A Multiplane Architecture Proposal for the Quantum Internet
draft-irtf-qirg-qi-multiplane-arch-02
This document is an Internet-Draft (I-D) that has been submitted to the Internet Research Task Force (IRTF) stream.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (qirg RG) | |
|---|---|---|---|
| Authors | Diego Lopez , Vicente Martin , Blanca Lopez , Luis M. Contreras , Chathura Sarathchandra | ||
| Last updated | 2026-07-03 | ||
| Replaces | draft-lopez-qirg-qi-multiplane-arch | ||
| RFC stream | Internet Research Task Force (IRTF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | IRTF state | (None) | |
| Consensus boilerplate | Unknown | ||
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-irtf-qirg-qi-multiplane-arch-02
Quantum Internet Research Group D. Lopez
Internet-Draft Telefonica
Intended status: Informational V. Martin
Expires: 4 January 2027 UPM
B. Lopez
IMDEA Networks
L. M. Contreras
Telefonica
C. Sarathchandra
InterDigital
3 July 2026
A Multiplane Architecture Proposal for the Quantum Internet
draft-irtf-qirg-qi-multiplane-arch-02
Abstract
A consistent reference architecture model for the Quantum Internet is
required to progress in its evolution, providing a framework for the
integration of the protocols applicable to it, and enabling the
advance of the applications based on it. This model has to satisfy
three essential requirements: agility, so it is able to adapt to the
evolution of quantum communications base technologies,
sustainability, with open availability in technological and
economical terms, and pliability, being able to integrate with the
operations and management procedures in current networks. This
document proposes such an architecture framework, with the goal of
providing a conceptual common framework for the integration of
technologies intended to build the Quantum Internet infrastructure
and its integration with the current Internet. The framework is
based on the already extensive experience in the deployment of QKD
network infrastructures and on related initiatives focused on the
integration of network infrastructures and services.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://dr2lopez.github.io/qi-multiplane-arch/draft-irtf-qirg-qi-
multiplane-arch.html. Status information for this document may be
found at https://datatracker.ietf.org/doc/draft-irtf-qirg-qi-
multiplane-arch/.
Lopez, et al. Expires 4 January 2027 [Page 1]
Internet-Draft qi-multiplane-arch July 2026
Discussion of this document takes place on the Quantum Internet
Research Group Research Group mailing list (mailto:qirg@irtf.org),
which is archived at https://mailarchive.ietf.org/arch/browse/qirg/.
Subscribe at https://www.ietf.org/mailman/listinfo/qirg/.
Source for this draft and an issue tracker can be found at
https://github.com/dr2lopez/qi-multiplane-arch.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 4 January 2027.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 5
3. Base Technologies: Evolved SDN Concepts and Network
Virtualization . . . . . . . . . . . . . . . . . . . . . 5
4. Applying Base Technologies: The QKD Experience . . . . . . . 7
4.1. A QKD Multi-Plane Architecture . . . . . . . . . . . . . 7
4.2. Applying SDN and Network Virtualization Principles . . . 9
5. A Framework Architecture for the Quantum Internet . . . . . . 11
5.1. CLAS and Quantum Networks . . . . . . . . . . . . . . . . 11
5.2. Strata for Quantum Networks . . . . . . . . . . . . . . . 12
Lopez, et al. Expires 4 January 2027 [Page 2]
Internet-Draft qi-multiplane-arch July 2026
5.3. The Service Unit Concept . . . . . . . . . . . . . . . . 16
5.3.1. Applying Service Units in QKD Networks . . . . . . . 16
5.3.2. Generalizing Service Units . . . . . . . . . . . . . 17
5.3.3. Scoped Handles for Service Units (QUI) . . . . . . . 20
5.3.4. Quantum QoS Parameters . . . . . . . . . . . . . . . 21
5.3.5. Classical Ancillary Functions . . . . . . . . . . . . 23
5.4. An Example Service-Unit Establishment Procedure . . . . . 23
6. Identification of Interfaces and Protocols . . . . . . . . . 25
6.1. Mapping Current Proposals . . . . . . . . . . . . . . . . 27
6.1.1. Quantum Physical Foundations and Repeater
Technology . . . . . . . . . . . . . . . . . . . . . 27
6.1.2. Network Architecture and Protocols . . . . . . . . . 30
6.1.3. Service Abstractions and Application Frameworks . . . 31
6.1.4. Security . . . . . . . . . . . . . . . . . . . . . . 32
6.2. The Role of Synthetic Environments . . . . . . . . . . . 32
7. Related Standardization and Industry Work . . . . . . . . . . 35
7.1. ITU-T . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7.2. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.3. ISO/IEC . . . . . . . . . . . . . . . . . . . . . . . . . 37
7.4. Industry and Consortia . . . . . . . . . . . . . . . . . 37
8. Security Considerations . . . . . . . . . . . . . . . . . . . 38
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 38
9.1. Normative References . . . . . . . . . . . . . . . . . . 38
9.2. Informative References . . . . . . . . . . . . . . . . . 39
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44
1. Introduction
As another case of the "classical vs quantum" apparent
contradictions, the nature of quantum communications [QTTI21],
associated with natural physical effects that require a specific
infrastructure to be used for communications, poses a significant
challenge in the definition of any network reference architecture to
be used for such communications. Furthermore, given that a quantum
network necessarily depends on some classical communications and
protocols to function fully, we need this reference network
architecture to also incorporate these classical elements. We should
not think of two separate environments, but rather a unified one
where the classical and quantum parts interoperate as seamlessly as
possible. The growing interest in quantum networking, its
applications, and the eventual availability of a Quantum Internet,
require of consensus on an architecture framework able to support the
definition and evolution of different protocols and interfaces.
Several steps have been taken in this direction, including the
identification of architectural principles and base technologies made
in {RFC9340}}, the description of relevant use cases [RFC9583], and
Lopez, et al. Expires 4 January 2027 [Page 3]
Internet-Draft qi-multiplane-arch July 2026
specific approaches to layered models for Quantum Networking,
summarized and discussed in [QIPS22]. While the principles provide
an extremely valuable common ground for further collaboration among
quantum and network practitioners, they are not intended to provide
the solid framework required for progressing in the definition of
specific protocols and other interfaces for common network management
tasks and interactions with user applications. On the other hand,
the proposals made for a layered approach provide interesting
insights on requirements and potential mechanisms to structure
quantum communications, but, first, they do not include essential
aspects for a network at scale and, second and most important, they
do not take into account the need for direct interactions beyond the
layered structure, such as those between classical and quantum
networking services, between applications and the quantum network,
etc.
In parallel, the operational experience with the first kind of
infrastructures using quantum communication technologies to provide
an actual network service, those focused on Quantum Key Distribution
(QKD), has allowed practitioners to explore the solution space and
identify design patterns that can serve as concrete examples within
the general case of a Quantum Internet. A corpus of architectural
proposals [ITUY3802], experimental deployments [MADQCI23] and pilot
infrastructures [EUROQCI] have become available in the recent years,
and can be used to derive useful conclusions, especially if combined
with recent proposals in network architecture [RFC8597], intended to
address the complexity of management and integration at scale beyond
the basic layered constructs supporting connectivity.
This document is intentionally a framework document: it does not
prescribe a single protocol stack or a fixed layering. Instead, it
provides a set of architectural anchors that allow new proposals to
be positioned, compared, and discussed consistently. The document
proposes a multi-plane reference architecture for the Quantum
Internet, derived from available proposals and operational
experience. The proposal attempts to define a framework with three
essential properties to guarantee a seamless evolution of the
technology, and the consolidation of applications and management
practices:
* Agility: Provide abstractions able to incorporate new protocols
and interfaces as the technology evolves, avoiding a tight
coupling with specific physical technologies.
* Sustainability: Considering it at all levels and in full scale,
especially regarding environmental and social impacts, including
open availability in technological and economical terms, and
fostering infrastructure reuse.
Lopez, et al. Expires 4 January 2027 [Page 4]
Internet-Draft qi-multiplane-arch July 2026
* Pliability: Facilitate the seamless integration of classical and
quantum network operational procedures, applying and adapting best
practices in use by the Internet community.
And trying to address three essential characteristics already
identified in [PSQN22]:
* Universality, so a quantum network can accommodate any
application.
* Transparency, so quantum network deployments allow the coexistence
[QCE24] of classical and quantum signals over the same medium.
* Scalability, so quantum networking protocols can support the
growth of the network.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Base Technologies: Evolved SDN Concepts and Network Virtualization
SDN concepts are at the core of current networking technologies.
From the original ideas of separating control and forwarding planes,
connected by open interfaces and supporting programmability and
logically-centralized management. As part of this evolution of SDN
concepts, the Cooperating Layered Architecture for Software-Defined
Networking (CLAS) [RFC8597] described a SDN architecture structured
in two different strata, namely Service Stratum and Transport
Stratum. On one hand, the Service Stratum contains the functions
related to the provision of services and the capabilities offered to
external applications. On the other hand, the Transport Stratum
comprises the functions focused on the transfer of data between the
communication endpoints, e.g., between end-user devices, between two
service gateways, etc.
Lopez, et al. Expires 4 January 2027 [Page 5]
Internet-Draft qi-multiplane-arch July 2026
It is worth noting this management centralization does not contradict
the distributed principles generally applied in current networks.
Local control decisions are intended to be coordinated by centralized
management. While the communication between the controller and the
controlled elements relies on some kind of SDN protocol, the
controller exposes a consistent abstract model of the network devices
and topology, that can be structured in a hierarchy of abstractions,
from lower-level, element-focused ones, up to application-oriented
ones.
While SDN ensures higher degrees of flexibility and reconfigurability
by allowing network functions to be easily modified and upgraded
through software changes, virtualization enables the abstraction of
hardware devices by creating virtual instances, which improves
scalability, resource efficiency and allows the dynamic allocation of
softwarized network functions in different locations. As quantum
technology evolves, a virtualized layer for softwarized network
functions significantly aids adaptation to these changes, ensuring
pliability and responsiveness for seamless updates, and incorporating
new mechanisms without extensive hardware modifications.
These approaches pave the way for a tighter integration of quantum
functionality with functions already established in state of the art
classical networks, including support for user/function
authentication and authorization, and support for user and function
mobility, while adhering to established network standards.
Integrating these mechanisms enhance security measures and ensure
that quantum networks can seamlessly interface with existing and
future telecommunications infrastructure.
The use of these base technologies support a seamless interface with
classical networks (commonly identified as OTN, Optical Transport
Networks), addressing three basic principles, related to the ones we
mentioned above: facilitate the coexistence on physical
infrastructure (sustainability and transparency), apply the
abstractions commonly used in open and disaggregated networks
(agility and universality), and reuse the best practices in network
management being applied in current infrastructures (pliability and
scalability).
SDN and virtualization support the integration of control and
management, even if the distinct nature of network elements and the
mediation nature of the controller role do not make advisable the use
of common quantum/OTN controllers. There are common abstractions
able to support cross-interactions among controllers and management
applications, especially regarding:
Lopez, et al. Expires 4 January 2027 [Page 6]
Internet-Draft qi-multiplane-arch July 2026
* Quantum management applications requiring operations on topologies
and physical paths in the OTN mediated by an OTN controller.
