Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-yang-vpn-service-pm-12
Daniel Migault <daniel.migault@ericsson.com> Tue, 11 October 2022 13:24 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A44F3C14CF1C; Tue, 11 Oct 2022 06:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.67
X-Spam-Level:
X-Spam-Status: No, score=-2.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGT7D9V12sHv; Tue, 11 Oct 2022 06:24:36 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1796C14CF0A; Tue, 11 Oct 2022 06:24:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Krcl3z0OyV13EgyHfdz3+4kNyp8EPA1zlOTPjElR7UIwprU4S1UNFA/owKoi19eT/SYjt8Yn17sKP+OKSuoA7Cjm1R10aTjTb2eP2MoRuWrU46zkVydE6iEi/5NDjY3rtuIzGAtc+BwuNOkeKH/F4E+8mLBU5JG9DweMYA3CeGicKQ5RP7KEcStGgMFJyxX1Mp68Z/rjSEhXYls0lbLrh45WtPWn5qqT6MHPjmenWMgP6B8SDrc6p0tPIlWkIuuabcmNg9cG5j8ZTdPD9DzLRRVq7fCneE49dgU7cgz7rtl8TOQqwD2Y1oWtLso7UjPuuMjks3Y4+ZLcs98wEwQgug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tKN2cG6qhq11wBh1DdEeKIeXKwucDjzktX03dNgDHI4=; b=VJoEzGcBaxjs3pXfkjqM4WrL1FL2huSreV4BjMBppAT3gNq0DcrhrPd0PaelcG175cHoeU1vrVIeNowhtSAh4rmtbBB+5QHBcy+BRZWVeCrr2JT27+RwCTzJwsF5Gazc85a1G0NQeQLsNgKHGeytvx6LK+o6if1U0KWTk+f7kL1U/66sE9sVKWJcpGT/2EfBgdE0nL7FAF6uT+stMjd1CFDs/4oWcaberxi49f1vQhAD+XmudhKxtzHKmKtRpNFXW0rN5hNjLh61SWYfBxxzPVnvILUc6X7BN2A59I55NnFaAnSVytqPe4H0N4OgqJl2zYZ+cIhYgjcRbfXP12yehw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tKN2cG6qhq11wBh1DdEeKIeXKwucDjzktX03dNgDHI4=; b=CjWp2/GLuus6b1nNH4vkBJ9B3JzoElAeiwBNgFBEc5WtATGr7NkHMzd/Q6lM2uIM/nZO2Jh1WqV4GaebjIvbgfJHQL5EvdUDvoCqVbmGU4kH+0nlXn7WcLUVg1ozZ3wr5OFkjEUnX34FWr77p4zWHswnQs3Sjixbd7S/aIs4WSg=
Received: from DM6PR15MB3689.namprd15.prod.outlook.com (2603:10b6:5:1fb::27) by DM5PR15MB1115.namprd15.prod.outlook.com (2603:10b6:3:bd::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Tue, 11 Oct 2022 13:24:31 +0000
Received: from DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::34a1:d813:1ba7:d0fd]) by DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::34a1:d813:1ba7:d0fd%4]) with mapi id 15.20.5709.015; Tue, 11 Oct 2022 13:24:31 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: "Wubo (lana)" <lana.wubo@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org" <draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-opsawg-yang-vpn-service-pm-12
Thread-Index: AQHY3XLCFdnMvPjl7UKFcAaM0P3ArK4JLqLZ
Date: Tue, 11 Oct 2022 13:24:31 +0000
Message-ID: <DM6PR15MB368925175C282DD0804EF4DEE3239@DM6PR15MB3689.namprd15.prod.outlook.com>
References: <166517247062.48551.6117451096915058371@ietfa.amsl.com> <1f2a890bc46d4bc38e1bf41c2ca54007@huawei.com>
In-Reply-To: <1f2a890bc46d4bc38e1bf41c2ca54007@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR15MB3689:EE_|DM5PR15MB1115:EE_
x-ms-office365-filtering-correlation-id: 9ff1e8bd-999b-453d-0626-08daab8bee38
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E18yFLx9AaxHAqNMaEKHT6bcXRHmdm8wNc+4fnQVYsxFupqzlEnH/VGPBu7WaFh5JhwaiXro3TaC2CevoqgFFTE3aQBDHyCVl4pwIGYg8wT9VRPF7osNU+o42HUh1wPGc7+0v8B3q7dWz/6Vw5szQFx2E9jx7jlMUC79RBQ6rcZHiQK2SQu2tf366Ea1vgRCJUpVzR6OcgpwD22vI7IfTUUfZqQGyG3E3/Q887ZR+LBLRDNRFLe6vZsZto9L5G6QHRRUTrKWA8BbA3MRRewGRSnbwwHarDKPgFp3l4hkcnXO7UvoTa3A9z8ZSS9yVR8cKj21pKgH+1FhFnfijEsOYdKJcl1WNmy2ccGAoga4jt5G5E3Q221QOIWA2F/NYXZIVthdZJdzq9AXRvxdyTeUFJiWRAecLDP0w+67Z4GkmnDxAg2JIFsSOkShfXeQdpVRDUpYMpIMX043aTrlgV2S2wolPTuO17tHZEYhNxu17qKi0v3c/R63Hq0qfhL9LqDP9sM2xtFOJE3Ginr8IxpAarF/Cu9zhaJEWprniBMpkk1kYMP6WhMSQOrNXvkmuBJPgt0cDU/vNhZXa47VlaFapKgAPbErzJy74k+acCSCTYMNieMKkOK177vdwvgaSPz3wl+LQ4G/dWTR1eZ9F8w2d87zENDIwr/pZaeNvD4Ut3nzr3Itl8h8eHlS69XEF31U7qWbAFpfpVB3emEvapi73EPW1wH6zYHHoit8lbDIQJ3RahhB7jb+ornRlUC3AEGmZjbsSVu+CCdpVEF7hHexQA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB3689.