Internet Research Task Force C. Zhou
Internet-Draft H. Yang
Intended status: Informational X. Duan
Expires: August 26, 2021 China Mobile
D. Lopez
A. Pastor
Telefonica I+D
Q. Wu
Huawei
M. Boucadair
C. Jacquenet
Orange
February 22, 2021
Concepts of Digital Twin Network
draft-zhou-nmrg-digitaltwin-network-concepts-03
Abstract
Digital Twin technology has been seen as a rapid adoption technology
in Industry 4.0. The application of Digital Twin technology in the
telecommunications field is meant to realize efficient and
intelligent management and accelerate network innovation. This
document presents an overview of the concepts of Digital Twin Network
(DTN), provides the definition and DTN, and then describes the
benefits and key challenges of such technology.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
Zhou, et al. Expires August 26, 2021 [Page 1]
Internet-Draft Network Working Group February 2021
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 26, 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Definition of Digital Twin Network . . . . . . . . . . . . . 3
3. Benefits of Digital Twin Network . . . . . . . . . . . . . . 5
3.1. Lower the Cost of Network Optimization . . . . . . . . . 5
3.2. Optimized Decision Making . . . . . . . . . . . . . . . . 6
3.3. Safer Assessment of Innovative Network Capabilities . . . 6
3.4. Privacy and Regulatory Compliance . . . . . . . . . . . . 6
3.5. Customize Network Operation Training . . . . . . . . . . 7
4. Reference Architecture of Digital Twin Network . . . . . . . 7
5. Challenges to build Digital Twin Network . . . . . . . . . . 9
6. Interaction with IBN . . . . . . . . . . . . . . . . . . . . 10
7. Application Scenarios . . . . . . . . . . . . . . . . . . . . 10
7.1. Human Training . . . . . . . . . . . . . . . . . . . . . 10
7.2. ML Training . . . . . . . . . . . . . . . . . . . . . . . 11
7.3. DevOps-oriented certification . . . . . . . . . . . . . . 11
7.4. Network fuzzing . . . . . . . . . . . . . . . . . . . . . 11
8. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 12
10. Security Considerations . . . . . . . . . . . . . . . . . . . 12
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
13.1. Normative References . . . . . . . . . . . . . . . . . . 13
13.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. Change Logs . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
Zhou, et al. Expires August 26, 2021 [Page 2]
Internet-Draft Network Working Group February 2021
1. Introduction
With the advent of technologies such as 5G, Industrial Internet of
Things, Edge Computing, and Artificial Intelligence (AI), the ICT
industry and other vertical industries such as smart city or smart
manufacturers are transformed dramatically through replacing what is
used to be manual processes with digital processes.
With the fast growing of the network scale and the increased demand
placed on the network driven by end user, accommodating and adapting
dynamically to customer needs becomes a big challenge to network
operators. Indeed, network operation and maintenance are becoming
more complex due to higher complexity of the managed network. As
such, providing innovations on network will be more and more
difficult due to the higher risk of network failure and higher trial
cost if no reliable emulation platforms are available.
Digital Twin is the real-time representation of physical entities in
the digital world. It has the characteristics of virtual-reality
interrelation and real-time interaction, iterative operation and
process optimization, as well as full life-cycle, and full business
data-driven. At present, it has been successfully applied in the
fields of intelligent manufacturing, smart city, or complex system
operation and maintenance [Tao2019] to help with not only object
design and test, but also operation and maintenance.
A digital twin network platform can be built by applying Digital Twin
technology to network and creating virtual image of physical network
facilities (emulation). Through the real-time data interaction
between the physical network and its twin network, the digital twin
network platform might help the network designers to achieve more
simplification, automatic, resilient, and full life-cycle operation
and maintenance. Having an emulation platform that allows to
reliably represent the state of a network is more reliable than a
simulation platform. The emulated platform can thus be used to
assess specific behaviors before actual implementation in the
physical network, tweak the network for better optimized behavior,
run 'what-if' scenarios that can't be tested and evaluated easily in
the physical network.
2. Definition of Digital Twin Network
There is no standard definition of digital twin network in networking
industry or SDOs. This document attempts to define Digital Twin
Network as a virtual representation of the physical network. Such
virtualized representation of the network is meant to analyze,
diagnose, emulate, and control the physical network. To that aim,
real-time and interactive mapping is required between the between
Zhou, et al. Expires August 26, 2021 [Page 3]
Internet-Draft Network Working Group February 2021
physical network and the virtual twin network. Digital Twin Network
may involve five key elements: data, mapping, model, interface, and
orchestration stack as shown in Figure 1.
