Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Eric Gray <eric.gray@ericsson.com> Mon, 21 May 2018 18:57 UTC
Return-Path: <eric.gray@ericsson.com>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E780812E8DC for <ccamp@ietfa.amsl.com>; Mon, 21 May 2018 11:57:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h-d9lNayShR5 for <ccamp@ietfa.amsl.com>; Mon, 21 May 2018 11:57:12 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5272712D80E for <ccamp@ietf.org>; Mon, 21 May 2018 11:57:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526929030; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7M2EmHITAcLFDs/NeyoVzZplzdhm4L2da62/0+J10Xg=; b=UtWWZRYTpob8aU8sWiP3G6r/RUlVe0rnqVoIb5qzw8aK/ejOJo/raqzvkjJ23RZo UGPbNhphNz/z9KPYeT32vuu1dLfNCvmH2oKFaowCE+7jvpnkcHs6LvNb5TMO3ixD yLLxcg9SGbb+ciky0wDLzNm3Yv4kBp/l6YlzjGLlFCA=;
X-AuditID: c6180641-691ff70000002610-8f-5b031686307b
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id DD.ED.09744.686130B5; Mon, 21 May 2018 20:57:10 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0382.000; Mon, 21 May 2018 14:57:09 -0400
From: Eric Gray <eric.gray@ericsson.com>
To: Radia Perlman <radiaperlman@gmail.com>
CC: "Yemin (Amy)" <amy.yemin@huawei.com>, The IESG <iesg@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8IAAbMGAgADFmvCAAk+egIACQesQ
Date: Mon, 21 May 2018 18:57:09 +0000
Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
In-Reply-To: <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.221]
Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyuXRPlG6bGHO0wetvShabOzawWTyZc4PF 4vpbNYsZfyYyW2yZ85bV4sPChywObB47Z91l92g58pbVY8mSn0weXy5/ZgtgieKySUnNySxL LdK3S+DK2NKzmL2g5RRzxd1HvSwNjBP2MXcxcnJICJhINHybAWRzcQgJHGWUuHT/PTuEs5xR YsKcd0wgVWwCGhLH7qxlBLFFBLQkWjs/MIIUMQu0Mkls7poHlhAW8JXYd/YLC0RRgMS7/pdQ dpRE8+s/YOtYBFQlbnaAbODk4AWqn3X8KBPEtoPMEnP/HAJLcAoESmw+94INxGYUEJP4fmoN 2BXMAuISt57MZ4K4W0BiyZ7zUD+ISrx8/I8VwlaWuL7qCgtEfb7Evr5fzBDLBCVOznzCMoFR ZBaSUbOQlM1CUjaLkQMorimxfpc+RImixJTuh+wQtoZE65y57MjiCxjZVzFylBYX5OSmGxlu YgTG3zEJNscdjHt7PQ8xCnAwKvHwrmVkjhZiTSwrrsw9xCjBwawkwvvpElO0EG9KYmVValF+ fFFpTmrxIUZpDhYlcd5znrxRQgLpiSWp2ampBalFMFkmDk6pBsYZaZzrK+OKD0ttey/+NGXp DfOIcCmxlM+dHom6kZPbtLg/mrzgfh821VhG4ezkKrW/byc/a09k1fO9ryS7+dEKFa+F7t1l 59V+XY6z1unIepV053ym1qtnf//9+y6xer193gdl6TKluoTHYhu6N89qnxyw0iKzvSb6/41S /5q820GxN99lRimxFGckGmoxFxUnAgDy4iKWuwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ccamp/v1ke8MxXvT5XLM4dV5kE0SVSfrg>
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2018 18:57:16 -0000
So, one could read this as saying that some people view network management (e.g. – use of an NMS) and centralized network control (e.g. – SDN) as being somehow at least marginally distinct, yet becoming increasingly less so. Other people view them as completely disjoint, perhaps having a preference, and would like them to continue being considered completely separate and distinct concepts.
