Skip to main content

A Multiplane Architecture Proposal for the Quantum Internet
draft-irtf-qirg-qi-multiplane-arch-02

Document Type Active Internet-Draft (qirg RG)
Authors Diego Lopez , Vicente Martin , Blanca Lopez , Luis M. Contreras , Chathura Sarathchandra
Last updated 2026-07-03
Replaces draft-lopez-qirg-qi-multiplane-arch
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-irtf-qirg-qi-multiplane-arch-02
Quantum Internet Research Group                                 D. Lopez
Internet-Draft                                                Telefonica
Intended status: Informational                                 V. Martin
Expires: 4 January 2027                                              UPM
                                                                B. Lopez
                                                          IMDEA Networks
                                                         L. M. Contreras
                                                              Telefonica
                                                        C. Sarathchandra
                                                            InterDigital
                                                             3 July 2026

      A Multiplane Architecture Proposal for the Quantum Internet
                 draft-irtf-qirg-qi-multiplane-arch-02

Abstract

   A consistent reference architecture model for the Quantum Internet is
   required to progress in its evolution, providing a framework for the
   integration of the protocols applicable to it, and enabling the
   advance of the applications based on it.  This model has to satisfy
   three essential requirements: agility, so it is able to adapt to the
   evolution of quantum communications base technologies,
   sustainability, with open availability in technological and
   economical terms, and pliability, being able to integrate with the
   operations and management procedures in current networks.  This
   document proposes such an architecture framework, with the goal of
   providing a conceptual common framework for the integration of
   technologies intended to build the Quantum Internet infrastructure
   and its integration with the current Internet.  The framework is
   based on the already extensive experience in the deployment of QKD
   network infrastructures and on related initiatives focused on the
   integration of network infrastructures and services.

About This Document

   This note is to be removed before publishing as an RFC.

   The latest revision of this draft can be found at
   https://dr2lopez.github.io/qi-multiplane-arch/draft-irtf-qirg-qi-
   multiplane-arch.html.  Status information for this document may be
   found at https://datatracker.ietf.org/doc/draft-irtf-qirg-qi-
   multiplane-arch/.

Lopez, et al.            Expires 4 January 2027                 [Page 1]
Internet-Draft             qi-multiplane-arch                  July 2026

   Discussion of this document takes place on the Quantum Internet
   Research Group Research Group mailing list (mailto:qirg@irtf.org),
   which is archived at https://mailarchive.ietf.org/arch/browse/qirg/.
   Subscribe at https://www.ietf.org/mailman/listinfo/qirg/.

   Source for this draft and an issue tracker can be found at
   https://github.com/dr2lopez/qi-multiplane-arch.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 4 January 2027.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   5
   3.  Base Technologies: Evolved SDN Concepts and Network
           Virtualization  . . . . . . . . . . . . . . . . . . . . .   5
   4.  Applying Base Technologies: The QKD Experience  . . . . . . .   7
     4.1.  A QKD Multi-Plane Architecture  . . . . . . . . . . . . .   7
     4.2.  Applying SDN and Network Virtualization Principles  . . .   9
   5.  A Framework Architecture for the Quantum Internet . . . . . .  11
     5.1.  CLAS and Quantum Networks . . . . . . . . . . . . . . . .  11
     5.2.  Strata for Quantum Networks . . . . . . . . . . . . . . .  12

Lopez, et al.            Expires 4 January 2027                 [Page 2]
Internet-Draft             qi-multiplane-arch                  July 2026

     5.3.  The Service Unit Concept  . . . . . . . . . . . . . . . .  16
       5.3.1.  Applying Service Units in QKD Networks  . . . . . . .  16
       5.3.2.  Generalizing Service Units  . . . . . . . . . . . . .  17
       5.3.3.  Scoped Handles for Service Units (QUI)  . . . . . . .  20
       5.3.4.  Quantum QoS Parameters  . . . . . . . . . . . . . . .  21
       5.3.5.  Classical Ancillary Functions . . . . . . . . . . . .  23
     5.4.  An Example Service-Unit Establishment Procedure . . . . .  23
   6.  Identification of Interfaces and Protocols  . . . . . . . . .  25
     6.1.  Mapping Current Proposals . . . . . . . . . . . . . . . .  27
       6.1.1.  Quantum Physical Foundations and Repeater
               Technology  . . . . . . . . . . . . . . . . . . . . .  27
       6.1.2.  Network Architecture and Protocols  . . . . . . . . .  30
       6.1.3.  Service Abstractions and Application Frameworks . . .  31
       6.1.4.  Security  . . . . . . . . . . . . . . . . . . . . . .  32
     6.2.  The Role of Synthetic Environments  . . . . . . . . . . .  32
   7.  Related Standardization and Industry Work . . . . . . . . . .  35
     7.1.  ITU-T . . . . . . . . . . . . . . . . . . . . . . . . . .  35
     7.2.  ETSI  . . . . . . . . . . . . . . . . . . . . . . . . . .  36
     7.3.  ISO/IEC . . . . . . . . . . . . . . . . . . . . . . . . .  37
     7.4.  Industry and Consortia  . . . . . . . . . . . . . . . . .  37
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  38
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  38
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  38
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  39
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  44
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  44

1.  Introduction

   As another case of the "classical vs quantum" apparent
   contradictions, the nature of quantum communications [QTTI21],
   associated with natural physical effects that require a specific
   infrastructure to be used for communications, poses a significant
   challenge in the definition of any network reference architecture to
   be used for such communications.  Furthermore, given that a quantum
   network necessarily depends on some classical communications and
   protocols to function fully, we need this reference network
   architecture to also incorporate these classical elements.  We should
   not think of two separate environments, but rather a unified one
   where the classical and quantum parts interoperate as seamlessly as
   possible.  The growing interest in quantum networking, its
   applications, and the eventual availability of a Quantum Internet,
   require of consensus on an architecture framework able to support the
   definition and evolution of different protocols and interfaces.

   Several steps have been taken in this direction, including the
   identification of architectural principles and base technologies made
   in {RFC9340}}, the description of relevant use cases [RFC9583], and

Lopez, et al.            Expires 4 January 2027                 [Page 3]
Internet-Draft             qi-multiplane-arch                  July 2026

   specific approaches to layered models for Quantum Networking,
   summarized and discussed in [QIPS22].  While the principles provide
   an extremely valuable common ground for further collaboration among
   quantum and network practitioners, they are not intended to provide
   the solid framework required for progressing in the definition of
   specific protocols and other interfaces for common network management
   tasks and interactions with user applications.  On the other hand,
   the proposals made for a layered approach provide interesting
   insights on requirements and potential mechanisms to structure
   quantum communications, but, first, they do not include essential
   aspects for a network at scale and, second and most important, they
   do not take into account the need for direct interactions beyond the
   layered structure, such as those between classical and quantum
   networking services, between applications and the quantum network,
   etc.

   In parallel, the operational experience with the first kind of
   infrastructures using quantum communication technologies to provide
   an actual network service, those focused on Quantum Key Distribution
   (QKD), has allowed practitioners to explore the solution space and
   identify design patterns that can serve as concrete examples within
   the general case of a Quantum Internet.  A corpus of architectural
   proposals [ITUY3802], experimental deployments [MADQCI23] and pilot
   infrastructures [EUROQCI] have become available in the recent years,
   and can be used to derive useful conclusions, especially if combined
   with recent proposals in network architecture [RFC8597], intended to
   address the complexity of management and integration at scale beyond
   the basic layered constructs supporting connectivity.

   This document is intentionally a framework document: it does not
   prescribe a single protocol stack or a fixed layering.  Instead, it
   provides a set of architectural anchors that allow new proposals to
   be positioned, compared, and discussed consistently.  The document
   proposes a multi-plane reference architecture for the Quantum
   Internet, derived from available proposals and operational
   experience.  The proposal attempts to define a framework with three
   essential properties to guarantee a seamless evolution of the
   technology, and the consolidation of applications and management
   practices:

   *  Agility: Provide abstractions able to incorporate new protocols
      and interfaces as the technology evolves, avoiding a tight
      coupling with specific physical technologies.

   *  Sustainability: Considering it at all levels and in full scale,
      especially regarding environmental and social impacts, including
      open availability in technological and economical terms, and
      fostering infrastructure reuse.

Lopez, et al.            Expires 4 January 2027                 [Page 4]
Internet-Draft             qi-multiplane-arch                  July 2026

   *  Pliability: Facilitate the seamless integration of classical and
      quantum network operational procedures, applying and adapting best
      practices in use by the Internet community.

   And trying to address three essential characteristics already
   identified in [PSQN22]:

   *  Universality, so a quantum network can accommodate any
      application.

   *  Transparency, so quantum network deployments allow the coexistence
      [QCE24] of classical and quantum signals over the same medium.

   *  Scalability, so quantum networking protocols can support the
      growth of the network.

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Base Technologies: Evolved SDN Concepts and Network Virtualization

   SDN concepts are at the core of current networking technologies.
   From the original ideas of separating control and forwarding planes,
   connected by open interfaces and supporting programmability and
   logically-centralized management.  As part of this evolution of SDN
   concepts, the Cooperating Layered Architecture for Software-Defined
   Networking (CLAS) [RFC8597] described a SDN architecture structured
   in two different strata, namely Service Stratum and Transport
   Stratum.  On one hand, the Service Stratum contains the functions
   related to the provision of services and the capabilities offered to
   external applications.  On the other hand, the Transport Stratum
   comprises the functions focused on the transfer of data between the
   communication endpoints, e.g., between end-user devices, between two
   service gateways, etc.

Lopez, et al.            Expires 4 January 2027                 [Page 5]
Internet-Draft             qi-multiplane-arch                  July 2026

   It is worth noting this management centralization does not contradict
   the distributed principles generally applied in current networks.
   Local control decisions are intended to be coordinated by centralized
   management.  While the communication between the controller and the
   controlled elements relies on some kind of SDN protocol, the
   controller exposes a consistent abstract model of the network devices
   and topology, that can be structured in a hierarchy of abstractions,
   from lower-level, element-focused ones, up to application-oriented
   ones.

   While SDN ensures higher degrees of flexibility and reconfigurability
   by allowing network functions to be easily modified and upgraded
   through software changes, virtualization enables the abstraction of
   hardware devices by creating virtual instances, which improves
   scalability, resource efficiency and allows the dynamic allocation of
   softwarized network functions in different locations.  As quantum
   technology evolves, a virtualized layer for softwarized network
   functions significantly aids adaptation to these changes, ensuring
   pliability and responsiveness for seamless updates, and incorporating
   new mechanisms without extensive hardware modifications.

   These approaches pave the way for a tighter integration of quantum
   functionality with functions already established in state of the art
   classical networks, including support for user/function
   authentication and authorization, and support for user and function
   mobility, while adhering to established network standards.
   Integrating these mechanisms enhance security measures and ensure
   that quantum networks can seamlessly interface with existing and
   future telecommunications infrastructure.

   The use of these base technologies support a seamless interface with
   classical networks (commonly identified as OTN, Optical Transport
   Networks), addressing three basic principles, related to the ones we
   mentioned above: facilitate the coexistence on physical
   infrastructure (sustainability and transparency), apply the
   abstractions commonly used in open and disaggregated networks
   (agility and universality), and reuse the best practices in network
   management being applied in current infrastructures (pliability and
   scalability).

   SDN and virtualization support the integration of control and
   management, even if the distinct nature of network elements and the
   mediation nature of the controller role do not make advisable the use
   of common quantum/OTN controllers.  There are common abstractions
   able to support cross-interactions among controllers and management
   applications, especially regarding:

Lopez, et al.            Expires 4 January 2027                 [Page 6]
Internet-Draft             qi-multiplane-arch                  July 2026

   *  Quantum management applications requiring operations on topologies
      and physical paths in the OTN mediated by an OTN controller.