* OTN management applications requiring operation on quantum
topologies mediated by the quantum controller.
* Topology updates exchanged between quantum and OTN controllers.
* The coordination through an integrated controller (commonly
referred as "orchestrator"), able to provide a common view to
application network functions.
4. Applying Base Technologies: The QKD Experience
The design and deployment of QKD infrastructures has followed a
number of design principles, based on the best practices in network
architecture and management established during the lifetime of the
Internet (and even before), and focused on the separation of
concerns, that have been converging on the trends around applying SDN
principles and virtualization mechanisms, addressing open
disaggregation strategies and the identification of separate data and
control planes, connected by means of open interfaces. This section
reviews the practical knowledge acquired from the engineering and
operation of QKD infrastructures and uses them as a practical
reference point for the architectural discussion that follows.
Although several of the concepts and interfaces examined here have
been shaped by specific QKD implementations and standardization
efforts, the intention is to highlight which elements appear reusable
as general design patterns and which remain specific to the
assumptions and limitations of QKD. In that sense, QKD is treated in
this document primarily as an informative example within a broader
architectural space, and the discussion is framed in a way that
remains compatible with other quantum networking technologies and
service models as they mature.
4.1. A QKD Multi-Plane Architecture
Applying the SDN and disaggregation principles, QKD infrastructures
have been essentially structured around three different planes
[QTTI21]. While we are not talking about a rigid, layered structure,
where a given layer can only provide services to the immediate upper
layer and consume services from the immediate lower layer, it is
worth noting that interactions among elements in the different planes
must use well-defined interfaces [ETSI04] [ETSI14] [ETSI15] [ETSI18],
and these interactions may incorporate a layered approach.
Lopez, et al. Expires 4 January 2027 [Page 7]
Internet-Draft qi-multiplane-arch July 2026
In this approach, the Quantum Forwarding Plane (QFP) is in charge of
performing the operations (quantum and classical) to ensure the
exchange of the quantum signals or enable the utilization of
persistent quantum resources, like persistent, distributed
entanglement. In QKD, the QFP encapsulates all the functionality
required to obtain an end-to-end secret key across the network. This
implies the transmission of the quantum signals and the execution of
any associated protocols. Note this would require the use of
classical procedures, either via a separated physical "classical
channel" [QTTI21] or the reuse of a common channel, as proposed in
"packet-oriented" approaches [PSQN22]. In this sense, the forwarding
of the keys at intermediate nodes in the multi-hop chains used to
overcome current limitations in propagation of quantum signals or
states, has to be considered part of the QFP, since it is done
exclusively on behalf of the QKD functionality.
On its side, the Service Overlay Plane (SOP) supports the use of the
keys derived from the QFP by applications. This includes the
storage, identification, delivery, and lifecycle management of the
units of consumption (keys of different length, delivered according
to specific patterns) at the endpoints of the network. All network
functionalities at this plane can be considered application-oriented,
with a clear mapping to an overlay data plane in a classical network,
though the SOP elements should be aware of the nature and specific
needs of the QFP they interact with. Key management mechanisms,
beyond key forwarding by intermediate nodes, fit within the SOP.
This comprises methods such as hybridization and augmentation
techniques, or the means for synchronizing key identifiers across API
boundaries.
Finally, the Control and Management Plane (CMP) is made of the
elements that create and supervise the state of the network. This
decoupling between network configuration and (general) data
forwarding is supported by the controller, a mediation logically
centralized element between the control capabilities supported by the
elements in the QFP and SOP and the management and control functions.
These management and control applications rely on the controller,
taking advantage of the centralization it provides, to guarantee the
best performance of the network and avoid diverging local control
decisions that might lead to sub-optimal configurations.
Supported by these abstractions, QKD infrastructures are evolving
from a conglomerate of links, where keys derived from the protocol
applied to a link are used to secure the communication between two
entities directly associated to the endpoints of the link, into real
networks, able to forward a key to be used between any two entities
attached to the network. The entities in the SOP play a key role for
this, supporting the storage, delivery and lifecycle management of
Lopez, et al. Expires 4 January 2027 [Page 8]
Internet-Draft qi-multiplane-arch July 2026
the service units being consumed by the applications attached to the
network. These SOP entities, are commonly referred as KME (Key
Management Entity), acting as key storage for a specific element or
elements in the QFP, and providing an endpoint for applications to
request and consume keys for a specific secure interaction. The
interfaces KMEs use to interact with the QFP elements are usually
provided by specific (commonly software-based) components, acting as
agents in the QFP, and therefore termed Key Management Agent (KMA).
Several of these KMEs can be logically grouped into what is called a
KMS (Key Management System), supporting a set of related applications
grouped into a trust domain, and therefore consistently operated by a
corresponding entity in the CMP. The differentiation between KME and
KMS functionalities becomes more apparent as networks expand and
consolidate, with many cases of current QKD link-oriented
infrastructures referring to a KMS as the entity integrating both
roles.
In summary, QKD infrastructures are converging into an extended SDN
model, with two differentiated data planes, controlled in a
coordinated manner through a common Control and Management Plane,
that supports aggregated mechanisms for further orchestration. The
QFP/SOP duality constitutes a common abstract foundation for a
general approach to quantum communications networks, regardless of
their final purpose.
4.2. Applying SDN and Network Virtualization Principles
At the application level, end-to-end key management and end-to-end
key creation are obviously the main target. Since many applications
of these keys are related to classical communications (direct
encryption, key derivation for symmetric algorithms, peer identity…)
there is a clear interface for the SOP, with classical network
functions acting as consumers of the keys or, in general terms, the
bit streams generated by the QFP. Further on, the application of NFV
mechanisms to any network function allows for its implementation
through software virtualization techniques (virtual machines, para-
virtualization containers, unikernels, etc.), irrespectively of their
application environments or specific plane. The lifecycle management
of all network functions, of any nature, under a common MANO stack
[NFV06], seems the most reasonable option.
While there is a radical difference between the network elements in
quantum networks and OTN, and therefore interactions in data
forwarding are not feasible, with only two exceptions: the
possibility of sharing physical media, and the use of classical
channels to support QKD algorithms, as it is the case of distillation
channels in protocols like BB84. In this case, a proper control of
Lopez, et al. Expires 4 January 2027 [Page 9]
Internet-Draft qi-multiplane-arch July 2026
the path and physical parameters has to be applied to minimize
interferences of any nature and guarantee optical classical
connectivity for the quantum algorithms.
Recent proposals for QKD network management have explored the use of
operational models that radically leverage the virtualization of
control and key management functionalities [EVCK25]. For key
exchange, current technology does not allow direct end-to-end quantum
key exchange between distant nodes. Instead, key distribution must
rely on trusted intermediary nodes to transmit keys hop-by-hop. A
key management layer where the actions of all nodes are coordinated
is needed to ensure secure and efficient key distribution.
Virtualizing and decoupling key management from the physical QKD
devices enhances flexibility and scalability, and supports the
integration of hybrid cryptographic strategies, combining QKD and
post-quantum algorithms to ensure security and performance.
Additionally, it allows real-time performance monitoring, data-driven
control and management, and tailored access and admission mechanisms
[QNSA24].
The virtualized key management layer acts as an intermediary between
the clients and the cryptographic material generating devices. This
layer would have as functions both those that fall within the
framework of the SOP defined in previous sections, as well as key
forwarding, specific to the QFP. For the latter, each functional
element of this layer, identified as key managers entities in
[EVCK25], has a forwarding table, which can be dynamically updated
whenever necessary by the control plane. Additionally, they
implement a token bucket for each application session, to control the
request rate by limiting it to an agreed-upon value at the Quality of
Service (QoS) level.
The virtualized control plane can have different functional elements,
and, as with the key management layer, several instances of the same
element can be executed as necessary for the correct operation of the
network. Foundational elements include: a controller, an access
control and an admission control component, a routing module, and a
monitoring element. This set allows the execution of network access
policies, ensuring that no unauthorized user or process enters the
network, verifies the configuration parameters of new sessions opened
by applications, ensuring that they are granted the appropriate QoS,
and performs performance tests on the physical links and collecting
statistics on the QKD modules, quickly alerting about any failure or
possible attack on the QFP.
Lopez, et al. Expires 4 January 2027 [Page 10]
Internet-Draft qi-multiplane-arch July 2026
5. A Framework Architecture for the Quantum Internet
Based on the available experience on the deployment of existing QKD
infrastructures and on the evolution of SDN-enabled architectures
described in the previous section, this document proposes an
architecture framework intended to offer a conceptual common
framework for the integration of technologies intended to build the
Quantum Internet infrastructure and its integration with the current
Internet.
Once we presented in the previous section the lessons learned from
QKD deployments, introducing a general architecture applicable to
those deployments, in this section we propose the generalization of
such architecture towards a Quantum Internet, augmented by the
extended SDN approach proposed by the evolved CLAS in [CLASEVO]. In
what follows, we will discuss how this framework architecture would
support the required properties: agility, allowing for technology
evolution, sustainability, fostering infrastructure reuse, and
pliability, supporting operational best practices.
5.1. CLAS and Quantum Networks
As discussed in the previous section, SDN principles have enabled the
base abstractions for the conceptualization of QKD infrastructures,
including the services they provide and the required interactions in
the use of classical infrastructure to support the required
connectivity patterns. The original CLAS architecture, as defined by
[RFC8597], addresses SDN evolution considering the forwarding
(transport) and service aspects in two separated but coordinated
planes. This approach matches the multi-plane approach described for
QKD infrastructures, though it seems somehow limited to address the
required interactions with physical connectivity, as well as to
incorporate general requirements regarding automation to support
convergence with operational practices.
The new extension of the CLAS architecture, as defined in [CLASEVO],
intends to address the current evolution of networks and the services
they support introducing new aspects, in particular the
considerations of distributed computing capabilities attached to
different points in the network, and the introduction of evidence-
driven techniques, such as Analytics, Artificial Intelligence (AI)
and Machine Learning (ML) to improve operations by means of closed-
loop automation.
The CLAS framework provides a sound foundation for incorporating the
experience gained with QKD deployments in a general proposal
applicable to the Quantum Internet, as it is essentially compatible
with the architectural lessons learned within the QKD fields, and at
Lopez, et al. Expires 4 January 2027 [Page 11]
Internet-Draft qi-multiplane-arch July 2026
the same time supports additional degrees of freedom regarding the
integration of control mechanisms, and the interplay with the
(shared) infrastructure and its management.
Furthermore, we propose here a general network architecture trying to
incorporate relevant trends such as cloud nativeness, the integration
of zero-touch management, or the considerations about intent. With
this in mind, in what follows a CLAS-based architecture frameworks
for quantum communications networks is introduced, including the
proposed strata and their main characteristics.