While I think it is probably fair to say that this is very likely true, this has all the ear marks of being a rat hole, and I cannot imagine what value the proposed text adds to the draft.
As I understand it, the intent was to clarify something to do with the following text:
This framework addresses the definition of an open and standardized
interface for the radio link functionality in a microwave node. The
application of such an interface used for management and control of
nodes and networks typically vary from one operator to another, in
terms of the systems used and how they interact. A traditional
solution is network management system, while an emerging one is SDN.
SDN solutions can be used as part of the network management system,
allowing for direct network programmability and automated
configurability by means of a centralized SDN control and
standardized interfaces to program the nodes.
Your comment was that the distinction is not clear. That is a fair point. And it is probably not addressed by the proposal.
I would further add that using emotionally freighted expressions (“classic”/”legacy”/”traditional” verses “innovative”/”novel”/”emerging”) doesn’t help and really isn’t appropriate in specification.
I suspect that the reason for claiming a distinction exists (however difficult it may be to characterize that distinction) is in the part of the above text having to do with operator preferences. These definitely do exist. 😊
Perhaps a good way to address the issue is to replace the last two sentences in the text above with something along the lines of:
“Possible approaches include via the use of a network management system (NMS), via software defined networking (SDN) and via some combination of NMS and SDN.”
Note that “automated configurability” is not a new concept in configuration of network devices, unique to SDN, hence the last part of the final sentence (starting with “allowing for …”) adds no value and should be left out.
--
Eric
From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: Saturday, May 19, 2018 11:35 PM
To: Eric Gray <eric.gray@ericsson.com>
Cc: Yemin (Amy) <amy.yemin@huawei.com>; The IESG <iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Importance: High
Hi Eric,
I feel bad for the authors of this document to be burdened with clarifying a distinction that has never been clear before (to lots of people, including me), but their proposed text doesn't make it clearer.
" “It's noted that there's idea that the NMS and SDN are evolving towards a component, and the distinction between them is quite vague. Another fact is that there is still plenty of networks where NMS is still considered as the implementation of the management plane, while SDN is considered as the centralization of the control plane. They are still kept as separate component"
Do you (or anyone else) have a suggestion for text that acknowledges to the reader that it's not the reader's fault for not understanding the difference?
It would be OK with me for them to leave out the extra entirely, since I'm sure this isn't the first RFC whose verbiage claims SDN and NMS are two different concepts. But if I were trying to get up to speed about this area by reading the documents, I'd be somewhat comforted by an acknowledgement (such as the text they propose, but with the English fixed) that these are fuzzy distinctions, so I wouldn't think it was just me....that if I only read more things, or thought harder, or had more background, the distinction would be clear.
Radia
On Fri, May 18, 2018 at 1:27 PM, Eric Gray <eric.gray@ericsson.com<mailto:eric.gray@ericsson.com>> wrote:
Hi Radia.
I agree that the English is awkward, but I would have interpreted “evolving toward a component” to mean something more along the lines of evolving toward the same (singular) thing. Or perhaps another way to look at it might be that, because YANG is becoming a more popular mechanism for both NMS and SDN, it is likely that one or both of these may become components of a common management framework.
I would interpret it this way precisely because – as you say – the distinction is not at all clear, though I would add that (to some of us) the distinction has never been very clear. 😊
For this reason, I would have some small difficulty in seeing how it would make much sense to say that they are evolving toward increasing similarity.
--
Eric
From: CCAMP [mailto:ccamp-bounces@ietf.org<mailto:ccamp-bounces@ietf.org>] On Behalf Of Radia Perlman
Sent: Friday, May 18, 2018 12:30 AM
To: Yemin (Amy) <amy.yemin@huawei.com<mailto:amy.yemin@huawei.com>>
Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; ccamp@ietf.org<mailto:ccamp@ietf.org>; secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org<mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thank you! Though what you're suggesting is awkward English.
