Concepts of Digital Twin
NetworkChina MobileBeijing100053Chinazhouchengyjy@chinamobile.comChina MobileBeijing100053Chinayanghongwei@chinamobile.comChina MobileBeijing100053Chinaduanxiaodong@chinamobile.comTelefonica I+DSevilleSpaindiego.r.lopez@telefonica.comTelefonica I+DMadridSpainantonio.pastorperales@telefonica.comHuawei101 Software Avenue, Yuhua DistrictNanjingJiangsu210012Chinabill.wu@huawei.comOrangeRennes 35000Francemohamed.boucadair@orange.comOrangeRennes 35000Francechristian.jacquenet@orange.com
Networking
Internet Research Task ForceDigtial Twin; Digital Twin Network; DTN; IBNDigital Twin technology has been seen as a rapid adoption technology
in Industry 4.0. The application of Digital Twin technology in the
telecommunications field is meant to realize efficient and intelligent
management and accelerate network innovation. This document presents an
overview of the concepts of Digital Twin Network (DTN), provides the
definition and DTN, and then describes the benefits and key challenges
of such technology.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
when, and only when,
they appear in all capitals, as shown here.With the advent of technologies such as 5G, Industrial Internet of
Things, Edge Computing, and Artificial Intelligence (AI), the ICT
industry and other vertical industries such as smart city or smart
manufacturers are transformed dramatically through replacing what is
used to be manual processes with digital processes.With the fast growing of the network scale and the increased demand
placed on the network driven by end user, accommodating and adapting
dynamically to customer needs becomes a big challenge to network
operators. Indeed, network operation and maintenance are becoming more
complex due to higher complexity of the managed network. As such,
providing innovations on network will be more and more difficult due to
the higher risk of network failure and higher trial cost if no reliable
emulation platforms are available.Digital Twin is the real-time representation of physical entities in
the digital world. It has the characteristics of virtual-reality
interrelation and real-time interaction, iterative operation and process
optimization, as well as full life-cycle, and full business data-driven.
At present, it has been successfully applied in the fields of
intelligent manufacturing, smart city, or complex system operation and
maintenance to help with not only object design
and test, but also operation and maintenance.A digital twin network platform can be built by applying Digital Twin
technology to network and creating virtual image of physical network
facilities (emulation). Through the real-time data interaction between
the physical network and its twin network, the digital twin network
platform might help the network designers to achieve more
simplification, automatic, resilient, and full life-cycle operation and
maintenance. Having an emulation platform that allows to reliably
represent the state of a network is more reliable than a simulation
platform. The emulated platform can thus be used to assess specific
behaviors before actual implementation in the physical network, tweak
the network for better optimized behavior, run ‘what-if’
scenarios that can’t be tested and evaluated easily in the
physical network.There is no standard definition of digital twin network in networking
industry or SDOs. This document attempts to define Digital Twin Network
as a virtual representation of the physical network. Such virtualized
representation of the network is meant to analyze, diagnose, emulate,
and control the physical network. To that aim, real-time and interactive
mapping is required between the between physical network and the virtual
twin network. Digital Twin Network may involve five key elements: data,
mapping, model, interface, and orchestration stack as shown in Figure 1.
Provide a unified data repository aggregated
from multiple data sources in the network, can be the single source
of the "truth" and provide timely and accurate data search
support.An abstract model that organizes elements
of data. Various data models such as YANG data models, database
models, or knowledge graph can be designed to represent the physical
network assets and flexibly trimmed or interwoven to serve various
network applications.Standardized interfaces include telemetry
interface between Network Digital Twin Platform and Physical Network
Infrastructure, data as a service interface between Network Digital
Twin Platform and Application and can effectively check the data
inconsistency and ensure compatibility and scalability of DTN
system.Different from the traditional network
simulation system, it provides real-time interactive mapping between
physical network and virtual twin network, which emulate the
behavior of a network by calculating the deviation between the
different network entities (routers, switches, nodes, access points,
links etc.) in the physical network and corresponding entities in
the virtual twin network.Two kind or orchestration are provided,
one is to controlling the DTN environment and its components to
derive the required behavior. The second is to deal with the dynamic
lifecycle management of these components. The second orchestration
provides repeatability (the capacity to replicate network conditions
on demand) and reproducibility (the ability to replay successions of
events, possibly under controlled variations).Digital Twin Networks can help enable closed-loop network management
across the entire lifecycle, from digital deployment and simulation, to
visualized assessment, physical deployment, and continuous verification.
