Re: [OPSAWG] Benjamin Kaduk's No Objection on draft-ietf-opsawg-model-automation-framework-07: (with COMMENT)

mohamed.boucadair@orange.com Thu, 22 October 2020 08:58 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6883A10F7; Thu, 22 Oct 2020 01:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLzfIG6UcaKi; Thu, 22 Oct 2020 01:58:32 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAB233A1051; Thu, 22 Oct 2020 01:58:31 -0700 (PDT)
Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar21.francetelecom.fr (ESMTP service) with ESMTP id 4CH1VZ1F70z7wdC; Thu, 22 Oct 2020 10:58:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1603357110; bh=uqC8k4sZ0HXVnUSp0D2f84+nro/lhf5KB4SXfZtbGxQ=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=qb8ciqdrWnSf6OnPI7BqUS2f8CBq+ZWBYl+ldD3xeQF4tYLVZFWZZphbEqtY1yIMv YWh7gx1V9dS2q+LbT/4+FxzIIS+comAorMsF9dvBFrcMCFTVOTkamJggztFP77JEIH 1AloP/3uo+fx5YAL+2JDA/1vhKLtyFnTROFhOuMuB4oXhgIjobyLGSiDp+RSWd610k gbT/AbWU6wCfsN8/hZbp8xoSJ424uE0sOWzqyVgSq0mS2XpPCGBYiejAWOcmkKCpvM rxNu+uW+abmwFeTwGR2W2TBQK2/dmut2OEi03svr3XIPFOY72jCB3Oytt4b18nQ4wz JuFRhyK6echjg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.67]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id 4CH1VY6nkKz1xns; Thu, 22 Oct 2020 10:58:29 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-model-automation-framework@ietf.org" <draft-ietf-opsawg-model-automation-framework@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, Adrian Farrel <adrian@olddog.co.uk>
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-opsawg-model-automation-framework-07: (with COMMENT)
Thread-Index: AQHWqCiAPooVsqMo4k2ky7WjKr9LW6mjQjSA
Date: Thu, 22 Oct 2020 08:58:29 +0000
Message-ID: <21521_1603357110_5F9149B5_21521_420_1_787AE7BB302AE849A7480A190F8B933031564E2A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160333949185.844.18165329242162688909@ietfa.amsl.com>
In-Reply-To: <160333949185.844.18165329242162688909@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/54WGRbmTBWJvvfzZ-p_z4Q82iEA>
Subject: Re: [OPSAWG] Benjamin Kaduk's No Objection on draft-ietf-opsawg-model-automation-framework-07: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 08:58:34 -0000

Hi Ben, 

Thank you for the comments. 

An updated version taking into account you review is available at: https://tinyurl.com/auto-iesg-review 

Please find inline replies to track the changes.

Cheers,
Med

> -----Message d'origine-----
> De : Benjamin Kaduk via Datatracker [mailto:noreply@ietf.org]
> Envoyé : jeudi 22 octobre 2020 06:05
> À : The IESG <iesg@ietf.org>
> Cc : draft-ietf-opsawg-model-automation-framework@ietf.org; opsawg-
> chairs@ietf.org; opsawg@ietf.org; Adrian Farrel
> <adrian@olddog.co.uk>uk>; adrian@olddog.co.uk
> Objet : Benjamin Kaduk's No Objection on draft-ietf-opsawg-model-
> automation-framework-07: (with COMMENT)
> 
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-opsawg-model-automation-framework-07: No Objection
> 
> When responding, please keep the subject line intact and reply to
> all email addresses included in the To and CC lines. (Feel free to
> cut this introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-
> criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-model-automation-
> framework/
> 
> 
> 
> --------------------------------------------------------------------
> --
> COMMENT:
> --------------------------------------------------------------------
> --
> 

[Med] Fixed the nits. Thanks. 
[...]
 
> Section 3.3
> 
>    Note that it is important to correlate telemetry data with
>    configuration data to be used for closed loops at the different
>    stages of service delivery, from resource allocation to service
>    operation, in particular.
> 
> Is "closed loops" a well-known term in this space?

[Med] It is used in management-related RFCs, e.g., RFC1224.

[...] 
>    In addition, a customer may require to change the underlying
> network
>    infrastructure to adapt to new customer's needs and service
>    requirements.  This service modification can be issued following
> the
>    same Service Model used by the service request.
> 
> I'm not sure I understand what "underlying network infrastructure"
> means here -- are there supposed to come into being new routers
> because the customer issues a request in the Service Model?
> 

[Med] This is typically when the customer asks to connect a new site, requires a strong path diversity (disjoint paths), reach some prefix, etc. These request may require changes to the network.

Updated the text to cite some examples. 

[...]
> 
> Section 4.2.1
> 
>    configuration models for network elements; the configuration
>    information includes:
>    [...]
>    o  Security
> 
> I think we need some more details than just "Security".  Are these
> security protocols?  Security properties?  Physical security?  What
> is in or out of scope for being covered by any indicated security
> mechanisms?
> 

[Med] This was cited in reference to L3NM. In that model, we manipulate the following security functions: authentication keys, encryption, ACLs. 

Updated the text accordingly. 

