ETSI GS NFV-INF 005 V1.1.1 (2014-12)

GROUP SPECIFICATION
Network Functions Virtualisation (NFV);
Infrastructure;
Network Domain
Disclaimer
This document has been produced and approved by the Network Functions Virtualisation (NFV) ETSI Industry Specification
Group (ISG) and represents the views of those members who participated in this ISG.
It does not necessarily represent the views of the entire ETSI membership.

2 ETSI GS NFV-INF 005 V1.1.1 (2014-12)

Reference
DGS/NFV-INF005
Keywords
network, NFV
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2014.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 9
4 Domain Overview . 11
5 External Interfaces of the Domain . 15
5.1 [Vn-Nf]/N . 15
5.1.1 Nature of the Interface . 15
5.1.1.1 [Vn-Nf]/N/L2 Service . 16
5.1.1.1.1 [Vn-Nf]/N/L2 Service Definition . 17
5.1.1.1.2 [Vn-Nf]/N/L2 VPN Service . 17
5.1.1.1.3 [Vn-Nf]/N/L2 OAM Protocols . 18
5.1.1.2 [Vn-Nf]/N/L3 Service . 18
5.1.1.2.1 [Vn-Nf]/N/L3 VPN Service . 18
5.1.1.2.2 [Vn-Nf]/N/L3 Infrastructure based virtual networks Service . 18
5.1.1.2.3 [Vn-Nf]/N/L3 OAM Protocols . 19
5.1.2 Specifications in Current Widespread Use . 19
5.1.2.1 MEF Specifications for L2 services . 19
5.1.2.2 IETF Specifications for L3 services . 19
5.2 [NF-Vi]/N . 19
5.2.1 Nature of the Interface . 19
5.3 Ex-Nf . 21
5.3.1 Ex-Nd . 21
5.3.1.1 Nature of the Interface . 21
5.3.1.2 Specifications in Current Widespread Use . 24
5.3.2 Nd-Nd . 26
5.3.2.1 Nature of the Interface . 26
5.3.2.2 Specifications in Current Widespread Use . 26
6 Functional Blocks within the Domain . 26
6.1 Virtual Networks . 26
6.1.1 Infrastructure based Virtual Networks . 26
6.1.2 Layered Virtual Networks . 27
6.2 Virtualisation Layer Options . 27
6.2.1 Virtual O verla ys . 27
6.2.2 Virtual Partitioning . 28
6.2.3 Abstract Layering Model . 28
6.2.4 Examples . 29
6.3 Network Resources. 31
6.4 Control & Admin Agents . 32
6.4.1 Control plane . 32
6.4.1.1 Control Plane Functions . 32
6.4.1.1.1 Topology and device Detection . 32
6.4.1.1.2 Virtual partitioning . 32
6.4.1.1.3 Traffic Isolation . 32
6.4.1.1.4 Reachability . 33
6.4.1.1.5 Traffic Engineering/Path Computation . 33
ETSI
4 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
6.4.1.1.6 Flow Management . 33
6.4.1.1.7 Failure detection . 33
6.4.1.1.8 Convergence . 33
6.4.1.1.9 Quality of Service . 34
6.4.1.1.10 Policy . 34
6.4.1.2 Control Plane Approaches . 34
6.4.2 North-South OAM Interface . 34
6.4.3 East-West OAM Interface . 35
6.4.3.1 OAM and the Abstract layering model . 35
6.4.3.2 Layer 2 OAM Protocols . 36
6.4.3.3 Layer 3 OAM Protocols . 36
6.4.3.4 Layer 3 OAM Protocols . 36
7 Interfaces within the Domain . 36
7.1 [Vl-Ha]/Nr . 36
7.1.1 Layer 2 overlay model . 37
7.1.2 Layer 3 models . 38
7.1.3 Specifications in Current Widespread Use . 40
7.1.3.1 Encapsulation Specifications. 40
7.2 Ha/CSr -Ha/Nr . 40
7.2.1 Interface to the NIC . 40
7.2.1.1 Nature of the Interface . 40
8 Modularity and Scalability . 40
8.1 Interworking Strategies . 40
8.1.1 Interworking Using a Gateway . 42
8.1.2 Interworking Using Multi-Protocol Tunnel Terminations . 42
8.1.3 Interworking in the VNFCI . 42
8.2 Operations, Administration and Management Interworking . 43
8.3 Control Plane Interworking . 43
8.4 Data Plane Interworking . 43
9 Features of the Domain Affecting Management and Orchestration . 44
10 Features of the Domain Affecting Performance . 44
10.1 Dynamic Optimization of Packet Flow Routing . 44
11 Features of the Domain Affecting Reliability . 47
12 Features of the Domain Affecting Security . 47
12.1 Threats for Virtual Partitions (VLANs, L2VPN, etc.) . 48
