Re: [CCAMP] New Liaison Statement, "LS/r IETF CCAMP work on YANG Alarm Module Submission (reply to IETF-LS16 )"

[stefan vallin <stefan@wallan.se>]

Hi Nick!
Thanks, I get your point.
I will  look into it, and possible ping you for discussions. If we do it the proper way, it should not complicate the model/implementation where the device does not support ASAP.

br Stefan


Stefan Vallin
stefan@wallan.se
+46705233262

> On 12 Apr 2018, at 08:52, NICK HANCOCK <nick.hancock@adtran.com> wrote:
> 
> Hi Stefan,
>  
> I very much agree to the approach to define a core YANG Alarm model in the IETF that is simple enough to get wide implementation support and which can be augmented easily by other models.
>  
> My experience in access networks, however, also shows that management systems do require the ability to be able to assign their own severities to alarm types on the network elements to override any default values defined by the vendors. If this were not to be included in the core YANG Alarm model or at least as a separate module that augments the core module, SDOs and/or other vendors will be driven to provide support through their own proprietary augmentations to the core module. But such an approach would certainly not be in the industry’s interest as it would result in multiple proprietary solutions that would make interoperability very difficult, if not impossible.
>  
> I am also aware that ASAP assumes a 1:1 mapping of severity to alarm type and that the core alarm module supports alarm types that also have a life-cycle. My experience though is that the majority of alarm types possess just a 1:1 mapping. Nonetheless, we cannot ignore alarm types for which the severity of an alarm instance may change over the life-cycle of that alarm instance and I also believe that this is an important property of the alarm module concept. So any solution to manage severities of alarm types would need to be compatible with alarm types, where the severity of an instance of that alarm type can change during the life-cycle of the alarm.
>  
> One proposed implementation based on the core alarm module that I am aware of that provides a flexible solution to enable severities to be managed for alarm types with a 1:1 mapping is by means of profiles that may be assigned both at the system level to override the factory default severities of alarm types; and in addition to specific resources to additionally override the severities for these specific resources.
>  
> Specifically, the proposed implementation would add/augment a list of profiles into the container ‘control’, keyed by a unique name, whereby a profile entry includes a list ‘alarm-type’ keyed by ‘alarm-type-id’ and ‘alarm-type-qualifier-match’ with a leaf defining the severity. Agreed that this solution as it currently stands is really only applicable to alarm types with a 1:1 mapping of severity, so it may need to be adjusted in some way. Since other possible customizations of alarm information of alarm types may also be required to be managed by users in addition to the modification of an alarm type’s severity, I would recommend that any such profile be generalized to allow for this, for example, by calling it simply an ‘alarm-profile’, so that such extensions could be added through proprietary augmentations of the alarm profile by other SDOs or vendors.
>  
> A configurable leaf-list ‘system-alarm-profile’ containing references to zero or more alarm profiles and ordered-by user enables the factory default severities to be overridden and a list ‘resource-alarm-profile’ keyed by ‘resource’ and containing a leaf-list of references to alarm-profiles again ordered-by user enables the severities for the referenced resource to be overridden, whereby a profile assigned to a resource overrides any profile assigned at the system-level for a given alarm-type and resource. The leaf-list of references enables users to create a set of alarm profiles, each of which may fulfill a different purpose and assign those profiles to the system and/or resources as applicable. Alarm profiles could in this way be defined, for example, for specific services, customer types, interface types etc., whereby any conflicts resulting from multiple overrides would be resolved through the order of the assignment as defined by the user.
>  
> I would be very happy to discuss this in more detail and assist you in any way to find an acceptable solution.
>  
> Best regards
>  
> From: CCAMP [mailto:ccamp-bounces@ietf.org <mailto:ccamp-bounces@ietf.org>] On Behalf Of stefan vallin
> Sent: Wednesday, March 07, 2018 10:09 PM
> To: Liaison Statement Management Tool
> Cc: itu-t-liaison@iab.org <mailto:itu-t-liaison@iab.org>; Common Control and Measurement Plane Discussion List; Alia Atlas
> Subject: Re: [CCAMP] New Liaison Statement, "LS/r IETF CCAMP work on YANG Alarm Module Submission (reply to IETF-LS16 )"
>  
> Hi!
> Thanks for the review! Happy to cooperate with ITU.
> See comments inline:
> 
> Br Stefan and Martin
> 
> > On 02 Mar 2018, at 20:07, Liaison Statement Management Tool <lsmt@ietf.org <mailto:lsmt@ietf.org>> wrote:
> > 
> > Title: LS/r IETF CCAMP work on YANG Alarm Module Submission (reply to IETF-LS16 )
> > Submission Date: 2018-03-02
> > URL of the IETF Web page: https://datatracker.ietf.org/liaison/1564/ <https://datatracker.ietf.org/liaison/1564/>
> > 
