ITU-T Y 2215-2009 Requirements and framework for the support of VPN services in NGN including the mobile environment (Study Group 13)《在下一代网络(NGN)环境中 包括移动网络环境中 支持虚拟专用网络(VPN)业务的框架需求》.pdf

1、 International Telecommunication Union ITU-T Y.2215TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2009) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Service aspects: Service capabilities and service architecture Req

2、uirements and framework for the support of VPN services in NGN, including the mobile environment Recommendation ITU-T Y.2215 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 S

3、ervices, applications and middleware Y.200Y.299 Network aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 S

4、ervices and applications Y.1100Y.1199 Architecture, access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.179

5、9 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of serv

6、ices and networks in NGN Y.2250Y.2299 Numbering, naming and addressing Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Future networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 Carrier grade open environment Y.2900Y.299

7、9 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Y.2215 (06/2009) i Recommendation ITU-T Y.2215 Requirements and framework for the support of VPN services in NGN, including the mobile environment Summary Recommendation ITU-T Y.2215 specifies service requirements a

8、nd framework for the support of VPN services in NGN, including the mobile environment. Source Recommendation ITU-T Y.2215 was approved on 29 June 2009 by ITU-T Study Group 13 (2009-2012) under Recommendation ITU-T A.8 procedures. Keywords Functions, mobile, next generation network, service requireme

9、nts, virtual private network. ii Rec. ITU-T Y.2215 (06/2009) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-

10、T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four ye

11、ars, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the nec

12、essary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. Howev

13、er, the Recommendation may contain certain mandatory provisions (to ensure e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative e

14、quivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of

15、a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU

16、 had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu

17、.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Y.2215 (06/2009) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined

18、in this Recommendation. 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 Introduction 3 7 Service requirements 4 7.1 General requirements 4 7.2 Configuration management 4 7.3 Service level agreements and quality of service. 5 7.4 Security. 5 7.5 Fault management 5 7.6 Performance management 6 7.7

19、Accounting . 6 7.8 Mobility 6 7.9 Multicast. 6 8 VPN framework architecture 6 8.1 VPN functions at the service stratum . 7 8.2 VPN functions at the transport stratum 8 8.3 VPN end-user functions . 9 8.4 VPN management functions. 9 9 Security. 9 Appendix I Scenarios of VPN services in NGN, including

20、the mobile environment. 10 I.1 Virtual corporate office 10 I.2 Personal end-to-end VPN. 11 I.3 Community-based VPN 12 Bibliography 14 Rec. ITU-T Y.2215 (06/2009) 1 Recommendation ITU-T Y.2215 Requirements and framework for the support of VPN services in NGN, including the mobile environment 1 Scope

21、This Recommendation identifies service requirements and functional framework for the support of VPN services in NGN, including the mobile environment. The provision of VPN services in NGN, including the mobile environment, covers the support of mobility management functions across different fixed an

22、d wireless network domains as well as at different network levels including intra-access network, inter-access network, and inter-network levels ITU-T Q.1706. This includes mobility support at the NGN service stratum and the NGN transport stratum b-ITU-T Y.2011. The detailed definition of mobility m

23、anagement-related functions and architecture is outside the scope of this Recommendation. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the edit

24、ions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently vali

25、d ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Q.1706 Recommendation ITU-T Q.1706/Y.2801 (2006), Mobility management requirements for NGN. ITU-T Y.1311 Recommend

26、ation ITU-T Y.1311 (2002), Networked-based VPNs Generic architecture and service requirements. ITU-T Y.2012 Recommendation ITU-T Y.2012 (2006), Functional requirements and architecture of the NGN release 1. ITU-T Y.2201 Recommendation ITU-T Y.2201 (2007), NGN release 1 requirements. ITU-T Y.2236 Rec

27、ommendation ITU-T Y.2236 (2009), Framework for NGN support of multicast-based services. ITU-T Y.2701 Recommendation ITU-T Y.2701 (2007), Security requirements for NGN release 1. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 access con

28、trol b-ITU-T X.800: The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. 3.1.2 access network b-ITU-T Q.1742.1: Network that connects access technologies (such as a Radio Access Network) to the core network. 2 Rec. ITU-T Y.2215 (0

29、6/2009) 3.1.3 accounting b-ITU-T Y.2233: The process of collecting and analysing NGN service and NGN resource usage metrics for the purposes of capacity and trend analysis, cost allocation, auditing, and billing, etc. Accounting management requires that resource consumption be measured, rated, assig

30、ned, and communicated between appropriate business entities. 3.1.4 billing b-ITU-T Y.2233: The process after rating in which the NGN transactions of NGN event usage are compiled and bills are produced. 3.1.5 charging b-ITU-T Y.2233: Function within the NGN network and the associated OCS/BD component

