ARMWARE RFC Archive <- RFC Index (8901..9000)

RFC 8921




Independent Submission                                 M. Boucadair, Ed.
Request for Comments: 8921                                  C. Jacquenet
Category: Informational                                           Orange
ISSN: 2070-1721                                                 D. Zhang
                                                     Huawei Technologies
                                                           P. Georgatsos
                                                                   CERTH
                                                            October 2020

 Dynamic Service Negotiation: The Connectivity Provisioning Negotiation
                            Protocol (CPNP)

Abstract

   This document defines the Connectivity Provisioning Negotiation
   Protocol (CPNP), which is designed to facilitate the dynamic
   negotiation of service parameters.

   CPNP is a generic protocol that can be used for various negotiation
   purposes that include (but are not necessarily limited to)
   connectivity provisioning services, storage facilities, Content
   Delivery Networks, etc.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not candidates for any level of Internet Standard;
   see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8921.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction
   2.  Terminology
   3.  CPNP Functional Elements
   4.  Order Processing Models
   5.  Sample Use Cases
   6.  CPNP Deployment Models
   7.  CPNP Negotiation Model
   8.  Protocol Overview
     8.1.  Client/Server Communication
     8.2.  Policy Configuration on the CPNP Server
     8.3.  CPNP Session Entries
     8.4.  CPNP Transactions
     8.5.  CPNP Timers
     8.6.  CPNP Operations
     8.7.  Connectivity Provisioning Documents
     8.8.  Child PQOs
     8.9.  Multi-Segment Service
     8.10. Negotiating with Multiple CPNP Servers
     8.11. State Management
       8.11.1.  On the Client Side
       8.11.2.  On the Server Side
   9.  CPNP Objects
     9.1.  Attributes
       9.1.1.  CUSTOMER_ORDER_IDENTIFIER
       9.1.2.  PROVIDER_ORDER_IDENTIFIER
       9.1.3.  TRANSACTION_ID
       9.1.4.  SEQUENCE_NUMBER
       9.1.5.  NONCE
       9.1.6.  EXPECTED_RESPONSE_TIME
       9.1.7.  EXPECTED_OFFER_TIME
       9.1.8.  VALIDITY_OFFER_TIME
       9.1.9.  SERVICE_DESCRIPTION
       9.1.10. CPNP Information Elements
     9.2.  Operation Messages
       9.2.1.  QUOTATION
       9.2.2.  PROCESSING
       9.2.3.  OFFER
       9.2.4.  ACCEPT
       9.2.5.  DECLINE
       9.2.6.  ACK
       9.2.7.  CANCEL
       9.2.8.  WITHDRAW
       9.2.9.  UPDATE
       9.2.10. FAIL
       9.2.11. ACTIVATE
   10. CPNP Message Validation
     10.1.  On the Client Side
     10.2.  On the Server Side
   11. Theory of Operation
     11.1.  Client Behavior
       11.1.1.  Order Negotiation Cycle
       11.1.2.  Order Withdrawal Cycle
       11.1.3.  Order Update Cycle
     11.2.  Server Behavior
       11.2.1.  Order Processing
       11.2.2.  Order Withdrawal
       11.2.3.  Order Update
     11.3.  Sequence Numbers
     11.4.  Message Retransmission
   12. Some Operational Guidelines
     12.1.  CPNP Server Logging
     12.2.  Business Guidelines and Objectives
   13. Security Considerations
   14. IANA Considerations
   15. References
     15.1.  Normative References
     15.2.  Informative References
   Acknowledgements
   Authors' Addresses

1.  Introduction

   This document defines the Connectivity Provisioning Negotiation
   Protocol (CPNP) that is meant to dynamically exchange and negotiate
   connectivity provisioning parameters and other service-specific
   parameters between a Customer and a Provider.  CPNP is a tool that
   introduces automation to the service negotiation and activation
   procedures, thus fostering the overall service provisioning process.
   CPNP can be seen as a component of the dynamic negotiation metadomain
   described in Section 2.4 of [RFC7149].

   CPNP is a generic protocol that can be used for negotiation purposes
   other than connectivity provisioning.  For example, CPNP can be used
   to request extra storage resources, to extend the footprint of a
   Content Delivery Network (CDN), to enable additional features from a
   cloud Provider, etc.  CPNP can be extended with new Information
   Elements (IEs).  Sample negotiation use cases are described in
   Section 5.  Section 4 introduces several order processing models and
   defines those that are targeted by CPNP.  The CPNP negotiation model
   is then detailed in Section 7.

   [RFC7297] describes a Connectivity Provisioning Profile (CPP)
   template to capture connectivity requirements to be met by a
   transport infrastructure for the delivery of various services such as
   Voice over IP (VoIP), IPTV, and Virtual Private Network (VPN)
   services [RFC4026].  The CPP document defines the set of IP transfer
   parameters that reflect the guarantees that can be provided by the
   underlying transport network together with reachability scope and
   capacity needs.  CPNP uses the CPP template to encode connectivity
   provisioning clauses that are subject to negotiation.  The accepted
   CPP will then be passed to other functional elements that are
   responsible for the actual service activation and provisioning.  For
   example, Network Configuration Protocol (NETCONF) [RFC6241] or
   RESTCONF [RFC8040] can be used to activate adequate network features
   that are required to deliver the accepted service.  How the outcome
   of CPNP negotiation is translated into service and network
   provisioning actions is out of scope of this document.

   As a reminder, several proposals have been made in the past by the
   (research) community (e.g., Common Open Policy Service protocol for
   supporting Service Level Specification [COPS-SLS], Service
   Negotiation Protocol [SrNP], Dynamic Service Negotiation Protocol
   [DSNP], Resource Negotiation and Pricing Protocol [RNAP], Service
   Negotiation and Acquisition Protocol [SNAP]).  CPNP leverages the
   authors' experience with SrNP by separating the negotiation
   primitives from the service under negotiation.  Moreover, careful
   examination of the other proposals revealed certain deficiencies that
   were easier to address through the creation of a new protocol rather
   than the modification of existing protocols.  For example:

   *  COPS-SLS relies upon the COPS usage for policy provisioning (COPS-
      PR) [RFC3084], which is a Historic RFC.

   *  DSNP is tightly designed with one specific service in mind (QoS)
      and does not make any distinction between a quotation phase and
      the actual service-ordering phase.

   One of the primary motivations of this document is to provide a
   permanent reference to exemplify how service negotiation can be
   automated.

   Implementation details are out of scope.  An example of required
   modules and interfaces to implement this specification is sketched in
   Section 4 of [AGAVE].  This specification builds on that effort.

2.  Terminology

   This document makes use of the following terms:

   Customer:  Is a business role that denotes an entity that is involved
      in the definition and the possible negotiation of an order,
      including a Connectivity Provisioning Agreement, with a Provider.
      A connectivity provisioning document is captured in a dedicated
      CPP template-based document, which may specify (among other
      information) the sites to be connected, border nodes, outsourced
      operations (e.g., routing, traffic steering).

      The right to invoke the subscribed service may be delegated by the
      Customer to third-party end users or brokering services.

      A Customer can be a Service Provider, an application owner, an
      enterprise, a user, etc.

   Network Provider (or Provider):  Owns and administers one or many
      transport domain(s) (typically Autonomous Systems (ASes)) composed
      of (IP) switching and transmission resources (e.g., routing,
      switching, forwarding, etc.).  Network Providers are responsible
      for delivering and operating connectivity services (e.g., offering
      global or restricted reachability at specific rates).  Offered
      connectivity services may not necessarily be restricted to IP.

      The policies to be enforced by the connectivity service delivery
      components can be derived from the technology-specific clauses
      that might be included in agreements with the Customers.  If no
      such clauses are included in the agreement, the mapping between
      the connectivity requirements and the underlying technology-
      specific policies to be enforced is deployment specific.

   Quotation Order:  Denotes a request made by the Customer to the
      Provider that includes a set of requirements.  The Customer may
      express its service-specific requirements by assigning (strictly
      or loosely defined) values to the information items included in
      the commonly understood template (e.g., CPP template) describing
      the offered service.  These requirements constitute the parameters
      to be mutually agreed upon.

   Offer:  Refers to a response made by the Provider to a Customer's
      quotation order that describes the ability of the Provider to
      satisfy the order at the time of its receipt.  Offers reflect the
      capability of the Provider in accommodating received Customer
      orders beyond monolithic 'yes/no' answers.

      An offer may fully or partially meet the requirements of the
      corresponding order.  In the latter case, it may include
      alternative suggestions that the Customer may take into account by
      issuing a new order.

   Agreement:  Refers to an order placed by the Customer and accepted by
      the Provider.  It signals the successful conclusion of a
      negotiation cycle.

3.  CPNP Functional Elements

   The following functional elements are defined:

   CPNP client (or client):  Denotes a software instance that sends CPNP
      requests and receives CPNP responses.  The current operations that
      can be performed by a CPNP client are listed below:

      1.  Create a quotation order (Section 9.2.1).

      2.  Cancel an ongoing quotation order under negotiation
          (Section 9.2.7).

      3.  Accept an offer made by a server (Section 9.2.4).

      4.  Withdraw an agreement (Section 9.2.8).

      5.  Update an agreement (Section 9.2.9).

   CPNP server (or server):  Denotes a software instance that receives
      CPNP requests and sends back CPNP responses accordingly.  The CPNP
      server is responsible for the following operations:

      1.  Process a quotation order (Section 9.2.2).

      2.  Make an offer (Section 9.2.3).

      3.  Cancel an ongoing quotation order (Section 11.2.3).

      4.  Process an order withdrawal (Section 11.2.3).

4.  Order Processing Models

   For preparing their service orders, Customers may need to be aware of
   the offered services.  Therefore, Providers should first proceed with
   the announcement (or the exposure) of the services they can provide.
   The service announcement process may take place at designated global
   or Provider-specific service markets or through explicit interactions
   with the Providers.  The details of this process are outside the
   scope of this document.

   With or without such service announcement/exposure mechanisms in
   place, the following order processing models can be distinguished:

   Frozen model:
      The Customer cannot actually negotiate the parameters of the
      service(s) offered by a Provider.  After consulting the Provider's
      service portfolio, the Customer selects the service offer to which
      he or she wants to subscribe and places an order to the Provider.
      Order handling is quite simple on the Provider side because the
      service is not customized per Customer's requirements, but rather
      designed to address a Customer base that shares the same
      requirements (i.e., these Customers share the same Connectivity
      Provisioning Profile).  This mode can be implemented using
      existing tools such as [RFC8309].

   Negotiation-based model:
      Unlike the frozen model, the Customer documents his/her
      requirements in a request for a quotation, which is then sent to
      one or several Providers.  Solicited Providers check whether they
      can address these requirements or not, and get back to the
      Customer accordingly, possibly with an offer that may not exactly
      match the Customer's requirements (e.g., a 100 Mbps connection
      cannot be provisioned given the amount of available resources, but
      an 80 Mbps connection can be provided).  A negotiation between the
      Customer and the Provider(s) then follows until both parties reach
      an agreement (or do not).

   Both frozen and negotiation-based models require the existence of
   appropriate service templates like a CPP template and their
   instantiation for expressing specific offerings from Providers and
   service requirements from Customers, respectively.  CPNP can be used
   in either model for automating the required Customer-Provider
   interactions.  The frozen model can be seen as a special case of the
   negotiation-based model.  This document focuses on the negotiation-
   based model.  Not only 'yes/no' answers but also counterproposals may
   be offered by the Provider in response to Customer orders.

   Order processing management on the Network Provider's side usually
   solicits features supported by the following functional blocks:

   *  Network provisioning (including order activation, Network
      Planning, etc.)

   *  Authentication, authorization, and accounting (AAA)

   *  Network and service management (performance measurement and
      assessment, fault detection, etc.)

   *  Sales-related functional blocks (e.g., billing, invoice
      validation)

   *  Network impact analysis

   CPNP does not assume any specific knowledge about these functional
   blocks, drawing an explicit line between protocol operation and the
   logic for handling connectivity provisioning requests.  An order
   processing logic is typically fed with the information manipulated by
   the aforementioned functional blocks.  For example, the resources
   that can be allocated to accommodate the Customer's requirements may
   depend on network availability estimates as calculated by the
   planning functions and related policies, as well as the number of
   orders to be processed simultaneously over a given period of time.

   This document does not elaborate on how Customers are identified and
   subsequently managed by the Provider's information system.

5.  Sample Use Cases

   A non-exhaustive list of CPNP use cases is provided below:

   1.   [RFC4176] introduces the Layer 3 VPN (L3VPN) Service Order
        Management functional block, which is responsible for managing
        the requests initiated by the Customers and tracks the status of
        the completion of the related operations.  CPNP can be used
        between the Customer and the Provider to negotiate L3VPN service
        parameters.

        A CPNP server could therefore be part of the L3VPN Service Order
        Management functional block discussed in [RFC4176].  A L3VPN
        Service YANG data model (L3SM) is defined in [RFC8299].  Once an
        agreement is reached, the service can be provisioned using,
        e.g., the L3VPN Network YANG data model specified in
        [L3VPN-NETWORK-YANG].

