Re: [nmrg] Residual configurations
Dean Bogdanovic <dean@voltanet.io> Wed, 07 October 2020 21:25 UTC
Return-Path: <dean@voltanet.io>
X-Original-To: nmrg@ietfa.amsl.com
Delivered-To: nmrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69DE3A13E6 for <nmrg@ietfa.amsl.com>; Wed, 7 Oct 2020 14:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=voltanet-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ggqlBgZBOh4H for <nmrg@ietfa.amsl.com>; Wed, 7 Oct 2020 14:25:50 -0700 (PDT)
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69303A13E4 for <nmrg@irtf.org>; Wed, 7 Oct 2020 14:25:49 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id a9so3298796qto.11 for <nmrg@irtf.org>; Wed, 07 Oct 2020 14:25:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voltanet-io.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BcxAQeZF+LTezu1zMNz6tAw/c9EgB3RCPE8svePjRrc=; b=pGCXe53Fktz0SLjPSNtuLMaLu203U4OMEYIEZVsI4ybVolULqQREUARynz/38RiUAH f1oJYcE7nv3JsHwZ9WcltsULLd8OJ6B2FttaIuAP2ZfRbqxbBqWhi+B2noly5ZAgsI0I Dn6OuloBQjS8ao92wDrc5op35TXv0+CwXQiceX9r7gk8q/J8pMwtz0DPu0DvlvjsfTYW 5tJvpx2wedaIowmkkZSYQCmzes0Bk8Gf1jjplxYlNWif/zHfRnHNBWB/+fjpom2o+5ip XJ25cV7idAYkUMOokhobpHQR9FcDyag1bejXRV9yPJO2B4SdaDl9R/PL7J9umgVhZRyu gEdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BcxAQeZF+LTezu1zMNz6tAw/c9EgB3RCPE8svePjRrc=; b=IHAaGTASSSwHA1pwaSVY5SJIm5sRDecrcYnNPbk+8domnLEiR2VTYwvqygkDgxSw8/ ucAQku6jOrQz3yTSxM8AmnF5iPF2yxUdEoV21usuhqSTTNXWeI/9y9VndDZparGW04f8 3LZKrYF8dW6/P/UJhU908af/0BmT4MfOmC3xUpYXEzZt1mCM+QSdDG6EI1MxyhXOR5k1 Y8kuKNBV8KMbzvNuTNOBs1Qx/TBqdqR2i4lxdqh2y5BdIVv5mierPgAqMSaZoTmWo1o/ PzfZScVXftkHG51KHzh40WDeqyhXNSC9dh2+VgRgHwYIgmwqoXi5/C6xVR/kZrmxW9o7 oTmA==
X-Gm-Message-State: AOAM531VMOn5kqjvPZ+Rw85XM7Wt1FWxqsZIlwqI99djwCzQwel81Kbw kCUmmilnqXko88DYP30sZZZ9DFFXLcAw8w==
X-Google-Smtp-Source: ABdhPJwWRwkhdqhsPm4HQJEBTC/56SAxVLUwL7tMJxxsr6/Gfn6YPY9BEN0dTrqrYIYDmiKQriQymg==
X-Received: by 2002:ac8:5242:: with SMTP id y2mr5289733qtn.114.1602105948726; Wed, 07 Oct 2020 14:25:48 -0700 (PDT)
Received: from [192.168.0.121] (c-98-216-8-121.hsd1.ma.comcast.net. [98.216.8.121]) by smtp.gmail.com with ESMTPSA id d12sm2597962qtb.9.2020.10.07.14.25.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Oct 2020 14:25:48 -0700 (PDT)
From: Dean Bogdanovic <dean@voltanet.io>
To: Alexander Clemm <alex@futurewei.com>
Cc: nmrg@irtf.org
Date: Wed, 07 Oct 2020 17:25:46 -0400
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <5875E0E0-0920-47E8-A860-834A9CD77EA1@voltanet.io>
In-Reply-To: <BY5PR13MB379352ECC359976EF75AB5B7DB0A0@BY5PR13MB3793.namprd13.prod.outlook.com>
References: <EDD6C248-C2CD-4CC6-AA99-558C27ADD48C@voltanet.io> <BY5PR13MB379352ECC359976EF75AB5B7DB0A0@BY5PR13MB3793.namprd13.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/nmrg/2AXUUANEVskg-OLBfat6tKSJPiA>
Subject: Re: [nmrg] Residual configurations
X-BeenThere: nmrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Management Research Group discussion list <nmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmrg>, <mailto:nmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmrg/>
List-Post: <mailto:nmrg@irtf.org>
List-Help: <mailto:nmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmrg>, <mailto:nmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 21:25:52 -0000
On 7 Oct 2020, at 12:44, Alexander Clemm wrote: > Hi Dean, > > I agree that having a database acting as a system of record, from > which device configurations can be regenerated as needed, makes a lot > of sense. Whenever the two were to get out of sync, you could also > reprovision the network as needed. Happy we are in agreement :) > > I am not quite clear what you are suggesting regarding the distinction > between overlay networks and substrate network and was wondering if > you could clarify this. Think about substrate network as providing core routing and access to management system. Nothing else. All other services are created as overlay networks. > Clearly, the same principle would apply there as well (database acts > as system of record). But why would you mandate it being it being > ephemeral (versus non-ephemeral for the substrate)? To speak in specific vendor terms, logical system or logical routers are created for each overlay network. Those logical router/systems are ephemeral