> > From: Hiroshi Ota <hiroshi.ota@itu.int <mailto:hiroshi.ota@itu.int>>
> > To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com <mailto:daniele.ceccarelli@ericsson.com>>,Fatai Zhang <zhangfatai@huawei.com <mailto:zhangfatai@huawei.com>>
> > Cc: Deborah Brungard <db3546@att.com <mailto:db3546@att.com>>,Scott Mansfield <Scott.Mansfield@Ericsson.com <mailto:Scott.Mansfield@Ericsson.com>>,Fatai Zhang <zhangfatai@huawei.com <mailto:zhangfatai@huawei.com>>,Alvaro Retana <aretana.ietf@gmail.com <mailto:aretana.ietf@gmail.com>>,Alia Atlas <akatlas@gmail.com <mailto:akatlas@gmail.com>>,Daniele Ceccarelli <daniele.ceccarelli@ericsson.com <mailto:daniele.ceccarelli@ericsson.com>>,Common Control and Measurement Plane Discussion List <ccamp@ietf.org <mailto:ccamp@ietf.org>>,itu-t-liaison@iab.org <mailto:itu-t-liaison@iab.org>
> > Response Contacts: 
> > Technical Contacts: 
> > Purpose: For information
> > 
> > Body: ITU-T Study Group 15 thanks IETF CCAMP WG for informing us about the adoption of a WG document https://tools.ietf.org/html/draft-ietf-ccamp-alarm-module-00 <https://tools.ietf.org/html/draft-ietf-ccamp-alarm-module-00> on “YANG Alarm Module” and requesting review on the module.
> Note that we have published a new version
> https://tools.ietf.org/html/draft-ietf-ccamp-alarm-module-01 <https://tools.ietf.org/html/draft-ietf-ccamp-alarm-module-01>
> > 
> > ITU-T Study Group 15 has been working, with collaboration with the ONF OIMT Group, on a Core Information Model in Recommendation G.7711 (ONF TR-512). The Core IM is neutral to any transport technology and is specified in UML, which is neutral to any management/control interface protocol. The Core IM can be pruned/refactored to provide a purpose-specific IM and translated into YANG code by automated tooling (xmi2yang). The OAM functionality, including Fault Management (FM) and Performance Monitoring (PM) is an area being modelled in G.7711 (ONF TR-512).
> > 
> > Regarding the alarm management, we would like to see the FM and PM modelling based on the same architecture, and to harmonize with the requirements in Recommendation G.7710.
> We have read G.7711 and see no FM requirements or models.
> Have we missed anything in here? 
> G.7710 provides Alarm Reporting Control, ARC, and 
> Alarm Severity Assignment Profile, ASAP.
> 
> Our approach is to define a core Alarm YANG model in the IETF that is
> simple enough to get wide implementation support, and that can be
> augmented by other models. We have by design simplified/excluded 
> some of the ITU features in order to keep the ietf-alarms YANG module 
> small and simple. 
> See more details below. 
> 
> We could consider to make a separate augmenting module "itu-alarm-module”
> that includes some of the more advanced ITU features. 
> That could also include moving the X733 mapping out of this draft and place it
> in the "itu-alarm-module”.
> 
> 
> > The YANG module should also allow transport technology specific augmentations.
> That is the intention. That would mostly mean to define YANG identities for the 
> technology specific alarm types.
> > 
> > Regarding the scope of the YANG Alarm Module, the draft should explicitly state that the modeling of how transport resource alarms are raised and cleared by the underlying transport instrumentation is out of the scope of this draft. Specifically, the modelling of defect detection, defect coordination into fault cause, consequent action, persistency verification declaring fault cause as failure, and raising failure as alarm and its subsequent clearing should belong to the SDO/group that owns the transport technology.
> Ok, will add that in Section 1 Introduction
> 
> 
> > 
> > The alarm YANG draft adopts the X.733 alarm severities, but doesn’t support the function of alarm severity assignment (i.e., configuring the severity of an alarm type of a resource), i.e., the feature of the Alarm Severity Assignment Profile (ASAP) object of M.3160/M.3100 is not supported by the draft. Is this intended to be out of the scope of the alarm YANG draft?
> 
> Yes we have excluded that from being supported over the management 
> interface. This for several reasons: 
> 1) Our experience is that the *management systems* will anyhow reassign
> severity/priority levels based on contextual information. A managed system
> has very little contextual information on services, topology, administrative
> state etc that would allow it to set the “final” severity level. Therefore the 
> ASP function is of little use. We did not see ASP being used based on 
> our practical experience on ITU M.3160/M.3100 systems.
> 
> 2) Setting proper severity levels is probably more complex than what is
> offered by ASP, complex mechanism per alarm type and system is not
> covered by the simple alarm type (probable cause) - severity mapping. 
> This lends towards configurable severity levels being a local configuration
> issue specific per system type and alarm type.
> 
> 3) ASP makes the assumption that there is a 1-1 mapping between 
> alarm-type (probable cause) and severity level. That is not necessarily true.
> 
> AlarmSeverityAssignment ::= SEQUENCE { 
> problem ProbableCause, 
> severityAssignedServiceAffecting AlarmSeverityCode OPTIONAL,
> severityAssignedNonServiceAffecting AlarmSeverityCode OPTIONAL,
> severityAssignedServiceIndependent AlarmSeverityCode OPTIONAL
> }
> 
> Assume a LOSS threshold, it makes perfect sense to have 3 thresholds, each
