Secure zero-touch P4 device onboarding and exposure via resource orchestration APIs – ETSI SDG Demo

What happened in this webinar? 

A consortium of partners from the ACROSS and P2CODE projects appeared in this event with a proof-of-concept demonstration that showcases how an open orchestration platform performs device onboarding and device observability (via a telemetry service) through standardized APIs, focusing on two key aspects: (i) security through continuous device attestation to ensure that the onboarded devices are not compromised by any means and (ii) automation of the device onboarding and observability processes for applying these operations at scale, effectively targeting real systems. 

The event started with an introduction on (i) why device onboarding is crucial to be done via standardized APIs to ensure board adoption, (ii) why it is equally important to be ultra-secure to prevent malicious device behaviors in production environments, and (iii) why automation plays an important role in both operations so as to become realistic for large scale systems. Then, the presenter emphasized the objective of this PoC and highlighted why it is important for ETSI and its Software Development Groups (SDGs). The presenter aligned this PoC with 2 ETSI SDGs (OpenSlice and TeraFlowSDN), but also other open systems and consortia, such as Keylime, P4, ONF’s SD-Fabric, and ONF’s Stratum. 

Next, the presenter demonstrated the three parts of the PoC workflow, including (i) the initial system state of the key components before the PoC execution (part #1), (ii) the secure device onboarding process (part #2), and (iii) the telemetry and connectivity service provisioning process (part #3). An emphasis was given on the setup of the PoC, highlighting the ETSI components (OpenSlice, TeraFlowSDN), the device attestation service, and the availability of a P4 switch as a target device placed between two different networks. Finally, the detailed steps of each part were presented, at the end of which a demonstration video was presented. 

What was proposed in this webinar? 

As an end solution, this PoC proposed two services designed at the level of OpenSlice, which acts as a domain orchestrator on top of a customer’s network split across an edge and a corporate domain. The first service is titled “Secure Zero-Touch 
P4 Onboarding” and bundles together a device attestation service which receives a request for attesting a P4 device and upon successful outcome triggers another service which onboards the device via the TeraFlowSDN controller and its P4 driver. Once the device is onboarded, then another service titled “Zero-Touch P4 Telemetry & Connectivity” service bundles together an In-band Network Telemetry (INT) service that configures the switch to activate INT reporting to the TeraFlowSDN controller along with L2 and L3 connectivity services that ensure connectivity between the edge and corporate domains connected with this switch. Both services are designed as service specifications based on TMF 633 Service Catalog Management API, demonstrating strict compliance with industry standards. 

What will be adopted/or what will be considered by ETSI? 

Two ETSI open-source platforms, namely ETSI OpenSlice (acting as a domain orchestrator) and ETSI TeraFlowSDN (acting as a transport network SDN controller) were employed to orchestrate the entire PoC. The PoC’s dataplane was based on Open Networking Foundation’s (ONF) open-source projects SD-Fabric and Stratum. 

These platforms demonstrated strict conformance to: 

1. TMForum APIs at the resource level via TMF 634, 652, and 639 APIs of ETSI OpenSlice, 

2. TMForum APIs at the service level via TMF 633, 641, and 638 APIs of ETSI OpenSlice, 

3. IETF network slice template of the ETSI TeraFlowSDN controller, and 

4. Open Network Foundation INT specification document v0.5 proposed by P4.org 

Moreover, the above ETSI SDGs were successfully integrated (for the first time) with a security service for device attestation based on Keylime (an open attestation platform), showing how security and trust services can be offered by an orchestration platform as-a-service. 

This PoC proves the dedication of ETSI Software Development Groups to developing open standards across multiple SDOs for delivering a holistic platform for 6G in the near future. 

PoC business value 

This PoC is of great business value for Telco operators as it is utterly important for them to develop secure mechanisms for onboarding large scale topologies of network devices through standardized – well-adopted by the industry – APIs in a fully-automated manner. Automating such time-consuming and repetitive tasks saves countless man hours, reduces errors stemming from human intervention, which in turn results in lower operational expenditures and more robust networks.