Department of Computer Science and Engineering

Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea +82 31 299 4957 +82 31 290 7996 pauljeong@skku.edu http://iotlab.skku.edu/people-jaehoon-jeong.php

Department of Computer Science and Engineering

Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea +82 31 299 4106 chrisshen@skku.edu https://chrisshen.github.io

Department of Computer Science and Engineering

Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea +82 31 299 4106 ahnjs124@skku.edu http://iotlab.skku.edu/people-Ahn-Yoseop.php

School of Electronic Engineering

Soongsil University 369, Sangdo-ro, Dongjak-gu Seoul 06978 Republic of Korea younghak@ssu.ac.kr

Department of Computer Science and Engineering

Federal University of Parana Brazil elias@inf.ufpr.br

Operations and Management Area Operations and Management Area Working Group Internet-Draft This document specifies a framework for Interface to In-Network Functions (I2INF) for a user's services involved in both networks and applications. In-Network Functions (INF) include In-Network Computing Functions (INCF) in Network Functions Virtualization (NFV) and Software-Defined Networking (SDN). They also include In-Network Application Functions (INAF) in Internet-of-Things (IoT) Devices, Software-Defined Vehicles (SDV), and Unmanned Aerial Vehicles (UAV). This document describes an I2INF framework with its components and interfaces to configure and monitor the INFs for the user's services.

Network softwarization is widely deployed for network services in network infrastructure (e.g., 5G mobile networks ), clouding computing, and edge computing. The network softwarization is realized by the technologies of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) . Also, Intent-Based Networking (IBN) can be used for intelligent network services as well as intelligent application services. As per definitions of Computing in the Network (COIN), a Programmable Network Device (PND) in an In-Network Computing (INC) environment can have multiple kinds of capabilities (i.e., features) to work with other PNDs. PNDs from different product lines or vendors can have different capabilities for INC functions. When working togther for a COIN system, the PDNs may be unaware of capabilities of others. Therefore, it is necessary to define a standard interface for PNDs to exchange their capabilities. For the configuration and monitoring of Application Functions (AFs) for applications and Network Functions (NFs) for network services for a given user's service, a standard framework with interfaces is required. There is no standard data model to describe the capabilities of AFs and NFs for a user-demanded service. Also, there is no standard data model for a registration interface that is used to register the capabilities of those AFs and NFs with a controller for the requested service. In addition, there are no standard interfaces to configure and monitor those AFs and NFs according to a user's intent. Interface to Network Security Functions (I2NSF) was standardized for the control and management of Network Security Services with Network Security Functions (NSFs) . This document is based on the work of I2NSF for a more general control and management framework for intelligent services consisting of AFs and NFs. This document specifies a framework for Interface to In-Network Functions (I2INF) for In-Network Functions (INFs) having different capabilities. The INFs consist of Network Functions (NFs) including PNDs and Application Functions (AFs) in order to compose a user's services. First of all, INFs include In-Network Computing Functions (INCF) as NFs within NFV and SDN . Secondly, they also include In-Network Application Functions (INAF) as AFs within Internet-of-Things (IoT) Devices, Software-Defined Vehicles (SDV) , and Unmanned Aerial Vehicles (UAV). Finally, this document shows how Intent-Based Networking (IBN) can be realized with the proposed I2INF framework and its interfaces for a user's services consisting of a combination of INFs in a target network.

This document uses the terminology described in , , , , , , and . In addition, the following terms are defined below: Intent: A set of operational goals (that a network should meet) and outcomes (that a network is supposed to deliver) defined in a declarative manner without specifying how to achieve or implement them . Intent-Based System (IBS): A system that enforces an intent from a user (or administrator) into a target system (e.g., SDV). An intent can be expressed as a Natural Language (e.g., English) and can be translated into a policy (i.e., network policy and application policy) by a Natural Language Processing (NLP) . In this document, the intent can be translated into the corresponding high policy by an intent translator . The high-level policy can also be translated into the corresponding low-level policy by a policy translator . The low-level policy is dispatched to appropriate Service Functions (SFs). Through the monitoring of the SFs, the activity and performance of the SFs is monitored and analyzed. If needed, the rules of the high-level or low-level network policy are augmented or new rules are generated and configured to appropriate SFs. Mobile Object (MO): An object that is capable of moving by its power source with wireless communication capability such as 5G Vehicle-to-Everything (e.g., 5G V2X). It can be an Internet-of-Things (IoT) device, Software-Defined Vehicle (SDV) , and Unmanned Aerial Vehicle (UAV). An MO is a Programmable Network Device (PND) that can be reconfigured for different network requirements inside the MO. In-Network Computing Functions (INCF): The service functions that work for computing in the network infrastructure. They are a group of COIN programs to provide required computing tasks and functions. In-Network Application Functions (INAF): The service functions that work for applications in Mobile Objects. They are a group of COIN programs to provide required application tasks and functions. Interface to In-Network Functions (I2INF): Interfaces that are used between a pair of INFs for the interaction for configuration and monitoring. A Framework for Interface to In-Network Functions (I2INF): a framework that consists of components and interfaces to configure and monitor INFs for various services in the network infrastructure and MOs.

