1、INTERNATIONAL TELECOMMUNICATION UNION ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU M.3208.3 (02/2 O0 O) SERIES M: TMN AND NETWORK MAINTENANCE: INTERNATIONAL TRANSMISSION SYSTEMS, TELEPHONE CIRCUITS, TELEGRAPHY, FACSIMILE AND LEASED CIRCUITS Telecommunications management network TMN manageme
2、nt services for dedicated and reconfigurable circuits network: Virtual private network service ITU-T Recommendation M.3208.3 (Formerly CCITT Recommendation) STD-ITU-T RECMN M.3208=3-ENGL 2000 4862573 Ob88748 TBh ITU-T M-SERIES RECOMMENDATIONS TMN AND NETWORK MAINTENANCE: INTERNATIONAL TRANSMISSION S
3、YSTEMS, TELEPHONE CIRCUITS, TELEGRAPHY, FACSIMILE AND LEASED CIRCUITS Introduction and general principles of maintenance and maintenance organization International transmission systems Intemational telephone circuits Common channel signalling systems International telegraph systems and phototelegrap
4、h transmission Intemational leased group and supergroup links International leased circuits Mobile telecommunication systems and services International public telephone network International data transmission systems Designations and information exchange International transport network M.lgM.299 M.3
5、00-M.559 M.560-M.759 M.760-M.799 M.800-M.899 M.900-M.999 M.1000-M. 1099 M. 1100-M. 1 199 M.1200-M. 1299 M. 1300-M. 1399 M. 1400-M. 1999 M.200gM.2999 Integrated services digital networks Common channel signalling systems M.3600-M.3999 M.4000-M.4999 For further details, please refer to the list of ITU
6、-TRecommendations. STD-ITU-T RECMN fl-3208.3-ENGL 2000 = 4862573 0688949 932 ITU-T Recommendation M.3208.3 TMN management services for dedicated and reconfigurable circuits network: Virtual private network service Summary This ITU-T Recommendation is one of the series of M.3200 TMN management servic
7、e Recommendations that provides descriptions of management services, goals and context for the Dedicated and Reconfigurable Circuits Network. Its main focus is on the Virtual Private Network (VPN) service management. This ITU-T Recommendation is based on ITU-T Recommendation M.3208.1 and adds new fu
8、nction sets to support the VPN services. Source ITU-T Recommendation M.3208.3 was prepared by ITU-T Study Group 4 (1997-2000) and approved under the WTSC Resolution 1 procedure on 4 February 2000. Keywords Dedicated and reconfigurable circuits network, leased circuit services, leased circuits, Telec
9、ommunications Management Network (TMN), TMN management service, Virtual Private Network (VPN), VPN service FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is
10、 a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Conference (WTSC), which meets every four years
11、, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of -T Recommendations is covered by the procedure laid down in WTSC Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary
12、 standards are prepared on a collaborative basis with IS0 and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possi
13、bility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the R
14、ecommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest informa
15、tion and are therefore strongly urged to consult the TSB patent database. o m 2001 All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the ITU. S
16、TD-ITU-T RECNN Re3208-3-ENGL 2000 4862571 Ob88qS 570 = CONTENTS Page 1 Scope 1 2 References 1 3 Definitions 2 3.1 Service related definitions 2 2 3.3 Role related definitions . 4 Abbreviations . 2 5 Conventions used in this ITU-T Recommendation 3 6 VPN service security 3 7 Customer network managemen
17、t service . 7.1 Management service description 7.2 Management Goals . High level service customer requirements for VPN service management Relationship with ITU-T Recommendations M.3208.1 and M.3208.2 7.3 Management context description 7.3.1 Roles 7.3.2 Telecommunications services and resources . 7.3
18、.3 Management functions 7.2.1 7.2.2 . 8 Management scenarios 19 9 Architecture 19 9.1 Functional architecture 19 9.2 Physical architecture 19 . . Appendix I - UML use case diagrams to illustrate VPN service provision functions 19 I. 1 Introduction 19 1.2 Use cases 19 19 1.2.1 Service provision use c
19、ase . 1.2.2 VPN service configuration function set use case 20 1.2.3 VPN service status administration function set use case 21 1.2.4 VPN leased circuit service administration function set use case 21 1.2.5 VPN leased circuit service status administration function set use case 22 Appendix II - UML s
