]> Department of the Air Force

1800 Air Force Pentagon Washington DC 20330 USA +1 786 994 3023 john.willman.1@us.af.mil https://www.linkedin.com/in/johnewillmanv

GMO Internet Group, Inc.

Cerulean Tower 26-1 Sakuragaokacho Shibuya Tokyo 150-8512 Japan kanno@gmo-connect.jp https://www.linkedin.com/in/satoru-kanno/

Operations and Management Routing Working Group SD-WAN application identification traffic steering SRv6 policy SLA This document specifies PRISM, an application-aware traffic steering protocol for Software-Defined Wide Area Networks (SD-WAN). PRISM provides deep application identification, per-flow tracking, Service Level Agreement (SLA) enforcement, and policy-based path selection integration with Segment Routing over IPv6 (SRv6). PRISM is designed as a companion protocol to CONDUIT (Cryptographic Orchestration of Network Distributed Underlay for IPsec Transport), together providing a complete open-standard SD-WAN solution. CONDUIT manages the encrypted tunnel fabric while PRISM provides the application intelligence and policy enforcement. The protocol is fully programmable via gRPC, supports distributed and centralized deployment models, and mandates a phased transition to Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) cryptographic requirements.

Introduction

Problem Statement Software-Defined Wide Area Networks (SD-WAN) have emerged as a critical technology for enterprises and tactical networks requiring Intelligent traffic management across multiple WAN connections. However, existing SD-WAN solutions are predominantly proprietary, creating several challenges:

Vendor Lock-in:

Organizations deploying proprietary SD-WAN solutions become dependent on a single vendor for features, updates, and interoperability.

Limited Interoperability:

Proprietary solutions cannot interoperate with equipment from other vendors, limiting deployment flexibility and multi-vendor environments.

Opaque Operation:

Closed implementations prevent security auditing and verification of traffic handling behavior.

Cryptographic Limitations:

Many commercial SD-WAN products do not support government-mandated cryptographic standards such as CNSA 2.0.

An open-standard SD-WAN protocol would address these limitations by providing a vendor-neutral specification that enables interoperability, permits security auditing, and ensures compliance with required cryptographic standards. SD-WAN functionality comprises two distinct concerns:

1. Tunnel Fabric Management: Creating, monitoring, and maintaining encrypted tunnels across multiple WAN links. addresses this function.
2. Application-Aware Traffic Steering: Identifying applications, tracking flows, enforcing policies, and selecting optimal paths based on application requirements. This function is addressed by PRISM.

Relationship to CONDUIT PRISM and together form a complete open-standard SD-WAN solution with clear separation of responsibilities: CONDUIT Responsibilities:

• IPsec tunnel lifecycle management (creation, deletion, rekeying)
• Tunnel health monitoring (probing, metrics collection)
• Metric publishing to SRv6/IGP
• IKEv2 security association management

PRISM Responsibilities:

• Application identification (deep packet inspection, heuristics)
• Flow tracking and management
• Policy definition and enforcement
• SLA monitoring and alerting
• Traffic class assignment for SRv6 steering

The relationship can be summarized as: PRISM decides WHAT traffic class each flow belongs to; SRv6 decides WHICH path to use based on Flex-Algo; CONDUIT ensures the paths EXIST and reports their quality.

Design Goals

PRISM is designed to meet the following goals:

Scope This document specifies:

• Application identification mechanisms and signature format
• Flow tracking and management procedures
• Policy framework for traffic steering
• SLA definition and enforcement
• Integration with SRv6 for path selection
• Control protocol for distributed operation
• gRPC API for management and analytics

This document does not specify:

• Tunnel management (covered by )
• SRv6 data plane operations (covered by )
• Specific application signatures (maintained separately)
• Deep packet inspection algorithms (implementation-specific)

Conventions and Terminology

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Definitions

Application:

A network service or program identified by its traffic characteristics, such as Microsoft Teams, Salesforce, or SSH.

Application Category:

A grouping of applications with similar characteristics or business purposes, such as "unified communications" or "business critical".

Application Signature:

A set of patterns or heuristics used to identify a specific application from its network traffic.

Flow:

A unidirectional sequence of packets sharing common identifying characteristics, typically a 5-tuple of protocol, source address, source port, destination address, and destination port.

Session:

A bidirectional communication comprising two related flows (forward and reverse directions).

Traffic Class:

A classification assigned to flows that maps to specific SRv6 treatment, including path selection and QoS.

SLA (Service Level Agreement):

A set of performance thresholds that define acceptable service quality for an application or traffic class.

Policy:

A rule that matches traffic based on specified conditions and applies designated actions.

DPI (Deep Packet Inspection):

Analysis of packet contents beyond layer 4 headers to identify applications.

PRISM Node:

A device implementing the PRISM protocol, typically co- located with a CONDUIT node.

PRISM Controller:

A centralized management entity that distributes policies and aggregates analytics from PRISM nodes.

Architecture

System Overview A PRISM deployment consists of the following components:

PRISM Controller:

A centralized or distributed management entity responsible for policy management and distribution, application signature database maintenance, aggregated analytics and reporting, and SLA monitoring dashboard.