This section specifies a framework for Interface to In-Network Functions (I2INF) with its components and interfaces among the components. shows Wireless and Wired Networks in a Central Cloud for the I2INF framework having network entities and Mobile Objects (MO). On the other hand, shows a VNF-Consensus Architecture in an Edge Cloud for the I2INF framework to synchonize the SDN Controllers for flow table information in the same Edge Cloud .

| IP-RSU2 |<------->| IP-RSU3 | +---------+ +---------+ +---------+ ^ ^ ^ : : : +-----------------+ +-----------------+ +-----------------+ | : V2I | | : V2I | | : V2I | | v | | v | | v | +--------+ | +--------+ | | +--------+ | | +--------+ | | MO1 |===> | MO2 |===>| | | MO3 |===>| | | MO4 |===>| +--------+<...>+--------+<........>+--------+ | | +--------+ | V2V ^ V2V ^ | | ^ | | : V2V | | : V2V | | : V2V | | v | | v | | v | | +--------+ | | +--------+ | | +--------+ | | | MO5 |===> | | | MO6 |===>| | | MO7 |==>| | +--------+ | | +--------+ | | +--------+ | +-----------------+ +-----------------+ +-----------------+ Subnet1 Subnet2 Subnet3 (Prefix1) (Prefix2) (Prefix3) <----> Wired Link <....> Wireless Link ===> Moving Direction ]]>

| Edge Controller |<->*<->* |Controller| * * +-------^-------+ +--------^--------+ * * +----------+ * * | | * * * * v V * * * ****************************************** ********** ^ ^ ^ | | | V V V +---------------+ +---------------+ +---------------+ |SDN-Controller1| |SDN-Controller2| |SDN-Controller3| +---------------+ +---------------+ +---------------+ ^ ^ ^ | | | V V V +---------------+ +---------------+ +---------------+ | +-----+ | | +-----+ | | +-----+ | | | SW1 | | | | SW3 | | | | SW5 | | | +---^-+ | | +---^-+ | | +---^-+ | | | | | | | | | | | +-V---+ | | +-V---+ | | +-V---+ | | | SW2 | | | | SW4 | | | | SW6 | | | +-----+ | | +-----+ | | +-----+ | +---------------+ +---------------+ +---------------+ SDN-Network1 SDN-Network2 SDN-Network3 (Subnet1) (Prefix2) (Prefix3) <----> Wired Link ]]>

For the automatic network configuration of MOs, an intent-based management is required between the central cloud and MOs . shows an I2INF framework as an IBS for an MO. The framework consists of a Central Cloud and an MO. shows an I2INF framework as an IBS for an Edge Cloud. The framework consists of a Central Cloud and an Edge Cloud.

+---------------------------------------------------------------------+ | +------------------+ +--------------------+ | | | I2INF User | +---------->| I2INF Database | | | +------------------+ | +--------------------+ | | ^ | ^ | | | | Database | Database | | | | Interface | Interface | | | Consumer-Facing | V | | | Interface (Intent) | +--------------------+ | | | | +-------->| Cloud Analyzer |<-+ | | | | | +--------------------+ | | | V | |Analytics | | | +------------------+<---------+ |Interface | | | | Cloud Controller |<-----------+ +--------------------+ | | | +------------------+<-------------------->|Vendor's Mgmt System| | | | ^ Registration Interface +--------------------+ | | | | ^ | | +----------|------------------------------------------|-------------|-+ | Controller-Facing Interface VMS-Facing | Analyzer- | | (High-level Policy) Interface | Facing | | | Interface | +----------|------------------------------------------|-------------|-+ | | | | | | v v | | | +------------------+ Registration +--------------------+ | | | | MO Controller |<-------------------->| MO Vendor's | | | | +------------------+ Interface | Mgmt System | | | | ^ ^ +--------------------+ | | | | | | | | | | | | | | | Analytics Interface +--------------------+ | | | | +------------------------>| MO Analyzer |<-+ | | | +--------------------+ | | | SF-Facing Interface ^ | | | (Low-level Policy) | | | | | | | | | | | | +--------------+----------------------+---+ | | | | | Monitoring Interface | | | v v v v | | +---------------+ +---------------+ +---------------+ | | | SF-1 | | SF-2 |........| SF-n | | | | (Router) | | (Firewall) | | (Navigator) | | | +---------------+ +---------------+ +---------------+ | +---------------------------------------------------------------------+ ]]>

