Largelanaguagemodels Y. Su INTERNET DRAFT Z. Li Intended status: Standards Track R. Chen Expires: 30 April 2025 J.Dou CAICT 18 October 2024 Requirements of NGN evolution to support multi-connection for network and cloud interworking draft-suyue-networkmulticonnection-00 Abstract This document establishes the industry standards for Requirements of NGN evolution to support multi-connection for network and cloud interworking. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as work in progress. This Internet-Draft will expire on 30 April 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of contents 1. Introduction 2. The scenarios of multi-connection 3. Overview 4. Securities Considerations 5. IANA Considerations 6. References Acknowledgments Authors Addresses 1.Introduction This draft Recommendation provides requirements and capabilities of NGN evolution to support multi-connection for network and cloud interworking. In addition , this draft provides the general requirement to support network and cloud interworking and this draft recommendation concentrates on the detailed requirements and capabilities to support a set of multi-connection scenarios based on Y.NGNe-NCI-reqts. In the future, most businesses and applications will be carried on the data centre based on virtualization technology, therefore network and cloud interworking has become an irresistible trend. Network and cloud interworking make applications, cloud computing, network resources and customers cooperate together to provide an end-to-end, complete, flexible and scalable solution. For instance, NGNes will provide network resources (e.g. access point, bandwidth, link, tunnel. etc) according to the requirements of the customers, while the cloud service providers will provide cloud computing resources such as storage, computing and VAS according to the demand of the applications. In the context of network and cloud interworking, multi-connection means the network elements and cloud nodes could connect to multiple network elements and cloud nodes in an efficient and dynamic way, in order to achieve the features of intelligence, flexibility and high visualization. 2.The scenarios of multi-connection 2.1 Interconnection between different backup nodes Applications running on a single data centers can face a variety of unexpected situations. For example, the software and hardware environment might be damaged and cannot be restored in a short time, or events such as fires and natural disasters may even lead to the unavailability of entire data centers. These situations will make key applications unavailable for a long time, thus causing great losses to users' businesses. Therefore, when the applications deployed in one data center cannot be restored in a short time, it is necessary to quickly pull up the backup applications on another data center. NGNe could implement network probe inspection and health-check mechanism which are used to detect whether there are factors that trigger the disaster discovery in different date centers. Once they are triggered, NGNe is required to provide different types of network connections to support the activating of back up nodes immediately. 2.2 Interconnection between the enterprise nodes and the computing nodes NGNe supports the interconnection between the enterprise nodes and the computing nodes by establishing private and secure access paths from the enterprise nodes to the data center or public cloud, and cooperate with the cloud management system to create virtual networks inside the cloud to meet the multi-tenant business. CSP requires NGNe to provide the high-quality dedicated and private line to ensure the end-to-end connection, which not only ensures the stability, high-speed and security of the connection, but also avoids the network quality instability caused by bypassing the public networks. The NGNe has to support the interface with the CSP and the interface with enterprise nodes which could provide flexible network capabilities for various hybrid cloud services and applications. The adoption of SDN technology and global orchestration in NGNe will also promote the connections between the enterprise nodes and the computing nodes with advanced features such as agile, flexible and intelligent. 2.3 Interconnection between cross-regional enterprise nodes and computing nodes The interconnection between enterprise private computing nodes is usually established by renting NGNe providers private lines or WAN services with guaranteed QoS, to build cross-regional private networks for enterprise IT systems. Meanwhile, enterprises with low requirements on connection quality and security may apply for low priority lines of NGNe to build enterprise networks to save the cost. On both the cases, NGNe providers could support the hybrid networking scheme of this scenario. The interconnection of important branches of the enterprise or important computing nodes usually implement dedicated line or virtual private network (VPN) provided by the NGNe providers. While the interconnection of services between ordinary branches of the enterprise or computing nodes might use WAN or other types of connecting service without guaranteed QoS. 3.Requirements and capabilities of NGN evolution to support multi connection for network and cloud interworking 3.1 Overview This clause will provide the capabilities and requirements of network evolution for supporting multi-connection This draft Recommendation focuses on some specific enhancements to NGN to support multi-connection for network and cloud interworking. NGNe is required to provide some specific capabilities for the coordination of unified network and cloud services according to the requirements of users and application providers. These capabilities enable operators to assign and dynamically adjust network resources and cloud computing resource based on the requirements, as well as support interfaces for users and applications enabling on-demand resource and service provision. To support multi-connection for network and cloud interworking, the following features need to be considered for the NGNe providers: unified service provisioning: varies network services and cloud services could be configured and managed in a unified platform; concerted status awareness: network connection status and cloud service availability status could both be aware by the NGNe provider; collaborative fault detection mechanism: system faults causing network disconnection, server shut down, virtual machine crashes, etc., could be detected by NGNe provider; integrated resources allocation and optimization: traffic management and network/cloud resource optimization could be scheduled in a cooperative manner; global operation authorization: unified authorization and authentication methods of network and cloud operations could be applied, and accounting and network/cloud resource consumption could be measured globally; artificial intelligent assisted prediction and maintenance: machine learning and artificial intelligent technologies are deeply involved in services prediction and system maintenance. 