Internet Engineering Task Force                           M. Scharf, Ed.
Internet-Draft                                           V. Gurbani, Ed.
Intended status: Informational                              G. Soprovich
Expires: August 17, 2014                                         V. Hilt
                                                          Alcatel-Lucent
                                                       February 13, 2014


     The Virtual Private Network (VPN) Service in ALTO: Use Cases,
                      Requirements and Extensions
                    draft-scharf-alto-vpn-service-02

Abstract

   The Application-Layer Traffic Optimization (ALTO) protocol is
   designed to allow entities with knowledge about the network
   infrastructure to export such information to applications that need
   to choose one or more resources from a candidate set.  This document
   provides motivation for using ALTO in a Virtual Private Network (VPN)
   environment.  We discuss use cases, requirements, and possible
   extensions to the base ALTO protocol that will be needed to support
   VPN services.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 17, 2014.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of



Scharf, et al.           Expires August 17, 2014                [Page 1]


Internet-Draft              ALTO VPN Service               February 2014


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Encompassing example  . . . . . . . . . . . . . . . . . . . .   4
     3.1.  A VPN scenario  . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  Exemplary use of ALTO . . . . . . . . . . . . . . . . . .   6
   4.  Use cases . . . . . . . . . . . . . . . . . . . . . . . . . .   9
     4.1.  Use case 1: Application guidance in an L3VPN  . . . . . .  10
     4.2.  Use case 2: Application guidance in an L2VPN  . . . . . .  11
     4.3.  Use case 3: VPN guidance without addresses  . . . . . . .  12
     4.4.  Use case 4: Extending the VPN . . . . . . . . . . . . . .  13
     4.5.  Use case 5: Shrinking the VPN . . . . . . . . . . . . . .  14
     4.6.  Use case 6: VPN selection . . . . . . . . . . . . . . . .  14
     4.7.  Use case 7: Other use cases . . . . . . . . . . . . . . .  14
   5.  Requirements and potential solutions  . . . . . . . . . . . .  15
     5.1.  Requirements  . . . . . . . . . . . . . . . . . . . . . .  15
     5.2.  Potential Solutions . . . . . . . . . . . . . . . . . . .  16
   6.  Security considerations . . . . . . . . . . . . . . . . . . .  17
   7.  IANA considerations . . . . . . . . . . . . . . . . . . . . .  17
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  18
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  18
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  18
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19

1.  Overview

   Virtual Private Network (VPN) technology is widely used in public and
   private networks to create groups of users that are separated from
   other users of the network and allows these users to communicate
   among them as if they were on a private network.  According to
   [RFC4364], the generic term "Virtual Private Network" is used to
   refer to a specific set of sites as either an intranet or an extranet
   that have been configured to allow communication.  A site is a member
   of at least one VPN and may be a member of many.

   Service providers offer different types of VPNs.  [RFC4026]
   distinguishes between Layer 2 VPN (L2VPN) and Layer 3 VPN (L3VPN)
   using different sub-types.  Virtual Private LAN Service (VPLS) is an
   L2VPN provider service that emulates the full functionality of a



Scharf, et al.           Expires August 17, 2014                [Page 2]


Internet-Draft              ALTO VPN Service               February 2014


   traditional Local Area Network (LAN) [RFC4762].  A VPLS makes it
   possible to interconnect several LAN segments over a packet switched
   network.

   Another solution is an L3VPN, which interconnects sets of hosts and
   routers based on Layer 3 addresses.  In this context, a virtual
   private network is defined in [RFC4364] as follows:

      Consider a set of "sites" that are attached to a common network
      that we call "the backbone".  Now apply some policy to create a
      number of subsets of that set, and impose the following rule: two
      sites may have IP interconnectivity over that backbone only if at
      least one of these subsets contains them both.

      These subsets are Virtual Private Networks (VPNs).  Two sites have
      IP connectivity over the common backbone only if there is some VPN
      that contains them both.  Two sites that have no VPN in common
      have no connectivity over that backbone.

   VPNs can also include "pseudo L1/L2" connectivity, such as pseudowire
   emulation (PWE) carrying legacy TDM or ATM circuits for point to
   point connectivity.  Further examples are integrated optical
   solutions delivering light paths or integrated optical and Ethernet
   transport.  It is instructive to note that point-to-point VPN
   services of this type rarely carry VPN edge addresses within the
   network; e.g., packets are encapsulated and transported without any
   kind of address facing the customer drop side of the network.

