ETSI GR NFV-IFA 028-2018 Network Functions Virtualisation (NFV) Release 3 Management and Orchestration Report on architecture options to support multiple administrative domains (V3.pdf

1、 ETSI GR NFV-IFA 028 V3.1.1 (2018-01) Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Report on architecture options to support multiple administrative domains Disclaimer The present document has been produced and approved by the Network Functions Virtualisation (NFV)

2、 ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP REPORT ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 2 Reference DGR/NFV-IFA028 Keywords architecture, managem

3、ent, MANO, NFV, orchestration ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present docum

4、ent can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In cas

5、e of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the docume

6、nt may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/por

7、tal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modif

8、ied without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks

9、 of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 3 Contents Intellectual Prop

10、erty Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Overview 7g34.1 Introduction 7g34.2 Multi-domain operation 8g35 Use case ana

11、lysis: NFVI as a Service (NFVIaaS) 9g35.1 Use case description . 9g35.2 Potential architecture options . 11g35.2.1 Overview 11g35.2.2 Architecture option 1.a: Multiple logical points of contact, VNF related resource management in direct mode . 12g35.2.3 Architecture option 1.b: Multiple logical poin

12、ts of contact, VNF related resource management in indirect mode 13g35.2.4 Architecture option 2.a: Single logical point of contact, VNF related resource management in direct mode . 15g35.2.5 Architecture option 2.b: Single logical point of contact, VNF related resource management in indirect mode 17

13、g35.2.6 Summary of the differences of the NFVIaaS architecture options . 19g35.2.7 Integration of MLPOC and SLPOC into NFV-MANO functional blocks 20g35.3 Enhancements to NFV-MANO architecture 23g36 Use case analysis: Network Services provided using multiple administrative domains 24g36.1 Use case de

14、scription . 24g36.2 Potential architecture options . 26g36.2.1 NFVO roles . 26g36.2.2 Architecture option proposal. 26g36.3 Enhancements to NFV-MANO architecture 27g37 Conclusions and recommendations 29g37.1 Conclusions 29g37.2 Recommendations 31g37.3 Information exchange between administrative doma

15、ins 34g37.4 Recommendations related to security . 35g3Annex A: Operational Flows . 36g3A.1 Operational Flows for Network Services provided using multiple administrative domains 36g3A.1.0 Introduction 36g3A.1.1 Composite NSD on-boarding flow . 36g3A.1.2a Top-down Composite NS instantiation 38g3A.1.2b

16、 Composite NS instantiation in sharing scenario . 40g3A.1.3a Composite NS scaling 42g3A.1.3b Composite NS scaling in sharing scenario . 43g3A.1.4 Composite NS termination . 44g3A.1.5 Bottom-up Composite NS instantiation 45g3A.1.6 Granting nested NS lifecycle operation 48g3A.1.7a Composite NS healing

17、 49g3ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 4 A.1.7b Composite NS heal in sharing scenario 50g3A.1.8 Composite NS update . 50g3Annex B: Pro forma of Security and Regulatory Concerns for use in ETSI ISG NFV GSs . 53g3B.1 Risk analysis and assessment . 53g3Annex C: Authors Essential, or potentially

18、 Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guara

19、ntee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or reg

20、istered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of prod

21、ucts, services or organizations associated with those trademarks. Foreword This Group Report (GR) has been produced by ETSI Industry Specification Group (ISG) Network Functions Virtualisation (NFV). Modal verbs terminology In the present document “should“, “should not“, “may“, “need not“, “will“, “w

22、ill not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 6 1 Scop

23、e The present document reports on potential architecture options to support the offering of NFV-MANO services across multiple administrative domains. A set of use cases is described and analysed. The use case analysis includes: Interactions between functional blocks belonging to different administra

24、tive domains. Identification of the need for extensions and/or enhancements to NFV-MANO architecture to fulfil the use cases. Recommendations for normative work are identified. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative refe

25、rences References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. N

26、OTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.

27、 i.1 ETSI GS NFV 001 (V1.1.1): “Network Functions Virtualisation (NFV); Use Cases“. i.2 ETSI GS NFV 003: “Network Functions Virtualisation (NFV); Terminology for main concepts in NFV“. i.3 ETSI GS NFV-MAN 001: “Network Functions Virtualisation (NFV); Management and Orchestration“. i.4 ETSI GS NFV-IF

28、A 005: “Network Functions Virtualisation (NFV); Management and Orchestration; Or-Vi reference point - Interface and Information Model Specification“. i.5 ETSI GS NFV-IFA 006: “Network Functions Virtualisation (NFV); Management and Orchestration; Vi-Vnfm reference point - Interface and Information Mo

29、del Specification“. i.6 ETSI GS NFV-IFA 007: “Network Functions Virtualisation (NFV); Management and Orchestration; Or-Vnfm reference point - Interface and Information Model Specification“. i.7 ETSI GS NFV-IFA 010: “Network Functions Virtualisation (NFV); Management and Orchestration; Functional Req