3.2 Requirements of NGNe to support multi connection 3.2.1 Requirements of unified service provisioning NGNe is required to support unified service provisioning features that include the following aspects: - unified acceptance and unified delivery of cloud and network services for customers. - unified service presentation to achieve deep integration of cloud services and network services. - integrated service provisioning, unified definition, packaging and orchestration of network resources and cloud resources to form a unified, agile and flexible resource supply system - unified network and cloud configurations, to translate service requests into applicable commands or configurations and send to the network and cloud management system; - unified service platform, to provide a single entrance to user to subscribe varies network and cloud services such as virtual machine applications or network connection establishments. 3.2.2 Requirements of concerted status awareness NGNe is required to support concerted status awareness features that include the following aspects: ?network resource awareness, such as connection qualities, link bandwidth, bandwidth utilization, cost of routes and other available resource information; ?cloud resource awareness, such as server status, virtual machine availability, computing, storage and in-cloud network information; ?service awareness, to perceive the characteristics of different types of services and flexibly adjust the network coverage, bandwidth and the cloud computing performance including scale in/out and other facets according to the service requirements; ?user intent awareness, to achieve closed-loop automation, to help realize automated service activation and network maintenance functions, to reduce manual intervention and improve performance. 3.2.3 Requirements of collaborative fault detection mechanism NGNe is required to support collaborative fault detection mechanism features that include the following aspects: ?network fault detection, the system will detect any network faults that may cause network disconnection, link congestion or access failure to prevent further damage for any services; ?cloud fault detection, the system will detect any cloud faults that may cause server shut down, virtual machine crashes and other types of malfunction within the cloud; ?When a fault occurs, it can be quickly located, and the load can be automatically switched to ensure the stability of the performance and avoid affecting the customer experience. Note: if a fault is located in the network, the backup connection could be activated, and if a fault is located in the cloud, the backup server or virtual machine could be switched on. ?end-to-end security endogenous mechanism, based on an adaptive security framework and safe atomic capabilities, an endogenous security system is required through intelligent security defense, detection, response, and prediction methods, to achieve auto-immunity, autonomy, and self-growth network and cloud end-to-end security. 3.2.4 Requirements of integrated resources allocation and optimization NGNe is required to support integrated resources allocation and optimization that include the following aspects: ?cloud computing resources and network facilities should be integrated to form a system and technical architecture of integrated supply, dynamic optimization and integrated service, so as to realize the resource supply of a simple, agile, open, integrated, safe and intelligent new information infrastructure. ?integrated supply, to define, package and arrange network resources and cloud resources in a unified, agile and flexible resource supply system. ?dynamic optimization of global network resources, to optimize network resources dynamically in real time according to the demand of cloud services, user visits and other factors. ?unified control and scheduling of multi-dimensional resources, such as the use of computing power network, DLT and other new technologies to build a multi-dimensional, multi-party, heterogeneous resource adaptation system. 3.2.5 Requirements of global operation authorization NGNe is required to support global authorization that include the following aspects:? ?integrated operation, to shift from independent operation system of cloud and network to global resource awareness, consistent quality assurance, integrated planning and operation and maintenance management. ?integrated service, to realize the unified acceptance, delivery and presentation of cloud business for customers, and realize the deep integration of cloud business and network business. ?unified system of user management, identity allocation and identity authentication, to realize single sign on of cloud and network application, realize dynamic synchronization of user identity and authority, and improve system availability, security and user convenience. ?unified identity authentication service platform, to realizes the core objectives of user identity management, system resource integration, application data sharing and comprehensive centralized management and control through the application modules of centralized certificate management, centralized account management, centralized authorization management and centralized authentication management. 