Internet DRAFT - draft-cuspdt-rtgwg-cu-separation-bng-architecture
draft-cuspdt-rtgwg-cu-separation-bng-architecture
INTERNET-DRAFT S. Hu
Intended status: Informational F. Qin
Z. Li
China Mobile
T. Chua
Singapore Telecommunications Ltd
V. Lopez
Telefonica
D. Eastlake
Z. Wang
J. Song
Huawei
Expires: September 10, 2019 March 11, 2019
Architecture for Control Plane and User Plane Separated BNG
draft-cuspdt-rtgwg-cu-separation-bng-architecture-04.txt
Abstract
This document defines an architecture for Broadband Network Gateway
(BNG) devices with control plane (CP) and user plane (UP) separation.
A BNG-CP is a user control management component while a BNG-UP takes
responsibility as the network edge and user policy implementation
component. Both BNG-CP and BNG-UP are core components for fixed
broadband services and are deployed separately at different network
layers.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Distribution of this document is unlimited. Comments should be sent
to the authors or the RGTWG working group mailing list:
rtgwg@ietf.org.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Hu, et al [Page 1]
�
INTERNET-DRAFT Architecture for CU Separated BNG
Table of Contents
1. Introduction............................................3
1.1 Motivation.............................................3
2. Terminology.............................................4
3. CU Separated BNG Architecture...........................5
3.1 Internal Interfaces Between the CP and UP..............7
4. Usage of the CU Separation BNG..........................8
5. Security Considerations................................10
6. IANA Considerations....................................10
Normative References......................................11
Informative References....................................11
Authors' Addresses........................................12
Hu, et al [Page 2]
�
INTERNET-DRAFT Architecture for CU Separated BNG
1. Introduction
A Broadband Network Gateway (BNG) device is defined as an Ethernet-
centric IP edge router, and the aggregation point for user traffic.
It performs Ethernet aggregation and packet forwarding via IP/MPLS,
and supports user management, access protocols termination, QoS,
policy management, etc.
This document describes an architecture for BNG devices with control
plane (CP) and user plane (UP) separation. A BNG-CP is a user
control management component while a BNG-UP takes responsibility as
the network edge and user policy implementation components. Both BNG-
CP and BNG- UP are core components for fixed broadband services and
are deployed separately at different network layers in the network.
1.1 Motivation
The rapid development of new services, such as 4K TV, IoT, etc., and
increasing numbers of home broadband service users present some new
challenges for BNGs such as:
Low resource utilization: The traditional BNG acts as both a gateway
for user access authentication and accounting and an IP network's
Layer 3 edge. The mutually affecting nature of the tightly
coupled control plane and forwarding plane makes it difficult to
achieve the maximum performance of either plane.
Complex management and maintenance: Due to the large numbers of
traditional BNGs, configuring each device in a network is very
tedious when deploying global service policies. As the network
expands and new services are introduced, this deployment mode
will cease to be feasible as it is unable to manage services
effectively and rectify faults rapidly.
Slow service provisioning: The coupling of control plane and
forwarding plane, in addition to a distributed network control
mechanism, means that any new technology has to rely heavily on
the existing network devices.
To address these challenges for fixed networks, the framework for a
cloud-based BNG with CU separation conception is defined in [TR-384].
The main idea of Control-Plane and User-Plane separation is to
extract and centralize the user management functions of multiple BNG
devices, forming a unified and centralized control plane (CP). And
the traditional router's Control Plane and Forwarding Plane are both
preserved on BNG devices in the form of a user plane (UP). Note that
the CU separation concept has also been introduced in the 3GPP 5G
architecture [3GPP.23.501].
Hu, et al [Page 3]
�
INTERNET-DRAFT Architecture for CU Separated BNG
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The following acronyms are used as specified below:
AAA: Authentication Authorization Accounting.
BNG: Broadband Network Gateway. A broadband remote access server
(BRAS (Broadband Access Server), B-RAS or BBRAS) that routes
traffic to and from broadband remote access devices such as
digital subscriber line access multiplexers (DSLAM) on an
Internet service provider's (ISP) network. BRAS can also be
referred to as a Broadband Network Gateway (BNG).
