| Internet-Draft | Intent Translation Engine | October 2025 |
| Martinez-Julia, et al. | Expires 23 April 2026 | [Page] |
This document specifies the schemas and models required to realize the data formats and interfaces for Intent-Based Networking (IBN). They are needed to enable the composition of services to build a translation engine for IBN-based network management. This intent translation engine (called an intent translator) is an essential function for network intents to be enforced into a target network for the configuration and management of the network and its security.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 23 April 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The increased difficulty to define management goals and policies enforced to networks and security has raised the definition of Intent-Based Networking (IBN). It abstracts the definition of those goals and policies in the form of network intents.¶
An intent is a declarative statement to request a configuration or management for a network or security function [TS-28.312][TR-28.812]. It addresses more on "What" is needed (i.e., declarative statement) to be fulfilled than "How" it should be fulfilled (i.e., imperative statement).¶
For IBN to be properly realized, it is envisioned that many stakeholders would be involved in the translation of network intents to particular policies and configurations. Thus, there will be many components and services that would be composed to construct a solution to implement network intents.¶
This document specifies the schemas and models required to realize the data formats and interfaces for IBN-based network management. They are needed to enable the composition of services to build a translation engine for network intents, namely Intent Translation Engine (or Intent Translator).¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
This document specifies the required data formats and interfaces that MUST be implemented by the components of an Intent Translation Engine (ITE), that is, an Intent Translator. Therefore, this extends the Intent Classification in [RFC9316] and drives the implementation of the specifications REQUIRED to properly classify network intents.¶
The data formats required for enabling interaction between the ITE and network tenants are as follows:¶
[TF1] Schema---Resource Description Framework (RDF) ontology and YANG model---that must be used to format intents introduced in the ITE.¶
[TF2] Schema---RDF ontology and YANG model---that must be used to format declarations of intent semantics---namely, the set of concepts, relations, and ontologies that can be present in an intent.¶
The interfaces required for enabling interaction between the ITE and network tenants are as follows:¶
[TI1] Schema---RDF ontology and YANG model---that must be used by a tenant or other external entity to format and transmit an intent to the ITE.¶
[TI2] Schema---RDF ontology and YANG model---that must be used by an ITE to publish---via NETCONF and others---the intent semantics it supports. Particularly, the set of concepts, relations, and ontologies that can be used by tenants to define input intents.¶
This document will also specify the minimum set of semantics that must be supported by any ITE and discovered by the interactions described in this section.¶
The data formats required for enabling interaction between the ITE and network management systems are as follows:¶
[MF1] Schema---RDF ontology and YANG model---that must be used by a management system to format declarations of management mechanisms and by an ITE to format their compositions. This schema and model comprehends the definitions for both management information and commands. Hence, this schema follows the definitions of [RFC9232] to specify data formats for telemetry transmission.¶
The interfaces required for enabling interaction between the ITE and network management systems are as follows:¶
[MI1] Schema---RDF ontology and YANG model---that must be used by a management system to publish---via NETCONF and others---the management mechanisms it provides for being composed to implement policies and network services. This schema also follows the definitions of [RFC9232] to specify telemetry interactions.¶
This document will also specify the minimum set of management mechanisms that must be provided by a management system for proper intent support.¶
The data formats required for enabling interaction between the ITE and the Virtualized Infrastructure Manager (VIM) are as follows:¶
[VF1] Schema---RDF ontology and YANG model---that must be used to format declarations of network resources and Virtual Network Functions (VNFs).¶
[VF2] Schema---RDF ontology and YANG model---that must be used to format Network Service Descriptor (NSD) [OSM].¶
The interfaces required for enabling interaction between the ITE and the VIM are as follows:¶
[VI1] Schema---RDF ontology and YANG model---that must be used by a VIM to publish---via NETCONF and others---the network resources and Virtual Network Functions (VNFs) it provides.¶
This document will also specify the minimum set of network resources and VNFs that must be provided by a VIM for proper intent support.¶
The data formats required for enabling interaction between the ITE and external services are as follows:¶