30、uirements Specification“. i.8 ETSI GS NFV-IFA 012: “Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Os-Ma-Nfvo reference point - Application and Service Management Interface and Information Model Specification“. i.9 ETSI GS NFV-IFA 013: “Network Functions Virtualisati

31、on (NFV); Management and Orchestration; Os-Ma-Nfvo reference point - Interface and Information Model Specification“. ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 7 i.10 ETSI GR NFV-IFA 022: “Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Report on Management and Connect

32、ivity for Multi-Site Services“. i.11 ETSI GR NFV-IFA 021: “Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Report on management of NFV-MANO and automated deployment of EM and other OSS functions“. i.12 ETSI GS NFV-IFA 026: “Network Functions Virtualisation (NFV) Relea

33、se 3; Management and Orchestration; Architecture enhancement for Security Management Specification“. i.13 ETSI GS NFV-IFA 027: “Network Functions Virtualisation (NFV) Release 2; Management and Orchestration; Performance Measurements Specification“. i.14 ETSI GS NFV-SEC 004 (V1.1.1): “Network Functio

34、ns Virtualisation (NFV); NFV Security; Privacy and Regulation; Report on Lawful Interception Implications“. i.15 ETSI GS NFV-SEC 010 (V1.1.1): “Network Functions Virtualisation (NFV); NFV Security; Report on Retained Data problem statement and requirements“. i.16 ETSI TS 102 165-1: “CYBER; Methods a

35、nd protocols; Part 1: Method and pro forma for Threat, Vulnerability, Risk Analysis (TVRA)“. i.17 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms a

36、nd definitions given in ETSI GS NFV 003 i.2 apply. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI GS NFV 003 i.2 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any

37、, in ETSI GS NFV 003 i.2. LCM LifeCycle Management MLPOC Multiple Logical Points Of Contact NFVIaaS NFVI as a Service SLPOC Single Logical Point Of Contact 4 Overview 4.1 Introduction NFV-MANO services can be offered and consumed by different organizations, e.g. by different network operators or by

38、different departments within the same network operator. Administrative domains as defined in ETSI GS NFV-IFA 010 i.7 can be mapped to such different organizations. Examples of use cases for NFV-MANO service offerings across multiple administrative domains are described in ETSI GS NFV 001 i.1, e.g. N

39、FVI as a Service (NFVIaaS) in which a service provider is able to run VNF instances inside an NFVI which is operated by a different service provider. Another use case example is Network Services (NS) offered by multiple administrative domains, in which an organization uses NS(s) offered by another o

40、rganization, e.g. by a different network operator. This use case utilizes the concept of composite NS and nested NSs, as documented in ETSI GS NFV-IFA 012 i.8. ETSI ETSI GR NFV-IFA 028 V3.1.1 (2018-01) 8 Although the concept of administrative domains has already been described in ETSI GS NFV-MAN 001

41、 i.3, a more detailed study is required to identify, clarify and document the implications for the NFV-MANO architectural framework in order to support the offering of NFV-MANO services across multiple administrative domains. Based on use cases, the present document analyses architecture options to

42、support such NFV-MANO services offerings. Several architectural options can exist for a particular use case. Implications to NS lifecycle management, VNF lifecycle management, and resource management for the different architecture options are studied and described, where applicable for a particular

43、use case. Simplified operational flows of the main operations for the different architecture options are documented when necessary in order to illustrate the different architectural options. The study follows the guiding principles given below: Backwards compatibility with the existing NFV-MANO arch

44、itectural framework is ensured. Existing NFV-MANO reference points and interfaces are reused as far as possible. The following use cases are analysed in the present document: NFVIaaS. Network Services provided using multiple administrative domains. The present document provides recommendations for e

45、nhancements of the NFV-MANO architecture framework resulting from the use case analysis. 4.2 Multi-domain operation There are different options to enable the multi-domain operation as described in the present document. This basically defines how the providers become logically interconnected. The int

46、erconnection of administrative domains implies that some information is to be shared, like the IP address of the distinct functional blocks to be interconnected, the identifier of administrative domains to be interconnected, the administrative organization they pertain to, etc. The options are: i) C

47、onfiguration driven. In this option, the different functional blocks to be interconnected are statically configured with the necessary information to form the relation with the other parties. ii) Auto-discovery. In this option, the different functional blocks advertise their own information and prep

48、are the information to be used to form the relation. This form of interconnection assumes the implementation of a discovery mechanism in the NFV-MANO functional blocks. All the options described before have security implications that have to be taken into account for the interaction between NFV-MANO

49、 functional blocks of different administrative domains. Security aspects are studied in ETSI GS NFV-IFA 026 i.12. In a general way, the logical interconnection among administrative domains assumes that the sessions established between NFV-MANO functional blocks counterparts can be maintained in order to ensure proper operation, e.g. by means of keep alive messages or any other mechanisms helpful to detect problems in the entities connected across administrative domains. Furthermore, the functional blocks detecting