1、 International Telecommunication Union ITU-T Y.2811TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (07/2012) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Generalized mobility Framework of the mobile virtual private netwo
2、rk service in next generation networks Recommendation ITU-T Y.2811 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Network as
3、pects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture, access
4、, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GE
5、NERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Numbering, naming an
6、d addressing Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899Carrier grade open environment Y.2900Y.2999 FUTURE NETWORKS Y.3000Y.3499 CLOUD COMPUTING Y.3500
7、Y.3999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Y.2811 (07/2012) i Recommendation ITU-T Y.2811 Framework of the mobile virtual private network service in next generation networks Summary Recommendation ITU-T Y.2811 describes the functional architecture of th
8、e mobile virtual private network (VPN) service based on the host-based mobility framework in next generation networks (NGNs), and defines the corresponding reference points. This Recommendation focuses on remote access VPNs and community-based VPNs where mobile user equipment (MUE) is directly invol
9、ved. The high-level mobile VPN service procedures on the functional architecture are also described. History Edition Recommendation Approval Study Group 1.0 ITU-T Y.2811 2012-07-29 13 Keywords Mobile VPN, NGN. ii Rec. ITU-T Y.2811 (07/2012) FOREWORD The International Telecommunication Union (ITU) is
10、 the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing
11、Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics.
12、 The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Ad
13、ministration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and
14、 compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommenda
15、tion is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of clai
16、med Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recomm
17、endation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever,
18、without the prior written permission of ITU. Rec. ITU-T Y.2811 (07/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 3 4 Abbreviations and acronyms 3 5 Conventions 4 6 Requirements 4 7 Mobile VPN archit
19、ecture 4 7.1 High level functions . 4 7.2 Functional architecture . 7 7.3 Reference points . 10 8 High-level mobile VPN procedures 12 8.1 VPN service registration/de-registration 12 8.2 QoS provisioning and enforcement for VPN tunnel 12 8.3 Initial network attachment 12 8.4 Handover 14 9 Security co
20、nsiderations . 15 Appendix I Use case of mobile VPN based on the IP-based mobility protocol . 16 I.1 Secure tunnel set up 16 I.2 Mobility 18 Appendix II Use case of mobile VPN based on MOBIKE . 20 II.1 VPN service registration/de-registration procedure . 20 II.2 VPN tunnel QoS provisioning 20 II.3 I
21、nitial attachment procedure . 21 II.4 Handover procedure . 21 Bibliography. 22 Rec. ITU-T Y.2811 (07/2012) 1 Recommendation ITU-T Y.2811 Framework of the mobile virtual private network service in next generation networks 1 Scope There are several types of virtual private network (VPN) services such
22、as remote access VPN (or client-to-server VPN), site-to-site VPN, community-based VPN, etc. This Recommendation focuses on the mobile VPN framework in NGN based on the host-based mobility framework in which mobile UEs are directly involved in the VPN. The mobile VPN framework is based on the mobilit
23、y-related ITU-T Recommendations ITU-T Q.1706, ITU-T Q.1707, ITU-T Q.1708, ITU-T Q.1709 and ITU-T Y.2018, as well as on the VPN requirements described in ITU-T Y.2215. This Recommendation covers the following: requirements of mobile VPN; mobile VPN architecture in terms of high-level functions, funct
24、ional architecture and reference points; high-level mobile VPN procedures based on host-based mobility. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publica
25、tion, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the
26、currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T G.1000 Recommendation ITU-T G.1000 (2001), Communications Quality of Service: A framework and defini
27、tions. ITU-T M.1400 Recommendation ITU-T M.1400 (2006), Designations for interconnections among operators networks. ITU-T Q.1706 Recommendation ITU-T Q.1706/Y.2801 (2006), Mobility management requirements for NGN. ITU-T Q.1707 Recommendation ITU-T Q.1707/Y.2804 (2008), Generic framework of mobility
28、management for next generation networks. ITU-T Q.1708 Recommendation ITU-T Q.1708/Y.2805 (2008), Framework of location management forNGN. ITU-T Q.1709 Recommendation ITU-T Q.1709/Y.2806 (2008), Framework of handover control forNGN. ITU-T X.1035 Recommendation ITU-T X.1035 (2007), Password-authentica
29、ted key exchange (PAK) protocol. ITU-T Y.101 Recommendation ITU-T Y.101 (2000), Global Information Infrastructure terminology: Terms and definitions. ITU-T Y.2001 Recommendation ITU-T Y.2001 (2004), General overview of NGN. ITU-T Y.2011 Recommendation ITU-T Y.2011 (2004), General principles and gene
30、ral reference model for Next Generation Networks. 2 Rec. ITU-T Y.2811 (07/2012) ITU-T Y.2012 Recommendation ITU-T Y.2012 (2006), Functional requirements and architecture of the NGN release 1. ITU-T Y.2014 Recommendation ITU-T Y.2014 (2008), Network attachment control functions in next generation net
