Independent Submission M. Boucadair, Ed.
Request for Comments: 8921 C. Jacquenet
Category: Informational Orange
ISSN: 2070-1721 D. Zhang
Huawei Technologies
P. Georgatsos
CERTH
October 2020
Dynamic Service Negotiation: The Connectivity Provisioning Negotiation
Protocol (CPNP)
Abstract
This document defines the Connectivity Provisioning Negotiation
Protocol (CPNP), which is designed to facilitate the dynamic
negotiation of service parameters.
CPNP is a generic protocol that can be used for various negotiation
purposes that include (but are not necessarily limited to)
connectivity provisioning services, storage facilities, Content
Delivery Networks, etc.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8921.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction
2. Terminology
3. CPNP Functional Elements
4. Order Processing Models
5. Sample Use Cases
6. CPNP Deployment Models
7. CPNP Negotiation Model
8. Protocol Overview
8.1. Client/Server Communication
8.2. Policy Configuration on the CPNP Server
8.3. CPNP Session Entries
8.4. CPNP Transactions
8.5. CPNP Timers
8.6. CPNP Operations
8.7. Connectivity Provisioning Documents
8.8. Child PQOs
8.9. Multi-Segment Service
8.10. Negotiating with Multiple CPNP Servers
8.11. State Management
8.11.1. On the Client Side
8.11.2. On the Server Side
9. CPNP Objects
9.1. Attributes
9.1.1. CUSTOMER_ORDER_IDENTIFIER
9.1.2. PROVIDER_ORDER_IDENTIFIER
9.1.3. TRANSACTION_ID
9.1.4. SEQUENCE_NUMBER
9.1.5. NONCE
9.1.6. EXPECTED_RESPONSE_TIME
9.1.7. EXPECTED_OFFER_TIME
9.1.8. VALIDITY_OFFER_TIME
9.1.9. SERVICE_DESCRIPTION
9.1.10. CPNP Information Elements
9.2. Operation Messages
9.2.1. QUOTATION
9.2.2. PROCESSING
9.2.3. OFFER
9.2.4. ACCEPT
9.2.5. DECLINE
9.2.6. ACK
9.2.7. CANCEL
9.2.8. WITHDRAW
9.2.9. UPDATE
9.2.10. FAIL
9.2.11. ACTIVATE
10. CPNP Message Validation
10.1. On the Client Side
10.2. On the Server Side
11. Theory of Operation
11.1. Client Behavior
11.1.1. Order Negotiation Cycle
11.1.2. Order Withdrawal Cycle
11.1.3. Order Update Cycle
11.2. Server Behavior
11.2.1. Order Processing
11.2.2. Order Withdrawal
11.2.3. Order Update
11.3. Sequence Numbers
11.4. Message Retransmission
12. Some Operational Guidelines
12.1. CPNP Server Logging
12.2. Business Guidelines and Objectives
13. Security Considerations
14. IANA Considerations
15. References
15.1. Normative References
15.2. Informative References
Acknowledgements
Authors' Addresses
1. Introduction
This document defines the Connectivity Provisioning Negotiation
Protocol (CPNP) that is meant to dynamically exchange and negotiate
connectivity provisioning parameters and other service-specific
parameters between a Customer and a Provider. CPNP is a tool that
introduces automation to the service negotiation and activation
procedures, thus fostering the overall service provisioning process.
CPNP can be seen as a component of the dynamic negotiation metadomain
described in Section 2.4 of [RFC7149].
CPNP is a generic protocol that can be used for negotiation purposes
other than connectivity provisioning. For example, CPNP can be used
to request extra storage resources, to extend the footprint of a
Content Delivery Network (CDN), to enable additional features from a
cloud Provider, etc. CPNP can be extended with new Information
Elements (IEs). Sample negotiation use cases are described in
Section 5. Section 4 introduces several order processing models and
defines those that are targeted by CPNP. The CPNP negotiation model
is then detailed in Section 7.
[RFC7297] describes a Connectivity Provisioning Profile (CPP)
template to capture connectivity requirements to be met by a
transport infrastructure for the delivery of various services such as
Voice over IP (VoIP), IPTV, and Virtual Private Network (VPN)
services [RFC4026]. The CPP document defines the set of IP transfer
parameters that reflect the guarantees that can be provided by the
underlying transport network together with reachability scope and
capacity needs. CPNP uses the CPP template to encode connectivity
provisioning clauses that are subject to negotiation. The accepted
CPP will then be passed to other functional elements that are
responsible for the actual service activation and provisioning. For
example, Network Configuration Protocol (NETCONF) [RFC6241] or
RESTCONF [RFC8040] can be used to activate adequate network features
that are required to deliver the accepted service. How the outcome
of CPNP negotiation is translated into service and network
provisioning actions is out of scope of this document.
As a reminder, several proposals have been made in the past by the
(research) community (e.g., Common Open Policy Service protocol for
supporting Service Level Specification [COPS-SLS], Service
Negotiation Protocol [SrNP], Dynamic Service Negotiation Protocol
[DSNP], Resource Negotiation and Pricing Protocol [RNAP], Service
Negotiation and Acquisition Protocol [SNAP]). CPNP leverages the
authors' experience with SrNP by separating the negotiation
primitives from the service under negotiation. Moreover, careful
examination of the other proposals revealed certain deficiencies that
were easier to address through the creation of a new protocol rather
than the modification of existing protocols. For example:
* COPS-SLS relies upon the COPS usage for policy provisioning (COPS-
PR) [RFC3084], which is a Historic RFC.
* DSNP is tightly designed with one specific service in mind (QoS)
and does not make any distinction between a quotation phase and
the actual service-ordering phase.
One of the primary motivations of this document is to provide a
permanent reference to exemplify how service negotiation can be
automated.
Implementation details are out of scope. An example of required
modules and interfaces to implement this specification is sketched in
Section 4 of [AGAVE]. This specification builds on that effort.
2. Terminology
This document makes use of the following terms:
Customer: Is a business role that denotes an entity that is involved
in the definition and the possible negotiation of an order,
including a Connectivity Provisioning Agreement, with a Provider.
A connectivity provisioning document is captured in a dedicated
CPP template-based document, which may specify (among other
information) the sites to be connected, border nodes, outsourced
operations (e.g., routing, traffic steering).
The right to invoke the subscribed service may be delegated by the
Customer to third-party end users or brokering services.
A Customer can be a Service Provider, an application owner, an
enterprise, a user, etc.
Network Provider (or Provider): Owns and administers one or many
transport domain(s) (typically Autonomous Systems (ASes)) composed
of (IP) switching and transmission resources (e.g., routing,
switching, forwarding, etc.). Network Providers are responsible
for delivering and operating connectivity services (e.g., offering
global or restricted reachability at specific rates). Offered
connectivity services may not necessarily be restricted to IP.
The policies to be enforced by the connectivity service delivery
components can be derived from the technology-specific clauses
that might be included in agreements with the Customers. If no
such clauses are included in the agreement, the mapping between
the connectivity requirements and the underlying technology-
specific policies to be enforced is deployment specific.
Quotation Order: Denotes a request made by the Customer to the
Provider that includes a set of requirements. The Customer may
express its service-specific requirements by assigning (strictly
or loosely defined) values to the information items included in
the commonly understood template (e.g., CPP template) describing
the offered service. These requirements constitute the parameters
to be mutually agreed upon.
Offer: Refers to a response made by the Provider to a Customer's
quotation order that describes the ability of the Provider to
satisfy the order at the time of its receipt. Offers reflect the
capability of the Provider in accommodating received Customer
orders beyond monolithic 'yes/no' answers.
An offer may fully or partially meet the requirements of the
corresponding order. In the latter case, it may include
alternative suggestions that the Customer may take into account by
issuing a new order.
Agreement: Refers to an order placed by the Customer and accepted by
the Provider. It signals the successful conclusion of a
negotiation cycle.
3. CPNP Functional Elements
The following functional elements are defined:
CPNP client (or client): Denotes a software instance that sends CPNP
requests and receives CPNP responses. The current operations that
can be performed by a CPNP client are listed below:
1. Create a quotation order (Section 9.2.1).
2. Cancel an ongoing quotation order under negotiation
(Section 9.2.7).
3. Accept an offer made by a server (Section 9.2.4).
4. Withdraw an agreement (Section 9.2.8).
5. Update an agreement (Section 9.2.9).
CPNP server (or server): Denotes a software instance that receives
CPNP requests and sends back CPNP responses accordingly. The CPNP
server is responsible for the following operations:
1. Process a quotation order (Section 9.2.2).
2. Make an offer (Section 9.2.3).
3. Cancel an ongoing quotation order (Section 11.2.3).
4. Process an order withdrawal (Section 11.2.3).
4. Order Processing Models
For preparing their service orders, Customers may need to be aware of
the offered services. Therefore, Providers should first proceed with
the announcement (or the exposure) of the services they can provide.
The service announcement process may take place at designated global
or Provider-specific service markets or through explicit interactions
with the Providers. The details of this process are outside the
scope of this document.
With or without such service announcement/exposure mechanisms in
place, the following order processing models can be distinguished:
Frozen model:
The Customer cannot actually negotiate the parameters of the
service(s) offered by a Provider. After consulting the Provider's
service portfolio, the Customer selects the service offer to which
he or she wants to subscribe and places an order to the Provider.
Order handling is quite simple on the Provider side because the
service is not customized per Customer's requirements, but rather
designed to address a Customer base that shares the same
requirements (i.e., these Customers share the same Connectivity
Provisioning Profile). This mode can be implemented using
existing tools such as [RFC8309].
Negotiation-based model:
Unlike the frozen model, the Customer documents his/her
requirements in a request for a quotation, which is then sent to
one or several Providers. Solicited Providers check whether they
can address these requirements or not, and get back to the
Customer accordingly, possibly with an offer that may not exactly
match the Customer's requirements (e.g., a 100 Mbps connection
cannot be provisioned given the amount of available resources, but
an 80 Mbps connection can be provided). A negotiation between the
Customer and the Provider(s) then follows until both parties reach
an agreement (or do not).
Both frozen and negotiation-based models require the existence of
appropriate service templates like a CPP template and their
instantiation for expressing specific offerings from Providers and
service requirements from Customers, respectively. CPNP can be used
in either model for automating the required Customer-Provider
interactions. The frozen model can be seen as a special case of the
negotiation-based model. This document focuses on the negotiation-
based model. Not only 'yes/no' answers but also counterproposals may
be offered by the Provider in response to Customer orders.
Order processing management on the Network Provider's side usually
solicits features supported by the following functional blocks:
* Network provisioning (including order activation, Network
Planning, etc.)
* Authentication, authorization, and accounting (AAA)
* Network and service management (performance measurement and
assessment, fault detection, etc.)
* Sales-related functional blocks (e.g., billing, invoice
validation)
* Network impact analysis
CPNP does not assume any specific knowledge about these functional
blocks, drawing an explicit line between protocol operation and the
logic for handling connectivity provisioning requests. An order
processing logic is typically fed with the information manipulated by
the aforementioned functional blocks. For example, the resources
that can be allocated to accommodate the Customer's requirements may
depend on network availability estimates as calculated by the
planning functions and related policies, as well as the number of
orders to be processed simultaneously over a given period of time.
This document does not elaborate on how Customers are identified and
subsequently managed by the Provider's information system.