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(346002)(396003)(136003)(39860400002)(366004)(451199015)(55016003)(33656002)(44832011)(7696005)(6506007)(186003)(52536014)(41300700001)(8936002)(5660300002)(86362001)(2906002)(478600001)(82960400001)(122000001)(38100700002)(71200400001)(9686003)(110136005)(83380400001)(26005)(53546011)(66946007)(66476007)(66446008)(64756008)(8676002)(4326008)(66556008)(76116006)(91956017)(316002)(54906003)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: pZ/jrwHuijMMEmzpXGWRq3pv3X09fJ5Nn52RVrj77IUgSxRm7bWJiAOphwqmbx83CK0Y/c5gb4tJBXELaXt/ugcPxma096uoYaY32YhV0ldscMzUHPDcrY9T8P9xMGKxXTchfVcS8IX66bk1ZlLBDo7LX43dvnM5rJBWKEBqTRzoJ9ZRAou5y5uz/FPFXW7MHxOLOuJDOPpAg8U6lsEHILE1BbdiBzDY3OnTOxXMIKTrUDXg+OKuDUIY6eeeylprEllrU+3BF9SZMIuz65LDzJLw6aPDvyGDt8C+jYdc+E2hNqXL4Hvw54zk54yZ72GHI+1++SRRLRY2SoQgov1J/fD3c4zOyAxbmKj+CdqMvSc3wVY0pq5AGaqQPeWndT1srCSW78LAHeR+ZagdcnDYQC0CtLEx+PCYgHpGoQPbkRIGtVoAD3iy+PpijURUaHc6AMwKU+PADKw1QV8tspKlXrwPMOtuVefznJXxd8g4hhz4kPKb+0nZ3zUMq27logqgv5lV484HCao9YMeJ1JsnDdV873AeaAAoD0Kudmw3dA96+GO0uBDBN7mZsJz0xEtXngX5DaMDaB0kx6tikWRogaYzQWWhf1x25E1YZ1bddPuDi7415fF9cUQo72xEKeMNSum6ywXtwhjvsKwOxSMkmeTQ3QeZ8i2O5Dbu2jxHKw7XlMe90ZPZSh5oxcMDykoU+p1KKTk7lS9zWqDhJOFEOsO5I6XesEGVWKqmOPCaIEp4XTn/gazanTOvrE5omiOOHy1XSnrjpjkqBL2RTXmg9L0CwzCCnL3O43eTN+d/wnoL0aaWOHpEV6qUFQUaCVbvw3ZYynRZCt7JOtz2SwGZZZoyfMO6N+atTRhUe0OjaYtj8oX1TPrNK0xc7tMMbrXjd6TyH495lPbUZC6d7ABV3zzZ1qXE/F55nH2WW67OUQGM4yVbSCNT2xTmkqbWQiRjYnpkqWIxhGkUEsSMwCXjCsAqoFYUFPZ1gwo/1xK9f1+DHYoqRh4J+Kk3XxuaecBtgimyYtdBBCA5D+a1Ndk8Vhy5xzqmvki6MoTjcoAwOxogbnoaaCcIjn3nTswxVH4OVn85HzaOW1Cb1Rn1rvy/aoiuWpdtpnFNxW2MfaHLMRM9jMEBR6cezvnoXwZdQ8uiuErZpoCErb5lUVUrJCY1J0zTFeX3WuF45g80HL3ns1G5wfSy+TgJugyT/F5IRZ2bp/t/9aQLc2cWsWV1Y/5wCfgQGfA2RNTH7xHi/OKShbDAUEnYhvG/skYKmlEYST3qzDbZuiMQSbtJU0PgSHM3566qAVdEOQw/GedG74SWRJEj78e37yzJR6y0zhyOlphScQuUDJCdA/ZkU4YmZrF9qFRMGadzH8OG+7c55qhP3mGCvJAyx0us6JHAW0GKTJBE9eIlCu3XbzSfHBobRr+lenY7KvHqjJHk6CG53uI5JIDdDUay+RRzq3gaIfZzvZ+9n08kZG0e5GtqB4G6RcB9sNIVrN9sHCt70+RAkJJk8/9QuJ14T1/aklKdKOC1DTmFRxtGnpsCrZ4AYX1No8w1ueDbdQHrsbyJuLkQ+ab9nnD6u8zbYluYyXZgf5rIDihs
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB3689.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ff1e8bd-999b-453d-0626-08daab8bee38
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2022 13:24:31.1174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pOjGk9pH6HA3sduu/qO/BN/XQbpTmHqjdMuae7tVmiZGdkT9Xm6JDhvIR592HXe3YHM66PMRCn3ahaaEO3Y4ARZgQm3ZyCwz+MsjbORR5ks=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR15MB1115
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/izg5CDdGw5CC2i_1ao9WL5sQoM0>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-yang-vpn-service-pm-12
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 13:24:40 -0000
Thanks. This works for me! Yours, Daniel ________________________________________ From: Wubo (lana) <lana.wubo@huawei.com> Sent: Tuesday, October 11, 2022 9:09 AM To: Daniel Migault; secdir@ietf.org Cc: draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org; last-call@ietf.org; opsawg@ietf.org Subject: RE: Secdir last call review of draft-ietf-opsawg-yang-vpn-service-pm-12 Hi Daniel, Thank you for the review. Please see inline for the reply. Thanks, Bo -----Original Message----- From: Daniel Migault via Datatracker [mailto:noreply@ietf.org] Sent: Saturday, October 8, 2022 3:55 AM To: secdir@ietf.org Cc: draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org; last-call@ietf.org; opsawg@ietf.org Subject: Secdir last call review of draft-ietf-opsawg-yang-vpn-service-pm-12 Reviewer: Daniel Migault Review result: Ready Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits, but