   A VPN may also include mechanisms to enhance the level of separation
   (e.g., by end-to-end encryption), but the discussion of such
   mechanisms is outside the scope of this document.  In the following,
   the term "VPN" is used to refer to provider supplied virtual private
   networking.

   The ALTO protocol [I-D.ietf-alto-protocol] is designed to provide
   network information (e.g., basic network location structure,
   preferences of network paths) with the goal of modifying network
   resource consumption patterns while maintaining or improving
   application performance.  The most important use case is providing
   application guidance in the global Internet, so that applications do
   not have to perform excessive measurements on their own.  For the
   very same reason, topology exposure is also very useful in VPNs.  But
   the constraints for using ALTO in L3VPNs or L2VPNs differ from the
   public Internet.  This document presents these use cases and
   discusses requirements and extensions to the base ALTO protocol that
   will be needed to realize the VPN Service in ALTO.





Scharf, et al.           Expires August 17, 2014                [Page 3]


Internet-Draft              ALTO VPN Service               February 2014


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Encompassing example

3.1.  A VPN scenario

   Below, we present an example for a VPN scenario that describes an
   environment for an ALTO VPN Service.  This scenario is subsequently
   used to analyze specific use cases.

   We consider the following: there are two distinct entities, one, the
   network service provider (NSP) who owns the network and offers a VPN
   to the second entity, the customer, who has premises in four
   different locations that shall be interconnected by that VPN.  The
   sites could be office branches, data centers, etc.  Throughout this
   document, we assume the following four sites:

   o  Site 1

         Location name: SITE-CHICAGO

         Geography Degree: 41.85 N, 87.65 W

   o  Site 2

         Location name: SITE-OTTAWA

         Geography Degree: 45.24 N, 75.43 W

   o  Site 3

         Location name: SITE-SANFRANCISCO

         Geography Degree: 37.75 N, 122.28 W

   o  Site 4

         Location name: SITE-PARIS

         Geography Degree: 48.86 N, 2.35 E

   It is assumed that these sites are interconnected by a VPN that may
   be identified by the hypothetical name "vpn42".  This document




Scharf, et al.           Expires August 17, 2014                [Page 4]


Internet-Draft              ALTO VPN Service               February 2014


   specifically considers two different VPN types for the
   interconnection:

   o  L3VPN: The local area networks at each site will have a certain IP
      subnet ranges, for instance 10.0.1.0/24 at site 1, 10.0.2.0/24 at
      site 2, etc.

   o  L2VPN: All sites form part for a flat sub-IP network, e.g.  a
      logical Ethernet segment.  Different to a local network, the
      network potentially interconnects geographically remote sites.

   The VPN will not necessarily be static.  The customer could possibly
   modify the VPN and add new VPN sites, e. g., to handle peak-load
   demand or to consolidate VPN sites to account for reduced traffic.
   The service provider could offer a Web portal or other Operation
   Support Systems (OSS) solutions that allow the customer to grow or
   consolidate the VPN.  Details on how the customer can configure VPNs
   are outside the scope of this document.

   Furthermore, we assume that the customer is running at least one
   application that can benefit from application-level traffic
   optimization, e.g., using application-internal routing mechanisms or
   placement functions.  For instance, typical uses cases for VPN
   customers could be:

   o  Enterprise application optimization: Enterprise customers often
      run distributed applications that exchange large amounts of data,
      e.g., for synchronization of replicated data bases.  Both for
      placement of replicas as well as for the scheduling of transfers
      insight into network topology information could be useful.

   o  Private cloud computing solution: An enterprise customer could run
      own data centers at the four sites.  The cloud management system
      could want to understand the network costs between different sites
      for intelligent routing and placement decisions of Virtual
      Machines (VMs) among the VPN sites.

   o  Cloud-bursting: One or more VPN endpoints could be located in a
      public cloud.  If an enterprise customer needs additional
      resources, they could be provided by a public cloud, which is
      accessed through the VPN.  Network topology awareness would help
      to decide in which data center of the public cloud those resources
      should be allocated.

   These examples focus on enterprise customers of NSPs, which are
   typical users of provider-supplied VPNs.  Such VPN customers
   typically have no insight into the network topology that transports
   the VPN.  For instance, the actual delay between two VPN sites may



Scharf, et al.           Expires August 17, 2014                [Page 5]


Internet-Draft              ALTO VPN Service               February 2014


   significantly depend on the routing in the NSP MPLS/IP network.  If
   better-than-random decisions are required, applications have to rely
   on own measurements.  An alternative would by guidance by an ALTO
   server offered by the NSP.