   *  OTN management applications requiring operation on quantum
      topologies mediated by the quantum controller.

   *  Topology updates exchanged between quantum and OTN controllers.

   *  The coordination through an integrated controller (commonly
      referred as "orchestrator"), able to provide a common view to
      application network functions.

4.  Applying Base Technologies: The QKD Experience

   The design and deployment of QKD infrastructures has followed a
   number of design principles, based on the best practices in network
   architecture and management established during the lifetime of the
   Internet (and even before), and focused on the separation of
   concerns, that have been converging on the trends around applying SDN
   principles and virtualization mechanisms, addressing open
   disaggregation strategies and the identification of separate data and
   control planes, connected by means of open interfaces.  This section
   reviews the practical knowledge acquired from the engineering and
   operation of QKD infrastructures and uses them as a practical
   reference point for the architectural discussion that follows.
   Although several of the concepts and interfaces examined here have
   been shaped by specific QKD implementations and standardization
   efforts, the intention is to highlight which elements appear reusable
   as general design patterns and which remain specific to the
   assumptions and limitations of QKD.  In that sense, QKD is treated in
   this document primarily as an informative example within a broader
   architectural space, and the discussion is framed in a way that
   remains compatible with other quantum networking technologies and
   service models as they mature.

4.1.  A QKD Multi-Plane Architecture

   Applying the SDN and disaggregation principles, QKD infrastructures
   have been essentially structured around three different planes
   [QTTI21].  While we are not talking about a rigid, layered structure,
   where a given layer can only provide services to the immediate upper
   layer and consume services from the immediate lower layer, it is
   worth noting that interactions among elements in the different planes
   must use well-defined interfaces [ETSI04] [ETSI14] [ETSI15] [ETSI18],
   and these interactions may incorporate a layered approach.

Lopez, et al.            Expires 4 January 2027                 [Page 7]
Internet-Draft             qi-multiplane-arch                  July 2026

   In this approach, the Quantum Forwarding Plane (QFP) is in charge of
   performing the operations (quantum and classical) to ensure the
   exchange of the quantum signals or enable the utilization of
   persistent quantum resources, like persistent, distributed
   entanglement.  In QKD, the QFP encapsulates all the functionality
   required to obtain an end-to-end secret key across the network.  This
   implies the transmission of the quantum signals and the execution of
   any associated protocols.  Note this would require the use of
   classical procedures, either via a separated physical "classical
   channel" [QTTI21] or the reuse of a common channel, as proposed in
   "packet-oriented" approaches [PSQN22].  In this sense, the forwarding
   of the keys at intermediate nodes in the multi-hop chains used to
   overcome current limitations in propagation of quantum signals or
   states, has to be considered part of the QFP, since it is done
   exclusively on behalf of the QKD functionality.

   On its side, the Service Overlay Plane (SOP) supports the use of the
   keys derived from the QFP by applications.  This includes the
   storage, identification, delivery, and lifecycle management of the
   units of consumption (keys of different length, delivered according
   to specific patterns) at the endpoints of the network.  All network
   functionalities at this plane can be considered application-oriented,
   with a clear mapping to an overlay data plane in a classical network,
   though the SOP elements should be aware of the nature and specific
   needs of the QFP they interact with.  Key management mechanisms,
   beyond key forwarding by intermediate nodes, fit within the SOP.
   This comprises methods such as hybridization and augmentation
   techniques, or the means for synchronizing key identifiers across API
   boundaries.

   Finally, the Control and Management Plane (CMP) is made of the
   elements that create and supervise the state of the network.  This
   decoupling between network configuration and (general) data
   forwarding is supported by the controller, a mediation logically
   centralized element between the control capabilities supported by the
   elements in the QFP and SOP and the management and control functions.
   These management and control applications rely on the controller,
   taking advantage of the centralization it provides, to guarantee the
   best performance of the network and avoid diverging local control
   decisions that might lead to sub-optimal configurations.

   Supported by these abstractions, QKD infrastructures are evolving
   from a conglomerate of links, where keys derived from the protocol
   applied to a link are used to secure the communication between two
   entities directly associated to the endpoints of the link, into real
   networks, able to forward a key to be used between any two entities
   attached to the network.  The entities in the SOP play a key role for
   this, supporting the storage, delivery and lifecycle management of

Lopez, et al.            Expires 4 January 2027                 [Page 8]
Internet-Draft             qi-multiplane-arch                  July 2026

   the service units being consumed by the applications attached to the
   network.  These SOP entities, are commonly referred as KME (Key
   Management Entity), acting as key storage for a specific element or
   elements in the QFP, and providing an endpoint for applications to
   request and consume keys for a specific secure interaction.  The
   interfaces KMEs use to interact with the QFP elements are usually
   provided by specific (commonly software-based) components, acting as
   agents in the QFP, and therefore termed Key Management Agent (KMA).

   Several of these KMEs can be logically grouped into what is called a
   KMS (Key Management System), supporting a set of related applications
   grouped into a trust domain, and therefore consistently operated by a
   corresponding entity in the CMP.  The differentiation between KME and
   KMS functionalities becomes more apparent as networks expand and
   consolidate, with many cases of current QKD link-oriented
   infrastructures referring to a KMS as the entity integrating both
   roles.

   In summary, QKD infrastructures are converging into an extended SDN
   model, with two differentiated data planes, controlled in a
   coordinated manner through a common Control and Management Plane,
   that supports aggregated mechanisms for further orchestration.  The
   QFP/SOP duality constitutes a common abstract foundation for a
   general approach to quantum communications networks, regardless of
   their final purpose.

4.2.  Applying SDN and Network Virtualization Principles

   At the application level, end-to-end key management and end-to-end
   key creation are obviously the main target.  Since many applications
   of these keys are related to classical communications (direct
   encryption, key derivation for symmetric algorithms, peer identity…)
   there is a clear interface for the SOP, with classical network
   functions acting as consumers of the keys or, in general terms, the
   bit streams generated by the QFP.  Further on, the application of NFV
   mechanisms to any network function allows for its implementation
   through software virtualization techniques (virtual machines, para-
   virtualization containers, unikernels, etc.), irrespectively of their
   application environments or specific plane.  The lifecycle management
   of all network functions, of any nature, under a common MANO stack
   [NFV06], seems the most reasonable option.

   While there is a radical difference between the network elements in
   quantum networks and OTN, and therefore interactions in data
   forwarding are not feasible, with only two exceptions: the
   possibility of sharing physical media, and the use of classical
   channels to support QKD algorithms, as it is the case of distillation
   channels in protocols like BB84.  In this case, a proper control of

Lopez, et al.            Expires 4 January 2027                 [Page 9]
Internet-Draft             qi-multiplane-arch                  July 2026

   the path and physical parameters has to be applied to minimize
   interferences of any nature and guarantee optical classical
   connectivity for the quantum algorithms.

   Recent proposals for QKD network management have explored the use of
   operational models that radically leverage the virtualization of
   control and key management functionalities [EVCK25].  For key
   exchange, current technology does not allow direct end-to-end quantum
   key exchange between distant nodes.  Instead, key distribution must
   rely on trusted intermediary nodes to transmit keys hop-by-hop.  A
   key management layer where the actions of all nodes are coordinated
   is needed to ensure secure and efficient key distribution.
   Virtualizing and decoupling key management from the physical QKD
   devices enhances flexibility and scalability, and supports the
   integration of hybrid cryptographic strategies, combining QKD and
   post-quantum algorithms to ensure security and performance.
   Additionally, it allows real-time performance monitoring, data-driven
   control and management, and tailored access and admission mechanisms
   [QNSA24].

   The virtualized key management layer acts as an intermediary between
   the clients and the cryptographic material generating devices.  This
   layer would have as functions both those that fall within the
   framework of the SOP defined in previous sections, as well as key
   forwarding, specific to the QFP.  For the latter, each functional
   element of this layer, identified as key managers entities in
   [EVCK25], has a forwarding table, which can be dynamically updated
   whenever necessary by the control plane.  Additionally, they
   implement a token bucket for each application session, to control the
   request rate by limiting it to an agreed-upon value at the Quality of
   Service (QoS) level.

   The virtualized control plane can have different functional elements,
   and, as with the key management layer, several instances of the same
   element can be executed as necessary for the correct operation of the
   network.  Foundational elements include: a controller, an access
   control and an admission control component, a routing module, and a
   monitoring element.  This set allows the execution of network access
   policies, ensuring that no unauthorized user or process enters the
   network, verifies the configuration parameters of new sessions opened
   by applications, ensuring that they are granted the appropriate QoS,
   and performs performance tests on the physical links and collecting
   statistics on the QKD modules, quickly alerting about any failure or
   possible attack on the QFP.

Lopez, et al.            Expires 4 January 2027                [Page 10]
Internet-Draft             qi-multiplane-arch                  July 2026

5.  A Framework Architecture for the Quantum Internet

   Based on the available experience on the deployment of existing QKD
   infrastructures and on the evolution of SDN-enabled architectures
   described in the previous section, this document proposes an
   architecture framework intended to offer a conceptual common
   framework for the integration of technologies intended to build the
   Quantum Internet infrastructure and its integration with the current
   Internet.

   Once we presented in the previous section the lessons learned from
   QKD deployments, introducing a general architecture applicable to
   those deployments, in this section we propose the generalization of
   such architecture towards a Quantum Internet, augmented by the
   extended SDN approach proposed by the evolved CLAS in [CLASEVO].  In
   what follows, we will discuss how this framework architecture would
   support the required properties: agility, allowing for technology
   evolution, sustainability, fostering infrastructure reuse, and
   pliability, supporting operational best practices.

5.1.  CLAS and Quantum Networks

   As discussed in the previous section, SDN principles have enabled the
   base abstractions for the conceptualization of QKD infrastructures,
   including the services they provide and the required interactions in
   the use of classical infrastructure to support the required
   connectivity patterns.  The original CLAS architecture, as defined by
   [RFC8597], addresses SDN evolution considering the forwarding
   (transport) and service aspects in two separated but coordinated
   planes.  This approach matches the multi-plane approach described for
   QKD infrastructures, though it seems somehow limited to address the
   required interactions with physical connectivity, as well as to
   incorporate general requirements regarding automation to support
   convergence with operational practices.

   The new extension of the CLAS architecture, as defined in [CLASEVO],
   intends to address the current evolution of networks and the services
   they support introducing new aspects, in particular the
   considerations of distributed computing capabilities attached to
   different points in the network, and the introduction of evidence-
   driven techniques, such as Analytics, Artificial Intelligence (AI)
   and Machine Learning (ML) to improve operations by means of closed-
   loop automation.

   The CLAS framework provides a sound foundation for incorporating the
   experience gained with QKD deployments in a general proposal
   applicable to the Quantum Internet, as it is essentially compatible
   with the architectural lessons learned within the QKD fields, and at

Lopez, et al.            Expires 4 January 2027                [Page 11]
Internet-Draft             qi-multiplane-arch                  July 2026

   the same time supports additional degrees of freedom regarding the
   integration of control mechanisms, and the interplay with the
   (shared) infrastructure and its management.

   Furthermore, we propose here a general network architecture trying to
   incorporate relevant trends such as cloud nativeness, the integration
   of zero-touch management, or the considerations about intent.  With
   this in mind, in what follows a CLAS-based architecture frameworks
   for quantum communications networks is introduced, including the
   proposed strata and their main characteristics.

