of service
       due to congestion caused by the media traffic;

   2.  the RTCP interval could be configured to a very small value,
       causing endpoints to generate high rate RTCP traffic, potentially
       leading to denial of service due to the non-congestion controlled
       RTCP traffic; and

   3.  RTCP parameters could be configured differently for each
       endpoint, with some of the endpoints using a large reporting
       interval and some using a smaller interval, leading to denial of
       service due to premature participant timeouts due to mismatched

Even & Lennox             Expires July 18, 2017                 [Page 8]
Internet-Draft             RTP mapping to CLUE              January 2017

       timeout periods which are based on the reporting interval (this
       is a particular concern if endpoints use a small but non-zero
       value for the RTP/AVPF minimal receiver report interval (trr-int)
       [RFC4585], as discussed in [I-D.ietf-avtcore-rtp-multi-stream]).

   Premature participant timeout can be avoided by using the fixed (non-
   reduced) minimum interval when calculating the participant timeout
   ([I-D.ietf-avtcore-rtp-multi-stream]).  To address the other
   concerns, endpoints SHOULD ignore parameters that configure the RTCP
   reporting interval to be significantly longer than the default five
   second interval specified in [RFC3550] (unless the media data rate is
   so low that the longer reporting interval roughly corresponds to 5%
   of the media data rate), or that configure the RTCP reporting
   interval small enough that the RTCP bandwidth would exceed the media
   bandwidth.

   The guidelines in [RFC6562] apply when using variable bit rate (VBR)
   audio codecs such as Opus.  The use of the encryption of the header
   extensions are RECOMMENDED, unless there are known reasons, like RTP
   middleboxes performing voice activity based source selection or third
   party monitoring that will greatly benefit from the information, and
   this has been expressed using API or signalling.  If further evidence
   are produced to show that information leakage is significant from
   audio level indications, then use of encryption needs to be mandated
   at that time.

   In multi-party communication scenarios using RTP Middleboxes; this
   middleboxes are trusted to preserve the sessions' security.  The
   middlebox SHOULD maintain the confidentiality, integrity and perform
   source authentication.  The middlebox MAY perform checks that
   prevents any endpoint participating in a conference to impersonate
   another.  Some additional security considerations regarding multi-
   party topologies can be found in [RFC7667]

   The CaptureID is created as part of the CLUE protocol.  The CaptId
   SDES item is used to convey the same CaptureID value in the SDES
   item.  When sending the SDES item the security considertion specied
   in the security section of [RFC7941] are applicable and this SDES
   item MUST use similar security as the CLUE protocol messages carried
   in the CLUE data channel.

10.  References

10.1.  Normative References

Even & Lennox             Expires July 18, 2017                 [Page 9]
Internet-Draft             RTP mapping to CLUE              January 2017

   [I-D.ietf-clue-data-model-schema]
              Presta, R. and S. Romano, "An XML Schema for the CLUE data
              model", draft-ietf-clue-data-model-schema-17 (work in
              progress), August 2016.

   [I-D.ietf-clue-framework]
              Duckworth, M., Pepperell, A., and S. Wenger, "Framework
              for Telepresence Multi-Streams", draft-ietf-clue-
              framework-25 (work in progress), January 2016.

   [I-D.ietf-mmusic-sdp-bundle-negotiation]
              Holmberg, C., Alvestrand, H., and C. Jennings,
              "Negotiating Media Multiplexing Using the Session
              Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle-
              negotiation-36 (work in progress), October 2016.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC7941]  Westerlund, M., Burman, B., Even, R., and M. Zanaty, "RTP
              Header Extension for the RTP Control Protocol (RTCP)
              Source Description Items", RFC 7941, DOI 10.17487/RFC7941,
              August 2016, <http://www.rfc-editor.org/info/rfc7941>.

10.2.  Informative References

   [I-D.ietf-avtcore-rtp-multi-stream]
              Lennox, J., Westerlund, M., Wu, W., and C. Perkins,
              "Sending Multiple Media Streams in a Single RTP Session",
              draft-ietf-avtcore-rtp-multi-stream-11 (work in progress),
              December 2015.

   [I-D.ietf-clue-signaling]
              Kyzivat, P., Xiao, L., Groves, C., and R. Hansen, "CLUE
              Signaling", draft-ietf-clue-signaling-10 (work in
              progress), January 2017.

