Network Management Research Group P. Martinez-Julia, Ed. Internet-Draft NICT Intended status: Standards Track J. Jeong, Ed. Expires: 6 September 2024 Sungkyunkwan University 5 March 2024 Intent Translation Engine for Intent-Based Networking draft-pedro-ite-01 Abstract This document specifies the schemas and models required to realize the data formats and interfaces for Intent-Based Networking (IBN). They are needed to enable the composition of services to build a translation engine for IBN-based network management. This intent translation engine (called an intent translator) is an essential function for network intents to be enforced into a target network for the configuration and management of the network and its security. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 6 September 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. Martinez-Julia & Jeong Expires 6 September 2024 [Page 1] Internet-Draft Intent Translation Engine March 2024 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Intent Translation Engine . . . . . . . . . . . . . . . . . . 3 3.1. Iteraction Between the ITE and Network Tentants . . . . . 3 3.2. Iteraction Between the ITE and Network Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.3. Iteraction Between the ITE and VIM . . . . . . . . . . . 4 3.4. Iteraction Between the ITE and External Services . . . . 5 4. Implementation Guide . . . . . . . . . . . . . . . . . . . . 5 5. Information Model . . . . . . . . . . . . . . . . . . . . . . 6 6. Relation to Other IETF/IRTF Initiatives . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 10.1. Normative References . . . . . . . . . . . . . . . . . . 6 10.2. Informative References . . . . . . . . . . . . . . . . . 7 Appendix A. Changes from draft-pedro-ite-00 . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction The increased difficulty to define management goals and policies enforced to networks and security has raised the definition of Intent-Based Networking (IBN). It abstracts the definition of those goals and policies in the form of network intents. An intent is a declarative statement to request a configuration or management for a network or security function [TS-28.312][TR-28.812]. It addresses more on "What" is needed (i.e., declarative statement) to be fulfilled than "How" it should be fulfilled (i.e., imperative statement). Martinez-Julia & Jeong Expires 6 September 2024 [Page 2] Internet-Draft Intent Translation Engine March 2024 For IBN to be properly realized, it is envisioned that many stakeholders would be involved in the translation of network intents to particular policies and configurations. Thus, there will be many components and services that would be composed to construct a solution to implement network intents. This document specifies the schemas and models required to realize the data formats and interfaces for IBN-based network management. They are needed to enable the composition of services to build a translation engine for network intents, namely Intent Translation Engine (or Intent Translator). 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Intent Translation Engine This document specifes the required data formats and interfaces that MUST be implmeented by the components of an Intent Translation Engine (ITE), that is, an Intent Translator. Therefore, this extends the Intent Classification in [RFC9316] and drives the implementation of the specifications REQUIRED to propertly classify network intents. 3.1. Iteraction Between the ITE and Network Tentants The data formats required for enabling interaction between the ITE and network tenants are as follows: * [TF1] Schema---Resource Description Framework (RDF) ontology and YANG model---that must be used to format intents introduced in the ITE. * [TF2] Schema---RDF ontology and YANG model---that must be used to format declarations of intent semantics---namely, the set of concepts, relations, and ontologies that can be present in an intent. The intefaces required for enabling interaction between the ITE and network tenants are as follows: * [TI1] Schema---RDF ontology and YANG model---that must be used by a tenant or other external entity to format and transmit an intent to the ITE. Martinez-Julia & Jeong Expires 6 September 2024 [Page 3] Internet-Draft Intent Translation Engine March 2024 * [TI2] Schema---RDF ontology and YANG model---that must be used by an ITE to publish---via NETCONF and others---the intent semantics it supports. Particularly, the set of concepts, relations, and ontologies that can be used by tenants to define input intents. This document will also specify the minimum set of semantics that must be supported by any ITE and discovered by the interactions described in this section. 3.2. Iteraction Between the ITE and Network Management Systems The data formats required for enabling interaction between the ITE and network management systems are as follows: * [MF1] Schema---RDF ontology and YANG model---that must be used by a management system to format declarations of management mechanisms and by an ITE to format their compositions. This schema and model comprehends the definitions for both management information and commands. Hence, this schema follows the definitions of [RFC9232] to specify data formats for telemetry transmission. The intefaces required for enabling interaction between the ITE and network management systems are as follows: * [MI1] Schema---RDF ontology and YANG model---that must be used by a management system to publish---via NETCONF and others---the management mechanisms it provides for being composed to implement policies and network services. This schema also follows the definitions of [RFC9232] to specify telemetry interactions. This document will also specify the minimum set of management mechanisms that must be provided by a management system for proper intent support. 3.3. Iteraction Between the ITE and VIM The data formats required for enabling interaction between the ITE and the Virtualized Infrastructure Manager (VIM) are as follows: * [VF1] Schema---RDF ontology and YANG model---that must be used to format declarations of network resources and Virtual Network Functions (VNFs). * [VF2] Schema---RDF ontology and YANG model---that must be used to format Network Service Descriptor (NSD). Martinez-Julia & Jeong Expires 6 September 2024 [Page 4] Internet-Draft Intent Translation Engine March 2024 The intefaces required for enabling interaction between the ITE and the VIM are as follows: * [VI1] Schema---RDF ontology and YANG model---that must be used by a VIM to publish---via NETCONF and others---the network resources and Virtual Network Functions (VNFs) it provides. This document will also specify the minimum set of network resources and VNFs that must be provided by a VIM for proper intent support. 