5.2. Strata for Quantum Networks
The CLAS architecture was initially conceived from the perspective of
exploiting the advantages of network programmability in operational
networks, complementing and going beyond the traditional layered
structure of the original SDN proposal. Following the CLAS
philosophy, as proposed in its recent update [CLASEVO] of decoupling
services, additional functionality, and base connectivity, the
architecture of a quantum network should be composed of:
* A Service Stratum, dealing with the functionality related to the
purpose of the quantum network, and aligned with SOP described for
QKD networks above. At this moment, the most general service,
beyond QKD key management, is obviously entanglement distribution
in a general quantum network. This stratum is intentionally
defined in a technology and service-agnostic way. It does not
assume a fixed layering or a single, primary service. In addition
to QKD key management, candidate services include entanglement
distribution, time synchronization, identity assurance, or
sensing. The service stratum would consider the relevant service
units (keys, shared states, identities, timelines...), deal with
their appropriate disitribution and routing, and deliver these
service units as requested by the user application functions. The
concept of service unit becomes essential here, as the cornerstone
for fundamental network characteristics (addressing, routing,
information structuring...) and for the interface to the
applications using the network. As the discussion on how to
identify and relate keys in a wide-area QKD network is still
alive, the need to identify how to “pack” qubits in a way useful
for, say, distributed computations or teleportation coding, how to
route these packs, and how to request and consume services based
on them is crucial to define how a global quantum network should
be built and operated.
* A Quantum Fabric Stratum, in charge of the direct application of
quantum protocols and algorithms among the endpoints of a quantum
link, whatever their number, providing support to bipartite and
Lopez, et al. Expires 4 January 2027 [Page 12]
Internet-Draft qi-multiplane-arch July 2026
multipartite entanglement distribution. It is important to note
that this stratum must be able to support the appropriate service
units, but there is no need for a one-to-one mapping between those
quantum entanglement units and the service units. As example, let
us consider entanglement distribution via swapping, which would
likely occur on a pairwise basis at this stratum, but needs to be
considered in a collective view to make sense to the applications
interacting with the service stratum.
* A Connectivity Stratum, taking care of providing the paths to
support the quantum links used by the quantum fabric and service
strata. Typically, the connectivity stratum would be supported by
OTN infrastructure, via fiber and/or open-space links, and would
follow a common connectivity paradigm, specifically a circuit-
based or packet-based one. While current quantum links deal with
OTN infrastructure according to a circuit-based paradigm, recent
proposals are addressing the idea of "quantum packets" [PSQN22]
and the connectivity stratum would have to deal, in general terms,
with the classical headers of such packets. Furthermore,
classical links are always required for supporting quantum links
procedures, and by any kind of monitoring, control, and management
connections. The provisioning of related quantum and classical
links, and their consistent operation to meet service levels will
be the main concern of this stratum.
This architecture, following the CLAS proposal itself, is built under
the assumption that planes within and across strata communicate
through well-defined, open interfaces supporting programmability, as
a generalization of the common SDN architecture that defines a
controller as a mediator between application and network (forwarding)
devices. It includes the archetypal case of a centralized controller
but is not limited to that particular realization. These broader
implications of SDN principles are among the main motivation of the
original CLAS proposal in [CLASEVO], and it is the main reason for
using it as the base for the framework proposed by this document.
The archetypal case of a centralized controller would be the most
common deployment style, but the architecture is able to support more
distributed approaches, in which each participating domain runs a
specific instance of the different strata, providing collaboration by
the exposure of tailored information to the other domains via border
protocols, as proposed in [ALTOQ24], in a way equivalent to the
peering mechanisms in use among current Internet Autonomous Systems.
Even configurations where a particular domain focuses on one or two
of the strata, supporting the other strata being hosted in different
domains is also conceivable.
Lopez, et al. Expires 4 January 2027 [Page 13]
Internet-Draft qi-multiplane-arch July 2026
Based on the images used to illustrate the strata proposed in
[CLASEVO] and [RFC8597], the relationship among the strata described
above would be as shown in the following diagram:
Application Functions
/\
||
+-------------------------------------||-------------+
| Service Stratum || |
| \/ |
| +--------------+ ........................... |
| | Telemetry Pl.| . SDN Intelligence . |
| | |<===>. . |
| +-----/\-------+ . +--------------+ . |
| || . | Mgmt. Pl. | . |
| || . +--------------+ | . |
| +-----\/-------+ . | Control Pl. |-----+ . |
| | Resource Pl. | . | | . |
| | |<===>. +--------------+ . |
| +--------------+ ........................... |
| /\ /\ |
| || || |
+--------------------------------||-------------||---+
Standard API -- || -- ||
+--------------------------------||-----+ ||
| Quantum Fabric Stratum || | ||
| \/ | ||
| +----------+ ................... | ||
| | Telemetry| . SDN . | Std. ||
| | Plane |<==>. Intelligence . | API ||
| +-----/\---+ . +----------+ . | -- || --
| || . | Mgmt. Pl.| . | ||
| || . +----------+ | . | ||
| +-----\/---+ . | Control |-+ . | ||
| | Resource | . | Plane | . | ||
| | Plane |<==>. +----------+ . | ||
| +----------+ ................... | ||
+----------------------------------/\---+ ||
Standard API -- || -- ||
+-------------------||-----------||-----+
| Connectivity || || |
| Stratum || || |
| \/ \/ |
| +----------+ ................... |
| | Telemetry| . SDN . |
| | Plane |<==>. Intelligence . |
| +-----/\---+ . +----------+ . |
| || . | Mgmt. Pl.| . |
Lopez, et al. Expires 4 January 2027 [Page 14]
Internet-Draft qi-multiplane-arch July 2026
| || . +----------+ | . |
| +-----\/---+ . | Control |-+ . |
| | Resource | . | Plane | . |
| | Plane |<==>. +----------+ . |
| +----------+ ................... |
+---------------------------------------+
Essentially, this architecture model incorporates the findings from
QKD deployments and addresses the requirements for providing a
general framework for quantum networks towards the Quantum Internet.
It is intended to support the evolution of network base technologies,
provide the degrees of freedom necessary to encompass different
deployment models, and align with relevant trends in network
operation, while considering the practical aspects related to
classical connectivity.
The proposed architecture will address the evolution of network base
technologies by providing abstractions able to accommodate to this
evolution. Considering the stages analyzed in [QIROAD18], the QKD
deployment patterns described in the previous section already cover
"Trusted Repeater Networks" and "Prepare and Measure Networks", and
the general architecture proposed here is able to accommodate the
more evolved stages, namely "Entanglement Distribution Networks",
"Quantum Memory Networks", "Few Qubit Fault-Tolerant Networks", and
"Quantum Computing Networks". As immediate examples we can consider
the integration of features in the Connectivity Stratum with the
other two strata to support entanglement distribution among different
locations, or the incorporation of future quantum repeaters into the
Quantum Fabric Stratum to support more elaborated behaviors of the
Service Stratum.
In addition, these network abstractions are intended to provide
specific degrees of freedom for network design and deployment,
through the incorporation of independent resource and control planes
at each stratum. Given the control mechanisms identified as "SDN
intelligence" on the diagram above are able to expose open
interfaces, the approach for coordinating the different strata via
mechanisms like those defined in [ETSI18] is totally feasible, and
different aggregation patterns (multi-stratum, multi-domain...) and
models (federated, hierarchical...) can be applied. These
aggregation mechanisms are equally applicable in the case of
telemetry data and their integration with closed-loop mechanisms for
automation, in support of the required quantum network agility.
Lopez, et al. Expires 4 January 2027 [Page 15]
Internet-Draft qi-multiplane-arch July 2026
The evolved CLAS proposal in [CLASEVO] explicitly incorporates
current trends in network automation, in whatever the flavor
including AI and intent expressions. This architecture guarantees
the future pliability of quantum networks, in alignment with the
evolution of best practices in general network management.
Finally, by explicitly addressing the issues related to the
connectivity of quantum links, the architecture considers the
interactions with any other relevant operational aspects required for
providing quantum network services. The direct integration of a
stratum focused on these aspects makes the proposed architecture
better aligned with the sustainability goal.
5.3. The Service Unit Concept
5.3.1. Applying Service Units in QKD Networks
The service units provided by a QKD network have to be uniquely
identified within the network, so they can be properly managed by the
SOP, including their routing across the different required KMEs, the
requests of appropriate links in the QFP, and the management of the
lifecycle events related to making the key available to the
applications willing to use it. It is important to note we are
talking about a service unit, and not a data unit associated with a
particular protocol, and therefore what is relevant here are the
identification of the two application endpoints (that should include
a nonce mechanism to identify the specific pairing) together with
relevant parameters regarding the key lifecycle, such as its length
and valid time-to-live. While these are the two essential lifecycle
parameters, others, as it might be the case of applicable crypto
algorithms, could be considered as well. The service unit identifier
is not directional, i.e., it has no source or destination addresses,
as it defines a shared state to be used by two applications. We can
consider the analogy of transport flows in the current Internet,
rather than packets.
The current proposal we are experimenting with advocate for using
URNs [RFC8141] as endpoint identifiers, taking advantage of their
nature of location-independent, persistent resource identifiers. The
q-component of the endpoint URN can be used to carry the nonce part
of the specific application identifier. If we consider that
lifecycle parameters can be expressed using a specific URN in its
q-component, we have that a service unit identifier consists of the
combination of three URNs.
Lopez, et al. Expires 4 January 2027 [Page 16]
Internet-Draft qi-multiplane-arch July 2026
As an example, let’s consider URNs for application endpoints use the
qkd namespace id, and that lifecycle parameters use the URN
qkd:lifecycle assigned name, with the parameters size and valid-
until. A service unit identifier for QKD between two domains, with
roots madqci and quditto, would look like:
urn:qkd:madqci:ccips?=nonce=177923
urn:qkd:quditto:emulator:ipsec:controller?=nid=af33017
urn:qkd:lifecycle?=size=256&valid-until=1750708945
The nature of the endpoint identifiers support the use of any
aggregation and routing mechanisms, ranging from strictly
hierarchical and centralized schemas based on orchestration
mechanisms to fully distributed routing algorithms. The approach
also supports the use of non-routable identifiers, limited to that a
given domain or KMS.
The QKD service unit identifies a shared state between two
application entities, and therefore cannot be consider directional,
and the concepts of source and destination do not apply here.
Nevertheless, directionality is relevant in the process of
establishing the QKD service unit, both in terms of its identifier
and of its contents. In the case of the identifier, one of the
application entities will request a service unit to the relevant KMS/
KME it is attached to, identifying itself and the other peer in the
service unit, together with the applicable lifecycle parameters.
Relying on the available route information and the replies of the
intermediate elements in the SOP, the final identifier of the QKD
service unit will be built. The associated content, i.e., the bit
string defining the key to be shared between the two application
endpoints, will be derived from the elements in the participating
links in the QFP and the application of any additional mechanisms
(key encryption, augmentation, trusted node forwarding…) required by
the participating KMEs and the corresponding links.
5.3.2. Generalizing Service Units
The fact we remarked above about the QKD service unit being a shared
state between two application entities supports a direct translation
of the concept to apply it in a generalized quantum network. A
service unit in this context will correspond to the shared quantum
states to be consume by the application entities, according to the
goals of their sharing of these quantum states. This implies that a
QKD service unit can be considered a specialized quantum service
unit, where the shared state has been somehow pre-processed to
distill the bits that define the shared key. A similar pattern could
be applicable to other specialized quantum network applications, as
it would be the case of distributed quantum sensing or metrology.
