[OPSAWG] 答复: ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt

["Chenrui (Richard)" <chenrui@huawei.com>]

Hi all,

Just use this thread to notify that we have post a new draft on this requirement.Please follow the below link to reach it.You comments are warmly welcomed.
After discussed with experts from China Mobile(Liang Geng)and China Telecom(ChongfengXie),we have refined the requirement description and provide a rough idea on how to build a E2E deployment model of muliple domain/technologies network which provide L2/L3VPN service.
The title of the draft(YANG Data Model for Composite VPN Service Delivery) should be intepreted as "A Data Model for Composite Delivery purpose of VPN Service", It's not a model of new VPN service,
It's just a model used by a one-stop delivery interface to multiple domian network ,so it could simplify the fulfilment of VPN service.
You could find  more backguand and discussion in this thread. That's why we don't change the title too much for your convenience to track its context.

Thanks.
Richard
________________________________________
发件人: internet-drafts@ietf.org [internet-drafts@ietf.org]
发送时间: 2016年10月27日 19:26
收件人: Chenrui (Richard); DENG Hui; Liang Geng; 4c 67; Chongfeng Xie; Hui Deng; zhangliya
主题: New Version Notification for draft-chen-opsawg-composite-vpn-dm-00.txt

A new version of I-D, draft-chen-opsawg-composite-vpn-dm-00.txt
has been successfully submitted by Rui Chen and posted to the
IETF repository.

Name:           draft-chen-opsawg-composite-vpn-dm
Revision:       00
Title:          YANG Data Model for Composite VPN Service Delivery
Document date:  2016-10-24
Group:          Individual Submission
Pages:          47
URL:            https://www.ietf.org/internet-drafts/draft-chen-opsawg-composite-vpn-dm-00.txt
Status:         https://datatracker.ietf.org/doc/draft-chen-opsawg-composite-vpn-dm/
Htmlized:       https://tools.ietf.org/html/draft-chen-opsawg-composite-vpn-dm-00


Abstract:
   The operator facing data model is valuable to reduce the operations
   and management.  This document describes the YANG data model of the
   composite VPN for operators to provision, optimize, monitor and
   diagnose the end to end PE-based VPN services across multiple
   autonomous systems (ASes).  The model from this document are limited
   to multiple ASes within one service provider.





Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

________________________________

发件人: Lucy yong
发送时间: 2016年10月17日 22:12
收件人: Chenrui (Richard); Hui Deng
抄送: opsawg-chairs@ietf.org; opsawg@ietf.org; Songxiaolin; zhangliya
主题: RE: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt



From: Chenrui (Richard)
Sent: Monday, October 17, 2016 2:17 AM
To: Lucy yong; Hui Deng
Cc: opsawg-chairs@ietf.org; opsawg@ietf.org; Songxiaolin; zhangliya
Subject: ??: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt

Hi Lucy

Thanks for these clarifications.


From the Abstract section of L3SM draft(https://tools.ietf.org/html/draft-ietf-l3sm-l3vpn-service-model-17), I understand L3SM is a customer-facing service model used“between customers and network operators

to deliver a Layer 3 Provider Provisioned VPN service”.

It’s not used for providing a end-2-end deployment view of existing L2/L3VPN service crossing multiple operator domains.

[Lucy] L3SM covers customer-face service model, which covers e2e L3 service aspect. L3SM models AC and providers backbone interworking, etc.  The end-to-end deployment involves  multiple domains and multiple layers.



So I understand your meaning is that maybe we could use similar methodology(hierarchical approach) to define the e2e deployment model, which has the L2/L3VPN basic service information and attributes reference to multiple segments(AC,backbone,etc) information.

[Lucy] I think that we are on the same page here. I am not an expert on YANG. How to use YANG to model these hierarchical relationship?  If a service orchestrator has the knowledge of individual domains and domain capability, when getting a L3 service request (e2e), it can figure out which domains to use for the service instance, and send a domain service request  to each individual domain controllers.



Am I mistaken something?

[Lucy] we have the same understanding now.



Lucy





Thanks,

Richard



________________________________

华为技术有限公司 Huawei Technologies Co., Ltd.
[Company_logo]地址：深圳市龙岗区坂田华为基地 邮编：518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China
http://www.huawei.com
________________________________
本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Lucy yong
发送时间: 2016年10月14日 22:23
收件人: Chenrui (Richard); Hui Deng
抄送: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>; opsawg@ietf.org<mailto:opsawg@ietf.org>; Songxiaolin; zhangliya
主题: RE: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt



From: Chenrui (Richard)
Sent: Friday, October 14, 2016 2:45 AM
To: Lucy yong; Hui Deng
Cc: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>; opsawg@ietf.org<mailto:opsawg@ietf.org>; Songxiaolin; zhangliya
Subject: ??: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt

Hi Lucy,

Very good comments and suggestions. I believe I can understand the requirement from China Mobile but I haven’t reached as deep understanding as you.
I understand it’s indeed none business with a new VPN service. It’s just how operator could specify the end-2-end deployment view of existing L2/L3VPN service crossing multiple operator domains.
[Lucy] Good. I hope this is the case.
That can simplify the service activation or deployment progress to some extent due to orchestration capability. Right?
So I believe it ,though not  sure if it’s common needs  from operators.  I’m  looking for more comments.