3.2.6 Requirements of artificial intelligent assisted prediction and maintenance NGNe is required to support artificial intelligent assisted prediction and maintenance that include the following aspects: ?massive data analysis, to analyses and provides different types of data in the cloud and network in the original format. ?big data transform, such as build a multi-layer and multi-level AI enabling platform to transform the big data resources of the cloud and network into the intelligent planning, analysis, fault diagnosis and dynamic optimization capabilities of the cloud and network through artificial intelligence algorithms, and to provide cloud based artificial intelligence services for various users. ?intelligent cloud and network coordination, to realize self-adaptive, self-learning, self-correction and self-optimization of the end-to-end system of cloud and network integration through deep learning, reinforcement learning and other artificial intelligence algorithms. ?improve the matching scheduling accuracy of large-scale resources, to solve the problems of dependence between heterogeneous resources, high matching complexity, and difficult to guarantee the balance after adjustment. ?perception of customer intent and business quality, to automatically converted to the requirements for heterogeneous cloud and network resources, and automatically completes the corresponding network connection and it resource configuration. Through real-time network verification and optimization, the dynamic guarantee of customer-oriented and business services is realized. 3.3 Capabilities of NGNe to support multi connection 3.3.1 Relationships between requirements and capabilities of NGNe to support multi connection To support network and cloud interworking especially for multi connection scenarios, NGNe is required to enhance its capabilities in order to provide some advanced features that have been described in clause 8. The relationships between the requirements and capabilities of NGNe are as follows: open environment capabilities and service control capabilities support the requirements of unified service provisioning; content and context awareness capabilities support the requirements of a concerted status awareness; fault detection and recovery capabilities support the requirements of collaborative fault detection mechanism; QoS and policy control capabilities and traffic scheduling and enforcement capabilities support the requirements of integrated resources allocation and optimization; identity management capabilities and authentication and authorization capabilities support the requirements of global operation authorization. policy and strategy management capabilities and policy enforcement capabilities support the requirements of artificial intelligent assisted prediction and maintenance 3.3.2 Enhanced capabilities of NGNe to support multi connection The following enhanced capabilities of NGNe enable the network and cloud interworking especially for the support of multi connection scenarios. ?open environment capabilities: Open environment capabilities of NGNe allow the interconnection of third-party services and applications and self-operated services and applications with other NGNe capabilities, in order to provide an environment for enhanced, flexible and open service creation and provisioning within the context of network and cloud interworking. Open environment capabilities of NGNe receive service request from operators or cloud provides and delivery unified cloud and network services for them. Open environment capabilities support unified service platform which present the services in an integrated manner, so that the customer could easily access varies types of network and cloud services by a single entrance. Open environment capabilities of NGNe support open access to a service creation environment, including to a wide range of tools and technologies, enabling developers and third-party applications to create rich applications taking full advantage of other NGNe capabilities. Open environment capabilities of NGNe recommend the selected resources to the user and send the information of the selected resource's name, the cloud service provider it is associated with, and the resource pool corresponding to the selected resource to the user according to the policy generated from the policy and strategy management capabilities of NGNe. service control capabilities: Service control capabilities of NGNe enforce service registration, service authentication and service resource assignment for network and cloud interworking. Service control capabilities support information exchange between other NGNe capabilities and open environment capabilities to allow the identification of application data and user profile, and it also support unified network and cloud service configurations. Service control capabilities of NGNe translate service requests into applicable commands or configurations and send them to relevant management system. In addition, service control capabilities allow awareness events, e.g., notifications of QoS modifications, establishments of network connections reported by content and context awareness capabilities and send the events information to users or administrators. content and context awareness capabilities: Content and context awareness capabilities of NGNe retrieve the awareness-related information by network and cloud status detection methods, then deeply analyses the information including network related awareness information such as connection qualities, link bandwidth, bandwidth utilization, cost of routes and other available resource information, and cloud related awareness information, such as server status, virtual machine availability, computing, storage and in-cloud network information. Content and context analysis capabilities of NGNe provide analysis results related to user traffic, network status and cloud computing resource to policy and strategy management capabilities and traffic scheduling and enforcement capabilities. Content and context analysis capabilities distribute the analysis results could either in real time and/or on-demand according to the requirements. Content and context analysis capabilities of NGNe also support service awareness, to perceive the characteristics of different types of services and the cloud computing performance according to the service requirements. In addition, content and context analysis capabilities of NGNe support user intent awareness, to achieve closed-loop automation, to help realize automated service activation and network maintenance functions, to