12.2 Threats for Virtual Overlays (VxLAN, NVGRE) . 48
12.3 Threats for Combined Partition/Overlay (PBB, SPBM) . 49
12.4 Security Model for L3 Infrastructure-based Networks . 50
12.4.1 Security Mechanisms in an L3 Infrastructure-based Network . 50
12.4.2 Threat Model in an L3 Infrastructure-based Network . 50
12.5 Security Model for L3 VPN-based Networks . 51
Annex A (informative): Authors & contributors . 52
History . 53

ETSI
5 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://ipr.etsi.org).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Network Functions
Virtualisation (NFV).
Infrastructure Architecture Document Document #
Overview GS NFV INF 001
Illustrative Use Cases for the NFV Infrastructure GS NFV INF 002
Architecture of the Infrastructure Compute Domain GS NFV INF 003
Domains Hypervisor Domain GS NFV INF 004
Infrastructure Network Domain GS NFV INF 005
Architectural Methodology Interfaces and Abstraction GS NFV INF 007
Service Quality Metrics GS NFV INF 010

Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "may not", "need", "need not", "will",
"will not", "can" and "cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms
for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
6 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
1 Scope
The present document presents an architectural description of the Infrastructure Network domain of the infrastructure
which supports virtualised network functions. It sets out the scope of the infrastructure domain acknowledging the
potential for overlap between infrastructure domains, and between the infrastructure and the virtualised network
functions. Its also sets out the nature of interfaces needed between infrastructure domains and within the infrastructure
network domain.
The present document does not provide any detailed specification but makes reference to specifications developed by
other bodies and to potential specifications, which, in the opinion of the NFV ISG could be usefully developed by an
appropriate standards developing organisation (SDO).
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI GS NFV 003 (V1.1.1): "Network Functions Virtualisation (NFV); Terminology for Main
Concepts in NFV".
[2] ETSI GS NFV 002 (V1.1.1): "Network Functions Virtualisation (NFV); Architectural
Framework".
[3] ETSI GS NFV 001 (V1.1.1): "Network Functions Virtualisation (NFV); Use Cases".
[4] ETSI GS NFV-MAN 001 (V1.1.1): "Network Functions Virtualisation (NFV); Management and
Orchestration".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI GS NFV-INF 001 (V1.1.1): "Network Functions Virtualisation (NFV); Infrastructure
Overview".
[i.2] ETSI GS NFV-INF 003 (V1.1.1): "Network Functions Virtualisation (NFV); Infrastructure;
Compute Domain".
[i.3] ETSI GS NFV-INF 004 (V1.1.1): "Network Functions Virtualisation (NFV); Infrastructure;
Hypervisor Domain".
ETSI
7 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
TM
[i.4] IEEE Std 802.1Q (2012): "IEEE Standard for Local and metropolitan area networks -- Media
Access Control (MAC) Bridges and Virtual Bridges".
[i.5] MEF 6.1 (2008-04): "MEF Technical Specification; MEF 6.1; Ethernet Services Definitions -
Phase 2".
[i.6] draft-davie-stt-04 (work in progress): "A Stateless Transport Tunneling Protocol for Network
Virtualization (STT)".
[i.7] draft-mahalingam-dutt-dcops-vxlan-06 (work in progress and experimental): "VXLAN: A
Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks".
[i.8] draft-sridharan-virtualization-nvgre-03 (work in progress): "NVGRE: Network Virtualization
using Generic Routing Encapsulation".
