Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mib-09.txt
"ietfdbh" <ietfdbh@comcast.net> Tue, 29 October 2013 14:15 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C5511E825C for <behave@ietfa.amsl.com>; Tue, 29 Oct 2013 07:15:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.836
X-Spam-Level:
X-Spam-Status: No, score=-99.836 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, HTML_MESSAGE=0.001, J_CHICKENPOX_33=0.6, J_CHICKENPOX_35=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kNr0--CFjwJ for <behave@ietfa.amsl.com>; Tue, 29 Oct 2013 07:15:05 -0700 (PDT)
Received: from qmta03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:32]) by ietfa.amsl.com (Postfix) with ESMTP id 1E23111E8179 for <behave@ietf.org>; Tue, 29 Oct 2013 07:15:01 -0700 (PDT)
Received: from omta07.westchester.pa.mail.comcast.net ([76.96.62.59]) by qmta03.westchester.pa.mail.comcast.net with comcast id j1D51m0021GhbT8532F1dg; Tue, 29 Oct 2013 14:15:01 +0000
Received: from JV6RVH1 ([67.189.237.137]) by omta07.westchester.pa.mail.comcast.net with comcast id j2F01m00R2yZEBF3T2F0W1; Tue, 29 Oct 2013 14:15:01 +0000
From: ietfdbh <ietfdbh@comcast.net>
To: "'Jagadish Shivamurthy (jshivamu)'" <jshivamu@cisco.com>, simon.perreault@viagenie.ca, behave@ietf.org
References: <4EF6C4B73AD8CA41BCEA4C521FF7BCED2416028E@xmb-rcd-x10.cisco.com>
In-Reply-To: <4EF6C4B73AD8CA41BCEA4C521FF7BCED2416028E@xmb-rcd-x10.cisco.com>
Date: Tue, 29 Oct 2013 10:14:57 -0400
Message-ID: <03ee01ced4b1$3f5e5610$be1b0230$@comcast.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_03EF_01CED48F.B85086A0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ9bf5CRYwv0YTIhLOi9jnuB1P0xJiuafDw
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1383056101; bh=J4CDzzMy/dA7ejq2SA32b3+7xWTGNdrA175E76HMO6g=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=tV/hU13EL/Js5EGsvw2maKositC7v5UTItgoLOMwGDHUP2niFmItgsrqIz5LxjSOh TEXOcKncBH0GOUt2Dz18Ow4QOhIrV3egLomZc4BoPfOa8wRbNkwcWyEEsrbfPKJclX JGuV6JGTMcaFlQGIDwfS3JS52wQF9dQ5VTNeAHmTpJWrEdn/EECHQHpcDk02aVIBUw +lg2m5qxqqohKs6RHgowibHQZu6IGWFg2AsJJqkFr/Mr8DvkzNcAUosQVC8rKJM7gg i7Zo4tZTUi9DS6jW5/qA4qcCOT7dQoiBc9gDPd9Vy9hcrH44R/Bw5Vb8w+eYGBINkB 7jpoWcRxwrt7g==
Cc: "'Ganesan Rajam (grajam)'" <grajam@cisco.com>, "'Hongchi Shih (hshih)'" <hshih@cisco.com>, "'Swaroop George (swaroop)'" <swaroop@cisco.com>
Subject: Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mib-09.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 14:15:10 -0000
Hi, Thanks for this explanation of the context scalability issue. Comments inline. David Harrington <mailto:ietfdbh@comcast.net> ietfdbh@comcast.net +1-603-828-1401 From: Jagadish Shivamurthy (jshivamu) [mailto:jshivamu@cisco.com] Sent: Tuesday, October 29, 2013 7:59 AM To: ietfdbh@comcast.net; simon.perreault@viagenie.ca; behave@ietf.org Cc: Senthil Sivakumar (ssenthil); Hongchi Shih (hshih); Ganesan Rajam (grajam); Swaroop George (swaroop) Subject: Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mib-09.txt Hi David, Simon, Here are some inputs we have based on the past experience of handling multiple instances in deployment scenarios to consider the instance based mechanism. If you see any specific issues (inter-operability or other issues), with instance based design of the MIB, please let us know. Thanks Jagadish 1. An SNMP V3 context (or SNMP v2c Community name) has to be configured for each NAT instance. The SNMP context (or community name) has to be mapped to specific NAT instance. Hence, this method involves 'additional' configuration to make an NMS work with current deployments. If there are high number of NAT instances in a router, this could be a tedious (and error prone) task. You can refer http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_examp le09186a0080b1ff61.shtml as an example of configuring the SNMP contexts/community names on Cisco IOS platforms. A similar configuration exercise will be needed for other platforms. OK. L2VPN bridge instances on certain Cisco routers support Bridge MIB (RFC 1493). However, customers configure hundreds of L2VPN bridges and we had to relay on the customer to configure an SNMP context for each instance. OK. Let me point out that the IETF still supports a standard for "single-instance" Bridge MIB modules (RFC1493, 4188,4363, and 4318). The IETF turned over further Bridge MIB work to the IEEE. The IEEE developed Provider Backbone Bridges, which allows for multiple instances. See http://www.ieee802.org/1/files/public/MIBs/IEEE8021-BRIDGE-MIB-201208100000Z .txt (and http://www.ieee802.org/1/files/public/MIBs/IEEE8021-TC-MIB-201202150000Z.txt ) The addition of instance-indexing required that the OID assignments for Bridge-MIB related objects be completely reassigned. Existing NMS systems that knew how to query, say, the number of ports using dot1dBaseNumPorts at { dot1dBase 2 } Now needs to query ieee8021BridgeBaseNumPorts at {ieee8021BridgeBaseEntry 3} - a totally different OID for the same info. On the other hand, MPLS-L3VPN-STD-MIB.my defined in RFC 4382 supports multiple instances directly without the use of contexts. In this, the MPLS-L3VPN parameters are grouped in to tables/sequences which are indexed by VRF(and other indexes where needed) so that, parameters pertaining to a particular instance can be queried. Understood. 