Re: [i2rs] Call for Adoption by WG: draft-atlas-i2rs-architecture-01 (ends Aug 12)
"Joel M. Halpern" <jmh@joelhalpern.com> Wed, 14 August 2013 17:48 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6546221E80C8 for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 10:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYaGUH49jE3K for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 10:48:48 -0700 (PDT)
Received: from mailc2.tigertech.net (mailc2.tigertech.net [208.80.4.156]) by ietfa.amsl.com (Postfix) with ESMTP id 58CAA21E80C7 for <i2rs@ietf.org>; Wed, 14 Aug 2013 10:48:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailc2.tigertech.net (Postfix) with ESMTP id 93242141DFC; Wed, 14 Aug 2013 10:48:47 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at c2.tigertech.net
Received: from Joels-MacBook-Pro.local (c213-89-137-101.bredband.comhem.se [213.89.137.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailc2.tigertech.net (Postfix) with ESMTPSA id BD194141E05; Wed, 14 Aug 2013 10:48:45 -0700 (PDT)
Message-ID: <520BC2F9.9080500@joelhalpern.com>
Date: Wed, 14 Aug 2013 13:48:41 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Joe Marcus Clarke <jclarke@cisco.com>
References: <CAG4d1rdDqdajvUeF4WwJ1Jwn_=xqOMkXrkWwCHtsdsZn6WKzRA@mail.gmail.com> <51F8ED88.5050208@cisco.com> <CAG4d1rdBjyx2+jR5+Pc0RNsr_NSRLtrK6RaFgEqwvguHweZ0Cw@mail.gmail.com> <520BC148.3030306@cisco.com>
In-Reply-To: <520BC148.3030306@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, Alia Atlas <akatlas@gmail.com>
Subject: Re: [i2rs] Call for Adoption by WG: draft-atlas-i2rs-architecture-01 (ends Aug 12)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 17:48:54 -0000
Depending upon how one reads RFCs, declaring that having two writers is an error is a MUST NOT write. But we are also trying to recognize that no matter how many MUST NOT statements we produce, things happen. So we are trying to define the handling. I can live with precedence. I can live with "the item does not change". But I do think it is helpful for us to be explicit about the behavior in this far-to-likely error case. Yours, Joel On 8/14/13 1:41 PM, Joe Marcus Clarke wrote: > On 8/13/13 4:01 PM, Alia Atlas wrote: >> Section 1.2: >> >> As can also be seen in Figure 1, an I2RS Agent may communicate with >> multiple clients. Each client may send the agent a variety of write >> operations. The handling of this situation has been a source of >> discussion in the working group. In order to keep the protocol >> simple, the current view is that two clients should not be attempting >> to write (modify) the same piece of information. Such collisions may >> happen, but are considered error cases that should be resolved by the >> network applications and management systems. >> >> JMC: I think more verbiage is needed around how to detect collisions. >> This is key to security considerations. Saying "clients should not" is >> not strong enough to keep our potential attackers. If each operation is >> tagged with an identifier that is unique to a client, then it will be >> possible to determine if the current client is trying to overwrite data >> from a previous client. This could fold into authz as well where there >> is a permission to allow global override of other application's state. >> >> >> [Alia] For the I2RS Agent to properly handle a collision, it does need >> to store the client identifier. I think that is clear in Sec 5.2 >> "Simply, the I2RS agent stores who did what operation to which entity." >> and the details in Sec 6.8 are "The current recommendation is to have a >> simple priority associated with each I2RS clients, and the highest >> priority change remains in effect. In the case of priority ties, the >> first client whose attribution is associated with the data will keep >> control." We already have a reference to Sec 6.8 right there - and that >> section is where the details are discussed. What specific additional >> verbiage do you think would be useful? The priority is a knob to allow >> overwriting of other applications' state - though needing to is >> considered an error. :-) > > When I first read this, I wanted something stronger to prevent clients > from writing to the same piece of data. I think the forward references > are fine if perhaps a bit late in the text. But my ask was to > strengthen the language to say "must not write." > >> >> >> Section 2: >> >> read scope: ... >> >> write scope: ... >> >> JMC: Should there be an event or notification scope in addition to read >> and write? >> >> >> [Alia] I think it is folded into the read scope. If we find the need >> for such a term later on, then we can add it. > > This section talks about "terminology" used in the draft. However, > "read scope" as terminology is not used anywhere. The concept of > _reading_ data is, however, quite prevalent. In the same way, the draft > talks about "notification" in a number of contexts. As such, I feel > there is enough distinction there to warrant calling