What-if loop in Network Digital Twins
Authored by Jose Manuel Manjón Cáliz, Telefónica Innovación Digital
In the HORSE project we have introduced a new concept that works with the Network Digital Twin (NDT) and the Intent-Based Interface (IBI), this is the what-if loop. This concept is enclosed in a scenario where the goal is to mitigate attacks on the network.
The what-if loop starts on the IBI, which send a request about any countermeasure that wants to apply to a certain attack, in a concrete point of the network and with a specific KPI. Some examples for a DDoS DNS attack about this what-if request can be:
- WHAT is the latency in a specific interface of DNS client IF we apply a rate limit of 20 Mbps in the DNS server.
- WHAT is the bandwidth in a specific interface of DNS client IF we block port 53 in the DNS server.
With these definitions, the Network Digital Twin can work by testing the concrete scenarios proposed by the IBI. Then, the NDT will answer those questions by sending the KPIs that were specified on the what-if requests.
The Model Translator will be the module inside the NDT that will translate the intents coming from the IBI and apply it in the NDT infrastructure. Also, it translates the responses that will be sent back to the IBI.
Now, the work is focused on the models of these what-if requests, where we need to have something like the following parameters:
- Type of mitigation action (e.g. FILTER)
- Point of the network where apply the mitigation action (e. g. interface X of DNS server)
- Value of the mitigation action (e. g. port 53)
- Point of the network to be measured (e. g. interface X of DNS client)
- KPI to be measured (e.g. bandwidth)
Finally, the Intent-Based Interface, with the information of the different impacts that the mitigations have on the network, can take the necessary decisions to be later applied into the real infrastructure.
It is important to highlight the innovation behind this what-if loop between the IBI and the NDT. It allows us to test and estimate the impact in advance of mitigations actions and (re)configuration of network elements. By this loop, the real network will not suffer any inconvenience as all the modifications can be done previously in the Network Digital Twin and we can estimate the impact that the action will have in the real environment.