Re: [Ibnemo] Network user role definition and classification.
"Lifengkai (Fengkai)" <lifengkai@huawei.com> Fri, 17 July 2015 09:00 UTC
Return-Path: <lifengkai@huawei.com>
X-Original-To: ibnemo@ietfa.amsl.com
Delivered-To: ibnemo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6787D1B31CC for <ibnemo@ietfa.amsl.com>; Fri, 17 Jul 2015 02:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWVA6D0jogXX for <ibnemo@ietfa.amsl.com>; Fri, 17 Jul 2015 02:00:35 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A38CB1B31CA for <ibnemo@ietf.org>; Fri, 17 Jul 2015 02:00:34 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BVH33291; Fri, 17 Jul 2015 09:00:32 +0000 (GMT)
Received: from NKGEML402-HUB.china.huawei.com (10.98.56.33) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 17 Jul 2015 10:00:31 +0100
Received: from NKGEML505-MBS.china.huawei.com ([169.254.2.59]) by nkgeml402-hub.china.huawei.com ([10.98.56.33]) with mapi id 14.03.0158.001; Fri, 17 Jul 2015 17:00:23 +0800
From: "Lifengkai (Fengkai)" <lifengkai@huawei.com>
To: "Lifengkai (Fengkai)" <lifengkai@huawei.com>, "ibnemo@ietf.org" <ibnemo@ietf.org>
Thread-Topic: Network user role definition and classification.
Thread-Index: AdC917TEpc/AIaewREqe8+mb7gfItACjDMlg
Date: Fri, 17 Jul 2015 09:00:22 +0000
Message-ID: <865C20BAAE8BBD4C89E7D6FE694F6B3B31C2C197@nkgeml505-mbs.china.huawei.com>
References: <865C20BAAE8BBD4C89E7D6FE694F6B3B31C26D7F@nkgeml505-mbs.china.huawei.com>
In-Reply-To: <865C20BAAE8BBD4C89E7D6FE694F6B3B31C26D7F@nkgeml505-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.243]
Content-Type: multipart/alternative; boundary="_000_865C20BAAE8BBD4C89E7D6FE694F6B3B31C2C197nkgeml505mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/ibnemo/mMs_aJyXwwKbO2_ETWwCOe20prg>
Cc: zhouguangtao <zhouguangtao@chinaunicom.cn>
Subject: Re: [Ibnemo] Network user role definition and classification.
X-BeenThere: ibnemo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of Nemo, an intent-based North Bound \(NB\) interface consisting of an application protocol running over HTTP \(RESTful interfaces\) to exchange intent-based primitives between applications and meta-controllers controlling virtual network resources \(networks, storage, CPU\)." <ibnemo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ibnemo/>
List-Help: <mailto:ibnemo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2015 09:00:42 -0000
Hi all, I would continue my steps for the role type list proposal. I think people are busy preparing the coming IETF conference, then welcome comments and thanks for sparing your time. I had a discussion with people from China Unicom about China Unicom's organization structure, which is based on the division of functional units. From the discussion, we concluded the following six types of roles. I worked out the detailed descriptions of the specific roles and their responsibilities and requirements of the network according. Please give your comments and thanks again. 1. Network infrastructure planer/constructer Network infrastructure includes the physical hardware as well as inner running software used to transmit data, such as routers, switches, gateways, bridges, hubs, etc. People with this role type focus on the construction of network infrastructure to enable the network connectivity, communications, and service deployments. They build the network up from scratch or incrementally. They mainly following the three steps, 1) geographical design, determining the place for putting the network devices and interconnection between the network devices; 2) topological design, determining the size, topology of the network based on the capacity requirements and cost considerations; 3) network realization, interconnecting of the network devices. They cares about many parameters of the network devices, such as the capacity, performance, power consumption, price, volume/size, and so on. Based on the requirements and the network device parameters, the network infrastructure planer/constructer can work out the network deployments to satisfy the communication requirements. 2. Network configurator People with the network configurator role focus on the managements and configurations of the networks, which may come from 1) the basic network service requirements; or 2) the network solution requirements for customers (i.e. end-user, home user, group users etc.). They have access to the hardware and software of network devices (i.e. routers, switches, firewalls, DPI devices, DNS, etc.) that constitutes the networking infrastructure. The network devices may be from different vendors and the configurations vary from one to each other. Network configurator would want a vendor-neutral way or method to boot up or upgrade network devices, set up the AS/area/zone, basic routing protocols (i.e. RIP, OSPF, IS-IS, BGP, MPLS, etc.), basic connectivity service (i.e. L2VPN, L3VPN, TE, etc.), accessing control functions, traffic management, and so on. 3. Network monitor People with network monitor role focus on the status, exceptions, failure, performance, SLA monitoring of the network. The network monitoring may be for 1) the malfunction of the network devices, such as unreachability, physical device exceptions, routing exceptions, etc.; or 2) customers (i.e. end-user, home user, group users, etc.) requirements are not satisfied, such as unqualified performance, SLA violation, etc. The network monitor should be able to acquire related information from the networks. Network monitor would be able to trigger the connectivity testing, SLA parameters monitoring, collection of running time status, and so on. The network devices may be from different vendors, and the network monitor also needs a vendor-neutral way or method for the testing and information gathering. 