+---------------------------------------------------------------------+ | +------------------+ +--------------------+ | | | I2INF User | +---------->| I2INF Database | | | +------------------+ | +--------------------+ | | ^ | ^ | | | | Database | Database | | | | Interface | Interface | | | Consumer-Facing | V | | | Interface (Intent) | +--------------------+ | | | | +-------->| Cloud Analyzer |<-+ | | | | | +--------------------+ | | | V | |Analytics | | | +------------------+<---------+ |Interface | | | | Cloud Controller |<-----------+ +--------------------+ | | | +------------------+<-------------------->|Vendor's Mgmt System| | | | ^ Registration Interface +--------------------+ | | | | ^ | | +----------|------------------------------------------|-------------|-+ | Controller-Facing Interface VMS-Facing | Analyzer- | | (High-level Policy) Interface | Facing | | | Interface | +----------|------------------------------------------|-------------|-+ | | | | | | v v | | | +------------------+ Registration +--------------------+ | | | | Edge Controller |<-------------------->| Edge Vendor's | | | | +------------------+ Interface | Mgmt System | | | | ^ ^ +--------------------+ | | | | | | | | | | | | | | | Analytics Interface +--------------------+ | | | | +------------------------>| Edge Analyzer |<-+ | | | +--------------------+ | | | SF-Facing Interface ^ | | | (Low-level Policy) | | | | | | | | | | | | +--------------+----------------------+---+ | | | | | Monitoring Interface | | | v v v v | | +---------------+ +----------------------+ +---------------+ | | | SF-1 | | SF-2 |...| SF-n | | | |(VNF-Consensus)| |(NFV-Failure-Detector)| | (NFV-RBCast) | | | +---------------+ +----------------------+ +---------------+ | +---------------------------------------------------------------------+ ]]>

A Central Cloud (CC) consists of I2INF User (as network administrator), Cloud Controller (as an orchestrator for a central cloud), I2INF Database (as a main repository for INF management and monitoring), and Cloud Analyzer (as a monitoring data analyzer for MOs and ECs) such as Network Data Analytics Function (NWDAF) in 5G networks . I2INF User: It is the software (e.g., web-browser-based user interface) used by I2INF administrators to deliver network intents to MO controllers and edge controlller. In the 3GPP intent-driven management service document, it is assumed that a network intent is configured by an intent data model . Cloud Controller: It is a component that controls and manages other system components of the central cloud. From a security point of view, a security service policy can be transmitted to the service function (SF) by converting the I2INF User's security service intent into the corresponding security service policy and selecting an SF that provides an appropriate security service. Cloud Vendor's Management System: It is a component that provides images of virtualized SFs for cloud services and registers the SFs and access information with Cloud Controller. Cloud Analyzer: It gathers and evaluates monitoring data from MO Analyzers and Edge Analyzers to ensure the functionality and performance of SFs, e.g., the network data analytics function (NWDAF) in 5G networks. I2INF Database: It is a database for managing MOs and ECs, including network and security configuration and status of MOs and ECs. For example, for MOs, it maintains the current locations and navigation paths of MOs (e.g., SDVs). For ECs, it maintains the network configuration and status of AFs and NFs within the edge cloud. An IBS in an MO (or EC) is composed of MO Controller (or Edge Controller) as a manager for the MO (or EC), MO Analyzer (or Edge Analyzer) as a monitoring data analyzer for an MO (or EC)) , Vendor's Management System (as a vendor system to provide cloud-native containers) , and Service Functions (SFs). As SFs for the MO, NFs include router, DNS server, and firewall ), and AFs include safe driver and navigator. As SFs for the EC, NFs include VNF-Consensus, NFV-Failure-Detector, and NFV-RBCast (i.e., NFV Reliable-Ordered Broadcast) ). The functions of each component is described as follows. MO Controller: It is a component that controls and manages other components of the MO framework (or EC framework). It translates the high-level policy received from the Cloud Controller into a low-level policy that the SF can understand. An SF to perform this low-level service policy is selected, and the policy is transmitted to the SF. MO Vendor's Management System (or Edge Vendor's Management System): It is a component that provides an image of a virtualized SF for MO services (or EC services) to the MO framework (or EC framework) and registers the function and access information of the SF with MO Controller (or Edge Controller). Service Function (SF): It is a component that refers to a virtual network function (VNF), cloud native network function (CNF), or physical network function (PNF) for a specific service. For security services, it provides security services such as firewalls, web filters, DDoS attack mitigators, and anti-viruses. In addition, networks and application services can also operate as SFs. MO Analyzer (or Edge Analyzer): It is a component that collects monitoring data from SFs of MOs (or ECs) and analyzes these data to confirm the activity and performance of SFs. MO Analyzer (or Edge Analyzer) acts as NWDAF in a 5G network. If there are problems (e.g., security attacks, traffic congestion, QoS degradation) in the MO's internal network (or EC's internet network), MO Analyzer (or Edge Analyzer) delivers either policy reconfiguration or feedback information to MO Controller (or Edge Controller) for security and network troubleshooting.