reduce manual intervention and improve performance. Content and context analysis capabilities of NGNe calculate the similarity between every pair of resources among the resources from multiple cloud service providers and abstract various resources from multiple cloud service providers based on these similarities to generate different types of resource pools, then determine the type of resource pool based on the resources of these resource pools. Note- The similarity between each pair of resources is determined based on the text similarity between their respective description texts, as well as the similarity in word order. Specifically, this similarity shall be determined by the weighted sum of text similarity and word order similarity within their respective description texts between each pair of resources. fault detection and recovery capabilities Fault detection and recovery capabilities of NGNe support network fault detection and cloud fault detection in a cooperative and integrated manner. When fault detection and recovery capabilities locate any fault in the system, it could either automatically switched the user traffic to backup connections or shift the computing load to backup server or virtual machine in the cloud to ensure the stability of the performance and avoid affecting the customer experience. Furthermore, fault detection and recovery capabilities support intelligent security system, so that auto-immunity, autonomy, and self-growth network and cloud end-to-end security mechanism is achieved QoS and policy control capabilities: QoS and policy control capabilities of NGNe receive application and users requests related to bandwidth/computing resource/QoS assignment with a unified network and cloud converged manner while they also receive analysis results regarding content and context information from content and context awareness capabilities. QoS and policy control capabilities of NGNe make policy and QoS decisions by utilizing the received information and regarding network and cloud resource dynamically and continuous optimize the global resource including network resource and cloud resource to the demand of cloud services, user request and other factors. QoS and policy control capabilities of NGNe send the policy and QoS decisions to traffic scheduling and enforcement capabilities to realize their unified control of multi-dimensional resources in real-time. QoS and policy control capabilities of NGNe support a method for scheduling cloud resources. QoS and policy control capabilities determine an overall network quality metric corresponding to the application based on the network quality and traffic of users accessing application servers deployed in various IDCs within different metropolitan area networks, this overall network quality metric is derived by calculating the total sum of traffic from users in each MAN to the application servers deployed in all IDCs, and deriving a network quality weight for each MAN to a specific IDC by determining the ratio of the traffic from users in the MAN to the application servers in that IDC against the total traffic, then obtaining the overall network quality metric for the application by weighted summation of the network qualities of users in each MAN accessing the application servers deployed in all IDCs, using the respective network quality weights for each MAN-IDC pair. QoS and policy control capabilities of NGNe select IDCs where the network quality meets predefined conditions as optimized IDCs. QoS and policy control capabilities of NGNe determine an optimized network quality metric for routing traffic from application servers in the remaining IDCs to the application servers in the identified optimized IDC, and decide whether to route the traffic from the application servers in the remaining IDCs to the application servers in the optimized IDC based on the comparison between the overall network quality metric and the optimized network quality metric The determination of the optimized network quality metric for redirecting traffic from application servers in the remaining IDCs to those within the identified optimized IDCs involves the following steps: First, it assesses the amount of unoccupied cloud resources in each optimized IDC along with the quantity of cloud resources required per accessing unit user. Based on this information, it determines the volume of traffic that each optimized IDC can handle from corresponding MANs. Subsequently, based on the volume of traffic that each optimized IDC can accommodate from corresponding MANs, QoS and policy control capabilities of NGNe determine the optimized traffic flow for users in each MAN when their traffic from the application servers in the remaining IDCs is redirected to the application servers within the identified optimized IDCs. In addition, the method entails calculating the total sum of traffic from users in all MANs to the application servers deployed across all IDCs. Then, QoS and policy control capabilities of NGNe determine the optimized network quality weight from the MAN to the IDC by calculating the ratio of the optimized traffic for users in the MAN accessing the application servers deployed in the IDC to the total sum of that traffic. Finally, QoS and policy control capabilities of NGNe derive the optimized network quality metric for the application by performing a weighted sum of the network qualities experienced by users in each Metropolitan Area Network (MAN) when accessing application servers deployed in all IDCs, using the respective optimized network quality weights from each MAN to every IDC. traffic scheduling and enforcement capabilities: Traffic scheduling and enforcement capabilities of NGNe receive policy and QoS decisions from QoS and policy control capabilities and also receive analysis results regarding content and context information from content and context awareness capabilities. Traffic scheduling and enforcement capabilities make decisions based on these results and generates traffic scheduling rules. These rules support end-to-end traffic management across network domain and cloud computing domain of varying technologies to ensure that the requirements from users and applications can be satisfied. Traffic scheduling and enforcement capabilities rely on an integrated new information infrastructure