IETF Logo Mail Archive

Re: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt

Dean Bogdanovic <deanb@juniper.net> Tue, 17 June 2014 13:25 UTC

Return-Path: <deanb@juniper.net>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B031A0383 for <i2rs@ietfa.amsl.com>; Tue, 17 Jun 2014 06:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KrjSOEv5EtC for <i2rs@ietfa.amsl.com>; Tue, 17 Jun 2014 06:25:35 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0188.outbound.protection.outlook.com [207.46.163.188]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 597D91A037D for <i2rs@ietf.org>; Tue, 17 Jun 2014 06:25:35 -0700 (PDT)
Received: from BN1PR05MB424.namprd05.prod.outlook.com (10.141.58.148) by BN1PR05MB438.namprd05.prod.outlook.com (10.141.58.12) with Microsoft SMTP Server (TLS) id 15.0.954.9; Tue, 17 Jun 2014 13:25:32 +0000
Received: from BN1PR05MB424.namprd05.prod.outlook.com ([169.254.8.141]) by BN1PR05MB424.namprd05.prod.outlook.com ([169.254.8.155]) with mapi id 15.00.0954.000; Tue, 17 Jun 2014 13:25:32 +0000
From: Dean Bogdanovic <deanb@juniper.net>
To: "t.petch" <ietfc@btconnect.com>
Thread-Topic: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt
Thread-Index: AQHPgcJPUJvejJP5KkGEiMWG5tf2EJtsshcAgAK5SACAADPXgIAABLmAgAV4kMqAAD8ygA==
Date: Tue, 17 Jun 2014 13:25:31 +0000
Message-ID: <CF57D56C-C00C-4D06-910C-17847D023017@juniper.net>
References: <20140604174423.25048.19110.idtracker@ietfa.amsl.com> <005101cf8025$b7cc2b70$27648250$@ndzh.com> <010001cf8099$1c8ba860$4001a8c0@gateway.2wire.net> <004301cf809a$c5d6a090$5183e1b0$@ndzh.com> <8368317D-0E4F-4D6A-8B5C-9366E0F5FC1C@juniper.net> <00ce01cf85da$ce8b8ad0$6ba2a070$@ndzh.com> <41EEF4CB-4694-4617-B2BF-71F89237AB1D@juniper.net> <017b01cf8751$5e9e3100$1bda9300$@ndzh.com> <F09CEB8D-4FBB-463D-97EB-96BB2A0C773D@juniper.net> <022701cf8a0f$8ba93b20$4001a8c0@gateway.2wire.net>
In-Reply-To: <022701cf8a0f$8ba93b20$4001a8c0@gateway.2wire.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.1510)
x-originating-ip: [66.129.241.14]
x-microsoft-antispam: BL:0; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:
x-forefront-prvs: 0245702D7B
x-forefront-antispam-report: SFV:NSPM; SFS:(979002)(6009001)(428001)(377424004)(189002)(199002)(24454002)(76094002)(13464003)(377454003)(51704005)(92566001)(15975445006)(83072002)(19580395003)(105586001)(19580405001)(86362001)(85852003)(57306001)(83322001)(89996001)(93886003)(95666004)(101416001)(81342001)(77982001)(92726001)(99286002)(36756003)(4396001)(21056001)(74662001)(76482001)(33656002)(77096002)(85306003)(46102001)(77156001)(31966008)(62966002)(79102001)(74502001)(81542001)(15202345003)(50986999)(20776003)(87936001)(99396002)(83716003)(88136002)(76176999)(2656002)(104166001)(80022001)(93916002)(66066001)(64706001)(87286001)(50226001)(82746002)(104396001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:; SCL:1; SRVR:BN1PR05MB438; H:BN1PR05MB424.namprd05.prod.outlook.com; FPR:; MLV:ovrnspm; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=deanb@juniper.net;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <75B58ADEB9ACBB4487BCB5FF165E7EE5@namprd05.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/i2rs/63OVniV7CxMv8XJgbxWsvWzn0hU
Cc: "<i2rs@ietf.org>" <i2rs@ietf.org>, Susan Hares <skh@ndzh.com>, "<rex@cisco.com>" <rex@cisco.com>, "Keyur Patel (keyupate)" <keyupate@cisco.com>, Hannes Gredler <hannes@juniper.net>, Russ White <russw@riw.us>, Susan Hares <shares@ndzh.com>
Subject: Re: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 13:25:40 -0000

On Jun 17, 2014, at 5:35 AM, t.petch <ietfc@btconnect.com> wrote:

> ----- Original Message -----
> From: "Dean Bogdanovic" <deanb@juniper.net>
> To: "Susan Hares" <shares@ndzh.com>
> Sent: Friday, June 13, 2014 11:06 PM
> 
> Susan,
> 
> My answer  to your question
> do we ever let I2RS upon a command transfer policies to the persistent
> storage?