+-------------+ +--------------+
| | | |
| Mapping | |Orchestration |
| | | |
+-------------+-----------------+--------------+
| |
| Analyze, Diagnose |
| |
| +----------------------+ |
| | NETWORK DIGITAL TWIN | |
| +----------------------+ |
+------------+ +------------+
| | Simulate, Control | |
| Models | | Data |
| |-----+------------+-----| |
+------------+ | | +------------+
| Interface |
| |
+------------+
Figure 1: Key Elements of Digital Twin Network
Data: Provide a unified data repository aggregated from multiple
data sources in the network, can be the single source of the
"truth" and provide timely and accurate data search support.
Data Model: An abstract model that organizes elements of data.
Various data models such as YANG data models, database models, or
knowledge graph can be designed to represent the physical network
assets and flexibly trimmed or interwoven to serve various network
applications.
Interface: Standardized interfaces include telemetry interface
between Network Digital Twin Platform and Physical Network
Infrastructure, data as a service interface between Network
Digital Twin Platform and Application and can effectively check
the data inconsistency and ensure compatibility and scalability of
DTN system.
Mapping: Different from the traditional network simulation system,
it provides real-time interactive mapping between physical network
and virtual twin network, which emulate the behavior of a network
by calculating the deviation between the different network
entities (routers, switches, nodes, access points, links etc.) in
Zhou, et al. Expires August 26, 2021 [Page 4]
Internet-Draft Network Working Group February 2021
the physical network and corresponding entities in the virtual
twin network.
Orchestration: Two kind or orchestration are provided, one is to
controlling the DTN environment and its components to derive the
required behavior. The second is to deal with the dynamic
lifecycle management of these components. The second
orchestration provides repeatability (the capacity to replicate
network conditions on demand) and reproducibility (the ability to
replay successions of events, possibly under controlled
variations).
3. Benefits of Digital Twin Network
Digital Twin Networks can help enable closed-loop network management
across the entire lifecycle, from digital deployment and simulation,
to visualized assessment, physical deployment, and continuous
verification. In doing so, network operators (and end-users to some
extent) can get a global, systemic and consistent view of the
network. Network operators can also safely assess the enforcement of
network planning policies, deployment procedures, etc., without
jeopardizing the daily operation of the physical network. The
benefits of DTN can be classified into: low cost of network
optimization, optimized and safer decision-making, safer testing of
innovative network capabilities (including "what if"
scenarios),Privacy and Regulatory Compliance and Customize Network
Operation Training. The following sections detail such benefits.
3.1. Lower the Cost of Network Optimization
Large scale networks are complex to operate. Since there is no
effective platform for simulation, network optimization designs have
to be tested on the physical network at the cost of jeopardizing its
daily operation and possibly degrading the quality of the services
supported by the network. Such assessment greatly increases network
operator's OpEX budgets too.
With a Digital Twin Network platform, network operators can safely
emulate candidate optimization solutions before deploying them in the
physical network. In addition, the operator's OpEX on the real
physical network deployment will be greatly decreased accordingly at
the cost of the complexity of the assessment and the resources
involved.
Zhou, et al. Expires August 26, 2021 [Page 5]
Internet-Draft Network Working Group February 2021
3.2. Optimized Decision Making
Traditional network operation and management mainly focus on
deploying and managing current services, but hardly support
predictive maintenance techniques.
DTN can combine data acquisition, big data processing and AI modeling
to assess the status of the network, but also to predict future
trends, and better organize predictive maintenance. The DTN's
ability to reproduce network behaviors under various conditions
facilitates the corresponding assessment of the various evolution
options as often as required.
3.3. Safer Assessment of Innovative Network Capabilities
Testing a new feature in an operational network is not only complex:
it's also extremely risky.
DTNs can thus greatly help assessing innovative network capabilities
without jeopardizing the daily operation of the physical network. In
addition, it also helps researches explore network innovation (e.g.
new network protocols, network AI/ML applications, etc.) efficiently,
and network operators deploy new technologies quickly with lower
risks. Take AI/ ML application as example, it is a conflict between
the continuous high reliability requirement (i.e., 99.999%) of
network and the slow learning speed or phase-in learning steps of AI/
ML algorithms. With DTN platform, AI/ML can fully complete the
learning and training with the sufficient data before deploy the
model to the real network. This will greatly encourage more network
AI innovations in future network.