[i.9] IETF RFC 2784 (2000-03): "Generic Routing Encapsulation (GRE)".
[i.10] IETF RFC 1702 (1994-10): "Generic Routing Encapsulation over IPv4 networks".
[i.11] IETF RFC 3985 (2005-03): "Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture".
[i.12] IETF RFC 4448 (2006-04): "Encapsulation Methods for Transport of Ethernet over MPLS
Networks".
[i.13] IETF RFC 4761 (2007-01): "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery
and Signaling".
[i.14] IETF RFC 4762 (2007-01): "Virtual Private LAN Service (VPLS) Using Label Distribution
Protocol (LDP) Signaling".
TM
[i.15] IEEE Std 802.3 (2012): "Ethernet working group".
[i.16] IETF RFC 4364 (2006-02): "BGP/MPLS IP Virtual Private Networks (VPNs)".
[i.17] IETF RFC 2661 (1999-08): "Layer Two Tunneling Protocol "L2TP"".
[i.18] IETF RFC 6439 (2011-11): "Routing Bridges (RBridges): Appointed Forwarders".
TM
[i.19] IEEE Std 802.1Qbp (2013): "IEEE Standard for Local and metropolitan area networks - Media
Access Control (MAC) Bridges and Virtual Bridged Local Area Networks - Amendment: Equal
Cost Multiple Paths (ECMP)".
TM
[i.20] IEEE Std 802.1AX (2014): "IEEE Standard for Local and metropolitan area networks -- Link
Aggregation".
[i.21] IETF RFC 6325 (2011-07): "Routing Bridges (RBridges): Base Protocol Specification".
[i.22] IETF RFC 6327 (2011-07): "Routing Bridges (RBridges): Adjacency".
TM
[i.23] IEEE Std 802.1ag (2007): "IEEE Standard for Local and Metropolitan Area Networks Virtual
Bridged Local Area Networks Amendment 5: Connectivity Fault Management".
TM
[i.24] IEEE Std 802.1AB (2009): "IEEE Standard for Local and Metropolitan Area Networks --
Station and Media Access Control Connectivity Discovery".
TM
[i.25] IEEE Std 802.1Qbg (2012): "IEEE Standard for Local and metropolitan area networks -- Media
Access Control (MAC) Bridges and Virtual Bridged Local Area Networks -- Amendment 21:
Edge Virtual Bridging".
TM
[i.26] IEEE Std 802.1Qbb (2011): "IEEE Standard for Local and metropolitan area networks -- Media
Access Control (MAC) Bridges and Virtual Bridged Local Area Networks -- Amendment 17:
Priority-based Flow Control".
TM
[i.27] IEEE Std 802.1Qaz (2011): "IEEE Standard for Local and metropolitan area networks -- Media
Access Control (MAC) Bridges and Virtual Bridged Local Area Networks -- Amendment 18:
Enhanced Transmission Selection for Bandwidth Sharing Between Traffic Classes".
ETSI
8 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
TM
[i.28] IEEE Std 802.1AX (2008): "IEEE Standard for Local and metropolitan area networks -- Link
Aggregation".
TM
[i.29] IEEE Std 802.1AS (2011): "IEEE Standard for Local and Metropolitan Area Networks - Timing
and Synchronization for Time-Sensitive Applications in Bridged Local Area Networks".
TM
[i.30] IEEE Std 802.1Qau (2010): "IEEE Standard for Local and Metropolitan Area Networks --
Virtual Bridged Local Area Networks -- Amendment 13: Congestion Notification".
[i.31] IETF STD 62 (2002): "STD 62 (RFC 3417) Transport Mappings for the Simple Network
Management Protocol (SNMP)"; "STD 62 (RFC 3416) Version 2 of the Protocol Operations for
the Simple Network Management Protocol (SNMP)"; "STD 62 (RFC 3415) View-based Access
Control Model (VACM) for the Simple Network Management Protocol (SNMP)"; "STD 62 (RFC
3414) User-based Security Model (USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)"; "STD 62 (RFC 3413) Simple Network Management Protocol (SNMP)
Applications"; "STD 62 (RFC 3412) Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)"; "STD 62 (RFC3411) An Architecture for Describing Simple
Network Management Protocol (SNMP) Management Frameworks".