Please Hui correct me if I’m mistaken the intent from you draft.

BTW,in your sentence of  “do operator need a hierarchical operator VPN service model or a flat one?” .I’m not sure the meaning of “ hierarchical” or “flat”, are they the same solutions for this requirement or different solutions? Are they existing work in IETF for this requirement?
[Lucy] The based L2/L3VPN architecture is:  CE-(AC)-PE-(provider backbone networks)-PE-(AC)-CE.  L3SM already addresses that the provider backbone networks can include multiple domains that are interconnected via PE-PE or ASBR-ASBR. Another part is the AC that can be constructed through another network domain such as access network. In this case, the access network provides an L2VPN service to the end-to-end VPN service; from the end-to-end VPN service perspective, it uses the access network to provide a link for AC. What I means here, if SP operator (i.e. end-to-end VPN operator) wants a service model including the access network domain/l2vpn (flat model) or a service model  with AC that AC reference to another L2VPN service. (hierarchical model) This is what I want to express. L3SM uses hierarchical approach.

Thanks,
Lucy

Thanks.
Richard

________________________________

华为技术有限公司 Huawei Technologies Co., Ltd.
[Company_logo]地址：深圳市龙岗区坂田华为基地 邮编：518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China
http://www.huawei.com
________________________________
本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Lucy yong
发送时间: 2016年10月14日 3:15
收件人: Hui Deng; Chenrui (Richard); opsawg@ietf.org<mailto:opsawg@ietf.org>
抄送: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>
主题: RE: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt

Hi Hui and Rui,

The draft introduction starts that ISPs have interest on providing Provider Edge (PE) based virtual private network (VPN) service and names it as composed VPN service and intends to specify the service model requirements for the composed VPN. Then it states that this service model is from operator perspective.

My comments and suggestions:


*         Is this a brand new VPN service offered by Internet Service Providers or a use case for existing VPN services specified in [RFC4364] [RFC6742][RFC7432]? If this is a new service, please make that very clear in the beginning and describe what is the new service, service architecture, and architecture components. If this is a use case for existing VPN services; please do not call it composed VPN service (make a lot of confusions.)

*         Assume this is for existing VPNs and draft wants to specify the operator view of e-2-e VPNs that may across multiple operator domains. Suggests to start with existing VPN service architecture view and components: CE, PE, provider backbone networks, AC etc. and explain how operator may use multiple network domains to achieve it. For examples, PEs that customer sites attach to may exist in different ASes;  the AC between CE-PE may be across an access network, etc.

*         Existing VPN service across multiple networks are not new and current solutions support that.

*         Text “Provider Edge (PE based virtual private network (VPN services, in which the tunnel endpoints are the PE devices” is very confuse. Will the tunnel is between PE-PE or PE-CE? Will this tunnel is different from current tunnel techniques in [RFC4364] [RFC6742][RFC7432]?

*         Existing VPN service PE and CE have its role. Text: “CE device do not need to have any special VPN capability” is confused too.

*         When an operator gets customer VPN service request that is an e2e service description (draft-ietf-l3sm-l3vpn-service-model), he will design individual segments (CE-PE and PE-PE) to meet the request. The result may mean that the VPN is implemented across several domains.

*         What values that a flat operator VPN service model provides?  two segment VPNs may not even at the same layers. If one segment VPN just provides a transit link or access link to the VPN service, do operator need a hierarchical operator VPN service model or a flat one?

*          figure in page 5 very confusion. If this is for existing VPN service, please replace “Composed VPN” with “L3VPN” (or “L2VPN”), and replace AP with AC.

*         If this is a new VPN service, please define what is the composed VPN service and the architecture. Then clarify if current IETF has solutions for this service.

Regards,
Lucy



From: OPSAWG [mailto:opsawg-bounces@ietf.org] On Behalf Of Hui Deng
Sent: Wednesday, October 12, 2016 10:28 AM
To: Chenrui (Richard); opsawg@ietf.org<mailto:opsawg@ietf.org>
Cc: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>
Subject: Re: [OPSAWG] ??: draft-deng-opsawg-composed-vpn-sm-requirements-01.txt

Hi Richard,

I agree with your point, in order to meet those operators expectation, the draft may need to be updated and reflect that architecture.