5.2.  Strata for Quantum Networks

   The CLAS architecture was initially conceived from the perspective of
   exploiting the advantages of network programmability in operational
   networks, complementing and going beyond the traditional layered
   structure of the original SDN proposal.  Following the CLAS
   philosophy, as proposed in its recent update [CLASEVO] of decoupling
   services, additional functionality, and base connectivity, the
   architecture of a quantum network should be composed of:

   *  A Service Stratum, dealing with the functionality related to the
      purpose of the quantum network, and aligned with SOP described for
      QKD networks above.  At this moment, the most general service,
      beyond QKD key management, is obviously entanglement distribution
      in a general quantum network.  This stratum is intentionally
      defined in a technology and service-agnostic way.  It does not
      assume a fixed layering or a single, primary service.  In addition
      to QKD key management, candidate services include entanglement
      distribution, time synchronization, identity assurance, or
      sensing.  The service stratum would consider the relevant service
      units (keys, shared states, identities, timelines...), deal with
      their appropriate disitribution and routing, and deliver these
      service units as requested by the user application functions.  The
      concept of service unit becomes essential here, as the cornerstone
      for fundamental network characteristics (addressing, routing,
      information structuring...) and for the interface to the
      applications using the network.  As the discussion on how to
      identify and relate keys in a wide-area QKD network is still
      alive, the need to identify how to “pack” qubits in a way useful
      for, say, distributed computations or teleportation coding, how to
      route these packs, and how to request and consume services based
      on them is crucial to define how a global quantum network should
      be built and operated.

   *  A Quantum Fabric Stratum, in charge of the direct application of
      quantum protocols and algorithms among the endpoints of a quantum
      link, whatever their number, providing support to bipartite and

Lopez, et al.            Expires 4 January 2027                [Page 12]
Internet-Draft             qi-multiplane-arch                  July 2026

      multipartite entanglement distribution.  It is important to note
      that this stratum must be able to support the appropriate service
      units, but there is no need for a one-to-one mapping between those
      quantum entanglement units and the service units.  As example, let
      us consider entanglement distribution via swapping, which would
      likely occur on a pairwise basis at this stratum, but needs to be
      considered in a collective view to make sense to the applications
      interacting with the service stratum.

   *  A Connectivity Stratum, taking care of providing the paths to
      support the quantum links used by the quantum fabric and service
      strata.  Typically, the connectivity stratum would be supported by
      OTN infrastructure, via fiber and/or open-space links, and would
      follow a common connectivity paradigm, specifically a circuit-
      based or packet-based one.  While current quantum links deal with
      OTN infrastructure according to a circuit-based paradigm, recent
      proposals are addressing the idea of "quantum packets" [PSQN22]
      and the connectivity stratum would have to deal, in general terms,
      with the classical headers of such packets.  Furthermore,
      classical links are always required for supporting quantum links
      procedures, and by any kind of monitoring, control, and management
      connections.  The provisioning of related quantum and classical
      links, and their consistent operation to meet service levels will
      be the main concern of this stratum.

   This architecture, following the CLAS proposal itself, is built under
   the assumption that planes within and across strata communicate
   through well-defined, open interfaces supporting programmability, as
   a generalization of the common SDN architecture that defines a
   controller as a mediator between application and network (forwarding)
   devices.  It includes the archetypal case of a centralized controller
   but is not limited to that particular realization.  These broader
   implications of SDN principles are among the main motivation of the
   original CLAS proposal in [CLASEVO], and it is the main reason for
   using it as the base for the framework proposed by this document.
   The archetypal case of a centralized controller would be the most
   common deployment style, but the architecture is able to support more
   distributed approaches, in which each participating domain runs a
   specific instance of the different strata, providing collaboration by
   the exposure of tailored information to the other domains via border
   protocols, as proposed in [ALTOQ24], in a way equivalent to the
   peering mechanisms in use among current Internet Autonomous Systems.
   Even configurations where a particular domain focuses on one or two
   of the strata, supporting the other strata being hosted in different
   domains is also conceivable.

Lopez, et al.            Expires 4 January 2027                [Page 13]
Internet-Draft             qi-multiplane-arch                  July 2026

   Based on the images used to illustrate the strata proposed in
   [CLASEVO] and [RFC8597], the relationship among the strata described
   above would be as shown in the following diagram:

                                       Application Functions
                                                 /\
                                                 ||
           +-------------------------------------||-------------+
           | Service Stratum                     ||             |
           |                                     \/             |
           |  +--------------+     ...........................  |
           |  | Telemetry Pl.|     . SDN Intelligence        .  |
           |  |              |<===>.                         .  |
           |  +-----/\-------+     .        +--------------+ .  |
           |        ||             .        |   Mgmt. Pl.  | .  |
           |        ||             .  +--------------+     | .  |
           |  +-----\/-------+     .  |  Control Pl. |-----+ .  |
           |  | Resource Pl. |     .  |              |       .  |
           |  |              |<===>.  +--------------+       .  |
           |  +--------------+     ...........................  |
           |                                /\             /\   |
           |                                ||             ||   |
           +--------------------------------||-------------||---+
                            Standard API -- || --          ||
           +--------------------------------||-----+       ||
           | Quantum Fabric Stratum         ||     |       ||
           |                                \/     |       ||
           |  +----------+    ...................  |       ||
           |  | Telemetry|    . SDN             .  |  Std. ||
           |  | Plane    |<==>. Intelligence    .  |  API  ||
           |  +-----/\---+    .    +----------+ .  |    -- || --
           |        ||        .    | Mgmt. Pl.| .  |       ||
           |        ||        .  +----------+ | .  |       ||
           |  +-----\/---+    .  | Control  |-+ .  |       ||
           |  | Resource |    .  | Plane    |   .  |       ||
           |  | Plane    |<==>.  +----------+   .  |       ||
           |  +----------+    ...................  |       ||
           +----------------------------------/\---+       ||
                              Standard API -- || --        ||
                          +-------------------||-----------||-----+
                          | Connectivity      ||           ||     |
                          | Stratum           ||           ||     |
                          |                   \/           \/     |
                          |  +----------+    ...................  |
                          |  | Telemetry|    . SDN             .  |
                          |  | Plane    |<==>. Intelligence    .  |
                          |  +-----/\---+    .    +----------+ .  |
                          |        ||        .    | Mgmt. Pl.| .  |

Lopez, et al.            Expires 4 January 2027                [Page 14]
Internet-Draft             qi-multiplane-arch                  July 2026

                          |        ||        .  +----------+ | .  |
                          |  +-----\/---+    .  | Control  |-+ .  |
                          |  | Resource |    .  | Plane    |   .  |
                          |  | Plane    |<==>.  +----------+   .  |
                          |  +----------+    ...................  |
                          +---------------------------------------+

   Essentially, this architecture model incorporates the findings from
   QKD deployments and addresses the requirements for providing a
   general framework for quantum networks towards the Quantum Internet.
   It is intended to support the evolution of network base technologies,
   provide the degrees of freedom necessary to encompass different
   deployment models, and align with relevant trends in network
   operation, while considering the practical aspects related to
   classical connectivity.

   The proposed architecture will address the evolution of network base
   technologies by providing abstractions able to accommodate to this
   evolution.  Considering the stages analyzed in [QIROAD18], the QKD
   deployment patterns described in the previous section already cover
   "Trusted Repeater Networks" and "Prepare and Measure Networks", and
   the general architecture proposed here is able to accommodate the
   more evolved stages, namely "Entanglement Distribution Networks",
   "Quantum Memory Networks", "Few Qubit Fault-Tolerant Networks", and
   "Quantum Computing Networks".  As immediate examples we can consider
   the integration of features in the Connectivity Stratum with the
   other two strata to support entanglement distribution among different
   locations, or the incorporation of future quantum repeaters into the
   Quantum Fabric Stratum to support more elaborated behaviors of the
   Service Stratum.

   In addition, these network abstractions are intended to provide
   specific degrees of freedom for network design and deployment,
   through the incorporation of independent resource and control planes
   at each stratum.  Given the control mechanisms identified as "SDN
   intelligence" on the diagram above are able to expose open
   interfaces, the approach for coordinating the different strata via
   mechanisms like those defined in [ETSI18] is totally feasible, and
   different aggregation patterns (multi-stratum, multi-domain...) and
   models (federated, hierarchical...) can be applied.  These
   aggregation mechanisms are equally applicable in the case of
   telemetry data and their integration with closed-loop mechanisms for
   automation, in support of the required quantum network agility.

Lopez, et al.            Expires 4 January 2027                [Page 15]
Internet-Draft             qi-multiplane-arch                  July 2026

   The evolved CLAS proposal in [CLASEVO] explicitly incorporates
   current trends in network automation, in whatever the flavor
   including AI and intent expressions.  This architecture guarantees
   the future pliability of quantum networks, in alignment with the
   evolution of best practices in general network management.

   Finally, by explicitly addressing the issues related to the
   connectivity of quantum links, the architecture considers the
   interactions with any other relevant operational aspects required for
   providing quantum network services.  The direct integration of a
   stratum focused on these aspects makes the proposed architecture
   better aligned with the sustainability goal.

5.3.  The Service Unit Concept

5.3.1.  Applying Service Units in QKD Networks

   The service units provided by a QKD network have to be uniquely
   identified within the network, so they can be properly managed by the
   SOP, including their routing across the different required KMEs, the
   requests of appropriate links in the QFP, and the management of the
   lifecycle events related to making the key available to the
   applications willing to use it.  It is important to note we are
   talking about a service unit, and not a data unit associated with a
   particular protocol, and therefore what is relevant here are the
   identification of the two application endpoints (that should include
   a nonce mechanism to identify the specific pairing) together with
   relevant parameters regarding the key lifecycle, such as its length
   and valid time-to-live.  While these are the two essential lifecycle
   parameters, others, as it might be the case of applicable crypto
   algorithms, could be considered as well.  The service unit identifier
   is not directional, i.e., it has no source or destination addresses,
   as it defines a shared state to be used by two applications.  We can
   consider the analogy of transport flows in the current Internet,
   rather than packets.

   The current proposal we are experimenting with advocate for using
   URNs [RFC8141] as endpoint identifiers, taking advantage of their
   nature of location-independent, persistent resource identifiers.  The
   q-component of the endpoint URN can be used to carry the nonce part
   of the specific application identifier.  If we consider that
   lifecycle parameters can be expressed using a specific URN in its
   q-component, we have that a service unit identifier consists of the
   combination of three URNs.

Lopez, et al.            Expires 4 January 2027                [Page 16]
Internet-Draft             qi-multiplane-arch                  July 2026

   As an example, let’s consider URNs for application endpoints use the
   qkd namespace id, and that lifecycle parameters use the URN
   qkd:lifecycle assigned name, with the parameters size and valid-
   until.  A service unit identifier for QKD between two domains, with
   roots madqci and quditto, would look like:

   urn:qkd:madqci:ccips?=nonce=177923
   urn:qkd:quditto:emulator:ipsec:controller?=nid=af33017
   urn:qkd:lifecycle?=size=256&valid-until=1750708945

   The nature of the endpoint identifiers support the use of any
   aggregation and routing mechanisms, ranging from strictly
   hierarchical and centralized schemas based on orchestration
   mechanisms to fully distributed routing algorithms.  The approach
   also supports the use of non-routable identifiers, limited to that a
   given domain or KMS.

   The QKD service unit identifies a shared state between two
   application entities, and therefore cannot be consider directional,
   and the concepts of source and destination do not apply here.
   Nevertheless, directionality is relevant in the process of
   establishing the QKD service unit, both in terms of its identifier
   and of its contents.  In the case of the identifier, one of the
   application entities will request a service unit to the relevant KMS/
   KME it is attached to, identifying itself and the other peer in the
   service unit, together with the applicable lifecycle parameters.
   Relying on the available route information and the replies of the
   intermediate elements in the SOP, the final identifier of the QKD
   service unit will be built.  The associated content, i.e., the bit
   string defining the key to be shared between the two application
   endpoints, will be derived from the elements in the participating
   links in the QFP and the application of any additional mechanisms
   (key encryption, augmentation, trusted node forwarding…) required by
   the participating KMEs and the corresponding links.