   It is important to emphasize that other scenarios and use cases exist
   and the examples enunciated so far are merely used to illustrate how
   ALTO can be used in a VPN context.  A common characteristic of these
   use cases is that applications will not necessarily run in the public
   Internet, and they will typically not be accessed by residential
   customers.  The internal use of ALTO by a specific application is not
   considered in this document.

3.2.  Exemplary use of ALTO

   In the example VPN described in the previous section, it would be
   beneficial if an ALTO server would expose cost maps or provide a
   ranking service that represents the costs between different sites, e.
   g., endpoints of the VPN.  Similar to existing use cases of ALTO,
   this enables an application integrating an ALTO client to use this
   information for application-level traffic optimization.  This results
   in the following scenario:





























Scharf, et al.           Expires August 17, 2014                [Page 6]


Internet-Draft              ALTO VPN Service               February 2014


                       +---------------+
                       |  Customer's   |
                       |   management  |
                       |  application  |.
                       | (ALTO client) |  .
                       +---------------+    .  VPN provisioning
                               ^              . (out-of-scope)
                               | ALTO           .
                               V                  .
                    +---------------------+       +----------------+
                    |     ALTO server     |       | VPN portal/OSS |
                    |   provided by NSP   |       | (out-of-scope) |
                    +---------------------+       +----------------+
                               ^ VPN network
                               * and cost maps
                               *
                     /---------*---------\ Network service provider
                     |         *         |
        +-------+   _______________________   +-------+
        | App a | ()_____. .________. .____() | App d |
        +-------+    |   | |        | |  |    +-------+
     San Francisco   \---| |--------| |--/      Paris
                         | |        | |
                         |^|        |^| Customer VPN
                          V          V
                      +-------+  +-------+
                      | App b |  | App c |
                      +-------+  +-------+
                       Chicago    Ottawa

               Figure 1: Overview of an ALTO usage scenario

   The network service provider could operate an ALTO server.  An ALTO
   client in an application could then retrieve an ALTO cost map by
   querying a corresponding URI, such as:

       uri: http://alto.nsp.org/vpn42/costmap

   The NSP can assign PIDs to each of the VPN endpoints; this renders
   computations at the ALTO server to fit in the current model of using
   the protocol.  A corresponding example would be:

      Site 1: PID "pid14"

      Site 2: PID "pid21"

      Site 3: PID "pid11"




Scharf, et al.           Expires August 17, 2014                [Page 7]


Internet-Draft              ALTO VPN Service               February 2014


      Site 4: PID "pid27"

   The example below further expands on the VPN by demonstrating the
   resulting network topology provided to an ALTO server.  The picture
   corresponds to the VPN of the customer and also includes the Provider
   Edge (PE) routers and Customer Edge (CE) devices:

                        ___________________________
   San Francisco       / Network service provider  \           Paris
       Site 3          | Internal MPLS/IP network  |          Site 4
                       |                           |
                    ___|_##_____________________##_|___
                   /\                                 /\
   10.0.3.0/24<-#-(  )          L3VPN "vpn42"        (  )-#->10.0.4.0/24
    "pid11"    CE  \/_________     _____     _________\/  CE   "pid27"
              device   | ##   |   |     |   |   ## |     device
                       | PE   |   |     |   |   PE |
                       |      |   |     |   |      |
                       |  PE #|   |#   #|   |# PE  |
                       \______| _ |_____| _ |______/
                              |/ \|     |/ \|
                               \_/       \_/
                                |         |
                      CE device #         # CE device
                                |         |
                                V         V
                             Site 1     Site 2
                             Chicago    Ottawa
                          10.0.1.0/24 10.0.2.0/24
                            "pid14"     "pid21"

          Figure 2: Example for mapping of VPN sites to ALTO PIDs

   The costs exposed by the ALTO server can be based on routing costs
   inside the service provider network or other network topology
   information, such as delay measurements, traffic engineering (TE)
   data, etc.  As with other use cases of ALTO, the costs can reflect
   the service provider's preference and policies regarding
   communication between the involved VPN endpoints.