5. Sample Use Cases
A non-exhaustive list of CPNP use cases is provided below:
1. [RFC4176] introduces the Layer 3 VPN (L3VPN) Service Order
Management functional block, which is responsible for managing
the requests initiated by the Customers and tracks the status of
the completion of the related operations. CPNP can be used
between the Customer and the Provider to negotiate L3VPN service
parameters.
A CPNP server could therefore be part of the L3VPN Service Order
Management functional block discussed in [RFC4176]. A L3VPN
Service YANG data model (L3SM) is defined in [RFC8299]. Once an
agreement is reached, the service can be provisioned using,
e.g., the L3VPN Network YANG data model specified in
[L3VPN-NETWORK-YANG].
Likewise, a CPNP server could be part of the Layer 2 VPN (L2VPN)
Service Order Management functional block. A YANG data model
for L2VPN service delivery is defined in [RFC8466]. Once an
agreement is reached, the L2VPN service can be provisioned
using, e.g., the L2VPN Network YANG data model specified in
[L2VPN-NETWORK-YANG].
2. CPNP can be used between two adjacent domains to deliver IP
interconnection services (e.g., enable, update, disconnect).
For example, two Autonomous Systems (ASes) can be connected via
several interconnection points. CPNP can be used between these
ASes to upgrade existing links, request additional resources,
provision a new interconnection point, etc.
See, for example, the framework documented in [ETICS].
3. An integrated Provider can use CPNP to rationalize connectivity
provisioning needs related to its service portfolio. A CPNP
server function is used by network operations teams. A CPNP
interface to trigger CPNP negotiation cycles is exposed to
service management teams.
4. Service Providers can use CPNP to initiate connectivity
provisioning requests towards a number of Network Providers so
as to optimize the cost of delivering their services. Although
multiple CPNP ordering cycles can be initiated by a Service
Provider towards multiple Network Providers, a subset of these
orders may actually be put into effect.
For example, a cloud Service Provider can use CPNP to request
more resources from Network Providers.
5. CPNP can also be used in the context of network slicing
[NETSLICES-ARCH] to request network resources together with a
set of requirements that need to be satisfied by the Provider.
Such requirements are not restricted to basic IP forwarding
capabilities, but may also include a characterization of a set
of service functions that may be invoked. For the network
slicing case, the instances of a CPP template could be derived
from the network slice template documented in [TEAS-SLICE-NBI].
6. CPNP can be used in Machine-to-Machine (M2M) environments to
dynamically subscribe to M2M services (e.g., access data
retrieved by a set of sensors, extend sensor coverage, etc.).
Also, Internet of Things (IoT) [RFC6574] domains may rely on
CPNP to enable dynamic access to data produced by involved
objects, according to their specific policies, to various
external stakeholders such as data analytics and business
intelligence companies. Direct CPNP-based interactions between
IoT domains and interested parties enable open access to diverse
sets of data across the Internet, e.g., from multiple types of
sensors, user groups, and/or geographical areas.
7. CPNP can be used in the context of Interface to Network Security
Functions (I2NSF) [RFC8329] to capture the Customer-driven
policies to be enforced by a set of Network Security Functions.
8. A Provider offering cloud services can expose a CPNP interface
to allow Customers to dynamically negotiate typical data center
resources, such as additional storage, processing and networking
resources, enhanced security filters, etc.
Cloud computing Providers typically structure their computation
service offerings by bundling CPU, RAM, and storage units as
quotas, instances, or flavors that can be consumed in an
ephemeral or temporal fashion during the lifetime of the
required function. A similar approach is followed by CPNP (see
for example, Section 9.2.11).
9. In the inter-cloud context (also called cloud of clouds or cloud
federation), CPNP can be used to reserve computing and
networking resources hosted by various cloud infrastructures.
10. CDN Providers can use CPNP to extend their footprint by
interconnecting their respective CDN infrastructures [RFC6770]
(see Figure 1).
,--,--,--. ,--,--,--.
,-' `-. ,-' `-.
(CDN Provider 'A')=====(CDN Provider 'B')
`-. (CDN-A) ,-' `-. (CDN-B) ,-'
`--'--'--' `--'--'--'
Figure 1: CDN Interconnection
11. Mapping Service Providers (MSPs) [RFC7215] can use CPNP to
enrich their mapping database by interconnecting their mapping
system (see Figure 2). This interconnection allows the
relaxation of the constraints on PxTR (Proxy Ingress/Egress
Tunnel Router) in favour of native LISP (Locator/ID Separation
Protocol) forwarding [RFC6830]. Also, it prevents the
fragmentation of the LISP mapping database. A framework is
described in [LISP-MS-DISCOVERY].
,--,--,--. ,--,--,--.
,-' `-. ,-' `-.
(Mapping System 'A')===(Mapping System 'B')
`-. ,-' `-. ,-'
`--'--'--' `--'--'--'
Figure 2: LISP Mapping System Interconnect
12. CPNP may also be used between SDN (Software-Defined Networking)
controllers in contexts where Cooperating Layered Architecture
for Software-Defined Networking (CLAS) is enabled [RFC8597].
6. CPNP Deployment Models
Several CPNP deployment models can be envisaged. Two examples are
listed below:
* The Customer deploys a CPNP client while one or several CPNP
servers are deployed by the Provider. A CPNP client can discover
its CPNP servers using a variety of means (static, dynamic, etc.).
* The Customer does not enable any CPNP client. The Provider
maintains a Customer Order Management portal. The Customer can
initiate connectivity provisioning quotation orders via the
portal; appropriate CPNP messages are then generated and sent to
the relevant CPNP server. In this model, both the CPNP client and
CPNP server are under the responsibility of the same
administrative entity (i.e., Network Provider).
Once the negotiation of connectivity provisioning parameters is
successfully concluded, that is, an order has been placed by the
Customer, the actual network provisioning operations are initiated.
The specification of related dynamic resource allocation and policy
enforcement schemes, as well as how CPNP servers interact with the
network provisioning functional blocks on the Provider side, are out
of the scope of this document.
This document does not make any assumptions about the CPNP deployment
model either.
7. CPNP Negotiation Model
CPNP runs between a Customer and a Provider, carrying service orders
from the Customer and corresponding responses from the Provider in
order to reach a service provisioning agreement. As the services
offered by the Provider are well described, by means of the CPP
template for connectivity matters, the negotiation process is
essentially a value-settlement process, where an agreement is pursued
on the values of the commonly understood information items (service
parameters) included in the service description template
(Section 9.1.9).
The content that CPNP carries and the negotiation logic invoked at
Customer and Provider sides to manipulate the content (i.e., the
information carried in CPNP messages to proceed with the negotiation)
is transparent to the protocol.
The protocol aims to facilitate the execution of the negotiation
logic by providing the required generic communication primitives.
Since negotiations are initiated and primarily driven by the
Customer's negotiation logic, it is reasonable to assume that the
Customer is the only party that can call for an agreement. An
implicit approach is adopted for not overloading the protocol with
additional messages. In particular, the acceptance of an offer made
by the Provider signals a call for agreement from the Customer. Note
that it is almost certain the Provider will accept this call since it
refers to an offer that the Provider made. Of course, at any point
the Provider or the Customer may quit the negotiations, each on its
own grounds.
Based on the above, CPNP adopts a quotation order/offer/answer model,
which proceeds through the following basic steps (Figure 3):
1. The CPNP client specifies its service requirements in a
Provisioning Quotation Order (PQO). The order may include
strictly or loosely defined values in the clauses describing
service provisioning characteristics.
2. The CPNP server declines the PQO, or makes an offer to address
the requirements of the PQO, or suggests a counterproposal that
partially addresses the requirements of the PQO in case specific
requirements cannot be accommodated.
3. The CPNP client either accepts or declines the offer. The
acceptance of the offer by the CPNP client implies a call for
agreement and, thus, the agreement between both parties and the
conclusion of the negotiation.
+------+ +------+
|Client| |Server|
+------+ +------+
|=====Requested Service=====>|
|<=====Offered Service=======|
|=====Accepted Service======>|
Figure 3: Simplified Service Negotiation
Multiple instances of CPNP may run at a Customer's or a Provider's
domains. A CPNP client may be engaged in multiple, simultaneous
negotiations with the same or different CPNP servers (parallel
negotiations, see Section 8.10), and a CPNP server may need to
negotiate with other Provider(s) as part of negotiations that are
ongoing with a CPNP client (cascaded negotiations, see Section 8.8).
CPNP relies on various timers to run its operations. Two types of
timers are defined: those that are specific to CPNP message
transmission and those that are specific to the negotiation logic.
The latter are used to guide the negotiation logic at both CPNP
client and CPNP server sides, particularly in cases where the CPNP
client is involved in parallel negotiations with several CPNP servers
or in cases where the CPNP server is, in turn, involved in
negotiations with other Providers for processing a given Customer-
originated quotation order. CPNP allows a CPNP server to request
extra time to proceed with the negotiation. This request may be
accepted or rejected by the CPNP client.
Providers may need to publish available services to the Customers
(see Section 4). CPNP may optionally support this functionality.
Dedicated templates can be defined for the purpose of service
announcement, which will be used by the CPNP clients to initiate
their CPNP negotiation cycles.
For the sake of simplicity, a single offer/answer stage is assumed
within one CPNP negotiation cycle. Nevertheless, as already stated,
multiple CPNP negotiation cycles can be undertaken by a CPNP client
(see Figure 4).
The model is flexible enough to accommodate changing conditions
during the lifetime of a service (e.g., the introduction of an
additional VPN site).
+------+ +------+ +------+ +------+
|Client| |Server| |Client| |Server|
+------+ +------+ +------+ +------+
|=====Quotation Order=====>| |=====Quotation Order=====>|
|<==========Offer==========| |<==========Offer==========|
|===========Accept========>| |==========Decline========>|
1-Step Successful Negotiation 1-Step Failed Negotiation
Cycle Cycle
+------+ +------+ +------+ +------+
|Client| |Server| |Client| |Server|
+------+ +------+ +------+ +------+
|===Quotation Order(a)====>| |===Quotation Order(i)====>|
|<==========Offer==========| |<==========Offer==========|
|==========Decline========>| |==========Decline========>|
|===Quotation Order(b)====>| |===Quotation Order(j)====>|
|<==========Offer==========| |<==========Offer==========|
|===========Accept========>| |==========Decline========>|
|===Quotation Order(k)====>|
|<==========Offer==========|
|==========Decline========>|
|===Quotation Order(l)====>|
|<==Fail to make an offer==|
N-Step Negotiation Cycle: N-Step Negotiation Cycle:
Successful Negotiation Failed Negotiation
Figure 4: Overall Negotiation Process
The means used by a CPNP client to retrieve a list of active/accepted
offers are not defined in this document.
An order can be implicitly or explicitly activated. Section 3.11 of
[RFC7297] specifies a dedicated clause called Activation Means. Such
a clause indicates the required action(s) to be undertaken to
activate access to the (IP connectivity) service. This document
defines a dedicated CPNP message that can be used for explicit
activation (Section 9.2.11).
8. Protocol Overview
8.1. Client/Server Communication
CPNP is a client/server protocol that can run over any transport
protocol. The default transport mode is UDP secured with Datagram
Transport Layer Security (DTLS) [RFC6347]. No permanent CPNP
transport session needs to be maintained between the client and the
server.