5.3.2.  Generalizing Service Units

   The fact we remarked above about the QKD service unit being a shared
   state between two application entities supports a direct translation
   of the concept to apply it in a generalized quantum network.  A
   service unit in this context will correspond to the shared quantum
   states to be consume by the application entities, according to the
   goals of their sharing of these quantum states.  This implies that a
   QKD service unit can be considered a specialized quantum service
   unit, where the shared state has been somehow pre-processed to
   distill the bits that define the shared key.  A similar pattern could
   be applicable to other specialized quantum network applications, as
   it would be the case of distributed quantum sensing or metrology.

Lopez, et al.            Expires 4 January 2027                [Page 17]
Internet-Draft             qi-multiplane-arch                  July 2026

   The identification of such service units can follow the same patterns
   described for the QKD service units, but in this general case with
   N+1 URNs, being N the number of application entities (two for the
   case of bipartite entanglement) sharing the state, and a final one
   defining the lifecycle parameters.  Obviously, these parameters
   should differ from the ones postulated for QKD, and it is possible to
   envisage parameters such as shared state size (the number of
   entangled states), a timestamp regarding lifetime of the shared
   state, and others addressing aspects like fidelity.  As the quantum
   memory technology at the foundation of these shared states evolve, a
   clearer view of the parameter URN will become available.  Experiments
   on this issue will be really useful to identify these parameters and
   shape the q-component of the parameter URN.

   The content of a QKD service unit is a bitstring corresponding to the
   shared key.  This bitstring is stored in the memories of the
   corresponding KMEs, with individual bits differentiated by their
   position in the string.  Quantum memories must be available at the
   resource plane of the Service Stratum (SS), and the service unit
   should contain the addresses used by those quantum memories to
   identify the corresponding entangled states.  The elements equivalent
   to the KMEs in the control plane of the SS interact with these
   quantum memories to identify the applicable addresses, and to require
   the elements in the control plane of the Quantum Fabric Stratum (QFS)
   to activate the corresponding exchanges in the quantum links they
   operate.  Each of the endpoints of these quantum links is expected to
   provide a functionality equivalent to the agents discussed for QKD
   networks, in support of the SS quantum memories.

Lopez, et al.            Expires 4 January 2027                [Page 18]
Internet-Draft             qi-multiplane-arch                  July 2026

   For these service units, directionality (the specification of an
   origin and a destination) is not applicable, as service units
   correspond to a shared state.  The only directional element that can
   be considered is an originator of this shared state, corresponding to
   the application element requesting the establishment of the service
   unit.  This would trigger the SS control plane element attached to
   the application to start its route decision procedures and to start
   the interactions with the relevant SS control planes to start the
   necessary exchanges to establish the shared quantum states.  The
   structure and delegation mechanisms provided by URNs allow for
   arbitrary aggregation of prefixes, enabling any kind of routing
   style, from the aggregation and inter-domain announcement similar (or
   compatible) to BGP in classical Internet to the decision on which
   prefixes are announced and how they are routed by means of SDN
   controllers, whether by means of a federation approach or in a
   hierarchical control structure.  The approach also supports the use
   of non-routable identifiers that cannot be announced outside a given
   domain and can only establish service pairing with other applications
   within the same domain.  These mechanisms would be applied by the
   corresponding elements in the control and management planes of the
   Service Stratum.

   As a result of the routing procedures and the interaction among SS
   control plane elements, there should be corresponding interactions
   with elements in the control planes of the Connectivity Strata (CS)
   and the QFS, to verify and require, as needed, the establishment of
   the individual entangled states and, as required, the physical links
   to support them.  There is a consolidated corpus of interfaces
   (usually known as North-Bound Interfaces, NBI) for the control of
   classical connectivity, and specially of optical links, such as the
   TAPI specification [TAPI240], and different proposals to select and
   establish paths.  It seems necessary to explore and experiment with
   similar interfaces and procedures for the management and control of
   quantum links, addressing the challenges already identified in
   [RFC9340] and exploring the implications of quantum-native routing
   proposals as made in [QUADDR] and, more recently, in [QNAD].  A
   specially significant question is the mapping between the entangled
   states, as identified by the service unit, and the payloads exchanged
   within the QFS.

   Finally, a word on the telemetry planes in each of the proposed
   strata.  It should be obvious the elements in the control planes at
   each of the strata should start monitoring mechanisms at the involved
   elements in the resource planes and activate telemetry collection
   mechanisms.  This brings the requirement of defining and
   experimenting with appropriate metrics and telemetry data models for
   both the SS and the QFS, as already being defined for QKD
   infrastructures [ETSI23].

Lopez, et al.            Expires 4 January 2027                [Page 19]
Internet-Draft             qi-multiplane-arch                  July 2026

5.3.3.  Scoped Handles for Service Units (QUI)

   Service unit identifiers are intended to be stable and meaningful to
   applications and SS functions, typically by combining endpoint
   identifiers and lifecycle parameters.  However, the internal handles
   used to access quantum memories, communication qubits, entangled
   pairs, or other device-local quantum resources are often local to a
   device, technology, implementation, or administrative domain.
   Exposing such device-local handles outside their local scope can
   unnecessarily reveal resource structure and can complicate
   reallocation, recovery, and inter-domain operation.

   A useful indirection mechanism is a domain-scoped Quantum Unit
   Identifier (QUI).  Following this approach, the application-facing
   service unit identifier corresponds to one or more domain-scoped
   QUIs, and each QUI may be mapped inside its domain to the
   corresponding device-local quantum resource handles.  A QUI is not
   expected to be globally unique.  Its scope can be an administrative
   domain, a technology segment, a trust domain, a controller domain, or
   another operational scope appropriate to the deployment.

   A QUI may represent a single entangled pair, a set of entangled
   pairs, a quantum memory allocation, a local share of an end-to-end
   shared state, or another quantum resource unit relevant to the
   service.  The same end-to-end service unit may therefore be
   associated with different QUIs in different domains, while preserving
   the service-unit abstraction presented to applications.

   Because quantum resources are time-sensitive, a QUI may naturally be
   associated with lifecycle information.  Such information may include
   a time-to-live, a coherence window, an expiry time, an age value, or
   an availability window.  The relevant lifecycle properties are
   exposed through the interface betweehn the SS and QFS, so it is
   possible to decide whether a resource remains usable, whether it has
   to be consumed immediately, or whether it has to be replaced to
   fulfill a given service unit denotation.

   A QUI may also include, or be associated with, freshness information
   such as a nonce or other one-time value.  Freshness information is
   useful to distinguish different allocations, avoid accidental reuse
   of stale state, and reduce replay or mix-up risks when several
   service units or resource allocations are active at the same time.

   The use of a QUI may also enable re-binding.  For example, when a
   particular entangled pair decoheres, a quantum memory allocation
   fails, a link-level establishment attempt does not reach the target
   fidelity, or an implementation decides to regenerate the underlying
   state, the domain can bind the same service-unit context to a new

Lopez, et al.            Expires 4 January 2027                [Page 20]
Internet-Draft             qi-multiplane-arch                  July 2026

   local quantum resource allocation.  Such re-binding may not imply
   preservation of a consumed or measured quantum state; it is a
   control-plane mechanism for replacing or refreshing the underlying
   resource associated with the service unit.

   Resolution among service unit identifiers and QUIs happens at the
   interface between the SS and QFS control planes, while the mapping of
   QUIs to the applicable device-local resource handles would be
   typically performed by QFS resource-plane agents, managed by the QFS
   control plane, though particular architectures may define specific
   control and management functions for this purpose.  The mapping
   between a QUI and device-local handles is expected to remain local to
   the relevant scope unless explicitly exposed through an inter-domain
   or management interface.

5.3.4.  Quantum QoS Parameters

   Admission, routing, resource reservation, and maintenance of
   entanglement-based service units require parameters that describe the
   requested and achieved quality of the quantum resource.  These
   parameters will be carried in service requests, used internally by SS
   and QFS control functions, and exposed through telemetry.  They apply
   at different granularities, including a physical quantum link, a
   link-level entanglement, a segment, a domain, or an end-to-end
   service unit.  Quantum QoS parameters to be considered include:

   *  Target fidelity: the desired minimum quality of the shared state,
      either end-to-end or per segment.

   *  Achieved or estimated fidelity: the observed or predicted quality
      of an established state, including the effects of link loss, local
      operations, swapping, purification, and storage time.

   *  Entanglement generation rate: the expected, requested, or observed
      rate at which usable entangled pairs can be generated.

   *  End-to-end success probability: the probability that the requested
      shared state can be established with the requested parameters,
      optionally expressed per link, per segment, or for the complete
      service unit.

   *  Establishment latency: the time required to create a usable
      service unit, including link-level entanglement generation,
      heralding, swapping, purification, resource reservation, and
      relevant control interactions.

Lopez, et al.            Expires 4 January 2027                [Page 21]
Internet-Draft             qi-multiplane-arch                  July 2026

   *  Quantum communication latency: the latency relevant to the quantum
      application, including any classical-assist signaling required for
      measurement outcomes, timing, feed-forward operations, or
      completion of teleportation-based procedures.

   *  Age, time-to-live, or coherence window: the time for which a
      shared state or resource allocation is expected to remain usable.

   *  Swapping depth cap: the maximum number of entanglement-swapping
      operations, or the maximum repeater depth, acceptable for the
      requested service unit.

   *  Quantum memory constraints: the amount, type, and availability of
      memory qubits and communication qubits at the endpoints and
      intermediate nodes.

   *  Purification support and cost: whether purification is available,
      which purification schemes or cycles are supported, and their
      effect on fidelity, rate, latency, and resource consumption.

   *  Classical-assist constraints: latency, reliability, timing, and
      synchronization properties of the classical channels used for
      heralding, measurement-outcome exchange, calibration, and feed-
      forward control.

   *  Loss and error indicators: parameters describing photon loss,
      failed entanglement attempts, decoherence events, operation
      errors, or classical packet loss affecting the quantum procedure.

   *  Application or service constraints: policy or application-level
      constraints such as availability windows, allowed technologies
      (for example fiber or free-space links), supported service types,
      or restrictions on which domains or node capabilities can be used.

   These parameters provide the basis for evaluating the suitability of
   a candidate path, deciding whether a service unit request can be
   fulfilled, selecting among alternative paths, deciding whether
   purification is needed, and triggering refresh, re-establishment, or
   re-binding when the observed quality no longer satisfies the service
   objective.

Lopez, et al.            Expires 4 January 2027                [Page 22]
Internet-Draft             qi-multiplane-arch                  July 2026

5.3.5.  Classical Ancillary Functions

   Many quantum-network procedures require a classical ancillary
   function associated with a quantum node or quantum resource.  This
   function can be realized in the same physical node as the quantum
   resource, in an attached classical controller or agent, or in a
   logically separate control-plane element.  Its role is not to carry
   quantum information, but to support the control and consumption of
   quantum resources.

   Examples of these ancillary functions include translating service-
   unit identifiers to QUIs, and these into local resource handles,
   forwarding service requests to local quantum resources, exchanging
   measurement outcomes, coordinating heralding and entanglement
   swapping, distributing timing and calibration information, performing
   authentication and authorization checks, and applying feed-forward
   information such as correction data required by teleportation-based
   procedures.

   The use of such functions requires clear interfaces among the
   different strata, applying classical control and timing paths as part
   of the quality and security envelope of an entanglement-based service
   unit.

5.4.  An Example Service-Unit Establishment Procedure

   Let us outline an example procedure for establishing an entanglement-
   based service unit between two quantum-capable endpoints.  The
   procedure is informative and does not define a protocol or prescribe
   a particular control architecture.  Different realizations can map
   the functions described below to SS, QFS, and CS control-plane
   entities in different ways.

   *0.  Capability and Service Discovery*

   A requesting application or service consumer obtains information that
   quantum services or quantum-enhanced services are available.  This
   information can be obtained through configuration, service discovery,
   registration, policy distribution, or another discovery mechanism.
   The discovered information can include service identifiers, endpoint
   identifiers, supported quantum QoS parameter ranges, availability
   windows, technology constraints, supported node capabilities, and any
   policy constraints relevant to service establishment.