3.4. Iteraction Between the ITE and External Services The data formats required for enabling interaction between the ITE and external services are as follows: * [EF1] Schema---RDF ontology and YANG model---that must be used to format declarations of networkintents, network resources, and VNFs. This schema will be used by elements that will use intents to interact with management systems, such as AINEMA [I-D.pedro-nmrg-ai-framework], which enables the ITE with Artificial Intelligence (AI) functions and which will express management decisions in terms of network intents, as shown in [TNSM-2018]. The intefaces required for enabling interaction between the ITE and external services are as follows: * [EI1] Schema---RDF ontology and YANG model---that must be used by an ITE allow external agents to provide network intents and retrieve information about available resources and VNFs. 4. Implementation Guide This document will specify an abstract algorithm that allows an ITE (i.e., intent translator) to obtain a set of network service definitions and the composition of management mechanisms that implements the required policies or rules from a set of inputs. The ITE can translate an intent into a network policy for a target network [I-D.jeong-nmrg-ibn-network-management-automation][I-D.yang-i 2nsf-security-policy-translation]. The inputs are: 1. The intent provided by the tenant or some external agent. 2. A set of management mechanisms -- retrieved from some management system available. Martinez-Julia & Jeong Expires 6 September 2024 [Page 5] Internet-Draft Intent Translation Engine March 2024 3. A set of VNFs and network resources -- retrieved from some VIM. The abstract algorithm helps obtaining validated network service definitions and management mechanism compositions which are valid for the available instantiation infrastructure. 5. Information Model TBD 6. Relation to Other IETF/IRTF Initiatives TBD 7. IANA Considerations This document does not require any IANA actions. 8. Security Considerations As with other AI mechanisms, a major security concern for the adoption of intelligent reasoning on external events to manage SDN/ NFV systems is that the boundaries of the control and management planes are crossed to introduce information from outside. Such communications MUST be highly and heavily secured since some malfunction or explicit attacks might compromise the integrity and execution of the controlled system (i.e., target entity) such as router, switch, and firewall. However, it is up to implementers to deploy the necessary countermeasures to avoid such situations. From the design point of view, since all operations are performed within the control and/or management planes, the security level of reasoning solutions is inherited and thus determined by the security measures established by the systems conforming to such planes. 9. Acknowledgments This work was supported in part by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea Ministry of Science and ICT (MSIT)(No. 2022-0-01015, Development of Candidate Element Technology for Intelligent 6G Mobile Core Network). 10. References 10.1. Normative References Martinez-Julia & Jeong Expires 6 September 2024 [Page 6] Internet-Draft Intent Translation Engine March 2024 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC9232] Song, H., Qin, F., Martinez-Julia, P., Ciavaglia, L., and A. Wang, "Network Telemetry Framework", RFC 9232, DOI 10.17487/RFC9232, May 2022, . [RFC9316] Li, C., Havel, O., Olariu, A., Martinez-Julia, P., Nobre, J., and D. Lopez, "Intent Classification", RFC 9316, DOI 10.17487/RFC9316, October 2022, . 10.2. Informative References [I-D.jeong-nmrg-ibn-network-management-automation] Jeong, J. P., Ahn, Y., Kim, Y., and J. Jung-Soo, "Intent- Based Network Management Automation in 5G Networks", Work in Progress, Internet-Draft, draft-jeong-nmrg-ibn-network- management-automation-03, 6 November 2023, . [I-D.pedro-nmrg-ai-framework] Martinez-Julia, P., Homma, S., and D. Lopez, "Artificial Intelligence Framework for Network Management", Work in Progress, Internet-Draft, draft-pedro-nmrg-ai-framework- 04, 21 October 2023, . [I-D.yang-i2nsf-security-policy-translation] Jeong, J. P., Lingga, P., and J. Yang, "Guidelines for Security Policy Translation in Interface to Network Security Functions", Work in Progress, Internet-Draft, draft-yang-i2nsf-security-policy-translation-16, 7 February 2024, . [TNSM-2018] P. Martinez-Julia, V. P. Kafle, and H. Harai, "Exploiting External Events for Resource Adaptation in Virtual Computer and Network Systems, in IEEE Transactions on Network and Service Management. Vol. 15, n. 2, pp. 555-- 566, 2018.", 2018. Martinez-Julia & Jeong Expires 6 September 2024 [Page 7] Internet-Draft Intent Translation Engine March 2024 [TR-28.812] "Study on Scenarios for Intent Driven Management Services for Mobile Networks", Available: https://portal.3gpp.org/desktopmodules/Specifications/ SpecificationDetails.aspx?specificationId=3553, December 2020. [TS-28.312] "Intent Driven Management Services for Mobile Networks", Available: https://portal.3gpp.org/desktopmodules/Specifications/ SpecificationDetails.aspx?specificationId=3554, September 2023. Appendix A. Changes from draft-pedro-ite-00 The following changes are made from draft-pedro-ite-00: * An intent is clearly defined as a declarative statement for a specific goal for a target network with new references. * Intent Translation Engine is also called Intent Translator. * The contents are clarified and typos are corrected. Authors' Addresses Pedro Martinez-Julia (editor) NICT 4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795 Japan Phone: +81 42 327 7293 Email: pedro@nict.go.jp Jaehoon Paul Jeong (editor) Department of Computer Science and Engineering Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea Phone: +82 31 299 4957 Email: pauljeong@skku.edu URI: http://iotlab.skku.edu/people-jaehoon-jeong.php Martinez-Julia & Jeong Expires 6 September 2024 [Page 8]