> 
> My initial answer is no. And reason is security. Network admins want to
> know exact state of the device after rebooting. If we want to allow
> transfer of policies, then we would have to define roles and which roles
> would be allowed to do that transfer. We are making things more complex,
> when there are existing mechanisms for admins to do that.
> 
> <tp>
> The counter argument to this is having got it right once, for some,
> perhaps large, instantiation of an I2RS it, do you want to have to do it
> all over again?
why not? Isn't the point of automation to be able to reliably repeat actions over and over again?
> 
> That is, I agree that after reboot, an operator should know that the box
> is in the state defined by the NETCONF startup configuration datastore
> with nothing added but that there may be a valid case for saying that
> all the changes downloaded by I2RS remain stored, but not applied, eg in
> a candidate I2RS datastore, which can then be copied to the running I2RS
> datastore when the operator is satisfied that the time is right.
I don't want to have multiple data stores in I2RS. I have recommended RESTCONF for I2RS and one of the main reasons for that was single data store, which makes config management very easy, as there is only one config.
> 
> Just a thought.
> 
> Tom Petch
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Dean
> 
> On Jun 13, 2014, at 5:49 PM, Susan Hares
> <shares@ndzh.com<mailto:shares@ndzh.com>> wrote:
> 
> Dean:
> Thank you for your thoughtful answer.  I was looking for it, but I’m
> glad you watched Croatia (I’m sorry about Croatia’s loss).
> 
> I agree with the types of policies and the status: persistent,
> transient, and ephemeral.  However, do we ever let I2RS upon a command
> transfer policies to the persistent storage?  This what I read in REQ04.
> In reading the email, I’m not sure how to summarize the WG’s approach.
> My answer would be “no”, but if this is a WG document the answer needs
> to come from the WG.
> 
> Sue
> 
> From: i2rs [mailto:i2rs-bounces@ietf.org<mailto:bounces@ietf.org>] On
> Behalf Of Dean Bogdanovic
> Sent: Friday, June 13, 2014 2:44 PM
> To: Susan Hares
> Cc: <i2rs@ietf.org<mailto:i2rs@ietf.org>>; Susan Hares;
> <rex@cisco.com<mailto:rex@cisco.com>>; t.petch; Keyur Patel (keyupate);
> Hannes Gredler; Russ White
> Subject: Re: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt
> 
> Susan,
> 
> Sorry for late reply, but yesterday started a very significant
> quadrennial event (FIFA World Cup) and Croatia played (and lost with
> help of the referee).
> 
> WRT REQ04, I agree with the posts and here are few thoughts on this
> 
> We should try to divide policies into few categories.
> 
> 1. persistent
> There is a set of policies that have to be available from very start on
> the device. Those policies should be persistent on the device and I see
> them changing infrequently. IMO, there is no need for I2RS to manage
> those policies, readonly access is sufficient.