out what is meant > by a notification scope. > > "notification scope: The set of events and associated information that > will be sent northbound by the I2RS Agent to I2RS Clients. Clients have > the ability to register for specific events, but must do so given the > access restrictions of their associated read scope." > >> >> Section 3.4: >> >> I2RS clients may be operating on behalf of other applications. While >> those applications' identities are not need for authorization, each >> application should have a unique opaque identifier that can be >> provided by the I2RS client to the I2RS agent for purposes of >> tracking attribution of operations. >> >> JMC: The opaque ID might make it hard to accurately attribute changes. >> I2RS should mandate a way to ensure traceability back to a client that >> made the change or was granted access. >> >> >> [Alia] What do you have in mind? The I2RS client will have a security >> role and its scope. The I2RS client needs to vet the applications that >> it is a broker for. The opaque ID can be something that is meaningful >> to that I2RS client. Basically, I2RS is providing the identity and >> security for between the I2RS client and the I2RS agent. I don't see it >> as practical or appropriate to try and define how the I2RS client and >> its applications interact; I know the broker/controller model is popular >> and so we do need enough to help support traceability to a secondary ID, >> but I'm not sure what is needed or appropriate beyond that. > > After listening to the working group session and based on other threads, > this text is now clearer to me. To summarize my feeling, I don't think > I2RS should mandate a northbound Client protocol, but we need a unique > way to identify the specific Client that obtained access. This means > that even in a load-balancing or HA case, there must be a way to > uniquely identify the Client that communicate with the Agent. The > northbound actor driving the Client should also be identifiable, but > that is outside the scope of this document. > >> Section 5.2.2: >> >> An I2RS Agent may decide that some state should no longer be applied. >> An I2RS Client may instruct an Agent to remove state it has applied. >> In all such cases, the state will revert to what it would have been >> without the I2RS; that state is generally whatever was specified via >> the CLI, NetConf, SNMP, etc. I2RS Agents will not store multiple >> alternative states, nor try to determine which one among such a >> plurality it should fall back to. Thus, the model followed is not >> like the RIB, where multiple routes are stored at different >> preferences. >> >> JMC: Previously I had commented that one event that should be supported >> and perhaps documented here is that if the agent decides to revert the >> application can be notified that its state has been reverted. This >> might also be useful if another client overrides some portion of another >> client's state (this is covered in Section 6.8, but might be useful to >> mention here as well). Perhaps add at the end of Section 5.2.2: >> >> "A client may choose to be notified whenever its state is reverted >> either by another client or by the I2RS agent." >> >> >> [Alia] I'll put in: "An I2RS Client may register for notifications when >> state that was >> applied by a particular I2RS Client is modified or removed." That is >> slightly different since it allows an I2RS Client to learn about the >> changes to state from itself or from a different I2RS Client. > > WFM, thanks. > >> >> Section 5.4.2: >> >> (Bulleted list of examples) >> >> JMC: Consider adding an example for an event such as a new route being >> learned or an OSPF neighbor removal. >> >> >> [Alia] I think that "writing routes or prefixes to be advertised via the >> protocol" describes a new route being learned. I'd prefer not to put >> OSPF neighbor removal in as an example. It raises the questions about >> what is configuration vs. ephemeral data and the I2RS scope. If you >> have a good use-case that requires it, then I'd be quite interested in >> seeing it. > > I was specifically asking about an _event_ use case. Very simply if we > learn/lose a route, I'd want my Client to be notified so I can perhaps > react to it to install another route or remove a route I have previously > installed (e.g., a failover/failback use case). > > Additionally, if a peer is otherwise reachable, but stops participating > in OSPF, BGP, etc., I would like I2RS to notify my Client as I may not > know about this any other way (though I could be flooded with route > delete events, it's good to correlate that to a peer going away). > >> >> >> >> Section 5.4.4: >> >> Many network elements have separate policy and QoS mechanisms, >> including knobs which affect local path computation and queue control >> capabilities. These capabilities vary widely across implementations, >> and I2RS cannot model the full range of information collection or >> manipulation of these attributes. A