[...] 
> Section 5.1
> 
>    L3NM inherits some of data elements from the L3SM.  Nevertheless,
> the
>    L3NM does not expose some information to the above layer such as
> the
>    capabilities of an underlying network (which can be used to drive
>    service order handling) or notifications (to notify subscribers
> about
>    specific events or degradations as per agreed SLAs).  Some of
> this
> 
> I'm having a bit of trouble putting this bit together --
> specifically the "not" in "does not expose".  The rest of the text
> makes it sound like having the Service layer know some capabilities
> of the underlying network, or receive notifications from network-
> layer events, will be useful to the Orchestrator.  But the text as-
> is seems to say that such information will not be provided to the
> Service layer.
> 

[Med] The L3NM as currently scoped does not allow to expose these capabilities. The text is about identifying the limitations of the current version of the model and describe the "target" architecture where such features are provided. 

Tweaked as follows: 

   L3NM inherits some of data elements from the L3SM.  Nevertheless, the
   L3NM as currently designed in [I-D.ietf-opsawg-l3sm-l3nm] does not
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   
   expose some information to the above layer such as the capabilities
   of an underlying network (which can be used to drive service order
   handling) or notifications (to notify subscribers about specific
   events or degradations as per agreed SLAs).  Some of this information
   can be provided using, e.g., [I-D.www-bess-yang-vpn-service-pm].  A
   target overall model is depicted in Figure 6. 

[...]

> Section 6
> 
> I agree with the secdir reviewer that it's worth repeating the
> disclaimer that customer/provider interfaces (and thus, the security
> considerations thereof) are out of scope for this document.

[Med] OK. Added: 

   The communication protocols that make use of a service model between
   a customer and an operator are out of scope.  Relevant security
   considerations should be discussed in the specification documents of
   these protocols.

> 
> When the service configuration incluedes "security" parameters (see
> my comment on §4.2.1), it is important to include the relevant
> information in the monitoring/assurance pipelines so that the
> correct functioning of the security mechanisms is tracked.

[Med] Good point. Added:

   When a YANG module includes security-related parameters, it is
   recommended to include the relevant information as part of the
   service assurance to track the correct functioning of the security
   mechanisms.

> 
>    In order to prevent leaking sensitive information, special care
>    should be considered when translating between the various layers
> in
>    Section 4 or when aggregating data retrieved from various
> sources.
> 
> It's also important to perform the necessary authentication and
> authorization checks (more specifically than just "special care")
> for operations that cross abstraction-layer boundaries.  The
> "confused deputy problem" may be relevant for some of these cases,
> and is an important topic to mention as well.

[Med] Updated to:

   In order to prevent leaking sensitive information and "confused
   deputy" problem in general, special care should be considered when
   translating between the various layers in Section 4 or when
   aggregating data retrieved from various sources.  Typically,
   authorization and authentication checks should be performed to ensure
   that a data is available to an authorized entity.  The network
   operator must enforce means to protect privacy-related information
   included in customer-facing models.

And added this NEW text:

   Access to some data requires specific access privilege levels.
   Devices must check that a required access privilege is provided
   before granting access to specific data or performing specific
   actions.

[..]
> 
> Section 6.2
> 
>    o  Some Service Models may include a traffic isolation clause,
>       appropriate technology-specific actions must be enforced at
> the
>       underlying network (and thus involved network devices) to
> avoid
>       that such traffic is accessible to non-authorized parties.
> 
> It may be worth mentioning the potential misconception that a
> "virtual private network" always provides privacy against an
> attacker able to tap the network link(s); only some VPN technologies
> (can be configured to) do so.  In some sense, whether such wire-
> level encryption is in use could be an aspect exposed at the service
> model layer.

[Med] Updated to:

   o  Some service models may include a traffic isolation clause,
      appropriate technology-specific actions must be enforced at the
      underlying network (and thus involved network devices) to avoid
      that such traffic is accessible to non-authorized parties.  In
      particular, network models may indicate whether encryption is
      enabled and if so, expose a list of supported encryption schemes
      and parameters.  Refer for example to the encryption feature
      defined in [I-D.ietf-opsawg-vpn-common] and its use in
      [I-D.ietf-opsawg-l3sm-l3nm].

[...]
> 
>    Network Element models (Figure 10) are used to describe how a
> service
>    can be implemented by activating and tweaking a set of functions
>    (enabled in one or multiple devices, or hosted in cloud
>    infrastructures) that are involved in the service delivery.
> 
> I don't really see how Figure 10 helps demonstrate *how* "a service
> can be implemented by activating and tweaking a set of functions";
> it seems to just be a listing/categorization of things that have
> YANG models.

[Med] Updated as follows: 

   Network Element models (listed in Figure 10) are used to describe how
   a service can be implemented by activating and tweaking a set of
   functions (enabled in one or multiple devices, or hosted in cloud
   infrastructures) that are involved in the service delivery.  For
   example, the L3VPN service will involve many PEs and require
   manipulating the following modules:

   o  Routing management [RFC8349]

   o  BGP [I-D.ietf-idr-bgp-model]

   o  PIM [I-D.ietf-pim-yang]

   o  NAT management [RFC8512]

   o  QoS management [I-D.ietf-rtgwg-qos-model]

   o  ACLs [RFC8519]

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.