with network and cloud convergence and allow policy and QoS decision be executed and realized in both network and cloud computing areas. identity management capabilities: Identity management capabilities of NGNe support the mechanism to realize single sign on of cloud and network application, realize dynamic synchronization of user identity and authority. Identity management capabilities of NGNe is responsible for storage and update of unified user identity profiles and other information, and they are also the enhancement to increase confidence in identity information of users and enhance business and security applications and services. authentication and authorization capabilities: Authentication and authorization capabilities co-operate with identity management capabilities to form a unified authentication and authorization platform which could handle both the network and cloud authentication and authorization requests in a single place. policy and strategy management capabilities: Policy and strategy management capabilities of NGNe support real-time traffic prediction through the use of artificial intelligence algorithms, and predict future network traffic patterns connected with multiple cloud service providers and help NGNe providers to plan and adjust network resources. Policy and strategy management capabilities of NGNe analyze user behavior, including usage habits and peak traffic periods, help NGNe providers to optimize network operations and configurations. Policy and strategy management capabilities of NGNe visualize real-time network traffic data, help NGNe providers to gain a better understanding of network and cloud interworking traffic patterns and trends in order to perform network maintenance and optimization and improve network performance and stability. NGNe support a method for cross-cloud resource recommendation. Policy and strategy management capabilities of NGNe determine the type and size of resources required by the user, and the resource pool that provides resources for the user based on the type of resources required by the user. Policy and strategy management capabilities select resources from the resource pool designated for provisioning resources to the user, which are currently unutilized and match the size of resources required by the user, according to the usage status of resources across multiple cloud service providers and the size of resources required by the user. Policy and strategy management capabilities receive resource demand information sent by the user through a unified interface and analysis the resource demand information to determine the type and size of resources required by the user. Policy and strategy management capabilities acquire information about each type of resource pool within the multiple resource pools through a unified interface for heterogeneous resources and identify the specific resource pool to provide resources for the user based on the type of resource required by the user and the information about each resource pool. policy enforcement capabilities: Policy enforcement capabilities of NGNe monitor network traffic in real-time, analyse and process network traffic to ensure the strategies generated by policy and strategy management capabilities of NGNe be executed. Policy enforcement capabilities of NGNe implement real-time policy control based on pre-defined network policies to ensure the optimized allocation and use of network resources. Policy enforcement capabilities of NGNe perform optimization of the network operations and configurations based on real-time data and predictions to improve network performance and stability. Policy enforcement capabilities of NGNe monitor and analyse network performance in real-time to identify and resolve network performance issues. 4. Security considerations The main aspects of network security considerations of NGN evolution to support multi-connection for network. In addition, the NGNe should support external and internal threat protection capability. External threat protection capability of the NGNe should provide external-initiated network attacks and intrusion protection to the IT architecture. It should facilitate blocking network attacks and intrusions initiated by the external environment. The NGNe should support cyber attack and intrusion prevention between resources within the IT architecture.By implementing network segmentation within the NGNe, different resources and services can be isolated from each other, reducing the attack surface and limiting the impact of intrusions from inside IT architecture. 5.IANA Considerations To be completed. 6.References 6.1 Terms and definitions 6.1.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: cloud computing ITU T Y.3500: Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand. NOTE: Examples of resources include servers, operating systems, networks, software, applications and storage equipment. cloud service customer ITU T Y.3500: Party which is in a business relationship for the purpose of using cloud services. NOTE: A business relationship does not necessarily imply financial agreements. cloud service provider ITU T Y.3500: Party which makes cloud services available. Next Generation Network (NGN)ITU T Y.2001: A packet-based network which is able to provide telecommunication services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It enables unfettered access for users to networks and to competing service providers and or services of their choice. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users. 6.2 Terms defined in this Recommendation Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: AI Artificial intelligence API Application Programming Interface CC Core Cloud CSC Cloud Service Customer CSP Cloud Service Provider NGNe Next Generation Network evolution MC Multi-Connection NCI Network and Cloud Interworking Acknowledgments Authors' Address Yue Su (editor) China Academy of Information and Communications Technology Zhichunlu Road Beijing China Email: suyue1@caict.ac.cn Zihan Li China Academy of Information and Communications Technology Email: lizihan1@caict.ac.cn Ruihao Chen China Academy of Information and Communications Technology Email: chenruihao@caict.ac.cn Jiali Dou China Academy of Information and Communications Technology Email: doujiali@caict.ac.cn