[i.32] IETF RFC 6241 (2011-06): "Network Configuration Protocol (NETCONF)".
[i.33] IETF RFC 3954 (2004-10): "Cisco Systems NetFlow Services Export Version 9".
[i.34] MEF 17 (2007-04): "MEF Technical Specification; MEF 17; Service OAM Requirements &
Framework - Phase 1".
[i.35] MEF 30.1 (2013-04): "MEF Technical Specification; MEF 30.1; Service OAM Fault Management
Implementation Agreement: Phase 2".
[i.36] MEF.35 (2012-04): "MEF Technical Specification; MEF 35; Service OAM Performance
Monitoring Implementation Agreement".
TM
[i.37] IEEE Std 802.1BR (2012): "IEEE Standard for Local and metropolitan area networks -- Virtual
Bridged Local Area Networks--Bridge Port Extension".
[i.38] draft-ietf-nvo3-security-requirements-02: "Security Requirements of NVO3".
[i.39] IETF RFC 4031 (2005-04): "Service Requirements for Layer 3 Provider Provisioned Virtual
Private Networks (PPVPNs)".
[i.40] IETF RFC 4110 (2005-07): "A Framework for Layer 3 Provider-Provisioned Virtual Private
Networks (PPVPNs)".
[i.41] IETF RFC 4271 (2006-01): "A Border Gateway Protocol 4 (BGP-4)".
[i.42] IETF RFC 4760 (2007-01): "Multiprotocol Extensions for BGP-4".
[i.43] draft-ietf-l3vpn-end-system-02 (work in progress): "End-system support for BGP-signaled
IP/VPNs".
[i.44] IETF RFC 4664 (2006-09): "Framework for Layer 2 Virtual Private Networks (L2VPNs)".
[i.45] IETF RFC 4665 (2006-09): "Service Requirements for Layer 2 Provider-Provisioned Virtual
Private Networks".
[i.46] draft-ietf-l2vpn-evpn-req-06 (work in progress): "Requirements for Ethernet VPN (EVPN)".
[i.47] draft-ietf-opsawg-oam-overview-16 (work in progress): "An Overview of Operations,
Administration, and Maintenance (OAM) Tools".
[i.48] ETSI GS NFV-SWA 001 (V1.1.1): "Network Functions Virtualisation (NFV); Virtual Network
Function Architecture".
[i.49] IETF RFC 4655 (2006-08): "A Path Computation Element (PCE)-Based Architecture".
ETSI
9 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
[i.50] ETSI GS NFV-PER 001 (V1.1.1): "Network Functions Virtualisation (NFV); NFV Performance &
Portability Best Practises".
[i.51] ETSI GS NFV-REL 001 (V1.1.1): "Network Functions Virtualisation (NFV); Resiliency
Requirements".
[i.52] IETF RFC 792 (1981-09): "Internet Control Message Protocol".
[i.53] IETF RFC 4443 (2006-03): "Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification".
[i.54] IETF RFC 2151 (1997-06): "A Primer On Internet and TCP/IP Tools and Utilities".
[i.55] IETF RFC 5880 (2010-06): "Bidirectional Forwarding Detection (BFD)".
[i.56] IETF RFC 5881 (2010-06): "Bidirectional Forwarding Detection (BFD)for IPv4 and IPv6 (Single
Hop)".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
policy group: grouping of nodes (VNFCI(s), external entities, infrastructure components, etc.) in an NFV environment
that share a common policy
NOTE: That policy is usually, but not limited to, a security or traffic isolation model. Other possible uses of a
policy group could include common traffic forwarding class, policy based routing, etc.
security group: security group is a subset of Policy Groups that are only concerned with traffic isolation
NOTE: An example of a traffic isolation policy group might be that all the VNFCI(s) deployed to provide a
load-balancing function as part of some service function can receive TCP traffic from any external source
addressed to port 80 or port 443, and can communicate with other VNFCI(s) deployed as part of the same
service using TCP addressed to port 80 or port 443, and ICMP PING protocols.
virtual network: See ETSI GS NFV-INF 001 [i.1].
