IETF Logo Mail Archive

Re: [nmrg] draft-irtf-nmrg-autonomic-network-definitions-01 feedback

Laurent Ciavaglia <Laurent.Ciavaglia@alcatel-lucent.com> Tue, 22 July 2014 03:45 UTC

Return-Path: <laurent.ciavaglia@alcatel-lucent.com>
X-Original-To: nmrg@ietfa.amsl.com
Delivered-To: nmrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 596311A0323 for <nmrg@ietfa.amsl.com>; Mon, 21 Jul 2014 20:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8g-3PKQVbgMe for <nmrg@ietfa.amsl.com>; Mon, 21 Jul 2014 20:45:19 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ADD81A03A6 for <nmrg@irtf.org>; Mon, 21 Jul 2014 20:45:18 -0700 (PDT)
Received: from us70tusmtp2.zam.alcatel-lucent.com (h135-5-2-64.lucent.com [135.5.2.64]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id s6M3j5Qo029230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 21 Jul 2014 22:45:06 -0500 (CDT)
Received: from US70UWXCHHUB01.zam.alcatel-lucent.com (us70uwxchhub01.zam.alcatel-lucent.com [135.5.2.48]) by us70tusmtp2.zam.alcatel-lucent.com (GMO) with ESMTP id s6M3j5Bn016520 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 21 Jul 2014 23:45:05 -0400
Received: from [135.244.3.95] (135.5.27.16) by US70UWXCHHUB01.zam.alcatel-lucent.com (135.5.2.48) with Microsoft SMTP Server (TLS) id 14.2.247.3; Mon, 21 Jul 2014 23:45:04 -0400
Message-ID: <53CDDE3D.8090105@alcatel-lucent.com>
Date: Tue, 22 Jul 2014 05:45:01 +0200
From: Laurent Ciavaglia <Laurent.Ciavaglia@alcatel-lucent.com>
Organization: Alcatel-Lucent Bell Labs France
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
References: <53CD5D41.6050302@cisco.com> <53CD8E33.7070808@gmail.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF21BEE9C7@xmb-rcd-x14.cisco.com> <53CD9C24.4070002@alcatel-lucent.com> <B8B16B5F-EB44-4970-B18D-D326B3F218D1@freeradius.org>
In-Reply-To: <B8B16B5F-EB44-4970-B18D-D326B3F218D1@freeradius.org>
Content-Type: multipart/alternative; boundary="------------070209050809040605000105"
X-Originating-IP: [135.5.27.16]
Archived-At: http://mailarchive.ietf.org/arch/msg/nmrg/oe6SPI20KBFTFA-LJmjmrlIRPAc
Cc: "nmrg@irtf.org" <nmrg@irtf.org>
Subject: Re: [nmrg] draft-irtf-nmrg-autonomic-network-definitions-01 feedback
X-BeenThere: nmrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Management Research Group discussion list <nmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmrg>, <mailto:nmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/nmrg/>
List-Post: <mailto:nmrg@irtf.org>
List-Help: <mailto:nmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmrg>, <mailto:nmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jul 2014 03:45:21 -0000

Arran,

Please see in-line, marked [LC].

Kind regards, Laurent.

On 22/07/2014 02:02, Arran Cudbard-Bell wrote:
> Hi Laurent,
>
>> I generally agree with your explanation (difference and co-existence between intent and configuration). This makes sense to me.
>>
>> However, I have a question/comment on: "a more specific guidance takes priority over a less specific one", why / how have we ended up that CLI shall/should take priority over an intent?
>> I would say that in the general case, again this makes sense and is perfectly applciable. However, taking the analogy of aviation, there are rules/principles(/laws), when a plane is operating in auto-pilot, that forbid a human pilot to take an action/command that will "harm" the plane/flight (i.e. the human could make mistakes, not be sane...).
> Interesting. Say an autonomic function was measuring two links under LACP or ECMP, and could determine that manually
> disabling one of the links would cause utilisation of the other link to exceed or come very close to 100%, are you
> saying the administrator should be prevented from disabling that link?

[LC]: yes, or at least the administrator should be warned that such 
change would impact/has impacted the performance negatively.

>
>> So why should a CLI overrides an intent? or stated differently, we should insert some principles/laws to drive the priority among the different configuration/intent/other interactions. (see also reference text below for more detail)
> I think possibly the difference is that SNMP/CLI etc.. are possibly intended as temporary overrides for maintenance
> purposes? and intent represents the default state of the autonomic function, bent to the operator's idea of what the
> network should look like? Also seeking clarification from Michael.

[LC]: we have tried to develop this aspect with Michael f2f after I 
raised the point. the "temporary overrides" / "default state" you 
mention are key. if the network is performing as planned/expected, then 
there should not be reasons to override the intent except for 
temporary/minority fixes/tuning.
[LC]: the manual mode shall(/should?) always be possible and take 
priority over the automatic/autonomic one, however the system may raise 
warnings if the manual changes impact negatively (or in too large 
proportion) the network behaviors (wrt. the intent).
[LC]: one example (from Michael): imagine you secure an entire area with 
encryption (intent), except one link to a traffic analyzer you wish to 
keep w/o encryption. this manual override is ok. but if you end up 
in-securing 20-30% of the links by manual changes, then the system 
should be able to warn the administrator that the state of the network 
is not anymore "close"/in accordance with the (initial) intent; even if 
there might have been good reasons to do these manual changes.

>
>> The autopilot is designed to fly the aircraft within the normal flight envelope
>>
>> The management of the network is autonomic unless there are severe problems
>> The autopilot automatically disengages if the aircraft flies significantly outside the normal flight envelope limits
>>
>> The automatic management of the network is automatically disengaged if the key performance indicators significantly differ from normal (good) values
> The cases where this would be useful are likely to be small.
>
>  From a security standpoint, being able to force the network to apply different controls by triggering overload
> or manipulating performance metrics is undesirable.

[LC]: true. however, I think this is equally valid for an autonomic 
network entity or a human operator... right?
[LC]: the key point resides in how to make/ensure the system is/remains 
robust, stable, predictable when confronted to adverse/tough conditions 
(could be attacks, overloads, loss of/no access to information/sensing...).

> Disabling ECMP like functions, loop prevention, route distribution, link aggregation, multicast propagation/group
> control etc... Would also likely have a negative impact on network performance.
>
> There's more use in determining why the gauge is now showing an abnormal value than disabling autonomic control and
> hoping the network behaves in a sane way.

[LC]: my understanding is the disabling of the automatic mode is 
triggered under the assumption that, in the particular situation faced 
by the system, a more capable entity (e.g. the human 
pilot/administrator) would take over and avoid the crash.

>
> -Arran
>

v2.29.0 | Report a Bug | By Email | System Status