Lopez, et al. Expires 4 January 2027 [Page 17]
Internet-Draft qi-multiplane-arch July 2026
The identification of such service units can follow the same patterns
described for the QKD service units, but in this general case with
N+1 URNs, being N the number of application entities (two for the
case of bipartite entanglement) sharing the state, and a final one
defining the lifecycle parameters. Obviously, these parameters
should differ from the ones postulated for QKD, and it is possible to
envisage parameters such as shared state size (the number of
entangled states), a timestamp regarding lifetime of the shared
state, and others addressing aspects like fidelity. As the quantum
memory technology at the foundation of these shared states evolve, a
clearer view of the parameter URN will become available. Experiments
on this issue will be really useful to identify these parameters and
shape the q-component of the parameter URN.
The content of a QKD service unit is a bitstring corresponding to the
shared key. This bitstring is stored in the memories of the
corresponding KMEs, with individual bits differentiated by their
position in the string. Quantum memories must be available at the
resource plane of the Service Stratum (SS), and the service unit
should contain the addresses used by those quantum memories to
identify the corresponding entangled states. The elements equivalent
to the KMEs in the control plane of the SS interact with these
quantum memories to identify the applicable addresses, and to require
the elements in the control plane of the Quantum Fabric Stratum (QFS)
to activate the corresponding exchanges in the quantum links they
operate. Each of the endpoints of these quantum links is expected to
provide a functionality equivalent to the agents discussed for QKD
networks, in support of the SS quantum memories.
Lopez, et al. Expires 4 January 2027 [Page 18]
Internet-Draft qi-multiplane-arch July 2026
For these service units, directionality (the specification of an
origin and a destination) is not applicable, as service units
correspond to a shared state. The only directional element that can
be considered is an originator of this shared state, corresponding to
the application element requesting the establishment of the service
unit. This would trigger the SS control plane element attached to
the application to start its route decision procedures and to start
the interactions with the relevant SS control planes to start the
necessary exchanges to establish the shared quantum states. The
structure and delegation mechanisms provided by URNs allow for
arbitrary aggregation of prefixes, enabling any kind of routing
style, from the aggregation and inter-domain announcement similar (or
compatible) to BGP in classical Internet to the decision on which
prefixes are announced and how they are routed by means of SDN
controllers, whether by means of a federation approach or in a
hierarchical control structure. The approach also supports the use
of non-routable identifiers that cannot be announced outside a given
domain and can only establish service pairing with other applications
within the same domain. These mechanisms would be applied by the
corresponding elements in the control and management planes of the
Service Stratum.
As a result of the routing procedures and the interaction among SS
control plane elements, there should be corresponding interactions
with elements in the control planes of the Connectivity Strata (CS)
and the QFS, to verify and require, as needed, the establishment of
the individual entangled states and, as required, the physical links
to support them. There is a consolidated corpus of interfaces
(usually known as North-Bound Interfaces, NBI) for the control of
classical connectivity, and specially of optical links, such as the
TAPI specification [TAPI240], and different proposals to select and
establish paths. It seems necessary to explore and experiment with
similar interfaces and procedures for the management and control of
quantum links, addressing the challenges already identified in
[RFC9340] and exploring the implications of quantum-native routing
proposals as made in [QUADDR] and, more recently, in [QNAD]. A
specially significant question is the mapping between the entangled
states, as identified by the service unit, and the payloads exchanged
within the QFS.
Finally, a word on the telemetry planes in each of the proposed
strata. It should be obvious the elements in the control planes at
each of the strata should start monitoring mechanisms at the involved
elements in the resource planes and activate telemetry collection
mechanisms. This brings the requirement of defining and
experimenting with appropriate metrics and telemetry data models for
both the SS and the QFS, as already being defined for QKD
infrastructures [ETSI23].
Lopez, et al. Expires 4 January 2027 [Page 19]
Internet-Draft qi-multiplane-arch July 2026
5.3.3. Scoped Handles for Service Units (QUI)
Service unit identifiers are intended to be stable and meaningful to
applications and SS functions, typically by combining endpoint
identifiers and lifecycle parameters. However, the internal handles
used to access quantum memories, communication qubits, entangled
pairs, or other device-local quantum resources are often local to a
device, technology, implementation, or administrative domain.
Exposing such device-local handles outside their local scope can
unnecessarily reveal resource structure and can complicate
reallocation, recovery, and inter-domain operation.
A useful indirection mechanism is a domain-scoped Quantum Unit
Identifier (QUI). Following this approach, the application-facing
service unit identifier corresponds to one or more domain-scoped
QUIs, and each QUI may be mapped inside its domain to the
corresponding device-local quantum resource handles. A QUI is not
expected to be globally unique. Its scope can be an administrative
domain, a technology segment, a trust domain, a controller domain, or
another operational scope appropriate to the deployment.
A QUI may represent a single entangled pair, a set of entangled
pairs, a quantum memory allocation, a local share of an end-to-end
shared state, or another quantum resource unit relevant to the
service. The same end-to-end service unit may therefore be
associated with different QUIs in different domains, while preserving
the service-unit abstraction presented to applications.
Because quantum resources are time-sensitive, a QUI may naturally be
associated with lifecycle information. Such information may include
a time-to-live, a coherence window, an expiry time, an age value, or
an availability window. The relevant lifecycle properties are
exposed through the interface betweehn the SS and QFS, so it is
possible to decide whether a resource remains usable, whether it has
to be consumed immediately, or whether it has to be replaced to
fulfill a given service unit denotation.
A QUI may also include, or be associated with, freshness information
such as a nonce or other one-time value. Freshness information is
useful to distinguish different allocations, avoid accidental reuse
of stale state, and reduce replay or mix-up risks when several
service units or resource allocations are active at the same time.
The use of a QUI may also enable re-binding. For example, when a
particular entangled pair decoheres, a quantum memory allocation
fails, a link-level establishment attempt does not reach the target
fidelity, or an implementation decides to regenerate the underlying
state, the domain can bind the same service-unit context to a new
Lopez, et al. Expires 4 January 2027 [Page 20]
Internet-Draft qi-multiplane-arch July 2026
local quantum resource allocation. Such re-binding may not imply
preservation of a consumed or measured quantum state; it is a
control-plane mechanism for replacing or refreshing the underlying
resource associated with the service unit.
Resolution among service unit identifiers and QUIs happens at the
interface between the SS and QFS control planes, while the mapping of
QUIs to the applicable device-local resource handles would be
typically performed by QFS resource-plane agents, managed by the QFS
control plane, though particular architectures may define specific
control and management functions for this purpose. The mapping
between a QUI and device-local handles is expected to remain local to
the relevant scope unless explicitly exposed through an inter-domain
or management interface.
5.3.4. Quantum QoS Parameters
Admission, routing, resource reservation, and maintenance of
entanglement-based service units require parameters that describe the
requested and achieved quality of the quantum resource. These
parameters will be carried in service requests, used internally by SS
and QFS control functions, and exposed through telemetry. They apply
at different granularities, including a physical quantum link, a
link-level entanglement, a segment, a domain, or an end-to-end
service unit. Quantum QoS parameters to be considered include:
* Target fidelity: the desired minimum quality of the shared state,
either end-to-end or per segment.
* Achieved or estimated fidelity: the observed or predicted quality
of an established state, including the effects of link loss, local
operations, swapping, purification, and storage time.
* Entanglement generation rate: the expected, requested, or observed
rate at which usable entangled pairs can be generated.
* End-to-end success probability: the probability that the requested
shared state can be established with the requested parameters,
optionally expressed per link, per segment, or for the complete
service unit.
* Establishment latency: the time required to create a usable
service unit, including link-level entanglement generation,
heralding, swapping, purification, resource reservation, and
relevant control interactions.
Lopez, et al. Expires 4 January 2027 [Page 21]
Internet-Draft qi-multiplane-arch July 2026
* Quantum communication latency: the latency relevant to the quantum
application, including any classical-assist signaling required for
measurement outcomes, timing, feed-forward operations, or
completion of teleportation-based procedures.
* Age, time-to-live, or coherence window: the time for which a
shared state or resource allocation is expected to remain usable.
* Swapping depth cap: the maximum number of entanglement-swapping
operations, or the maximum repeater depth, acceptable for the
requested service unit.
* Quantum memory constraints: the amount, type, and availability of
memory qubits and communication qubits at the endpoints and
intermediate nodes.
* Purification support and cost: whether purification is available,
which purification schemes or cycles are supported, and their
effect on fidelity, rate, latency, and resource consumption.
* Classical-assist constraints: latency, reliability, timing, and
synchronization properties of the classical channels used for
heralding, measurement-outcome exchange, calibration, and feed-
forward control.
* Loss and error indicators: parameters describing photon loss,
failed entanglement attempts, decoherence events, operation
errors, or classical packet loss affecting the quantum procedure.
* Application or service constraints: policy or application-level
constraints such as availability windows, allowed technologies
(for example fiber or free-space links), supported service types,
or restrictions on which domains or node capabilities can be used.
These parameters provide the basis for evaluating the suitability of
a candidate path, deciding whether a service unit request can be
fulfilled, selecting among alternative paths, deciding whether
purification is needed, and triggering refresh, re-establishment, or
re-binding when the observed quality no longer satisfies the service
objective.
Lopez, et al. Expires 4 January 2027 [Page 22]
Internet-Draft qi-multiplane-arch July 2026
5.3.5. Classical Ancillary Functions
Many quantum-network procedures require a classical ancillary
function associated with a quantum node or quantum resource. This
function can be realized in the same physical node as the quantum
resource, in an attached classical controller or agent, or in a
logically separate control-plane element. Its role is not to carry
quantum information, but to support the control and consumption of
quantum resources.
Examples of these ancillary functions include translating service-
unit identifiers to QUIs, and these into local resource handles,
forwarding service requests to local quantum resources, exchanging
measurement outcomes, coordinating heralding and entanglement
swapping, distributing timing and calibration information, performing
authentication and authorization checks, and applying feed-forward
information such as correction data required by teleportation-based
procedures.
The use of such functions requires clear interfaces among the
different strata, applying classical control and timing paths as part
of the quality and security envelope of an entanglement-based service
unit.
5.4. An Example Service-Unit Establishment Procedure
Let us outline an example procedure for establishing an entanglement-
based service unit between two quantum-capable endpoints. The
procedure is informative and does not define a protocol or prescribe
a particular control architecture. Different realizations can map
the functions described below to SS, QFS, and CS control-plane
entities in different ways.
*0. Capability and Service Discovery*
A requesting application or service consumer obtains information that
quantum services or quantum-enhanced services are available. This
information can be obtained through configuration, service discovery,
registration, policy distribution, or another discovery mechanism.
The discovered information can include service identifiers, endpoint
identifiers, supported quantum QoS parameter ranges, availability
windows, technology constraints, supported node capabilities, and any
policy constraints relevant to service establishment.