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AMI Advanced Metering Infrastructure
API Application Programming Interface
ARP/ND Address Resolution Protocol/ Neighbor Discovery
BEB Backbone Edge Bridge
BFD Bidirectional Forwarding Detection
BGP Border Gateway Protocol
BSS Business Support System
CD Compute Domain
CFM Connectivity Fault Management
CIR Committed Information Rate
CPU Central Processing Unit
C-VID Customer VLAN Identifier
DHCP Dynamic Host Configuration Protocol
D-LAG Distributed Link Aggregation
E-BGP External Border Gateway Protocol
ECMP Equal-Cost Multi-Path
EIR Excess Information Rate
ETSI
10 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
EVPN Ethernet Virtual Private Network
FIB Forwarding Information Base
ForCES Forwarding and Control Element Separation
GRE Generic Routing Encapsulation
HD Hypervisor Domain
HTTP Hypertext Transfer Protocol
HW Hardware
I-BGP Internal Border Gateway Protocol
ICMP Internet Control Message Protocol
ID Identifier
IETF Internet Engineering Task Force (http://www.ietf.org/)
IG Interworking Gateway
IND Infrastructure Network Domain
IP Internet Protocol
IPFIX Internet Protocol Flow Information Export
IS-IS Intermediate System to Intermediate System
LAG Link Aggregation Group
LAN Local Area Network
LDP Label Distribution Protocol
LLDP Link Layer Discovery Protocol
MAC Media Access Control
MANO Management and Orchestration
MEF Metro Ethernet Forum (http://metroethernetforum.org/)
MEP Maintenance association End Point
MIB Management Information Base
MIP Maintenance domain Intermediate Point
MP-BGP Multiprotocol Border Gateway Protocol
MPLS Multi-Protocol Label Switching
MSTP Multiple Spanning Tree Protocol [i.4]
NAT Network Address Translation
NF Network Function [1]
NFCI Network Function Component Instance
NFV Network Functions Virtualisation
NFVI Network Functions Virtualisation Infrastructure [1]
NFVI-PoP Network Functions Virtualisation Infrastructure Point of Presence [i.1]
NFVO Network Functions Virtualisation Orchestrator
NI Network Intensive
NIC Network Interface Card
N-PoP Network Point of Presence [1]
NVE Network Virtualisation Edge
NVGRE Network Virtualisation using Generic Routing Encpasulation
OA&M Operations, Administration and Maintenance
OAM Operations, Administration and Maintenance
ONF Open Networking Foundation (https://www.opennetworking.org/)
OS Operating System
OSPF Open Shortest Path First
OSS Operations Support System
OTN Optical Transport Network
PBB Provider Backbone Bridge
PBB-TE Provider Backbone Bridge Traffic Engineering
PCE Path Computation Element
PE Provider Edge
PNF Physical Network Function [1]
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
QoS Quality of Service
RFC Request for Comments
ROCE Remote Direct Memory Access (RDMA) over Converged Ethernet
RSTP Rapid Spanning Tree Protocol
RSVP Resource Reservation Protocol
SDH Synchronous Digital Hierarchy
SDL Software Development Lifecycle
ETSI
11 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
SDN Software-Defined Networking
SDO Standards Development Organization
SID Service Instance Identifier
SLA Service Level Agreement [1]
SNMP Simple Network Management Protocol
SPB Shortest Path Bridging
SPBM SPB-MAC
SPBV SPB-VID
STP Spanning Tree Protocol
STT Stateless Transport Tunneling
S-VID Service VLAN Identifer
TCP Transmission Control Protocol
TE Traffic Engineering
TEP Tunnel End Point
TOR Top Of Rack
TORS Top-Of-Rack Switch
TRILL Transparent Interconnection of Lots of Links (http://datatracker.ietf.org/wg/trill/)
UDP Stateless Transport Tunneling
UNI User Network Interface
VDP Virtual Station Interface (VSI) Discovery and Configuration Protocol
VEB Virtual Ethernet Bridging
VEPA Virtual Ethernet Port Aggregator
VID VLAN Identifier
VIM Virtualisation Infrastructure Manager
VLAN Virtual LAN
VM Virtual Machine [1]
VN Virtual Network
VNF Virtualised Network Function [1]
VNFC Virtual Network Function Component [i.1]
VNFCI Virtual Network Function Component Instance
VNI VxLAN Network Identifier
VNIC Virtual Network Interface Card
VNID Virtual Network Interface Device
VNP Virtual Network Protocol
VPLS Virtual Private LAN Service
VPN Virtual Private Network
VPRN Virtual Private Routed Network
VRF Virtual Routing and Forwarding
VSID Virtual Subnet Identifier
VTN Virtual Tenant Network
VXLAN Virtual eXtensible LAN
WAN Wide Area Network
WIM WAN Infrastructure Manager
XML Extensible Markup Language
4 Domain Overview
Figure 1 illustrates the four domains described in [i.1], their relationship with each other and their relationship to other
domains outside the infrastructure. The figure also sets out the primary interfaces.