as are their configurations. In case something happens to the network, as after restart of any network service or the logical router/system, the restarted service/system can’t know what is the state of the network. So, why boot a service that might be out of sync with the rest of the network. Replay it from the central database, as all the changes should be reflected in the central database. > Just as a method to garbage-collect configurations made by > administrators on devices directly? Yes, but also think about enabling customers to change network services, and cleaning up after them. > > (I do understand that there will be a problem if device configuration > entered by an administrator and configuration kept at an external > system were to diverge, in particular, when it is not clear which one > is the actual system of record. But this seems to be not an issue > here – just the size of the configuration file?) IMO, the system of record should always be the central database, never the device. Except in the very first boot up sequence, when call home for basic provisioning is executed. It is not just config file size, it is to prevent unnecessary provisioning of potentially stale config data. Dean > > Thanks > --- Alex > > From: nmrg <nmrg-bounces@irtf.org> On Behalf Of Dean Bogdanovic > Sent: Wednesday, October 7, 2020 9:27 AM > To: nmrg@irtf.org > Subject: [nmrg] Residual configurations > > > Hi, > > During last NMRG virtual meeting on Sep 25, we touched base about > residual configuration issues in networks. Network device > configurations are getting bigger and often operators don’t know why > certain parts of the config are there. One such use case that > contributes to config growth are debugging sessions. Network operator > enters the device and starts editing configuration. After the debug > session is over, it is not unusual for that debug config information > to stay in the config indefinitely. > Some operators have created central databases that contain all the > network configuration and act as systems of record. If anything is to > persist in the network, it has to be entered in the central database, > but there is still an issue between on device persisting > configurations and central configuration database. > One of the ideas was to keep the persistent configuration at minimum > on the device and in the central database. All network services are > generated on demand and are ephemeral. > The network topology would look something like this > > [cid:image001.png@01D69C8D.BDE74360] > > From physical perspective, there are two networks, an optical > transport and a packet switched network. All devices receive basic > connectivity configuration that (could) persists on the device, you > can call them Level 1 virtual networks (maybe glorified management > networks). Those networks provide most basic connectivity between > devices within a single management domain. That information could be > also provided via ZTP. > On top of each network higher level networks are overlaid. All the > network configuration for higher level networks is ephemeral. The > higher level networks can (IMO, should be) different management > domains, which creates clear demarcation lines in the network > provisioning data > > Such approach would create a (small) well defined starting > configuration with all other services built as part of higher level > networks. The residual config problem would be limited to each domain > and with higher level networks being ephemeral, it should be easily > reprovisioned by replaying the provisioning information from a central > location. > > As said, this an interesting problem to me, as the residual configs > also eat data plane resources, which are quite expensive. > > Dean > _______________________________________________ > nmrg mailing list > nmrg@irtf.org > https://www.irtf.org/mailman/listinfo/nmrg
- [nmrg] Residual configurations Dean Bogdanovic
- Re: [nmrg] Residual configurations Alexander Clemm
- Re: [nmrg] Residual configurations Dean Bogdanovic
- Re: [nmrg] Residual configurations Jeff Tantsura
- Re: [nmrg] Residual configurations LUIS MIGUEL CONTRERAS MURILLO
- Re: [nmrg] Residual configurations Dean Bogdanovic
- Re: [nmrg] Residual configurations Dean Bogdanovic