        Likewise, a CPNP server could be part of the Layer 2 VPN (L2VPN)
        Service Order Management functional block.  A YANG data model
        for L2VPN service delivery is defined in [RFC8466].  Once an
        agreement is reached, the L2VPN service can be provisioned
        using, e.g., the L2VPN Network YANG data model specified in
        [L2VPN-NETWORK-YANG].

   2.   CPNP can be used between two adjacent domains to deliver IP
        interconnection services (e.g., enable, update, disconnect).
        For example, two Autonomous Systems (ASes) can be connected via
        several interconnection points.  CPNP can be used between these
        ASes to upgrade existing links, request additional resources,
        provision a new interconnection point, etc.

        See, for example, the framework documented in [ETICS].

   3.   An integrated Provider can use CPNP to rationalize connectivity
        provisioning needs related to its service portfolio.  A CPNP
        server function is used by network operations teams.  A CPNP
        interface to trigger CPNP negotiation cycles is exposed to
        service management teams.

   4.   Service Providers can use CPNP to initiate connectivity
        provisioning requests towards a number of Network Providers so
        as to optimize the cost of delivering their services.  Although
        multiple CPNP ordering cycles can be initiated by a Service
        Provider towards multiple Network Providers, a subset of these
        orders may actually be put into effect.

        For example, a cloud Service Provider can use CPNP to request
        more resources from Network Providers.

   5.   CPNP can also be used in the context of network slicing
        [NETSLICES-ARCH] to request network resources together with a
        set of requirements that need to be satisfied by the Provider.
        Such requirements are not restricted to basic IP forwarding
        capabilities, but may also include a characterization of a set
        of service functions that may be invoked.  For the network
        slicing case, the instances of a CPP template could be derived
        from the network slice template documented in [TEAS-SLICE-NBI].

   6.   CPNP can be used in Machine-to-Machine (M2M) environments to
        dynamically subscribe to M2M services (e.g., access data
        retrieved by a set of sensors, extend sensor coverage, etc.).

        Also, Internet of Things (IoT) [RFC6574] domains may rely on
        CPNP to enable dynamic access to data produced by involved
        objects, according to their specific policies, to various
        external stakeholders such as data analytics and business
        intelligence companies.  Direct CPNP-based interactions between
        IoT domains and interested parties enable open access to diverse
        sets of data across the Internet, e.g., from multiple types of
        sensors, user groups, and/or geographical areas.

   7.   CPNP can be used in the context of Interface to Network Security
        Functions (I2NSF) [RFC8329] to capture the Customer-driven
        policies to be enforced by a set of Network Security Functions.

   8.   A Provider offering cloud services can expose a CPNP interface
        to allow Customers to dynamically negotiate typical data center
        resources, such as additional storage, processing and networking
        resources, enhanced security filters, etc.

        Cloud computing Providers typically structure their computation
        service offerings by bundling CPU, RAM, and storage units as
        quotas, instances, or flavors that can be consumed in an
        ephemeral or temporal fashion during the lifetime of the
        required function.  A similar approach is followed by CPNP (see
        for example, Section 9.2.11).

   9.   In the inter-cloud context (also called cloud of clouds or cloud
        federation), CPNP can be used to reserve computing and
        networking resources hosted by various cloud infrastructures.

   10.  CDN Providers can use CPNP to extend their footprint by
        interconnecting their respective CDN infrastructures [RFC6770]
        (see Figure 1).

                         ,--,--,--.             ,--,--,--.
                      ,-'          `-.       ,-'          `-.
                     (CDN Provider 'A')=====(CDN Provider 'B')
                      `-.  (CDN-A) ,-'       `-. (CDN-B)  ,-'
                        `--'--'--'             `--'--'--'

                         Figure 1: CDN Interconnection

   11.  Mapping Service Providers (MSPs) [RFC7215] can use CPNP to
        enrich their mapping database by interconnecting their mapping
        system (see Figure 2).  This interconnection allows the
        relaxation of the constraints on PxTR (Proxy Ingress/Egress
        Tunnel Router) in favour of native LISP (Locator/ID Separation
        Protocol) forwarding [RFC6830].  Also, it prevents the
        fragmentation of the LISP mapping database.  A framework is
        described in [LISP-MS-DISCOVERY].

                        ,--,--,--.             ,--,--,--.
                     ,-'          `-.       ,-'          `-.
                    (Mapping System 'A')===(Mapping System 'B')
                     `-.          ,-'       `-.           ,-'
                        `--'--'--'             `--'--'--'

                   Figure 2: LISP Mapping System Interconnect

   12.  CPNP may also be used between SDN (Software-Defined Networking)
        controllers in contexts where Cooperating Layered Architecture
        for Software-Defined Networking (CLAS) is enabled [RFC8597].

6.  CPNP Deployment Models

   Several CPNP deployment models can be envisaged.  Two examples are
   listed below:

   *  The Customer deploys a CPNP client while one or several CPNP
      servers are deployed by the Provider.  A CPNP client can discover
      its CPNP servers using a variety of means (static, dynamic, etc.).

   *  The Customer does not enable any CPNP client.  The Provider
      maintains a Customer Order Management portal.  The Customer can
      initiate connectivity provisioning quotation orders via the
      portal; appropriate CPNP messages are then generated and sent to
      the relevant CPNP server.  In this model, both the CPNP client and
      CPNP server are under the responsibility of the same
      administrative entity (i.e., Network Provider).

   Once the negotiation of connectivity provisioning parameters is
   successfully concluded, that is, an order has been placed by the
   Customer, the actual network provisioning operations are initiated.
   The specification of related dynamic resource allocation and policy
   enforcement schemes, as well as how CPNP servers interact with the
   network provisioning functional blocks on the Provider side, are out
   of the scope of this document.

   This document does not make any assumptions about the CPNP deployment
   model either.

7.  CPNP Negotiation Model

   CPNP runs between a Customer and a Provider, carrying service orders
   from the Customer and corresponding responses from the Provider in
   order to reach a service provisioning agreement.  As the services
   offered by the Provider are well described, by means of the CPP
   template for connectivity matters, the negotiation process is
   essentially a value-settlement process, where an agreement is pursued
   on the values of the commonly understood information items (service
   parameters) included in the service description template
   (Section 9.1.9).

   The content that CPNP carries and the negotiation logic invoked at
   Customer and Provider sides to manipulate the content (i.e., the
   information carried in CPNP messages to proceed with the negotiation)
   is transparent to the protocol.

   The protocol aims to facilitate the execution of the negotiation
   logic by providing the required generic communication primitives.

   Since negotiations are initiated and primarily driven by the
   Customer's negotiation logic, it is reasonable to assume that the
   Customer is the only party that can call for an agreement.  An
   implicit approach is adopted for not overloading the protocol with
   additional messages.  In particular, the acceptance of an offer made
   by the Provider signals a call for agreement from the Customer.  Note
   that it is almost certain the Provider will accept this call since it
   refers to an offer that the Provider made.  Of course, at any point
   the Provider or the Customer may quit the negotiations, each on its
   own grounds.

   Based on the above, CPNP adopts a quotation order/offer/answer model,
   which proceeds through the following basic steps (Figure 3):

   1.  The CPNP client specifies its service requirements in a
       Provisioning Quotation Order (PQO).  The order may include
       strictly or loosely defined values in the clauses describing
       service provisioning characteristics.

   2.  The CPNP server declines the PQO, or makes an offer to address
       the requirements of the PQO, or suggests a counterproposal that
       partially addresses the requirements of the PQO in case specific
       requirements cannot be accommodated.

   3.  The CPNP client either accepts or declines the offer.  The
       acceptance of the offer by the CPNP client implies a call for
       agreement and, thus, the agreement between both parties and the
       conclusion of the negotiation.

                   +------+                     +------+
                   |Client|                     |Server|
                   +------+                     +------+
                      |=====Requested Service=====>|
                      |<=====Offered Service=======|
                      |=====Accepted Service======>|

                  Figure 3: Simplified Service Negotiation

   Multiple instances of CPNP may run at a Customer's or a Provider's
   domains.  A CPNP client may be engaged in multiple, simultaneous
   negotiations with the same or different CPNP servers (parallel
   negotiations, see Section 8.10), and a CPNP server may need to
   negotiate with other Provider(s) as part of negotiations that are
   ongoing with a CPNP client (cascaded negotiations, see Section 8.8).

   CPNP relies on various timers to run its operations.  Two types of
   timers are defined: those that are specific to CPNP message
   transmission and those that are specific to the negotiation logic.
   The latter are used to guide the negotiation logic at both CPNP
   client and CPNP server sides, particularly in cases where the CPNP
   client is involved in parallel negotiations with several CPNP servers
   or in cases where the CPNP server is, in turn, involved in
   negotiations with other Providers for processing a given Customer-
   originated quotation order.  CPNP allows a CPNP server to request
   extra time to proceed with the negotiation.  This request may be
   accepted or rejected by the CPNP client.

   Providers may need to publish available services to the Customers
   (see Section 4).  CPNP may optionally support this functionality.
   Dedicated templates can be defined for the purpose of service
   announcement, which will be used by the CPNP clients to initiate
   their CPNP negotiation cycles.

   For the sake of simplicity, a single offer/answer stage is assumed
   within one CPNP negotiation cycle.  Nevertheless, as already stated,
   multiple CPNP negotiation cycles can be undertaken by a CPNP client
   (see Figure 4).

   The model is flexible enough to accommodate changing conditions
   during the lifetime of a service (e.g., the introduction of an
   additional VPN site).

   +------+                  +------+ +------+                  +------+
   |Client|                  |Server| |Client|                  |Server|
   +------+                  +------+ +------+                  +------+
      |=====Quotation Order=====>|       |=====Quotation Order=====>|
      |<==========Offer==========|       |<==========Offer==========|
      |===========Accept========>|       |==========Decline========>|

     1-Step Successful Negotiation         1-Step Failed Negotiation
               Cycle                               Cycle

   +------+                  +------+ +------+                  +------+
   |Client|                  |Server| |Client|                  |Server|
   +------+                  +------+ +------+                  +------+
      |===Quotation Order(a)====>|       |===Quotation Order(i)====>|
      |<==========Offer==========|       |<==========Offer==========|
      |==========Decline========>|       |==========Decline========>|
      |===Quotation Order(b)====>|       |===Quotation Order(j)====>|
      |<==========Offer==========|       |<==========Offer==========|
      |===========Accept========>|       |==========Decline========>|
                                         |===Quotation Order(k)====>|
                                         |<==========Offer==========|
                                         |==========Decline========>|
                                         |===Quotation Order(l)====>|
                                         |<==Fail to make an offer==|

       N-Step Negotiation Cycle:         N-Step Negotiation Cycle:
         Successful Negotiation              Failed Negotiation

                   Figure 4: Overall Negotiation Process

   The means used by a CPNP client to retrieve a list of active/accepted
   offers are not defined in this document.

   An order can be implicitly or explicitly activated.  Section 3.11 of
   [RFC7297] specifies a dedicated clause called Activation Means.  Such
   a clause indicates the required action(s) to be undertaken to
   activate access to the (IP connectivity) service.  This document
   defines a dedicated CPNP message that can be used for explicit
   activation (Section 9.2.11).

8.  Protocol Overview

8.1.  Client/Server Communication

   CPNP is a client/server protocol that can run over any transport
   protocol.  The default transport mode is UDP secured with Datagram
   Transport Layer Security (DTLS) [RFC6347].  No permanent CPNP
   transport session needs to be maintained between the client and the
   server.

   The CPNP client can be configured with the CPNP server(s).
   Typically, the CPNP client is configured with an IP address together
   with a port number using manual or dynamic configuration means (e.g.,
   DHCP).  Alternatively, a Provider may advertise the port number
   (CPNP_PORT) it uses to bind the CPNP service using SRV [RFC2782].

   The CPNP client may be provided with a domain name of the CPNP server
   for PKIX-based authentication purposes.  CPNP servers should prefer
   the use of DNS-ID and SRV-ID over CN-ID identifier types in
   certificate requests (Section 2.3 of [RFC6125]).  URI-IDs should not
   be used for CPNP server identity verification.

   The client sends CPNP requests using CPNP_PORT as the destination
   port number.  The same port number used as the source port number of
   a CPNP request sent to a CPNP server is used by the server to reply
   to that request.

   CPNP is independent of the IP address family.

   CPNP retransmission for unreliable transports is discussed in
   Section 11.4.

   Considerations related to mutual authentication are discussed in
   Section 13.

8.2.  Policy Configuration on the CPNP Server

   As an input to its decision-making process, the CPNP server may be
   connected to various external modules such as Customer Profiles,
   Network Topology, Network Resource Management, Order Repositories,
   AAA, and Network Provisioning Manager (an example is shown in
   Figure 5).

   These external modules provide inputs to the CPNP server so that it
   can do the following:

   *  Check whether a Customer is entitled to initiate a provisioning
      quotation request.

   *  Check whether a Customer is entitled to cancel an ongoing order.

   *  Check whether administrative data (e.g., billing-related
      information) have been verified before the processing of the
      request starts.

   *  Check whether network capacity is available or additional capacity
      is required.

   *  Receive guidelines from network design and sales blocks (e.g.,
      pricing, network usage levels, thresholds associated with the
      number of CPP templates that can be processed over a given period
      of time as a function of the nature of the service to be
      delivered, etc.).

   *  Transfer completed orders to network provisioning blocks (referred
      to as "Network Provisioning Manager" in Figure 5).  For example,
      the outcome of CPNP may be passed to modules such as Application-
      Based Network Operations (ABNO) [RFC7491] or network controllers.
      These controllers will use protocols such as NETCONF [RFC6241] to
      interact with the appropriate network nodes and functions for the
      sake of proper service activation and delivery.

   The above list of CPNP server operations is not exhaustive.

            . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
            .Business & Administrative Management                   .
            .+------------------------++---------------------------+.
            .| Business Guidelines    ||    Billing & Charging     |.
            .+-----------+------------++-----------+---------------+.
            .            |                         |                .
            .            +-------------------+     |                .
            . . . . . . . . . . . . . . . . .|. . .|. . . . . . . . .
            . . . . . . . . . . . . . . . . .|. . .|. . . . . . . . .
            .Order Handling Management       |     |                .
            . +-------------------+  +-------+-----+--------------+ .
            . |Network Topology DB+--+        CPNP Server         | .
            . +-------------------+  +-+---+---+---+---+-----+----+ .
            .                          |   |   |   |   |     |      .
            . +------------------------+-+ |   |   |   |     |      .
            . |   Network Dimensioning   | |   |   |   |     |      .
            . |        & Planning        | |   |   |   |     |      .
            . +--------------------------+ |   |   |   |     |      .
            . +----------------------------+-+ |   |   | +---+----+ .
            . |                              | |   |   | |   AAA  | .
            . |   Network       +------------+ |   |   | +--------+ .
            . |  Resource       | +------------+-+ | +-+----------+ .
            . |  Management     | |   Customer   | | |   Orders   | .
            . |                 | |   Profiles   | | | Repository | .
            . +-----------------+ +--------------+ | +------------+ .
            . . . . . . . . . . . . . . . . . . . .|. . . . . . . . .
            +--------------------------------------+----------------+
            |             Network Provisioning Manager              |
            +-------------------------------------------------------+

       Figure 5: Order Handling Management Functional Block (Focus on
                            Internal Interfaces)

   The following order-handling modes can also be configured on the
   server:

   Fully automated mode:  This mode does not require any action from the
      administrator when receiving a request for a service.  The server
      can execute its decision-making process related to the orders
      received and can generate corresponding offers.

   Administrative validation checking:  Some or all of the server's
      operations are subject to administrative validation procedures.
      This mode requires an action from the administrator for every
      request received.  To that aim, the CPNP methods that can be
      automatically handled by the server (or are subject to one or
      several validation administrative checks) can be configured on the
      server.

8.3.  CPNP Session Entries

   A CPNP session entry is represented by a tuple defined as follows:

   *  Transport session (typically, the IP address of the CPNP client,
      the client's port number, the IP address of the CPNP server, and
      the CPNP server's port number).

   *  Incremented sequence number (Section 11.3).

   *  Customer agreement identifier: This is a unique identifier
      assigned to the order under negotiation by the CPNP client
      (Section 9.1.1).  This identifier is also used by the client to
      identify the agreement that will result from a successful
      negotiation.

   *  Provider agreement identifier: This is a unique identifier
      assigned to the order under negotiation by the CPNP server
      (Section 9.1.2).  This identifier is also used by the server to
      identify the agreement that will result from a successful
      negotiation.

   *  Transaction-ID (Section 8.4).

8.4.  CPNP Transactions

   A CPNP transaction occurs between a client and a server for
   completing, modifying, or withdrawing a service agreement, and
   comprises all CPNP messages exchanged between the client and the
   server, from the first request sent by the client to the final
   response sent by the server.  A CPNP transaction is bound to a CPNP
   session (Section 8.3).

   Because multiple CPNP transactions can be maintained by the CPNP
   client, the client must assign an identifier to uniquely identify a
   given transaction.  This identifier is the Transaction-ID.

   The Transaction-ID must be randomly assigned by the CPNP client,
   according to the best current practice for generating random numbers
   [RFC4086] that cannot be guessed easily.  The Transaction-ID is used
   for validating CPNP responses received by the client.

   In the context of a transaction, the client needs to select a
   sequence number randomly and then needs to assign it to the first
   CPNP message to send.  This number is then incremented for each
   request message that is subsequently sent within the ongoing CPNP
   transaction (see Section 11.3).

8.5.  CPNP Timers

   CPNP adopts a simple retransmission procedure that relies on a
   retransmission timer represented by RETRANS_TIMER and a maximum retry
   threshold.  The use of RETRANS_TIMER and a maximum retry threshold
   are described in Section 11.

   The response timer (EXPECTED_RESPONSE_TIME) is set by the client to
   denote the time, in seconds, the client will wait to receive a
   response from the server to a PQO request (see Section 9.1.6).  If
   the timer expires, the respective PQO is cancelled by the client, and
   a CANCEL message is generated accordingly.

   The expected offer timer (EXPECTED_OFFER_TIME) is set by the server
   to indicate the time by when the CPNP server is expected to make an
   offer to the CPNP client (see Section 9.1.7).  If no offer is
   received by then, the CPNP client will consider the order as
   rejected.

   An offer expiration timer (VALIDITY_OFFER_TIME) is set by the server
   to represent the time, in minutes, after which an offer made by the
   server becomes invalid (see Section 9.1.8).

8.6.  CPNP Operations

   CPNP operations are listed below.  They may be augmented depending on
   the nature of some transactions or because of security considerations
   that may necessitate a distinct CPNP client/server authentication
   phase before negotiation begins.

   QUOTATION (Section 9.2.1):
      This operation is used by the client to initiate a PQO.  Upon
      receipt of a QUOTATION request, the server may respond with a
      PROCESSING, OFFER, or a FAIL message.  A QUOTATION-initiated
      transaction can be terminated by a FAIL message.

   PROCESSING (Section 9.2.2):
      This operation is used to inform the remote party that its message
      (the order quotation or the offer) was received and it is being
      processed.  This message can also be issued by the server to
      request more time, in which case, the client may reply with an ACK
      or FAIL message depending on whether extra time can or cannot be
      granted.

   OFFER (Section 9.2.3):
      This operation is used by the server to inform the client about an
      offer that can best accommodate the requirements indicated in the
      previously received QUOTATION message.

   ACCEPT (Section 9.2.4):
      This operation is used by the client to confirm the acceptance of
      an offer made by the server.  This message implies a call for
      agreement.  An agreement is reached when an ACK is subsequently
      received from the server, which is likely to happen if the message
      is sent before the offer validity time expires; the server is
      unlikely to reject an offer that it has already made.

   DECLINE (Section 9.2.5):
      This operation is used by the client to reject an offer made by
      the server.  The ongoing transaction may not be terminated
      immediately, e.g., the client may issue another order or the
      server may issue another offer.

   ACK (Section 9.2.6):
      This operation is used by the server to acknowledge the receipt of
      an ACCEPT or WITHDRAW message or by the client to confirm the
      server's request for a time extension (conveyed in a PROCESSING
      message) in order to process the last received quotation order.

   CANCEL (Section 9.2.7):
      This operation is used by the client to cancel (quit) the ongoing
      transaction.

   WITHDRAW (Section 9.2.8):
      This operation is used by the client to withdraw a completed order
      (i.e., an agreement).

   UPDATE (Section 9.2.9):
      This operation is used by the client to update an existing
      agreement.  For example, this method can be invoked to add a new
      VPN site.  This method will trigger a new negotiation cycle.

   FAIL (Section 9.2.10):
      This operation is used by the server to indicate that it cannot
      accommodate the requirements documented in the PQO conveyed in the
      QUOTATION message or to inform the client about an error
      encountered when processing the received message.  In either case,
      the message implies that the server is unable to make offers, and,
      as a consequence, it terminates the ongoing transaction.

      This message is also used by the client to reject a time extension
      request in a PROCESSING message received from the server.  The
      message includes a status code that provides explanatory
      information.

   The above CPNP primitives are service independent.  CPNP messages may
   transparently carry service-specific objects that are handled by the
   negotiation logic at either side.

   The document defines the service objects that are required for
   connectivity provisioning negotiation purposes (see Section 8.7).
   Additional service-specific objects for CPNP messages to accommodate
   alternative deployment schemes or other service provisioning needs
   can be defined in the future.

8.7.  Connectivity Provisioning Documents

   CPNP makes use of several flavors of Connectivity Provisioning
   Documents (CPD).  These documents follow the same CPP template
   described in [RFC7297].

   Requested CPD:
      Refers to the CPD included by a CPNP client in a QUOTATION
      request.

   Offered CPD:
      This document is included by a CPNP server in an OFFER message.
      Its information reflects the proposal of the server to accommodate
      all or a subset of the clauses depicted in a Requested CPD.  A
      validity time is associated with the offer made.

   Accepted CPD:
      If the client accepts an offer made by the server, the Offered CPD
      is included in an ACCEPT message.  This CPD is also included in an
      ACK message.  Thus, a three-way handshake procedure is followed
      for successfully completing the negotiation.

   Figure 6 shows a typical CPNP negotiation cycle and the use of the
   different types of CPDs.

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |======QUOTATION (Requested CPD)=====>|
                 |<============PROCESSING==============|
                 |<========OFFER (Offered CPD)=========|
                 |=============PROCESSING=============>|
                 |=======ACCEPT (Accepted CPD)========>|
                 |<=======ACK (Accepted CPD)===========|
                 |                                     |

               Figure 6: Connectivity Provisioning Documents

   A CPD can include parameters with fixed values, loosely defined
   values, or any combination thereof.  A CPD is said to be concrete if
   all clauses have fixed values.

   A typical evolution of a negotiation cycle would start with a
   quotation order with loosely defined parameters, and then, as offers
   are made, it would conclude with a concrete CPD for calling for the
   agreement.

8.8.  Child PQOs

   If the server detects that network resources from another Network
   Provider need to be allocated in order to accommodate the
   requirements described in a PQO (e.g., in the context of an inter-
   domain VPN service, additional Provider Edge (PE) router resources
   need to be allocated), the server may generate child PQOs to request
   the appropriate network provisioning operations (see Figure 7).  In
   such a situation, the server also behaves as a CPNP client.  The
   server associates the parent order with its child PQOs.  How this is
   achieved is implementation specific (e.g., this can be typically
   achieved by locally adding the reference of the child PQO to the
   parent order).

            +------+            +--------+          +--------+
            |Client|            |Server A|          |Server B|
            +------+            +--------+          +--------+
               |                    |                    |
               |=====QUOTATION=====>|                    |
               |<====PROCESSING=====|                    |
               |                    |=====QUOTATION=====>|
               |                    |<====PROCESSING=====|
               |                    |<=======OFFER=======|
               |                    |=====PROCESSING====>|
               |                    |=======ACCEPT======>|
               |                    |<=======ACK=========|
               |<=======OFFER=======|                    |
               |=====PROCESSING====>|                    |
               |=======ACCEPT======>|                    |
               |<=======ACK=========|                    |
               |                    |                    |

                     Figure 7: Example of Child Orders

   Note that the server must not activate recursion for an order if the
   client includes a negotiation option to restrict the negotiation
   scope to the resources of the server's domain (Section 9.1.10.3).

   If recursion is not explicitly disabled, the server may notify the
   client when appropriate (Section 9.2.2).  Such notification may
   depend on the nature of the service and also regulatory
   considerations.

8.9.  Multi-Segment Service

   A composite service (e.g., connectivity) requested by a Customer
   could imply multi-segment services (e.g., multi-segment connectivity
   spanning an end-to-end scope), in the sense that one single CPNP
   request is decomposed into multiple connectivity requests on the
   Provider's side (thereby leading to child orders).  The Provider is
   in charge of handling the complexity of splitting the generic
   provisioning order in a multi-segment context.  Such complexity is
   local to the Provider.

8.10.  Negotiating with Multiple CPNP Servers

   A CPNP client may undertake multiple negotiations in parallel with
   several servers for various reasons, such as cost optimization and
   fail-safety.  These multiple negotiations may lead to one or many
   agreements.

   The salient point underlining the parallel negotiation scenarios is
   that, although the negotiation protocol is strictly between two
   parties, this may not be the case of the negotiation logic.  The CPNP
   client negotiation logic may need to collectively drive parallel
   negotiations, as the negotiation with one server may affect the
   negotiation with other servers; for example, it may need to use the
   responses from all servers as an input for determining the messages
   (and their content) to subsequently send within the course of each
   individual negotiation.  Therefore, timing is an important aspect on
   the client's side.  The CPNP client needs to have the ability to
   synchronize the receipt of the responses from the servers.  CPNP
   takes into account this requirement by allowing clients to specify in
   the QUOTATION message the time by which the server needs to respond
   (see Section 9.1.6).

8.11.  State Management

   Both the client and the server maintain repositories to store ongoing
   orders.  How these repositories are maintained is deployment
   specific.  It is out of scope of this document to elaborate on such
   considerations.  Timestamps are also logged to track state change.
   Tracking may be needed for various reasons, including regulatory or
   billing ones.

   In order to accommodate failures that may lead to the reboot of the
   client or the server, the use of permanent storage is recommended,
   thereby facilitating state recovery.

8.11.1.  On the Client Side

   This is the list of the typical states that can be associated with a
   given order on the client's side:

   Created:  The order has been created.  It is not handled by the
      client until the administrator allows it to be processed.

   AwaitingProcessing:  The administrator has approved the processing of
      a created order, but the order has not been handled yet.

   PQOSent:  The order has been sent to the server.

   ServerProcessing:  The server has confirmed the receipt of the order.

   OfferReceived:  An offer has been received from the server.

   OfferProcessing:  A received offer is being processed by the client.

   AcceptSent:  The client has confirmed the offer to the server.

   Completed:  The offer has been acknowledged by the server.

   Cancelled:  The order has failed or was cancelled.

   Sub-states may be defined (e.g., to track failed vs. cancelled
   orders), but those are not shown in Figure 8.

                 +------------------+
                 |     Created      |-----------------+
                 +------------------+                 |
                         |                            |
                         v                            |
                 +------------------+                 |
                 |AwaitingProcessing|----------------+|
                 +------------------+                ||
                         |                           ||
                    QUOTATION/UPDATE                 ||
                         v                           ||
                 +------------------+                ||
                 |     PQOSent      |---CANCEL------+||
                 +------------------+               vvv
                         |                        +-----+
                     PROCESSING                   |     |
                         v                        |     |
                 +------------------+   CANCEL    |  C  |
                 | ServerProcessing |------------>|  A  |
                 +------------------+    FAIL     |  N  |
                         |                        |  C  |
                         |                        |  E  |
                       OFFER                      |  L  |
                         |                        |  L  |
                         v                        |  E  |
                 +------------------+             |  D  |
                 |  OfferReceived   |---CANCEL--->|     |
                 +------------------+             |     |
                         | PROCESSING             +-----+
                         v                          ^^^
                 +------------------+               |||
                 |  OfferProcessing |---DECLINE-----+||
                 +------------------+                ||
                         | ACCEPT                    ||
                         v                           ||
                 +------------------+                ||
                 |    AcceptSent    |---CANCEL-------+|
                 +------------------+                 |
                         | ACK                        |
                         v                            |
                 +------------------+                 |
                 |   Completed      |---WITHDRAW------+
                 +------------------+

       Figure 8: Example of a CPNP Finite State Machine (Client Side)

8.11.2.  On the Server Side

   The following lists the states on the server's side that can be
   associated with a given order and a corresponding offer:

   PQOReceived:  The order has been received from the client.

   AwaitingProcessing:  The order is being processed by the server.  An
      action from the server administrator may be needed.

   OfferProposed:  The request has been successfully handled, and an
      offer has been sent to the client.

   ProcessingReceived:  The server has received a PROCESSING message for
      an offer sent to the client.

   AcceptReceived:  The server has received a confirmation for the offer
      from the client.

   Completed:  The server has acknowledged the offer (accepted by
      client) to the client.  Transitioning to this state assumes that
      the ACK was received by the client (this can be detected by the
      server if it receives a retransmitted ACCEPT message from the
      client).

   Cancelled:  The order cannot be accommodated, or it has been
      cancelled by the client.  Associated resources must be released in
      the latter case, if previously reserved.

   ChildCreated:  A child order has been created in cases where
      resources from another Network Provider are needed.

   ChildPQOSent:  A child order has been sent to the remote server.

   ChildServerProcessing:  A child order is being processed by the
      remote server.

   ChildOfferReceived:  The remote server has received an offer to a
      child order.

   ChildOfferProcessing:  A received offer to a child order is being
      processed.

   ChildAcceptSent:  The child offer (the offer received from the remote
      server in response to a child order) is confirmed to the remote
      server.

   ChildCompleted:  The accepted child offer has been acknowledged by
      the remote server.

   +------------------+           +------------------+
   |AwaitingProcessing|<----------|    ChildCreated  |
   +------------------+           +------------------+
           |                            |      ^
           v                            |      |
   +------------------+                 |      |
   |   ChildPQOSent   |----------------+|      Q
   +------------------+                ||      U
           |                           ||      O
        QUOTATION/UPDATE               ||      T
           v                           ||      A  +--------------------+
   +---------------------+   CANCEL    ||      T  |     PQOReceived    |
   |ChildServerProcessing|------------+||      I  +--------------------+
   +---------------------+    FAIL    vvv      O       |      |
           |                        +-----+    N    CANCEL    |
       PROCESSING                   |     |<---|-------+  PROCESSING
           v                        |     |    |              v
   +------------------+             |     |   +------------------------+
   |ChildOfferReceived|----CANCEL---|  C  |<--|   AwaitingProcessing   |
   +------------------+             |  A  |   +------------------------+
           |                        |  N  |       ^          | OFFER
         OFFER                      |  C  |       | +------------------+
           |                        |  E  |<DECLINE-|   OfferProposed  |
           |                        |  L  |       | +------------------+
           v                        |  L  |       |          |
   +------------------+             |  E  |       |      PROCESSING
   |ChildOfferReceived|---CANCEL----|  D  |       |          v
   +------------------+             |     |       | +------------------+
           |                        |     |<DECLINE-| Proc'ingReceived |
      PROCESSING                    |     |       |+------------------+
           |                        +-----+       |          | ACCEPT
           v                         ^^^^^        |          v
   +------------------+              |||||        | +------------------+
   |ChildOfferProc'ing|---DECLINE----+|||+-CANCEL-|-|  AcceptReceived  |
   +------------------+               |||         | +------------------+
           |ACCEPT                    |||         |          |ACK
           v                          |||         |          v
   +------------------+               |||         | +------------------+
   |  ChildAcceptSent |---CANCEL------+|+-WITHDRAW|-|    Completed     |
   +------------------+                |          | +------------------+
           | ACK                       |          |
           v                           |          |
   +------------------+                |          |
   |  ChildCompleted  |---WITHDRAW-----+          |
   |                  +---------------------------+
   +------------------+

             Figure 9: CPNP Finite State Machine (Server Side)

9.  CPNP Objects

   This section defines CPNP objects using the Routing Backus-Naur Form
   (RBNF) format defined in [RFC5511].  Please also note the following:

      |  Note 1: The formats of CPNP messages are provided using a
      |  generic format.  Implementors can adapt RBNF definitions to
      |  their "favorite" message format.  For example, JSON [RFC8259]
      |  or Concise Binary Object Representation (CBOR) [RFC7049] can be
      |  used.

      |  Note 2: CPNP messages cannot be blindly mapped to RESTCONF
      |  messages with the target service being modelled as
      |  configuration data because such data is supposed to be
      |  manipulated by a RESTCONF client only.  In such a model, the
      |  RESTCONF server cannot use a value other than the one set by
      |  the client (e.g., Section 9.2.3) or remove offers from its own
      |  initiative (e.g., Section 9.1.8).  An alternate approach might
      |  be to map CPNP operations into RESTCONF actions (RPC).
      |  Assessing the feasibility of such approach is out of scope.

9.1.  Attributes

9.1.1.  CUSTOMER_ORDER_IDENTIFIER

   The CUSTOMER_ORDER_IDENTIFIER (Customer Order Identifier) is an
   identifier that is assigned by a client to identify an agreement.
   This identifier must be unique to the client.

   Rules for assigning this identifier (including the structure and
   semantics) are specific to the client (Customer).  The value of
   CUSTOMER_ORDER_IDENTIFIER is included in all CPNP messages.

   The client (Customer) assigns an identifier to an order under
   negotiation before an agreement is reached.  This identifier will be
   used to unambiguously identify the resulting agreement at the client
   side (Customer).

   The server handles the CUSTOMER_ORDER_IDENTIFIER as an opaque value.

9.1.2.  PROVIDER_ORDER_IDENTIFIER

   The PROVIDER_ORDER_IDENTIFIER (Provider Order Identifier) is an
   identifier that is assigned by a server to identify an order.  This
   identifier must be unique to the server.

   Rules for assigning this identifier (including the structure and
   semantics) are specific to the server (Provider).  The
   PROVIDER_ORDER_IDENTIFIER is included in all CPNP messages except
   QUOTATION messages (because the state is only present at the client
   side).

   The server (Provider) assigns an identifier to an order under
   negotiation before an agreement is reached.  This identifier will be
   used to unambiguously identify the resulting agreement at the server
   side (Provider).

   The client handles the PROVIDER_ORDER_IDENTIFIER as an opaque value.

9.1.3.  TRANSACTION_ID

   This object conveys the Transaction-ID introduced in Section 8.4.

9.1.4.  SEQUENCE_NUMBER

   The sequence number is a number that is monotonically incremented in
   every new CPNP message pertaining to a given CPNP transaction.  This
   number is used to avoid replay attacks.

   Refer to Section 11.3.

9.1.5.  NONCE

   The NONCE is a random value assigned by the CPNP server.  Assigning a
   unique NONCE value for each order is recommended.

   It is mandatory to then include the NONCE in subsequent CPNP client
   operations on the associated order (including the resulting
   agreement) such as withdrawing the order or updating the order.

   If the NONCE validation checks fail, the server rejects the request
   with a FAIL message that includes the appropriate failure reason
   code.

9.1.6.  EXPECTED_RESPONSE_TIME

   This attribute indicates the time by when the CPNP client is
   expecting to receive a response from the CPNP server to a given PQO.
   If no offer is received by then, the CPNP client will consider the
   quotation order to be rejected.

   The EXPECTED_RESPONSE_TIME follows the date format specified in
   [RFC3339].

9.1.7.  EXPECTED_OFFER_TIME

   This attribute indicates the time by when the CPNP server is
   expecting to make an offer to the CPNP client.  If no offer is
   received by then, the CPNP client will consider the order rejected.

   The CPNP server may propose an expected offer time that does not
   match the expected response time indicated in the quotation order
   message.  The CPNP client can accept or reject the proposed expected
   time by when the CPNP server will make an offer.

   The CPNP server can always request extra time for its processing, but
   this may be accepted or rejected by the CPNP client.

   The EXPECTED_OFFER_TIME follows the date format specified in
   [RFC3339].

9.1.8.  VALIDITY_OFFER_TIME

   This attribute indicates the time of validity of an offer made by the
   CPNP server.  If the offer is not accepted before this time expires,
   the CPNP server will consider the CPNP client as having rejected the
   offer; the CPNP server will silently remove this order from its base.

   The VALIDITY_OFFER_TIME follows date format specified in [RFC3339].

9.1.9.  SERVICE_DESCRIPTION

   This document defines a machinery to negotiate any aspect subject to
   negotiation.  Service clauses that are under negotiation are conveyed
   using this attribute.

   The structure of the connectivity provisioning clauses is provided in
   the following subsection.

9.1.9.1.  CPD

   The RBNF format of the CPD is shown in Figure 10.

   <CPD> ::=  <Connectivity Provisioning Component> ...
   <Connectivity Provisioning Component> ::=
                              <CONNECTIVITY_PROVISIONING_PROFILE> ...
   <CONNECTIVITY_PROVISIONING_PROFILE> ::=
                              <Customer Nodes Map>
                              <SCOPE>
                              <QoS Guarantees>
                              <Availability>
                              <CAPACITY>
                              <Traffic Isolation>
                              <Conformance Traffic>
                              <Flow Identification>
                              <Overall Traffic Guarantees>
                              <Routing and Forwarding>
                              <Activation Means>
                              <Invocation Means>
                              <Notifications>
   <Customer Nodes Map> ::=  <Customer Node> ...
   <Customer Node> ::=  <IDENTIFIER>
                        <LINK_IDENTIFIER>
                        <LOCALIZATION>

                   Figure 10: The RBNF format of the CPD

9.1.10.  CPNP Information Elements

   An Information Element (IE) is an optional object that can be
   included in a CPNP message.

9.1.10.1.  Customer Description

   The client may include administrative information such as the
   following:

   *  Name

   *  Contact Information

   The format of this Information Element is as follows:

   <Customer Description> ::= [<NAME>] [<Contact Information>]
   <Contact Information> ::=  [<EMAIL_ADDRESS>] [<POSTAL_ADDRESS>]
                              [<TELEPHONE_NUMBER> ...]

9.1.10.2.  Provider Description

   The server may include administrative information in an offer such as
   the following:

   *  Name

   *  AS Number [RFC6793]

   *  Contact Information

   The format of this Information Element is as follows:

   <Provider Description> ::= [<NAME>][<Contact Information>]
                              [<AS_NUMBER>]

9.1.10.3.  Negotiation Options

   The client may include some negotiation options such as the
   following:

   Setup purpose:  A client may request the setup of a service (e.g.,
      connectivity) only for testing purposes during a limited period.
      The order can be extended to become permanent if the client was
      satisfied during the test period.  This operation is achieved
      using the UPDATE method.

   Activation type:  A client may request a permanent or scheduled
      activation type.  If no activation type clause is included during
      the negotiation, this means that the order will be immediately
      activated right after the negotiation ends.

   The format of this Information Element is as follows:

   <Negotiation Options> ::= [<PURPOSE>]

9.2.  Operation Messages

   This section defines the RBNF format of CPNP operation messages.  The
   following operation codes are used:

   +======+===================+================+
   | Code | Operation Message | Reference      |
   +======+===================+================+
   | 1    | QUOTATION         | Section 9.2.1  |
   +------+-------------------+----------------+
   | 2    | PROCESSING        | Section 9.2.2  |
   +------+-------------------+----------------+
   | 3    | OFFER             | Section 9.2.3  |
   +------+-------------------+----------------+
   | 4    | ACCEPT            | Section 9.2.4  |
   +------+-------------------+----------------+
   | 5    | DECLINE           | Section 9.2.5  |
   +------+-------------------+----------------+
   | 6    | ACK               | Section 9.2.6  |
   +------+-------------------+----------------+
   | 7    | CANCEL            | Section 9.2.7  |
   +------+-------------------+----------------+
   | 8    | WITHDRAW          | Section 9.2.8  |
   +------+-------------------+----------------+
   | 9    | UPDATE            | Section 9.2.9  |
   +------+-------------------+----------------+
   | 10   | FAIL              | Section 9.2.10 |
   +------+-------------------+----------------+
   | 11   | ACTIVATE          | Section 9.2.11 |
   +------+-------------------+----------------+

       Table 1: CPNP Operation Message Codes

   These codes are used to unambiguously identify a CPNP operation; the
   operation code is conveyed in the METHOD_CODE attribute mentioned in
   the following subsections.

   In the following, VERSION refers to the CPNP version number.  This
   attribute must be set to 1.

9.2.1.  QUOTATION

   The format of the QUOTATION message is shown below:

   <QUOTATION Message> ::=  <VERSION>
                            <METHOD_CODE>
                            <SEQUENCE_NUMBER>
                            <TRANSACTION_ID>
                            <CUSTOMER_ORDER_IDENTIFIER>
                            [<EXPECTED_RESPONSE_TIME>]
                            <REQUESTED_CPD>
                            [<INFORMATION_ELEMENT>...]

   A QUOTATION message must include an order identifier that is
   generated by the client (CUSTOMER_ORDER_IDENTIFIER).  Because several
   orders can be issued to several servers, the QUOTATION message must
   also include a Transaction-ID.

   The message may include an EXPECTED_RESPONSE_TIME, which indicates by
   when the client expects to receive an offer from the server.  The
   QUOTATION message must also include a requested service description
   (that is, a Requested CPD for connectivity services).

   The message may include ACTIVATION_TYPE to request a permanent or
   scheduled activation type (e.g., using the ACTIVATE method defined in
   Section 9.2.11).  If no such clause is included, the default mode is
   to assume that the order will be active once the accepted activation
   means are successfully invoked (e.g., Section 3.11 of [RFC7297]).

   When the client sends the QUOTATION message to the server, the state
   of the order changes to "PQOSent" at the client side.

9.2.2.  PROCESSING

   The format of the PROCESSING message is shown below:

   <PROCESSING Message> ::= <VERSION>
                            <METHOD_CODE>
                            <SEQUENCE_NUMBER>
                            <TRANSACTION_ID>
                            <CUSTOMER_ORDER_IDENTIFIER>
                            <PROVIDER_ORDER_IDENTIFIER>
                            [<EXPECTED_OFFER_TIME>]
                            [<PROCESSING_SUBCODE>]

   Upon receipt of a QUOTATION message, the server proceeds with the
   parsing rules (see Section 10).  If no error is encountered, the
   server generates a PROCESSING response to the client to indicate the
   PQO has been received and it is being processed.  The server must
   generate an order identifier that identifies the order in its local
   order repository.  The server must copy the content of the
   CUSTOMER_ORDER_IDENTIFIER and TRANSACTION_ID fields as conveyed in
   the QUOTATION message.  The server may include an EXPECTED_OFFER_TIME
   by when it expects to make an offer to the client.

   Upon receipt of a PROCESSING message, the client verifies whether it
   has issued a PQO that contains the CUSTOMER_ORDER_IDENTIFIER and
   TRANSACTION_ID to that server.  If no such PQO is found, the
   PROCESSING message must be silently ignored.  If a PQO is found, the
   client may check whether it accepts the EXPECTED_OFFER_TIME, and then
   it changes to state of the order to "ServerProcessing".

   If the server requires more time to process the quotation order, it
   may send a PROCESSING message that includes a new
   EXPECTED_OFFER_TIME.  The client can answer with an ACK message if
   more time is granted (Figure 11) or with a FAIL message if the time
   extension request is rejected (Figure 12).

   The server may provide more details in the PROCESSING_SUBCODE
   attribute about the reason for requesting more time to process the
   request.  The following codes are defined:

   +=========+============================+
   | Subcode | Description                |
   +=========+============================+
   | 1       | Upgrade of local resources |
   +---------+----------------------------+
   | 2       | Request external resources |
   +---------+----------------------------+

      Table 2: PROCESSING_SUBCODE Codes

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |=======QUOTATION(Requested CPD)=====>|
                 |<========PROCESSING(time1)===========|
                                   ...
                 |<========PROCESSING(MoreTime)========|
                 |============ACK(TimeGranted)========>|
                                   ...
                 |<=========OFFER(Offered CPD)=========|
                 |=============PROCESSING=============>|
                 |=========ACCEPT(Accepted CPD)=======>|
                 |<=========ACK(Accepted CPD)==========|
                 |                                     |

             Figure 11: Request More Negotiation Time: Granted

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |=======QUOTATION(Requested CPD)=====>|
                 |<========PROCESSING(time1)===========|
                                   ...
                 |<========PROCESSING(MoreTime)========|
                 |=====FAIL(More Time Rejected)=======>|

             Figure 12: Request More Negotiation Time: Rejected

9.2.3.  OFFER

   The format of the OFFER message is shown below:

   <OFFER Message> ::= <VERSION>
                       <METHOD_CODE>
                       <SEQUENCE_NUMBER>
                       <TRANSACTION_ID>
                       <CUSTOMER_ORDER_IDENTIFIER>
                       <PROVIDER_ORDER_IDENTIFIER>
                       <NONCE>
                       <VALIDITY_OFFER_TIME>
                       <OFFERED_CPD>
                       [<INFORMATION_ELEMENT>...]

   The server answers a QUOTATION request received from the client with
   an OFFER message.  The offer will be considered to be rejected by the
   client if no confirmation (i.e., an ACCEPT message sent by the
   client) is received by the server before the expiration of the
   validity time.

   The server may include ACTIVATION_TYPE to indicate whether the offer
   is about a permanent or scheduled activation type.  The message may
   include ACTIVATION_SCHEDULE to indicate when the order is to be
   activated.  If no such clause is included, the default mode is to
   assume that the order will be active once the accepted activation
   means are successfully invoked (e.g., Section 3.11 of [RFC7297] or
   Section 9.2.11).

9.2.4.  ACCEPT

   The format of the ACCEPT message is shown below:

   <ACCEPT Message> ::= <VERSION>
                        <METHOD_CODE>
                        <SEQUENCE_NUMBER>
                        <TRANSACTION_ID>
                        <CUSTOMER_ORDER_IDENTIFIER>
                        <PROVIDER_ORDER_IDENTIFIER>
                        <NONCE>
                        <ACCEPTED_CPD>
                        [<INFORMATION_ELEMENT>...]

   This message is used by a client to confirm the acceptance of an
   offer received from a server.  The fields of this message must be
   copied from the received OFFER message.  This message should not be
   sent after the validity time of the offer expires, as indicated by
   the server (Section 9.2.3).

9.2.5.  DECLINE

   The format of the DECLINE message is shown below:

   <DECLINE Message> ::= <VERSION>
                         <METHOD_CODE>
                         <SEQUENCE_NUMBER>
                         <TRANSACTION_ID>
                         <CUSTOMER_ORDER_IDENTIFIER>
                         <PROVIDER_ORDER_IDENTIFIER>
                         <NONCE>
                         [<REASON>...]

   The client may issue a DECLINE message to reject an offer.
   CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, TRANSACTION_ID,
   and NONCE are used by the server as keys to find the corresponding
   order.  If an order matches, the server changes the state of this
   order to "Cancelled" and then returns an ACK with a copy of the
   Requested CPD to the requesting client.

   A DECLINE message may include an Information Element to indicate the
   reason for declining an offer.  The following codes are defined:

   +======+====================================================+
   | Code | Description                                        |
   +======+====================================================+
   | 1    | Unacceptable gap between the request and the offer |
   +------+----------------------------------------------------+
   | 2    | Conflict with another offer from another server    |
   +------+----------------------------------------------------+
   | 3    | Activation type mismatch                           |
   +------+----------------------------------------------------+

                   Table 3: DECLINE Message Codes

   If no order is found, the server returns a FAIL message to the
   requesting client.  In order to prevent DDoS (Distributed Denial of
   Service) attacks, the server should restrict the number of FAIL
   messages sent to a requesting client.  It may also rate-limit FAIL
   messages.

   A flow example is shown in Figure 13.

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |=======QUOTATION(Requested CPD)=====>|
                 |<============PROCESSING==============|
                 |<=========OFFER(Offered CPD)=========|
                 |=============PROCESSING=============>|
                 |===============DECLINE==============>|
                 |<================ACK=================|
                 |                                     |

                      Figure 13: DECLINE Flow Example

9.2.6.  ACK

   The format of the ACK message is shown below:

   <ACK Message> ::= <VERSION>
                     <METHOD_CODE>
                     <SEQUENCE_NUMBER>
                     <TRANSACTION_ID>
                     <CUSTOMER_ORDER_IDENTIFIER>
                     <PROVIDER_ORDER_IDENTIFIER>
                     [<EXPECTED_RESPONSE_TIME>]
                     [<CPD>]
                     [<INFORMATION_ELEMENT>...]

   This message is issued by the server to close a CPNP transaction or
   by a client to grant more negotiation time to the server.

   This message is sent by the server as a response to an ACCEPT,
   WITHDRAW, DECLINE, or CANCEL message.  In this case, the ACK message
   must include the copy of the service description (i.e., CPD for
   connectivity services) as stored by the server.  In particular, the
   following considerations are taken into account for connectivity
   provisioning services:

   *  A copy of the Requested/Offered CPD is included by the server if
      it successfully handled a CANCEL message.

   *  A copy of the Updated CPD is included by the server if it
      successfully handled an UPDATE message.

   *  A copy of the Offered CPD is included by the server if it
      successfully handled an ACCEPT message in the context of a
      QUOTATION transaction (refer to "Accepted CPD" in Section 8.7).

   *  An Empty CPD is included by the server if it successfully handled
      a DECLINE or WITHDRAW message.

   A client may issue an ACK message as a response to a time extension
   request (conveyed in PROCESSING) received from the server.  In such
   case, the ACK message must include an EXPECTED_RESPONSE_TIME that is
   likely to be set to the time extension requested by the server.

9.2.7.  CANCEL

   The format of the CANCEL message is shown below:

   <CANCEL Message> ::= <VERSION>
                        <METHOD_CODE>
                        <SEQUENCE_NUMBER>
                        <TRANSACTION_ID>
                        <CUSTOMER_ORDER_IDENTIFIER>
                        [<CPD>]

   The client can issue a CANCEL message at any stage during the CPNP
   negotiation process before an agreement is reached.  The
   CUSTOMER_ORDER_IDENTIFIER and TRANSACTION_ID are used by the server
   as keys to find the corresponding order.  If a quotation order
   matches, the server changes the state of this quotation order to
   "Cancelled" and then returns an ACK with a copy of the Requested CPD
   to the requesting client.

   If no quotation order is found, the server returns a FAIL message to
   the requesting client.

9.2.8.  WITHDRAW

   The format of the WITHDRAW message is shown below:

   <WITHDRAW Message> ::= <VERSION>
                          <METHOD_CODE>
                          <SEQUENCE_NUMBER>
                          <TRANSACTION_ID>
                          <CUSTOMER_ORDER_IDENTIFIER>
                          <PROVIDER_ORDER_IDENTIFIER>
                          <NONCE>
                          [<ACCEPTED_CPD>]
                          [<INFORMATION_ELEMENT>...]

   This message is used to withdraw an offer already accepted by the
   Customer.  Figure 14 shows a typical usage of this message.

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |============WITHDRAW(CPD)===========>|
                 |<============PROCESSING==============|
                 |<===========ACK(Empty CPD)===========|
                 |                                     |

                      Figure 14: WITHDRAW Flow Example

   The WITHDRAW message must include the same CUSTOMER_ORDER_IDENTIFIER,
   PROVIDER_ORDER_IDENTIFIER, and NONCE as those used when creating the
   order.

   Upon receipt of a WITHDRAW message, the server checks whether an
   order matching the request is found.  If an order is found, the state
   of the order is changed to "Cancelled", and an ACK message including
   an Empty CPD is returned to the requesting client.  If no order is
   found, the server returns a FAIL message to the requesting client.

9.2.9.  UPDATE

   The format of the UPDATE message is shown below:

   <UPDATE Message> ::= <VERSION>
                        <METHOD_CODE>
                        <SEQUENCE_NUMBER>
                        <TRANSACTION_ID>
                        <CUSTOMER_ORDER_IDENTIFIER>
                        <PROVIDER_ORDER_IDENTIFIER>
                        <NONCE>
                        <EXPECTED_RESPONSE_TIME>
                        <REQUESTED_CPD>
                        [<INFORMATION_ELEMENT>...]

   This message is sent by the CPNP client to update an existing service
   agreement (e.g., Accepted CPD).  The UPDATE message must include the
   same CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, and NONCE
   as those used when creating the order.  The CPNP client includes a
   new service description (e.g., Updated CPD) that integrates the
   requested modifications.  A new Transaction_ID must be assigned by
   the client.

   Upon receipt of an UPDATE message, the server checks whether an
   order, having state "Completed", matches CUSTOMER_ORDER_IDENTIFIER,
   PROVIDER_ORDER_IDENTIFIER, and NONCE.

   *  If no order is found, the CPNP server generates a FAIL error with
      the appropriate error code (Section 9.2.10).

   *  If an order is found, the server checks whether it can honor the
      request:

      -  A FAIL message is sent to the client if the server cannot honor
         the request.  The client may initiate a new PQO negotiation
         cycle (that is, send a new UPDATE message).

      -  An OFFER message including the updated clauses (e.g., Updated
         CPD) is sent to the client.  For example, the server maintains
         an order for provisioning a VPN service that connects sites A,
         B, and C.  If the client sends an UPDATE message to remove site
         C, only sites A and B will be included in the OFFER sent by the
         server to the requesting client.

         Note that the cycle that is triggered by an UPDATE message is
         also considered to be a negotiation cycle.

   A flow chart that illustrates the use of UPDATE operation is shown in
   Figure 15.

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |=========UPDATE(Requested CPD)======>|
                 |<============PROCESSING==============|
                 |<=========OFFER(Updated CPD)=========|
                 |=============PROCESSING=============>|
                 |==========ACCEPT(Updated CPD)=======>|
                 |<==========ACK(Updated CPD)==========|
                 |                                     |

                       Figure 15: UPDATE Flow Example

9.2.10.  FAIL

   The format of the FAIL message is shown below:

   <FAIL Message> ::=  <VERSION>
                       <METHOD_CODE>
                       <SEQUENCE_NUMBER>
                       <TRANSACTION_ID>
                       <CUSTOMER_ORDER_IDENTIFIER>
                       <PROVIDER_ORDER_IDENTIFIER>
                       <STATUS_CODE>

   This message is sent in the following cases:

   *  The server cannot honor an order received from the client (i.e.,
      received in a QUOTATION or UPDATE request).

   *  The server encounters an error when processing a CPNP request
      received from the client.

   *  The client cannot grant more time to the server.  This is a
      response to a time extension request carried in a PROCESSING
      message.

   The status code indicates the error code.  The following codes are
   supported:

    +========+==================+=====================================+
    | Status | Error Code       | Description                         |
    | Code   |                  |                                     |
    +========+==================+=====================================+
    | 1      | Message          | The message cannot be validated     |
    |        | Validation Error | (see Section 10).                   |
    +--------+------------------+-------------------------------------+
    | 2      | Authentication   | The request cannot be handled       |
    |        | Required         | because authentication is required. |
    +--------+------------------+-------------------------------------+
    | 3      | Authorization    | The request cannot be handled       |
    |        | Failed           | because authorization failed.       |
    +--------+------------------+-------------------------------------+
    | 4      | Administratively | The request cannot be handled       |
    |        | prohibited       | because of administrative policies. |
    +--------+------------------+-------------------------------------+
    | 5      | Out of Resources | The request cannot be honored       |
    |        |                  | because resources (e.g., capacity)  |
    |        |                  | are insufficient.                   |
    +--------+------------------+-------------------------------------+
    | 6      | Network Presence | The request cannot be honored       |
    |        | Error            | because there is no network         |
    |        |                  | presence.                           |
    +--------+------------------+-------------------------------------+
    | 7      | More Time        | The request to extend the time for  |
    |        | Rejected         | negotiation is rejected by the      |
    |        |                  | client.                             |
    +--------+------------------+-------------------------------------+
    | 8      | Unsupported      | The request cannot be handled       |
    |        | Activation Type  | because the requested activation    |
    |        |                  | type is not supported.              |
    +--------+------------------+-------------------------------------+

                     Table 4: FAIL Message Error Codes

9.2.11.  ACTIVATE

   The format of the ACTIVATE message is shown below:

   <ACTIVATE Message> ::= <VERSION>
                          <METHOD_CODE>
                          <SEQUENCE_NUMBER>
                          <TRANSACTION_ID>
                          <CUSTOMER_ORDER_IDENTIFIER>
                          <PROVIDER_ORDER_IDENTIFIER>
                          <NONCE>
                          <ACTIVATION_SCHEDULE>
                          [<INFORMATION_ELEMENT>...]

   This message is sent by the CPNP client to request the activation of
   an existing service agreement.  The message must include the same
   CUSTOMER_ORDER_IDENTIFIER, PROVIDER_ORDER_IDENTIFIER, and NONCE as
   those used when creating the order.  The CPNP client may include a
   schedule target for activating this order.  A new Transaction_ID must
   be assigned by the client.

   Upon receipt of an ACTIVATE message, the server checks whether an
   order, having state "Completed", matches CUSTOMER_ORDER_IDENTIFIER,
   PROVIDER_ORDER_IDENTIFIER, and NONCE.

   *  If no completed order is found, the CPNP server generates a FAIL
      error with the appropriate error code (Section 9.2.10).

   *  If an order is found, the server checks whether it can honor the
      request:

      -  A FAIL message is sent to the client if the server cannot honor
         the request (e.g., out of resources or explicit activation
         wasn't negotiated with this client).

      -  An ACK is sent to the client to confirm that the immediate
         activation (or deactivation) of the order or its successful
         scheduling if a non-null ACTIVATION_SCHEDULE was included in
         the request.  Note that setting ACTIVATION_SCHEDULE to 0 in an
         ACTIVATE request has a special meaning: it is used to request a
         deactivation of an accepted order.

   Figure 16 illustrates the use of the ACTIVATE operation.

              +------+                              +------+
              |Client|                              |Server|
              +------+                              +------+
                 |================ACTIVATE()==========>|
                 |<==============ACK()=================|
                 |                                     |

                      Figure 16: ACTIVATE Flow Example

10.  CPNP Message Validation

   Both the client and the server proceed with CPNP message validation.
   The following tables summarize the validation checks to be followed.

10.1.  On the Client Side

   +==============+==================================================+
   | Operation    | Validation Checks                                |
   +==============+==================================================+
   | PROCESSING   | {Source IP address, source port number,          |
   |              | destination IP address, destination port number, |
   |              | Transaction-ID, Customer Order Identifier} must  |
   |              | match an existing PQO with a state set to        |
   |              | "PQOSent".  The sequence number carried in the   |
   |              | packet must be larger than the sequence number   |
   |              | maintained by the client.                        |
   +--------------+--------------------------------------------------+
   | OFFER        | {Source IP address, source port number,          |
   |              | destination IP address, destination port number, |
   |              | Transaction-ID, Customer Order Identifier} must  |
   |              | match an existing order with state set to        |
   |              | "PQOSent", or {Source IP address, source port    |
   |              | number, destination IP address, destination port |
   |              | number, Transaction-ID, Customer Order           |
   |              | Identifier, Provider Order Identifier} must      |
   |              | match an existing order with a state set to      |
   |              | "ServerProcessing".  The sequence number carried |
   |              | in the packet must be larger than the sequence   |
   |              | number maintained by the client.                 |
   +--------------+--------------------------------------------------+
   | ACK          | {Source IP address, source port number,          |
   | (QUOTATION   | destination IP address, destination port number, |
   | Transaction) | Transaction-ID, Customer Order Identifier,       |
   |              | Provider Order Identifier, Offered Connectivity  |
   |              | Provisioning Document} must match an order with  |
   |              | a state set to "AcceptSent".  The sequence       |
   |              | number carried in the packet must be larger than |
   |              | the sequence number maintained by the client.    |
   +--------------+--------------------------------------------------+
   | ACK (UPDATE  | {Source IP address, source port number,          |
   | Transaction) | destination IP address, destination port number, |
   |              | Transaction-ID, Customer Order Identifier,       |
   |              | Provider Order Identifier, Updated Connectivity  |
   |              | Provisioning Document} must match an order with  |
   |              | a state set to "AcceptSent".  The sequence       |
   |              | number carried in the packet must be larger than |
   |              | the sequence number maintained by the client.    |
   +--------------+--------------------------------------------------+
   | ACK          | {Source IP address, source port number,          |
   | (WITHDRAW    | destination IP address, destination port number, |
   | Transaction) | Transaction-ID, Customer Order Identifier,       |
   |              | Provider Order Identifier, Empty Connectivity    |
   |              | Provisioning Document} must match an order with  |
   |              | a state set to "Cancelled".  The sequence number |
   |              | carried in the packet must be larger than the    |
   |              | sequence number maintained by the client.        |
   +--------------+--------------------------------------------------+

                  Table 5: Client Side Validation Checks

10.2.  On the Server Side

   +============+==================================================+
   | Method     | Validation Checks                                |
   +============+==================================================+
   | QUOTATION  | The source IP address passes existing access     |
   |            | filters (if any).  The sequence number carried   |
   |            | in the packet must not be lower than the         |
   |            | sequence number maintained by the server.        |
   +------------+--------------------------------------------------+
   | PROCESSING | The sequence number carried in the packet must   |
   |            | be greater than the sequence number maintained   |
   |            | by the server.                                   |
   +------------+--------------------------------------------------+
   | CANCEL     | {Source IP address, source port number,          |
   |            | destination IP address, destination port number, |
   |            | Transaction-ID, Customer Order Identifier} must  |
   |            | match an order with state set to "PQOReceived"   |
   |            | or "OfferProposed" or "ProcessingReceived" or    |
   |            | "AcceptReceived".  The sequence number carried   |
   |            | in the packet must be greater than the sequence  |
   |            | number maintained by the server.                 |
   +------------+--------------------------------------------------+
   | ACCEPT     | {Source IP address, source port number,          |
   |            | destination IP address, destination port number, |
   |            | Transaction-ID, Customer Order Identifier,       |
   |            | Provider Order Identifier, Nonce, Offered        |
   |            | Connectivity Provisioning Document} must match   |
   |            | an order with state set to "OfferProposed" or    |
   |            | "ProcessingReceived".  The sequence number       |
   |            | carried in the packet must be greater than the   |
   |            | sequence number maintained by the server.        |
   +------------+--------------------------------------------------+
   | FAIL       | {Source IP address, source port number,          |
   |            | destination IP address, destination port number, |
   |            | Transaction-ID, Customer Order Identifier,       |
   |            | Provider Order Identifier} must match an order   |
   |            | with state set to "AwaitingProcessing" and for   |
   |            | which a request to grant more time to process an |
   |            | offer was requested.  The sequence number        |
   |            | carried in the packet must be greater than the   |
   |            | sequence number maintained by the server.        |
   +------------+--------------------------------------------------+
   | DECLINE    | {Source IP address, source port number,          |
   |            | destination IP address, destination port number, |
   |            | Transaction-ID, Customer Order Identifier,       |
   |            | Provider Order Identifier, Nonce} must match an  |
   |            | order with state set to "OfferProposed" or       |
   |            | "ProcessingReceived".  The sequence number       |
   |            | carried in the packet must be greater than the   |
   |            | sequence number maintained by the server.        |
   +------------+--------------------------------------------------+
   | UPDATE     | The source IP address passes existing access     |
   |            | filters (if any), and {Customer Order            |
   |            | Identifier, Provider Order Identifier, Nonce}    |
   |            | must match an existing order with state          |
   |            | "Completed".                                     |
   +------------+--------------------------------------------------+
   | WITHDRAW   | The source IP address passes existing access     |
   |            | filters (if any), and {Customer Order            |
   |            | Identifier, Provider Order Identifier, Nonce}    |
   |            | must match an existing order with state          |
   |            | "Completed".                                     |
   +------------+--------------------------------------------------+
   | ACTIVATE   | The source IP address passes existing access     |
   |            | filters (if any), and {Customer Order            |
   |            | Identifier, Provider Order Identifier, Nonce}    |
   |            | must match an existing order with a state of     |
   |            | "Completed" and its activation procedure set to  |
   |            | explicit.                                        |
   +------------+--------------------------------------------------+

                 Table 6: Server Side Validation Checks

11.  Theory of Operation

   Both the CPNP client and server proceed with message validation
   checks as specified in Section 10.

11.1.  Client Behavior

11.1.1.  Order Negotiation Cycle

   To place a PQO, the client first initiates a local quotation order
   object identified by a unique identifier assigned by the client
   (Client Order Identifier).  The state of the quotation order is set
   to "Created".  The client then generates a QUOTATION request that
   includes the assigned identifier, possibly an expected response time,
   a Transaction-ID, and a requested service (e.g., Requested CPD).  The
   client may include additional Information Elements such as Customer
   Description or Negotiation Options.

   The client may be configured to not enforce negotiation checks on
   EXPECTED_OFFER_TIME; if so, the client should either not include the
   EXPECTED_RESPONSE_TIME attribute in the PQO or it should set the
   attribute to infinite.

   Once the request is sent to the server, the state of the request is
   set to "PQOSent", and if a response time is included in the quotation
   order, a timer is set to the expiration time as included in the
   QUOTATION request.  The client also maintains a copy of the CPNP
   session entry details used to generate the QUOTATION request.  The
   CPNP client must listen on the same port number that it used to send
   the QUOTATION request.

   If no answer is received from the server before the retransmission
   timer expires (i.e., RETRANS_TIMER, Section 8.5), the client
   retransmits the message until maximum retry is reached (e.g., three
   times).  The same sequence number is used for retransmitted packets.

   If a FAIL message is received, the client may decide to issue another
   (corrected) request towards the same server, cancel the local order,
   or contact another server.  The behavior of the client depends on the
   error code returned by the server in the FAIL message.

   If a PROCESSING message matching the CPNP session entry (Section 8.3)
   is received, the client updates the CPNP session entry with the
   PROVIDER_ORDER_IDENTIFIER information.  If the client does not accept
   the expected offer time that may have been indicated in the
   PROCESSING message, the client may decide to cancel the quotation
   order.  If the client accepts the EXPECTED_OFFER_TIME, it changes the
   state of the order to "ServerProcessing" and sets a timer to the
   value of EXPECTED_OFFER_TIME.  If no offer is made before the timer
   expires, the client changes the state of the order to "Cancelled".

   As a response to a time extension request (conveyed in a PROCESSING
   message that included a new EXPECTED_OFFER_TIME), the client may
   either grant this extension by issuing an ACK message or reject the
   time extension by issuing a FAIL message with a status code set to
   "More Time Rejected".

   If an OFFER message matching the CPNP session entry is received, the
   client checks if a PROCESSING message having the same
   PROVIDER_ORDER_IDENTIFIER has been received from the server.  If a
   PROCESSING message was already received for the same order, but the
   PROVIDER_ORDER_IDENTIFIER does not match the identifier included in
   the OFFER message, the client silently ignores the message.  If a
   PROCESSING message with the same PROVIDER_ORDER_IDENTIFIER was
   already received and matches the CPNP transaction identifier, the
   client changes the state of the order to "OfferReceived" and sets a
   timer to the value of VALIDITY_OFFER_TIME indicated in the OFFER
   message.

   If an offer is received from the server (i.e., as documented in an
   OFFER message), the client may accept or reject the offer.  The
   client accepts the offer by generating an ACCEPT message that
   confirms that the client agrees to subscribe to the offer documented
   in the OFFER message; the state of the order is passed to
   "AcceptSent".  The transaction is terminated if an ACK message is
   received from the server.  If no ACK is received from the server, the
   client proceeds with the retransmission of the ACCEPT message until
   the maximum retry is reached (Section 11.4).

   The client may also decide to reject the offer by sending a DECLINE
   message.  The state of the order is set by the client to "Cancelled".
   If an offer is not acceptable to the client, the client may decide to
   contact a new server or submit another order to the same server.
   Guidelines to issue an updated order or terminate the negotiation are
   specific to the client.

   An order can be activated (or deactivated) using the ACTIVATE message
   or other accepted activation means (Section 3.11 of [RFC7297]).

11.1.2.  Order Withdrawal Cycle

   A client may withdraw a completed order.  This is achieved by issuing
   a WITHDRAW message.  This message must include the Customer Order
   Identifier, Provider Order Identifier, and Nonce returned during the
   order negotiation cycle, as specified in Section 11.1.1.

   If no ACK is received from the server, the client proceeds with the
   retransmission of the message.  If no ACK is received after the
   maximum retry is exhausted, the client should log the information and
   must send an alarm to the administrator.  If there is no specific
   instruction from the administrator, the client should schedule
   another Withdrawal cycle.  The client must not retry this Withdrawal
   cycle more frequently than every 300 seconds and must not retry more
   frequently than every 60 seconds.

11.1.3.  Order Update Cycle

   A client may update a completed order.  This is achieved by issuing
   an UPDATE message.  This message must include the Customer Order
   Identifier, Provider Order Identifier, and Nonce returned during the
   order negotiation cycle specified in Section 11.1.1.  The client must
   include in the UPDATE message an Updated CPD with the requested
   changes.

   The subsequent message exchange is similar to what is documented in
   Section 11.1.1.

11.2.  Server Behavior

11.2.1.  Order Processing

   Upon receipt of a QUOTATION message from a client, the server sets a
   CPNP session, stores the Transaction-ID, and generates a Provider
   Order Identifier.  Once preliminary validation checks are completed
   (Section 10), the server may return a PROCESSING message to inform
   the client that the quotation order is received and it is under
   processing; the server may include an expected offer time to notify
   the client by when an offer will be proposed.  An order with state
   "AwaitingProcessing" is created by the server.  The server runs its
   decision-making process to decide which offer it can make to honor
   the received order.  The offer should be made before the expected
   offer time expires.

   If the server cannot make an offer, it sends backs a FAIL message
   with the appropriate error code (Section 9.2.10).

   If the server requires more negotiation time, it must send a
   PROCESSING message with a new EXPECTED_OFFER_TIME.  The client may
   grant this extension by issuing an ACK message or reject the time
   extension by issuing a FAIL message with the status code set to "More
   Time Rejected".  If the client doesn't grant more time, the server
   must answer before the initial expected offer time; otherwise, the
   client will decline the quotation order.

   If the server can honor the request, or if it can make an offer that
   meets only some of the requirements, it creates an OFFER message.
   The server must indicate the Transaction-ID, the Customer Order
   Identifier as indicated in the QUOTATION message, and the Provider
   Order Identifier generated for this order.  The server must also
   include the Nonce and the offered service document (e.g., Offered
   CPD).  The server includes an offer validity time as well.  Once sent
   to the client, the server changes the state of the order to
   "OfferProposed", and a timer set to the validity time is initiated.

   If the server determines that additional network resources from
   another Network Provider are needed to accommodate a quotation order,
   it will create child PQO(s) and will behave as a CPNP client to
   negotiate child PQO(s) with possible partnering Providers (see
   Figure 7).

   If no PROCESSING, ACCEPT, or DECLINE message is received before the
   expiry of the RETRANS_TIMER, the server resends the same offer to the
   client.  This procedure is repeated until maximum retry is reached.

   If an ACCEPT message is received before the offered validity time
   expires, the server proceeds with validation checks as specified in
   Section 10.  The state of the corresponding order is passed to
   "AcceptReceived".  The server sends back an ACK message to terminate
   the order processing cycle.

   If a CANCEL or a DECLINE message is received, the server proceeds
   with the cancellation of the order.  The state of the order is then
   passed to "Cancelled".

11.2.2.  Order Withdrawal

   A client may withdraw a completed order by issuing a WITHDRAW
   message.  Upon receipt of a WITHDRAW message, the server proceeds
   with the validation checks, as specified in Section 10:

   *  If the checks fail, a FAIL message is sent back to the client with
      the appropriate error code (e.g., 1 (Message Validation Error), 2
      (Authentication Required), or 3 (Authorization Failed)).

   *  If the checks succeed, the server clears the clauses of the CPD,
      changes the state of the order to "Cancelled", and sends back an
      ACK message with an Empty CPD.

11.2.3.  Order Update

   A client may update an order by issuing an UPDATE message.  Upon
   receipt of an UPDATE message, the server proceeds with the validation
   checks as specified in Section 10:

   *  If the checks fail, a FAIL message is sent back to the client with
      the appropriate error code (e.g., 1 (Message Validation Error), 2
      (Authentication Required), 3 (Authorization Failed), or 6 (Network
      Presence Error)).

   *  The exchange of subsequent messages is similar to what is
      specified in Section 11.1.1.  The server should generate a new
      Nonce value to be included in the offer made to the client.

11.3.  Sequence Numbers

   In each transaction, sequence numbers are used to protect the
   transaction against replay attacks.  Each communicating partner of
   the transaction maintains two sequence numbers, one for incoming
   packets and one for outgoing packets.  When a partner receives a
   message, it will check whether the sequence number in the message is
   larger than the incoming sequence number maintained locally.  If not,
   the message will be discarded.  If the message is proved to be
   legitimate, the value of the incoming sequence number maintained
   locally will be replaced by the value of the sequence number in the
   message.  When a partner sends out a message, it will insert the
   value of the outgoing sequence number into the message and increase
   the outgoing sequence number maintained locally by 1.

11.4.  Message Retransmission

   If a transaction partner sends out a message and does not receive any
   expected reply before the retransmission timer expires (i.e.,
   RETRANS_TIMER), a transaction partner will try to retransmit the
   message.  The procedure is reiterated until a maximum retry is
   reached (e.g., three times).  An exception is the last message (e.g.,
   ACK) sent from the server in a transaction.  After sending this
   message, the retransmission timer will be disabled since no
   additional feedback is expected.

   In addition, if the partner receives a retransmission of the last
   incoming packet it handled, the partner can resend the same answer to
   the incoming packet with a limited frequency.  If an answer cannot be
   generated right after the request is received, the partner needs to
   generate a PROCESSING message as the answer.

   To optimize message retransmission, a partner could also store the
   last incoming packet and the associated answer.  Note that the times
   of retransmission could be decided by the local policy, and
   retransmission will not cause any change of sequence numbers.

12.  Some Operational Guidelines

12.1.  CPNP Server Logging

   The CPNP server should be configurable to log various events and
   associated information.  Such information may include the following:

   *  Client's IP address

   *  Any event change (e.g., new quotation order, offer sent, order
      confirmation, order cancellation, order withdrawal, etc.)

   *  Timestamp

   The exact logging details are deployment specific.

12.2.  Business Guidelines and Objectives

   The CPNP server can operate in the following modes:

   Fully automated mode:
      The CPNP server is provisioned with a set of business guidelines
      and objectives that will be used as an input to the decision-
      making process.  The CPNP server will service received orders that
      fall into these business guidelines; otherwise, requests will be
      escalated to an administrator that will formally validate or
      invalidate an order request.  The set of policies to be configured
      to the CPNP server are specific to each administrative entity
      managing a CPNP server.

   Administrative-based mode:
      This mode assumes some or all of the CPNP server's operations are
      subject to a formal administrative validation.  CPNP events will
      trigger appropriate validation requests that will be forwarded to
      the contact person(s) or department that is responsible for
      validating the orders.  Administrative validation messages are
      relayed using another protocol (e.g., SMTP) or a dedicated tool.

   Business guidelines are local to each administrative entity.  How
   validation requests are presented to an administrator are out of
   scope of this document; each administrative entity may decide the
   appropriate mechanism to enable for that purpose.

13.  Security Considerations

   Means to defend the server against denial-of-service attacks must be
   enabled.  For example, access control lists can be enforced on the
   client, the server, or the network in between to allow a trusted
   client to communicate with a trusted server.

   The client and the server must be mutually authenticated.
   Authenticated encryption must be used for data confidentiality and
   message integrity.

   The protocol does not provide security mechanisms to protect the
   confidentiality and integrity of the packets transported between the
   client and the server.  An underlying security protocol such as
   (e.g., Datagram Transport Layer Security (DTLS) [RFC6347], Transport
   Layer Security (TLS) [RFC8446]) must be used to protect the integrity
   and confidentiality of protocol messages.  In this case, if it is
   possible to provide automated key management (Section 2.1 of
   [RFC4107]) and associate each transaction with a different key,
   inter-transaction replay attacks can naturally be addressed.  If the
   client and the server use a single key, an additional mechanism
   should be provided to protect against inter-transaction replay
   attacks between them.  Clients must implement DTLS record replay
   detection (Section 3.3 of [RFC6347]) or an equivalent mechanism to
   protect against replay attacks.

   DTLS and TLS with a cipher suite offering confidentiality protection
   and the guidance given in [RFC7525] must be followed to avoid attacks
   on (D)TLS.

   The client must silently discard CPNP responses received from unknown
   CPNP servers.  The use of a randomly generated Transaction-ID makes
   it hard to forge a response from a server with a spoofed IP address
   belonging to a legitimate CPNP server.  Furthermore, CPNP demands
   that messages from the server must include the correct identifiers of
   the orders.  Two order identifiers are used: one generated by the
   client and a second one generated by the server.  Both the CPNP
   client and server maintain the local identifier they assigned and the
   one assigned by the peer for a given order.  Means to detect swapping
   of these identifiers (even when such swapping occurs inadvertently at
   the client or the server) should be enabled by CPNP clients/servers.
   For example, the CPNP server should not assign a Provider agreement
   identifier that is equal to a Customer agreement identifier used by
   the CPNP client.

   The Provider must enforce the means to protect privacy-related
   information included in the documents (see Section 8.7) exchanged in
   CPNP messages [RFC6462].  In particular, this information must not be
   revealed to external parties without the consent of Customers.
   Providers should enforce policies to make Customer fingerprinting
   difficult to achieve (e.g., in a recursion request).  For more
   discussion about privacy, refer to [RFC6462] [RFC6973].

   The Nonce and the Transaction-ID attributes provide sufficient
   randomness and can effectively tolerate attacks raised by off-path
   adversaries, who do not have the capability of eavesdropping and
   intercepting the packets transported between the client and the
   server.  Only authorized clients must be able to modify accepted CPNP
   orders.  The use of a randomly generated Nonce by the server makes it
   hard to modify an agreement on behalf of a malicious third party.

14.  IANA Considerations

   This document has no IANA actions.

15.  References

15.1.  Normative References

   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
              <https://www.rfc-editor.org/info/rfc3339>.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              <https://www.rfc-editor.org/info/rfc4086>.

   [RFC5511]  Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax
              Used to Form Encoding Rules in Various Routing Protocol
              Specifications", RFC 5511, DOI 10.17487/RFC5511, April
              2009, <https://www.rfc-editor.org/info/rfc5511>.

   [RFC6347]  Rescorla, E. and N. Modadugu, "Datagram Transport Layer
              Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
              January 2012, <https://www.rfc-editor.org/info/rfc6347>.

   [RFC7297]  Boucadair, M., Jacquenet, C., and N. Wang, "IP
              Connectivity Provisioning Profile (CPP)", RFC 7297,
              DOI 10.17487/RFC7297, July 2014,
              <https://www.rfc-editor.org/info/rfc7297>.

   [RFC7525]  Sheffer, Y., Holz, R., and P. Saint-Andre,
              "Recommendations for Secure Use of Transport Layer
              Security (TLS) and Datagram Transport Layer Security
              (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
              2015, <https://www.rfc-editor.org/info/rfc7525>.

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/info/rfc8446>.

15.2.  Informative References

   [AGAVE]    Boucadair, M., Georgatsos, P., Wang, N., Griffin, D.,
              Pavlou, G., Howarth, M., and A. Elizondo, "The AGAVE
              Approach for Network Virtualization: Differentiated
              Services Delivery", Annals of Telecommunication, Volume
              64, 277-288, DOI 10.1007/s12243-009-0103-4, April 2009,
              <https://rd.springer.com/article/10.1007/
              s12243-009-0103-4>.

   [COPS-SLS] Nguyen, T., "COPS Usage for SLS negotiation (COPS-SLS)",
              Work in Progress, Internet-Draft, draft-nguyen-rap-cops-
              sls-03, 5 July 2002, <https://tools.ietf.org/html/draft-
              nguyen-rap-cops-sls-03>.

   [DSNP]     Chen, J., "Dynamic Service Negotiation Protocol (DSNP)",
              Work in Progress, Internet-Draft, draft-itsumo-dsnp-03, 2
              March 2006,
              <https://tools.ietf.org/html/draft-itsumo-dsnp-03>.

   [ETICS]    EU FP7 ETICS Project, "Economics and Technologies of
              Inter-Carrier Services", January 2014,
              <https://cordis.europa.eu/project/id/248567>.

   [L2VPN-NETWORK-YANG]
              Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
              Jalil, L., and J. Ma, "A Layer 2 VPN Network YANG Model",
              Work in Progress, Internet-Draft, draft-ietf-opsawg-l2nm-
              00, 2 July 2020,
              <https://tools.ietf.org/html/draft-ietf-opsawg-l2nm-00>.

   [L3VPN-NETWORK-YANG]
              Barguil, S., Dios, O. G. D., Boucadair, M., Munoz, L. A.,
              and A. Aguado, "A Layer 3 VPN Network YANG Model", Work in
              Progress, Internet-Draft, draft-ietf-opsawg-l3sm-l3nm-05,
              16 October 2020, <https://tools.ietf.org/html/draft-ietf-
              opsawg-l3sm-l3nm-05>.

   [LISP-MS-DISCOVERY]
              Boucadair, M. and C. Jacquenet, "LISP Mapping Service
              Discovery at Large", Work in Progress, Internet-Draft,
              draft-boucadair-lisp-idr-ms-discovery-01, 9 March 2016,
              <https://tools.ietf.org/html/draft-boucadair-lisp-idr-ms-
              discovery-01>.

   [NETSLICES-ARCH]
              Geng, L., Dong, J., Bryant, S., Makhijani, K., Galis, A.,
              Foy, X. D., and S. Kuklinski, "Network Slicing
              Architecture", Work in Progress, Internet-Draft, draft-
              geng-netslices-architecture-02, 3 July 2017,
              <https://tools.ietf.org/html/draft-geng-netslices-
              architecture-02>.

   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
              specifying the location of services (DNS SRV)", RFC 2782,
              DOI 10.17487/RFC2782, February 2000,
              <https://www.rfc-editor.org/info/rfc2782>.

   [RFC3084]  Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie,
              K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A.
              Smith, "COPS Usage for Policy Provisioning (COPS-PR)",
              RFC 3084, DOI 10.17487/RFC3084, March 2001,
              <https://www.rfc-editor.org/info/rfc3084>.

   [RFC4026]  Andersson, L. and T. Madsen, "Provider Provisioned Virtual
              Private Network (VPN) Terminology", RFC 4026,
              DOI 10.17487/RFC4026, March 2005,
              <https://www.rfc-editor.org/info/rfc4026>.

   [RFC4107]  Bellovin, S. and R. Housley, "Guidelines for Cryptographic
              Key Management", BCP 107, RFC 4107, DOI 10.17487/RFC4107,
              June 2005, <https://www.rfc-editor.org/info/rfc4107>.

   [RFC4176]  El Mghazli, Y., Ed., Nadeau, T., Boucadair, M., Chan, K.,
              and A. Gonguet, "Framework for Layer 3 Virtual Private
              Networks (L3VPN) Operations and Management", RFC 4176,
              DOI 10.17487/RFC4176, October 2005,
              <https://www.rfc-editor.org/info/rfc4176>.

   [RFC6125]  Saint-Andre, P. and J. Hodges, "Representation and
              Verification of Domain-Based Application Service Identity
              within Internet Public Key Infrastructure Using X.509
              (PKIX) Certificates in the Context of Transport Layer
              Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March
              2011, <https://www.rfc-editor.org/info/rfc6125>.

   [RFC6241]  Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
              and A. Bierman, Ed., "Network Configuration Protocol
              (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
              <https://www.rfc-editor.org/info/rfc6241>.

   [RFC6462]  Cooper, A., "Report from the Internet Privacy Workshop",
              RFC 6462, DOI 10.17487/RFC6462, January 2012,
              <https://www.rfc-editor.org/info/rfc6462>.

   [RFC6574]  Tschofenig, H. and J. Arkko, "Report from the Smart Object
              Workshop", RFC 6574, DOI 10.17487/RFC6574, April 2012,
              <https://www.rfc-editor.org/info/rfc6574>.

   [RFC6770]  Bertrand, G., Ed., Stephan, E., Burbridge, T., Eardley,
              P., Ma, K., and G. Watson, "Use Cases for Content Delivery
              Network Interconnection", RFC 6770, DOI 10.17487/RFC6770,
              November 2012, <https://www.rfc-editor.org/info/rfc6770>.

   [RFC6793]  Vohra, Q. and E. Chen, "BGP Support for Four-Octet
              Autonomous System (AS) Number Space", RFC 6793,
              DOI 10.17487/RFC6793, December 2012,
              <https://www.rfc-editor.org/info/rfc6793>.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              <https://www.rfc-editor.org/info/rfc6830>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,
              <https://www.rfc-editor.org/info/rfc6973>.

   [RFC7049]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
              October 2013, <https://www.rfc-editor.org/info/rfc7049>.

   [RFC7149]  Boucadair, M. and C. Jacquenet, "Software-Defined
              Networking: A Perspective from within a Service Provider
              Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014,
              <https://www.rfc-editor.org/info/rfc7149>.

   [RFC7215]  Jakab, L., Cabellos-Aparicio, A., Coras, F., Domingo-
              Pascual, J., and D. Lewis, "Locator/Identifier Separation
              Protocol (LISP) Network Element Deployment
              Considerations", RFC 7215, DOI 10.17487/RFC7215, April
              2014, <https://www.rfc-editor.org/info/rfc7215>.

   [RFC7491]  King, D. and A. Farrel, "A PCE-Based Architecture for
              Application-Based Network Operations", RFC 7491,
              DOI 10.17487/RFC7491, March 2015,
              <https://www.rfc-editor.org/info/rfc7491>.

   [RFC8040]  Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
              Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
              <https://www.rfc-editor.org/info/rfc8040>.

   [RFC8259]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", STD 90, RFC 8259,
              DOI 10.17487/RFC8259, December 2017,
              <https://www.rfc-editor.org/info/rfc8259>.

   [RFC8299]  Wu, Q., Ed., Litkowski, S., Tomotaki, L., and K. Ogaki,
              "YANG Data Model for L3VPN Service Delivery", RFC 8299,
              DOI 10.17487/RFC8299, January 2018,
              <https://www.rfc-editor.org/info/rfc8299>.

   [RFC8309]  Wu, Q., Liu, W., and A. Farrel, "Service Models
              Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018,
              <https://www.rfc-editor.org/info/rfc8309>.

   [RFC8329]  Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
              Kumar, "Framework for Interface to Network Security
              Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
              <https://www.rfc-editor.org/info/rfc8329>.

   [RFC8466]  Wen, B., Fioccola, G., Ed., Xie, C., and L. Jalil, "A YANG
              Data Model for Layer 2 Virtual Private Network (L2VPN)
              Service Delivery", RFC 8466, DOI 10.17487/RFC8466, October
              2018, <https://www.rfc-editor.org/info/rfc8466>.

   [RFC8597]  Contreras, LM., Bernardos, CJ., Lopez, D., Boucadair, M.,
              and P. Iovanna, "Cooperating Layered Architecture for
              Software-Defined Networking (CLAS)", RFC 8597,
              DOI 10.17487/RFC8597, May 2019,
              <https://www.rfc-editor.org/info/rfc8597>.

   [RNAP]     Wang, X., "A Resource Negotiation and Pricing Protocol
              (RNAP)",
              <http://www.cs.columbia.edu/~xinwang/public/projects/
              protocol.html>.

   [SNAP]     Czajkowski, K., Foster, I., Kesselman, C., Sander, V., and
              S. Tuecke, "SNAP: A Protocol for Negotiating Service Level
              Agreements and Coordinating Resource Management in
              Distributed Systems", DOI 10.1.1.19.5907, 2002,
              <http://citeseerx.ist.psu.edu/viewdoc/
              summary?doi=10.1.1.19.5907>.

   [SrNP]     Georgatsos, P. and G. Giannakopoulos, "Service Negotiation
              Protocol (SrNP)", <https://www.ist-
              tequila.org/presentations/srnp-pipcm.pdf>.

   [TEAS-SLICE-NBI]
              Contreras, L. M., Homma, S., and J. A. Ordonez-Lucena,
              "Considerations for defining a Transport Slice NBI", Work
              in Progress, Internet-Draft, draft-contreras-teas-slice-
              nbi-02, 13 July 2020, <https://tools.ietf.org/html/draft-
              contreras-teas-slice-nbi-02>.

Acknowledgements

   Thanks to Diego R. Lopez, Adrian Farrel, Éric Vyncke, Eric Kline, and
   Benjamin Kaduk for the comments.

   Thanks to those that reviewed this document for publication in the
   Independent Stream.

   Special thanks to Luis Miguel Contreras Murillo for the detailed
   review.

Authors' Addresses

   Mohamed Boucadair (editor)
   Orange
   35000 Rennes
   France

   Email: mohamed.boucadair@orange.com

   Christian Jacquenet
   Orange
   35000 Rennes
   France

   Email: christian.jacquenet@orange.com

   Dacheng Zhang
   Huawei Technologies

   Email: dacheng.zhang@huawei.com

   Panos Georgatsos
   Centre for Research and Innovation Hellas
   78, Filikis Etairias str.
   38334 Volos
   Greece

   Phone: +302421306070
   Email: pgeorgat@gmail.com