CP: Control Plane. The CP is a user control management component
which manages the UP's resources such as the user entry and
user's QoS policy
DHCP: Dynamic Host Configuration Protocol.
EMS: Element Management System.
IPoE: IP over Ethernet.
MANO: Management and Orchestration.
NFV: Network Function Virtualization.
NFVI: NFV Infrastructure.
PPPoE: Point-to-Point Protocol over Ethernet.
UP: User Plane. UP is a network edge and user policy implementation
component. The traditional router's Control Plane and forwarding
plane are both preserved on BNG devices in the form of a user
plane.
Hu, et al [Page 4]
�
INTERNET-DRAFT Architecture for CU Separated BNG
3. CU Separated BNG Architecture
The functions in a traditional BNG can be divided into two parts: one
is the user access management function, the other is the router
function. In a cloud-based BNG, we find that tearing these two
functions apart can make a difference. The user management function
can be centralized and deployed as a concentrated module or device,
called the BNG-CP (Control Plane). The other functions, such as the
router function and forwarding engine, can be deployed in the form of
the BNG User Plane. Thus, the Cloud-based BNG architecture is made up
of control plane and user plane.
The following figure describes the architecture of CU separated BNG:
+------------------------------------------------------------------+
| Neighboring policy and resource management systems |
| |
| +-------------+ +-----------+ +---------+ +----------+ |
| |AAA Server| |DHCP Server| | EMS | | MANO | |
| +-------------+ +-----------+ +---------+ +----------+ |
+------------------------------------------------------------------+
+------------------------------------------------------------------+
| CU-separated BNG system |
| +--------------------------------------------------------------+ |
| | +----------+ +----------+ +------++------++-----------+ | |
| | | Address | |Subscriber| | AAA ||PPPoE/|| UP | | |
| | |management| |management| | ||IPoE ||management | | |
| | +----------+ +----------+ +------++------++-----------+ | |
| | CP | |
| +--------------------------------------------------------------+ |
| |
| |
| |
| +---------------------------+ +--------------------------+ |
| | +------------------+ | | +------------------+ | |
| | | Routing control | | | | Routing control | | |
| | +------------------+ | ... | +------------------+ | |
| | +------------------+ | | +------------------+ | |
| | |Forwarding engine | | | |Forwarding engine | | |
| | +------------------+ UP | | +------------------+ UP| |
| +---------------------------+ +--------------------------+ |
+------------------------------------------------------------------+
Figure 1. Architecture of CU Separated BNG
As in Figure 1, the BNG Control Plane could be virtualized and
centralized, which provides significant benefits such as centralized
session management, flexible address allocation, high scalability for
subscriber management capacity, and cost-efficient redundancy, etc.
Hu, et al [Page 5]
�
INTERNET-DRAFT Architecture for CU Separated BNG
The functional components inside the BNG Service Control Plane can be
implemented as Virtual Network Functions (VNFs) and hosted in a
Network Function Virtualization Infrastructure (NFVI).
The User Plane Management module in the BNG control plane centrally
manages the distributed BNG User Planes (e.g. load balancing), as
well as the setup, deletion, and maintenance of channels between
Control Planes and User Planes. Other modules in the BNG control
plane, such as address management, AAA, etc., are responsible for the
connection with outside subsystems in order to fulfill those
services. Note that the User Plane SHOULD support both physical and
virtual network functions. For example, BNG user plane L3 forwarding
related network functions can be disaggregated and distributed across
the physical infrastructure. And the other control plane and
management plane functions in the CU Separation BNG can be moved into
the NFVI for virtualization [TR-384].
The details of CU separated BNG's function components are as
following:
The Control Plane should support:
(1) Address management: unified address pool management.
(2) AAA: This component performs Authentication, Authorization and
Accounting, together with RADIUS/DIAMETER. The BNG communicates
with the AAA server to check whether the subscriber who sent an
Access-Request has network access authority. Once the subscriber
goes online, this component together with the Service Control
component implement accounting, data capacity limitation, and QoS
enforcement policies.
(3) Subscriber management: user entry management and forwarding
policy management.
(4) PPPoE/IPoE: process user dialup packets via PPPoE/IPoE.