I am not an expert in this area, so please take this comments as questions that came to me while reading the document. Introduction: [...] The performance of VPN services is associated with the performance changes of the underlay networks that carries VPN services. For example, link delay between PE and P <mglt> It seems to me that is the first time these acronyms are introduced - same with CE. </mglt> [Bo Wu] Thanks for the catching. Will expand on the first use. devices and packet loss status on Layer 2 and Layer 3 interfaces connecting PEs and CEs directly impact VPN service performance. Additionally, the integration of Layer 2/Layer 3 VPN performance and network performance data enables the orchestrator to subscribe uniformly. <mglt> I do not understand "subscribe uniformly". My impression is that here the orchestrator is responsible to enforce some network performances, and depending on the performance to meet, it will choose one configuration or the other. Does the use of one configuration versus the other is seen as a subscription ? If that is correct, this sounds like a cooperation between various actor. If so, that surprises me. </mglt> [Bo Wu] Thanks again for the catching. Agree that “subscribe uniformly” not accurate. The module is intended for the orchestrator to query or subscribe to the updates of the performance statistics. How about the following change? For example, link delay between Provider Edge (PE) and Provider (P) devices and packet loss status on Layer 2 and Layer 3 interfaces connecting PEs and Customer Edge (CE) devices directly impact VPN service performance. Additionally, the integration of Layer 2/Layer 3 VPN performance and network performance data enables the orchestrator to monitor consistently. End Therefore, this document defines a YANG module for both network and VPN service performance monitoring (PM). The module can be used to monitor and manage network performance on the topology level or the service topology between VPN sites. This document defines a base YANG data model for monitoring of network performance and VPN service performance. <mglt> I have the impression the text above repeats the previous paragraph. </mglt> [Bo Wu] OK. Will remove the second one. [...] 3. Network and VPN Service Performance Monitoring Model Usage As shown in Figure 1, in the context of the layered model architecture described in [RFC8309], the network and VPN service performance monitoring (PM) model can be used to expose operational performance information to the layer above, e.g., to an orchestrator or other client application, via standard network management APIs. <mglt> I am wondering if the client application is related to the Customer. I do not think so, but I might be wrong. I am wondering if that would make sense to have the client application being mentioned on the figure. </mglt> [Bo Wu] In the RFC 8309, the client application refers to BSS/OSS application, not customer. The intention here is to give an example architecture. We suggest to replace the figure title to “An Example Architecture with a Service Orchestrator” and the following change: The network and VPN service performance monitoring (PM) model can be used to expose operational performance information to the layer above, e.g., to an orchestrator or other BSS/OSS client application, via standard network management APIs. Figure 1 shows an example usage in an architecture described in [RFC 8309].
- [Last-Call] Secdir last call review of draft-ietf… Daniel Migault via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Wubo (lana)
- Re: [Last-Call] Secdir last call review of draft-… Daniel Migault