Re: [IPFIX] [QUAR] Re: RFC 6728 IETF IPFIX Yang Discussion

Marta Seda <Marta.Seda@calix.com> Mon, 15 January 2018 20:35 UTC

Return-Path: <Marta.Seda@calix.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3597112EC13 for <ipfix@ietfa.amsl.com>; Mon, 15 Jan 2018 12:35:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=calix.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWITpMX-BuuG for <ipfix@ietfa.amsl.com>; Mon, 15 Jan 2018 12:35:32 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0052.outbound.protection.outlook.com [207.46.163.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3754B12EC20 for <ipfix@ietf.org>; Mon, 15 Jan 2018 12:35:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CALIX.onmicrosoft.com; s=selector1-calix-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ugsqf2mTGefPD7LPWpM3GZi7CLMFuE5xivtsjviMnHc=; b=hpAF5QaWBN4a7u6StawELhN78V03GMHW0+w6niAUlQnEIhNph/cQMuqrKl3kiRs72lUxVzm0BYpG5FcXVBDDZQngQK9HuOr/ksRLUwqAkDeGGvmsRaAkBO6z390btSMwoZea1CoPt8M2RBh4MY69xXV+dkJd1JMzHsKffCMKuSc=
Received: from BY2PR0501MB1734.namprd05.prod.outlook.com (10.163.154.20) by BY2PR0501MB2152.namprd05.prod.outlook.com (10.163.198.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.9; Mon, 15 Jan 2018 20:35:23 +0000
Received: from BY2PR0501MB1734.namprd05.prod.outlook.com ([10.163.154.20]) by BY2PR0501MB1734.namprd05.prod.outlook.com ([10.163.154.20]) with mapi id 15.20.0428.014; Mon, 15 Jan 2018 20:35:23 +0000
From: Marta Seda <Marta.Seda@calix.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Andrew Feren <andrew.feren@plixer.com>
CC: Gerhard Muenz <muenz@net.in.tum.de>, Benoit Claise <bclaise@cisco.com>, "Aitken, Paul" <paul.aitken@intl.att.com>, "'ipfix@ietf.org'" <ipfix@ietf.org>
Thread-Topic: [IPFIX] [QUAR] Re: RFC 6728 IETF IPFIX Yang Discussion
Thread-Index: AQHTjjHEd5EiqXm9BU+CpNAukXBHqKN1SjPg
Date: Mon, 15 Jan 2018 20:35:22 +0000
Message-ID: <BY2PR0501MB17340E33D2490D66363403C89CEB0@BY2PR0501MB1734.namprd05.prod.outlook.com>
References: <085c30b9-5797-863e-a63d-a027396f224f@gmail.com> <a3fc69e8-5773-5785-09ca-409c6a07db57@gmail.com> <A3625616CA873B4DAA779ABEFA624F1C8BE3CA@gbcdcmbx03.intl.att.com> <c20055e4-d9a1-0652-8221-ce54387dedea@cisco.com> <167798e2-f7a7-6946-8f3c-6bf996514bec@net.in.tum.de> <8E7542283B89BB4DB672EB49CEE5AAB7CDFB5429@PLXRDC01.plxr.local> <20180115185043.vj3ikpfqhsuycdm4@elstar.local>
In-Reply-To: <20180115185043.vj3ikpfqhsuycdm4@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Marta.Seda@calix.com;
x-originating-ip: [23.118.53.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR0501MB2152; 7:eoE0mBNzpCJxQYxyjubY2TPnaOZ5zPxiOnxSVUSKXt7tKGBP1umBhomRbrcq4E9P3EBXMmOa6Z7onL3MtnFjVcpyNZ1mcZfRY6qYODRVSGpz6LVwPZq1hTNFDOp4eeTtbBskgfEN+g++eS8SCpZ2mnPIU5XSSkl6JL3h7jzE/vStWrRxGfPFJ5IPaUwFccOq4QKokXsi9xrAC75BMF1yGH1DruGlLsx18cIZPPXunbumJMBLzy1Vq9aJ+jT31wnp
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: a69f91ea-3ae7-4911-f121-08d55c57807c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534125)(4602075)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:BY2PR0501MB2152;
x-ms-traffictypediagnostic: BY2PR0501MB2152:
x-microsoft-antispam-prvs: <BY2PR0501MB21524DC173A90B8C92DE0F009CEB0@BY2PR0501MB2152.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(20558992708506)(10436049006162)(120809045254105)(97927398514766)(95692535739014)(162037286835866);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(5005006)(8121501046)(3231023)(944501161)(10201501046)(3002001)(93006095)(93001095)(6041268)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BY2PR0501MB2152; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BY2PR0501MB2152;
x-forefront-prvs: 0553CBB77A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39380400002)(376002)(39850400004)(366004)(396003)(189003)(199004)(24454002)(13464003)(51444003)(102836004)(81166006)(25786009)(81156014)(7696005)(8936002)(74316002)(76176011)(106356001)(2906002)(105586002)(2900100001)(229853002)(97736004)(33656002)(3280700002)(3846002)(93886005)(3660700001)(6116002)(6436002)(72206003)(55016002)(9686003)(99286004)(14454004)(6306002)(966005)(7736002)(6246003)(305945005)(5660300001)(66066001)(110136005)(53546011)(316002)(54906003)(478600001)(6506007)(59450400001)(53936002)(68736007)(77096006)(2950100002)(4326008)(8676002)(86362001)(5890100001)(575784001)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR0501MB2152; H:BY2PR0501MB1734.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: calix.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: bfaBg0LJarSJs7MzgjwqgvOeHbMrgQUNtMnwrN76gm6zmH5HdDSIEvfiillkODc9dCV3jBxczlsYbjC6a/1VFA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: calix.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a69f91ea-3ae7-4911-f121-08d55c57807c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2018 20:35:22.8656 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ffae2e5-6ff0-4510-bbf3-ca842d7ca55e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB2152
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/76saFRg-YkTRMzdH7hEN7uC0wlY>
Subject: Re: [IPFIX] [QUAR] Re: RFC 6728 IETF IPFIX Yang Discussion
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 20:35:36 -0000