ETSI
12 ETSI GS NFV-INF 005 V1.1.1 (2014-12)

Figure 1: General Domain Architecture and Associated Interfaces
Figure 2 [i.1] gives a high level overview of the three domains within the NFVI and shows how the domains realise the
primary interfaces of the NFV overall architectural framework.

Figure 2: High Level Overview of the NFVI Domains and Interfaces
ETSI
13 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
The general domain architecture of figure 2 is reduced to a reference point architecture (figure 3) showing only the
Network Domain and aligning these reference points with the NFV E2E Architecture (ETSI GS NFV 002 [2]). The
Network Domain reference architecture has five reference points catalogued in table 1.

Figure 3: Network Domain Reference Point Architecture
The inter-domain and intra-domain interfaces are summarized in table 1. The inter-domain interfaces are described in
more detail in clause 5. The functional blocks consist of the virtual networks, the virtualisation layer resource routing
and sharing control, the network resources and the control & admin agents. They are described in clause 6. The
interfaces internal to the domain are described in more detail in clause 7.
Table 1: Catalogue of Inter-domain Interfaces related to the Infrastructure Network Domain
Reference Point Description
[Vn-Nf]/N This reference point is the virtual network (VN) container interface carrying
communication between VNFC instances. Note that a single VN can support
communication between more than a single pairing of VNFC instances (eg an E-LAN
VN).
It is the reference point over which the services of the network domain are delivered.
These services may be either IP forwarding services or Ethernet private line/LAN/TREE
services provided by the infrastructure. The reference point is providing services at two
layers: IP forwarding services across the [Vn-Nf]/N/L3 reference point and Ethernet
services, e.g. E-LINE, E-LAN, E-TREE, across the [Vn-Nf]/N/L2 reference point.
[Nf-Vi]/N This is the reference point between the management and orchestration agents in the
infrastructure network domain and the management and orchestration functions in the
virtual infrastructure management (VIM). It is the part of the Nf-Vi interface relevant to
the infrastructure network domain.
[Vl-Ha]/Nr The reference point between the virtualisation layer and the network resources.
Ex-Nd The reference point between the infrastructure network domain and external networks.
Nd-Nd The reference point between NFVI-PoPs used to extend the virtualisation layer of a
single Network Operator's NFVI over multiple geographically separated sites.
Ha/Csr-Ha/Nr This is the reference point between the infrastructure network domain and the
servers/storage of the compute domain.

ETSI
14 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
Table 2 describes various aspects of the infrastructure network and related requirements that it needs to address.
Table 2: Infrastructure Network Requirements
Generic Aspects Requirements
Address Space and For layer 2 services, the infrastructure network shall provide traffic and address space
Traffic Isolation isolation (see note) between virtual networks. It shall support a large number of virtual
networks (some VNFs may require their own virtual network(s)).
For layer 3 services, the infrastructure network shall provide traffic isolation between virtual
networks. Some use cases require address isolation, and if this requirement maps to isolation
of the infrastructure IP address space, then the infrastructure shall support address space
isolation.
This may be achieved using various techniques:
• An encapsulation method to provide overlay networks (L2 or L3 service).
• The use of forwarding table partitioning mechanisms (L2 service).
• By applying policy control within the infrastructure network (L3 service).