   Generally, two different types of applications can consume the
   information provided by the ALTO server.  The first class can be
   composed of discrete application instances executing at the various
   sites that are interconnected by the VPN.  ALTO is used to optimize
   the routing or resource consumption among those application
   instances.  A typical examples is a distributed database, i.e., an
   enterprise backend system.  In Figure 1, these application instances
   are referred to as "App a", "App b", "App c", and "App d".  Generally



Scharf, et al.           Expires August 17, 2014                [Page 8]


Internet-Draft              ALTO VPN Service               February 2014


   speaking, this usage mirrors the canonical use of ALTO in
   unstructured P2P networks or Content Delivery Networks (CDN) networks
   whereby a rendezvous is desired between a consumer and a plurality of
   producers.  In this document, we label this class of applications by
   the term "user applications".

   The second class represents management applications that typically
   work on VPN level.  In addition to consulting an ALTO server provided
   by the NSP, this type of application possibly has its own
   understanding of what resources are available at different sites, and
   it could possibly even trigger more complex actions such a building
   out VPNs, e. g., by contacting a VPN portal of the NSP.  In Figure 1,
   as well as the rest of this document, uses the term "management
   application" for this use case.  An example would be an orchestration
   solution for cloud computing resources.  It could use the topology
   and cost maps illustrated in Figure 2 to control VPN placement.  In
   principle, management applications have some similarity to
   centralized resource directories in P2P networks (e. g., trackers),
   which are an important existing use case for ALTO.  Yet, unlike
   resource directories in the Internet, a VPN typically interconnects
   mainly sites within one administrative domain.

   There may also be an overlap between both types of applications.
   Furthermore, in particular for the first class of applications, the
   customer could run an own ALTO server, which could expose topology
   map and cost maps with further details only visible to the VPN
   customer (e.g., network segments behind NATs).  Since such
   information is independent of the use of a VPN and typically not
   known to an NSP, these usage scenarios are not further detailed in
   this memo.

4.  Use cases

   Current VPNs provide no clear mechanism to convey information about
   the network infrastructure to management or user applications using
   that VPN, e.g. regarding preferences or topological properties of the
   network service provider network.  Applications thus have to rely on
   other mechanisms such as local measurements to optimize their
   traffic.  The ALTO protocol has been designed to overcome such
   limitations in the Internet.  ALTO, being a well-established,
   generic, and flexible protocol, can be used in VPNs, too.

   We now present various use cases that exhibit the utility of
   considering a VPN extension of ALTO.  Through a series of use cases
   we demonstrate how a VPN customer and the NSP can use ALTO; we also
   highlight similarities and differences when using ALTO in the general
   Internet.




Scharf, et al.           Expires August 17, 2014                [Page 9]


Internet-Draft              ALTO VPN Service               February 2014


4.1.  Use case 1: Application guidance in an L3VPN

   The NSP providing the L3VPN service can offer an ALTO server that
   exposes network and cost information to applications running traffic
   over that VPN.  Since an L3VPN is IP-based, this use case is in
   principle similar to the use cases already addressed by the ALTO base
   protocol.

   Example 1: Consider the customer in Section 3.1 that has four VPN
   sites.  A user application in one site (say Site 1) would now like to
   find out which of the other sites (Site 2 to Site 4) are
   topologically close to Site 1, perhaps to determine where to
   replicate a certain data set.  A corresponding ALTO query would
   return the costs between those sites.  The user application could
   then select a host in the corresponding subnetwork and connect to
   that endpoint.

   Example 2: In addition to network proximity information, the user
   application could also be interested in guidance regarding network
   parameters that cannot be measured directly.  For instance, a
   relevant parameter for a VPN site could be the level of redundancy
   for that VPN site, e.g., whether there is resilience by network
   protection schemes in the NSP network.

   Example 3: It is quite common for VPN Customer Equipment (CE) to be
   multi-homed at the Provider Edge (PE).  A CE may well home into to
   several PE routers and thus may have different network cost
   functions.  For instance, assume that in Site 1 the CE will peer to a
   local PE1 and remote PE2.  The cost to reach Site 2 in the VPN could
   be 1575 for PE1 and 2250 for PE2.  The CE will thus choose to steer
   traffic from Site 1 to Site 2 toward PE1.  While the realization of
   such traffic steering is outside the scope of this document, CE
   multi-homing places an explicit need to expose more than one set of
   network costs for a VPN endpoint.