   *1.  Service Request*

Lopez, et al.            Expires 4 January 2027                [Page 23]
Internet-Draft             qi-multiplane-arch                  July 2026

   The requesting application or service consumer requests a service
   unit from an SS function.  The request can include the requested
   service type, peer endpoint identifier or identifiers, lifecycle
   parameters such as size or time-to-live, and quantum QoS objectives
   such as target fidelity, minimum generation rate, success
   probability, establishment latency, or classical-assist latency.  The
   SS function performs the applicable admission, authentication,
   authorization, and policy checks.

   *2.  Candidate Path and Resource Evaluation*

   By request of the SS, QFS control functions evaluate candidate
   quantum paths between the relevant endpoints.  The evaluation can
   consider available nodes, quantum memory constraints, communication-
   qubit availability, link-level entanglement generation rates,
   expected fidelity, purification capabilities, swapping depth,
   classical-assist latency, and policy constraints.  Where physical or
   optical connectivity has to be established or reserved, the relevant
   CS functions are engaged to provide the required paths and classical
   assist channels.

   *3.  Hop-by-Hop Resource Allocation*

   For each selected hop or segment, the relevant QFS control function
   requests allocation of the quantum resources needed to support the
   service unit.  The allocation can be associated with a domain-scoped
   QUI.  If a hop or segment cannot provide the requested resources or
   cannot satisfy the requested quality parameters, the control logic
   can attempt an alternative path, reduce or renegotiate objectives
   according to policy, or fail the establishment attempt and release
   previously allocated resources.

   *4.  Entanglement Generation and Multi-Hop Operations*

   Once the required hop-level resources are available, the QFS
   coordinates entanglement generation on the relevant links.  For
   multi-hop service units, intermediate nodes can perform entanglement
   swapping and, where supported and useful, purification.  Classical
   ancillary functions carry the required heralding information,
   measurement outcomes, timing information, and feed-forward data.  The
   resulting fidelity, success probability, age, and other relevant
   quantum QoS parameters are recorded or exposed to the responsible
   control functions.

   *5.  Service-Unit Binding and Delivery*

Lopez, et al.            Expires 4 January 2027                [Page 24]
Internet-Draft             qi-multiplane-arch                  July 2026

   If the established shared state satisfies the requested objectives,
   the SS binds the resulting resource to the service unit identifier
   expected by the application.  The application receives the
   information needed to consume the service unit, while domain-local
   mappings from service-unit identifiers to QUIs and from QUIs to
   device-local resource handles remain within the appropriate
   administrative scope.

   *6.  Maintenance, Re-Establishment, and On-Demand Activation*

   Because coherence windows can be short and quality can degrade over
   time, telemetry can trigger refresh, re-establishment, or re-binding
   when a time-to-live is close to expiry, fidelity drops below the
   requested level, intermediate resources fail, or policy conditions
   change.  Some deployments can also separate authorization and
   reservation from actual entanglement creation.  In such cases, the
   service request establishes the right to consume a quantum service,
   while the shared state is generated later, when the application is
   ready to use it.

6.  Identification of Interfaces and Protocols

   The architecture proposed in this document is intended as a framework
   to evaluate and explore compatibility among the different proposals
   on protocols and interfaces for the future availability of quantum
   features in the global Internet, with the goal of providing a uniform
   reference model to choose and apply the most appropriate solutions to
   the Quantum Internet challenges.  While the reference architecture
   does not intend to identify a concrete set of these protocols and
   interfaces, it is useful to analyze current proposals and trends, and
   provide some guidance on how the framework can be useful for
   assessing the integration of the solutions applicable to the
   different elements that have to converge to realize the Quantum
   Internet.

   There is a significant corpus of standards and operational practica
   applicable for the Connectivity Stratum, sustained by a well
   established experience in the management and use of optical and, to
   some extent, satellite-based networks.  The differentiation of the
   planes considered in the CLAS architecture within the Connectivity
   Stratum has been common practice in the deployment and operation of
   IP converged services over optical networks.  The abstractions and
   topology views described in the ACTN framework defined in [RFC8453]
   constitute a solid foundation to describe the functionality of the
   planes within the Connectivity Stratum, and the interfaces to be used
   in the interactions with the other strata.  An element like the Path
   Computation Element (PCE) described in [RFC8637], able to address the
   considerations related to quantum connectivity and the implications

Lopez, et al.            Expires 4 January 2027                [Page 25]
Internet-Draft             qi-multiplane-arch                  July 2026

   of entanglement-based distribution, could constitute the core of the
   intelligence and telemetry planes.  Specific distribution elements,
   able to fulfill the conditions for quantum signals, including the
   potential co-propagation with classical signals, and to interface
   with future quantum repeaters [QREPS], would constitute the essential
   substrate of the resource plane.  The current trends in optical
   disaggregation and the use of orchestrated SDN mechanisms for network
   path management and monitoring provide a natural path for leveraging
   network virtualization mechanisms within the Connectivity Stratum,
   facilitating their integration.

   In what relates to the Quantum Fabric Stratum, current best practices
   indicate that telemetry and SDN intelligence planes will follow the
   same directions as the other strata, with virtualized, likely cloud-
   native implementations for them.  Even in the case of the resource
   plane, one can expect the availability of specific software agent
   elements in charge of managing devices, interacting with the
   Connectivity Plane and providing support to the service units
   relevant for the Service Stratum.  The proposal in [QUADDR], beyond
   the foundations described in [RFC9340], can be used to exemplify the
   main objective of the framework architecture described in this
   document.  The proposal presents quantum-native mechanisms for
   routing procedures, and the corresponding addressing conventions
   supporting them, and considers network-wide mechanisms, structured in
   two tiers defining what could be assimilated to a local domain and an
   internetworking domain.  This proposal can be naturally integrated in
   the Quantum Fabric Stratum (QFS), and its SDN-inspired architecture
   would map the proposed Entanglement-Defined Controller (EDC) at the
   kernel of the SDN intelligence plane.  The integration of an
   architecture like this within the framework described in this
   document would require to analyze the mapping between the node
   identifiers described in the paper and the service units discussed
   below.  The choices for the coordination among the different strata
   if the QFS uses an architecture like the one proposed in the
   references paper would need to be also analyzed: on the one hand, the
   interface between the EDC and Service Stratum should be defined, and
   the QFS elements should need to be extended to include its
   interactions with the Connectivity Stratum, or consider it oblivious
   to physical connectivity and leave the coordination to the Service
   Stratum.  This is the kind of evaluations the synthetic environments
   discussed in Section 6.2 will be extremely useful.

   The discussion on the foundations of the Service Stratum (SS) is made
   on the previous section, which introduces and analyzes the concept of
   service units.  Furthermore, As a natural consequence of what is
   discussed above in the framework of cloud-native infrastructures, the
   use of network virtualization techniques would be essential for the
   Service Stratum, at all of their planes:

Lopez, et al.            Expires 4 January 2027                [Page 26]
Internet-Draft             qi-multiplane-arch                  July 2026

   *  The SDN intelligence plane, allowing the dynamic management of
      service units and their association with the corresponding units
      in the Quantum Fabric Stratum.

   *  The telemetry plane, for dynamic monitoring and data aggregation.

   *  The resource plane, in support of the different nature of the
      interactions at the Quantum Fabric Stratum, like the case of
      entanglement persistence beyond direct physical reachability.

6.1.  Mapping Current Proposals

   To demonstrate the application of the framework proposed here, and to
   provide guidance in the future assessment of new proposals, this
   section discusses the mapping of a number of representative current
   proposals, addressing different issues in quantum networking and
   covering a number of relevant architecture solutions or protocol
   approaches to the general problem of the Quantum Internet.  This
   mapping is also intended to clarify the main concepts (strata,
   planes, service units) underpinning the framework, considering how
   these concepts are applied in the context of already available, and
   in most cases well-known, approaches.  Finally, the mapping also aims
   at supporting future experimental validation of the applicability of
   the different proposals and their potential interplay to support
   Quantum Internet infrastructure and services, in most cases to be
   performed by means of the synthetic environments discussed in the
   next section.

   The discussion of the mapped proposals is structured according to a
   set of general categories and their connection to the reference
   framework.  Within each category, proposals are ordered according to
   their publication date.  An analysis of how each one of them fits in
   the reference framework, together with a few considerations on their
   interplay within the framework and possible experimentation paths are
   provided.

6.1.1.  Quantum Physical Foundations and Repeater Technology

   The papers in this category establish the physical mechanisms upon
   which quantum networking at scale depends, mainly quantum repeaters
   in their various forms, and analyze their architectural and
   operational implications.  They are mainly related to the design of
   the resource plane of the QFS and the interface requirements for the
   CS.

   [BRIEGEL98] introduces the base concept of quantum repeater,
   addressing the exponential growth of error probability with the
   length of the channel in direct quantum transmissions by means of a

Lopez, et al.            Expires 4 January 2027                [Page 27]
Internet-Draft             qi-multiplane-arch                  July 2026

   nested purification protocol over intermediate nodes.  Quantum
   repeaters are essential elements in the reference framework, and in
   particular for the resource plane of the QFS.  They are the
   foundation of the nodes that perform entanglement generation,
   swapping, and error correction operations that produce the shared
   entangled states consumed by the SS.  The design of the QFS and its
   interface to the CS must accommodate the characteristics of repeater
   nodes.

   This work also highlights an architectural implication discussed when
   introducing the service unit concept.  The elementary entanglement
   events occurring within the QFS, such as the generation and exchange
   of entangled pairs at the individual links, do not correspond one-to-
   one with the units the applications expect to consume from the
   quantum connection.  A service unit, as provided by the SS,
   represents a multi-hop end-to-end entangled state, whose construction
   may have involved a complex sequence of operations at the QFS level,
   typically spanning multiple repeater nodes and requiring classical
   coordination via the CS.  This gap between elementary link-level
   entanglement events and the application-visible service unit is one
   of the motivations for the domain-scoped QUI indirection introduced
   in this document: the QUI allows the multi-hop, multi-operation
   construction internal to the QFS to be represented and re-bound
   independently of the stable service-unit identifier the application
   consumes.

   [JIANG09] proposes a quantum repeater protocol that locally encodes
   qubits with CCS code and applies classical error correction during
   simultaneous entanglement connections.  The scheme achieves
   substantially higher communication rates over long distances and
   relaxes the requirements on quantum memory fidelity.  In the context
   of the multiplane architecture, this work exemplifies the class of
   implementations that the QFS resource plane must support.  The
   encoding, decoding, and error correction operations are internal to
   the QFS and transparent to the SS, but they may place specific
   requirements on the classical channel capacity and latency that the
   CS must provide.

   Another interesting aspect relates to the service unit lifecycle
   definition.  Depending on the protocol implemented by the repeaters
   (for example, the one presented in this work versus a purify-and-swap
   scheme), the rate and fidelity of the end-to-end logical entangled
   pairs differ.  The SS control plane needs to be able to represent and
   negotiate these QoS components when establishing service units, and
   the interface between the SS and the QFS must expose them in a
   technology-agnostic manner.  The encoding scheme, logical error rate,
   and generation rate could be candidates for inclusion in the
   lifecycle parameter component of a service unit URN.  The encoding

Lopez, et al.            Expires 4 January 2027                [Page 28]
Internet-Draft             qi-multiplane-arch                  July 2026

   scheme, logical error rate, and generation rate correspond directly
   to quantum QoS parameters, and the resulting per-link or per-segment
   characteristics can be naturally associated with the domain-scoped
   QUI representing the allocation on that segment rather than encoded
   directly into the application-facing service-unit identifier.