*1. Service Request*
Lopez, et al. Expires 4 January 2027 [Page 23]
Internet-Draft qi-multiplane-arch July 2026
The requesting application or service consumer requests a service
unit from an SS function. The request can include the requested
service type, peer endpoint identifier or identifiers, lifecycle
parameters such as size or time-to-live, and quantum QoS objectives
such as target fidelity, minimum generation rate, success
probability, establishment latency, or classical-assist latency. The
SS function performs the applicable admission, authentication,
authorization, and policy checks.
*2. Candidate Path and Resource Evaluation*
By request of the SS, QFS control functions evaluate candidate
quantum paths between the relevant endpoints. The evaluation can
consider available nodes, quantum memory constraints, communication-
qubit availability, link-level entanglement generation rates,
expected fidelity, purification capabilities, swapping depth,
classical-assist latency, and policy constraints. Where physical or
optical connectivity has to be established or reserved, the relevant
CS functions are engaged to provide the required paths and classical
assist channels.
*3. Hop-by-Hop Resource Allocation*
For each selected hop or segment, the relevant QFS control function
requests allocation of the quantum resources needed to support the
service unit. The allocation can be associated with a domain-scoped
QUI. If a hop or segment cannot provide the requested resources or
cannot satisfy the requested quality parameters, the control logic
can attempt an alternative path, reduce or renegotiate objectives
according to policy, or fail the establishment attempt and release
previously allocated resources.
*4. Entanglement Generation and Multi-Hop Operations*
Once the required hop-level resources are available, the QFS
coordinates entanglement generation on the relevant links. For
multi-hop service units, intermediate nodes can perform entanglement
swapping and, where supported and useful, purification. Classical
ancillary functions carry the required heralding information,
measurement outcomes, timing information, and feed-forward data. The
resulting fidelity, success probability, age, and other relevant
quantum QoS parameters are recorded or exposed to the responsible
control functions.
*5. Service-Unit Binding and Delivery*
Lopez, et al. Expires 4 January 2027 [Page 24]
Internet-Draft qi-multiplane-arch July 2026
If the established shared state satisfies the requested objectives,
the SS binds the resulting resource to the service unit identifier
expected by the application. The application receives the
information needed to consume the service unit, while domain-local
mappings from service-unit identifiers to QUIs and from QUIs to
device-local resource handles remain within the appropriate
administrative scope.
*6. Maintenance, Re-Establishment, and On-Demand Activation*
Because coherence windows can be short and quality can degrade over
time, telemetry can trigger refresh, re-establishment, or re-binding
when a time-to-live is close to expiry, fidelity drops below the
requested level, intermediate resources fail, or policy conditions
change. Some deployments can also separate authorization and
reservation from actual entanglement creation. In such cases, the
service request establishes the right to consume a quantum service,
while the shared state is generated later, when the application is
ready to use it.
6. Identification of Interfaces and Protocols
The architecture proposed in this document is intended as a framework
to evaluate and explore compatibility among the different proposals
on protocols and interfaces for the future availability of quantum
features in the global Internet, with the goal of providing a uniform
reference model to choose and apply the most appropriate solutions to
the Quantum Internet challenges. While the reference architecture
does not intend to identify a concrete set of these protocols and
interfaces, it is useful to analyze current proposals and trends, and
provide some guidance on how the framework can be useful for
assessing the integration of the solutions applicable to the
different elements that have to converge to realize the Quantum
Internet.
There is a significant corpus of standards and operational practica
applicable for the Connectivity Stratum, sustained by a well
established experience in the management and use of optical and, to
some extent, satellite-based networks. The differentiation of the
planes considered in the CLAS architecture within the Connectivity
Stratum has been common practice in the deployment and operation of
IP converged services over optical networks. The abstractions and
topology views described in the ACTN framework defined in [RFC8453]
constitute a solid foundation to describe the functionality of the
planes within the Connectivity Stratum, and the interfaces to be used
in the interactions with the other strata. An element like the Path
Computation Element (PCE) described in [RFC8637], able to address the
considerations related to quantum connectivity and the implications
Lopez, et al. Expires 4 January 2027 [Page 25]
Internet-Draft qi-multiplane-arch July 2026
of entanglement-based distribution, could constitute the core of the
intelligence and telemetry planes. Specific distribution elements,
able to fulfill the conditions for quantum signals, including the
potential co-propagation with classical signals, and to interface
with future quantum repeaters [QREPS], would constitute the essential
substrate of the resource plane. The current trends in optical
disaggregation and the use of orchestrated SDN mechanisms for network
path management and monitoring provide a natural path for leveraging
network virtualization mechanisms within the Connectivity Stratum,
facilitating their integration.
In what relates to the Quantum Fabric Stratum, current best practices
indicate that telemetry and SDN intelligence planes will follow the
same directions as the other strata, with virtualized, likely cloud-
native implementations for them. Even in the case of the resource
plane, one can expect the availability of specific software agent
elements in charge of managing devices, interacting with the
Connectivity Plane and providing support to the service units
relevant for the Service Stratum. The proposal in [QUADDR], beyond
the foundations described in [RFC9340], can be used to exemplify the
main objective of the framework architecture described in this
document. The proposal presents quantum-native mechanisms for
routing procedures, and the corresponding addressing conventions
supporting them, and considers network-wide mechanisms, structured in
two tiers defining what could be assimilated to a local domain and an
internetworking domain. This proposal can be naturally integrated in
the Quantum Fabric Stratum (QFS), and its SDN-inspired architecture
would map the proposed Entanglement-Defined Controller (EDC) at the
kernel of the SDN intelligence plane. The integration of an
architecture like this within the framework described in this
document would require to analyze the mapping between the node
identifiers described in the paper and the service units discussed
below. The choices for the coordination among the different strata
if the QFS uses an architecture like the one proposed in the
references paper would need to be also analyzed: on the one hand, the
interface between the EDC and Service Stratum should be defined, and
the QFS elements should need to be extended to include its
interactions with the Connectivity Stratum, or consider it oblivious
to physical connectivity and leave the coordination to the Service
Stratum. This is the kind of evaluations the synthetic environments
discussed in Section 6.2 will be extremely useful.
The discussion on the foundations of the Service Stratum (SS) is made
on the previous section, which introduces and analyzes the concept of
service units. Furthermore, As a natural consequence of what is
discussed above in the framework of cloud-native infrastructures, the
use of network virtualization techniques would be essential for the
Service Stratum, at all of their planes:
Lopez, et al. Expires 4 January 2027 [Page 26]
Internet-Draft qi-multiplane-arch July 2026
* The SDN intelligence plane, allowing the dynamic management of
service units and their association with the corresponding units
in the Quantum Fabric Stratum.
* The telemetry plane, for dynamic monitoring and data aggregation.
* The resource plane, in support of the different nature of the
interactions at the Quantum Fabric Stratum, like the case of
entanglement persistence beyond direct physical reachability.
6.1. Mapping Current Proposals
To demonstrate the application of the framework proposed here, and to
provide guidance in the future assessment of new proposals, this
section discusses the mapping of a number of representative current
proposals, addressing different issues in quantum networking and
covering a number of relevant architecture solutions or protocol
approaches to the general problem of the Quantum Internet. This
mapping is also intended to clarify the main concepts (strata,
planes, service units) underpinning the framework, considering how
these concepts are applied in the context of already available, and
in most cases well-known, approaches. Finally, the mapping also aims
at supporting future experimental validation of the applicability of
the different proposals and their potential interplay to support
Quantum Internet infrastructure and services, in most cases to be
performed by means of the synthetic environments discussed in the
next section.
The discussion of the mapped proposals is structured according to a
set of general categories and their connection to the reference
framework. Within each category, proposals are ordered according to
their publication date. An analysis of how each one of them fits in
the reference framework, together with a few considerations on their
interplay within the framework and possible experimentation paths are
provided.
6.1.1. Quantum Physical Foundations and Repeater Technology
The papers in this category establish the physical mechanisms upon
which quantum networking at scale depends, mainly quantum repeaters
in their various forms, and analyze their architectural and
operational implications. They are mainly related to the design of
the resource plane of the QFS and the interface requirements for the
CS.
[BRIEGEL98] introduces the base concept of quantum repeater,
addressing the exponential growth of error probability with the
length of the channel in direct quantum transmissions by means of a
Lopez, et al. Expires 4 January 2027 [Page 27]
Internet-Draft qi-multiplane-arch July 2026
nested purification protocol over intermediate nodes. Quantum
repeaters are essential elements in the reference framework, and in
particular for the resource plane of the QFS. They are the
foundation of the nodes that perform entanglement generation,
swapping, and error correction operations that produce the shared
entangled states consumed by the SS. The design of the QFS and its
interface to the CS must accommodate the characteristics of repeater
nodes.
This work also highlights an architectural implication discussed when
introducing the service unit concept. The elementary entanglement
events occurring within the QFS, such as the generation and exchange
of entangled pairs at the individual links, do not correspond one-to-
one with the units the applications expect to consume from the
quantum connection. A service unit, as provided by the SS,
represents a multi-hop end-to-end entangled state, whose construction
may have involved a complex sequence of operations at the QFS level,
typically spanning multiple repeater nodes and requiring classical
coordination via the CS. This gap between elementary link-level
entanglement events and the application-visible service unit is one
of the motivations for the domain-scoped QUI indirection introduced
in this document: the QUI allows the multi-hop, multi-operation
construction internal to the QFS to be represented and re-bound
independently of the stable service-unit identifier the application
consumes.
[JIANG09] proposes a quantum repeater protocol that locally encodes
qubits with CCS code and applies classical error correction during
simultaneous entanglement connections. The scheme achieves
substantially higher communication rates over long distances and
relaxes the requirements on quantum memory fidelity. In the context
of the multiplane architecture, this work exemplifies the class of
implementations that the QFS resource plane must support. The
encoding, decoding, and error correction operations are internal to
the QFS and transparent to the SS, but they may place specific
requirements on the classical channel capacity and latency that the
CS must provide.
Another interesting aspect relates to the service unit lifecycle
definition. Depending on the protocol implemented by the repeaters
(for example, the one presented in this work versus a purify-and-swap
scheme), the rate and fidelity of the end-to-end logical entangled
pairs differ. The SS control plane needs to be able to represent and
negotiate these QoS components when establishing service units, and
the interface between the SS and the QFS must expose them in a
technology-agnostic manner. The encoding scheme, logical error rate,
and generation rate could be candidates for inclusion in the
lifecycle parameter component of a service unit URN. The encoding
Lopez, et al. Expires 4 January 2027 [Page 28]
Internet-Draft qi-multiplane-arch July 2026
scheme, logical error rate, and generation rate correspond directly
to quantum QoS parameters, and the resulting per-link or per-segment
characteristics can be naturally associated with the domain-scoped
QUI representing the allocation on that segment rather than encoded
directly into the application-facing service-unit identifier.