   [RFC3264]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              DOI 10.17487/RFC3264, June 2002,
              <http://www.rfc-editor.org/info/rfc3264>.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
              July 2003, <http://www.rfc-editor.org/info/rfc3550>.

Even & Lennox             Expires July 18, 2017                [Page 10]
Internet-Draft             RTP mapping to CLUE              January 2017

   [RFC3556]  Casner, S., "Session Description Protocol (SDP) Bandwidth
              Modifiers for RTP Control Protocol (RTCP) Bandwidth",
              RFC 3556, DOI 10.17487/RFC3556, July 2003,
              <http://www.rfc-editor.org/info/rfc3556>.

   [RFC4566]  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
              Description Protocol", RFC 4566, DOI 10.17487/RFC4566,
              July 2006, <http://www.rfc-editor.org/info/rfc4566>.

   [RFC4575]  Rosenberg, J., Schulzrinne, H., and O. Levin, Ed., "A
              Session Initiation Protocol (SIP) Event Package for
              Conference State", RFC 4575, DOI 10.17487/RFC4575, August
              2006, <http://www.rfc-editor.org/info/rfc4575>.

   [RFC4585]  Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey,
              "Extended RTP Profile for Real-time Transport Control
              Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585,
              DOI 10.17487/RFC4585, July 2006,
              <http://www.rfc-editor.org/info/rfc4585>.

   [RFC4796]  Hautakorpi, J. and G. Camarillo, "The Session Description
              Protocol (SDP) Content Attribute", RFC 4796,
              DOI 10.17487/RFC4796, February 2007,
              <http://www.rfc-editor.org/info/rfc4796>.

   [RFC5124]  Ott, J. and E. Carrara, "Extended Secure RTP Profile for
              Real-time Transport Control Protocol (RTCP)-Based Feedback
              (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February
              2008, <http://www.rfc-editor.org/info/rfc5124>.

   [RFC5285]  Singer, D. and H. Desineni, "A General Mechanism for RTP
              Header Extensions", RFC 5285, DOI 10.17487/RFC5285, July
              2008, <http://www.rfc-editor.org/info/rfc5285>.

   [RFC5506]  Johansson, I. and M. Westerlund, "Support for Reduced-Size
              Real-Time Transport Control Protocol (RTCP): Opportunities
              and Consequences", RFC 5506, DOI 10.17487/RFC5506, April
              2009, <http://www.rfc-editor.org/info/rfc5506>.

   [RFC5764]  McGrew, D. and E. Rescorla, "Datagram Transport Layer
              Security (DTLS) Extension to Establish Keys for the Secure
              Real-time Transport Protocol (SRTP)", RFC 5764,
              DOI 10.17487/RFC5764, May 2010,
              <http://www.rfc-editor.org/info/rfc5764>.



   This document describes a framework for delivering VPN services with
   enhanced characteristics, such as guaranteed resources, latency,
   jitter, etc.  This is not a closed list.  It is expected that other
   enhanced features may be added to VPN over time, and it is expected
   this framework will support these additions with necessary changes or
   enhancements in some network layers and network planes.

   The concept of network slicing has gained traction driven largely by
   needs surfacing from 5G [NGMN-NS-Concept] [TS23501] [TS28530].
   According to [TS28530], a 5G end-to-end network slice consists of
   three major types of network segments: Radio Access Network (RAN),
   Transport Network (TN), and Mobile Core Network (CN).  The transport
   network provides the connectivity between different entities in RAN
   and CN segments of a 5G end-to-end network slice, with specific
   performance commitments.

   [I-D.ietf-teas-ietf-network-slices] discusses the general framework,
   the components, and interfaces for requesting and operating network
   slices using IETF technologies.  These network slices may be referred
   to as RFC XXXX Network Slices, but in this document (which is solely
   about IETF technologies) we simply use the term "network slice" to
   refer to this concept.  A network slice service enables connectivity
   between a set of Service Demarcation Points (SDPs) with specific
   Service Level Objectives (SLOs) and Service Level Expectations (SLEs)
   over a common underlay network.  A network slice can be realized as a
   logical network connecting a number of endpoints and is associated
   with a set of shared or dedicated network resources that are used to
   satisfy the SLOs and SLEs requirements.  A network slice is
   considered as one target use case of enhanced VPNs.