   [MURALI16] presents a classification of quantum repeaters into three
   generations and analyses their performance in terms of communication
   rate and physical resources required.  First-generation repeaters
   require two-way classical communication and quantum memories, but no
   quantum error correction.  They reduce the exponential overhead in
   direct state transfer to only polynomial overhead, limited by the
   two-way classical signaling required between non-adjacent repeater
   stations.  The second generation adds quantum error correction, which
   implies more complex hardware, but only adjacent repeater stations
   require two-way classical signaling.  Finally, the third generation
   eliminates the need for two-way classical signaling by relying solely
   on quantum error correction.  It only needs one-way signaling and
   thus can achieve a very high communication rate, just like the
   classical repeaters, only limited by local operation delay.  Thus,
   each generation would place different demands on the classical
   channel model that the CS must support, and embodies a different
   capability level for the QFS.

   This classification provides a roadmap for the potential evolution of
   the QFS as quantum hardware matures.  The same service unit
   abstraction living in the SS should remain valid across all
   generations, with the QFS-CS interface evolving to accommodate the
   changing classical channel requirements as technology advances.

   [QREPS] presents a comprehensive review of the conceptual frameworks,
   architectures, and experimental progress of quantum repeaters.  The
   analysis contextualises the proposals and advancements on the broader
   goal of a Quantum Internet.  This work includes a substantial portion
   of the technology space that the QFS must accommodate.  It maps the
   diversity of repeater designs, their hardware requirements, and their
   operational constraints.  This type of approach is key to defining
   which abstractions the QFS should expose to remain independent of the
   specific physical implementation used at any given stage of network
   evolution.

   The review also notes that several near-term repeater architectures
   rely heavily on classical co-processing and on specific timing and
   synchronisation constraints that must be jointly provisioned with the
   quantum channel.  This coordination role is one of the primary
   responsibilities for which the CS is designed.  Furthermore, the
   discussion on the experimental state of the art in quantum memories,
   entanglement generation rate, and fidelity provide a physical

Lopez, et al.            Expires 4 January 2027                [Page 29]
Internet-Draft             qi-multiplane-arch                  July 2026

   grounding for the lifecycle parameters that service units in the SS
   must be able to express.  Memory lifetime set the upper bound on the
   valid-until parameter of a service unit, generation rate constrains
   the throughput of the QFS, and achievable fidelity defines the
   quality floor below which a service unit cannot meaningfully be
   delivered.  Memory lifetime sets the upper bound on the time-to-live
   or coherence-window information that can be associated with a QUI,
   entanglement generation rate constrains the throughput of the QFS,
   and achievable fidelity defines the quality floor below which the
   underlying QUI-bound resource can no longer satisfy the service
   unit's requested objectives.

6.1.2.  Network Architecture and Protocols

   The proposals in this category deal with architectural foundations
   and concrete protocols for quantum networking, covering the design of
   repeater network architectures, link-layer protocol engineering, and
   the application of classical architectural principles, such as
   recursion and end-to-end argument, to quantum networks.  They are
   applicable to the QFS control and management planes and for the
   inter-stratum interface design.

   [DAHLBERG19] presents a functional allocation of a quantum network
   stack with concrete physical and link layer protocols, transforming
   the isolated physical experiments that produce heralded entanglement
   into a well-defined, robust service.  Their link-layer protocol
   manages the stochastic nature of entanglement generation, handles
   issues like timeouts, and provides a stable interface to higher
   layers that abstracts the deatil of the physical mechanism underlying
   the process.  This timeout-and-retry behavior is a concrete instance
   of the kind of event that, in the framework's terms, can trigger QUI
   re-binding: a failed or expired link-level attempt is replaced by a
   new allocation without changing the service-unit context exposed to
   the application.

   In the multiplane architecture proposed in this document, this work
   falls in the QFS and its interface with the CS.  The link-layer
   protocol operates on the quantum links and exposes upward-facing
   events that the control plane of the QFS may consume to manage
   network-wide entanglement distribution.

Lopez, et al.            Expires 4 January 2027                [Page 30]
Internet-Draft             qi-multiplane-arch                  July 2026

   This work also makes explicit he dependence of the link layer on
   classical communication, for heralding mechanisms, timing and post-
   selection processes.  Thereby supporting the requirement for
   coordinated classical connectivity that the CS has to satisfy.  The
   functional decomposition proposed in the paper is compatible with the
   QFS structure described in this document, and their protocol can be
   understood as an example of an operation within the resource plane of
   the QFS, managed by the control plane through well-defined events and
   triggers.

6.1.3.  Service Abstractions and Application Frameworks

   The proposals in this category address how the quantum resources
   produced by the QFS are abstracted into units that applications and
   higher-level computations can consume, either through concrete
   algorithmic techniques or through system-level layering.  They are
   relevant primarily to the definition of the service unit and to the
   boundary between the SS and the lower strata.

   [GOTTESMAN99] shows theoretically that single-qubit operations, Bell-
   basis measurements and a set of certain pre-shared entangled resource
   states, such as GHZ states, are together sufficient to  construct a
   universal quantum computer, unifying several fault-tolerant protocols
   under a single teleportation-based technique.  The entangled resource
   state consumed by this technique corresponds to the shared quantum
   state delivered by the SS as a service unit: the paper treats the
   state as an input to a local computation, decoupled from how it was
   generated, which is consistent with the separation between the SS,
   which delivers the service unit, and the QFS, which generates and
   maintains the underlying entangled state through entanglement
   generation and, where required, swapping and purification.

   The proposed teleportation-based technique depends on classical
   communication of the measurement outcome to complete the operation at
   the receiving side.  This places it within the scope of the classical
   constraints and quantum communication latency parameters that the CS
   has to support.

   [CUOMO20] elaborates a layered abstraction of a distributed quantum
   computing ecosystem, structured from the underlying communication
   infrastructure connecting remote quantum devices up through
   successive logical layers to the functionality consumed by
   distributed applications.  The lower layers described in the paper,
   covering the physical exchange of quantum information between
   devices, correspond to the QFS and CS.  The upper layers, covering
   the abstractions exposed to distributed applications, correspond to
   the SS.

Lopez, et al.            Expires 4 January 2027                [Page 31]
Internet-Draft             qi-multiplane-arch                  July 2026

   The boundary drawn between the communication infrastructure and the
   abstractions exposed to applications matches the separation
   maintained by the service unit: applications interact with the shared
   state delivered by the SS without visibility into the sequence of QFS
   operations, spanning individual links and, where applicable, repeater
   nodes, that produced it.

6.1.4.  Security

   Works in this category address potential attack surfaces and
   security-relevant properties of quantum networking, related to the
   mechanims applicable to secure strata, planes and their interfaces,
   as dicussed in Section 8.

   [SATOH20] models the internal components and structure of a quantum
   repeater network node and classifies attacks against them in terms of
   confidentiality, integrity, and availability, finding that while
   confidentiality is generally preserved by the physical properties of
   quantum states, integrity and availability introduce vulnerabilities
   with no classical counterpart.

   The report also analyzes how classical computing and networking
   elements attached to a quantum node materially affect the system's
   overall security risk.  Attacks on the classical control, timing, or
   heralding information exchanged between nodes can propagate into
   integrity or availability failures even when the quantum channel
   itself is not directly compromised.  This is consistent with the
   elaboration Section 8 makes on the interaction of physical attacks
   with classical attacks on control and monitoring activities.

6.2.  The Role of Synthetic Environments

   Due to the early stage of many, if not all, quantum technologies,
   experimenting with quantum devices and equipment can be seriously
   hindered by high costs and limited availability.  This challenge is
   particularly evident for experimentation at the scale required to
   validate network protocols and inter- and intra-strata interfaces.
   In this context, synthetic environments, and synthetic testbeds
   enabled by these environments, become an essential tool.  They enable
   the emulation of quantum network deployments in a fully controlled
   setting, allowing the execution of experiments and trials, protocol
   evaluations, and even security analyses, where potential network
   attacks can be tested without compromising the integrity of an
   already built quantum network or a significant number of physical
   devices.

Lopez, et al.            Expires 4 January 2027                [Page 32]
Internet-Draft             qi-multiplane-arch                  July 2026

   Based on the results introduced in [QKNDT24] for QKD networks, the
   concept of a Quantum Network Digital Twin (QNDT) provides a
   foundation for such environments.  QNDTs will enable a better
   understanding of the properties of the different network elements,
   interfaces, and protocols, and the applicability of the architecture
   proposed in this document.  It is important to note that a QNDT is
   not a simulation tool, even though some of its components may apply
   simulation functionality to adapt their behavior to that of a quantum
   element.  Rather, a QNDT represents a distributed classical system
   that mirrors the operational behavior of a quantum network,
   responding in real time and accurately reproducing the dynamics and
   interactions of quantum entities.

   In the case of QKD network deployments, significant progress has been
   achieved thanks to both practical deployments, as exemplified in
   [EUROQCI] and the early coordinated efforts of standardization
   bodies.  These advances include the definition of standardized APIs
   that specify the communication means between quantum nodes and
   customer applications, like [ETSI04], and the integration of network
   management mechanisms widely adopted in classical communication
   systems, like the SDN approach defined in [ETSI15].  This coordinated
   efforts have translated into more flexible, programmable, and
   scalable control of quantum resources, facilitating seamless
   interoperability between quantum and classical infrastructures.
   Despite these advances, several aspects of QKD networking remain
   under active development.  These include the definition of interfaces
   that ensure interoperability across different administrative domains,
   as well as the design and validation of architectures capable of
   supporting large-scale deployments, that is, networks comprising
   hundreds of interconnected nodes.  In this regard, platforms such as
   the one described in [QUDITTO] offer a valuable opportunity, as they
   enable the emulation of low-level quantum network behaviors using
   classical computational resources.  Such synthetic environments
   provide the means to model and analyze complex network scenarios that
   are currently unattainable in fully physical experimental testbeds.

Lopez, et al.            Expires 4 January 2027                [Page 33]
Internet-Draft             qi-multiplane-arch                  July 2026

   When considering general-purpose quantum networks, particularly those
   based on entanglement distribution and management, the role of
   synthetic environments becomes even more significant.  Unlike QKD
   networks, whose architectural and operational principles are
   relatively well understood, entanglement-based networks are still in
   an early stage of development.  Many fundamental networking aspects,
   such as entanglement routing, resource scheduling, and inter-layer
   coordination, remain open research questions, with a crucial lack of
   practical validation.  In this context, QNDTs offer a unique
   opportunity to accelerate progress: by enabling controlled emulation
   of quantum states, interactions, and network behaviors, they allow to
   test novel architectures, evaluate protocol performance, and explore
   scalability under realistic yet fully reproducible conditions.

   However, the development of a general-purpose QNDT introduces its own
   set of challenges.  Such a system must not only emulate the
   functional behavior of quantum components but also ensure that the
   underlying classical infrastructure responds within the same temporal
   and operational constraints as its quantum counterpart, thereby
   enabling accurate validation of protocols and network strategies.
   Moreover, unlike QKD networks where standardized interfaces and APIs
   have already been established (or are at least emerging), no
   equivalent standards currently exist for general quantum networks.
   Consequently, a QNDT must be designed to be inherently flexible and
   extensible, capable of accommodating evolving definitions of
   interfaces, communication protocols, and architectural abstractions.
   In this regard, the QNDT once again becomes a key enabler for the
   development, integration, and testing of these foundational elements.

   Building upon the above discussion, two primary challenges must be
   addressed as prerequisites for constructing a fully functional QNDT.
   First, it is necessary to develop a mechanism capable of handling the
   quantum-specific aspects of the system, executing simulations and
   distributing results across nodes, resulting in the emulation of the
   quantum behavior of network elements within the underlying classical
   infrastructure.  Second, there must be a definition of a minimal set
   of core primitives or instructions that serves as the foundation for
   constructing more advanced mechanisms, such as standardized
   interfaces and communication methods between network elements and
   external systems.  Together, these two pillars will establish the
   groundwork for a QNDT framework capable of evolving in parallel with
   the broader quantum networking ecosystem.