The technique shall provide sufficient information for unambiguous mapping of given packet to
its associated virtual network. The technique shall support IP traffic and may support multiple
L3 protocols. The technique can be applied by the server (vSwitch or vRouter) or external
switch/router (tier 1, tier 2 or tier 3). Where encapsulation is employed and there is a
requirement for separate service and infrastructure addresses, there shall be a mechanism to
resolve service addresses to infrastructure addresses.
Address management The virtual network(s) shall ensure address uniqueness within a given virtual network. The
solution shall be able to translate between overlapping address spaces and/or public/private
addresses.
Scalability The infrastructure network shall be able to support a large number of servers each running
many VMs. The infrastructure network may span multiple N-PoPs.
Flexibility The infrastructure network shall be able to support live VM migration within a data center. It
should also aim to support live VM migration between data centers.
Reliability and The infrastructure network should provide the ability to request different service levels with
Availability measurable reliability and availability metrics, e.g. percentage of time the network is available.
The infrastructure network shall provide a set of OAM processes to verify reliability, availability
and integrity of the infrastructure network layer. The infrastructure network should provide
mechanisms to mitigate congestive loss of data frames for applications that require it, for
example: FCoE, ROCE, etc.
Network Utilization The infrastructure network should be able to utilize breadth of connectivity where it exists to
maximize network utilization. It should also support multicast/broadcast VNF traffic efficiently .
Tradeoffs between performance, network resource utilization and other resources utilization is
expected. For example, shutting down network resources to reduce power utilization may
increase latency between VNFs.
Performance Requirements vary greatly based on the network functions performance requirements. The
network should allow the infrastructure connectivity services to specify the following
performance related parameters:
• Maximum overhead (bits required for the network virtualisation technique, per packet or
percentage of traffic).
• Maximum delay.
• Maximum delay variation.
• Throughput (CIR, CIR+EIR and packets per second).
• Maximum packet loss allowable.
Security The infrastructure network for NFV should consider both internal and external threats that
could compromise the security of the infrastructure.
Internal threats are usually from authorized internal personnel who may misbehave to cause
damage to the infrastructure. Internal threats should be addressed by rigorous operational
procedures.
External threats are from outsiders who may gain access to the infrastructure, e.g. by
exploiting design and/or implementation vulnerabilities. Once gaining access, an adversary
could further escalate its privileges and install backdoor software to maintain long-term control.
To address external threats, security should be considered during the whole development
process, e.g. by following a Software Development Lifecycle (SDL) process. In addition,
infrastructure devices might need to go through a security certification process (e.g. Common
Criteria) to gain assurance of their security levels.
NOTE: Traffic isolation refers to privacy and non-leakage. QoS is for further study.

ETSI
15 ETSI GS NFV-INF 005 V1.1.1 (2014-12)
5 External Interfaces of the Domain
5.1 [Vn-Nf]/N
5.1.1 Nature of the Interface
The Vn-Nf/N interfaces shall provide transparent network services to VNFs. This interface is used to interconnect the
following:
• VNFCIs to other VNFCIs within within the same or another VNF.
• VNFCIs to storage.
• VNFs to PNFs and external endpoints.
VNFs use the network services provided by the Vn-Nf/N interface to participate in the VNF Forwarding Graphs as
defined in ETSI GS NFV 002 [2]. The Vn-Nf/N interface provides the container interface that provides access to the
network services.
Transparent infrastructure network connectivity services present VNFs with a virtual network exhibiting the same
properties as a physical network implementing the same connectivity service. The services are transparent in the sense
that VNFs are unaware of how the services are provided.
The virtual network(s) may form a discrete subset of the NFVI, or it may be comprised of one or more overlay networks
that exist on top of the actual NFV infrastructure.
The VNFCI to VNFCI and VNFCI to storage connectivity services may be provided using a virtual network that
implements one of the services described in the following sub-clauses. A VNF may require one or more virtual
networks to interconnect the various VNFCIs.
NOTE: The provision of connectivity between a VNF and a PNF or an endpoint requires the use of the Ex-Nd
interface described in clause 5.3.1. The provision of connectivity between VNFs
...