Just a few things to consider about RFC 6728 (which is Yang 1.0 compliant).  Following best practices is not the only issue with RFC 6728.  It does not support Yang 1.1 (or RFC 7895 Netconf library).  I am not promoting the idea of updating RFC 6728 (that is an IETF decision) but was trying to understand if there were any future plans to address the issues I brought up.    Some additional points to think about:

All SDOs (IEEE, IETF, BBF, MEF, etc) have migrated to Yang 1.1.  Yang 1.1 supports the ietf-library module (see https://tools.ietf.org/html/rfc7895).  In the "hypothetical" case where you were developing a brand new ipfix module, you could create multiple submodules (e.g., one for exporter, another for collector, etc).  A device would import only those modules it supports (and use the netconf library to explicitly show deviations).   That would be a "nice" improvement (right now RFC 6728 is one big module containing everything).  However going back to reality, it would be a non-backwards compatible change and backward compatibility issues may be the reason for deciding not to do changes to ipfix psamp yang.

If a vendor needs to support psamp, yang 1.1 and yang best practices, one option is to create their own yang module (and leave RFC 6728 behind) or promote the idea to another SDO (who may be creating new yang modules to support ipfix beyond what RFC 6728 defines today) to pick up the activity of reformulating psamp yang to take advantage of newer IETF functions (yang 1.1 and best practices).  That assumes of course if IETF decides there is no need to update RFC 6728 (which I think is what I am hearing in this thread - no updates in RFC 6728).

Regards,

Marta Seda
-----Original Message-----
From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
Sent: Monday, January 15, 2018 10:51 AM
To: Andrew Feren <andrew.feren@plixer.com>;
Cc: Gerhard Muenz <muenz@net.in.tum.de>;; Benoit Claise <bclaise@cisco.com>;; Aitken, Paul <paul.aitken@intl.att.com>;; Marta Seda <Marta.Seda@calix.com>;; 'ipfix@ietf.org'; <ipfix@ietf.org>;
Subject: Re: [IPFIX] [QUAR] Re: RFC 6728 IETF IPFIX Yang Discussion

I fail to see why this would be the case. (But I agree that renaming identifiers for the sake of renaming them is having little value.)