Perhaps "We note that the distinction between NMS and SDN is not all that clear, and the two are evolving to be more and more similar." could replace the first sentence. I'm really not sure what you meant by "evolving toward a component", so perhaps I'm not capturing what you are intending to say.
Radia
On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com<mailto:amy.yemin@huawei.com>> wrote:
Hi Radia,
We just updated the draft, https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-framework/.
Your comments are addressed in the latest version.
BR,
Amy
From: Yemin (Amy)
Sent: Thursday, May 10, 2018 4:07 PM
To: 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com<mailto:daniele.ceccarelli@ericsson.com>>; Radia Perlman <radiaperlman@gmail.com<mailto:radiaperlman@gmail.com>>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org<mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; secdir@ietf.org<mailto:secdir@ietf.org>
Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
Hi Radia,
Thanks for your review.
Regarding the NMS and SDN, as Daniele suggested, we will add the following text in section 3:
“It's noted that there's idea that the NMS and SDN are evolving towards a component, and the distinction between them is quite vague. Another fact is that there is still plenty of networks where NMS is still considered as the implementation of the management plane, while SDN is considered as the centralization of the control plane. They are still kept as separate component.”
Regarding the security considerations, yes, this draft doesn’t specify the parameters.
There’s another draft draft-ietf-ccamp-mw-yang, where the security consideration is addressed as you suggested.
BR,
Amy
From: Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com]
Sent: Monday, May 07, 2018 5:46 PM
To: Radia Perlman <radiaperlman@gmail.com<mailto:radiaperlman@gmail.com>>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org<mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; secdir@ietf.org<mailto:secdir@ietf.org>
Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
Hi Radia,
let me reply on behalf of the authors. First of all many thanks for your review.
Regarding your question about traditional NMS vs SDN I agree with you on the fact that they are evolving towards a common component and the distinction is quite blurry, but there is still plenty of networks where NMS is still considered as the implementation of the management plane while SDN the centralization of the control plane and they are still kept as separate things.
Hence, since the authors speak about “traditional” NMS and SDN I would tend to allow for the distinction to be kept. If you prefer a note speaking about the convergence of the two things can be added.
Thanks a lot
Daniele (ccamp co-chair)
From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: lunedì 7 maggio 2018 08:55
To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org<mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; secdir@ietf.org<mailto:secdir@ietf.org>
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
Sorry...resending because I mistyped the author address.
---------- Forwarded message ----------
From: Radia Perlman <radiaperlman@gmail.com<mailto:radiaperlman@gmail.com>>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org<mailto:draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, secdir@ietf.org<mailto:secdir@ietf.org>
Summary: No security issues found, but I do have questions, and there are editing glitches
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
This document describes the management interface for microwave radio links.
It advocates (correctly, I believe) that such an interface should be extensible to provide for vendor-specific features.
I don't understand the difference between a "a traditional network management system" and SDN. Perhaps it is not the job of this document to clearly make the distinction, and I suspect there is no real distinction...setting parameters (traditional network management) is a way of "programming" an interface ("SDN").
This document could use an editing pass for glitches, but these glitches do not impact its readability.
The glitches consist mostly of leaving out little words like "of" in the following sentence.
"The adoption of an SDN framework for management and
control the microwave interface is one of the key applications for
this work."
The security considerations say that they assume a secure transport layer (authenticated, probably encryption isn't necessary) for communication. Other than that, perhaps, there might be security considerations for inadvertently setting parameters incorrectly, or maliciously by a trusted administrator. But this document does not specify the specific parameters to be managed, just a general framework.
Radia
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Yemin (Amy)
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Radia Perlman
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Yemin (Amy)
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Eric Gray
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Radia Perlman
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… BRUNGARD, DEBORAH A
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Eric Gray
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Yemin (Amy)
- Re: [CCAMP] Secdir review of draft-ietf-ccamp-mic… Radia Perlman