[MURALI16] presents a classification of quantum repeaters into three
generations and analyses their performance in terms of communication
rate and physical resources required. First-generation repeaters
require two-way classical communication and quantum memories, but no
quantum error correction. They reduce the exponential overhead in
direct state transfer to only polynomial overhead, limited by the
two-way classical signaling required between non-adjacent repeater
stations. The second generation adds quantum error correction, which
implies more complex hardware, but only adjacent repeater stations
require two-way classical signaling. Finally, the third generation
eliminates the need for two-way classical signaling by relying solely
on quantum error correction. It only needs one-way signaling and
thus can achieve a very high communication rate, just like the
classical repeaters, only limited by local operation delay. Thus,
each generation would place different demands on the classical
channel model that the CS must support, and embodies a different
capability level for the QFS.
This classification provides a roadmap for the potential evolution of
the QFS as quantum hardware matures. The same service unit
abstraction living in the SS should remain valid across all
generations, with the QFS-CS interface evolving to accommodate the
changing classical channel requirements as technology advances.
[QREPS] presents a comprehensive review of the conceptual frameworks,
architectures, and experimental progress of quantum repeaters. The
analysis contextualises the proposals and advancements on the broader
goal of a Quantum Internet. This work includes a substantial portion
of the technology space that the QFS must accommodate. It maps the
diversity of repeater designs, their hardware requirements, and their
operational constraints. This type of approach is key to defining
which abstractions the QFS should expose to remain independent of the
specific physical implementation used at any given stage of network
evolution.
The review also notes that several near-term repeater architectures
rely heavily on classical co-processing and on specific timing and
synchronisation constraints that must be jointly provisioned with the
quantum channel. This coordination role is one of the primary
responsibilities for which the CS is designed. Furthermore, the
discussion on the experimental state of the art in quantum memories,
entanglement generation rate, and fidelity provide a physical
Lopez, et al. Expires 4 January 2027 [Page 29]
Internet-Draft qi-multiplane-arch July 2026
grounding for the lifecycle parameters that service units in the SS
must be able to express. Memory lifetime set the upper bound on the
valid-until parameter of a service unit, generation rate constrains
the throughput of the QFS, and achievable fidelity defines the
quality floor below which a service unit cannot meaningfully be
delivered. Memory lifetime sets the upper bound on the time-to-live
or coherence-window information that can be associated with a QUI,
entanglement generation rate constrains the throughput of the QFS,
and achievable fidelity defines the quality floor below which the
underlying QUI-bound resource can no longer satisfy the service
unit's requested objectives.
6.1.2. Network Architecture and Protocols
The proposals in this category deal with architectural foundations
and concrete protocols for quantum networking, covering the design of
repeater network architectures, link-layer protocol engineering, and
the application of classical architectural principles, such as
recursion and end-to-end argument, to quantum networks. They are
applicable to the QFS control and management planes and for the
inter-stratum interface design.
[DAHLBERG19] presents a functional allocation of a quantum network
stack with concrete physical and link layer protocols, transforming
the isolated physical experiments that produce heralded entanglement
into a well-defined, robust service. Their link-layer protocol
manages the stochastic nature of entanglement generation, handles
issues like timeouts, and provides a stable interface to higher
layers that abstracts the deatil of the physical mechanism underlying
the process. This timeout-and-retry behavior is a concrete instance
of the kind of event that, in the framework's terms, can trigger QUI
re-binding: a failed or expired link-level attempt is replaced by a
new allocation without changing the service-unit context exposed to
the application.
In the multiplane architecture proposed in this document, this work
falls in the QFS and its interface with the CS. The link-layer
protocol operates on the quantum links and exposes upward-facing
events that the control plane of the QFS may consume to manage
network-wide entanglement distribution.
Lopez, et al. Expires 4 January 2027 [Page 30]
Internet-Draft qi-multiplane-arch July 2026
This work also makes explicit he dependence of the link layer on
classical communication, for heralding mechanisms, timing and post-
selection processes. Thereby supporting the requirement for
coordinated classical connectivity that the CS has to satisfy. The
functional decomposition proposed in the paper is compatible with the
QFS structure described in this document, and their protocol can be
understood as an example of an operation within the resource plane of
the QFS, managed by the control plane through well-defined events and
triggers.
6.1.3. Service Abstractions and Application Frameworks
The proposals in this category address how the quantum resources
produced by the QFS are abstracted into units that applications and
higher-level computations can consume, either through concrete
algorithmic techniques or through system-level layering. They are
relevant primarily to the definition of the service unit and to the
boundary between the SS and the lower strata.
[GOTTESMAN99] shows theoretically that single-qubit operations, Bell-
basis measurements and a set of certain pre-shared entangled resource
states, such as GHZ states, are together sufficient to construct a
universal quantum computer, unifying several fault-tolerant protocols
under a single teleportation-based technique. The entangled resource
state consumed by this technique corresponds to the shared quantum
state delivered by the SS as a service unit: the paper treats the
state as an input to a local computation, decoupled from how it was
generated, which is consistent with the separation between the SS,
which delivers the service unit, and the QFS, which generates and
maintains the underlying entangled state through entanglement
generation and, where required, swapping and purification.
The proposed teleportation-based technique depends on classical
communication of the measurement outcome to complete the operation at
the receiving side. This places it within the scope of the classical
constraints and quantum communication latency parameters that the CS
has to support.
[CUOMO20] elaborates a layered abstraction of a distributed quantum
computing ecosystem, structured from the underlying communication
infrastructure connecting remote quantum devices up through
successive logical layers to the functionality consumed by
distributed applications. The lower layers described in the paper,
covering the physical exchange of quantum information between
devices, correspond to the QFS and CS. The upper layers, covering
the abstractions exposed to distributed applications, correspond to
the SS.
Lopez, et al. Expires 4 January 2027 [Page 31]
Internet-Draft qi-multiplane-arch July 2026
The boundary drawn between the communication infrastructure and the
abstractions exposed to applications matches the separation
maintained by the service unit: applications interact with the shared
state delivered by the SS without visibility into the sequence of QFS
operations, spanning individual links and, where applicable, repeater
nodes, that produced it.
6.1.4. Security
Works in this category address potential attack surfaces and
security-relevant properties of quantum networking, related to the
mechanims applicable to secure strata, planes and their interfaces,
as dicussed in Section 8.
[SATOH20] models the internal components and structure of a quantum
repeater network node and classifies attacks against them in terms of
confidentiality, integrity, and availability, finding that while
confidentiality is generally preserved by the physical properties of
quantum states, integrity and availability introduce vulnerabilities
with no classical counterpart.
The report also analyzes how classical computing and networking
elements attached to a quantum node materially affect the system's
overall security risk. Attacks on the classical control, timing, or
heralding information exchanged between nodes can propagate into
integrity or availability failures even when the quantum channel
itself is not directly compromised. This is consistent with the
elaboration Section 8 makes on the interaction of physical attacks
with classical attacks on control and monitoring activities.
6.2. The Role of Synthetic Environments
Due to the early stage of many, if not all, quantum technologies,
experimenting with quantum devices and equipment can be seriously
hindered by high costs and limited availability. This challenge is
particularly evident for experimentation at the scale required to
validate network protocols and inter- and intra-strata interfaces.
In this context, synthetic environments, and synthetic testbeds
enabled by these environments, become an essential tool. They enable
the emulation of quantum network deployments in a fully controlled
setting, allowing the execution of experiments and trials, protocol
evaluations, and even security analyses, where potential network
attacks can be tested without compromising the integrity of an
already built quantum network or a significant number of physical
devices.
Lopez, et al. Expires 4 January 2027 [Page 32]
Internet-Draft qi-multiplane-arch July 2026
Based on the results introduced in [QKNDT24] for QKD networks, the
concept of a Quantum Network Digital Twin (QNDT) provides a
foundation for such environments. QNDTs will enable a better
understanding of the properties of the different network elements,
interfaces, and protocols, and the applicability of the architecture
proposed in this document. It is important to note that a QNDT is
not a simulation tool, even though some of its components may apply
simulation functionality to adapt their behavior to that of a quantum
element. Rather, a QNDT represents a distributed classical system
that mirrors the operational behavior of a quantum network,
responding in real time and accurately reproducing the dynamics and
interactions of quantum entities.
In the case of QKD network deployments, significant progress has been
achieved thanks to both practical deployments, as exemplified in
[EUROQCI] and the early coordinated efforts of standardization
bodies. These advances include the definition of standardized APIs
that specify the communication means between quantum nodes and
customer applications, like [ETSI04], and the integration of network
management mechanisms widely adopted in classical communication
systems, like the SDN approach defined in [ETSI15]. This coordinated
efforts have translated into more flexible, programmable, and
scalable control of quantum resources, facilitating seamless
interoperability between quantum and classical infrastructures.
Despite these advances, several aspects of QKD networking remain
under active development. These include the definition of interfaces
that ensure interoperability across different administrative domains,
as well as the design and validation of architectures capable of
supporting large-scale deployments, that is, networks comprising
hundreds of interconnected nodes. In this regard, platforms such as
the one described in [QUDITTO] offer a valuable opportunity, as they
enable the emulation of low-level quantum network behaviors using
classical computational resources. Such synthetic environments
provide the means to model and analyze complex network scenarios that
are currently unattainable in fully physical experimental testbeds.
Lopez, et al. Expires 4 January 2027 [Page 33]
Internet-Draft qi-multiplane-arch July 2026
When considering general-purpose quantum networks, particularly those
based on entanglement distribution and management, the role of
synthetic environments becomes even more significant. Unlike QKD
networks, whose architectural and operational principles are
relatively well understood, entanglement-based networks are still in
an early stage of development. Many fundamental networking aspects,
such as entanglement routing, resource scheduling, and inter-layer
coordination, remain open research questions, with a crucial lack of
practical validation. In this context, QNDTs offer a unique
opportunity to accelerate progress: by enabling controlled emulation
of quantum states, interactions, and network behaviors, they allow to
test novel architectures, evaluate protocol performance, and explore
scalability under realistic yet fully reproducible conditions.
However, the development of a general-purpose QNDT introduces its own
set of challenges. Such a system must not only emulate the
functional behavior of quantum components but also ensure that the
underlying classical infrastructure responds within the same temporal
and operational constraints as its quantum counterpart, thereby
enabling accurate validation of protocols and network strategies.
Moreover, unlike QKD networks where standardized interfaces and APIs
have already been established (or are at least emerging), no
equivalent standards currently exist for general quantum networks.
Consequently, a QNDT must be designed to be inherently flexible and
extensible, capable of accommodating evolving definitions of
interfaces, communication protocols, and architectural abstractions.
In this regard, the QNDT once again becomes a key enabler for the
development, integration, and testing of these foundational elements.
Building upon the above discussion, two primary challenges must be
addressed as prerequisites for constructing a fully functional QNDT.
First, it is necessary to develop a mechanism capable of handling the
quantum-specific aspects of the system, executing simulations and
distributing results across nodes, resulting in the emulation of the
quantum behavior of network elements within the underlying classical
infrastructure. Second, there must be a definition of a minimal set
of core primitives or instructions that serves as the foundation for
constructing more advanced mechanisms, such as standardized
interfaces and communication methods between network elements and
external systems. Together, these two pillars will establish the
groundwork for a QNDT framework capable of evolving in parallel with
the broader quantum networking ecosystem.