   The core quantum emulation mechanism for such an environment,
   according to the current state of the art, would be the QNDT
   emulation engine, based on a centralized simulation component
   designed to execute the simulations needed to emulate the quantum
   behavior of all network elements.  This engine may rely on quantum

Lopez, et al.            Expires 4 January 2027                [Page 34]
Internet-Draft             qi-multiplane-arch                  July 2026

   network simulators such as [NetSquid], [SeQUeNCe], or [QuNetSim].
   However, these platforms alone do not fulfill the requirements of a
   QNDT, since, as discussed above, a QNDT is not a simulation of the
   network but a distributed classical system that replicates the
   behavior of a real quantum network.  Therefore, the central
   simulation element must be complemented by a result distribution
   mechanism, for example, through a publish/subscribe (Pub/Sub)
   protocol.  In such a setup, network elements subscribe to topics
   relevant to their operation and can communicate with the central
   simulation tool both to request simulations and receive results
   through asynchronous interactions.

   Another essential aspect concerns the handling of temporal
   consistency between the “simulation time”, i.e., the time required to
   execute a simulation, and the “simulated time,” i.e., the time the
   simulation calculates the real system would take to perform the same
   operation.  Since simulation time is generally shorter than simulated
   time, the QNDT must incorporate logic ensuring that results are
   delivered only after the appropriate simulated delay has elapsed.
   This guarantees that the QNDT responds within the same temporal
   boundaries as its physical counterpart, thereby preserving the
   fidelity and realism of the emulated network behavior.

   In addition, to maintain state realism within the QNDT, it is crucial
   to take into account the natural decoherence and noise dynamics of
   quantum states over time.  For instance, when entangled states are
   distributed among the participating nodes and stored for a period
   before being used in subsequent operations, the QNDT must emulate the
   gradual evolution and degradation of these states.  This entails
   tracking the elapsed time between state creation and use, and
   updating the state accordingly before executing the next instruction.

7.  Related Standardization and Industry Work

   A number of standardization bodies and industry/consortium efforts
   are developing architectural concepts, interfaces specifications, and
   operational practices that are relevant to the framework presented in
   this document.  The following briefly positions those activities as
   external reference points.

7.1.  ITU-T

   The International Telecommunication Union Telecommunication
   Standardization Sector (ITU-T) initiated in 2018 the first work item
   on the concept of QKD networks with Recommendation Y.3800 [ITUY3800].
   Since then, it has built an extensive body of Recommendations around
   QKD networks, incluiding functional arcchitecture [ITUY3802] and
   protocol framework material [ITUQ4160].  In the context of this

Lopez, et al.            Expires 4 January 2027                [Page 35]
Internet-Draft             qi-multiplane-arch                  July 2026

   document, these ITU-T outputs are best read as mature examples of how
   one quantum service (QKD) has been decomposed into functions,
   interfaces, and operational procedures.  They are useful as
   comparative input when discussing interface patterns, management
   hooks, and operational decomposition.

   The evolution toward the Quantum Internet is being addressed in ITU-T
   through several complementary initiatives.  Technical Report Y.TR-QN-
   UC [ITUTRQNUC] collects and analyses uses cases of quantum networks
   beyond QKD, drawing on deliverables from the ITU-T Focus Group on
   Quantum Information Technology for Networks (FG-QIT4N, active
   2019-2022).  These use cases encompass entanglement distribution,
   distributed quantum sensing, quantum-enhanced clock synchronization,
   and distributed quantum computing, providing a networking-oriented
   characterization of the services that a general Quantum Internet
   should support.  The draft Technical Report YSTR.QN-TB [ITUQNTB],
   analysing quantum network testbeds globally, complements this
   perspective by identifying the architectural commonalities and
   interface gaps across existing experimental infrastructures,
   providing a grounded basis for future standards work.

7.2.  ETSI

   The European Telecommunications Standards Institute (ETSI)
   established the Industry Specification Group on Quantum Key
   Distribution (ISG QKD) in 2008, which has produced a set of Group
   Specifications that are particularly relevant as concrete,
   implementable interface examples for a quantum-enabled service.  ETSI
   has specified key delivery APIs [ETSI04][ETSI14], a SDN control
   interface [ETSI15], a orchestration interface [ETSI18], and a
   monitoring data model for QKD networks [ETSI23].  This work has had
   direct operational relevance, underpinning the deployments that
   constitute the experience base from which the architecture proposed
   here is derived.  At the same time, the ISG QKD scope has been
   deliberately bounded to QKD, leaving the broader quantum networking
   challenges outside its mandate.

Lopez, et al.            Expires 4 January 2027                [Page 36]
Internet-Draft             qi-multiplane-arch                  July 2026

   In September 2025 the ETSI Board approved the creation of a new
   Technical Committee on Quantum Technologies (TC QT).  The primary
   objective of this new committee is to develop specifications
   addressing quantum communications and quantum networks across
   multiple sectors, explicitly including quantum networking for
   distributed computing and cryptography, satellite quantum
   communications, quantum sensing, and quantum random number
   generation.  It is the successor forum for the broader scope that ISG
   QKD cannot address, and its initial work program includes a Technical
   Report mapping the quantum ecosystem and identifying cooperation
   opportunities, as well as a Quantum Technologies radar document
   tracking the maturity of the relevant technology areas.

7.3.  ISO/IEC

   In January 2024, the International Electrotechnical Commission (IEC)
   and the International Organization for Standardization (ISO) jointly
   established ISO/IEC Joint Technical Committee 3 (JTC 3) on Quantum
   Technologies.  The scope of JTC 3 covers quantum information
   technologies (quantum computing and quantum simulation), quantum
   metrology, quantum sources and detectors, quantum communications, and
   fundamental quantum technologies.  It was created as a structured
   mechanism to develop fundamental standards for quantum technology,
   including those related to quantum communication.

7.4.  Industry and Consortia

   Beyond formal standards bodies, several large-scale initiatives and
   industrial efforts are generating the experimental evidence and
   operational experience that will eventually inform normative
   standards work on the Quantum Internet.  Recent public milestones
   include deployments and demonstrations on existing fiber plant and
   the emergence of software stacks that abstract hardware heterogeneity
   to enable multi-node quantum applications [HSESNY].  Large consortia
   are building ecosystem roadmaps and testbed programs aimed at
   evolving from point solutions toward repeaters/memories and
   entanglement distribution at scale.  The Quantum Internet Alliance
   [QIA] is one prominent European example in this direction.

   These industry activities reinforce the need for a framework that can
   (i) compare alternative architectural decompositions, (ii) map
   diverse services into a common vocabulary, and (iii) remain flexible
   as technology moves from QKD-centric deployments toward entanglement-
   centric networking.

Lopez, et al.            Expires 4 January 2027                [Page 37]
Internet-Draft             qi-multiplane-arch                  July 2026

8.  Security Considerations

   The general considerations made in [RFC8597] apply, as well as an
   elaboration on the following points regarding:

   *  The requirements on mutual authentication in the channels used for
      quantum interactions, as they should require methods rooted at
      physical properties.

   *  Specific physical attacks related to the particular quantum
      mechanisms in use by the quantum fabric stratum.

   *  The interaction of these physical attacks with classical attacks
      to the control and monitoring activities, possibly translating
      into a threat surface augmentation.

   *  The integrity and access control protection of service-unit
      indirection mechanisms, such as QUIs, to avoid attacks leading to
      resource exhaustion, state mix-up, unauthorized consumption, or
      incorrect association between applications and quantum resources.

   *  The explicit freshness and lifetime information about QUI
      allocations and service-unit bindings, to address attacks related
      to replay, stale-state reuse, and state confusion risks during
      establishment, re-binding, and consumption of shared states.

   *  The protection of classical ancillary functions associated with
      nodes, as any manipulation of these functions can impact security,
      triggering wrong correction operations, incorrect service-unit
      binding, or unauthorized use of quantum resources.

   *  The trust issues in inter-domain exchanges, especially at the
      control and management planes.

   Furthermore, as the identification of interfaces and protocols
   progresses other considerations will be required.  In particular, the
   security considerations included in the documents referenced for the
   Connectivity Stratum, [RFC8453] and [RFC8637] apply to the proposed
   framework.

9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

Lopez, et al.            Expires 4 January 2027                [Page 38]
Internet-Draft             qi-multiplane-arch                  July 2026

   [RFC8141]  Saint-Andre, P. and J. Klensin, "Uniform Resource Names
              (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017,
              <https://www.rfc-editor.org/rfc/rfc8141>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC8597]  Contreras, LM., Bernardos, CJ., Lopez, D., Boucadair, M.,
              and P. Iovanna, "Cooperating Layered Architecture for
              Software-Defined Networking (CLAS)", RFC 8597,
              DOI 10.17487/RFC8597, May 2019,
              <https://www.rfc-editor.org/rfc/rfc8597>.

9.2.  Informative References

   [ALTOQ24]  Muniz, A., Canto, R., Contreras, L., Pastor, A., Lopez,
              D., and J. Morales, "Using Protocol to Address SD-QKD
              Federation in Multi-Domain Scenarios", July 2024,
              <https://ieeexplore.ieee.org/document/10628176>.

   [BRIEGEL98]
              Briegel, H.-J., Dür, W., Cirac, J. I., and P. Zoller,
              "Quantum Repeaters: The Role of Imperfect Local Operations
              in Quantum Communication", December 1998,
              <https://doi.org/10.1103/PhysRevLett.81.5932>.

   [CLASEVO]  Contreras, L. M., Boucadair, M., Lopez, D., and C. J.
              Bernardos, "An Evolution of Cooperating Layered
              Architecture for SDN (CLAS) for Compute and Data
              Awareness", Work in Progress, Internet-Draft, draft-
              contreras-coinrg-clas-evolution-03, 5 July 2024,
              <https://datatracker.ietf.org/doc/html/draft-contreras-
              coinrg-clas-evolution-03>.

   [CUOMO20]  Cuomo, D., Caleffi, M., and A. S. Cacciapuoti, "Towards a
              distributed quantum computing ecosystem", July 2020,
              <https://doi.org/10.1049/iet-qtc.2020.0002>.

   [DAHLBERG19]
              Dahlberg, A., Skrzypczyk, M., Coopmans, T., Wubben, L.,
              Rozpędek, F., Pompili, M., Stolk, A., Pawełczak, P.,
              Knegjens, R., Filho, J. de O., Hanson, R., and S. Wehner,
              "A link layer protocol for quantum networks", August 2019,
              <https://doi.org/10.1145/3341302.3342070>.

Lopez, et al.            Expires 4 January 2027                [Page 39]
Internet-Draft             qi-multiplane-arch                  July 2026

   [ETSI04]   "ETSI GS QKD 004: Quantum Key Distribution (QKD);
              Application Interface", August 2020,
              <https://www.etsi.org/deliver/etsi_gs/
              QKD/001_099/004/02.01.01_60/gs_QKD004v020101p.pdf>.

   [ETSI14]   "ETSI GS QKD 014: Quantum Key Distribution (QKD); Protocol
              and data format of REST-based key delivery API", February
              2019, <https://www.etsi.org/deliver/etsi_gs/
              QKD/001_099/014/01.01.01_60/gs_qkd014v010101p.pdf>.

   [ETSI15]   "ETSI GS QKD 015: Quantum Key Distribution (QKD); Control
              Interface for Software Defined Networks", April 2022,
              <https://www.etsi.org/deliver/etsi_gs/
              QKD/001_099/015/02.01.01_60/gs_QKD015v020101p.pdf>.

   [ETSI18]   "ETSI GS QKD 018: Quantum Key Distribution (QKD);
              Orchestration Interface for Software Defined Networks",
              April 2022, <https://www.etsi.org/deliver/etsi_gs/
              QKD/001_099/018/01.01.01_60/gs_QKD018v010101p.pdf>.