PRISM Node:

A data plane element deployed at network edges responsible for application identification, flow tracking, and classification, policy enforcement, per-flow metrics collection, and SRv6 traffic class assignment.

CONDUIT Node:

Co-located tunnel fabric manager providing IPsec tunnel management and path quality metrics (feeds into SLA calculations).

SRv6 Data Plane:

Forwarding plane that executes traffic engineering decisions based on traffic class assignments from PRISM.

Deployment Models PRISM supports multiple deployment models:

Distributed Mode:

Each PRISM node operates independently. Policies are configured locally on each node. No central controller required. Suitable for small deployments or disconnected operations.

Centralized Mode:

PRISM Controller manages all nodes. Policies are defined centrally and distributed to nodes. Centralized analytics and reporting. Suitable for enterprise deployments.

Hierarchical Mode:

Regional controllers manage local nodes. Global controller coordinates regional controllers. Policies can be global, regional, or local. Suitable for large distributed deployments.

Hybrid Mode:

Central controller for policy distribution. Local autonomy for real-time decisions. Nodes operate independently if the controller is unreachable. Suitable for tactical/resilient deployments.

Application Identification

Identification Methods

PRISM employs multiple methods to identify applications:

Classification proceeds through methods in order of reliability until a confident identification is achieved.

Encrypted Traffic Analysis For encrypted traffic (TLS/DTLS), PRISM uses metadata analysis without decryption:

TLS Server Name Indication (SNI):

The SNI field in the TLS Client Hello message reveals the intended server hostname, making it the primary method for HTTPS application classification. Note: The effectiveness of SNI-based identification will diminish as Encrypted Client Hello (ECH) is deployed. Implementations SHOULD prioritize heuristic and behavioral analysis methods () to maintain classification accuracy for ECH-protected flows.

TLS Certificate Analysis:

Server certificates contain identifying information, including Common Name, Subject Alternative Names, Organization, and Issuer.

JA3/JA3S Fingerprinting:

TLS handshake characteristics create unique fingerprints for client and server implementations. Note that JA3 hashes use MD5 for identification purposes only; this does not affect CNSA compliance as no cryptographic protection is derived from these hashes.

Encrypted Traffic Behavioral Analysis:

Statistical analysis of packet sizes, timing, and directionality can identify applications without payload inspection.

PRISM MUST NOT perform TLS interception or decryption. All encrypted traffic analysis is performed on metadata and observable traffic characteristics only.

Application Categories

Applications are organized into categories for policy management:

Flow Management

Flow Identification A composite key identifies flows: Standard 5-Tuple:

• IP Protocol (8 bits)
• Source IP Address (128 bits for IPv6)
• Destination IP Address (128 bits for IPv6)
• Source Port (16 bits)
• Destination Port (16 bits)

Extended Identifiers (optional):

• VLAN ID
• VRF/VPN ID
• Ingress interface

Flow Lifecycle Flows progress through the following states:

NEW:

First packet observed. Application identification in progress. Default traffic class applied.

CLASSIFYING:

Multiple packets observed. Application identification in progress. May transition to ESTABLISHED once classification confidence exceeds threshold.

ESTABLISHED:

Application identified with sufficient confidence. Traffic class assigned based on policy. SLA monitoring is active.

CLOSING:

Connection termination detected. Preparing to collect final statistics.

CLOSED:

Flow terminated. Final statistics recorded. Entry scheduled for removal after reporting.

Policy Framework

Policy Model PRISM policies follow a match-action model with the following structure:

• Policy ID: Unique identifier
• Name: Human-readable name
• Priority: Evaluation order (lower = higher priority)
• Match: Conditions that select applicable traffic
• Action: Operations to perform on matching traffic
• Schedule: Optional time-based activation

Match Conditions Policies can match on:

• Source/destination IP address or prefix
• Port or port range
• Specific application ID or category
• Application risk level
• Protocol (TCP, UDP, etc.)
• DSCP value
• Time of day
• Ingress interface or zone

Actions When a policy matches, the following actions may be applied:

Traffic Class Assignment:

Set traffic class (maps to SRv6 color), set DSCP value

Path Selection:

Prefer specific path characteristics, avoid specific paths, pin to a specific path

SLA Assignment:

Apply SLA profile, set violation actions Bandwidth Management: Rate limit, bandwidth guarantee

Security:

Permit, deny, redirect to inspection

SLA Definitions

Standard SLA Profiles:

SRv6 Integration

Traffic Class to SRv6 Color Mapping

PRISM assigns traffic classes that map to SRv6 policy colors:

Dynamic Path Selection PRISM influences path selection through traffic class assignment, not direct path manipulation. The sequence is:

1. PRISM classifies flow and assigns traffic class
2. Traffic class maps to SRv6 color
3. SRv6 color maps to SR policy
4. SR policy specifies Flex-Algo or explicit path
5. SRv6 data plane forwards accordingly

This maintains clean separation: PRISM determines the application requirements, SRv6 satisfies them.