/js

On Mon, Jan 15, 2018 at 06:09:20PM +0000, Andrew Feren wrote:
> In particular renaming identifiers would break any implementations of RFC 7373 "Textual Representation of IP Flow Information Export (IPFIX) Abstract Data Types".
> 
> -Andrew
> 
> ________________________________
> From: IPFIX [ipfix-bounces@ietf.org] on behalf of Gerhard Muenz 
> [muenz@net.in.tum.de]
> Sent: Saturday, January 13, 2018 4:43 AM
> To: Benoit Claise; Aitken, Paul; 'Marta Seda'
> Cc: 'ipfix@ietf.org';
> Subject: [QUAR] Re: [IPFIX] RFC 6728 IETF IPFIX Yang Discussion
> 
> 
> Marta, all,
> 
> A few additional thoughts regarding your questions:
> 
> 1) I would not expect that not following current naming convention hinders implementation of RFC 6728. On the other hand, if we change just the names of the identifiers, we lose interoperability with older implementations that may exist.
> 
> 2) I think that it is reasonable that destinationIPAddress is mandatory because network management systems should be able to query the IP address to which an Exporting Process sends data. As Paul stated, RFC 6728 does not say how the destination IP address is set.
> 
> 3) SCTP is still a mandatory transport for a compliant implementation 
> of an IPFIX device, not a feature. See: 
> https://tools.ietf.org/html/rfc7011#section-10.1<https://linkprotect.c
> udasvc.com/url?a=https://tools.ietf.org/html/rfc7011%23section-10.1&c=
> E,1,r3o6fj1SXot8TQIPgevXNx5yfL8QvlF982Ch9DX27MByjz7bAdEaF9tjDoDzj1XgWt
> TXYfN1Z9mXiFy81bK1Aq33fYFzGl5W-2Dh_-xePoq9GNzzaPGdYj0o&typo=1>
> 
> Best regards,
> Gerhard
> 
> 
> 
> On 10.01.2018 08:33, Benoit Claise wrote:
> Hi,
> Marta, Benoit,
> 
> 1. Are there efforts to update other RFCs to meet the latest YANG best practices?
> Yes. Ex: 
> https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc7223bis/<https:/
> /linkprotect.cudasvc.com/url?a=https://datatracker.ietf.org/doc/draft-
> ietf-netmod-rfc7223bis/&c=E,1,990HtCyvSKBHwQOS7jpHkeSpsvC2M7iKDlI_bfqI
> gW2gpaEOYhngASoi8LRRhuM67bRdHS2Hyi7cVHyXDuiheARWFxSpap_iznZ68ZknJgFbiz
> FJolgU&typo=1> The goal is to specify NMDA-compliant 
> (draft-ietf-netmod-revised-datastores-09<https://linkprotect.cudasvc.c
> om/url?a=https://datatracker.ietf.org/doc/draft-ietf-netmod-revised-da
> tastores/&c=E,1,ByKxVFeHf8k0Yb1kzzkQnQg33VfrR12Hy6dJzQTbkgStXZt3NzfCi7
> l981VvXCCM3L3iwQ3FF8lz77mT4C5yuZEfVe-78uXEs5xDZql2y--4iDlmOUQ,&typo=1>
> ) YANG modules
> 
> 2. Since the IPFIX WG closed, there has been little ongoing IPFIX work in the IETF. Is there a specific need to update RFC 6728 rather than just recognising it as a product of it's time?
> This type of feedback should come from implementation experience.
> 
> Regards, Benoit
> Note that it's > 5 years old.
> 
> Also see @PJ inline:
> 
> 
> On 09/01/2018 16:01, Benoit Claise wrote:
> Hi Marta,
> Hello,
> I am reaching out to the IETF IPFIX mailing list  on some issues I have run into with respect to RFC 6728 “Configuration Data Model for the IP Flow Information Export (IPFIX)  and Packet Sampling (PSAMP) Protocols”
> 
> 
>   1.  RFC 6728 doesn’t meet the latest Yang Best Practices (https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-15#section-4.3.1<https://linkprotect.cudasvc.com/url?a=https://urldefense.proofpoint.com/v2/url%3fu%3dhttps-3A__tools.ietf.org_html_draft-2Dietf-2Dnetmod-2Drfc6087bis-2D15-23section-2D4.3.1%26d%3dDwMD-g%26c%3dLFYZ-o9_HUMeMTSQicvjIg%26r%3df8F8yzrqBTw6EPtR1rbibO_VFIc-cdnjIJ9he_qu7xs%26m%3d0c5ATjuT0-4IlDzLYM9h_RbPjCBQUv_6aExRL_fl-5M%26s%3dHhi7V6njCFNBbSsjC6sPgNfVu5DA8iQzdzsnA_iQBzQ%26e%3d&c=E,1,5Zsm8llhIef_jTZU2aAY2fj_KvmJs-zBz2HIfVEkrhY7UwWsg3UnykcCPzCUM7b_L6CTmk_VY1-To7t8aTM7RBz2ayGhe3OrxbBk7_Oy6I7gQSkKDC8Eig,,&typo=1>;).   Leaf identifiers are camel case (e.g., destinationAddress instead of destination-address).  Are there any ongoing efforts to update RFC 6728 to meet the latest best practices?
> Not as far as I know.
> 
> Regards, Benoit
> 
> 
>   1.
> 
>    Identifiers SHOULD follow a consistent naming pattern throughout the
>    module.  Only lower-case letters, numbers, and dashes SHOULD be used
>    in identifier names.  Upper-case characters and the underscore