   [I-D.ietf-teas-ietf-network-slices] also introduces the concept of
   the Network Resource Partition (NRP), which is a subset of the
   buffer/queuing/scheduling resources and associated policies on each
   of a connected set of links in the underlay network.  An NRP can be
   associated with a dedicated or shared network topology to select or
   specify the set of links and nodes involved.

   The requirements of enhanced VPN services cannot simply be met by
   overlay networks, as enhanced VPN services require tighter
   coordination and integration between the overlay and the underlay
   networks.

   In the overlay network, the VPN has been defined as the network
   construct to provide the required connectivity for different services
   or customers.  Multiple VPN flavors can be considered to create that
   construct [RFC4026].  In the underlay network, the concept of a
   Network Resource Partition (NRP) as defined in
   [I-D.ietf-teas-ietf-network-slices] is used to represent a subset of

Dong, et al.              Expires 27 June 2024                  [Page 4]
Internet-Draft           Enhanced VPN Framework            December 2023

   the buffer/queuing/scheduling resources and associated policies in
   the underlay network.  An NRP can be associated with a dedicated or
   shared network topology to select or specify the set of links and
   nodes involved.

   An enhanced VPN service can be realized by integrating a VPN in the
   overlay and an NRP in the underlay.  This is called an NRP-based
   enhanced VPN.  In doing so, an enhanced VPN service can provide
   enhanced properties, such as guaranteed resources and assured or
   predictable performance.  An enhanced VPN service may also involve a
   set of service functions (Section 1.4 of [RFC7665]).  The techniques
   for delivering an NRP-based enhanced VPN can be used to instantiate a
   network slice service, and they can also be of use in general cases
   to provide enhanced connectivity services between customer sites or
   service endpoints.

   This document describes a framework for using existing, modified, and
   potential new technologies as components to provide NRP-based
   enhanced VPN services.  Specifically, this document provides:

   *  The functional requirements and service characteristics of an
      enhanced VPN service.

   *  The design of the data plane for NRP-based enhanced VPNs.

   *  The necessary control and management protocols in both the
      underlay and the overlay of enhanced VPNs.

   *  The mechanisms to achieve integration between the overlay network
      and the underlay network.

   *  The necessary Operation, Administration, and Management (OAM)
      methods to instrument an enhanced VPN to make sure that the
      required Service Level Agreement (SLA) between the customer and
      the network operator is met, and to take any corrective action
      (such as switching traffic to an alternate path) to avoid SLA
      violation.

   The required layered network structure to achieve these objectives is
   shown in Section 4.1.

   It is not envisaged that enhanced VPN services will replace
   conventional VPN services.  VPN services will continue to be
   delivered using existing mechanisms and can co-exist with enhanced
   VPN services.  Whether enhanced VPN features are added to an active
   VPN service is deployment specific.

Dong, et al.              Expires 27 June 2024                  [Page 5]
Internet-Draft           Enhanced VPN Framework            December 2023

2.  Terminology

   In this document, the relationship of the four terms "VPN", "enhanced
   VPN", "NRP", and "Network Slice" are as follows:

   *  A Virtual Private Network (VPN) refers to the overlay network
      service that provides connectivity between different customer
      sites, and that maintains traffic separation between different
      customers.  Examples of technologies to provide VPN services are:
      IPVPN [RFC2764], L2VPN [RFC4664], L3VPN [RFC4364], and EVPN
      [RFC7432].

   *  An enhanced VPN service is an evolution of the VPN service that
      makes additional service-specific commitments.  An NRP-based
      enhanced VPN is made by integrating a VPN with a set of network
      resources allocated in the underlay network (i.e. an NRP).

   *  A Network Resource Partition (NRP) is a subset of the
      buffer/queuing/scheduling resources and associated policies on
      each of a connected set of links in the underlay network.  An NRP
      can be associated with a dedicated or shared network topology to
      select or specify the set of links and nodes involved.  An NRP is
      designed to meet the network resources and performance
      characteristics required by the enhanced VPN services.

   *  A network slice service could be delivered by provisioning one or
      more NRP-based enhanced VPN in the network.  Other mechanisms for
      realizing network slices may exist but are not in scope for this
      document.

   The term "tenant" is used in this document to refer to a customer of
   the enhanced VPN services.