> of them with a different severity. In our model that is one alarm type “loss” and 
> an alarm can have a life-cycle (minor, major, critical, major, minor) for example.
> This is one alarm-type “loss”. The benefit iof that is for example that it is one 
> alarm rather than 3 in the alarm list (since probable cause/alarm type is a key).
> 
> The alarm severity assignment profile mechanism would force three alarm types
> to be defined LOSS-threshold-1, LOSS-threshold-2 etc, each with separate 
> severity assignment.
> 
> The above arguments for keeping ASAP out of the IETF alarm model.
> 
> An ASAP mechanism could be defined in an augmenting module.
> it would look something like the shelf criteria in this draft: resource, alarm-type, 
> alarm-qualifier-match and corresponding severity level.
> But, again the problem is alarm types with several severity levels. Any thoughts on this?
> 
> > 
> > For alarm reporting control, the alarm YANG draft supports only the simple alarm shelf function. It doesn’t support the rich features of the Alarm Reporting Control (ARC) function of M.3160/M.3100, which is required by G.7710.
> 
> This is by design. The shelf mechanism is simpler to understand, 
> implement and design. We are not convinced that ARC is required.
> It is a fairly complex model. Our experience has not shown real usage
> of ARC. For example, seehttps://tools.ietf.org/html/rfc3878 <seehttps://tools.ietf.org/html/rfc3878> is an ARC MIB, 
> to our knowledge it is not widely spread. This said, a more advanced 
> ARC feature could be defined as an extension in the future.
> 
> On a more philsophical perspective, rather than providing complex
> mechanisms for the management system to configure advanced
> filtering requirements we have formed strong requirements on alarm
> quality, see appendix F in version 01. This is how the process industry has worked
> in order to address the alarm overload and alarm quality problem. 
> This puts the burden on the equipment/software vendor to implement 
> proper alarm instrumentation rather than pushing the problem to complex 
> configuration by the alarm manager.
> 
> 
> > 
> > We support the clear separation of resource alarm life-cycle from the operator and administrative life-cycle of an alarm.
> Good :)
> > 
> > Listed below are specific comments from our review of the YANG Alarm Module
> > 
> > 1. Section 4.2, paragraphs 5 & 6 discuss unknow alarm type at design time and dynamic addition of alarm types using string. Please note that the Spec Model approach of the Core Information Model (ITU-T Recommendation G.7711 Annex G) (also in ONF TR-512.7) provides a generic formal way to allow run time enhancement/decoration.
> 
> G.7711 is a fairly generic UML extension approach.
> The use of alarm-qualifier is a specific mechanism to allow for
> dynamic alarm types which are included as key in the alarm list.
> Alarm-qualifier roughly matches X.733 specific-problem but with the 
> requirement that they must be published in the alarm inventory.
> 
> 
> > 
> > 2. Section 4.4, first paragraph, second last sentence: Add “and alarm type qualifier” so that the sentence becomes “This means that alarm notifications for the same resource, same alarm type and same alarm type qualifier are matched to update the same alarm instance.”
> 
> We will clarify this
> 
> > 
> > 3. Section 4.5: What is the relationship (dependency) among “alarm clearance”, “alarm closing”, and “alarm deleting”. Will administrative deleting automatically results in operator closing? Need more clarification among the three types of alarm life-cycle. Otherwise will cause inconsistent handling of alarm among different systems.
> 
> Alarm clearance is the resource life-cycle, the instrumentation
> clearing the alarm
> 
> Alarm closing is the operator life-cycle, the alarm is not important
> from an operations perspective (might be cleared or not)
> 
> Deleting and alarm means it is removed from the list and therefore has no states…
> 
> Will improve the text in this section to make this more clear
> 
> 
> > 
> > 4. Section 4.5.1, first paragraph, second line: Editorial error: “change severity” occurs twice.
> 
> That is a feature, not a bug :)
> " From a resource perspective, an alarm can have the following life-
> cycle: raise, change severity, change severity, clear, being raised
> again etc”
> 
> The alarm list has the following structure:
> [resource, alarm-type-id, alarm-type-qualifier], [(time, severity, text, cleared), (...), (...)]
> 
> [link42, highUtilization,-](t1, warning, “”,-), (t2, minor, “”, -),(t3, minor, “”, cleared)
> 
> > 
> > 
> > We appreciate again for the chance to exchange information. We would like take this opportunity to inform IETF that we are currently working on a new draft Recommendation G.media-mgmt that describes the requirement and information & data model for transport media management.
> > Attachments:
> > 
> > No document has been attached
> > 
> > _______________________________________________
> > CCAMP mailing list
> > CCAMP@ietf.org <mailto:CCAMP@ietf.org>
> > https://www.ietf.org/mailman/listinfo/ccamp <https://www.ietf.org/mailman/listinfo/ccamp>
> 
> _______________________________________________
> CCAMP mailing list
> CCAMP@ietf.org <mailto:CCAMP@ietf.org>
> https://www.ietf.org/mailman/listinfo/ccamp <https://www.ietf.org/mailman/listinfo/ccamp>