The core quantum emulation mechanism for such an environment,
according to the current state of the art, would be the QNDT
emulation engine, based on a centralized simulation component
designed to execute the simulations needed to emulate the quantum
behavior of all network elements. This engine may rely on quantum
Lopez, et al. Expires 4 January 2027 [Page 34]
Internet-Draft qi-multiplane-arch July 2026
network simulators such as [NetSquid], [SeQUeNCe], or [QuNetSim].
However, these platforms alone do not fulfill the requirements of a
QNDT, since, as discussed above, a QNDT is not a simulation of the
network but a distributed classical system that replicates the
behavior of a real quantum network. Therefore, the central
simulation element must be complemented by a result distribution
mechanism, for example, through a publish/subscribe (Pub/Sub)
protocol. In such a setup, network elements subscribe to topics
relevant to their operation and can communicate with the central
simulation tool both to request simulations and receive results
through asynchronous interactions.
Another essential aspect concerns the handling of temporal
consistency between the “simulation time”, i.e., the time required to
execute a simulation, and the “simulated time,” i.e., the time the
simulation calculates the real system would take to perform the same
operation. Since simulation time is generally shorter than simulated
time, the QNDT must incorporate logic ensuring that results are
delivered only after the appropriate simulated delay has elapsed.
This guarantees that the QNDT responds within the same temporal
boundaries as its physical counterpart, thereby preserving the
fidelity and realism of the emulated network behavior.
In addition, to maintain state realism within the QNDT, it is crucial
to take into account the natural decoherence and noise dynamics of
quantum states over time. For instance, when entangled states are
distributed among the participating nodes and stored for a period
before being used in subsequent operations, the QNDT must emulate the
gradual evolution and degradation of these states. This entails
tracking the elapsed time between state creation and use, and
updating the state accordingly before executing the next instruction.
7. Related Standardization and Industry Work
A number of standardization bodies and industry/consortium efforts
are developing architectural concepts, interfaces specifications, and
operational practices that are relevant to the framework presented in
this document. The following briefly positions those activities as
external reference points.
7.1. ITU-T
The International Telecommunication Union Telecommunication
Standardization Sector (ITU-T) initiated in 2018 the first work item
on the concept of QKD networks with Recommendation Y.3800 [ITUY3800].
Since then, it has built an extensive body of Recommendations around
QKD networks, incluiding functional arcchitecture [ITUY3802] and
protocol framework material [ITUQ4160]. In the context of this
Lopez, et al. Expires 4 January 2027 [Page 35]
Internet-Draft qi-multiplane-arch July 2026
document, these ITU-T outputs are best read as mature examples of how
one quantum service (QKD) has been decomposed into functions,
interfaces, and operational procedures. They are useful as
comparative input when discussing interface patterns, management
hooks, and operational decomposition.
The evolution toward the Quantum Internet is being addressed in ITU-T
through several complementary initiatives. Technical Report Y.TR-QN-
UC [ITUTRQNUC] collects and analyses uses cases of quantum networks
beyond QKD, drawing on deliverables from the ITU-T Focus Group on
Quantum Information Technology for Networks (FG-QIT4N, active
2019-2022). These use cases encompass entanglement distribution,
distributed quantum sensing, quantum-enhanced clock synchronization,
and distributed quantum computing, providing a networking-oriented
characterization of the services that a general Quantum Internet
should support. The draft Technical Report YSTR.QN-TB [ITUQNTB],
analysing quantum network testbeds globally, complements this
perspective by identifying the architectural commonalities and
interface gaps across existing experimental infrastructures,
providing a grounded basis for future standards work.
7.2. ETSI
The European Telecommunications Standards Institute (ETSI)
established the Industry Specification Group on Quantum Key
Distribution (ISG QKD) in 2008, which has produced a set of Group
Specifications that are particularly relevant as concrete,
implementable interface examples for a quantum-enabled service. ETSI
has specified key delivery APIs [ETSI04][ETSI14], a SDN control
interface [ETSI15], a orchestration interface [ETSI18], and a
monitoring data model for QKD networks [ETSI23]. This work has had
direct operational relevance, underpinning the deployments that
constitute the experience base from which the architecture proposed
here is derived. At the same time, the ISG QKD scope has been
deliberately bounded to QKD, leaving the broader quantum networking
challenges outside its mandate.
Lopez, et al. Expires 4 January 2027 [Page 36]
Internet-Draft qi-multiplane-arch July 2026
In September 2025 the ETSI Board approved the creation of a new
Technical Committee on Quantum Technologies (TC QT). The primary
objective of this new committee is to develop specifications
addressing quantum communications and quantum networks across
multiple sectors, explicitly including quantum networking for
distributed computing and cryptography, satellite quantum
communications, quantum sensing, and quantum random number
generation. It is the successor forum for the broader scope that ISG
QKD cannot address, and its initial work program includes a Technical
Report mapping the quantum ecosystem and identifying cooperation
opportunities, as well as a Quantum Technologies radar document
tracking the maturity of the relevant technology areas.
7.3. ISO/IEC
In January 2024, the International Electrotechnical Commission (IEC)
and the International Organization for Standardization (ISO) jointly
established ISO/IEC Joint Technical Committee 3 (JTC 3) on Quantum
Technologies. The scope of JTC 3 covers quantum information
technologies (quantum computing and quantum simulation), quantum
metrology, quantum sources and detectors, quantum communications, and
fundamental quantum technologies. It was created as a structured
mechanism to develop fundamental standards for quantum technology,
including those related to quantum communication.
7.4. Industry and Consortia
Beyond formal standards bodies, several large-scale initiatives and
industrial efforts are generating the experimental evidence and
operational experience that will eventually inform normative
standards work on the Quantum Internet. Recent public milestones
include deployments and demonstrations on existing fiber plant and
the emergence of software stacks that abstract hardware heterogeneity
to enable multi-node quantum applications [HSESNY]. Large consortia
are building ecosystem roadmaps and testbed programs aimed at
evolving from point solutions toward repeaters/memories and
entanglement distribution at scale. The Quantum Internet Alliance
[QIA] is one prominent European example in this direction.
These industry activities reinforce the need for a framework that can
(i) compare alternative architectural decompositions, (ii) map
diverse services into a common vocabulary, and (iii) remain flexible
as technology moves from QKD-centric deployments toward entanglement-
centric networking.
Lopez, et al. Expires 4 January 2027 [Page 37]
Internet-Draft qi-multiplane-arch July 2026
8. Security Considerations
The general considerations made in [RFC8597] apply, as well as an
elaboration on the following points regarding:
* The requirements on mutual authentication in the channels used for
quantum interactions, as they should require methods rooted at
physical properties.
* Specific physical attacks related to the particular quantum
mechanisms in use by the quantum fabric stratum.
* The interaction of these physical attacks with classical attacks
to the control and monitoring activities, possibly translating
into a threat surface augmentation.
* The integrity and access control protection of service-unit
indirection mechanisms, such as QUIs, to avoid attacks leading to
resource exhaustion, state mix-up, unauthorized consumption, or
incorrect association between applications and quantum resources.
* The explicit freshness and lifetime information about QUI
allocations and service-unit bindings, to address attacks related
to replay, stale-state reuse, and state confusion risks during
establishment, re-binding, and consumption of shared states.
* The protection of classical ancillary functions associated with
nodes, as any manipulation of these functions can impact security,
triggering wrong correction operations, incorrect service-unit
binding, or unauthorized use of quantum resources.
* The trust issues in inter-domain exchanges, especially at the
control and management planes.
Furthermore, as the identification of interfaces and protocols
progresses other considerations will be required. In particular, the
security considerations included in the documents referenced for the
Connectivity Stratum, [RFC8453] and [RFC8637] apply to the proposed
framework.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
Lopez, et al. Expires 4 January 2027 [Page 38]
Internet-Draft qi-multiplane-arch July 2026
[RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names
(URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017,
<https://www.rfc-editor.org/rfc/rfc8141>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8597] Contreras, LM., Bernardos, CJ., Lopez, D., Boucadair, M.,
and P. Iovanna, "Cooperating Layered Architecture for
Software-Defined Networking (CLAS)", RFC 8597,
DOI 10.17487/RFC8597, May 2019,
<https://www.rfc-editor.org/rfc/rfc8597>.
9.2. Informative References
[ALTOQ24] Muniz, A., Canto, R., Contreras, L., Pastor, A., Lopez,
D., and J. Morales, "Using Protocol to Address SD-QKD
Federation in Multi-Domain Scenarios", July 2024,
<https://ieeexplore.ieee.org/document/10628176>.
[BRIEGEL98]
Briegel, H.-J., Dür, W., Cirac, J. I., and P. Zoller,
"Quantum Repeaters: The Role of Imperfect Local Operations
in Quantum Communication", December 1998,
<https://doi.org/10.1103/PhysRevLett.81.5932>.
[CLASEVO] Contreras, L. M., Boucadair, M., Lopez, D., and C. J.
Bernardos, "An Evolution of Cooperating Layered
Architecture for SDN (CLAS) for Compute and Data
Awareness", Work in Progress, Internet-Draft, draft-
contreras-coinrg-clas-evolution-03, 5 July 2024,
<https://datatracker.ietf.org/doc/html/draft-contreras-
coinrg-clas-evolution-03>.
[CUOMO20] Cuomo, D., Caleffi, M., and A. S. Cacciapuoti, "Towards a
distributed quantum computing ecosystem", July 2020,
<https://doi.org/10.1049/iet-qtc.2020.0002>.
[DAHLBERG19]
Dahlberg, A., Skrzypczyk, M., Coopmans, T., Wubben, L.,
Rozpędek, F., Pompili, M., Stolk, A., Pawełczak, P.,
Knegjens, R., Filho, J. de O., Hanson, R., and S. Wehner,
"A link layer protocol for quantum networks", August 2019,
<https://doi.org/10.1145/3341302.3342070>.
Lopez, et al. Expires 4 January 2027 [Page 39]
Internet-Draft qi-multiplane-arch July 2026
[ETSI04] "ETSI GS QKD 004: Quantum Key Distribution (QKD);
Application Interface", August 2020,
<https://www.etsi.org/deliver/etsi_gs/
QKD/001_099/004/02.01.01_60/gs_QKD004v020101p.pdf>.
[ETSI14] "ETSI GS QKD 014: Quantum Key Distribution (QKD); Protocol
and data format of REST-based key delivery API", February
2019, <https://www.etsi.org/deliver/etsi_gs/
QKD/001_099/014/01.01.01_60/gs_qkd014v010101p.pdf>.
[ETSI15] "ETSI GS QKD 015: Quantum Key Distribution (QKD); Control
Interface for Software Defined Networks", April 2022,
<https://www.etsi.org/deliver/etsi_gs/
QKD/001_099/015/02.01.01_60/gs_QKD015v020101p.pdf>.
[ETSI18] "ETSI GS QKD 018: Quantum Key Distribution (QKD);
Orchestration Interface for Software Defined Networks",
April 2022, <https://www.etsi.org/deliver/etsi_gs/
QKD/001_099/018/01.01.01_60/gs_QKD018v010101p.pdf>.
[ETSI23] "ETSI Work-Item QKD 023: Quantum Key Distribution (QKD);
Monitoring Interface and Data Model", n.d.,
<https://portal.etsi.org/webapp/WorkProgram/
Report_WorkItem.asp?WKI_ID=69537>.