   The following terms, defined in other documents, are also used in
   this document.

   SLA:  Service Level Agreement.  See
      [I-D.ietf-teas-ietf-network-slices].

   SLO:  Service Level Objective.  See
      [I-D.ietf-teas-ietf-network-slices].

   SLE:  Service Level Expectation.  See
      [I-D.ietf-teas-ietf-network-slices].

   NRP:  Network Resource Partition.  See
      [I-D.ietf-teas-ietf-network-slices]

Dong, et al.              Expires 27 June 2024                  [Page 6]
Internet-Draft           Enhanced VPN Framework            December 2023

   ACTN:  Abstraction and Control of Traffic Engineered Networks
      [RFC8453].

   DetNet:  Deterministic Networking.  See [RFC8655].

   FlexE:  Flexible Ethernet [FLEXE].

   TSN:  Time Sensitive Networking [TSN].

   VN:  Virtual Network.  See [RFC8453].

3.  Overview of the Requirements

   This section provides an overview of the requirements of an enhanced
   VPN service.

3.1.  Performance Guarantees

   Performance guarantees are committed by network operators to their
   customers in relation to the services delivered to the customers.
   They are usually expressed in SLAs as a set of SLOs.

   There are several kinds of performance guarantees, including
   guaranteed maximum packet loss, guaranteed maximum delay, and
   guaranteed delay variation.  Note that these guarantees apply to
   conformance traffic; out-of-profile traffic will be handled according
   to a separate agreement with the customer (see, for example,
   Section 3.6 of [RFC7297]).

   Guaranteed maximum packet loss is usually addressed by setting packet
   priorities, queues size, and discard policy.  However, this becomes
   more difficult when the requirement is combined with latency
   requirements.  The limiting case is zero congestion loss, and that is
   the goal of Deterministic Networking (DetNet) [RFC8655] and Time-
   Sensitive Networking (TSN) [TSN].  In modern optical networks, loss
   due to transmission errors already approaches zero, but there is the
   possibility of failure of the interface or the fiber itself.  This
   type of fault can be addressed by some form of signal duplication and
   transmission over diverse paths.

   Guaranteed maximum latency is required by a number of applications,
   particularly real-time control applications and some types of
   augumented reality and virtual reality (AR/VR) applications.  DetNet
   techniques may be considered [RFC8655], however additional methods of
   enhancing the underlay to better support the delay guarantees may be
   needed, and these methods will need to be integrated with the overall
   service provisioning mechanisms.

Dong, et al.              Expires 27 June 2024                  [Page 7]
Internet-Draft           Enhanced VPN Framework            December 2023Even & Lennox             Expires July 18, 2017                [Page 11]
Internet-Draft             RTP mapping to CLUE              January 2017

   [RFC6562]  Perkins, C. and JM. Valin, "Guidelines for the Use of
              Variable Bit Rate Audio with Secure RTP", RFC 6562,
              DOI 10.17487/RFC6562, March 2012,
              <http://www.rfc-editor.org/info/rfc6562>.

   [RFC7022]  Begen, A., Perkins, C., Wing, D., and E. Rescorla,
              "Guidelines for Choosing RTP Control Protocol (RTCP)
              Canonical Names (CNAMEs)", RFC 7022, DOI 10.17487/RFC7022,
              September 2013, <http://www.rfc-editor.org/info/rfc7022>.

   [RFC7205]  Romanow, A., Botzko, S., Duckworth, M., and R. Even, Ed.,
              "Use Cases for Telepresence Multistreams", RFC 7205,
              DOI 10.17487/RFC7205, April 2014,
              <http://www.rfc-editor.org/info/rfc7205>.

   [RFC7667]  Westerlund, M. and S. Wenger, "RTP Topologies", RFC 7667,
              DOI 10.17487/RFC7667, November 2015,
              <http://www.rfc-editor.org/info/rfc7667>.

Authors' Addresses

   Roni Even
   Huawei Technologies
   Tel Aviv
   Israel

   Email: roni.even@huawei.com

   Jonathan Lennox
   Vidyo, Inc.
   433 Hackensack Avenue
   Seventh Floor
   Hackensack, NJ  07601
   US

   Email: jonathan@vidyo.com

Even & Lennox             Expires July 18, 2017                [Page 12]