(5) UP management: management of UP interface status, and the setup,
deletion, and maintenance of channels between CP and UP.
The User Plane should support:
(1) Control plane functions including routing, multicast, and MPLS.
(2) Forwarding plane functions including traffic forwarding, QoS and
traffic statistics collection.
Hu, et al [Page 6]
�
INTERNET-DRAFT Architecture for CU Separated BNG
3.1 Internal Interfaces Between the CP and UP
To support the communication between the Control Plane and User
Plane, several interfaces are involved. Figure 2 illustrates the
internal interfaces of CU Separated BNG.
+-----------------------------------+
| |
| BNG-CP |
| |
+--+--------------+--------------+--+
| | |
1. Service | 2. Control | 3. Management|
Interface | Interface | Interface |
| | |
+--+--------------+--------------+--+
| |
| BNG-UP |
| |
+-----------------------------------+
Figure 2. Internal Interfaces Between the CP and UP of the BNG
Service Interface: The CP and UP use this interface to establish
tunnels with each other and transmit PPPoE and IPoE packets
over those tunnels. VXLAN is commonly used for such tunnels
as discussed in
[hu-nvo3-vxlan-gpe-extension-for-vbng].
Control Interface: The CP uses this interface to deliver service
entries, and the UP uses this interface to report service
events to the CP. The requirements of this interface are
introduced in [cuspdt-rtgwg-cusp-requirements], and the
carrying protocol is presented in
[cuspdt-rtgwg-cu-separation-bng-protocol] which specifies
the Simple Control and User Plane Separation protocol (S-
CUSP). The information model of this interface is presented
in
[cuspdt-rtgwg-cu-separation-infor-model].
Management Interface: The CP uses this interface to deliver
configurations to the UP. This interface uses NETCONF
[cuspdt-rtgwg-cu-separation-yang-model].
Hu, et al [Page 7]
�
INTERNET-DRAFT Architecture for CU Separated BNG
4. Usage of the CU Separation BNG
In the CU separated BNG scenario, there are several processes when a
home user accesses the Internet:
(1) User dialup packets via PPPoE or IPoE from the BNG-UP are sent to
the BNG-CP through the BNG-UP's Service Interface.
(2) BNG-CP processes the dialup packet. Confirming the user's
authorization with the outside neighboring systems in the
management network, the BNG-CP makes the decision to permit or
deny the user access.
(3) After that, the BNG-CP tells the UP to do perform authorized
forwarding actions with appropriate QoS policies.
(4) If the user is certificated and permitted, the UP forwards the
traffic into the Internet with appropriate QoS policies such as
limited bandwidth, etc. Otherwise, the user is denied to access
the Internet.
In actual deployments, a CU separated BNG device is composed of a CP
and one or more UPs. The CP is usually centrally deployed and takes
responsibility as a user control management component managing UP's
resources such as the user entry and forwarding policy. The UPs are
distributed and act as a network edge and user policy implementation
component.
In order to fulfill a service, neighboring policy and resource
management systems are deployed outside the BNG. In the neighboring
systems, different service systems such as RADIUS/DIAMETER server,
DHCP server and EMS are included. If a BNG-CP is virtualized as a
NFV, the NFVI management system MANO is also included here. A BNG-CP
has connections with the outside neighboring systems to transmit
management traffic.
The deployment scenario is shown in the following figure:
Hu, et al [Page 8]
�
INTERNET-DRAFT Architecture for CU Separated BNG
+------------------------------------------------------------------+
| Neighboring policy and resource management systems |
| |
| +-------------+ +-----------+ +---------+ +----------+ |
| | AAA Server| |DHCP Server| | EMS | | MANO | |
| +-------------+ +-----------+ +---------+ +----------+ |
+------------------------+-----------------------------------------+
|
|
+-----------------+-----------------+
| |
| BNG-CP |
| |
+-+-----------+------------+--------+
Service| Control| Management| |||
Interface| Interface| Interface| |||
(VXLAN)| (CUSP)| (NETCONF)| |||
| | | |||
+-+-----------+------------+-+ +---------------------------+
| | | |
| BNG-UP | | BNG-UP... |
| | | |
+-------+--------------------+ +---------------+-----------+
| |
| |
+-------------+-------------+ +--------------+------------+
| | | |
| Access Network | | Access Network |
| | | |
+-+-----------+-----------+-+ +-+---------+----------+----+
| | | | | |
| | | | | |
+--+---+ +----+-+ +---+--+ +----+-+ +----+-+ +--+---+
|User11| |User12| ... |User1N| |User21| |User22| ... |User2N|
+------+ +------+ +------+ +------+ +------+ +------+
Figure 3. Deployment Example
Hu, et al [Page 9]
�
INTERNET-DRAFT Architecture for CU Separated BNG
5. Security Considerations
The Service, Control, and Management Interfaces between the CP and UP
might be across the general Internet or other hostile environment.