20、equence diagrams to illustrate VPN management scenarios 22 11.1 Introduction 22 11.2 UML class diagrams 22 11.2.1 UML class diagrams for modelling agent functionality. . 22 . 11.2.2 UML class diagrams for VPN and LCS 23 STD-ITU-T RECMN M-3208.3-ENGL 2000 4862591 Oh88952 403 W 11.3 UML sequence diagr
21、ams to illustrate scenarios . 24 11.3.1 Relevant scenarios for creating VPN LCS(s) in a VPN 24 11.3.2 Sequence diagrams for management scenarios . 27 Page STB=ITU-T RECMN M.3208.3-ENGL 2000 D 4862573 0688753 343 M ITU-T Recommendation M.3208.3 TMN management services for dedicated and reconfigurable
22、 circuits network: Virtual private network service 1 Scope This ITU-T Recommendation describes a subset of TMN management services for Dedicated and Reconfigurable Circuits network identified in ITU-T Recommendation M.3200 as a TMN managed area. Its main focus is on the VPN service management. These
23、 management services may also be applicable for interactions between management systems of different service providers or within a service provider. TMN management services in this ITU-T Recommendation specify interface requirements between operation systems (OS) to perfom customer network managemen
24、t of VPN service. The interfaces addressed by the TMN management services in this ITU-T Recommendation are applicable to both the Xinterface and the 43 interface. Support for the services described in this ITU-T Recommendation are at the discretion of the Service Provider. The TMN management service
25、s in this ITU-T Recommendation are described using the GDMS template contained in ITU-T Recommendation M.3020 and build on the management services defined in ITU-T Recommendations M.3208.1 and M.3208.2. 2 References The following ITU-T Recommendations and other references contain provisions which, t
26、hrough reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; all users of this Recommendation are therefore encouraged to investigate the possibility of ap
27、plying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. - ITU-T Recommendation M.301 O (2000), Principles for a Telecommunications Management Network. - ITU-T Recommendation M.3020 (2000), TM
28、N Interface SpeciJcation Methodology. - ITU-T Recommendation M.3200 (1 997), TMN management services und telecommunications managed areas: Overview. ITU-T Recommendation M.3208.1 (1997), TMN management services for dedicated and reconfigurable circuits network: Leased circuit services. ITU-T Recomme
29、ndation M.3208.2 (1 999), TMN management services for dedicated and reconjgurable circuits network: Connection management of pre-provisioned service link connections to form a leased circuit service. ITU-T Recommendation M.3320 (1 997), Management requirements framework for the TMN X-In terface. ITU
30、-T Recommendation M.3400 (2000), TMNManagement Functions. networks. - - - - - ITU-T Recommendation G.805 (2000), Generic functional architecture of transport 3.1 Service related definitions This ITU-T Recommendation makes use of the following terms defined in ITU-T Recommendation M.3208.1: layer net
31、work; leased circuit service; network operator; reconfigurable leased circuit service; service access group; service access point; service characteristic; service customer; service provider; contract. This ITU-T Recommendation defines the following terms: virtual private network: A Virtual Private N
32、etwork is a collection of service access groups that form a private network for reconfigurable leased circuit services. Any service access point can be connected to any other service access point in the Virtual Private Network. NOTE-For the purpose of this ITU-T Recommendation, loopback within a ser
33、vice access group is undefined. 3.2.2 VPN service: A VPN service is a telecommunications service that provides for the transmission of information between two or more service access points in a layer network. These service access points are connected by the VPN leased circuits and included in the se
34、rvice access groups that compose the VI“. 3.3 Role related definitions This ITU-T Recommendation makes use of the following roles defined in ITU-T Recommendation M.3208.1: - service customer; - service provider. 4 Abbreviations This ITU-T Recommendation uses the following abbreviations: ATM Asynchro
35、nous Transfer Mode GDMS LCS Leased Circuit Services NE Network Element NML Network Management Layer SAD Service Access Domain SAG Service Access Group SAP Service Access Point Guidelines for the Definition of TMN Management Services - STD-ITU-T RECMN M.3208.3-ENGL 2000 W 4Bb259L Ob88955 LLb = sc Ser