   In principle, the existing ALTO services such as network and cost map
   can provide such guidance.  However, it is important to note that a
   VPN might not run in a public environment.  The IP address ranges
   inside a VPN might not be globally unique or routable.  Furthermore,
   a provider based VPN service normally maintains a strict separation
   between service provider addressing (such as addresses or Provider
   Edge routers) and customer addressing.  As a result, an ALTO server
   will not expose the internal IP addressing of the network service
   provider, making it difficult to identify services using IP addresses
   in general.  In a BGP L3VPN, the VPRN BGP Route Distinguisher could
   possibly be used as a service identifier, but it is unclear whether
   an application of a customer or the ALTO client will indeed know such
   network-internal information of the NSP and whether the NSP would



Scharf, et al.           Expires August 17, 2014               [Page 10]


Internet-Draft              ALTO VPN Service               February 2014


   want to expose it.  Also, it would make sense to define an ALTO VPN
   extension independent of a specific VPN technology.

   The network costs in a VPN depends on VPN topology, which needs to be
   taken into consideration when calculating ALTO information.  Given
   that VPNs are often offered by a single network service provider,
   ALTO cost information could include information that may be available
   for a single autonomous system, but difficult to gather in the
   Internet as a whole.  Examples would be the provisioned bandwidth,
   network-internal latencies, or the path resilience.  In a static VPN
   environment e.g. with a reserved resources in an MPLS/IP wide area
   network, these costs can be assumed to be rather stable and e. g.
   reflect the reserved bandwidth between VPN sites.  For an application
   it is simpler and less intrusive to obtain such information about the
   VPN from the network instead of performing measurements, which would
   possibly require special probe instances at the different VPN sites
   (e. g., data centers).  But as the encoding of such costs in ALTO is
   independent of the usage of a VPN, this document does not mandate any
   specific way how to build ALTO cost maps.

   This memo does not argue that ALTO shall be used as a generic data
   center information exchange protocol.  For instance, a general data
   center resource information model has been suggested in
   [I-D.lee-alto-ext-dc-resource].  According to that model, the ALTO
   server also includes data-center information not related at all to
   the network, such as compute resources, memory, power consumption,
   etc.  While VPNs are an important technology to interconnect data
   centers, the ALTO VPN service solely focuses on networking cost.

4.2.  Use case 2: Application guidance in an L2VPN

   The use case outlined in Example 1 also exists for L2VPNs, which are
   an important technology to transparently interconnect different LAN
   segments of enterprise users.  Again, applications could benefit from
   getting insight into topological properties of the wide area network
   providing the L2VPN service, in order to avoid the overhead of own
   measurements.

   Example 4: The user application described in Section 3.1 again wants
   to find out how well connected (topologically close) Site 1 is to
   Site 2, 3, or 4.  Different from the previous example, all sites are
   now part of the same Layer 2 subnet.  Another example for an
   application that would benefit from ALTO is a cloud management
   system.  Such a management application could be interested in finding
   out whether migrating of a Virtual Machine from Site 1 to another
   site would improve performance, perhaps due to better connectivity or
   lower latency.




Scharf, et al.           Expires August 17, 2014               [Page 11]


Internet-Draft              ALTO VPN Service               February 2014


   While this use case is in principle similar to the previous one,
   there is a major difference regarding addressing: Unlike the L3VPN,
   an L2VPN is not necessarily IP-based; it may use MAC addresses
   instead of IP addresses.  While IP addresses can be aggregated easily
   and represented succinctly using CIDR notation, MAC addresses do not
   lend themselves to such aggregation and representation.  Furthermore,
   MAC addresses are not useful to applications themselves.  And
   finally, MAC addresses may not readily be known and available to an
   ALTO server of the network service provider.  And even if they are,
   an ALTO map using MAC addresses will be very large.  In summary, use
   of MAC addresses is not scalable and nor does it denote any hierarchy
   that can be used for aggregation.  Some other means of identifying
   services and hosts will be required when using ALTO in L2VPNs.

4.3.  Use case 3: VPN guidance without addresses

   The VPN interconnects different sites through the network service
   provider's network.  An application might be interested in getting
   topology information among those sites without knowing actual
   addresses or identifiers used internally by the VPN.  In fact, a VPN
   site may not even have an address known or visible to applications,
   e.g., a pseudo-wire VPN.

   Example 5: A management application might ask for all VPN sites (i.
   e., corresponding PIDs) that have a delay less than 40ms or a routing
   cost less than 55, from VPN Site 1.  A specific example for such an
   application might be cloud management system that uses application-
   level traffic optimization mechanisms.  In the scenario introduced in
   Section 3.1, such an application may have a-priori information,
   learned from e.g. a VPN portal, about the VPN type and/or VPN
   identifiers ("vpn42") as well as some unique site identifier such as
   "SITE-CHICAGO" but no network addresses.  The query could also be
   more complex or include constraints, e. g., limited to a particular
   TE class.  Note that the ATLO protocol does not necessarily have to
   support the query constraint itself; if corresponding maps are
   available, the application can analyze the data itself.