Thus, appropriate protections MUST be implemented to provide
integrity, authenticity, and secrecy of traffic over those
interfaces. For example, the implementation of IPSEC, DTLS, or TLS
as appropriate. However, such security protocols need not always be
used and lesser security precautions might be appropriate because, in
some cases, the communication between the CP and UP might be in a
more benign environment.
6. IANA Considerations
This document requires no IANA actions.
Hu, et al [Page 10]
�
INTERNET-DRAFT Architecture for CU Separated BNG
Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Informative References
[_3GPP.23.501] "System Architecture for the 5G System", 3GPP GPP TS
23.501 15.0.0, 2018.
[cuspdt-rtgwg-cu-separation-bng-deployment] Gu, R., "Deployment Model
of Control Plane and User Plane Separated BNG", draft-
cuspdt-rtgwg-cu-separation-bng-deployment, work in
progress, 2018.
[cuspdt-rtgwg-cu-separation-bng-protocol] Wang, Z., "Control-Plane
and User-Plane separation BNG control channel Protocol",
draft-cuspdt-rtgwg-cu-separation-bng-protocol, work in
progress, 2018.
[cuspdt-rtgwg-cu-separation-infor-model] Wang, Z., "Information Model
of Control-Plane and User- Plane separation BNG", draft-
cuspdt-rtgwg-cu-separation-infor-model, work in progress,
2018.
[cuspdt-rtgwg-cusp-requirements] Hu, S., "Requirements for Control
Plane and User Plane Separated BNG Protocol", draft-cuspdt-
rtgwg-cusp-requirements, work in progress, 2018.
[cuspdt-rtgwg-cu-separation-yang-model] Hu, F., "YANG Data Model for
Configuration Interface of Control-Plane and User-Plane
separation BNG", draft-cuspdt-rtgwg-cu-separation-yang-
model, work in progress, 2018.
[hu-nov3-vxlan-gpe-extension-for-vbng] Huang, L., "VXLAN GPE
Extension for Packets Exchange Between Control and User
Plane of vBNG", draft-hu-nvo3-vxlan-gpe-extension-for-vbrg,
work in progress, 2017.
[TR-384] Broadband Forum, "Cloud Central Office Reference
Architectural Framework", BBF TR-384, 2018.
Hu, et al [Page 11]
�
INTERNET-DRAFT Architecture for CU Separated BNG
Authors' Addresses
Shujun Hu
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: hushujun@chinamobile.com
Fengwei Qin
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: qinfengwei@chinamobile.com
Zhenqiang Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: lizhenqiang@chinamobile.com
Tee Mong Chua
Singapore Telecommunications Limited
31 Exeter Road, #05-04 Comcentre Podium Block
Singapore City 239732
Singapore
Email: teemong@singtel.com
Victor Lopez
Telefonica
Spain
Email: victor.lopezalvarez@telefonica.com
Hu, et al [Page 12]
�
INTERNET-DRAFT Architecture for CU Separated BNG
Donald Eastlake, 3rd
Huawei Technologies
1424 Pro Shop Court
Davenport, FL 33896
USA
Phone: +1-508-333-2270
Email: d3e3e3@gmail.com
Zitao Wang
Huawei Technologies
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: wangzitao@huawei.com
Jun Song
Huawei Technologies
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: song.jun@huawei.com
Hu, et al [Page 13]
�
INTERNET-DRAFT Architecture for CU Separated BNG
Copyright, Disclaimer, and Additional IPR Provisions
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Hu, et al [Page 14]
�
