Network Tokens A DPI-alternative to deploy network services ONF - - PowerPoint PPT Presentation
Network Tokens A DPI-alternative to deploy network services ONF Spotlight: 5G Transformation with Open Source Yiannis Yiakoumis, Co-Founder & CEO, Selfie Networks Work with Nick McKeown (Stanford), Frode Sorensen (NKOM)
Network Tokens
A DPI-alternative to deploy network services
ONF Spotlight: 5G Transformation with Open Source Yiannis Yiakoumis, Co-Founder & CEO, Selfie Networks
Work with Nick McKeown (Stanford), Frode Sorensen (NKOM)
https://networktokens.org | yiannis@selfienetworks.com
Overview
2
Network Services are at a tipping point
$0
2010 2020 bandwidth zero-rating 5G slicing
no demand market validation technology sucks market growth technology…?
IoT, entertainment, enterprise 2025
[*] GSMA Network Slicing Usecase Requirements
Network Services are at a tipping point
$0 $2B
2010 2020 bandwidth zero-rating 5G slicing
no demand market validation technology sucks market growth technology…?
IoT, entertainment, enterprise 2025
Network Services are at a tipping point
$0 $2B
2010 2020 bandwidth zero-rating 5G slicing
no demand market validation technology sucks market growth technology…? $300B*
IoT, entertainment, enterprise 2025
[*] GSMA Network Slicing Usecase Requirements
DPI/traffic classification can’t support expected growth Low Level Mechanism 5QI, DiffServ, QCI, bearers High-level Policy / Enforcement Traffic Classification / DPI (application signatures) Onboarding is hard Poor adoption Expensive High overhead In conflict with encryption, privacy, net neutrality
DPI/traffic classification can’t support expected growth
Each datapath service can be a $100M+ opportunity. Exposing them through DPI means:
15%
success rate
9+ months
time
100+
integrations
Can we do any better?
How can we expose and access traffic differentiation services in a way that ... 1. is easy for operators to deploy and operate 2. is easy for end-users and app providers to access 3. Works with privacy and net neutrality 4. works with encryption and modern infrastructure (ESNI, multi-cloud, 3rd-party APIs)
8
Traffic Classification / DPI → Access Management
Network Tokens
» Explicit and secure coordination between end-users/apps and the network » They replace heuristics and application signatures/DPI with deterministic mechanism » Heavily influenced by Json Web Tokens (JWT), access tokens, and OAUTH2 workflows
10
Network Tokens
11
Network Tokens Tokens are policy agnostic. Policy dictated by token distribution, crypto functions, E2E workflows
12
Sample workflow: user-centric, application-agnostic tokens
13
Sample workflow: user-centric, application-agnostic tokens
14
Application asks user-permission to access premium network quality service
1
Sample workflow: user-centric, application-agnostic tokens
15
Application asks user-permission to access premium network quality service
1
Client agent fetches premium quality token with user’s credentials
2
Sample workflow: user-centric, application-agnostic tokens
16
Application asks user-permission to access premium network quality service
1
Client agent fetches premium quality token with user’s credentials
2
Application attaches token to flows of interest
3
Sample workflow: user-centric, application-agnostic tokens
17
Application asks user-permission to access premium network quality service
1
Client agent fetches premium quality token with user’s credentials
2
Application attaches token to flows of interest
3
Network detects tokens and provides service
4
DEMO
Premium network quality for video calls
DEMO
1000+ apps Manual, expensive, error-prone privacy-invasive, no user control Proprietary app signatures Current Status with DPI
Simple, fast, stable dataplane Automated and self-serve control logic User-centric, application driven, application-agnostic, multi-network How it works with Network Tokens
Network Tokens: Standardization and Open-Source
○ Apache 2 License ○ Integrated or stand-alone ○ Integrated with ONFs OMEC
○ Integrate through existing 4G/5G TDF interfaces (Gy, Gw, Sd, …)
22
Access Management Ecosystem
ID access mgmt Low-level mechanism JWT, ID & access tokens Workflows SSO, OAUTH2, scopes/permissions Solutions Okta, Auth0, IBM, Microsoft, ...
Open-Source Standards Open-Source Proprietary
Access Management Ecosystem
ID access mgmt Network access mgmt Low-level mechanism JWT, ID & access tokens Network Tokens Workflows SSO, OAUTH2, scopes/permissions User Centric, App Centric, Custom, Multi-network Solutions Okta, Auth0, IBM, Microsoft, ... , ...
Open-Source Standards Open-Source Proprietary
Get Involved!
» https://networktokens.org | network-tokens@ietf.org » https://github.com/network-tokens » Try it with ONF’s infrastructure Thank you! yiannis@selfienetworks.com
25
Get involved!
https://networktokens.org
yiannis@selfienetworks.com
Appendix
priority + low latency Application + Driver + OS VoLTE Control Plane priority + low latency ⇅ LTE Bearer Network Core QoS 5G slicing Premium Network Quality tailored for voice and video
Net Neutrality Controversy and consensus
Traffic differentiation is controversial, but there is common ground and consensus on specific use cases. QoS: User-centric, application-agnostic, privacy-aware Zero-Rating: Category-based, inclusive, money-free agreements Enterprise/Firewall Whitelist: do what you want
29