3.4. Privacy and Regulatory Compliance
The requirements on data confidentiality and privacy on network
service providers increase the complexity of network management, as
decisions made by computation logics such as a SDN controller may
rely upon the contents of payloads. As a result, the improvement of
data-driven management requires complementary techniques that can
provide a strict control based upon security mechanisms to guarantee
data privacy protection and regulatory compliance. Some examples of
these techniques include payload inspection, including de-encryption
user explicit consents, or data anonymization mechanisms.
Given DTN operation assumes the mapping between real traffic or
services and the traffic used by the DTN for assessment purposes in
particular, the need for privacy is of the utmost importance. The
lack of personal data permits to lower the privacy requirements and
simplifies the use of privacy-preserving techniques.
Zhou, et al. Expires August 26, 2021 [Page 6]
Internet-Draft Network Working Group February 2021
3.5. Customize Network Operation Training
Network architectures can be complex, and their operation requires
expert personnel. DTN offers an opportunity to train staff for
customized networks and specific user needs. Two salient examples
are the application of new network architectures and protocols, or
the use of cyber-ranges to train security experts in the threat
detection and mitigation.
4. Reference Architecture of Digital Twin Network
So far, there is no reference or standard DTN architecture. Based on
the definition of the key DTN elements introduced in section 2, a DTN
architecture that relies upon three layers is depicted in Figure 2.
+---------------------------------------------------------+
| +-------+ +-------+ +-------+ Network|
| | App 1 | | App 2 | ... | App n | Application|
| +-------+ +-------+ +-------+ |
+-------------^-------------------+-----------------------+
|Capability Exposure|intent input
| |
+---------------------------------v-----------------------+
| Network Digital Twin|
| +--------+ +------------------------+ +--------+ |
| | | | Service Mapping Models | | | |
| | | | +------------------+ | | | |
| | Data +---> |Functional Models | +---> Digital| |
| | Repo- | | +-----+-----^------+ | | Twin | |
| | sitory | | | | | | Entity | |
| | | | +-----v-----+------+ | | Mgmt | |
| | <---+ | Basic Models | <---+ | |
| | | | +------------------+ | | | |
| +--------+ +------------------------+ +--------+ |
+--------^------------------------------------------------+
| |
| data collection | control
+-------------------------------------v-------------------+
| Physical Network |
| |
+---------------------------------------------------------+
Figure 2: Reference Architecture of Digital Twin Network
1. The lowest layer is Physical Network. All network elements in
physical network exchange massive network data and control with
network digital twin entity, via southbound interfaces.
Zhou, et al. Expires August 26, 2021 [Page 7]
Internet-Draft Network Working Group February 2021
2. The Intermediate layer is the Network Digital Twin Entity, which
is the core of the DTN system. This layer includes three key
subsystems: Data Repository, Service Mapping Models and Digital
Twin Entity Management.
* Data Repository provides accurate and complete information
about the network and its components for building various
service models by collecting and updating the real-time
operational data of various network elements through the
southbound interface. In addition to data storage, the
Repository is also responsible for providing data search
services to the Service Mapping Models sub-system, including
fast retrieval, concurrent conflict, batch service, unified
interface, etc.
* Service Mapping Models completes data modellling, provides
data model instances for various network capabilities, and
maximizes the agility and programmability of network services.
The data models include two major types: basic models and
functional models.
+ Basic Model refers to the network element model and network
topology model of the network digital twin entity based on
the basic configuration, environment information,
operational state, link topology and other information of
the network element, to complete the real-time accurate
description of the physical network.
+ Functional model refers to various data models such as
network analysis, simulation, diagnosis, prediction,
assurance, etc. The functional models can be constructed
and expanded by multiple dimensions: by network type, there
can be models serving for a single or multiple network
domains; by function type, it can be divided into state
monitoring, traffic analysis, security exercise, fault
diagnosis, quality assurance and other models; it can also
be divided into general model and special-purpose model.
Specifically, multiple dimensions can be combined to create
a data model for more specific application scenarios.
* Digital Twin Entity Management completes the management
function of digital twin network, records the life-cycle of
the entity, visualizes and controls various elements of the
network digital twin, including topology management, model
management and security management.
3. Top layer is Network Application. Various applications (e.g.
OAM, IBN, etc.) can effectively run over a Digital Twin Network
Zhou, et al. Expires August 26, 2021 [Page 8]
Internet-Draft Network Working Group February 2021
platform to implement either conventional or innovative network
operations, with low cost and less service impact on real
networks. Network applications raise requirements that need to
be addressed by the DTN. Such requirements are exchanged through
a northbound interface; then the service is emulated by various
service model instances; once checked, changes can be safely
deployed in the physical network.