The CPNP client can be configured with the CPNP server(s).
Typically, the CPNP client is configured with an IP address together
with a port number using manual or dynamic configuration means (e.g.,
DHCP). Alternatively, a Provider may advertise the port number
(CPNP_PORT) it uses to bind the CPNP service using SRV [RFC2782].
The CPNP client may be provided with a domain name of the CPNP server
for PKIX-based authentication purposes. CPNP servers should prefer
the use of DNS-ID and SRV-ID over CN-ID identifier types in
certificate requests (Section 2.3 of [RFC6125]). URI-IDs should not
be used for CPNP server identity verification.
The client sends CPNP requests using CPNP_PORT as the destination
port number. The same port number used as the source port number of
a CPNP request sent to a CPNP server is used by the server to reply
to that request.
CPNP is independent of the IP address family.
CPNP retransmission for unreliable transports is discussed in
Section 11.4.
Considerations related to mutual authentication are discussed in
Section 13.
8.2. Policy Configuration on the CPNP Server
As an input to its decision-making process, the CPNP server may be
connected to various external modules such as Customer Profiles,
Network Topology, Network Resource Management, Order Repositories,
AAA, and Network Provisioning Manager (an example is shown in
Figure 5).
These external modules provide inputs to the CPNP server so that it
can do the following:
* Check whether a Customer is entitled to initiate a provisioning
quotation request.
* Check whether a Customer is entitled to cancel an ongoing order.
* Check whether administrative data (e.g., billing-related
information) have been verified before the processing of the
request starts.
* Check whether network capacity is available or additional capacity
is required.
* Receive guidelines from network design and sales blocks (e.g.,
pricing, network usage levels, thresholds associated with the
number of CPP templates that can be processed over a given period
of time as a function of the nature of the service to be
delivered, etc.).
* Transfer completed orders to network provisioning blocks (referred
to as "Network Provisioning Manager" in Figure 5). For example,
the outcome of CPNP may be passed to modules such as Application-
Based Network Operations (ABNO) [RFC7491] or network controllers.
These controllers will use protocols such as NETCONF [RFC6241] to
interact with the appropriate network nodes and functions for the
sake of proper service activation and delivery.
The above list of CPNP server operations is not exhaustive.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.Business & Administrative Management .
.+------------------------++---------------------------+.
.| Business Guidelines || Billing & Charging |.
.+-----------+------------++-----------+---------------+.
. | | .
. +-------------------+ | .
. . . . . . . . . . . . . . . . .|. . .|. . . . . . . . .
. . . . . . . . . . . . . . . . .|. . .|. . . . . . . . .
.Order Handling Management | | .
. +-------------------+ +-------+-----+--------------+ .
. |Network Topology DB+--+ CPNP Server | .
. +-------------------+ +-+---+---+---+---+-----+----+ .
. | | | | | | .
. +------------------------+-+ | | | | | .
. | Network Dimensioning | | | | | | .
. | & Planning | | | | | | .
. +--------------------------+ | | | | | .
. +----------------------------+-+ | | | +---+----+ .
. | | | | | | AAA | .
. | Network +------------+ | | | +--------+ .
. | Resource | +------------+-+ | +-+----------+ .
. | Management | | Customer | | | Orders | .
. | | | Profiles | | | Repository | .
. +-----------------+ +--------------+ | +------------+ .
. . . . . . . . . . . . . . . . . . . .|. . . . . . . . .
+--------------------------------------+----------------+
| Network Provisioning Manager |
+-------------------------------------------------------+
Figure 5: Order Handling Management Functional Block (Focus on
Internal Interfaces)
The following order-handling modes can also be configured on the
server:
Fully automated mode: This mode does not require any action from the
administrator when receiving a request for a service. The server
can execute its decision-making process related to the orders
received and can generate corresponding offers.
Administrative validation checking: Some or all of the server's
operations are subject to administrative validation procedures.
This mode requires an action from the administrator for every
request received. To that aim, the CPNP methods that can be
automatically handled by the server (or are subject to one or
several validation administrative checks) can be configured on the
server.
8.3. CPNP Session Entries
A CPNP session entry is represented by a tuple defined as follows:
* Transport session (typically, the IP address of the CPNP client,
the client's port number, the IP address of the CPNP server, and
the CPNP server's port number).
* Incremented sequence number (Section 11.3).
* Customer agreement identifier: This is a unique identifier
assigned to the order under negotiation by the CPNP client
(Section 9.1.1). This identifier is also used by the client to
identify the agreement that will result from a successful
negotiation.
* Provider agreement identifier: This is a unique identifier
assigned to the order under negotiation by the CPNP server
(Section 9.1.2). This identifier is also used by the server to
identify the agreement that will result from a successful
negotiation.
* Transaction-ID (Section 8.4).
8.4. CPNP Transactions
A CPNP transaction occurs between a client and a server for
completing, modifying, or withdrawing a service agreement, and
comprises all CPNP messages exchanged between the client and the
server, from the first request sent by the client to the final
response sent by the server. A CPNP transaction is bound to a CPNP
session (Section 8.3).
Because multiple CPNP transactions can be maintained by the CPNP
client, the client must assign an identifier to uniquely identify a
given transaction. This identifier is the Transaction-ID.
The Transaction-ID must be randomly assigned by the CPNP client,
according to the best current practice for generating random numbers
[RFC4086] that cannot be guessed easily. The Transaction-ID is used
for validating CPNP responses received by the client.
In the context of a transaction, the client needs to select a
sequence number randomly and then needs to assign it to the first
CPNP message to send. This number is then incremented for each
request message that is subsequently sent within the ongoing CPNP
transaction (see Section 11.3).
8.5. CPNP Timers
CPNP adopts a simple retransmission procedure that relies on a
retransmission timer represented by RETRANS_TIMER and a maximum retry
threshold. The use of RETRANS_TIMER and a maximum retry threshold
are described in Section 11.
The response timer (EXPECTED_RESPONSE_TIME) is set by the client to
denote the time, in seconds, the client will wait to receive a
response from the server to a PQO request (see Section 9.1.6). If
the timer expires, the respective PQO is cancelled by the client, and
a CANCEL message is generated accordingly.
The expected offer timer (EXPECTED_OFFER_TIME) is set by the server
to indicate the time by when the CPNP server is expected to make an
offer to the CPNP client (see Section 9.1.7). If no offer is
received by then, the CPNP client will consider the order as
rejected.
An offer expiration timer (VALIDITY_OFFER_TIME) is set by the server
to represent the time, in minutes, after which an offer made by the
server becomes invalid (see Section 9.1.8).
8.6. CPNP Operations
CPNP operations are listed below. They may be augmented depending on
the nature of some transactions or because of security considerations
that may necessitate a distinct CPNP client/server authentication
phase before negotiation begins.
QUOTATION (Section 9.2.1):
This operation is used by the client to initiate a PQO. Upon
receipt of a QUOTATION request, the server may respond with a
PROCESSING, OFFER, or a FAIL message. A QUOTATION-initiated
transaction can be terminated by a FAIL message.
PROCESSING (Section 9.2.2):
This operation is used to inform the remote party that its message
(the order quotation or the offer) was received and it is being
processed. This message can also be issued by the server to
request more time, in which case, the client may reply with an ACK
or FAIL message depending on whether extra time can or cannot be
granted.
OFFER (Section 9.2.3):
This operation is used by the server to inform the client about an
offer that can best accommodate the requirements indicated in the
previously received QUOTATION message.
ACCEPT (Section 9.2.4):
This operation is used by the client to confirm the acceptance of
an offer made by the server. This message implies a call for
agreement. An agreement is reached when an ACK is subsequently
received from the server, which is likely to happen if the message
is sent before the offer validity time expires; the server is
unlikely to reject an offer that it has already made.
DECLINE (Section 9.2.5):
This operation is used by the client to reject an offer made by
the server. The ongoing transaction may not be terminated
immediately, e.g., the client may issue another order or the
server may issue another offer.
ACK (Section 9.2.6):
This operation is used by the server to acknowledge the receipt of
an ACCEPT or WITHDRAW message or by the client to confirm the
server's request for a time extension (conveyed in a PROCESSING
message) in order to process the last received quotation order.
CANCEL (Section 9.2.7):
This operation is used by the client to cancel (quit) the ongoing
transaction.
WITHDRAW (Section 9.2.8):
This operation is used by the client to withdraw a completed order
(i.e., an agreement).
UPDATE (Section 9.2.9):
This operation is used by the client to update an existing
agreement. For example, this method can be invoked to add a new
VPN site. This method will trigger a new negotiation cycle.
FAIL (Section 9.2.10):
This operation is used by the server to indicate that it cannot
accommodate the requirements documented in the PQO conveyed in the
QUOTATION message or to inform the client about an error
encountered when processing the received message. In either case,
the message implies that the server is unable to make offers, and,
as a consequence, it terminates the ongoing transaction.
This message is also used by the client to reject a time extension
request in a PROCESSING message received from the server. The
message includes a status code that provides explanatory
information.
The above CPNP primitives are service independent. CPNP messages may
transparently carry service-specific objects that are handled by the
negotiation logic at either side.
The document defines the service objects that are required for
connectivity provisioning negotiation purposes (see Section 8.7).
Additional service-specific objects for CPNP messages to accommodate
alternative deployment schemes or other service provisioning needs
can be defined in the future.
8.7. Connectivity Provisioning Documents
CPNP makes use of several flavors of Connectivity Provisioning
Documents (CPD). These documents follow the same CPP template
described in [RFC7297].
Requested CPD:
Refers to the CPD included by a CPNP client in a QUOTATION
request.
Offered CPD:
This document is included by a CPNP server in an OFFER message.
Its information reflects the proposal of the server to accommodate
all or a subset of the clauses depicted in a Requested CPD. A
validity time is associated with the offer made.
Accepted CPD:
If the client accepts an offer made by the server, the Offered CPD
is included in an ACCEPT message. This CPD is also included in an
ACK message. Thus, a three-way handshake procedure is followed
for successfully completing the negotiation.
Figure 6 shows a typical CPNP negotiation cycle and the use of the
different types of CPDs.
+------+ +------+
|Client| |Server|
+------+ +------+
|======QUOTATION (Requested CPD)=====>|
|<============PROCESSING==============|
|<========OFFER (Offered CPD)=========|
|=============PROCESSING=============>|
|=======ACCEPT (Accepted CPD)========>|
|<=======ACK (Accepted CPD)===========|
| |
Figure 6: Connectivity Provisioning Documents
A CPD can include parameters with fixed values, loosely defined
values, or any combination thereof. A CPD is said to be concrete if
all clauses have fixed values.
A typical evolution of a negotiation cycle would start with a
quotation order with loosely defined parameters, and then, as offers
are made, it would conclude with a concrete CPD for calling for the
agreement.
8.8. Child PQOs
If the server detects that network resources from another Network
Provider need to be allocated in order to accommodate the
requirements described in a PQO (e.g., in the context of an inter-
domain VPN service, additional Provider Edge (PE) router resources
need to be allocated), the server may generate child PQOs to request
the appropriate network provisioning operations (see Figure 7). In
such a situation, the server also behaves as a CPNP client. The
server associates the parent order with its child PQOs. How this is
achieved is implementation specific (e.g., this can be typically
achieved by locally adding the reference of the child PQO to the
parent order).