> 2. transient
> Policies that are temporary defining some fwd behavior of device. I can
> see lot of cases where different applications based on some network
> conditions want to change forwarding behavior. Those should not be
> available after reboot.
> 3. locally defined
> by this I mean policies that defined by admin, applications through
> local I2RS agent. These can be transient and persistent, where I would
> classify that I2RS agent policies are only transient. Actually after
> rereading this, I would even consider policies defined by I2RS as
> remotely defined and therefore transient.
> 4. remotely defined
> by this I mean policies pushed from a different device (policy server,
> router) via some protocol (DIAMETER, RADIUS, BGP). IMO, those should be
> always ephemeral.
> 
> Dean
> 
> On Jun 11, 2014, at 9:08 PM, Susan Hares
> <shares@ndzh.com<mailto:shares@ndzh.com>> wrote:
> 
> 
> Dean:
> 
> I combined REQ01/02 and REQ08/09.  I've put the requirements in the
> front of the text.  Please let know if have any suggestions on these
> approved changes.  I wait 24 hours, and then spin the draft.
> 
> On the agreement on REQ04, I cannot find a firm consensus.  I would ask
> Jeff Haas or Ed Crabbe to indicate if they think there is a consensus on
> the WG. I highlight a few messages below. The document is proposed for
> WG consensus so I will change it if the WG has consensus.
> 
> 
> Sue Hares
> 
> 
> Search for Consensus
> =====
> Based on your comment, I sent looking for WG Direction regarding BGP or
> I2RS putting state.   I cannot find it.  BGP has a Flow specification
> (RFC5575).  Where do you think those flow specifications end up?
> Writing into runtime configuration state? Writing into something like
> I2RS running data store?  BGP ORFs might be kept in the BGP state or in
> associated features (Add/delete) in BGP, but Flow specifications are
> targeted toward data flow.
> 
> On the list I could find the following:
> 
> 1. I2RS BGP state to configuration - Wes George (operator) makes a
> comment that I2RS configuration should not replace current configuration
> related to BGP.
> 
> http://www.ietf.org/mail-archive/web/i2rs/current/msg00826.html
> 
> 
> 
> 2. There is the Architecture Discussion 2: Persistence (ephemeral vs.
> permanent) - is the debate for the architecture document regarding
> keeping state in the I2RS
> Begin:
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01027.html
> 
> Joel's: no state across a reboot:
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01034.html
> 
> 
> 3. Wes George (operator) makes a comment that I2RS configuration should
> not replace current configuration related to BGP.
> http://www.ietf.org/mail-archive/web/i2rs/current/msg00826.html
> 
> 
> There is the Architecture Discussion 2: Persistence (ephemeral vs.
> permanent)
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01027.html
> 
> 
> Multiple clients writing to agents (raised by Himanshu Shah)
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01139.html
> 
> 
> Jeff (chair hat off) states he does not want to have I2rs changing state
> tables come from routing protocols (BGP--> I2RS state).  He also feel
> dynamic state tables should be read-only, and not writable as suggested
> by the use case.
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01666.html
> 
> 
> In the same thread, Sri states the I2RS agent should not provide an
> interface to change a table if there is no use-case to support it.
> Dynamic protocols --> I2RS (I2RS read only).  I2RS--> RIB-IM.   Sri
> states " I am yet to see a use-case that requires direct manipulation of
> a single dynamic routing-protocol-instance specific route table by
> something other than that protocol. I don't believe there should be any
> such case."    However, here it has been in the BGP use case.
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01671.html
> 
> 
> Jeff responds to Sri in tends to agree and does not mention the use
> case.