5. Challenges to build Digital Twin Network
As mentioned in the above section, DTNs can bring many benefits to
network management as well as facilitate the introduction of
innovative network capabilities. However, building an effective and
efficient DTN system remains a challenge. The following is a list of
the major challenges.
o Large scale challenge: The digital twin entity of large-scale
networks will significantly increase the complexity of data
acquisition and storage, the design and implementation of models.
And the requirements of software and hardware of the system will
be even more constraining.
o Compatibility issue: It is difficult to establish a unified
digital twin platform with a unified data model in the whole
network domain due to the inconsistency of technical
implementations and the heterogeneity of vendor technologies.
o Data modeling difficulties: Based on large-scale network data,
data modeling should not only focus on ensuring the accuracy of
model functions, but also need to consider the flexibility and
scalability of the model. Balancing these requirements further
increase the complexity of building efficient and hierarchical
functional data models.
o Real-time requirement: For services with real-time requirements,
the processing of model simulation and verification through a DTN
system will increase the service delay, so the function and
process of the data model need to be based on automated processing
mechanism under various network application scenarios; at the same
time, the real-time requirements will further increase performance
requirements on the system software and hardware.
o Security risks: the DTN synchronizes all the data of physical
networks in real time, which inevitably augments the attack
surface, with a higher risk of information leakage in particular.
To address these challenges, the Digital Twin Network needs
continuous optimization and breakthrough on key enabling technologies
Zhou, et al. Expires August 26, 2021 [Page 9]
Internet-Draft Network Working Group February 2021
including data acquisition, data storage, data modeling, network
visualization, interface standardization, and security assurance, so
as to meet the requirements of compatibility, reliability, real-time
and security.
6. Interaction with IBN
Implementing Intent-Based Networking (IBN) via DTN can be an example
to show how DTN improves the efficiency of deploying network
innovation. IBN is an innovative technology for life-cycle network
management. Future network will be possibly Intent-based, which
means that users can input their abstract 'intent' to the network,
instead of detailed policies or configurations on the network
devices. [I-D.irtf-nmrg-ibn-concepts-definitions] clarifies the
concept of "Intent" and provides an overview of IBN functionalities.
The key characteristic of an IBN system is that user's intent can be
assured automatically via continuously adjusting the policies and
validating the real-time situation. To lower the impact on real
network, several rounds of adjustment and validation can be simulated
on the DTN platform instead of directly on physical network.
Therefore, DTN can be an important enabler platform to implement IBN
system and speed up the deployment of IBN in customer's network.
7. Application Scenarios
Digital Twin Network can be applied to solve different problems in
network management and operation.
7.1. Human Training
The usual approach to network Operations, Administration, and
Maintenance (OAM) with procedures applied by humans is open to errors
in all these procedures, with impact in network availability and
resilience. Response procedures and actions for most relevant
operational requests and incidents are commonly defined to reduce
errors to a minimum. The progressive automation of these procedures,
such as predictive control or closed loop management, reduce the
faults and response time, but still there is the need of a human-in-
the-loop for multiples actions. These processes are not intuitive
and require training to learn how to respond. The use of DTN for
this purpose in different network management activities will improve
the operators performance. One common example is cybersecurity
incident handling, where cyber-range exercises are executed
periodically to train security practitioners. DTN will offer
realistic environments, fitted to the real production networks.
Zhou, et al. Expires August 26, 2021 [Page 10]
Internet-Draft Network Working Group February 2021
7.2. ML Training
Machine Learning requires data and their context to be available in
order to apply it. A common approach in the network management
environment has been to simulate or import data in a specific
environment (the ML developer lab), where they are used to train the
selected model, while later, when the model is deployed in
production, re-train or adjust to the production environment context.
This demands a specific adaption period. DTNs simplify the complete
ML lifecycle development by providing a realistic environment,
including network topologies, to generate the data required in a
well-aligned context. Dataset generated belongs to the DTN and not
to the production network, allowing information access by third
parties, without impacting data privacy.
7.3. DevOps-oriented certification
The potential application of CI/CD models network management
operations increases the risk associated to deployment of non-
validated updates, what conflicts with the goal of the certification
requirements applied by network service providers. A solution for
addressing these certification requirements is to verify the specific
impacts of updates on service assurance and SLAs using a DTN
environment replicating the network particularities, as a previous
step to production release. DTN orchestration capacities support the
dynamic mechanisms required by DevOps procedures.