   Example 6: In absence of well-known existing network identifiers, a
   management application might want to query for VPN sites based on yet
   other attributes, such as geographical distance.  For example, an
   application might want to find all the VPN sites (i. e.,
   corresponding PIDs) within 50 KM of 45.35N, 75.92W.  Such geographic
   queries would be typical of policies bounding delay by geographic
   distance or administrative and legal requirements.

   Such application guidance is obviously similar to existing use of the
   ALTO cost map or ranking services except that the queries are not
   based on network addresses.



Scharf, et al.           Expires August 17, 2014               [Page 12]


Internet-Draft              ALTO VPN Service               February 2014


4.4.  Use case 4: Extending the VPN

   The customer can possibly grow the VPN to include new sites that are
   connected at a later time to the VPN.  The actual mechanisms for VPN
   reconfiguration are outside the scope of this document.

   Example 7: A management application could be interested in guidance
   for VPN sites that are currently not part of the VPN, but that would
   be available e. g. to increase capacity or geographic coverage.
   Assume that two sites Site 1 and Site 2 are already connected to the
   VPN.  Some time later, scale-out to a third site is required, and the
   application has to decide whether Site 3 or 4 is better suited for a
   new application instance.  This is an realistic example for a cloud
   management system that is geographically distributed.  Such a system
   would then have to decide whether Site 3 or Site 4 is topologically
   closer to the existing VPN endpoints, in order to determine the best
   location from the network point of view.  An ALTO server could
   provide guidance on the offnet distance of Sites 3 and 4 to the
   existing VPN sites.

   Apparently, the question whether to actually extend the VPN in a
   specific way may also include decisions outside the scope of ALTO,
   such as price information or other commercial or legal policies.  The
   actual VPN re-configuration and attachment of a new site to the VPN
   topology requires back-office interaction and provisioning actions by
   separate, orthogonal mechanisms such as a Path Computation Element
   (PCE).  Actual path setup by a PCE is independent from the selection
   of a suitable target site.  But it makes sense to use the well-
   established ALTO methods in order to get at an early stage network
   proximity information as input information for the selection and
   configuration process.  Applications typically cannot measure the
   network performance to destinations not already part of the VPN.

   For a network service provider, customer guidance for VPN extension
   by ALTO offers a new possibility to optimize its internal traffic
   engineering.  For instance, an operator could recommend to customers
   not to connect to a destination operating in protection mode, e.g.,
   after a fiber cut, because in such a case the network may have less
   sparse resources.  Note that a customer is not able to measure such
   constraints.  ALTO is a simple interface to expose such information
   to applications.

   From an ALTO perspective, growing VPN sites possibly results in
   different types of endpoints, some of which may exist a-priory but
   not be reachable within the VPN.  They could possibly be understood
   as "shadow" PIDs that become active once the VPN is extended.  Once
   the VPN is modified, new endpoints or PIDs may be created, i. e., the




Scharf, et al.           Expires August 17, 2014               [Page 13]


Internet-Draft              ALTO VPN Service               February 2014


   ALTO network and cost maps may have to be updated accordingly after
   the VPN is re-configured.

4.5.  Use case 5: Shrinking the VPN

   Much like a VPN may grow dynamically, it can also shrink when the
   resources in the VPN are underutilized.  Instead of keeping the
   underutilized resources alive, the VPN operator my decide to
   consolidate the resources and remove sites from the VPN.

   Example 8: Once again, consider the customer in Section 3.1 that has
   four VPN sites.  Based on low resource demand, the management
   application may wonder whether Site 1 (Chicago) and Site 2 (Ottawa)
   can be consolidated, e. g., by moving resources between them.  One
   important constraint for such a decision could network proximity
   information.  After such a consolidation, the VPN network and cost
   maps will be updated to reflect the new topology.

   From an ALTO server perspective, this use case is similar to a
   general application guidance.  Yet, there could be a benefit for the
   service provider to provide special guidance regarding removal of VPN
   endpoints if there is a benefit for its internal traffic engineering
   (e. g., consolidation of network resources used by several VPN
   customers).

4.6.  Use case 6: VPN selection

   In a more advanced use case, ALTO could also be a selection function
   to choose VPNs based on network cost criteria.

   Example 9: In a multi-homing environment, ALTO could be used to
   select one VPN out of several candidates to reach a certain
   destination, taking into account smaller costs, e. g., according to
   distance or to preferences of the network service provider network.