> http://www.ietf.org/mail-archive/web/i2rs/current/msg01752.html
> 
> 
> Sue Hares
> 
> -----Original Message-----
> From: Dean Bogdanovic [mailto:deanb@juniper.net<http://juniper.net>]
> Sent: Friday, June 06, 2014 4:03 PM
> To: Susan Hares
> Cc: t.petch; <i2rs@ietf.org<mailto:i2rs@ietf.org>>; Keyur Patel
> (keyupate); Hannes Gredler; Russ White; Susan Hares;
> <rex@cisco.com<mailto:rex@cisco.com>>
> Subject: Re: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt
> 
> Susan,
> 
> Many people don't know what NLRI abbreviation stands for (Network Layer
> Reachability Information , so writing it out first time would be a good
> idea.
> 
> Throughout the text, the requirement number sequence is confusing until
> you get to the very and where all requirements are listed and then it
> makes sense.
> 
> REQ04: The ability to interact with various policies configured on
>      the forwarding devices, in order to inform the policies
>      implemented by the dynamic routing processes.  This interaction
>      should be through existing configuration mechanisms, such as
>      NETCONF, and should be recorded in the configuration of the local
>      device so operators are aware of the full policy implemented in
>      the network from the running configuration.
> It is not clear to me if your requirement is that dynamic protocols
> should impose persistent policies? It says it should be recorded in the
> configuration of the local device.
> 
> I agree that those policies should be visible to operators and other
> applications, but not sure if dynamic protocols should be allowed to
> implement persistent policies. IMO, those should be ephemeral policies.
> So maybe text should look like this
> This interaction should be through existing configuration mechanisms,
> such as NETCONF, and should be recorded in the running or ephemeral
> configuration of the local device so operators are aware of the full
> policy implemented in the network from the running configuration.
> 
> I'm trying to see major difference between REQ01/REQ02 and REQ08/REQ09?
> 
> In general I'm not sure if changing entries by dynamic protocol in RIB
> is a good idea. If you plan to change only what is configured on the
> local device, then that is OK, but if you start changing entries that
> are pushed from other devices in the network, the system would get
> unstable. And it looks to me that REQ09 would allow that.
> 
> Dean
> 
> 
> On Jun 5, 2014, at 4:47 AM, Susan Hares
> <shares@ndzh.com<mailto:shares@ndzh.com>> wrote:
> 
>> Tom:
>> 
>> I'm glad to change the citation in the abstract.    On the authors,
> this was
>> merge of two drafts.
>> 
>> Sue
>> 
>> -----Original Message-----
>> From: t.petch [mailto:ietfc@btconnect.com<http://btconnect.com>]
>> Sent: Thursday, June 05, 2014 4:35 AM
>> To: Susan Hares; i2rs@ietf.org<mailto:i2rs@ietf.org>
>> Cc: 'Keyur Patel (keyupate)'; Hannes Gredler; Russ White; 'Susan
>> Hares'; rex@cisco.com<mailto:rex@cisco.com>
>> Subject: Re: [i2rs] FW: I-D Action:
>> draft-keyupate-i2rs-bgp-usecases-02.txt
>> 
>> Sue
>> 
>> Currently you have six authors which is too many for an RFC -
> someone's
>> got to go!   For me, this is not just an admin point - when
> commenting,
>> I like to have one or two names, no more, as the clear pen holders
>> whom I can expect to act.  Too often, with so many names, everyone
>> thinks that someone else will do something and nothing happens, so, in
>> all seriousness, I oppose adoption until you sort this out amongst
> yourselves.
>> 
>> Note too that you have a citation in the Abstract, again not allowed -
>> this can be surprising difficult to get round but get round it you,
>> one or more thereof, must.
>> 
>> Tom Petch
>> 
>> 
>> ----- Original Message -----
>> From: "Susan Hares" <shares@ndzh.com<mailto:shares@ndzh.com>>
>> To: <i2rs@ietf.org<mailto:i2rs@ietf.org>>
>> Cc: "'Keyur Patel (keyupate)'"
> <keyupate@cisco.com<mailto:keyupate@cisco.com>>; "Hannes Gredler"
>> <hannes@juniper.net<mailto:hannes@juniper.net>>; "Russ White"
> <russw@riw.us<mailto:russw@riw.us>>; "'Susan Hares'"
>> <skh@ndzh.com<mailto:skh@ndzh.com>>;
> <rex@cisco.com<mailto:rex@cisco.com>>
>> Sent: Wednesday, June 04, 2014 7:49 PM
>> Subject: [i2rs] FW: I-D Action:
>> draft-keyupate-i2rs-bgp-usecases-02.txt
>> 
>> 
>>> Jeff and Ed:
>>> 
>>> This updated draft has all the changes that Keyur Patel promised and
>> updates
>>> to the reference the current i2rs internet drafts.