+------+ +--------+ +--------+
|Client| |Server A| |Server B|
+------+ +--------+ +--------+
| | |
|=====QUOTATION=====>| |
|<====PROCESSING=====| |
| |=====QUOTATION=====>|
| |<====PROCESSING=====|
| |<=======OFFER=======|
| |=====PROCESSING====>|
| |=======ACCEPT======>|
| |<=======ACK=========|
|<=======OFFER=======| |
|=====PROCESSING====>| |
|=======ACCEPT======>| |
|<=======ACK=========| |
| | |
Figure 7: Example of Child Orders
Note that the server must not activate recursion for an order if the
client includes a negotiation option to restrict the negotiation
scope to the resources of the server's domain (Section 9.1.10.3).
If recursion is not explicitly disabled, the server may notify the
client when appropriate (Section 9.2.2). Such notification may
depend on the nature of the service and also regulatory
considerations.
8.9. Multi-Segment Service
A composite service (e.g., connectivity) requested by a Customer
could imply multi-segment services (e.g., multi-segment connectivity
spanning an end-to-end scope), in the sense that one single CPNP
request is decomposed into multiple connectivity requests on the
Provider's side (thereby leading to child orders). The Provider is
in charge of handling the complexity of splitting the generic
provisioning order in a multi-segment context. Such complexity is
local to the Provider.
8.10. Negotiating with Multiple CPNP Servers
A CPNP client may undertake multiple negotiations in parallel with
several servers for various reasons, such as cost optimization and
fail-safety. These multiple negotiations may lead to one or many
agreements.
The salient point underlining the parallel negotiation scenarios is
that, although the negotiation protocol is strictly between two
parties, this may not be the case of the negotiation logic. The CPNP
client negotiation logic may need to collectively drive parallel
negotiations, as the negotiation with one server may affect the
negotiation with other servers; for example, it may need to use the
responses from all servers as an input for determining the messages
(and their content) to subsequently send within the course of each
individual negotiation. Therefore, timing is an important aspect on
the client's side. The CPNP client needs to have the ability to
synchronize the receipt of the responses from the servers. CPNP
takes into account this requirement by allowing clients to specify in
the QUOTATION message the time by which the server needs to respond
(see Section 9.1.6).
8.11. State Management
Both the client and the server maintain repositories to store ongoing
orders. How these repositories are maintained is deployment
specific. It is out of scope of this document to elaborate on such
considerations. Timestamps are also logged to track state change.
Tracking may be needed for various reasons, including regulatory or
billing ones.
In order to accommodate failures that may lead to the reboot of the
client or the server, the use of permanent storage is recommended,
thereby facilitating state recovery.
8.11.1. On the Client Side
This is the list of the typical states that can be associated with a
given order on the client's side:
Created: The order has been created. It is not handled by the
client until the administrator allows it to be processed.
AwaitingProcessing: The administrator has approved the processing of
a created order, but the order has not been handled yet.
PQOSent: The order has been sent to the server.
ServerProcessing: The server has confirmed the receipt of the order.
OfferReceived: An offer has been received from the server.
OfferProcessing: A received offer is being processed by the client.
AcceptSent: The client has confirmed the offer to the server.
Completed: The offer has been acknowledged by the server.
Cancelled: The order has failed or was cancelled.
Sub-states may be defined (e.g., to track failed vs. cancelled
orders), but those are not shown in Figure 8.
+------------------+
| Created |-----------------+
+------------------+ |
| |
v |
+------------------+ |
|AwaitingProcessing|----------------+|
+------------------+ ||
| ||
QUOTATION/UPDATE ||
v ||
+------------------+ ||
| PQOSent |---CANCEL------+||
+------------------+ vvv
| +-----+
PROCESSING | |
v | |
+------------------+ CANCEL | C |
| ServerProcessing |------------>| A |
+------------------+ FAIL | N |
| | C |
| | E |
OFFER | L |
| | L |
v | E |
+------------------+ | D |
| OfferReceived |---CANCEL--->| |
+------------------+ | |
| PROCESSING +-----+
v ^^^
+------------------+ |||
| OfferProcessing |---DECLINE-----+||
+------------------+ ||
| ACCEPT ||
v ||
+------------------+ ||
| AcceptSent |---CANCEL-------+|
+------------------+ |
| ACK |
v |
+------------------+ |
| Completed |---WITHDRAW------+
+------------------+
Figure 8: Example of a CPNP Finite State Machine (Client Side)
8.11.2. On the Server Side
The following lists the states on the server's side that can be
associated with a given order and a corresponding offer:
PQOReceived: The order has been received from the client.
AwaitingProcessing: The order is being processed by the server. An
action from the server administrator may be needed.
OfferProposed: The request has been successfully handled, and an
offer has been sent to the client.
ProcessingReceived: The server has received a PROCESSING message for
an offer sent to the client.
AcceptReceived: The server has received a confirmation for the offer
from the client.
Completed: The server has acknowledged the offer (accepted by
client) to the client. Transitioning to this state assumes that
the ACK was received by the client (this can be detected by the
server if it receives a retransmitted ACCEPT message from the
client).
Cancelled: The order cannot be accommodated, or it has been
cancelled by the client. Associated resources must be released in
the latter case, if previously reserved.
ChildCreated: A child order has been created in cases where
resources from another Network Provider are needed.
ChildPQOSent: A child order has been sent to the remote server.
ChildServerProcessing: A child order is being processed by the
remote server.
ChildOfferReceived: The remote server has received an offer to a
child order.
ChildOfferProcessing: A received offer to a child order is being
processed.
ChildAcceptSent: The child offer (the offer received from the remote
server in response to a child order) is confirmed to the remote
server.
ChildCompleted: The accepted child offer has been acknowledged by
the remote server.
+------------------+ +------------------+
|AwaitingProcessing|<----------| ChildCreated |
+------------------+ +------------------+
| | ^
v | |
+------------------+ | |
| ChildPQOSent |----------------+| Q
+------------------+ || U
| || O
QUOTATION/UPDATE || T
v || A +--------------------+
+---------------------+ CANCEL || T | PQOReceived |
|ChildServerProcessing|------------+|| I +--------------------+
+---------------------+ FAIL vvv O | |
| +-----+ N CANCEL |
PROCESSING | |<---|-------+ PROCESSING
v | | | v
+------------------+ | | +------------------------+
|ChildOfferReceived|----CANCEL---| C |<--| AwaitingProcessing |
+------------------+ | A | +------------------------+
| | N | ^ | OFFER
OFFER | C | | +------------------+
| | E |<DECLINE-| OfferProposed |
| | L | | +------------------+
v | L | | |
+------------------+ | E | | PROCESSING
|ChildOfferReceived|---CANCEL----| D | | v
+------------------+ | | | +------------------+
| | |<DECLINE-| Proc'ingReceived |
PROCESSING | | |+------------------+
| +-----+ | | ACCEPT
v ^^^^^ | v
+------------------+ ||||| | +------------------+
|ChildOfferProc'ing|---DECLINE----+|||+-CANCEL-|-| AcceptReceived |
+------------------+ ||| | +------------------+
|ACCEPT ||| | |ACK
v ||| | v
+------------------+ ||| | +------------------+
| ChildAcceptSent |---CANCEL------+|+-WITHDRAW|-| Completed |
+------------------+ | | +------------------+
| ACK | |
v | |
+------------------+ | |
| ChildCompleted |---WITHDRAW-----+ |
| +---------------------------+
+------------------+
Figure 9: CPNP Finite State Machine (Server Side)
9. CPNP Objects
This section defines CPNP objects using the Routing Backus-Naur Form
(RBNF) format defined in [RFC5511]. Please also note the following:
| Note 1: The formats of CPNP messages are provided using a
| generic format. Implementors can adapt RBNF definitions to
| their "favorite" message format. For example, JSON [RFC8259]
| or Concise Binary Object Representation (CBOR) [RFC7049] can be
| used.
| Note 2: CPNP messages cannot be blindly mapped to RESTCONF
| messages with the target service being modelled as
| configuration data because such data is supposed to be
| manipulated by a RESTCONF client only. In such a model, the
| RESTCONF server cannot use a value other than the one set by
| the client (e.g., Section 9.2.3) or remove offers from its own
| initiative (e.g., Section 9.1.8). An alternate approach might
| be to map CPNP operations into RESTCONF actions (RPC).
| Assessing the feasibility of such approach is out of scope.
9.1. Attributes
9.1.1. CUSTOMER_ORDER_IDENTIFIER
The CUSTOMER_ORDER_IDENTIFIER (Customer Order Identifier) is an
identifier that is assigned by a client to identify an agreement.
This identifier must be unique to the client.
Rules for assigning this identifier (including the structure and
semantics) are specific to the client (Customer). The value of
CUSTOMER_ORDER_IDENTIFIER is included in all CPNP messages.
The client (Customer) assigns an identifier to an order under
negotiation before an agreement is reached. This identifier will be
used to unambiguously identify the resulting agreement at the client
side (Customer).
The server handles the CUSTOMER_ORDER_IDENTIFIER as an opaque value.
9.1.2. PROVIDER_ORDER_IDENTIFIER
The PROVIDER_ORDER_IDENTIFIER (Provider Order Identifier) is an
identifier that is assigned by a server to identify an order. This
identifier must be unique to the server.
Rules for assigning this identifier (including the structure and
semantics) are specific to the server (Provider). The
PROVIDER_ORDER_IDENTIFIER is included in all CPNP messages except
QUOTATION messages (because the state is only present at the client
side).
The server (Provider) assigns an identifier to an order under
negotiation before an agreement is reached. This identifier will be
used to unambiguously identify the resulting agreement at the server
side (Provider).
The client handles the PROVIDER_ORDER_IDENTIFIER as an opaque value.
9.1.3. TRANSACTION_ID
This object conveys the Transaction-ID introduced in Section 8.4.
9.1.4. SEQUENCE_NUMBER
The sequence number is a number that is monotonically incremented in
every new CPNP message pertaining to a given CPNP transaction. This
number is used to avoid replay attacks.
Refer to Section 11.3.
9.1.5. NONCE
The NONCE is a random value assigned by the CPNP server. Assigning a
unique NONCE value for each order is recommended.
It is mandatory to then include the NONCE in subsequent CPNP client
operations on the associated order (including the resulting
agreement) such as withdrawing the order or updating the order.
If the NONCE validation checks fail, the server rejects the request
with a FAIL message that includes the appropriate failure reason
code.
9.1.6. EXPECTED_RESPONSE_TIME
This attribute indicates the time by when the CPNP client is
expecting to receive a response from the CPNP server to a given PQO.
If no offer is received by then, the CPNP client will consider the
quotation order to be rejected.
The EXPECTED_RESPONSE_TIME follows the date format specified in
[RFC3339].
9.1.7. EXPECTED_OFFER_TIME
This attribute indicates the time by when the CPNP server is
expecting to make an offer to the CPNP client. If no offer is
received by then, the CPNP client will consider the order rejected.
The CPNP server may propose an expected offer time that does not
match the expected response time indicated in the quotation order
message. The CPNP client can accept or reject the proposed expected
time by when the CPNP server will make an offer.
The CPNP server can always request extra time for its processing, but
this may be accepted or rejected by the CPNP client.
The EXPECTED_OFFER_TIME follows the date format specified in
[RFC3339].
