Network working group Vic Liu Internet Draft China Mobile Intended status: Stand Track Chen Li China Mobile Expires: August 12, 2014 February 14, 2014 NaaS (Network as a service) requirement draft-liu-nvo3-naas-requirement-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 14, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this Liu & Li Expires August 14, 2014 [Page 1] Internet-Draft NaaS (Network as a service) requirement February 2014 document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract Naas one of the use case based on Network Virtualization Overlay (NVO3).This draft describes some specific requirement of NaaS in cloud datacenter. Table of Contents 1. Introduction ................................................ 2 2. Requirement ................................................. 3 2.1. Isolation of different tenants ......................... 3 2.2. Tenant's logical network in GUI ........................ 3 2.3. Bandwidth guarantee..................................... 3 2.4. Network management...................................... 3 2.5. Reliability ............................................ 4 2.6. Service function requirement............................ 4 2.7. Performance requirements................................ 5 2.7.1. Million-level tenants support...................... 5 2.7.2. Millisecond level service response................. 5 2.7.3. Tenants line speed bandwidth ...................... 5 3. Security Considerations...................................... 5 4. IANA Considerations ......................................... 5 5. References .................................................. 5 5.1. Normative References.................................... 5 5.2. Informative References.................................. 6 1. Introduction CDC (Cloud Data Center) network has the fastest innovation of the network standards and the most proposed technology. Especially in the public clouds. From our perspective, there are several network capacity can be sold by public clouds' operator: IP address, VLAN, bandwidth, load balance, firewall and some other network resources. The target of NaaS (network as a service) is to provide end to end virtual network with above capacity for tenants in cloud datacenter. Liu & Li Expires August 14, 2014 [Page 2] Internet-Draft NaaS (Network as a service) requirement February 2014 However, many traditional technology become the bottleneck of public cloud service, such as the number of VLAN. It becomes unable to meet the constantly updated needs of providing users with the hosted networks for the data segregation. In this draft, we focus on proposing network requirement of NaaS in datacenter. 2. Requirement NaaS is supposed to provide a virtual CDC network for a tenant. We propose several specific network features of NaaS as follows. 2.1. Isolation of different tenants Different tenants are isolated by VPN, No matter layer 2 or layer 3, no matter by VLAN tag or MPLS tag or some others. Meanwhile, the network service devices, such as load balance and firewall, also need to be isolated. Tenants have a logical isolated network, which can be implement any IP and VLAN by themselves (different tenants should reused IP/VLAN). 2.2. Tenant's logical network in GUI Tenant's logical network GUI should be simple and intuitive. For example it only display a L2 switch, a L3 gateway, a broader router, a load balance, a firewall and some other security devices. All the link is logical. VMs or servers connect to these logical network devices. 2.3. Bandwidth guarantee Each logical network should allocate the specific end to end bandwidth, including server uplink switch port rate, switch to gateway link rate, gateway to LB/FW link rate and broader router link rate. In addition, as tenants in CNC need to establish VPN connection with its own research, it need to guarantee the VPN bandwidth as well to realize end-to-end QoS. All the logical bandwidth allocation should map in physical network devices. 2.4. Network management Each tenant should be able to manage and configure their own logical network. For example tenant can maintain its own logical firewall policy. Tenant's control policy should be isolated from underlay network architecture and can the transformation from policy to rule by a middle-box controller. Meantime In order to improve the Liu & Li Expires August 14, 2014 [Page 3] Internet-Draft NaaS (Network as a service) requirement February 2014 ability of rapid deployment and decrease the difficulty of tenant management as well, it also need to provide automatic extension, automatic configuration function. 2.5. Reliability It is important for NaaS reliability. By distributed VDC, disaster tolerance, resource pool HA, smart TE and other measure is required to provide higher reliability. 2.6. Service function requirement NaaS can provide two kinds of services for tenants, public cloud service and private cloud service. The public cloud service means tenants use CDC resources to provide services for internet users; the private cloud service provide tenants CDC resources to host services for themselves. The public cloud services include public IP, bandwidth, firewall, load balance, CDN, etc. The private services include DHCP, DNS, subnet gateway, VPN, etc. Public IP services: provide IP address for the computing resources in CDC access by internet users. Bandwidth services: provide a guaranteed public network bandwidth for tenants' internet services. Firewall services: provide the tenant with self-defined security policies. Load balance: provide tenants with CDC's computing resources which have parallel service abilities. CDN: provide cache services for tenants across different geographic area, the goal of a CDN are to serve content to end-users with high availability and high performance. DHCP services: allocate IP addresses dynamically to the computing resources applied in CDC for tenants. DNS services: resolute domain name which user will access, include the internet domain and the IT domain of local tenants. Subnet gateway services: allowing tenants to define the range of subnet which the CDC's computing resources belong to, it can also provide reciprocal visits between different computing resources, access external internet and routing function of VPN. Liu & Li Expires August 14, 2014 [Page 4] Internet-Draft NaaS (Network as a service) requirement February 2014 VPN services: used in the connection between tenants' CDC resources and tenants' other resources (such as branches); sometimes in order to improve the quality of service, it will use a dedicated line to realize the VPN. So tenants will send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. 2.7. Performance requirements NaaS need to support million level tenants, so it has some specific requirements. 2.7.1. Million-level tenants support By using the overlay network (eg NVO3), it will expand the number of tenants support by the network and enhance network resource multiplexing capabilities. 2.7.2. Millisecond level service response Multi-tenant lead to high concurrency of NaaS, so the service response determine the quality of service. Service response need to be Millisecond level. 2.7.3. Tenants line speed bandwidth Tenant's bandwidth can reaches NIC's line speed. After using NaaS, the proportion of CDC's internal flow will increase. NaaS have to ensure tenants' internal data bandwidth. 3. Security Considerations TBD 4. IANA Considerations The draft does not require any IANA action. 5. References 5.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Liu & Li Expires August 14, 2014 [Page 5] Internet-Draft NaaS (Network as a service) requirement February 2014 5.2. Informative References [NVO3FRWK] LASSERRE, M., Motin, T., et al, "Framework for DC Network Virtualization", draft-ietf-nvo3-framework-05, work in progress. [NVGRE] Sridharan, M., et al, "NVGRE: Network Virtualization using Generic Routing Encapsulation", draft-sridharan-virtualization- nvgre-03, work in progress [VXLAN] Mahalingam, M., Dutt, D., etc, "VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", draft-mahalingam-dutt-dcops-vxlan-05.txt, work in progress [Y.1731] ITU-T, "ITU-T Recommendation Y.1731 (02/08) - OAM functions and mechanisms for Ethernet based networks", February 2008. [ICMP] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, September 1981. [traceroute] Malkin, G., "Traceroute Using an IP Option", RFC 1393, Xylogics, Inc., January 1993. [RFC4378] Allan, D. and T. Nadeau, "A Framework for Multi-Protocol Label Switching (MPLS) Operations and Management (OAM)", RFC 4378, February 2006. Liu & Li Expires August 14, 2014 [Page 6] Internet-Draft NaaS (Network as a service) requirement February 2014 Authors' Addresses Vic Liu China Mobile 32 Xuanwumen West Ave, Beijing, China Email: liuzhiheng@chinamobile.com Chen Li China Mobile 32 Xuanwumen West Ave, Beijing, China Email: lichenyj@chinamobile.com Liu & Li Expires August 14, 2014 [Page 7]