   [ETSI23]   "ETSI Work-Item QKD 023: Quantum Key Distribution (QKD);
              Monitoring Interface and Data Model", n.d.,
              <https://portal.etsi.org/webapp/WorkProgram/
              Report_WorkItem.asp?WKI_ID=69537>.

   [EUROQCI]  "The European Quantum Communication Infrastructure
              (EuroQCI) Initiative", September 2023, <https://digital-
              strategy.ec.europa.eu/en/policies/european-quantum-
              communication-infrastructure-euroqci>.

   [EVCK25]   Lopez, B., Vidal, I., Valera, F., and D. Lopez, "An
              Enhanced Virtualized Control and Key Management Model for
              QKD Networks", January 2025,
              <https://ieeexplore.ieee.org/document/10870375>.

   [GOTTESMAN99]
              Gottesman, D. and I. Chuang, "Demonstrating the viability
              of universal quantum computation using teleportation and
              single-qubit operations", November 1999,
              <https://doi.org/10.1038/46503>.

   [HSESNY]   Craddock, A. N., Cowan, T., Bigagli, N., Yekasiri, S.,
              Robinson, D., Portmann, G. B., Guo, Z., Kilzer, M., Zhao,
              J., Flament, M., Shabani, J., Nejabati, R., and M. Namazi,
              "High-rate Scalable Entanglement Swapping Between Remote
              Entanglement Sources on Deployed New York City Fibers",
              February 2026,
              <https://doi.org/10.48550/arXiv.2602.15653>.

Lopez, et al.            Expires 4 January 2027                [Page 40]
Internet-Draft             qi-multiplane-arch                  July 2026

   [ITUQ4160] "ITU-T Recommendation Q.4160: Quantum key distribution
              networks – Protocol framework", December 2023,
              <https://www.itu.int/rec/T-REC-Q.4160>.

   [ITUQNTB]  "Draft new Technical Report ITU-T YSTR.QN-TB: Analysis of
              quantum network architecture from existing testbeds",
              November 2025,
              <https://www.ietf.org/lib/dt/documents/LIAISON/liaison-
              2025-12-18-itu-t-sg-13-opsawg-ls-on-work-progress-on-
              quantum-key-distribution-qkd-network-in-sg13-as-of-
              november-2025-attachment-1.pdf>.

   [ITUTRQNUC]
              "ITU-T Technical Report Y.TR-QN-UC: Use cases of quantum
              networks beyond QKDN", November 2023,
              <https://www.itu.int/rec/T-TUT-QN>.

   [ITUY3800] "ITU-T Recommendation Y.3800: Overview on networks
              supporting quantum key distribution", July 2020,
              <https://www.itu.int/rec/T-REC-Y.3800>.

   [ITUY3802] "ITU-T Recommendation Y.3802: Quantum key distribution
              networks. Functional architecture", April 2021,
              <https://www.itu.int/rec/T-REC-Y.3802>.

   [JIANG09]  Jiang, L., Taylor, J. M., Nemoto, K., Munro, W. J., Meter,
              R. V., and M. D. Lukin, "Quantum Repeater with Encoding",
              March 2009, <https://doi.org/10.1103/PhysRevA.79.032325>.

   [MADQCI23] Martin, V., Brito, J. P., Ortíz, L., Brito-Méndez, R.,
              Vicente, R., Saez-Buruaga, J., Sebastian, A. J., Aguado,
              D. G., García-Cid, M. I., Setien, J., Salas, P.,
              Escribano, C., Dopazo, E., Rivas-Moscoso, J., Pastor-
              Perales, A., and D. Lopez, "The Madrid Testbed: QKD SDN
              Control and Key Management in a Production Network", July
              2023, <https://ieeexplore.ieee.org/document/10207295>.

   [MURALI16] Muralidharan, S., Li, L., Kim, J., Lütkenhaus, N., Lukin,
              M. D., and L. Jiang, "Optimal architectures for long
              distance quantum communication", February 2016,
              <https://doi.org/10.1038/srep20463>.

   [NetSquid] Coopmans, T., Knegjens, R., Dahlberg, A., Maier, D.,
              Nijsten, L., Filho, J. de O., and et. al., "NetSquid, a
              NETwork Simulator for QUantum Information using Discrete
              events", July 2021,
              <https://doi.org/10.1038/s42005-021-00647-8>.

Lopez, et al.            Expires 4 January 2027                [Page 41]
Internet-Draft             qi-multiplane-arch                  July 2026

   [NFV06]    "ETSI GS NFV 006: Network Functions Virtualisation (NFV)
              Release 4; Management and Orchestration; Architectural
              Framework Specification", December 2022,
              <https://www.etsi.org/deliver/etsi_gs/
              NFV/001_099/006/04.04.01_60/gs_NFV006v040401p.pdf>.

   [PSQN22]   DiAdamo, S., Qi, B., Miller, G., Kompella, R., and A.
              Shabani, "Packet switching in quantum networks: A path to
              the quantum Internet", October 2022,
              <https://journals.aps.org/prresearch/abstract/10.1103/
              PhysRevResearch.4.043064>.

   [QCE24]    Islam, M. S., Chung, J., Kettimuthu, R., Ramesh, A., and
              P. Kumar, "Experiences on developing an on-demand
              entanglement service coexisting with classical traffic
              over a Q-LAN testbed", September 2024,
              <https://doi.org/10.1109/QCE60285.2024.00089>.

   [QIA]      "Quantum Internet Alliance", n.d.,
              <https://quantuminternetalliance.org>.

   [QIPS22]   Illiano, J., Caleffi, M., Manzalini, A., and A. S.
              Cacciapuoti, "Quantum Internet Protocol Stack: a
              Comprehensive Survey", August 2022,
              <https://www.sciencedirect.com/science/article/abs/pii/
              S1389128622002250>.

   [QIROAD18] Wehner, S., Elkouss, D., and R. Hanson, "Quantum internet:
              A vision for the road ahead", October 2018,
              <https://doi.org/10.1126/science.aam9288>.

   [QKNDT24]  Martin, R., Lopez, B., Vidal, I., Valera, F., and B.
              Nogales, "Service for Deploying Digital Twins of QKD
              Networks", January 2024,
              <https://doi.org/10.3390/app14031018>.

   [QNAD]     Cacciapuoti, A. S., Caleffi, M., Illiano, J., De Risi, C.,
              Abane, A., and J. Chung, "Quantum-Native Architectural
              Tenets and Philosophy for the Quantum Internet", Work in
              Progress, Internet-Draft, draft-cacciapuoti-qirg-quantum-
              native-architecture-01, 20 April 2026,
              <https://datatracker.ietf.org/doc/html/draft-cacciapuoti-
              qirg-quantum-native-architecture-01>.

Lopez, et al.            Expires 4 January 2027                [Page 42]
Internet-Draft             qi-multiplane-arch                  July 2026

   [QNSA24]   Lopez, B., Vidal, I., Valera, F., Lopez, D., and A.
              Pastor, "Unleashing Flexibility and Interoperability in
              QKD Networks: The Power of Softwarized Architectures",
              July 2024,
              <https://ieeexplore.ieee.org/document/10628345>.

   [QREPS]    Azuma, K., Economou, S. E., Elkouss, D., Hilaire, P.,
              Jiang, L., Lo, H.-K., and I. Tzitrin, "Quantum repeaters:
              From quantum networks to the quantum internet", December
              2023, <https://doi.org/10.1103/RevModPhys.95.045006>.

   [QTTI21]   Martin, V., Brito, J. P., Escribano, C., Menchetti, M.,
              White, C., Lord, A., Wissel, F., Gunkel, M., Gavignet, P.,
              Genay, N., Moult, O. L., Abellan, C., Manzalini, A.,
              Pastor-Perales, A., Lopez, V., and D. Lopez, "Quantum
              Technologies in the Telecommunications Industry", July
              2021, <https://epjquantumtechnology.springeropen.com/
              articles/10.1140/epjqt/s40507-021-00108-9>.

   [QUADDR]   Caleffi, M. and A. S. Cacciapuoti, "Quantum Internet
              Architecture: unlocking Quantum-Native Routing via Quantum
              Addressing", July 2025,
              <https://doi.org/10.48550/arXiv.2507.19655>.

   [QUDITTO]  "Quditto, a tool that allows deploying digital twins of
              QKD networks over classical infrastructure", April 2025,
              <https://quditto.io/>.

   [QuNetSim] Diadamo, S., Nötzel, J., Zanger, B., and M. M. Beşe,
              "QuNetSim: A Software Framework for Quantum Networks",
              June 2021, <https://doi.org/10.1109/TQE.2021.3092395>.

   [RFC8453]  Ceccarelli, D., Ed. and Y. Lee, Ed., "Framework for
              Abstraction and Control of TE Networks (ACTN)", RFC 8453,
              DOI 10.17487/RFC8453, August 2018,
              <https://www.rfc-editor.org/rfc/rfc8453>.

   [RFC8637]  Dhody, D., Lee, Y., and D. Ceccarelli, "Applicability of
              the Path Computation Element (PCE) to the Abstraction and
              Control of TE Networks (ACTN)", RFC 8637,
              DOI 10.17487/RFC8637, July 2019,
              <https://www.rfc-editor.org/rfc/rfc8637>.

   [RFC9340]  Kozlowski, W., Wehner, S., Van Meter, R., Rijsman, B.,
              Cacciapuoti, A. S., Caleffi, M., and S. Nagayama,
              "Architectural Principles for a Quantum Internet",
              RFC 9340, DOI 10.17487/RFC9340, March 2023,
              <https://www.rfc-editor.org/rfc/rfc9340>.

Lopez, et al.            Expires 4 January 2027                [Page 43]
Internet-Draft             qi-multiplane-arch                  July 2026

   [RFC9583]  Wang, C., Rahman, A., Li, R., Aelmans, M., and K.
              Chakraborty, "Application Scenarios for the Quantum
              Internet", RFC 9583, DOI 10.17487/RFC9583, June 2024,
              <https://www.rfc-editor.org/rfc/rfc9583>.

   [SATOH20]  Satoh, T., Nagayama, S., Suzuki, S., Matsuo, T., Hajdušek,
              M., and R. V. Meter, "Attacking the Quantum Internet",
              July 2021, <https://doi.org/10.1109/TQE.2021.3094983>.

   [SeQUeNCe] Wu, X., Kolar, A., Chung, J., Jin, D., Zhong, T.,
              Kettimuthu, R., and M. Suchara, "SeQUeNCe: A Customizable
              Discrete-Event Simulator of Quantum Networks", September
              2020, <https://doi.org/10.1088/2058-9565/ac22f6>.

   [TAPI240]  "ONF Transport API SDK 2.4.0", n.d., <https://github.com/
              Open-Network-Models-and-Interfaces-ONMI/TAPI/releases/tag/
              v2.4.0>.

Acknowledgments

   This document is based on work partially funded by the EU Horizon
   Europe project QSNP (grant 101114043), the Spanish UNICO project
   OPENSEC (grant TSI-063000-2021-60), and the MadridQuantum–CM project
   (funded by the EU, NextGenerationEU, grant PRTR-C17.I1, and by the
   Comunidad de Madrid, Programa de Acciones Complementarias).

Authors' Addresses

   Diego Lopez
   Telefonica
   Email: diego.r.lopez@telefonica.com

   Vicente Martin
   UPM
   Email: vicente.martin@upm.es

   Blanca Lopez
   IMDEA Networks
   Email: blanca.lopez@imdea.org

   Luis M. Contreras
   Telefonica
   Email: luismiguel.contrerasmurillo@telefonica.com

Lopez, et al.            Expires 4 January 2027                [Page 44]
Internet-Draft             qi-multiplane-arch                  July 2026

   Chathura Sarathchandra
   InterDigital
   Email: chathura.sarathchandra@interdigital.com

Lopez, et al.            Expires 4 January 2027                [Page 45]