9.1.8. VALIDITY_OFFER_TIME
This attribute indicates the time of validity of an offer made by the
CPNP server. If the offer is not accepted before this time expires,
the CPNP server will consider the CPNP client as having rejected the
offer; the CPNP server will silently remove this order from its base.
The VALIDITY_OFFER_TIME follows date format specified in [RFC3339].
9.1.9. SERVICE_DESCRIPTION
This document defines a machinery to negotiate any aspect subject to
negotiation. Service clauses that are under negotiation are conveyed
using this attribute.
The structure of the connectivity provisioning clauses is provided in
the following subsection.
9.1.9.1. CPD
The RBNF format of the CPD is shown in Figure 10.
<CPD> ::= <Connectivity Provisioning Component> ...
<Connectivity Provisioning Component> ::=
<CONNECTIVITY_PROVISIONING_PROFILE> ...
<CONNECTIVITY_PROVISIONING_PROFILE> ::=
<Customer Nodes Map>
<SCOPE>
<QoS Guarantees>
<Availability>
<CAPACITY>
<Traffic Isolation>
<Conformance Traffic>
<Flow Identification>
<Overall Traffic Guarantees>
<Routing and Forwarding>
<Activation Means>
<Invocation Means>
<Notifications>
<Customer Nodes Map> ::= <Customer Node> ...
<Customer Node> ::= <IDENTIFIER>
<LINK_IDENTIFIER>
<LOCALIZATION>
Figure 10: The RBNF format of the CPD
9.1.10. CPNP Information Elements
An Information Element (IE) is an optional object that can be
included in a CPNP message.
9.1.10.1. Customer Description
The client may include administrative information such as the
following:
* Name
* Contact Information
The format of this Information Element is as follows:
<Customer Description> ::= [<NAME>] [<Contact Information>]
<Contact Information> ::= [<EMAIL_ADDRESS>] [<POSTAL_ADDRESS>]
[<TELEPHONE_NUMBER> ...]
9.1.10.2. Provider Description
The server may include administrative information in an offer such as
the following:
* Name
* AS Number [RFC6793]
* Contact Information
The format of this Information Element is as follows:
<Provider Description> ::= [<NAME>][<Contact Information>]
[<AS_NUMBER>]
9.1.10.3. Negotiation Options
The client may include some negotiation options such as the
following:
Setup purpose: A client may request the setup of a service (e.g.,
connectivity) only for testing purposes during a limited period.
The order can be extended to become permanent if the client was
satisfied during the test period. This operation is achieved
using the UPDATE method.
Activation type: A client may request a permanent or scheduled
activation type. If no activation type clause is included during
the negotiation, this means that the order will be immediately
activated right after the negotiation ends.
The format of this Information Element is as follows:
<Negotiation Options> ::= [<PURPOSE>]
9.2. Operation Messages
This section defines the RBNF format of CPNP operation messages. The
following operation codes are used:
+======+===================+================+
| Code | Operation Message | Reference |
+======+===================+================+
| 1 | QUOTATION | Section 9.2.1 |
+------+-------------------+----------------+
| 2 | PROCESSING | Section 9.2.2 |
+------+-------------------+----------------+
| 3 | OFFER | Section 9.2.3 |
+------+-------------------+----------------+
| 4 | ACCEPT | Section 9.2.4 |
+------+-------------------+----------------+
| 5 | DECLINE | Section 9.2.5 |
+------+-------------------+----------------+
| 6 | ACK | Section 9.2.6 |
+------+-------------------+----------------+
| 7 | CANCEL | Section 9.2.7 |
+------+-------------------+----------------+
| 8 | WITHDRAW | Section 9.2.8 |
+------+-------------------+----------------+
| 9 | UPDATE | Section 9.2.9 |
+------+-------------------+----------------+
| 10 | FAIL | Section 9.2.10 |
+------+-------------------+----------------+
| 11 | ACTIVATE | Section 9.2.11 |
+------+-------------------+----------------+
Table 1: CPNP Operation Message Codes
These codes are used to unambiguously identify a CPNP operation; the
operation code is conveyed in the METHOD_CODE attribute mentioned in
the following subsections.
In the following, VERSION refers to the CPNP version number. This
attribute must be set to 1.
9.2.1. QUOTATION
The format of the QUOTATION message is shown below:
<QUOTATION Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
[<EXPECTED_RESPONSE_TIME>]
<REQUESTED_CPD>
[<INFORMATION_ELEMENT>...]
A QUOTATION message must include an order identifier that is
generated by the client (CUSTOMER_ORDER_IDENTIFIER). Because several
orders can be issued to several servers, the QUOTATION message must
also include a Transaction-ID.
The message may include an EXPECTED_RESPONSE_TIME, which indicates by
when the client expects to receive an offer from the server. The
QUOTATION message must also include a requested service description
(that is, a Requested CPD for connectivity services).
The message may include ACTIVATION_TYPE to request a permanent or
scheduled activation type (e.g., using the ACTIVATE method defined in
Section 9.2.11). If no such clause is included, the default mode is
to assume that the order will be active once the accepted activation
means are successfully invoked (e.g., Section 3.11 of [RFC7297]).
When the client sends the QUOTATION message to the server, the state
of the order changes to "PQOSent" at the client side.
9.2.2. PROCESSING
The format of the PROCESSING message is shown below:
<PROCESSING Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
[<EXPECTED_OFFER_TIME>]
[<PROCESSING_SUBCODE>]
Upon receipt of a QUOTATION message, the server proceeds with the
parsing rules (see Section 10). If no error is encountered, the
server generates a PROCESSING response to the client to indicate the
PQO has been received and it is being processed. The server must
generate an order identifier that identifies the order in its local
order repository. The server must copy the content of the
CUSTOMER_ORDER_IDENTIFIER and TRANSACTION_ID fields as conveyed in
the QUOTATION message. The server may include an EXPECTED_OFFER_TIME
by when it expects to make an offer to the client.
Upon receipt of a PROCESSING message, the client verifies whether it
has issued a PQO that contains the CUSTOMER_ORDER_IDENTIFIER and
TRANSACTION_ID to that server. If no such PQO is found, the
PROCESSING message must be silently ignored. If a PQO is found, the
client may check whether it accepts the EXPECTED_OFFER_TIME, and then
it changes to state of the order to "ServerProcessing".
If the server requires more time to process the quotation order, it
may send a PROCESSING message that includes a new
EXPECTED_OFFER_TIME. The client can answer with an ACK message if
more time is granted (Figure 11) or with a FAIL message if the time
extension request is rejected (Figure 12).
The server may provide more details in the PROCESSING_SUBCODE
attribute about the reason for requesting more time to process the
request. The following codes are defined:
+=========+============================+
| Subcode | Description |
+=========+============================+
| 1 | Upgrade of local resources |
+---------+----------------------------+
| 2 | Request external resources |
+---------+----------------------------+
Table 2: PROCESSING_SUBCODE Codes
+------+ +------+
|Client| |Server|
+------+ +------+
|=======QUOTATION(Requested CPD)=====>|
|<========PROCESSING(time1)===========|
...
|<========PROCESSING(MoreTime)========|
|============ACK(TimeGranted)========>|
...
|<=========OFFER(Offered CPD)=========|
|=============PROCESSING=============>|
|=========ACCEPT(Accepted CPD)=======>|
|<=========ACK(Accepted CPD)==========|
| |
Figure 11: Request More Negotiation Time: Granted
+------+ +------+
|Client| |Server|
+------+ +------+
|=======QUOTATION(Requested CPD)=====>|
|<========PROCESSING(time1)===========|
...
|<========PROCESSING(MoreTime)========|
|=====FAIL(More Time Rejected)=======>|
Figure 12: Request More Negotiation Time: Rejected
9.2.3. OFFER
The format of the OFFER message is shown below:
<OFFER Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
<VALIDITY_OFFER_TIME>
<OFFERED_CPD>
[<INFORMATION_ELEMENT>...]
The server answers a QUOTATION request received from the client with
an OFFER message. The offer will be considered to be rejected by the
client if no confirmation (i.e., an ACCEPT message sent by the
client) is received by the server before the expiration of the
validity time.
The server may include ACTIVATION_TYPE to indicate whether the offer
is about a permanent or scheduled activation type. The message may
include ACTIVATION_SCHEDULE to indicate when the order is to be
activated. If no such clause is included, the default mode is to
assume that the order will be active once the accepted activation
means are successfully invoked (e.g., Section 3.11 of [RFC7297] or
Section 9.2.11).
9.2.4. ACCEPT
The format of the ACCEPT message is shown below:
<ACCEPT Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
<ACCEPTED_CPD>
[<INFORMATION_ELEMENT>...]
This message is used by a client to confirm the acceptance of an
offer received from a server. The fields of this message must be
copied from the received OFFER message. This message should not be
sent after the validity time of the offer expires, as indicated by
the server (Section 9.2.3).
9.2.5. DECLINE
The format of the DECLINE message is shown below:
<DECLINE Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
[<REASON>...]
The client may issue a DECLINE message to reject an offer.
CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, TRANSACTION_ID,
and NONCE are used by the server as keys to find the corresponding
order. If an order matches, the server changes the state of this
order to "Cancelled" and then returns an ACK with a copy of the
Requested CPD to the requesting client.
A DECLINE message may include an Information Element to indicate the
reason for declining an offer. The following codes are defined:
+======+====================================================+
| Code | Description |
+======+====================================================+
| 1 | Unacceptable gap between the request and the offer |
+------+----------------------------------------------------+
| 2 | Conflict with another offer from another server |
+------+----------------------------------------------------+
| 3 | Activation type mismatch |
+------+----------------------------------------------------+
Table 3: DECLINE Message Codes
If no order is found, the server returns a FAIL message to the
requesting client. In order to prevent DDoS (Distributed Denial of
Service) attacks, the server should restrict the number of FAIL
messages sent to a requesting client. It may also rate-limit FAIL
messages.
A flow example is shown in Figure 13.
+------+ +------+
|Client| |Server|
+------+ +------+
|=======QUOTATION(Requested CPD)=====>|
|<============PROCESSING==============|
|<=========OFFER(Offered CPD)=========|
|=============PROCESSING=============>|
|===============DECLINE==============>|
|<================ACK=================|
| |
Figure 13: DECLINE Flow Example
9.2.6. ACK
The format of the ACK message is shown below:
<ACK Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
[<EXPECTED_RESPONSE_TIME>]
[<CPD>]
[<INFORMATION_ELEMENT>...]
This message is issued by the server to close a CPNP transaction or
by a client to grant more negotiation time to the server.
This message is sent by the server as a response to an ACCEPT,
WITHDRAW, DECLINE, or CANCEL message. In this case, the ACK message
must include the copy of the service description (i.e., CPD for
connectivity services) as stored by the server. In particular, the
following considerations are taken into account for connectivity
provisioning services:
* A copy of the Requested/Offered CPD is included by the server if
it successfully handled a CANCEL message.
* A copy of the Updated CPD is included by the server if it
successfully handled an UPDATE message.
* A copy of the Offered CPD is included by the server if it
successfully handled an ACCEPT message in the context of a
QUOTATION transaction (refer to "Accepted CPD" in Section 8.7).
* An Empty CPD is included by the server if it successfully handled
a DECLINE or WITHDRAW message.