2. The Context approach grows in an MxN manner if there are M different features (MIBs) and N number of average instances per feature (except rare cases where many different features/MIBs can be identified by a common attribute). MxN can easily grow to thousands and customers have to configure those many contexts. Understood. Thanks for clearly explaining the problem. 3. An instance table based approach provides for plug and play kind of deployment. It will not require any additional configuration on the router to make NMS pull data for multiple instances. The NMS walks through the instance table and builds data for each instance. This sounds great! But the devil is in the details. Who assigns the instance identifier? I would assume the router. This would be similar to ifIndex, which is assigned by a router to interface instances. ifIndex has quite a lot of discussion about interoperability, especially persistence across reboot. ifIndex has a corresponding ifAlias that is persistent across reboots. This is REALLY important because NMSes frequently keep data queried about an interface, even across reboots of the managed device. While ifIndex can be changed across reboots, ifAlias must remain constant across reboots. This allows an NMS to recognize that interface#3 has now become interface#4, and can align its old data for interface#3 with the current interface#4. Without this feature of the IF-MIB, all data related to an interface prior to a device reboot might as well be thrown away, since NMSes would be likely to apply the old data to the wrong interface. So what are the rules about the persistence of NAT instances across device reboots? Assuming a chassis-based arrangement with one NAT per board, what happens if a board is removed/added/replaced? How does an NMS align their existing data per NAT with potentially new assignments of NAT instance identifiers? A device might not have the information necessary to assign the same numbers to each instance on reboot, so it needs to renumber (thus the long discussion, and the addition of ifAlias in RFC2863) If a particular board is replaced with another just like it, and the NAT assignments remain the same, it might be inappropriate to align the information related to the old board with the new board. So an NMS should be able to detect when an instance has been simply renumbered (the managed entity is the same, but its identifier has been changed), and it should be able to detect when the thing an instance identifier points to has actually changed (possibly rules about identifier reuse). I think identifier reassignments will be an especially sensitive consideration for logging, when used to support law enforcement. It could be important to align SNMP notifications and syslog entries and ipfix data at the NMS side. I recommend we standardize the information model of NAT instance identifier, so it's usage is consistent across multiple protocols and across vendors. 4. With instance table mechanism, SNMP Contexts can be used for the purpose of defining the contexts of the NMS system. For example, a router being used in "multi tenant" mode, and each tenant having multiple instances of NAT, Context can be used to define a specific Tenant. This provides clear separation and one more hierarchy of scaling in a large scale NAT. OK. The "overloading" of purpose has long been a problem with contexts. Standardizing the information model for instance identifier would also allow it to be used for more than one type of data model. 5. On the other hand, a small scale router that has single NAT instance, can define just one instance with default attributes without any overhead. OK. Thanks, Jagadish
- [BEHAVE] I-D Action: draft-ietf-behave-nat-mib-09… internet-drafts
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Simon Perreault
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… ietfdbh
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Simon Perreault
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Tom Taylor
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… ietfdbh
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Jagadish Shivamurthy (jshivamu)
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… ietfdbh
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Simon Perreault
- [BEHAVE] FW: I-D Action: draft-ietf-behave-nat-mi… Senthil Sivakumar (ssenthil)
- [BEHAVE] FW: I-D Action: draft-ietf-behave-nat-mi… Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Hongchi Shih (hshih)
- Re: [BEHAVE] I-D Action: draft-ietf-behave-nat-mi… Hongchi Shih (hshih)
- Re: [BEHAVE] FW: I-D Action: draft-ietf-behave-na… Jagadish Shivamurthy (jshivamu)
- Re: [BEHAVE] FW: I-D Action: draft-ietf-behave-na… ietfdbh
- Re: [BEHAVE] FW: I-D Action: draft-ietf-behave-na… Simon Perreault