core set does need to be >> included in the I2RS data models and in the expected interfaces >> between the I2RS Agent and the network element, in order to provide >> basic capabilities and the hooks for future extensibility. >> >> JMC: I think this either needs an editor's note for more discussion or >> perhaps QoS in general should be out of scope. >> >> >> [Alia] I am happy to add in an editor's note for more discussion - but >> we should start that conversation now on the list - because the WG does >> have quite tight deadlines for milestones. > > Fair enough. > >> Section 6.1: >> >> That protocol may use several underlying transports (TCP, >> SCTP, DCCP), with suitable authentication and integrity protection >> mechanisms. Whatever transport is used for the data exchange, it >> must also support suitable congestion control mechanisms. >> >> JMC: I think Carlos (or someone) mentioned this, but I'm not sure DCCP >> is ideal for I2RS since we likely do want reliable order of delivery. >> >> >> [Alia] Yes - DCCP is clearly the wrong choice for a control channel - >> but it may be >> good for delivering statistics. I think we'll have different transport >> options depending on the requirements of a particular data model or >> section. Since you are the second person to be confused by that >> section, I've added the following sentence: >> >> "These different transports can support different types of >> communication (e.g. control, reading, notifications, and information >> collection) and different sets of data." >> >> Let me know if that helps or if you have better ideas for wording. > > That works. > >> Section 6.7: >> >> One of the other important aspects of the I2RS is that it is intended >> to simplify collecting information about the state of network >> elements. >> >> JMC: I think this needs to be more specific to routing information >> versus any information from the network element (e.g., it does not cover >> CPU statistics). >> >> >> [Alia] The scoping is a question - and that will depend on what the >> use-cases we consider need and what the related information and data >> models need to be. If you look at the >> draft-bitar-i2rs-service-chaining-00, it does ask for things like CPU >> load. I do think there is a real need to be able to get back >> thresholded and filtered information. You probably heard Ed's personal >> thoughts about a single protocol as well... So - I don't think the >> architecture needs to restrict the data in scope - particular in a >> section that is talking about communication patterns - but as a WG, we >> need to keep a tight focus that still provides sufficient information to >> fully solve the desired use-cases. > > My concerns comes from a desire not to have I2RS become a common > API/protocol for things that SNMP or NETCONF or some other potential > data collection scheme is used for. So I agree we need a tight focus > and potentially a litmus test for what should be adopted as collectable > data via I2RS. As it stands now, I think someone could argue for any > kind of data and present a use case for it (e.g., latency, interface > errors, location). So the statement I made was more around the lines of > should I2RS stay pure to routing and routed topology or should we really > open the door to other data that is not specifically related to routing? > > Joe > >>
- [i2rs] Call for Adoption by WG: draft-atlas-i2rs-… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joel M. Halpern
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Susan Hares
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Thomas Nadeau
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… N.Leymann
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… George, Wes
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Jon Mitchell
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Carlos Pignataro (cpignata)
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joe Marcus Clarke
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Carlos Pignataro (cpignata)
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… KwangKoog Lee
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Jamal Hadi Salim
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Sriganesh Kini
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Edward Crabbe
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… t.petch
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joel M. Halpern
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joe Marcus Clarke
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joel M. Halpern
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Carlos Pignataro (cpignata)
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Jakob Heitz
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Carlos Pignataro (cpignata)
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Joel M. Halpern
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas
- Re: [i2rs] Call for Adoption by WG: draft-atlas-i… Alia Atlas