A client may issue an ACK message as a response to a time extension
request (conveyed in PROCESSING) received from the server. In such
case, the ACK message must include an EXPECTED_RESPONSE_TIME that is
likely to be set to the time extension requested by the server.
9.2.7. CANCEL
The format of the CANCEL message is shown below:
<CANCEL Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
[<CPD>]
The client can issue a CANCEL message at any stage during the CPNP
negotiation process before an agreement is reached. The
CUSTOMER_ORDER_IDENTIFIER and TRANSACTION_ID are used by the server
as keys to find the corresponding order. If a quotation order
matches, the server changes the state of this quotation order to
"Cancelled" and then returns an ACK with a copy of the Requested CPD
to the requesting client.
If no quotation order is found, the server returns a FAIL message to
the requesting client.
9.2.8. WITHDRAW
The format of the WITHDRAW message is shown below:
<WITHDRAW Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
[<ACCEPTED_CPD>]
[<INFORMATION_ELEMENT>...]
This message is used to withdraw an offer already accepted by the
Customer. Figure 14 shows a typical usage of this message.
+------+ +------+
|Client| |Server|
+------+ +------+
|============WITHDRAW(CPD)===========>|
|<============PROCESSING==============|
|<===========ACK(Empty CPD)===========|
| |
Figure 14: WITHDRAW Flow Example
The WITHDRAW message must include the same CUSTOMER_ORDER_IDENTIFIER,
PROVIDER_ORDER_IDENTIFIER, and NONCE as those used when creating the
order.
Upon receipt of a WITHDRAW message, the server checks whether an
order matching the request is found. If an order is found, the state
of the order is changed to "Cancelled", and an ACK message including
an Empty CPD is returned to the requesting client. If no order is
found, the server returns a FAIL message to the requesting client.
9.2.9. UPDATE
The format of the UPDATE message is shown below:
<UPDATE Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
<EXPECTED_RESPONSE_TIME>
<REQUESTED_CPD>
[<INFORMATION_ELEMENT>...]
This message is sent by the CPNP client to update an existing service
agreement (e.g., Accepted CPD). The UPDATE message must include the
same CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, and NONCE
as those used when creating the order. The CPNP client includes a
new service description (e.g., Updated CPD) that integrates the
requested modifications. A new Transaction_ID must be assigned by
the client.
Upon receipt of an UPDATE message, the server checks whether an
order, having state "Completed", matches CUSTOMER_ORDER_IDENTIFIER,
PROVIDER_ORDER_IDENTIFIER, and NONCE.
* If no order is found, the CPNP server generates a FAIL error with
the appropriate error code (Section 9.2.10).
* If an order is found, the server checks whether it can honor the
request:
- A FAIL message is sent to the client if the server cannot honor
the request. The client may initiate a new PQO negotiation
cycle (that is, send a new UPDATE message).
- An OFFER message including the updated clauses (e.g., Updated
CPD) is sent to the client. For example, the server maintains
an order for provisioning a VPN service that connects sites A,
B, and C. If the client sends an UPDATE message to remove site
C, only sites A and B will be included in the OFFER sent by the
server to the requesting client.
Note that the cycle that is triggered by an UPDATE message is
also considered to be a negotiation cycle.
A flow chart that illustrates the use of UPDATE operation is shown in
Figure 15.
+------+ +------+
|Client| |Server|
+------+ +------+
|=========UPDATE(Requested CPD)======>|
|<============PROCESSING==============|
|<=========OFFER(Updated CPD)=========|
|=============PROCESSING=============>|
|==========ACCEPT(Updated CPD)=======>|
|<==========ACK(Updated CPD)==========|
| |
Figure 15: UPDATE Flow Example
9.2.10. FAIL
The format of the FAIL message is shown below:
<FAIL Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<STATUS_CODE>
This message is sent in the following cases:
* The server cannot honor an order received from the client (i.e.,
received in a QUOTATION or UPDATE request).
* The server encounters an error when processing a CPNP request
received from the client.
* The client cannot grant more time to the server. This is a
response to a time extension request carried in a PROCESSING
message.
The status code indicates the error code. The following codes are
supported:
+========+==================+=====================================+
| Status | Error Code | Description |
| Code | | |
+========+==================+=====================================+
| 1 | Message | The message cannot be validated |
| | Validation Error | (see Section 10). |
+--------+------------------+-------------------------------------+
| 2 | Authentication | The request cannot be handled |
| | Required | because authentication is required. |
+--------+------------------+-------------------------------------+
| 3 | Authorization | The request cannot be handled |
| | Failed | because authorization failed. |
+--------+------------------+-------------------------------------+
| 4 | Administratively | The request cannot be handled |
| | prohibited | because of administrative policies. |
+--------+------------------+-------------------------------------+
| 5 | Out of Resources | The request cannot be honored |
| | | because resources (e.g., capacity) |
| | | are insufficient. |
+--------+------------------+-------------------------------------+
| 6 | Network Presence | The request cannot be honored |
| | Error | because there is no network |
| | | presence. |
+--------+------------------+-------------------------------------+
| 7 | More Time | The request to extend the time for |
| | Rejected | negotiation is rejected by the |
| | | client. |
+--------+------------------+-------------------------------------+
| 8 | Unsupported | The request cannot be handled |
| | Activation Type | because the requested activation |
| | | type is not supported. |
+--------+------------------+-------------------------------------+
Table 4: FAIL Message Error Codes
9.2.11. ACTIVATE
The format of the ACTIVATE message is shown below:
<ACTIVATE Message> ::= <VERSION>
<METHOD_CODE>
<SEQUENCE_NUMBER>
<TRANSACTION_ID>
<CUSTOMER_ORDER_IDENTIFIER>
<PROVIDER_ORDER_IDENTIFIER>
<NONCE>
<ACTIVATION_SCHEDULE>
[<INFORMATION_ELEMENT>...]
This message is sent by the CPNP client to request the activation of
an existing service agreement. The message must include the same
CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, and NONCE as
those used when creating the order. The CPNP client may include a
schedule target for activating this order. A new Transaction_ID must
be assigned by the client.
Upon receipt of an ACTIVATE message, the server checks whether an
order, having state "Completed", matches CUSTOMER_ORDER_IDENTIFIER,
PROVIDER_ORDER_IDENTIFIER, and NONCE.
* If no completed order is found, the CPNP server generates a FAIL
error with the appropriate error code (Section 9.2.10).
* If an order is found, the server checks whether it can honor the
request:
- A FAIL message is sent to the client if the server cannot honor
the request (e.g., out of resources or explicit activation
wasn't negotiated with this client).
- An ACK is sent to the client to confirm that the immediate
activation (or deactivation) of the order or its successful
scheduling if a non-null ACTIVATION_SCHEDULE was included in
the request. Note that setting ACTIVATION_SCHEDULE to 0 in an
ACTIVATE request has a special meaning: it is used to request a
deactivation of an accepted order.
Figure 16 illustrates the use of the ACTIVATE operation.
+------+ +------+
|Client| |Server|
+------+ +------+
|================ACTIVATE()==========>|
|<==============ACK()=================|
| |
Figure 16: ACTIVATE Flow Example
10. CPNP Message Validation
Both the client and the server proceed with CPNP message validation.
The following tables summarize the validation checks to be followed.
10.1. On the Client Side
+==============+==================================================+
| Operation | Validation Checks |
+==============+==================================================+
| PROCESSING | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier} must |
| | match an existing PQO with a state set to |
| | "PQOSent". The sequence number carried in the |
| | packet must be larger than the sequence number |
| | maintained by the client. |
+--------------+--------------------------------------------------+
| OFFER | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier} must |
| | match an existing order with state set to |
| | "PQOSent", or {Source IP address, source port |
| | number, destination IP address, destination port |
| | number, Transaction-ID, Customer Order |
| | Identifier, Provider Order Identifier} must |
| | match an existing order with a state set to |
| | "ServerProcessing". The sequence number carried |
| | in the packet must be larger than the sequence |
| | number maintained by the client. |
+--------------+--------------------------------------------------+
| ACK | {Source IP address, source port number, |
| (QUOTATION | destination IP address, destination port number, |
| Transaction) | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier, Offered Connectivity |
| | Provisioning Document} must match an order with |
| | a state set to "AcceptSent". The sequence |
| | number carried in the packet must be larger than |
| | the sequence number maintained by the client. |
+--------------+--------------------------------------------------+
| ACK (UPDATE | {Source IP address, source port number, |
| Transaction) | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier, Updated Connectivity |
| | Provisioning Document} must match an order with |
| | a state set to "AcceptSent". The sequence |
| | number carried in the packet must be larger than |
| | the sequence number maintained by the client. |
+--------------+--------------------------------------------------+
| ACK | {Source IP address, source port number, |
| (WITHDRAW | destination IP address, destination port number, |
| Transaction) | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier, Empty Connectivity |
| | Provisioning Document} must match an order with |
| | a state set to "Cancelled". The sequence number |
| | carried in the packet must be larger than the |
| | sequence number maintained by the client. |
+--------------+--------------------------------------------------+
Table 5: Client Side Validation Checks
10.2. On the Server Side
+============+==================================================+
| Method | Validation Checks |
+============+==================================================+
| QUOTATION | The source IP address passes existing access |
| | filters (if any). The sequence number carried |
| | in the packet must not be lower than the |
| | sequence number maintained by the server. |
+------------+--------------------------------------------------+
| PROCESSING | The sequence number carried in the packet must |
| | be greater than the sequence number maintained |
| | by the server. |
+------------+--------------------------------------------------+
| CANCEL | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier} must |
| | match an order with state set to "PQOReceived" |
| | or "OfferProposed" or "ProcessingReceived" or |
| | "AcceptReceived". The sequence number carried |
| | in the packet must be greater than the sequence |
| | number maintained by the server. |
+------------+--------------------------------------------------+
| ACCEPT | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier, Nonce, Offered |
| | Connectivity Provisioning Document} must match |
| | an order with state set to "OfferProposed" or |
| | "ProcessingReceived". The sequence number |
| | carried in the packet must be greater than the |
| | sequence number maintained by the server. |
+------------+--------------------------------------------------+
| FAIL | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier} must match an order |
| | with state set to "AwaitingProcessing" and for |
| | which a request to grant more time to process an |
| | offer was requested. The sequence number |
| | carried in the packet must be greater than the |
| | sequence number maintained by the server. |
+------------+--------------------------------------------------+
| DECLINE | {Source IP address, source port number, |
| | destination IP address, destination port number, |
| | Transaction-ID, Customer Order Identifier, |
| | Provider Order Identifier, Nonce} must match an |
| | order with state set to "OfferProposed" or |
| | "ProcessingReceived". The sequence number |
| | carried in the packet must be greater than the |
| | sequence number maintained by the server. |
+------------+--------------------------------------------------+
| UPDATE | The source IP address passes existing access |
| | filters (if any), and {Customer Order |
| | Identifier, Provider Order Identifier, Nonce} |
| | must match an existing order with state |
| | "Completed". |
+------------+--------------------------------------------------+
| WITHDRAW | The source IP address passes existing access |
| | filters (if any), and {Customer Order |
| | Identifier, Provider Order Identifier, Nonce} |
| | must match an existing order with state |
| | "Completed". |
+------------+--------------------------------------------------+
| ACTIVATE | The source IP address passes existing access |
| | filters (if any), and {Customer Order |
| | Identifier, Provider Order Identifier, Nonce} |
| | must match an existing order with a state of |
| | "Completed" and its activation procedure set to |
| | explicit. |
+------------+--------------------------------------------------+
Table 6: Server Side Validation Checks
11. Theory of Operation
Both the CPNP client and server proceed with message validation
checks as specified in Section 10.