7.4. Network fuzzing
Network management dependency on programmability increases systems
complexity. The behavior of new protocol stacks, API parameters and
interactions among complex software components, are examples that
implies higher risk to errors or vulnerabilities in software and
configuration. DTN allows to apply fuzzing testing techniques on a
twin network environment, with interactions and conditions similar to
the production network, permitting to identify and solve
vulnerabilities, bugs and zero-days attacks before production
delivery.
8. Summary
Research on Digital Twin Networks has just started. This document
presents an overview of the DTN concepts. Looking forward, further
elaboration on DTN scenarios, requirements, architecture and key
enabling technologies should be promoted by the industry, so as to
accelerate the implementation and deployment of DTNs.
Zhou, et al. Expires August 26, 2021 [Page 11]
Internet-Draft Network Working Group February 2021
9. Open Issues
o Why distinguish data from model? Typically data repository can
store data models.
o Why is Digital Twin Network components separated from the
orchestration component? Should Digital Twin Network components
part of orchestration?
o Do we need to first show the interfaces between the physical
network and its twin and then focus on the twin part with the
various required components to build the twin image?
o Which component is responsible for checking for deviation of the
underlay network vs. the image?
o Is continuous verification an implicit reference to CI/CD
procedures where the DTN would be used to run non-regression tests
(for example) before deploying a major release? Please be more
specific
10. Security Considerations
This document describes concepts and definitions of Digital Twin
Network. As such, the below security considerations remain high
level, i.e. in the form of principles, guidelines or requirements.
Security in the Digital-Twin network can apply to the following
aspects:
o Secure the digital twin system itself.
o Data privacy protection
Securing the digital twin system aims at making the digital-twin
system operationally secure by implementing security mechanisms and
applying security best practices. In the context of digital-twin
Network, such mechanisms and practices may consist in data
verification and model validation; mapping operations between
physical network and digital counterpart network by authenticated and
authorized users only.
Synchronizing all the data between physical network and Network
digital twin entity may increase the risk of sensitive data and
information leakage. Strict control and security mechanisms such as
payload inspection can be provided to mitigate data privacy risk.
Zhou, et al. Expires August 26, 2021 [Page 12]
Internet-Draft Network Working Group February 2021
11. Acknowledgements
Diego Lopez and Antonio Pastor were partly supported by the European
Commission under Horizon 2020 grant agreement no. 833685 (SPIDER),
and grant agreement no. 871808 (INSPIRE-5Gplus).
12. IANA Considerations
This document has no requests to IANA.
13. References
13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
13.2. Informative References
[I-D.irtf-nmrg-ibn-concepts-definitions]
Clemm, A., Ciavaglia, L., Granville, L., and J. Tantsura,
"Intent-Based Networking - Concepts and Definitions",
draft-irtf-nmrg-ibn-concepts-definitions-02 (work in
progress), September 2020.
[Tao2019] Tao, F., Zhang, H., Liu, A., and A. Nee, "Digital Twin in
Industry: State-of-the-Art. IEEE Transactions on
Industrial Informatics, vol. 15, no. 4.", April 2019.
Appendix A. Change Logs
v02 - v03
o Split interaction with IBN part as a separate section.
o Fill security section;
o Clarify the motivation in the introduction section;
o Use new boilerplate for requirements language section;
o Key elements definition update.
Zhou, et al. Expires August 26, 2021 [Page 13]
Internet-Draft Network Working Group February 2021
o Other editorial changes.
o Add open issues section.
o Add section on application scenarios.
Authors' Addresses
Cheng Zhou
China Mobile
Beijing 100053
China
Email: zhouchengyjy@chinamobile.com
Hongwei Yang
China Mobile
Beijing 100053
China
Email: yanghongwei@chinamobile.com
Xiaodong Duan
China Mobile
Beijing 100053
China
Email: duanxiaodong@chinamobile.com
Diego Lopez
Telefonica I+D
Seville
Spain
Email: diego.r.lopez@telefonica.com
Antonio Pastor
Telefonica I+D
Madrid
Spain
Email: antonio.pastorperales@telefonica.com
Zhou, et al. Expires August 26, 2021 [Page 14]
Internet-Draft Network Working Group February 2021
Qin Wu
Huawei
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: bill.wu@huawei.com
Mohamed Boucadair
Orange
Rennes 35000
France
Email: mohamed.boucadair@orange.com
Christian Jacquenet
Orange
Rennes 35000
France
Email: christian.jacquenet@orange.com
Zhou, et al. Expires August 26, 2021 [Page 15]