[EUROQCI] "The European Quantum Communication Infrastructure
(EuroQCI) Initiative", September 2023, <https://digital-
strategy.ec.europa.eu/en/policies/european-quantum-
communication-infrastructure-euroqci>.
[EVCK25] Lopez, B., Vidal, I., Valera, F., and D. Lopez, "An
Enhanced Virtualized Control and Key Management Model for
QKD Networks", January 2025,
<https://ieeexplore.ieee.org/document/10870375>.
[GOTTESMAN99]
Gottesman, D. and I. Chuang, "Demonstrating the viability
of universal quantum computation using teleportation and
single-qubit operations", November 1999,
<https://doi.org/10.1038/46503>.
[HSESNY] Craddock, A. N., Cowan, T., Bigagli, N., Yekasiri, S.,
Robinson, D., Portmann, G. B., Guo, Z., Kilzer, M., Zhao,
J., Flament, M., Shabani, J., Nejabati, R., and M. Namazi,
"High-rate Scalable Entanglement Swapping Between Remote
Entanglement Sources on Deployed New York City Fibers",
February 2026,
<https://doi.org/10.48550/arXiv.2602.15653>.
Lopez, et al. Expires 4 January 2027 [Page 40]
Internet-Draft qi-multiplane-arch July 2026
[ITUQ4160] "ITU-T Recommendation Q.4160: Quantum key distribution
networks – Protocol framework", December 2023,
<https://www.itu.int/rec/T-REC-Q.4160>.
[ITUQNTB] "Draft new Technical Report ITU-T YSTR.QN-TB: Analysis of
quantum network architecture from existing testbeds",
November 2025,
<https://www.ietf.org/lib/dt/documents/LIAISON/liaison-
2025-12-18-itu-t-sg-13-opsawg-ls-on-work-progress-on-
quantum-key-distribution-qkd-network-in-sg13-as-of-
november-2025-attachment-1.pdf>.
[ITUTRQNUC]
"ITU-T Technical Report Y.TR-QN-UC: Use cases of quantum
networks beyond QKDN", November 2023,
<https://www.itu.int/rec/T-TUT-QN>.
[ITUY3800] "ITU-T Recommendation Y.3800: Overview on networks
supporting quantum key distribution", July 2020,
<https://www.itu.int/rec/T-REC-Y.3800>.
[ITUY3802] "ITU-T Recommendation Y.3802: Quantum key distribution
networks. Functional architecture", April 2021,
<https://www.itu.int/rec/T-REC-Y.3802>.
[JIANG09] Jiang, L., Taylor, J. M., Nemoto, K., Munro, W. J., Meter,
R. V., and M. D. Lukin, "Quantum Repeater with Encoding",
March 2009, <https://doi.org/10.1103/PhysRevA.79.032325>.
[MADQCI23] Martin, V., Brito, J. P., Ortíz, L., Brito-Méndez, R.,
Vicente, R., Saez-Buruaga, J., Sebastian, A. J., Aguado,
D. G., García-Cid, M. I., Setien, J., Salas, P.,
Escribano, C., Dopazo, E., Rivas-Moscoso, J., Pastor-
Perales, A., and D. Lopez, "The Madrid Testbed: QKD SDN
Control and Key Management in a Production Network", July
2023, <https://ieeexplore.ieee.org/document/10207295>.
[MURALI16] Muralidharan, S., Li, L., Kim, J., Lütkenhaus, N., Lukin,
M. D., and L. Jiang, "Optimal architectures for long
distance quantum communication", February 2016,
<https://doi.org/10.1038/srep20463>.
[NetSquid] Coopmans, T., Knegjens, R., Dahlberg, A., Maier, D.,
Nijsten, L., Filho, J. de O., and et. al., "NetSquid, a
NETwork Simulator for QUantum Information using Discrete
events", July 2021,
<https://doi.org/10.1038/s42005-021-00647-8>.
Lopez, et al. Expires 4 January 2027 [Page 41]
Internet-Draft qi-multiplane-arch July 2026
[NFV06] "ETSI GS NFV 006: Network Functions Virtualisation (NFV)
Release 4; Management and Orchestration; Architectural
Framework Specification", December 2022,
<https://www.etsi.org/deliver/etsi_gs/
NFV/001_099/006/04.04.01_60/gs_NFV006v040401p.pdf>.
[PSQN22] DiAdamo, S., Qi, B., Miller, G., Kompella, R., and A.
Shabani, "Packet switching in quantum networks: A path to
the quantum Internet", October 2022,
<https://journals.aps.org/prresearch/abstract/10.1103/
PhysRevResearch.4.043064>.
[QCE24] Islam, M. S., Chung, J., Kettimuthu, R., Ramesh, A., and
P. Kumar, "Experiences on developing an on-demand
entanglement service coexisting with classical traffic
over a Q-LAN testbed", September 2024,
<https://doi.org/10.1109/QCE60285.2024.00089>.
[QIA] "Quantum Internet Alliance", n.d.,
<https://quantuminternetalliance.org>.
[QIPS22] Illiano, J., Caleffi, M., Manzalini, A., and A. S.
Cacciapuoti, "Quantum Internet Protocol Stack: a
Comprehensive Survey", August 2022,
<https://www.sciencedirect.com/science/article/abs/pii/
S1389128622002250>.
[QIROAD18] Wehner, S., Elkouss, D., and R. Hanson, "Quantum internet:
A vision for the road ahead", October 2018,
<https://doi.org/10.1126/science.aam9288>.
[QKNDT24] Martin, R., Lopez, B., Vidal, I., Valera, F., and B.
Nogales, "Service for Deploying Digital Twins of QKD
Networks", January 2024,
<https://doi.org/10.3390/app14031018>.
[QNAD] Cacciapuoti, A. S., Caleffi, M., Illiano, J., De Risi, C.,
Abane, A., and J. Chung, "Quantum-Native Architectural
Tenets and Philosophy for the Quantum Internet", Work in
Progress, Internet-Draft, draft-cacciapuoti-qirg-quantum-
native-architecture-01, 20 April 2026,
<https://datatracker.ietf.org/doc/html/draft-cacciapuoti-
qirg-quantum-native-architecture-01>.
Lopez, et al. Expires 4 January 2027 [Page 42]
Internet-Draft qi-multiplane-arch July 2026
[QNSA24] Lopez, B., Vidal, I., Valera, F., Lopez, D., and A.
Pastor, "Unleashing Flexibility and Interoperability in
QKD Networks: The Power of Softwarized Architectures",
July 2024,
<https://ieeexplore.ieee.org/document/10628345>.
[QREPS] Azuma, K., Economou, S. E., Elkouss, D., Hilaire, P.,
Jiang, L., Lo, H.-K., and I. Tzitrin, "Quantum repeaters:
From quantum networks to the quantum internet", December
2023, <https://doi.org/10.1103/RevModPhys.95.045006>.
[QTTI21] Martin, V., Brito, J. P., Escribano, C., Menchetti, M.,
White, C., Lord, A., Wissel, F., Gunkel, M., Gavignet, P.,
Genay, N., Moult, O. L., Abellan, C., Manzalini, A.,
Pastor-Perales, A., Lopez, V., and D. Lopez, "Quantum
Technologies in the Telecommunications Industry", July
2021, <https://epjquantumtechnology.springeropen.com/
articles/10.1140/epjqt/s40507-021-00108-9>.
[QUADDR] Caleffi, M. and A. S. Cacciapuoti, "Quantum Internet
Architecture: unlocking Quantum-Native Routing via Quantum
Addressing", July 2025,
<https://doi.org/10.48550/arXiv.2507.19655>.
[QUDITTO] "Quditto, a tool that allows deploying digital twins of
QKD networks over classical infrastructure", April 2025,
<https://quditto.io/>.
[QuNetSim] Diadamo, S., Nötzel, J., Zanger, B., and M. M. Beşe,
"QuNetSim: A Software Framework for Quantum Networks",
June 2021, <https://doi.org/10.1109/TQE.2021.3092395>.
[RFC8453] Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
Abstraction and Control of TE Networks (ACTN)", RFC 8453,
DOI 10.17487/RFC8453, August 2018,
<https://www.rfc-editor.org/rfc/rfc8453>.
[RFC8637] Dhody, D., Lee, Y., and D. Ceccarelli, "Applicability of
the Path Computation Element (PCE) to the Abstraction and
Control of TE Networks (ACTN)", RFC 8637,
DOI 10.17487/RFC8637, July 2019,
<https://www.rfc-editor.org/rfc/rfc8637>.
[RFC9340] Kozlowski, W., Wehner, S., Van Meter, R., Rijsman, B.,
Cacciapuoti, A. S., Caleffi, M., and S. Nagayama,
"Architectural Principles for a Quantum Internet",
RFC 9340, DOI 10.17487/RFC9340, March 2023,
<https://www.rfc-editor.org/rfc/rfc9340>.
Lopez, et al. Expires 4 January 2027 [Page 43]
Internet-Draft qi-multiplane-arch July 2026
[RFC9583] Wang, C., Rahman, A., Li, R., Aelmans, M., and K.
Chakraborty, "Application Scenarios for the Quantum
Internet", RFC 9583, DOI 10.17487/RFC9583, June 2024,
<https://www.rfc-editor.org/rfc/rfc9583>.
[SATOH20] Satoh, T., Nagayama, S., Suzuki, S., Matsuo, T., Hajdušek,
M., and R. V. Meter, "Attacking the Quantum Internet",
July 2021, <https://doi.org/10.1109/TQE.2021.3094983>.
[SeQUeNCe] Wu, X., Kolar, A., Chung, J., Jin, D., Zhong, T.,
Kettimuthu, R., and M. Suchara, "SeQUeNCe: A Customizable
Discrete-Event Simulator of Quantum Networks", September
2020, <https://doi.org/10.1088/2058-9565/ac22f6>.
[TAPI240] "ONF Transport API SDK 2.4.0", n.d., <https://github.com/
Open-Network-Models-and-Interfaces-ONMI/TAPI/releases/tag/
v2.4.0>.
Acknowledgments
This document is based on work partially funded by the EU Horizon
Europe project QSNP (grant 101114043), the Spanish UNICO project
OPENSEC (grant TSI-063000-2021-60), and the MadridQuantum–CM project
(funded by the EU, NextGenerationEU, grant PRTR-C17.I1, and by the
Comunidad de Madrid, Programa de Acciones Complementarias).
Authors' Addresses
Diego Lopez
Telefonica
Email: diego.r.lopez@telefonica.com
Vicente Martin
UPM
Email: vicente.martin@upm.es
Blanca Lopez
IMDEA Networks
Email: blanca.lopez@imdea.org
Luis M. Contreras
Telefonica
Email: luismiguel.contrerasmurillo@telefonica.com
Lopez, et al. Expires 4 January 2027 [Page 44]
Internet-Draft qi-multiplane-arch July 2026
Chathura Sarathchandra
InterDigital
Email: chathura.sarathchandra@interdigital.com
Lopez, et al. Expires 4 January 2027 [Page 45]