In doing so, network operators (and end-users to some extent) can get a
global, systemic and consistent view of the network. Network operators
can also safely assess the enforcement of network planning policies,
deployment procedures, etc., without jeopardizing the daily operation of
the physical network. The benefits of DTN can be classified into: low
cost of network optimization, optimized and safer decision-making, safer
testing of innovative network capabilities (including "what if"
scenarios),Privacy and Regulatory Compliance and Customize Network
Operation Training. The following sections detail such benefits.Large scale networks are complex to operate. Since there is no
effective platform for simulation, network optimization designs have
to be tested on the physical network at the cost of jeopardizing its
daily operation and possibly degrading the quality of the services
supported by the network. Such assessment greatly increases network
operator's OpEX budgets too.With a Digital Twin Network platform, network operators can safely
emulate candidate optimization solutions before deploying them in the
physical network. In addition, the operator's OpEX on the real
physical network deployment will be greatly decreased accordingly at
the cost of the complexity of the assessment and the resources
involved.Traditional network operation and management mainly focus on
deploying and managing current services, but hardly support predictive
maintenance techniques.DTN can combine data acquisition, big data processing and AI
modeling to assess the status of the network, but also to predict
future trends, and better organize predictive maintenance. The DTN's
ability to reproduce network behaviors under various conditions
facilitates the corresponding assessment of the various evolution
options as often as required.Testing a new feature in an operational network is not only
complex: it's also extremely risky.DTNs can thus greatly help assessing innovative network
capabilities without jeopardizing the daily operation of the physical
network. In addition, it also helps researches explore network
innovation (e.g. new network protocols, network AI/ML applications,
etc.) efficiently, and network operators deploy new technologies
quickly with lower risks. Take AI/ ML application as example, it is a
conflict between the continuous high reliability requirement (i.e.,
99.999%) of network and the slow learning speed or phase-in learning
steps of AI/ML algorithms. With DTN platform, AI/ML can fully complete
the learning and training with the sufficient data before deploy the
model to the real network. This will greatly encourage more network AI
innovations in future network.The requirements on data confidentiality and privacy on network
service providers increase the complexity of network management, as
decisions made by computation logics such as a SDN controller may rely
upon the contents of payloads. As a result, the improvement of
data-driven management requires complementary techniques that can
provide a strict control based upon security mechanisms to guarantee
data privacy protection and regulatory compliance. Some examples of
these techniques include payload inspection, including de-encryption
user explicit consents, or data anonymization mechanisms.Given DTN operation assumes the mapping between real traffic or
services and the traffic used by the DTN for assessment purposes in
particular, the need for privacy is of the utmost importance. The lack
of personal data permits to lower the privacy requirements and
simplifies the use of privacy-preserving techniques.Network architectures can be complex, and their operation requires
expert personnel. DTN offers an opportunity to train staff for
customized networks and specific user needs. Two salient examples are
the application of new network architectures and protocols, or the use
of cyber-ranges to train security experts in the threat detection and
mitigation.So far, there is no reference or standard DTN architecture. Based on
the definition of the key DTN elements introduced in section 2, a DTN
architecture that relies upon three layers is depicted in Figure 2.
