Re: [Last-Call] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 08 April 2021 18:24 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E843A15E8; Thu, 8 Apr 2021 11:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.598
X-Spam-Level:
X-Spam-Status: No, score=-0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=1.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVD8iVD2G9L6; Thu, 8 Apr 2021 11:24:03 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7FDB3A15E5; Thu, 8 Apr 2021 11:24:02 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id 184so3429172ljf.9; Thu, 08 Apr 2021 11:24:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XbIltYqe9z5usY8CtaucdY3QqkNkS0lMyxN86WrYJZE=; b=YBpVTAT5kl+Mq9HSHuOrRJ2jN488KC/Dpi5D+reFUW+n0Zr3v0jR34zbwrti6ZsyZ3 8Ii9itCUWNZUvPMaJNk0MwzWmYTkeLtHH82cqAIthQ+2RBxF/CuzUHEco0db2cnCp8W1 n6HgLJuXOXoo2lOFm89KneKkRE8Yv7Nw8Z8n/siPe8+ckhLsgWadZm9pgDV8eP7bUCdO jkgZ5nWJVkyGKdOt0smBzXeqGANaziA2k2zNO2Gcoe9H/SVlevxPUp0pRJHU1YUJw+h7 5U99yc/WBs7BYBaGBNPiQeln31GDMOb7VqyHRxWV8eXDnZKZUJe5xbSTsuOHaO0sqCfs CAWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XbIltYqe9z5usY8CtaucdY3QqkNkS0lMyxN86WrYJZE=; b=howmXNtdYmfTPtH3IpZPkUU+votInVpWDCGRfbtOha4yN8mP9eiS5mrLXIZkgJe2MV t/wkE90YauvuWnCbY8c0yvsFyoyn8kwT6lUWTNuzYRxsuyfhAFauh4KAOJEF+K9zVQlM sS/aVToc0D5Ij58AWThLlW3ftbLN+hGt4E80YWc6XRmj0KmNDLdbsVNVAtWWyJfZPOBZ ZOvgfuk6KvV02kYsVrMXM6DI3ZcWSVO6ikZnQzlHg+sQ52Kli/zdUAGfaGK46gfOeKro jF78QRp7YsP/RkAAkhyKahTKbkNysSrIeTztnysnwm5UALDccPrcDSCfI2Qm4D75vhxk Sn7Q==
X-Gm-Message-State: AOAM5303qquP6zRkfndXrNBVwXAXoHtn7H3j5q/jIcS7RU+puztVKn0+ fORemFYd68Kl1AeatD/8G4De05kwpInxZ/ax+wQ=
X-Google-Smtp-Source: ABdhPJwC2EWZVyF+35SwnYYWJ07fnehMxp6fZ4v97QMYr/NStgKhlK89zrb8+ZwlkbC15i6iGHCTaBIs+nlKfEOKE4A=
X-Received: by 2002:a2e:b048:: with SMTP id d8mr5164418ljl.426.1617906239870; Thu, 08 Apr 2021 11:23:59 -0700 (PDT)
MIME-Version: 1.0
References: <161652444666.30886.1452719047245335791@ietfa.amsl.com> <CAPK2Dezp8EZ9S4oCVz2YmAzXKxbne6qGoc5vfz=4MQvr3sWhGA@mail.gmail.com> <CABCOCHQ2EpS2BqTkGcnuNpSXfacn4MMT=XDJvo4SSETQEiwmxQ@mail.gmail.com>
In-Reply-To: <CABCOCHQ2EpS2BqTkGcnuNpSXfacn4MMT=XDJvo4SSETQEiwmxQ@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Fri, 09 Apr 2021 03:23:52 +0900
Message-ID: <CAPK2Dewnb=DFSYXV+Bng-hdBDJdZWjk3NrCWjophz8p1DtG8LA@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
Cc: Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>, YANG Doctors <yang-doctors@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, draft-ietf-i2nsf-nsf-monitoring-data-model.all@ietf.org, Last Call <last-call@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b51aa305bf7a26ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/iIm-y1FnkBR3LscSgmhsNUPXWXk>
Subject: Re: [Last-Call] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 18:24:08 -0000
Hi Andy, I will address your comments on the notes for implementers of YANG Push Dampening in I2NSF. Thanks a lot. Best Regards, Paul 2021년 4월 9일 (금) 오전 2:08, Andy Bierman <andy@yumaworks.com>님이 작성: > Hi, > > I reviewed your note, the diffs and the YANG module. > I think draft-07 is ready (no issues or nits) > > There are probably some clarifications needed to adapt YANG Push dampening > to I2NSF. YP refers to the data nodes changing within the dampening period. > In this case, the notes to implementers should be clear about any events > sent at the end > of the dampening period because events were suppressed (if any). There > might be a different > procedure for each event or sub-event. > > > Andy > > > On Wed, Mar 31, 2021 at 7:09 PM Mr. Jaehoon Paul Jeong < > jaehoon.paul@gmail.com> wrote: > >> Hi Andy, Linda, and Yoav, >> Patrick and I have addressed all the comments from Andy. >> Here is the revised draft -07: >> https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-monitoring-data-model-07 >> >> I attach a revision letter to explain how we addressed the comments. >> >> There are the major updates in this revision as follows: >> --- >> o This version is revised according to the comments of Andy Bierman >> who is a YANG doctor. >> >> o This version updates its title as "I2NSF NSF Monitoring Interface >> YANG Data Model". It clarifies the NSF Monitoring Interface to >> deliver NSF monitoring data to an NSF data collector (e.g., >> Security Controller and NSF data analyzer). >> >> o This version adds an attack destination IP address for DDoS-attack >> event to provide an NSF data collector with more information about >> the >> destination of DDoS-attack packets. >> >> o This version supports a notification for monitoring traffic flows >> to detect the source and destination (as a victim) of security >> attacks >> such as DDoS attack. >> --- >> If you have questions and comments, please let me know. >> >> Thanks. >> >> Best Regards, >> Paul >> >> >> On Wed, Mar 24, 2021 at 3:34 AM Andy Bierman via Datatracker < >> noreply@ietf.org> wrote: >> >>> Reviewer: Andy Bierman >>> Review result: Ready with Issues >>> >>> >>> Status: Ready with Issues >>> >>> Most of the issues raised in the review of draft-04 have been >>> addressed. >>> >>> Major Issues: >>> >>> - None >>> >>> Moderate Issues: >>> >>> 1) too many YANG features >>> >>> There are 13 YANG features, one for each of the 13 notification-stmts >>> defined. There should be as few YANG features defined as possible. >>> They should only be used if it is an unreasonable burden (compared >>> to the feature value) for all servers to support the functionality. >>> >>> 2) list /i2nsf-monitoring-configuration/system-alarm >>> >>> This is yet another alarm management system created in the IETF. >>> I guess the WG decided that RFC 8632 was not suitable. >>> >>> It is not clear how this system prevents excessive notifications >>> sent to a client. >>> >>> What happens when the CPU, memory, or disk usage crosses back and >>> forth over the threshold? Seems like an alarm is generated for each >>> upward crossing of the threshold leaf. >>> >>> The precise behavior for triggering and then re-arming an alarm >>> needs to be specified in the YANG module. >>> >>> RMON Alarms (RFC 2819) defines one way to prevent bursts of >>> SNMP notifications, using an alarm reset threshold. >>> >>> YANG Push (RFC 8641) uses a dampening-period approach to prevent >>> flooding the receiver with notifications. >>> >>> Also, it is not clear what use-case is served by "threshold = 0". >>> The range is 0..100 instead of 1..100. >>> >>> >>> Minor Issues: >>> >>> 3) too many notifications >>> >>> This module creates a lot of notifications to manage, and they are >>> all optional to implement. This increases complexity in both >>> the client implementation and operations. >>> >>> If you really need all 13 notifications then OK, but >>> 13 notification events is a lot for one YANG module, >>> especially if this set will get even larger over time. >>> >>> Here is one way to reduce the number of event definitions. >>> The example below has 1 event and 13 sub-event types, but it could >>> also apply to N event types each with some sub-event types. >>> >>> This design template adds one more layer in the notification message, >>> but it is probably easier for the client and operator to manage. >>> The deployment may require filters and access control rules that become >>> more complex for a large number of notifications. >>> >>> >>> notification i2nsf-event { >>> description >>> "Wrapper for all I2NSF events"; >>> >>> choice sub-event-type { >>> description >>> "This choice must be augmented with cases for each allowed >>> sub-event. Only 1 sub-event will be instantiated in each >>> i2nsf-event message. Each case is expected to define one >>> container with all the sub-event fields."; >>> >>> // could put sub-events inline >>> case i2nsf-system-detection-alarm { >>> if-feature "i2nsf-system-detection-alarm"; >>> container i2nsf-system-detection-alarm { >>> // contents of i2nsf-system-detection-alarm data >>> } >>> } >>> >>> } >>> } >>> >>> >>> // could add sub-events via augments at any time >>> augment "/i2nsf-event/sub-event-type" { >>> case i2nsf-system-detection-event { >>> if-feature "i2nsf-system-detection-event"; >>> container i2nsf-system-detection-event { >>> // contents of i2nsf-system-detection-event data >>> } >>> } >>> } >>> >>> >>> Nits: >>> >>> 4) underscore vs. hyphen >>> >>> There are many field names in sec. 7 that are incorrect >>> because they use an underscore instead of a hyphen char >>> (e.g. req_cookies but leaf name is req-cookies) >>> >>> 5) verbose SNMP-style names >>> >>> The term -configuration in the object names is unusual. >>> Repeating the parent name (like SMIv2) is not usually done in YANG. >>> (e.g., i2nsf-system-detection-event-configuration) >>> >>> 6) identifiers should use well-known abbreviations or spell >>> out the word if not too long. E.g "ave" -> "average" >>> >>> 7) Is there a reason some identities are ALL-CAPS and others >>> are all-lower-case? This should be explained in the YANG module. >>> >>> >>> >>> >>> >>> >>>
- [Last-Call] Yangdoctors last call review of draft… Andy Bierman via Datatracker
- Re: [Last-Call] Yangdoctors last call review of d… Mr. Jaehoon Paul Jeong
- Re: [Last-Call] Yangdoctors last call review of d… Andy Bierman
- Re: [Last-Call] Yangdoctors last call review of d… Mr. Jaehoon Paul Jeong
- Re: [Last-Call] Yangdoctors last call review of d… tom petch
- Re: [Last-Call] Yangdoctors last call review of d… Mr. Jaehoon Paul Jeong
- Re: [Last-Call] Yangdoctors last call review of d… Mr. Jaehoon Paul Jeong
- Re: [Last-Call] Yangdoctors last call review of d… Mr. Jaehoon Paul Jeong