SLA Monitoring and Enforcement

SLA Metrics PRISM monitors: Latency: End-to-end delay. Measured via TCP timestamps or probes. Jitter: Variation in packet delay. Calculated per .

Packet Loss:

Percentage not delivered. Inferred from TCP retransmissions.

Throughput:

Bytes per second over measurement interval.

Remediation Actions When SLA violations are detected:

Alert Only:

Generate alert, no corrective action.

Reclassify:

Move the flow to a different traffic class.

Path Switch:

Signal SRv6 to prefer the alternate path.

Escalate: Notify the external system to take action.

Control Protocol

Transport PRISM control messages are transported via UDP on port 4796. PRISM control messages MUST be transported within a CONDUIT encrypted tunnel fabric to ensure confidentiality. Implementations MUST drop PRISM control messages received on unprotected interfaces. All control messages are authenticated using HMAC-SHA-384.

Message Header

Message Types

gRPC API PRISM exposes functionality through five gRPC services:

PolicyService:

Policy lifecycle management (CRUD for policies, SLA profiles)

ApplicationService:

Application signature management

FlowService:

Flow visibility and real-time streaming

AnalyticsService:

SLA compliance reports and traffic analytics

ConfigService:

Node configuration

All gRPC connections MUST use mutual TLS (mTLS). Certificate requirements follow the Phased Transition model defined in . Phase 1 implementations MAY use CNSA 1.0 compliant certificates (ECDSA P-384). Phase 2 implementations SHOULD use hybrid certificates combining ECDSA P-384 and ML-DSA-87. Phase 3 implementations MUST use CNSA 2.0 compliant certificates (ML-DSA-87).

Cryptographic Agility and Transition To ensure long-term security against quantum threats while maintaining operational readiness, PRISM adopts a phased transition strategy aligned with CNSA 2.0 timelines and IETF guidance on Post-Quantum Cryptography . This approach mandates cryptographic agility, enabling seamless updates to algorithms without protocol redesign.

Cryptographic Agility PRISM implementations MUST support cryptographic agility. Control plane messages and data plane encapsulations MUST include versioning or algorithm identifiers to allow negotiation of cryptographic suites. Implementations SHOULD be capable of upgrading cryptographic libraries independently of the core protocol logic.

Phased Transition The transition to Post-Quantum Cryptography (PQC) is defined in three phases, aligning with the transition models described in , , and , and the timeline mandated by :

Phase 1 (Legacy/Current):

Uses CNSA 1.0 algorithms (ECC P-384, AES-256). This phase supports immediate deployment with currently FIPS-validated hardware and software. New deployments SHOULD plan for Phase 2 migration.

Phase 2 (Transitional/Hybrid):

Uses hybrid schemes combining CNSA 1.0 and CNSA 2.0 algorithms. Hybrid key exchange (e.g., ECDH P-384 + ML-KEM) and signatures provide "defense in depth" during the transition period. This phase is RECOMMENDED for all systems as PQC libraries become available.

Phase 3 (Target):

Uses pure CNSA 2.0 algorithms (ML-KEM, ML-DSA). Mandatory for all new systems by December 31, 2030 (software/firmware and traditional networking equipment) or 2033 (niche equipment), per CNSA 2.0 guidance. The goal is for all NSS to be quantum-resistant by 2035.

Algorithm Requirements by Phase Implementations MUST support the algorithms defined for their operating phase:

Note: "ML-KEM" refers to Module-Lattice-Based Key-Encapsulation Mechanism (FIPS 203). "ML-DSA" refers to Module-Lattice-Based Digital Signature Standard (FIPS 204).

Transport Security gRPC connections MUST use TLS 1.3. For Phase 1, the TLS_AES_256_GCM_SHA384 cipher suite is REQUIRED. Phase 2 and 3 implementations MUST support PQC-aware TLS cipher suites as they are standardized by the IETF (e.g., , ). For IPsec compliance (via CONDUIT), implementations MUST support to enable multiple key exchanges for hybrid PQC.

Security Considerations

Privacy Considerations PRISM performs deep packet inspection, which raises privacy concerns. PRISM analyzes metadata of encrypted traffic but does not decrypt contents. Organizations SHOULD define data retention policies.

Application Identification Risks Sophisticated actors may attempt to evade identification. Implementations SHOULD employ multiple identification methods and provide mechanisms to review classifications.

Policy Security Policies MUST be authenticated using HMAC-SHA-384. Policy changes SHOULD require appropriate authorization and be logged for audit.

IANA Considerations

UDP Port Allocation This document requests the allocation of UDP port 4796 for PRISM control messages.

Application Category Registry This document requests the creation of a "PRISM Application Categories." registry with initial values from 0x01 (unified-communications) through 0xFF (unknown).

References Normative References Informative References NIST ENISA BSI Nokia Nokia Nokia DigiCert Entrust Limited University of Waterloo Cisco Systems University of Haifa and Meta SandboxAQ National Security Agency Independent Fastly Cryptography Consulting LLC Cloudflare

Acknowledgements The authors thank the networking community for discussions on SD-WAN requirements and open standards approaches.