Together with the designed I2INF framework, in and , interfaces are also defined between a pair of system components in the central cloud and MO (or EC), respectively. These interfaces include Consumer-Facing Interface: It is an interface between I2INF User and Cloud Controller for conveying intents. Controller-Facing Interface: It is an interface between Cloud Controller and MO Controller (or Edge Controller) for high-level policy delivery with translated intents. SF-Facing Interface: It is an interface between MO Controller (or Edge Controller) and SF for the delivery of a translated lower-level policy. Registration Interface: It is an interface used to transfer SF capabilities and access information for registration to either Cloud Controller or MO Controller (or Edge Controller), or deliver SF queries for searching the requested SFs. For an MO, this interface can be an interface between Cloud Controller and Cloud Vendor's Management System (Cloud VMS), or between MO Controller and MO Vendor's Management System (MO VMS). Also, for an EC, this interface can be an interface between Cloud Controller and Cloud Vendor's Management System (Cloud VMS), or between Edge Controller and Edge Vendor's Management System (Edge VMS). Monitoring Interface: It is an interface between the SF and the MO Analyzer (or Edge Analyzer) used to collect the SF's monitoring data to identify SF-related security, system, and network issues. Analytics Interface: It is an interface for delivering policy reconfiguration or feedback as a result of analyzing SF monitoring data. For an MO, this interface is an interface between MO Analyzer and MO Controller, or between Cloud Analyzer and Cloud Controller. Also, for an EC, this interface is an interface between Edge Analyzer and Edge Controller, or between Cloud Analyzer and Cloud Controller. Analyzer-Facing Interface: It is an interface between MO Analyzer (or Edge Analyzer) and Cloud Analyzer for the exchange of security, network, and system-related analysis of SFs. VMS-Facing Interface: It is an interface between Cloud VMS and MO VMS (or Edge VMS) to exchange SF container images with SF feature information. Database Interface: It is an interface for exchanging data in an I2INF database. It is an interface between I2INF Database and Cloud Controller, or between I2INF Database and Cloud Analyzer. The intent, high-level policy, and low-level policy can be either XML documents or YAML documents . They can be delivered to the destination components via NETCONF , RESTCONF , or REST API . As shown in and , the I2INF Framework enforces an intent from an I2INF User, which as a user (or administrator), into a target system such as an MO (e.g., SDV) and an Edge Cloud. The intent from the I2INF User can be translated into the corresponding high-level policy by an intent translator in the Cloud Controller of the Central Cloud . The high-level policy can also be translated into the corresponding low-level policy by a policy translator in the MO Controller of the MO or the Edge Controller of the Edge Cloud . For the MO, as shown in , the low-level policy is dispatched from the MO Controller to appropriate Service Functions (SFs) in the MO, such as Router, Firewall, and Navigator. Also, for the EC, as shown in , the low-level policy is dispatched from the Edge Controller to appropriate Service Functions (SFs) in the EC, such as VNF-Consensus, NFV-Failure-Detector, and NFV-RBCast. Through the monitoring of the SFs, the activity and performance of the SFs in the MO (or EC) is monitored and analyzed by the MO Analyzer (or Edge Analyzer) in the MO (or EC). If needed, the rules of the high-level or low-level network policy can be augmented by the MO Analyzer (or Edge Analyzer). Also, new rules can be automatically generated and configured to appropriate SFs by the MO Analyzer (or Edge Analyzer). Therefore, this document proposes an I2INF framework as an IBS for both MOs and ECs. Through this IBS, the SFs (i.e., NFs and AFs) in the MOs and ECs can be better configured and managed. Base on the proposed framework, both virtualized NFs and AFs can be efficiently orchestrated for agile resource re-configurations and flexible updates.

This document does not require any IANA actions.

The same security considerations for the Interface to Network Security Functions (I2NSF) Framework are applicable to the Intent-Based System this document.

This work was supported by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea Ministry of Science and ICT (MSIT) (No. RS-2024-00398199). This work was supported in part by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea Ministry of Science and ICT (MSIT) (No. 2022-0-01015, Development of Candidate Element Technology for Intelligent 6G Mobile Core Network).

This document is made by the group effort of OPWAWG, greatly benefiting from inputs and texts by (Futurewei), (Daejeon University), and (Dong-Eui University). The authors sincerely appreciate their contributions. The following are coauthors of this document: Department of Computer Science & Engineering

Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea +82 31 299 4106 rna0415@skku.edu http://iotlab.skku.edu/people-Moses-Gu.php

Department of Computer Science & Engineering

Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419 Republic of Korea +82 31 299 4106 hongju2024@skku.edu http://iotlab.skku.edu/people-Joo-Won-Hong.php