ATIS 1000046
Data Border Functions and Requirements
| Organization: | ATIS |
| Publication Date: | 1 August 2011 |
| Status: | active |
| Page Count: | 29 |
scope:
This TR defines the DBF and the DBF requirements that are required to be performed within a Service Provider's network. The functions to be performed depend on the interface supported.
The following interfaces are supported from a Service Provider's network:
• To an Access Network
• To an Application Network
• To an Enterprise Network
• To a Residential Customer Network
• To a Transit Network
• To another Service Provider's Network
This TR defines the DBF and requirements for the above interface types. The physical realization of the functions will vary depending on implementations and deployments. The unification of these functions within a Data Border Element (DBE) and/or distribution of these functions over a number of DBEs will depend on scale, operational needs, and application needs.
The functions of the DBF include (but are not limited to):
• Protocol Inspection: Inspect incoming messages for supported protocols.
• Intrusion Detection/Protection
• Stateful Firewall: Provide a stateful firewall capability.
• Authentication: Provide authentication of connections before traffic is allowed into the trusted Data Network infrastructure.
• Proxy: Proxy all traffic to elements in the Trusted Domain.
• Network Address Translation (NAT): Provide a NAT capability.
• Traffic Policy Enforcement: Limit excessive request volumes and excessive packet traffic.
• Security Monitoring: Monitor for unexpected, errored, and unauthorized messages, and respond appropriately for these messages.
• Denial of Service (DoS) Attack Mitigation: Provide functionality to mitigate DoS attacks.
• Data Session Admission Control: Provide admission control for selected data traffic.
• DSCP Packet Marking: Ensure packets have the correct DSCP markings.
The main sections of the document are:
• Section 6 (Deployment) defines logical relationships between elements in the trusted and untrusted network domains.
• Section 7 (DBF Functions) defines the functions of the DBF in detail.
• Section 8 (DBF Requirements) defines the detailed requirements on the functions independent of the physical realization.
• Section 9 (Composition) of DBF describes implementation options.
• Appendix A (Mapping to ATIS NGN Architecture) identifies the architecture functional entities that perform DBF functions.
Document History