   This use case differs from the previous examples since more than one
   VPN is involved, i. e., the ALTO guidance is not used to perform
   application-layer traffic optimization within one VPN, but instead
   across different VPNs.

4.7.  Use case 7: Other use cases

   The aforementioned use cases could be complemented by other use of
   ALTO information.  For instance, if applications using the VPN are
   flexible regarding the timing of data transfers, an ALTO server could
   provide guidance when and how to schedule such data transfers,
   possibly with time-shift enhancements.  This scenario is further
   detailed in [I-D.randriamasy-alto-cost-schedule].



Scharf, et al.           Expires August 17, 2014               [Page 14]


Internet-Draft              ALTO VPN Service               February 2014


5.  Requirements and potential solutions

5.1.  Requirements

   Based on the scenarios listed in Section 4, several requirements can
   be derived for a VPN Service in ALTO:

   REQ 1: The existing ALTO protocol and RESTful interface should be
   used as far as possible to enable an NSP to expose properties of a
   VPN.

   REQ 2: A VPN Service must not require that network service provider
   expose internal addressing, such as internal addresses or loopback
   addresses of the Provider Edge (PE) routers.

   REQ 3: A VPN Service must use the PID concept of the base ALTO
   protocol as far as possible, i. e., the VPNs and network entities in
   the VPNs can be identified by PIDs.  This permits use of the existing
   ALTO services such as the map service for VPNs, as well as the
   inherent topology abstraction provided by ALTO.

   REQ 4: A VPN Service must be possible for different VPN types, i. e.,
   it must not be limited to L3VPNs only.

   REQ 5: The VPN Service must support use cases where IP addresses are
   not the only form of endpoint identification.

   REQ 6: If IP addresses are used, a VPN Service must not assume that
   IP address are globally routable or unique.

   REQ 7: A VPN Service should include certain attributes that are
   unique to a VPN and that are not represented by the current set of
   attributes in the base ALTO protocol.  Examples include location name
   of a site, geography coordinates (degree/digital), role, redundancy,
   default policy, or geography restriction.

   REQ 8: The PID must be selectable using standard ALTO filtering.  A
   standard interface query should allow finding resources using, say,
   the location name attribute or the geography attributes.

   REQ 9: The PID should be selectable using a filter that computes
   matching sites within a certain distance of a particular geographic
   coordinate based on latitude and longitude, in case that no other
   address information is known in advance.

   REQ 10: Incremental build out (as well as the shrinking) of resources
   that are part of the VPN must be supported, i. e., the ALTO VPN




Scharf, et al.           Expires August 17, 2014               [Page 15]


Internet-Draft              ALTO VPN Service               February 2014


   service should also be able to expose information about new sites to
   be attached to the VPN, or provide guidance for removal of sites.

   REQ 11: A VPN Service requires that an ALTO server can report the
   (expected) connectivity between VPN sites regarding different
   metrics, including for example geographical distance, delay, or
   provisioned bandwidth.

   REQ 12: Information about a VPN must only be exposed to authorized
   users of that VPN.

5.2.  Potential Solutions

   In the following we analyze how the requirements of a VPN Service can
   be addressed by ALTO extensions.

   REQ 1: This is an inherent, general requirement for any new use or
   extension of ALTO.

   REQ 2: This requirement can be supported in ALTO today, because it is
   left to the service provider which information to expose e.g. in ALTO
   cost maps.

   REQ 3: The PID concept itself is generic and thus can fulfill this
   requirement.

   REQ 4: L3VPNs are rather similar to existing use cases of ALTO in the
   Internet.  Insofar as L2VPNs or pseudo-wire VPNs have the notion of
   some address, ALTO seems to able to handle these through an extension
   that extends the definition of an address to include other
   identifiers besides IP addresses.

   REQ 5: Use of ALTO with network identifiers that are not IP addresses
   requires work.  There is a need to analyze how to name VPNs and
   endpoints and how to achieve a mapping to the information stored in
   the ALTO server.  One potential approach would be to characterize an
   endpoint by any identifier that is unique within a map.

   REQ 6: ALTO can be used as of now with IP address ranges that are not
   globally routable.  However, it must be emphasized that private VPN
   environments without uplink to the global Internet may only have
   connectivity to a limited number of IP subnets, i. e., the ALTO
   server will not be able to provide any reasonable guidance for most
   parts of the IP address space.  Also, the ALTO server operator must
   take into account that IP address ranges in different VPNs may
   overlap, possibly also with the transport network infrastructure (e.
   g., PE routers).