[EF1] Schema---RDF ontology and YANG model---that must be used to format declarations of network intents, network resources, and VNFs. This schema will be used by elements that will use intents to interact with management systems, such as AINEMA [I-D.pedro-nmrg-ai-framework], which enables the ITE with Artificial Intelligence (AI) functions and which will express management decisions in terms of network intents, as shown in [TNSM-2018].¶
The interfaces required for enabling interaction between the ITE and external services are as follows:¶
[EI1] Schema---RDF ontology and YANG model---that must be used by an ITE allow external agents to provide network intents and retrieve information about available resources and VNFs.¶
The translation process begins with a network intent fully written in natural language and ends with a formal specification of network service. The output specification MUST include a definition of static elements and a definition of operational policies. The former consists of a formal document, such as NSD for OSM [OSM], which is written in a formal language, such as XML, JSON, or YAML, that describes the components involved in the network intent and their connections. The latter consists of a set of rules, goals, and operational boundaries, expressed in a formal language like OCL [OCL] or SWRL [SWRL].¶
The translation process SHOULD be divided in several stages. The following stages are RECOMMENDED:¶
Dividing the network intent expressed in natural language into several self-contained sentences.¶
Converting each sentence into a list of language tokens.¶
Extending language tokens with network concepts contained in a network ontology (and YANG model, explained below).¶
Organizing the tokens in a hierarchy of components---with a single outer most component, which is the network service, and as many inner most components as needed, which are the atomic elements---network functions, links, operating rules, etc.¶
Separating the token hierarchy into as many hierarchies as domains identified in the hierarchy itself.¶
Communicating each domain-specific hierarchy to the ITE agent that represents its corresponding domain---including a copy of the original intent if approved by policies.¶
Matching the token hierarchy with available resources, replacing language tokens with formal resource descriptions and identifiers.¶
Constructing a final structure that can be understood by the target system---such as NSD.¶
Registering the final structure into the IBN knowledge base.¶
These stages involve several interfaces and data formats. However, the most general interfaces can be fulfilled by NETCONF, as specified in the models below, and the data formats are flexible enough to support different internal structures, as also specified in the models detailed below.¶
When a network intent cannot be fully translated, the tenant must be somehow asked for further information and a new translation process will be launched. The new process will however start using the result of the previous process and the new information provided. The overall stages remain the same.¶
Future versions of this document will detail the particular procedures, interfaces, and models related to this situation.¶
The translation process REQUIRES communication between several domains to realize the translation of multi-domain network intents. Such communication abilities MUST be discoverable through NETCONF, involving the data models disclosed below.¶
The communication abilities MAY also be used to translate single-domain network intents. In this case, they take advantage of the collective knowledge of all agents involved in the process. This REQUIRES to canonically obtain a set of structures that will be processed separately from a network intent or an intermediate processing structure obtained by an intermediate stage of the process.¶
To ensure the canonical result, the separation of the network intent into such structures, and their assignation to domain agents, SHOULD be done through the following procedure:¶
If required by administrative policies of the agents that originate the separation process, the network intent or intermediate structure MUST be anonymized.¶
The network intent or intermediate structure is sent to all agents of the multi-domain platform.¶
Each agent evaluates its ability to advance the structure to a later state. For early stages, the agent evaluates its ability to tokenize and re-structure the requirements of the network intent. For later stages, the agent evaluates its ability to extend tokenized structures with network-oriented meta-data. For final stages, the agent evaluates its ability to transform enlarged tokenized structures into NSD for topology concepts and/or OCL or SWRL for policy concepts.¶
The result of the evaluation is sent back to the agent that originated the request. It is a number that represents the ability of the agent to manage the current structure.¶
The agent sorts the domains by the numbers contained in the answers into a list of agents-to-request.¶
The agent sends the structure to be processed to the first agent in the list of agents-to-request.¶
The receiving agent processes the input, obtains its output, and sens back its response to the requester agent.¶
The requester agents sends a new request to the next agent in the list of agents-to-request.¶
The process continues until all structures have been fully processed or all agents have been involved. If needed, a new round is done starting from the first step.¶