31、works. ITU-T Y.2018 Recommendation ITU-T Y.2018 (2009), Mobility management and control framework and architecture within the NGN transport stratum. ITU-T Y.2091 Recommendation ITU-T Y.2091 (2007), Terms and definitions for Next Generation Networks. ITU-T Y.2111 Recommendation ITU-T Y.2111 (2006), R
32、esource and admission control functions in Next generation Networks. ITU-T Y.2215 Recommendation ITU-T Y.2215 (2009), Requirements and framework for the support of VPN services in NGN, including the mobile environment. ITU-T Y.2701 Recommendation ITU-T Y.2701 (2007), Security requirements for NGN re
33、lease 1. ITU-T Y.2702 Recommendation ITU-T Y.2702 (2008), Authentication and authorization requirements for NGN release 1. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 application ITU-T Y.101: A structured set of capabilities, which
34、provide value-added functionality supported by one or more services. 3.1.2 functional architecture ITU-T Y.2012: A set of functional entities and the reference points between them used to describe the structure of an NGN. These functional entities are separated by reference points, and thus, they de
35、fine the distribution of functions. NOTE The functional entities can be used to describe a set of reference configurations. These reference configurations identify which reference points are visible at the boundaries of equipment implementations and between administrative domains. 3.1.3 functional e
36、ntity ITU-T Y.2012: An entity that comprises an indivisible set of specific functions. Functional entities are logical concepts, while groupings of functional entities are used to describe practical, physical implementations. 3.1.4 host-based mobility management ITU-T Q.1707: A mobility management s
37、cheme in which the MM signalling is performed based on (or controlled by) the user equipment (UE). 3.1.5 mobility ITU-T Q.1706: The ability for the user or other mobile entities to communicate and access services irrespective of changes of the location or technical environment. 3.1.6 next generation
38、 network (NGN) ITU-T Y.2001: A packet-based network able to provide telecommunication services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It enables unfettered a
39、ccess for users to networks and to competing service providers and/or services of their choice. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users. 3.1.7 quality of service (QoS) ITU-T G.1000: The collective effect of service performances, whic
40、h determine the degree of satisfaction of a user of the service. Rec. ITU-T Y.2811 (07/2012) 3 3.1.8 service stratum ITU-T Y.2011: That part of the NGN which provides the user functions that transfer service-related data and the functions that control and manage service resources and network service
41、s to enable user services and applications (see also clause 7.1 of ITU-T Y.2011). 3.1.9 service ITU-T Y.2091: A set of functions and facilities offered to a user by a provider. 3.1.10 service provider ITU-T M.1400: A general reference to an operator that provides telecommunication services to custom
42、ers and other users either on a tariff or contract basis. A service provider may or may not operate a network. A service provider may or may not be a customer of another service provider. 3.1.11 transport stratum ITU-T Y.2011: That part of the NGN which provides the user functions that transfer data
43、 and the functions that control and manage transport resources to carry such data between terminating entities (see also clause 7.1 of ITU-T Y.2011). 3.1.12 virtual private network (VPN) ITU-T Y.2215: A VPN is a communication network, built over public and/or private network resources, used to suppo
44、rt controlled and secure communications within a group of users as if they were on a private network. 3.2 Terms defined in this Recommendation None. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: BID Binding Identification e-MCF enterprise Mobility Co
45、ntrol Function e-NAF enterprise Network Attachment Function e-RACF enterprise Resource Admission and Control Function GW Gateway HBM Host-Based Mobility IKE Internet Key Exchange IPsec Internet Protocol security MLM-FE Mobility Location Management Functional Entity MM Mobility Management MMCF Mobili
46、ty Management and Control Functions MOBIKE Mobile IKE MP-t-MP Multipoint-to-Multipoint MUE Mobile User Equipment NACF Network Attachment Control Functions NGN Next Generation Network PAK Password-Authenticated Key exchange PD-FE Policy Decision Functional Entity P-t-P Point-to-Point PW Password 4 Re
47、c. ITU-T Y.2811 (07/2012) QoS Quality of Service RACF Resource Admission and Control Functions SCF Service Control Functions TID Tunnel Identification VPN SCF VPN Service Control Functions VPN Virtual Private Network VTF VPN Transport Functions 5 Conventions None. 6 Requirements The basic requiremen
48、ts of mobile VPN follow the NGN VPN requirements listed in ITU-T Y.2215. This clause identifies and focuses on the mobile VPN service and mobility requirements. The VPN in the NGN mobile environment is required to support the following service requirements: the mobility protocol and related security
49、 association mechanisms are required to establish secure mobile VPN tunnels; the secure mobile VPN tunnels should be released and set up seamlessly as an MUE moves; a point-to-point/multipoint-to-multipoint (P-t-P/MP-t-MP) VPN tunnel should be created among peers in a community group; the VPN service control function is required to provide VPN service by extending the NGN service control function; allow mobile users to access the VPN resources