Scharf, et al.           Expires August 17, 2014               [Page 16]


Internet-Draft              ALTO VPN Service               February 2014


   REQ 7: Extensions to ALTO will be needed, in particular assignment of
   properties to PIDs.  [I-D.roome-alto-pid-properties] extends the ALTO
   protocol by defining PID-based properties in much the same way that
   the original ALTO protocol defines endpoint-based properties.  The
   VPN use case may also benefit from other extensions to ALTO.
   Representing the network topology as a graph and using TE metrics
   (e.g., [I-D.wu-alto-te-metrics]) may allow the VPN operator to be
   better informed about link-level information to grow (or shrink) a
   new (or existing) VPN.

   REQ 8: Assuming extensions in REQ 7, filtering should be fairly easy.
   If a client has to perform complex queries, it could also download
   all PID properties and execute complex filter logic itself, if full
   data retrieval is supported by the ALTO server.  There is a tradeoff
   between the complexity of the server and the client.

   REQ 9: Extensions to ALTO will be needed.  In complex cases, client-
   side execution of the filtering is an alternative.

   REQ 10: This requirement will possibly require extensions to ALTO, e.
   g., to distinguish between endpoints that are already attached to the
   VPN and sites outside the VPN.  This can be achieved e.g. by endpoint
   and/or PID properties.  Changes of the VPN topology are likely to
   change the ALTO maps, i.e., standard ALTO mechanism for incremental
   updates and push notifications would be of added value.

   REQ 11: Registration of corresponding metrics is useful.  An subset
   of metrics is described in [I-D.wu-alto-te-metrics].  Further
   analysis is needed for additional connectivity aspects, such as
   resilience parameters, shared risk link group (SRLG), etc.

   REQ 12: Existing authentication and access control mechanisms for
   ALTO could be sufficient to meet this requirement, subject to further
   analysis.

6.  Security considerations

   TBD.

7.  IANA considerations

   TBD.

8.  References







Scharf, et al.           Expires August 17, 2014               [Page 17]


Internet-Draft              ALTO VPN Service               February 2014


8.1.  Normative References

   [I-D.ietf-alto-protocol]
              Alimi, R., Penno, R., and Y. Yang, "ALTO Protocol", draft-
              ietf-alto-protocol-25 (work in progress), January 2014.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4026]  Andersson, L. and T. Madsen, "Provider Provisioned Virtual
              Private Network (VPN) Terminology", RFC 4026, March 2005.

   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, February 2006.

   [RFC4762]  Lasserre, M. and V. Kompella, "Virtual Private LAN Service
              (VPLS) Using Label Distribution Protocol (LDP) Signaling",
              RFC 4762, January 2007.

8.2.  Informative References

   [I-D.lee-alto-ext-dc-resource]
              Lee, Y., Bernstein, G., Dhody, D., and T. Choi, "ALTO
              Extensions for Collecting Data Center Resource
              Information", draft-lee-alto-ext-dc-resource-03 (work in
              progress), January 2014.

   [I-D.randriamasy-alto-cost-schedule]
              Randriamasy, S. and N. Schwan, "ALTO Cost Schedule",
              draft-randriamasy-alto-cost-schedule-02 (work in
              progress), October 2012.

   [I-D.roome-alto-pid-properties]
              Roome, B. and Y. Yang, "PID Property Extension for ALTO
              Protocol", draft-roome-alto-pid-properties-00 (work in
              progress), October 2013.

   [I-D.wu-alto-te-metrics]
              Wu, W., Lee, Y., Dhody, D., and S. Randriamasy, "ALTO
              Traffic Engineering Cost Metrics", draft-wu-alto-te-
              metrics-00 (work in progress), October 2013.

Appendix A.  Acknowledgements

   TBD.






Scharf, et al.           Expires August 17, 2014               [Page 18]


Internet-Draft              ALTO VPN Service               February 2014


Authors' Addresses

   Michael Scharf (editor)
   Alcatel-Lucent

   Email: Michael.Scharf@alcatel-lucent.com


   Vijay K. Gurbani (editor)
   Alcatel-Lucent

   Email: vkg@bell-labs.com


   Greg Soprovich
   Alcatel-Lucent

   Email: Greg.Soprovich@alcatel-lucent.com


   Volker Hilt
   Alcatel-Lucent

   Email: volker.hilt@bell-labs.com



























Scharf, et al.           Expires August 17, 2014               [Page 19]