36、vice Customer SML Service Management Layer SP Service Provider TMN Telecommunications Management Network VPN Virtual Private Network 5 Legend for the tables: Conventions used in this ITU-T Recommendation Mandatory. The SP must provide the same value in the response as provided in the request by the
37、SC. Optional, subject to definition according to the Service Level Agreement or Contract between the SC and SP, i.e. a parameter listed as optional may be made mandatory by the Contract. Return of the value by the SP is optional; however, if the SP elects to return the value, it must be the same val
38、ue supplied by the SC in the request. SP is not allowed to alter this field. Conditional parameter, definition of the condition will be specified in the notes column. A numeric suffix is used to enable reuse of the conditional statements. If the value is provided in the request by the SC, the SP mus
39、t provide the same value in the response. A dash implies that the parameter is not applicable. VPN service security The VPN service is defined between a single SC and SP. Several security services1 are needed to assure the proper functioning of VE“ management: a) Peer entity authentication and data
40、origin authentication are needed to prevent attacks and uniquely identify the SC. b) Integrity is needed to prevent unauthorized modification of data in transit. c) Access control is needed to assure that one Service Customer does not gain access, maliciously or accidentally, to other customers data
41、. The SP may use the authenticated identity of the SC to provide access control. The following requirements are optional: d) e) Confidentiality may be needed if private information is being exchanged. This security service may not be needed for all VPN management messages. Non-repudiation of origin
42、may be needed, e.g. when a SC requests a service that may cause the service provider to invest labour and/or materials. This security service may not be needed for all VPN management messages. Non-repudiation of delivery may be needed, e.g. when a SC reports a problem. This security service may not
43、be needed for all VPN management messages. I) 1 Note that a “service“ in this context is not a management service. The term “security service“ is used as in ITU-T Recommendation X.800. STD-ITU-T RECMN M.3208.3-ENGL 2000 E 4862591 0688956 052 E In addition, security management functions, as per ITU-T
44、 Recommendation M.3400, are needed to manage the security-related information needed to support the security services described above. The exact nature of the security management functions depends on the selection of security mechanisms used to provide the security services. Security management is o
45、utside the scope of this ITU-T Recommendation. 7 Customer network management service 7.1 Management service description This management service addresses the management interLace between the SP domain and the SC domain. It is based on an abstract view of the resources underlying a particular service
46、, a view that shields the service user from knowledge of the specific technical implementation that supports the service. Management capabilities described by these management service enables customers to configure and to reconfigure their VPN services. Possible interactions between TMN management r
47、oles are given in Figures 1N.3208.1 and 2N.3208.1. 7.2 Management Goals The goal of this management service is to provide the SC with the capability to request, modify, or delete a VPN service. In addition, the SP is given a mechanism to keep the SC informed on the status of hisher VPN services. 7.2
48、.1 High level service customer requirements for VPN service management 1) A TMN Service Management Layer X interface is required so that SCs can create VPN LCSs without a detailed knowledge of the SPs network elements and network topology. 2) The secure use of VPN service requires that unauthorized
49、users cannot affect the management of VPN services. 7.2.2 The relationship with ITU-T Recommendations M.3208.1 and M.3208.2 includes the following concepts: 1) The service access domain configuration function set in ITU-T Recommendation M.3208.1 is modified for VPN configuration. 2) The VPN service configuration function set involves modifying VPN service (new function introduced in this ITU-T Recommendation). 3) Creating a VPN LCS is an instantaneous service. Consequently, there is no need for the concept of a service request, the associated state model and th
