Abstract

A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years (for example [ARINC664P7]). However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP- based wide area network designers. This draft, intended for use by DetNet network designers, provides insight into these security considerations. In addition, this draft collects all security- related statements from the various DetNet drafts (Architecture, Use Cases, etc) into a single location Section 7.

Authors

Tal Mizrahi (talmi@marvell.com)
Ethan Grossman (ethan.grossman@dolby.com)
Andrew Hacker (ajhacker@mistiqtech.com)
Subir Das (sdas@appcomsci.com)
John Dowdell (john.dowdell.ietf@gmail.com)
Henrik Austad (henrik@austad.us)
Kevin Stanton (kevin.b.stanton@intel.com)
Norman Finn (norman.finn@mail01.huawei.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)