The lowest layer is Physical Network. All network elements in
physical network exchange massive network data and control with
network digital twin entity, via southbound interfaces.The Intermediate layer is the Network Digital Twin Entity, which
is the core of the DTN system. This layer includes three key
subsystems: Data Repository, Service Mapping Models and Digital Twin
Entity Management. Data Repository provides accurate and complete information
about the network and its components for building various
service models by collecting and updating the real-time
operational data of various network elements through the
southbound interface. In addition to data storage, the
Repository is also responsible for providing data search
services to the Service Mapping Models sub-system, including
fast retrieval, concurrent conflict, batch service, unified
interface, etc.Service Mapping Models completes data modellling, provides
data model instances for various network capabilities, and
maximizes the agility and programmability of network services.
The data models include two major types: basic models and
functional models. Basic Model refers to the network element model and
network topology model of the network digital twin entity
based on the basic configuration, environment information,
operational state, link topology and other information of
the network element, to complete the real-time accurate
description of the physical network.Functional model refers to various data models such as
network analysis, simulation, diagnosis, prediction,
assurance, etc. The functional models can be constructed and
expanded by multiple dimensions: by network type, there can
be models serving for a single or multiple network domains;
by function type, it can be divided into state monitoring,
traffic analysis, security exercise, fault diagnosis,
quality assurance and other models; it can also be divided
into general model and special-purpose model. Specifically,
multiple dimensions can be combined to create a data model
for more specific application scenarios.Digital Twin Entity Management completes the management
function of digital twin network, records the life-cycle of the
entity, visualizes and controls various elements of the network
digital twin, including topology management, model management
and security management.Top layer is Network Application. Various applications (e.g. OAM,
IBN, etc.) can effectively run over a Digital Twin Network platform
to implement either conventional or innovative network operations,
with low cost and less service impact on real networks. Network
applications raise requirements that need to be addressed by the
DTN. Such requirements are exchanged through a northbound interface;
then the service is emulated by various service model instances;
once checked, changes can be safely deployed in the physical
network.As mentioned in the above section, DTNs can bring many benefits to
network management as well as facilitate the introduction of innovative
network capabilities. However, building an effective and efficient DTN
system remains a challenge. The following is a list of the major
challenges. Large scale challenge: The digital twin entity of large-scale
networks will significantly increase the complexity of data
acquisition and storage, the design and implementation of models.
And the requirements of software and hardware of the system will be
even more constraining.Compatibility issue: It is difficult to establish a unified
digital twin platform with a unified data model in the whole network
domain due to the inconsistency of technical implementations and the
heterogeneity of vendor technologies.Data modeling difficulties: Based on large-scale network data,
data modeling should not only focus on ensuring the accuracy of
model functions, but also need to consider the flexibility and
scalability of the model. Balancing these requirements further
increase the complexity of building efficient and hierarchical
functional data models.Real-time requirement: For services with real-time requirements,
the processing of model simulation and verification through a DTN
system will increase the service delay, so the function and process
of the data model need to be based on automated processing mechanism
under various network application scenarios; at the same time, the
real-time requirements will further increase performance
requirements on the system software and hardware.Security risks: the DTN synchronizes all the data of physical
networks in real time, which inevitably augments the attack surface,
with a higher risk of information leakage in particular.To address these challenges, the Digital Twin Network needs
continuous optimization and breakthrough on key enabling technologies
including data acquisition, data storage, data modeling, network
visualization, interface standardization, and security assurance, so as
to meet the requirements of compatibility, reliability, real-time and
security.Implementing Intent-Based Networking (IBN) via DTN can be an example
to show how DTN improves the efficiency of deploying network innovation.
IBN is an innovative technology for life-cycle network management.