>>> 
>>> Would you please do a Working Group adoption call?
>>> 
>>> Thank you,
>>> Sue Hares
>>> 
>>> 
>>> -----Original Message-----
>>> From: i2rs [mailto:i2rs-bounces@ietf.org<mailto:bounces@ietf.org>] On
> Behalf Of
>>> internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
>>> Sent: Wednesday, June 04, 2014 1:44 PM
>>> To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
>>> Cc: i2rs@ietf.org<mailto:i2rs@ietf.org>
>>> Subject: [i2rs] I-D Action: draft-keyupate-i2rs-bgp-usecases-02.txt
>>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories.
>>> This draft is a work item of the Interface to the Routing System
>> Working
>>> Group of the IETF.
>>> 
>>>       Title           : Use Cases for an Interface to BGP Protocol
>>>       Authors         : Keyur Patel
>>>                         Rex Fernando
>>>                         Hannes Gredler
>>>                         Shane Amante
>>>                         Russ White
>>>                         Susan Hares
>>> Filename        : draft-keyupate-i2rs-bgp-usecases-02.txt
>>> Pages           : 17
>>> Date            : 2014-06-04
>>> 
>>> Abstract:
>>>  A network routing protocol like BGP is typically configured and
>>>  analyzed through some form of Command Line Interface (CLI) or
>>>  NETCONF.  These interactions to control BGP and diagnose its
>>>  operation encompass: configuration of protocol parameters, display
>> of
>>>  protocol data, setting of certain protocol state and debugging of
>> the
>>>  protocol.
>>> 
>>>  Interface to the Routing System's (I2RS) Programmatic interfaces,
>> as
>>>  defined in draft-ietf-i2rs-architecture, provides an alternate way
>> to
>>>  control and diagnose the operation of the BGP protocol.  I2RS may
>> be
>>>  used for the configuration, manipulation, analyzing or collecting
>> the
>>>  protocol data.  This document describes set of use cases for which
>>>  I2RS can be used for BGP protocol.  It is intended to provide a
>> base
>>>  for the solution draft describing a set of interfaces to the BGP
>>>  protocol.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-keyupate-i2rs-bgp-usecases/
>>> 
>>> There's also a htmlized version available at:
>>> http://tools.ietf.org/html/draft-keyupate-i2rs-bgp-usecases-02
>>> 
>>> A diff from the previous version is available at:
>>> http://www.ietf.org/rfcdiff?url2=draft-keyupate-i2rs-bgp-usecases-02
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of
>> submission
>>> until the htmlized version and diff are available at
> tools.ietf.org<http://tools.ietf.org>.
>>> 
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> _______________________________________________
>>> i2rs mailing list
>>> i2rs@ietf.org<mailto:i2rs@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/i2rs
>>> 
>>> _______________________________________________
>>> i2rs mailing list
>>> i2rs@ietf.org<mailto:i2rs@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/i2rs
>>> 
>> 
>> 
>> _______________________________________________
>> i2rs mailing list
>> i2rs@ietf.org<mailto:i2rs@ietf.org>
>> https://www.ietf.org/mailman/listinfo/i2rs
> 
> <draft-keyupate-i2rs-bgp-usecases-03.txt><draft-keyupate-i2rs-bgp-usecas
> es-03.txt.pdf>
> 
> 
>

v2.23.0 | Report a Bug | By Email