>    character MAY be used if the identifier represents a well-known value
>    that uses these characters.
> 
>    Identifiers SHOULD include complete words and/or well-known acronyms
>    or abbreviations.  Child nodes within a container or list SHOULD NOT
>    replicate the parent identifier.  YANG identifiers are hierarchical
>    and are only meant to be unique within the the set of sibling nodes
>    defined in the same module namespace.
> 
>    It is permissible to use common identifiers such as "name" or "id" in
>    data definition statements, especially if these data nodes share a
>    common data type.
> 
>    Identifiers SHOULD NOT carry any special semantics that identify data
>    modelling properties.  Only YANG statements and YANG extension
>    statements are designed to convey machine readable data modelling
>    properties.  For example, naming an object "config" or "state" does
>    not change whether it is configuration data or state data.  Only
>    defined YANG statements or YANG extension statements can be used to
>    assign semantics in a machine readable format in YANG.
> 
> 
>   1.  I generated the RFC 6728 yang tree (see attached).  The tcp and udp exporting processes support a destinationIPAddress (line 400, 455) which is mandatory.  The type is inet:ip-address.
> 
>      *   A collector may be doing load balancing.  Rather than managing ip-addresses, the collector may be using DNS (an exporter could resolve from the domain name where the collector is located).
> 
> @PJ: Load balancing and DNS are independent. Load balancing IPFIX is probably a bad idea since templates need to be available on all collectors, and out of step sequence numbers in the data records would cause spurious reports of lost data. If DNS is used to obtain the collector's address, arguably it should be a one-time lookup rather than incurring a DNS lookup per export packet.
> 
> 
> 
>   1.
> 
>      *
>      *   The collector address may be learnt via other methods (e.g., through DHCP options)
>      *   A choice statement to select what method to use seems more appropriate than what is presently in RFC 6728.  For example (use some shorthand)
> 
> choice destination-method{
>                 case destination-address{
>                                 leaf destination-address// rw with type inet:host
>                 }
>                 case dhcp-acquired-address{
>                                 container dcp-acquired-address{
>                                                 leaf destination-ip-address inet-address //ro
>                 }
> }
> 
>                                 However I can’t augment to ietf-ipfix because destinationIPAddress is mandatory.  Can the group suggest methods to (a) change the destinationIPAddress type and (b) allow a choice?
> 
> @PJ: The selection could also be done out of band so the exporter need not know how the address is determined. eg a configuration system could determine the address by any of these methods or otherwise, and impose that address using the current model.
> 
> 
> 
>   1.  RFC 6728 mandates SCTP transport.  I understand the logic behind this (IETF prefers use of SCTP).  There are situations where sctp is unnecessary and not supported (e.g., point to point connection).  During netconf negotiations you can announce your feature set (currently sctptransport is not a feature).  Is there ongoing work in updating RFC 6728 to include sctptransport as a feature (so that the device can announce whether or not it supports sctptransport)?
> 
> @PJ Same answer as point (2) above, ie is this necessary and useful?
> 
> P.
> 
> 
> 
> 
> _______________________________________________
> IPFIX mailing list
> IPFIX@ietf.org<mailto:IPFIX@ietf.org>
> https://www.ietf.org/mailman/listinfo/ipfix<https://linkprotect.cudasv
> c.com/url?a=https://www.ietf.org/mailman/listinfo/ipfix&c=E,1,QcSaORG4
> ENECojkXawtykKdqqGaKdIQCAXU_k7DUoimbxp4p9KhoEppQlQ1LswK1E5yY5kvIL8XYyq
> MbCphIEyv8aBgtyyQbbN31fnbrx9I,&typo=1>
> 
> 

> _______________________________________________
> IPFIX mailing list
> IPFIX@ietf.org
> https://www.ietf.org/mailman/listinfo/ipfix


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>