[Apn] 答复: comments and suggestions to the draft-yang-apn-sd-wan-usecase-00
Feng Yang <yangfeng@chinamobile.com> Thu, 10 September 2020 10:22 UTC
Return-Path: <yangfeng@chinamobile.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20BFD3A12E1; Thu, 10 Sep 2020 03:22:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UREMEf-o1KfB; Thu, 10 Sep 2020 03:22:44 -0700 (PDT)
Received: from cmccmta3.chinamobile.com (cmccmta3.chinamobile.com [221.176.66.81]) by ietfa.amsl.com (Postfix) with ESMTP id 102B23A12C9; Thu, 10 Sep 2020 03:22:42 -0700 (PDT)
Received: from spf.mail.chinamobile.com (unknown[172.16.121.11]) by rmmx-syy-dmz-app12-12012 (RichMail) with SMTP id 2eec5f59fe65fd0-89379; Thu, 10 Sep 2020 18:22:30 +0800 (CST)
X-RM-TRANSID: 2eec5f59fe65fd0-89379
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmccPC (unknown[223.69.29.65]) by rmsmtp-syy-appsvr06-12006 (RichMail) with SMTP id 2ee65f59fe659b8-128af; Thu, 10 Sep 2020 18:22:30 +0800 (CST)
X-RM-TRANSID: 2ee65f59fe659b8-128af
From: Feng Yang <yangfeng@chinamobile.com>
To: 'Linda Dunbar' <linda.dunbar@futurewei.com>, 'apn' <apn@ietf.org>
Cc: draft-yang-apn-sd-wan-usecase@ietf.org
References: <SN6PR13MB2334B2667ACE5A889AF5263C85260@SN6PR13MB2334.namprd13.prod.outlook.com>
In-Reply-To: <SN6PR13MB2334B2667ACE5A889AF5263C85260@SN6PR13MB2334.namprd13.prod.outlook.com>
Date: Thu, 10 Sep 2020 18:22:30 +0800
Message-ID: <044101d6875c$4a7bb2d0$df731870$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0442_01D6879F.589EF2D0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdaG3JAeEh7/Lc92RWyufB5bME3N8QAfuMBQ
Content-Language: zh-cn
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/bpycOFIWultY2pxKcEmUbhqY3Bg>
Subject: [Apn] 答复: comments and suggestions to the draft-yang-apn-sd-wan-usecase-00
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 10:22:54 -0000
Hi Linda, Thanks for your comments. See my comments inline. BR£¬ Feng Yang ·¢¼þÈË: Apn [mailto:apn-bounces@ietf.org] ´ú±í Linda Dunbar ·¢ËÍʱ¼ä: 2020Äê9ÔÂ10ÈÕ 03:25 ÊÕ¼þÈË: apn ³ËÍ: draft-yang-apn-sd-wan-usecase@ietf.org Ö÷Ìâ: [Apn] comments and suggestions to the draft-yang-apn-sd-wan-usecase-00 Authors of the draft-yang-apn-sd-wan-usecase-00: Here are my comments and suggestion to the draft. 1. The draft has stated in multiple sections that ¡°APN can provide value¡±, but doesn¡¯t have much description on ¡°HOW APN provides value¡±. It would be very useful to elaborate more details on HOW. [Feng] APN conveys application information such as application/user/flow identifiers and SLA/service requirements along data packets into network and make the network aware of applications and their requirements, so to provide corresponding network services and guarantee their SLA requirements. This draft intends to describe the values which APN can provide to SD-WAN in various usage scenarios, as below. 2.1. APN for Traffic Steering into Dedicated WAN 2.2. APN for Traffic Steering into Particular Cloud 2.3. APN for Value-added Service Provisioning in SD-WAN 2.4. APN for Data Processing in SD-WAN Basically APN can be used in these scenarios to provide the fine-granularity traffic steering and service operations in SD-WAN. The description of each scenario can be further enhanced. 2. Among the 4 major characteristics of SD-WAN described in https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-sdwan-usage/ , I think the following two are closely relevant to APN: - Some traffic flows can be forwarded based on their application identifiers instead of based on destination IP addresses, by the edge nodes placing the traffic flows onto specific overlay paths based on their application requirement. p.s. The BESS-bgp-sdwan-usage draft assumes there is a Matching ¨C ACTION configured at the Edge node indicating a specific n-tuple MATCHING for assigning traffic to a specific UNDERLAY networks. It would be very beneficial to document how APN provide more than the current practices of MATCHING ¨C PATH SELECTION. - The traffic flows forwarding can also be based on specific performance criteria (e.g. packets delay, packet loos, jitter) to provide better application performance by choosing the right underlay that meets or exceeds the specified criteria. Again, the BESS draft assumes there is a MATCHING - ACTION provisioning at the Edge node indicating a specific n-tuple MATCHING for assigning traffic to paths with specific Performance criteria. Does APN do it differently? It would be very beneficial to add more details. [Feng] Indeed, these two are closely relevant to APN. The difference which APN made here is that APN can directly add the application-aware information including application identifiers and the performance requirements in the data packets and then to facilitate the matching & action performed at the edge devices. Furthermore, this application-aware information can be further utilized by the underlay networks for application-aware network service provisioning. So APN can be taken as a technology to facilitate this matching-action for traffic steering. 3. Section 2.1 describes a classic deployment of SDWAN split traffic among multiple WAN paths. It is not clear how does APN do differently than today¡¯s MATCHING ¨C ACTION provisioning based approach. [Feng] The same as above. 4. Section 2.2 shows applications behind CPE connect to different Clouds. How does APN facilitate? Does APN use enhanced DNS to route APP to the desired destination? What if the Applications communication are all encrypted? [Feng] The anycast address can be used here. According to the application-aware information, the proper cloud can be selected and the traffic can be routed along the path towards this cloud. 5. Section 2.3: how does APN recognize malicious applications? Most today¡¯s applications communication are encrypted. [Feng] The potential security issues that may be imposed by APN were discussed during the APN side meeting@ IETF108. Basically the existing access control and network security mechanisms can be utilized. According to the application-aware information, the traffic can be steered into corresponding FW VAS for validating its legitimacy. https://github.com/APN-Community/IETF108-Side-Meeting-APN/blob/master/6%20Sh uping%20Peng%20-%20Huawei%20-%20Discussions%20%26%20Clarifications%20-%20%20 Privacy%20%26%20Security.pdf 6. Section 2.4: Does APN steer packets based on the configured Matching ¨C ACTION paradigm? How APN recognize Data? Are the Data attached to packets? Or Data in specific database? Or Performance measurement data collected by network devices? [Feng] With APN the application-aware information can be attached to the packets, based on which the traffic can be steered. If the application-aware information is not carried in the packets, it can utilize the existing capability of the edge devices and this information can be recognized by the edge devices. The matching-action policy can be configured by the network operators. The performance measurement can be done by the existing mechanisms such as iOAM which can be further integrated with APN to achieve fine-granularity performance measurement and visualization. Cheers, Linda Dunbar