11.1. Client Behavior
11.1.1. Order Negotiation Cycle
To place a PQO, the client first initiates a local quotation order
object identified by a unique identifier assigned by the client
(Client Order Identifier). The state of the quotation order is set
to "Created". The client then generates a QUOTATION request that
includes the assigned identifier, possibly an expected response time,
a Transaction-ID, and a requested service (e.g., Requested CPD). The
client may include additional Information Elements such as Customer
Description or Negotiation Options.
The client may be configured to not enforce negotiation checks on
EXPECTED_OFFER_TIME; if so, the client should either not include the
EXPECTED_RESPONSE_TIME attribute in the PQO or it should set the
attribute to infinite.
Once the request is sent to the server, the state of the request is
set to "PQOSent", and if a response time is included in the quotation
order, a timer is set to the expiration time as included in the
QUOTATION request. The client also maintains a copy of the CPNP
session entry details used to generate the QUOTATION request. The
CPNP client must listen on the same port number that it used to send
the QUOTATION request.
If no answer is received from the server before the retransmission
timer expires (i.e., RETRANS_TIMER, Section 8.5), the client
retransmits the message until maximum retry is reached (e.g., three
times). The same sequence number is used for retransmitted packets.
If a FAIL message is received, the client may decide to issue another
(corrected) request towards the same server, cancel the local order,
or contact another server. The behavior of the client depends on the
error code returned by the server in the FAIL message.
If a PROCESSING message matching the CPNP session entry (Section 8.3)
is received, the client updates the CPNP session entry with the
PROVIDER_ORDER_IDENTIFIER information. If the client does not accept
the expected offer time that may have been indicated in the
PROCESSING message, the client may decide to cancel the quotation
order. If the client accepts the EXPECTED_OFFER_TIME, it changes the
state of the order to "ServerProcessing" and sets a timer to the
value of EXPECTED_OFFER_TIME. If no offer is made before the timer
expires, the client changes the state of the order to "Cancelled".
As a response to a time extension request (conveyed in a PROCESSING
message that included a new EXPECTED_OFFER_TIME), the client may
either grant this extension by issuing an ACK message or reject the
time extension by issuing a FAIL message with a status code set to
"More Time Rejected".
If an OFFER message matching the CPNP session entry is received, the
client checks if a PROCESSING message having the same
PROVIDER_ORDER_IDENTIFIER has been received from the server. If a
PROCESSING message was already received for the same order, but the
PROVIDER_ORDER_IDENTIFIER does not match the identifier included in
the OFFER message, the client silently ignores the message. If a
PROCESSING message with the same PROVIDER_ORDER_IDENTIFIER was
already received and matches the CPNP transaction identifier, the
client changes the state of the order to "OfferReceived" and sets a
timer to the value of VALIDITY_OFFER_TIME indicated in the OFFER
message.
If an offer is received from the server (i.e., as documented in an
OFFER message), the client may accept or reject the offer. The
client accepts the offer by generating an ACCEPT message that
confirms that the client agrees to subscribe to the offer documented
in the OFFER message; the state of the order is passed to
"AcceptSent". The transaction is terminated if an ACK message is
received from the server. If no ACK is received from the server, the
client proceeds with the retransmission of the ACCEPT message until
the maximum retry is reached (Section 11.4).
The client may also decide to reject the offer by sending a DECLINE
message. The state of the order is set by the client to "Cancelled".
If an offer is not acceptable to the client, the client may decide to
contact a new server or submit another order to the same server.
Guidelines to issue an updated order or terminate the negotiation are
specific to the client.
An order can be activated (or deactivated) using the ACTIVATE message
or other accepted activation means (Section 3.11 of [RFC7297]).
11.1.2. Order Withdrawal Cycle
A client may withdraw a completed order. This is achieved by issuing
a WITHDRAW message. This message must include the Customer Order
Identifier, Provider Order Identifier, and Nonce returned during the
order negotiation cycle, as specified in Section 11.1.1.
If no ACK is received from the server, the client proceeds with the
retransmission of the message. If no ACK is received after the
maximum retry is exhausted, the client should log the information and
must send an alarm to the administrator. If there is no specific
instruction from the administrator, the client should schedule
another Withdrawal cycle. The client must not retry this Withdrawal
cycle more frequently than every 300 seconds and must not retry more
frequently than every 60 seconds.
11.1.3. Order Update Cycle
A client may update a completed order. This is achieved by issuing
an UPDATE message. This message must include the Customer Order
Identifier, Provider Order Identifier, and Nonce returned during the
order negotiation cycle specified in Section 11.1.1. The client must
include in the UPDATE message an Updated CPD with the requested
changes.
The subsequent message exchange is similar to what is documented in
Section 11.1.1.
11.2. Server Behavior
11.2.1. Order Processing
Upon receipt of a QUOTATION message from a client, the server sets a
CPNP session, stores the Transaction-ID, and generates a Provider
Order Identifier. Once preliminary validation checks are completed
(Section 10), the server may return a PROCESSING message to inform
the client that the quotation order is received and it is under
processing; the server may include an expected offer time to notify
the client by when an offer will be proposed. An order with state
"AwaitingProcessing" is created by the server. The server runs its
decision-making process to decide which offer it can make to honor
the received order. The offer should be made before the expected
offer time expires.
If the server cannot make an offer, it sends backs a FAIL message
with the appropriate error code (Section 9.2.10).
If the server requires more negotiation time, it must send a
PROCESSING message with a new EXPECTED_OFFER_TIME. The client may
grant this extension by issuing an ACK message or reject the time
extension by issuing a FAIL message with the status code set to "More
Time Rejected". If the client doesn't grant more time, the server
must answer before the initial expected offer time; otherwise, the
client will decline the quotation order.
If the server can honor the request, or if it can make an offer that
meets only some of the requirements, it creates an OFFER message.
The server must indicate the Transaction-ID, the Customer Order
Identifier as indicated in the QUOTATION message, and the Provider
Order Identifier generated for this order. The server must also
include the Nonce and the offered service document (e.g., Offered
CPD). The server includes an offer validity time as well. Once sent
to the client, the server changes the state of the order to
"OfferProposed", and a timer set to the validity time is initiated.
If the server determines that additional network resources from
another Network Provider are needed to accommodate a quotation order,
it will create child PQO(s) and will behave as a CPNP client to
negotiate child PQO(s) with possible partnering Providers (see
Figure 7).
If no PROCESSING, ACCEPT, or DECLINE message is received before the
expiry of the RETRANS_TIMER, the server resends the same offer to the
client. This procedure is repeated until maximum retry is reached.
If an ACCEPT message is received before the offered validity time
expires, the server proceeds with validation checks as specified in
Section 10. The state of the corresponding order is passed to
"AcceptReceived". The server sends back an ACK message to terminate
the order processing cycle.
If a CANCEL or a DECLINE message is received, the server proceeds
with the cancellation of the order. The state of the order is then
passed to "Cancelled".
11.2.2. Order Withdrawal
A client may withdraw a completed order by issuing a WITHDRAW
message. Upon receipt of a WITHDRAW message, the server proceeds
with the validation checks, as specified in Section 10:
* If the checks fail, a FAIL message is sent back to the client with
the appropriate error code (e.g., 1 (Message Validation Error), 2
(Authentication Required), or 3 (Authorization Failed)).
* If the checks succeed, the server clears the clauses of the CPD,
changes the state of the order to "Cancelled", and sends back an
ACK message with an Empty CPD.
11.2.3. Order Update
A client may update an order by issuing an UPDATE message. Upon
receipt of an UPDATE message, the server proceeds with the validation
checks as specified in Section 10:
* If the checks fail, a FAIL message is sent back to the client with
the appropriate error code (e.g., 1 (Message Validation Error), 2
(Authentication Required), 3 (Authorization Failed), or 6 (Network
Presence Error)).
* The exchange of subsequent messages is similar to what is
specified in Section 11.1.1. The server should generate a new
Nonce value to be included in the offer made to the client.
11.3. Sequence Numbers
In each transaction, sequence numbers are used to protect the
transaction against replay attacks. Each communicating partner of
the transaction maintains two sequence numbers, one for incoming
packets and one for outgoing packets. When a partner receives a
message, it will check whether the sequence number in the message is
larger than the incoming sequence number maintained locally. If not,
the message will be discarded. If the message is proved to be
legitimate, the value of the incoming sequence number maintained
locally will be replaced by the value of the sequence number in the
message. When a partner sends out a message, it will insert the
value of the outgoing sequence number into the message and increase
the outgoing sequence number maintained locally by 1.
11.4. Message Retransmission
If a transaction partner sends out a message and does not receive any
expected reply before the retransmission timer expires (i.e.,
RETRANS_TIMER), a transaction partner will try to retransmit the
message. The procedure is reiterated until a maximum retry is
reached (e.g., three times). An exception is the last message (e.g.,
ACK) sent from the server in a transaction. After sending this
message, the retransmission timer will be disabled since no
additional feedback is expected.
In addition, if the partner receives a retransmission of the last
incoming packet it handled, the partner can resend the same answer to
the incoming packet with a limited frequency. If an answer cannot be
generated right after the request is received, the partner needs to
generate a PROCESSING message as the answer.
To optimize message retransmission, a partner could also store the
last incoming packet and the associated answer. Note that the times
of retransmission could be decided by the local policy, and
retransmission will not cause any change of sequence numbers.
12. Some Operational Guidelines
12.1. CPNP Server Logging
The CPNP server should be configurable to log various events and
associated information. Such information may include the following:
* Client's IP address
* Any event change (e.g., new quotation order, offer sent, order
confirmation, order cancellation, order withdrawal, etc.)
* Timestamp
The exact logging details are deployment specific.
12.2. Business Guidelines and Objectives
The CPNP server can operate in the following modes:
Fully automated mode:
The CPNP server is provisioned with a set of business guidelines
and objectives that will be used as an input to the decision-
making process. The CPNP server will service received orders that
fall into these business guidelines; otherwise, requests will be
escalated to an administrator that will formally validate or
invalidate an order request. The set of policies to be configured
to the CPNP server are specific to each administrative entity
managing a CPNP server.
Administrative-based mode:
This mode assumes some or all of the CPNP server's operations are
subject to a formal administrative validation. CPNP events will
trigger appropriate validation requests that will be forwarded to
the contact person(s) or department that is responsible for
validating the orders. Administrative validation messages are
relayed using another protocol (e.g., SMTP) or a dedicated tool.
Business guidelines are local to each administrative entity. How
validation requests are presented to an administrator are out of
scope of this document; each administrative entity may decide the
appropriate mechanism to enable for that purpose.
13. Security Considerations
Means to defend the server against denial-of-service attacks must be
enabled. For example, access control lists can be enforced on the
client, the server, or the network in between to allow a trusted
client to communicate with a trusted server.
The client and the server must be mutually authenticated.
Authenticated encryption must be used for data confidentiality and
message integrity.