4. Network trouble fixer People with the network trouble fixer role focus on the solution for network troubles encountered. Network trouble comes mainly in to categories, 1) malfunction of network devices; 2) unguaranteed of committed customers' requirements. For working out the solutions, the network trouble fixer need the ability to extract the debugging information, running time status, forwarding rules, system logs, statistics, configurations, etc. They also need the ability to install the configurations for fixing the trouble. The network devices may be from different vendors, and the network trouble fixer also needs a vendor-neutral way or method for the testing and information gathering. 5. Network performance optimizer People with the network performance optimizer role focus on the run time network performance optimization. Network performance optimizer works out the optimized solution for the traffic/flow forwarding path, bandwidth utilization, congestion avoiding, hot spot protecting, and so on. They mainly needs the running status, especially the performance parameters, such as delay, jitter, available/used/committed bandwidth, network element CPU usage and so on. They also need the ability to install the configurations for optimizing the network, such as traffic redirecting, content caching, data migrating, etc. The network devices may be from different vendors, and the network performance optimizer also needs a vendor-neutral way or method for the testing and information gathering. 6. Network business designer People with the network business designer role focus on the wrapping up the basic network functions to better support the network requirements of the customers (i.e. end-user, home user, group users, etc.). The network business designer would provide the case-by-case network service by putting or organizing a series of standard network functional building blocks together via network programming. The programmability of networks may include the control of individual network devices as well as whole network deployment consideration. Network business designer may care about the generation of forwarding rules, handling actions and SLA parameter for specific flows. These may be used for the virtual network isolation for different tenants, packet forwarding/dropping, traffic steering, bandwidth guaranteeing, metering, and operations for specific value added service handlings. Best Regards, Fengkai From: Ibnemo [mailto:ibnemo-bounces@ietf.org] On Behalf Of Lifengkai (Fengkai) Sent: Tuesday, July 14, 2015 10:36 AM To: ibnemo@ietf.org Subject: [Ibnemo] Network user role definition and classification. Hi all, >From the discussion in the mail list, I tend to draw the conclusion that people agreed on the concept for role-based intent. Considering the further progressing of this technical field, I would like to start this thread for the network user role definition and classification. For the work in the role classification related field, I think the followings sequenced steps are needed: 1. Clear specifications of "role", which includes the definitions, attributes, features etc. 2. Types of roles for classification, based on the definitions, example of roles provided by Bert and Sue from previous emails, working out the preliminary role type list. 3. Detailed illustrations of one role type's intent as a starting point, from the role type list, choose one typical role type, and give the illustrations. Any comments about the above proposed steps? And the following is the text proposed, and welcome comments again. Step 1: Role definition: Role is a set of network user's responsibilities for specifying the scope of their intents. A network user's intent scope is for restricting the network user's corresponding desires and requirements. Network user's intent scope is unique and specific to the network users with a particular role. The role specifies the network user's intent by taking two dimensions into account for role attributes. The first dimension is for functional abstraction and expressions. With this dimension, the network objects with which the network users want to interact and the intent expression would be defined or restricted. The second dimension is for the authorization and accessing control. With this dimension, the network users' authority or permissions for accessing to the network objects would be defined or restricted. The second dimension is controlled via an RBAC system which takes this role dimension into account. The network user's role is constituted of object-attribute concept. With the two pattern concept, a network user can have access or no-access to specific attributes of specific object via intended abstractions and expressions Through the role compositional semantics, one network user can be assigned with more than one roles to enjoy a broader scope for intent expression. Network user's role may not be explicit mutually exclusive, and the role overlapping part for different network users indicates that the network users share some same desires and requirements. Step 2: Type list of roles: Method: I want to categorize the network user role types by analyzing one typical organization's department organizational structure. Departments are grouped with the network users' same responsibilities and requirements. I have talked with people from China Unicom, which I chose as the concrete organization to analyze, and I will send out our initial output later. Step 3: Concrete intent requirements: Method: I want to finalize a enterprise's Virtual Wide-Area Network intent requirements as an output, which falls into the use case section in https://datatracker.ietf.org/doc/draft-hares-ibnemo-overview/. Thanks. Best Regards, Fengkai
- [Ibnemo] Network user role definition and classif… Lifengkai (Fengkai)
- Re: [Ibnemo] Network user role definition and cla… Lifengkai (Fengkai)