This procedure maximizes the processing outcomes while minimizing the amount of information shared among the agents, as demonstrated in [TBD].¶
Particular ITE interfaces are REQUIRED to perform the orchestration of network services. These interfaces expect network intents that only reference existing elements and operational goals. The translation process MUST support such particularity to be indicated, so that no new element instantiation are considered. In response to this indication, the agents that process the network intents and intermediate structures MUST only use the knowledge base that includes already-deployed elements. This applies to both the overall translation process and distributed processing.¶
Apart from the basic operations for intent translation, the orchestration interfaces MUST offer the following functions:¶
Instantiating a network service: Receives the resulting structure of the translation of network intents and constructs the network service by configuring and connecting the existing elements as specified in these structures.¶
TBD -- Additional orchestration functions will be gathered here.¶
The orchestration agents that form part of the distributed platform to support the distributed translation MUST also manage the instantiation of the resulting structures after translating the network intent.¶
In future version of this document we will add information models for the orchestration interfaces.¶
Agent configuration interface (RPC) definitions:¶
module agent-cai {
namespace "urn:ietf:params:xml:ns:yang:ietf-cai";
prefix cai;
import ietf-inet-types {
prefix "inet";
}
organization "NICT";
contact "Pedro Martinez-Julia (pedro@nict.go.jp)";
description "CAI -- Collaborative artificial intelligence";
revision 2024-04-25 {
description "Initial version";
reference "AINEMA";
}
container settings {
description "Settings";
leaf self {
type string;
description "";
}
leaf port {
type inet:port-number;
description "";
}
list agent {
key "name";
description "List of other agents";
leaf name {
type string;
description "Agent name";
}
leaf host {
type string;
description "Host";
}
leaf port {
type inet:port-number;
description "Port";
}
}
}
grouping knowledge-object {
description "Knowledge Object";
leaf source {
type string;
mandatory true;
description "";
}
list disjunction {
description "Conjunction of disjunctions";
leaf source {
type string;
mandatory true;
description "";
}
list literal {
min-elements 1;
description "Disjunction of literals";
leaf source {
type string;
mandatory true;
description "";
}
leaf object {
type string;
mandatory true;
description "";
}
leaf negated {
type boolean;
mandatory true;
description "";
}
}
}
}
container knowledge-base {
config false;
description "Knowledge Base";
container logic {
description "Logic Rules";
uses knowledge-object;
}
container regex {
description "Regular Expressions";
list item {
description "Regular Expressions Substitutions";
leaf pattern {
type string;
mandatory true;
description "";
}
leaf replacement {
type string;
mandatory true;
description "";
}
}
}
}
grouping knowledge-q {
description "Knowledge Question";
container object {
description "Input Object";
uses knowledge-object;
}
container goal {
description "Goal";
uses knowledge-object;
}
}
rpc achieve-goal {
description "Try to achieve goal from input object";
input {
uses knowledge-q;
}
output {
container output {
description "Output";
uses knowledge-object;
}
}
}
}¶
This document will specify an abstract algorithm that allows an ITE (i.e., intent translator) to obtain a set of network service definitions and the composition of management mechanisms that implements the required policies or rules from a set of inputs. The ITE can translate an intent into a network policy for a target network [I-D.jeong-nmrg-ibn-network-management-automation][I-D.yang-i2nsf-security-policy-translation].¶
The inputs are:¶
The intent provided by the tenant or some external agent.¶
A set of management mechanisms -- retrieved from some management system available.¶
A set of VNFs and network resources -- retrieved from some VIM.¶
The abstract algorithm helps obtaining validated network service definitions and management mechanism compositions which are valid for the available instantiation infrastructure.¶
TBD¶
This document does not require any IANA actions.¶
As with other AI mechanisms, a major security concern for the adoption of intelligent reasoning on external events to manage SDN/NFV systems is that the boundaries of the control and management planes are crossed to introduce information from outside. Such communications MUST be highly and heavily secured since some malfunction or explicit attacks might compromise the integrity and execution of the controlled system (i.e., target entity) such as router, switch, and firewall. However, it is up to implementers to deploy the necessary countermeasures to avoid such situations. From the design point of view, since all operations are performed within the control and/or management planes, the security level of reasoning solutions is inherited and thus determined by the security measures established by the systems conforming to such planes.¶
This work was supported in part by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea Ministry of Science and ICT (MSIT)(No. 2022-0-01015, Development of Candidate Element Technology for Intelligent 6G Mobile Core Network).¶
The following changes are made from draft-pedro-ite-01:¶