The protocol does not provide security mechanisms to protect the
confidentiality and integrity of the packets transported between the
client and the server. An underlying security protocol such as
(e.g., Datagram Transport Layer Security (DTLS) [RFC6347], Transport
Layer Security (TLS) [RFC8446]) must be used to protect the integrity
and confidentiality of protocol messages. In this case, if it is
possible to provide automated key management (Section 2.1 of
[RFC4107]) and associate each transaction with a different key,
inter-transaction replay attacks can naturally be addressed. If the
client and the server use a single key, an additional mechanism
should be provided to protect against inter-transaction replay
attacks between them. Clients must implement DTLS record replay
detection (Section 3.3 of [RFC6347]) or an equivalent mechanism to
protect against replay attacks.
DTLS and TLS with a cipher suite offering confidentiality protection
and the guidance given in [RFC7525] must be followed to avoid attacks
on (D)TLS.
The client must silently discard CPNP responses received from unknown
CPNP servers. The use of a randomly generated Transaction-ID makes
it hard to forge a response from a server with a spoofed IP address
belonging to a legitimate CPNP server. Furthermore, CPNP demands
that messages from the server must include the correct identifiers of
the orders. Two order identifiers are used: one generated by the
client and a second one generated by the server. Both the CPNP
client and server maintain the local identifier they assigned and the
one assigned by the peer for a given order. Means to detect swapping
of these identifiers (even when such swapping occurs inadvertently at
the client or the server) should be enabled by CPNP clients/servers.
For example, the CPNP server should not assign a Provider agreement
identifier that is equal to a Customer agreement identifier used by
the CPNP client.
The Provider must enforce the means to protect privacy-related
information included in the documents (see Section 8.7) exchanged in
CPNP messages [RFC6462]. In particular, this information must not be
revealed to external parties without the consent of Customers.
Providers should enforce policies to make Customer fingerprinting
difficult to achieve (e.g., in a recursion request). For more
discussion about privacy, refer to [RFC6462] [RFC6973].
The Nonce and the Transaction-ID attributes provide sufficient
randomness and can effectively tolerate attacks raised by off-path
adversaries, who do not have the capability of eavesdropping and
intercepting the packets transported between the client and the
server. Only authorized clients must be able to modify accepted CPNP
orders. The use of a randomly generated Nonce by the server makes it
hard to modify an agreement on behalf of a malicious third party.
14. IANA Considerations
This document has no IANA actions.
15. References
15.1. Normative References
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
<https://www.rfc-editor.org/info/rfc3339>.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005,
<https://www.rfc-editor.org/info/rfc4086>.
[RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax
Used to Form Encoding Rules in Various Routing Protocol
Specifications", RFC 5511, DOI 10.17487/RFC5511, April
2009, <https://www.rfc-editor.org/info/rfc5511>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC7297] Boucadair, M., Jacquenet, C., and N. Wang, "IP
Connectivity Provisioning Profile (CPP)", RFC 7297,
DOI 10.17487/RFC7297, July 2014,
<https://www.rfc-editor.org/info/rfc7297>.
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
2015, <https://www.rfc-editor.org/info/rfc7525>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
15.2. Informative References
[AGAVE] Boucadair, M., Georgatsos, P., Wang, N., Griffin, D.,
Pavlou, G., Howarth, M., and A. Elizondo, "The AGAVE
Approach for Network Virtualization: Differentiated
Services Delivery", Annals of Telecommunication, Volume
64, 277-288, DOI 10.1007/s12243-009-0103-4, April 2009,
<https://rd.springer.com/article/10.1007/
s12243-009-0103-4>.
[COPS-SLS] Nguyen, T., "COPS Usage for SLS negotiation (COPS-SLS)",
Work in Progress, Internet-Draft, draft-nguyen-rap-cops-
sls-03, 5 July 2002, <https://tools.ietf.org/html/draft-
nguyen-rap-cops-sls-03>.
[DSNP] Chen, J., "Dynamic Service Negotiation Protocol (DSNP)",
Work in Progress, Internet-Draft, draft-itsumo-dsnp-03, 2
March 2006,
<https://tools.ietf.org/html/draft-itsumo-dsnp-03>.
[ETICS] EU FP7 ETICS Project, "Economics and Technologies of
Inter-Carrier Services", January 2014,
<https://cordis.europa.eu/project/id/248567>.
[L2VPN-NETWORK-YANG]
Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
Jalil, L., and J. Ma, "A Layer 2 VPN Network YANG Model",
Work in Progress, Internet-Draft, draft-ietf-opsawg-l2nm-
00, 2 July 2020,
<https://tools.ietf.org/html/draft-ietf-opsawg-l2nm-00>.
[L3VPN-NETWORK-YANG]
Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
and A. Aguado, "A Layer 3 VPN Network YANG Model", Work in
Progress, Internet-Draft, draft-ietf-opsawg-l3sm-l3nm-05,
16 October 2020, <https://tools.ietf.org/html/draft-ietf-
opsawg-l3sm-l3nm-05>.
[LISP-MS-DISCOVERY]
Boucadair, M. and C. Jacquenet, "LISP Mapping Service
Discovery at Large", Work in Progress, Internet-Draft,
draft-boucadair-lisp-idr-ms-discovery-01, 9 March 2016,
<https://tools.ietf.org/html/draft-boucadair-lisp-idr-ms-
discovery-01>.
[NETSLICES-ARCH]
Geng, L., Dong, J., Bryant, S., Makhijani, K., Galis, A.,
Foy, X. D., and S. Kuklinski, "Network Slicing
Architecture", Work in Progress, Internet-Draft, draft-
geng-netslices-architecture-02, 3 July 2017,
<https://tools.ietf.org/html/draft-geng-netslices-
architecture-02>.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
DOI 10.17487/RFC2782, February 2000,
<https://www.rfc-editor.org/info/rfc2782>.
[RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie,
K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A.
Smith, "COPS Usage for Policy Provisioning (COPS-PR)",
RFC 3084, DOI 10.17487/RFC3084, March 2001,
<https://www.rfc-editor.org/info/rfc3084>.
[RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned Virtual
Private Network (VPN) Terminology", RFC 4026,
DOI 10.17487/RFC4026, March 2005,
<https://www.rfc-editor.org/info/rfc4026>.
[RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic
Key Management", BCP 107, RFC 4107, DOI 10.17487/RFC4107,
June 2005, <https://www.rfc-editor.org/info/rfc4107>.
[RFC4176] El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K.,
and A. Gonguet, "Framework for Layer 3 Virtual Private
Networks (L3VPN) Operations and Management", RFC 4176,
DOI 10.17487/RFC4176, October 2005,
<https://www.rfc-editor.org/info/rfc4176>.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March
2011, <https://www.rfc-editor.org/info/rfc6125>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6462] Cooper, A., "Report from the Internet Privacy Workshop",
RFC 6462, DOI 10.17487/RFC6462, January 2012,
<https://www.rfc-editor.org/info/rfc6462>.
[RFC6574] Tschofenig, H. and J. Arkko, "Report from the Smart Object
Workshop", RFC 6574, DOI 10.17487/RFC6574, April 2012,
<https://www.rfc-editor.org/info/rfc6574>.
[RFC6770] Bertrand, G., Ed., Stephan, E., Burbridge, T., Eardley,
P., Ma, K., and G. Watson, "Use Cases for Content Delivery
Network Interconnection", RFC 6770, DOI 10.17487/RFC6770,
November 2012, <https://www.rfc-editor.org/info/rfc6770>.
[RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet
Autonomous System (AS) Number Space", RFC 6793,
DOI 10.17487/RFC6793, December 2012,
<https://www.rfc-editor.org/info/rfc6793>.
[RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
Locator/ID Separation Protocol (LISP)", RFC 6830,
DOI 10.17487/RFC6830, January 2013,
<https://www.rfc-editor.org/info/rfc6830>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973,
DOI 10.17487/RFC6973, July 2013,
<https://www.rfc-editor.org/info/rfc6973>.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <https://www.rfc-editor.org/info/rfc7049>.
[RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined
Networking: A Perspective from within a Service Provider
Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014,
<https://www.rfc-editor.org/info/rfc7149>.
[RFC7215] Jakab, L., Cabellos-Aparicio, A., Coras, F., Domingo-
Pascual, J., and D. Lewis, "Locator/Identifier Separation
Protocol (LISP) Network Element Deployment
Considerations", RFC 7215, DOI 10.17487/RFC7215, April
2014, <https://www.rfc-editor.org/info/rfc7215>.
[RFC7491] King, D. and A. Farrel, "A PCE-Based Architecture for
Application-Based Network Operations", RFC 7491,
DOI 10.17487/RFC7491, March 2015,
<https://www.rfc-editor.org/info/rfc7491>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/info/rfc8259>.
[RFC8299] Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki,
"YANG Data Model for L3VPN Service Delivery", RFC 8299,
DOI 10.17487/RFC8299, January 2018,
<https://www.rfc-editor.org/info/rfc8299>.
[RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models
Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018,
<https://www.rfc-editor.org/info/rfc8309>.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>.
[RFC8466] Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG
Data Model for Layer 2 Virtual Private Network (L2VPN)
Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October
2018, <https://www.rfc-editor.org/info/rfc8466>.
[RFC8597] Contreras, LM., Bernardos, CJ., Lopez, D., Boucadair, M.,
and P. Iovanna, "Cooperating Layered Architecture for
Software-Defined Networking (CLAS)", RFC 8597,
DOI 10.17487/RFC8597, May 2019,
<https://www.rfc-editor.org/info/rfc8597>.
[RNAP] Wang, X., "A Resource Negotiation and Pricing Protocol
(RNAP)",
<http://www.cs.columbia.edu/~xinwang/public/projects/
protocol.html>.
[SNAP] Czajkowski, K., Foster, I., Kesselman, C., Sander, V., and
S. Tuecke, "SNAP: A Protocol for Negotiating Service Level
Agreements and Coordinating Resource Management in
Distributed Systems", DOI 10.1.1.19.5907, 2002,
<http://citeseerx.ist.psu.edu/viewdoc/
summary?doi=10.1.1.19.5907>.
[SrNP] Georgatsos, P. and G. Giannakopoulos, "Service Negotiation
Protocol (SrNP)", <https://www.ist-
tequila.org/presentations/srnp-pipcm.pdf>.
[TEAS-SLICE-NBI]
Contreras, L. M., Homma, S., and J. A. Ordonez-Lucena,
"Considerations for defining a Transport Slice NBI", Work
in Progress, Internet-Draft, draft-contreras-teas-slice-
nbi-02, 13 July 2020, <https://tools.ietf.org/html/draft-
contreras-teas-slice-nbi-02>.
Acknowledgements
Thanks to Diego R. Lopez, Adrian Farrel, Éric Vyncke, Eric Kline, and
Benjamin Kaduk for the comments.
Thanks to those that reviewed this document for publication in the
Independent Stream.
Special thanks to Luis Miguel Contreras Murillo for the detailed
review.
Authors' Addresses
Mohamed Boucadair (editor)
Orange
35000 Rennes
France
Email: mohamed.boucadair@orange.com
Christian Jacquenet
Orange
35000 Rennes
France
Email: christian.jacquenet@orange.com
Dacheng Zhang
Huawei Technologies
Email: dacheng.zhang@huawei.com
Panos Georgatsos
Centre for Research and Innovation Hellas
78, Filikis Etairias str.
38334 Volos
Greece