Future network will be possibly Intent-based, which means that users can
input their abstract 'intent' to the network, instead of detailed
policies or configurations on the network devices. clarifies the concept
of "Intent" and provides an overview of IBN functionalities. The key
characteristic of an IBN system is that user's intent can be assured
automatically via continuously adjusting the policies and validating the
real-time situation. To lower the impact on real network, several rounds
of adjustment and validation can be simulated on the DTN platform
instead of directly on physical network. Therefore, DTN can be an
important enabler platform to implement IBN system and speed up the
deployment of IBN in customer's network.Digital Twin Network can be applied to solve different problems in
network management and operation.The usual approach to network Operations, Administration, and
Maintenance (OAM) with procedures applied by humans is open to errors
in all these procedures, with impact in network availability and
resilience. Response procedures and actions for most relevant
operational requests and incidents are commonly defined to reduce
errors to a minimum. The progressive automation of these procedures,
such as predictive control or closed loop management, reduce the
faults and response time, but still there is the need of a human-in-
the-loop for multiples actions. These processes are not intuitive and
require training to learn how to respond. The use of DTN for this
purpose in different network management activities will improve the
operators performance. One common example is cybersecurity incident
handling, where cyber-range exercises are executed periodically to
train security practitioners. DTN will offer realistic environments,
fitted to the real production networks.Machine Learning requires data and their context to be available in
order to apply it. A common approach in the network management
environment has been to simulate or import data in a specific
environment (the ML developer lab), where they are used to train the
selected model, while later, when the model is deployed in production,
re-train or adjust to the production environment context. This demands
a specific adaption period. DTNs simplify the complete ML lifecycle
development by providing a realistic environment, including network
topologies, to generate the data required in a well-aligned context.
Dataset generated belongs to the DTN and not to the production
network, allowing information access by third parties, without
impacting data privacy.The potential application of CI/CD models network management
operations increases the risk associated to deployment of non-
validated updates, what conflicts with the goal of the certification
requirements applied by network service providers. A solution for
addressing these certification requirements is to verify the specific
impacts of updates on service assurance and SLAs using a DTN
environment replicating the network particularities, as a previous
step to production release. DTN orchestration capacities support the
dynamic mechanisms required by DevOps procedures.Network management dependency on programmability increases systems
complexity. The behavior of new protocol stacks, API parameters and
interactions among complex software components, are examples that
implies higher risk to errors or vulnerabilities in software and
configuration. DTN allows to apply fuzzing testing techniques on a
twin network environment, with interactions and conditions similar to
the production network, permitting to identify and solve
vulnerabilities, bugs and zero-days attacks before production
delivery.Research on Digital Twin Networks has just started. This document
presents an overview of the DTN concepts. Looking forward, further
elaboration on DTN scenarios, requirements, architecture and key
enabling technologies should be promoted by the industry, so as to
accelerate the implementation and deployment of DTNs.Why distinguish data from model? Typically data repository can
store data models.Why is Digital Twin Network components separated from the
orchestration component? Should Digital Twin Network components part
of orchestration?Do we need to first show the interfaces between the physical
network and its twin and then focus on the twin part with the
various required components to build the twin image?Which component is responsible for checking for deviation of the
underlay network vs. the image?Is continuous verification an implicit reference to CI/CD
procedures where the DTN would be used to run non-regression tests
(for example) before deploying a major release? Please be more
specificThis document describes concepts and definitions of Digital Twin
Network. As such, the below security considerations remain high level,
i.e. in the form of principles, guidelines or requirements.Security in the Digital-Twin network can apply to the following
aspects:Secure the digital twin system itself.Data privacy protectionSecuring the digital twin system aims at making the digital-twin
system operationally secure by implementing security mechanisms and
applying security best practices. In the context of digital-twin
Network, such mechanisms and practices may consist in data verification
and model validation; mapping operations between physical network and
digital counterpart network by authenticated and authorized users
only.Synchronizing all the data between physical network and Network
digital twin entity may increase the risk of sensitive data and
information leakage. Strict control and security mechanisms such as
payload inspection can be provided to mitigate data privacy risk.Diego Lopez and Antonio Pastor were partly supported by the European
Commission under Horizon 2020 grant agreement no. 833685 (SPIDER), and
grant agreement no. 871808 (INSPIRE-5Gplus).This document has no requests to IANA.Digital Twin in Industry: State-of-the-Art. IEEE Transactions
on Industrial Informatics, vol. 15, no. 4.v02 - v03Split interaction with IBN part as a separate section.Fill security section;Clarify the motivation in the introduction section;Use new boilerplate for requirements language section;Key elements definition update.Other editorial changes.Add open issues section.Add section on application scenarios.