Regarding to solution, that will be great, thanks a lot for your contribution to IETF if there is any proof of concept to this.

thanks a lot for your suggestion

Best regards,

DENG Hui
________________________________
From: chenrui@huawei.com<mailto:chenrui@huawei.com>
To: denghui02@hotmail.com<mailto:denghui02@hotmail.com>; opsawg@ietf.org<mailto:opsawg@ietf.org>
CC: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>
Subject: 答复: [OPSAWG] draft-deng-opsawg-composed-vpn-sm-requirements-01.txt
Date: Tue, 11 Oct 2016 02:27:14 +0000
Hi Hui,

Thanks for these clarifications. Maybe we can talk about it more in next meeting and we can provide a initial solution around these issues.

BTW, if we talking about federation used in multiple operators scenarios, I suggest that there should be east-west interface between peer orchestration system in these operators. That ease-west interface is different with internal E2E service activation interface for some special requirement between operators, such as security, resource visualization,etc.

Thanks,
Richard

________________________________

华为技术有限公司 Huawei Technologies Co., Ltd.
地址：深圳市龙岗区坂田华为基地 邮编：518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China
http://www.huawei.com
________________________________
本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Hui Deng [mailto:denghui02@hotmail.com]
发送时间: 2016年10月10日 23:15
收件人: Chenrui (Richard); opsawg@ietf.org<mailto:opsawg@ietf.org>
抄送: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>
主题: RE: [OPSAWG] draft-deng-opsawg-composed-vpn-sm-requirements-01.txt


Hi Richard,

Thanks a lot for your comments, I recalled that other two operators during last time f2f meeting had made some comments about federation issue, hope they can elaborate more detail comments here as well, inline with ==>
________________________________
From: chenrui@huawei.com<mailto:chenrui@huawei.com>
To: opsawg@ietf.org<mailto:opsawg@ietf.org>; denghui02@hotmail.com<mailto:denghui02@hotmail.com>
CC: opsawg-chairs@ietf.org<mailto:opsawg-chairs@ietf.org>
Subject: Re: [OPSAWG] draft-deng-opsawg-composed-vpn-sm-requirements-01.txt
Date: Sun, 9 Oct 2016 03:35:46 +0000
Hi Hui and all,

When I went through the documents of IETF#96,I noticed that this draft has raised a interesting requirement in China Mobile of E2E deployment interface to a multiple VPNs composed infrastructure, such as L2+L3 network. So the interface could make the service fulfillment and management more easy.
Is my understanding right?

==> Yes, current existing L3SM are mostly talking about customer facing service model.
this requirement expects to help operators with large scale to mange the underlay network with a global view.  (here could be a multiple operators, that is related to federation) an enterprise customer may simply request a L3 VPN service, but operator has to provision and mange the end to end underlay network constructed with multiple ASes and techniques, and further assure the service. this is the key issue for today's operators.

I do believe this interface and its model are indeed helpful for operators to simplify operations and management.
And I still have some questions need to be discussed and aligned with you and experts in email thread.

1.While referring to another draft at same meeting <<service model explained>> (https://tools.ietf.org/id/draft-wu-opsawg-service-model-explained-03.txt),
I believe the above E2E deployment interface should be position between service orchestration and  network orchestration(Figure 3).
That mean it’s a internal interface in one operator and it acts not only to implement the customer facing model (i.e. L3SM),but also to maintain, monitor and diagnose the end to end PE-based VPN services crossing multiple technologies deployed network.
Is it right? and should this interface need to support VPN service which maybe cross multiple operators?
==> good point, the future in the link is quite helpful, this should be updated in next revision.

==> for your questions about multiple operators, this is exactly the issue raised during the meeting, operator are interconnected each other through federation, the end to end service may go across multiple operators' access and core network. that is the reason why we define VPN segment within the composed VPN. this hasn't been consider in the document before, but the flexibility of composed VPN framework should be included.

2.Actually I’m new guy in IETF, so I’m not sure if there are existing works in IETF which could instruct or modeling the interface/E2E-view to manage a multiple technologies composed network, which I believe very common in operator’s deployment while still need to provide simple E2E service experience to their customers. Maybe we can improve something here. So if experts here have more background, please help me. Thanks.

==> although it is important, but I didn't see any e2e effort on the network yet. there is a related work in L3SM in customer service level and some dedicated VPN models in BESS. that's why I raise this topic. definitely welcome any effort to join the following data model design if you really have a strong background on it.

3.As I understand this interface/model should be internal in operators, so I’m not sure if there any other operators are interested it and need a IETF RFC?

==> I did hear two big operators showed the interest in this topic, hope they can join as well in our next revision. this may related to network orchestrator, OSS/BSS and even analytics system from different vendors. a standard model will definitely  hep the diversity in one operator's production environment.

Best regards,

DENG Hui
Thanks.

Regards,
Richard Chen

________________________________

华为技术有限公司 Huawei Technologies Co., Ltd.
地址：深圳市龙岗区坂田华为基地 邮编：518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China
http://www.huawei.com
________________________________
本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!