31、s whereby information related to a chargeable event is collected, formatted, transferred and evaluated in order to make it possible to determine usage for which the charged party may be billed (offline charging) or the subscribers account balance may be debited (online charging). 3.1.6 mobility ITU-

32、T Q.1706: The ability for the user or other mobile entities to communicate and access services irrespective of changes of the location or technical environment. 3.1.7 mobility management ITU-T Q.1706: The set of functions used to provide mobility. These functions include authentication, authorizatio

33、n, location updating, paging, download of user information and more. 3.1.8 personal mobility ITU-T Q.1706 and ITU-T Y.2201: This is the mobility for those scenarios where the user changes the terminal used for network access at different locations. The ability of a user to access telecommunication s

34、ervices at any terminal on the basis of a personal identifier, and the capability of the network to provide those services delineated in the users service profile. 3.1.9 quality of service (QoS) b-ITU-T G.1000: The collective effect of service performances, which determine the degree of satisfaction

35、 of a user of the service. 3.1.10 service continuity ITU-T Y.2201: The ability for a moving object to maintain ongoing service over including current states, such as users network environment and session for a service. 3.1.11 service level agreement b-ITU-T G.8081: A contract between two parties suc

36、h as a service provider and a customer. It defines the services available to the customer, and the grade of service of those services as offered to the customer. It also usually describes the service guarantee and potential penalties in case of service degradation or failure. 3.1.12 terminal mobilit

37、y ITU-T Q.1706 and ITU-T Y.2201: This is the mobility for those scenarios where the same terminal equipment is moving or is used at different locations. The ability of a terminal to access telecommunication services from different locations and while in motion, and the capability of the network to i

38、dentify and locate that terminal. 3.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 virtual private network (VPN): A VPN is a communication network, built over public and/or private network resources, used to support controlled and secure communications w

39、ithin a group of users as if they were on a private network. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations: ANI Application-to-Network Interface CE Customer Equipment CPE Customer Premises Equipment Rec. ITU-T Y.2215 (06/2009) 3 GRE Generic Routing Encapsulation G

40、TP GPRS Tunnelling Protocol IGMP Internet Group Management Protocol IKE Internet Key Exchange IMS IP Multimedia Subsystem IP Internet Protocol L2TP L2 Tunnelling Protocol LAN Local Area Network mGRE multipoint Generic Routing Encapsulation MPLS MultiProtocol Label Switching NACF Network Attachment C

41、ontrol Functions NGN Next Generation Network NNI Network-to-Network Interface PD-FE Policy Decision Functional Entity PE Provider Equipment PE-FE Policy Enforcement Functional Entity QoS Quality of Service RACF Resource and Admission Control Functions SA Security Association SCF Service Control Func

42、tions SLA Service Level Agreement TRC-FE Transport Resource Control Functional Entity UNI User-to-Network Interface VPN Virtual Private Network 5 Conventions None. 6 Introduction The support of virtual private network (VPN) services in NGN including mobile environment allows multipoint controlled an

43、d secured communication services using NGN resources for the exchange of multimedia streams within a group of service users. Types of VPN services in NGN include: Site-to-site VPNs that link branch offices, suppliers, partners, customers, and communities of interest; Access VPNs that accommodate mob

44、ile workers and telecommuters allowing them to securely access their corporate network from outside the office; Multiservice VPNs that support multimedia communications with end-to-end QoS provision. 4 Rec. ITU-T Y.2215 (06/2009) Appendix I provides scenarios for enhanced applications and services s

45、upported via the use of VPN services. This Recommendation builds upon the NGN capabilities specified in ITU-T Y.2201. 7 Service requirements This clause addresses the requirements for VPN services when provided in NGN, including the mobile environment. 7.1 General requirements For the support of VPN

46、 services ITU-T Y.1311, NGN is required to provide: support for fixed and mobile users; means for users to specify VPN membership; accommodation of user-defined VPN addressing schemes; transparency to user data; means for single customer site to belong concurrently to more than one VPN; provision of

47、 arbitrary user-defined VPN topologies (ranging, for example, from hub-and-spoke, partial mesh to full mesh); provision for multiprotocol support; provision of multi-homed user sites; provision of standards-based interfaces (independent of users device supplier); support for wide range of routing pr

48、otocols between CE and PE routers ITU-T Y.1311; means to support a variety of users traffic (QoS) requirements as defined by the user, or negotiated/renegotiated (e.g., between the user and the provider); means to support different modes of communication: one-to-one, one-to-many, many-to-one and man

49、y-to-many; means to offer, support and maintain agreed levels of service (e.g., via service level agreements); means to meet users security requirements (e.g., in terms of different security levels); provision of VPN members with secure dynamic access to VPN (e.g., via dial-up); provision of appropriate VPN management services in the areas of configuration, SLAs and QoS, security, fault, performance, accounting, mobility and multicast; accommodation for grow