[OPSAWG] 答复: AD review of draft-ietf-opsawg-yang-vpn-service-pm-09
"Wubo (lana)" <lana.wubo@huawei.com> Tue, 13 September 2022 06:38 UTC
Return-Path: <lana.wubo@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7559AC1527AA; Mon, 12 Sep 2022 23:38:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlQU4iX1pQMn; Mon, 12 Sep 2022 23:37:58 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 567E6C1527A7; Mon, 12 Sep 2022 23:37:57 -0700 (PDT)
Received: from fraeml701-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4MRYfN59s7z6H74G; Tue, 13 Sep 2022 14:37:00 +0800 (CST)
Received: from kwepemi500013.china.huawei.com (7.221.188.120) by fraeml701-chm.china.huawei.com (10.206.15.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2375.31; Tue, 13 Sep 2022 08:37:51 +0200
Received: from kwepemi500014.china.huawei.com (7.221.188.232) by kwepemi500013.china.huawei.com (7.221.188.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 13 Sep 2022 14:37:50 +0800
Received: from kwepemi500014.china.huawei.com ([7.221.188.232]) by kwepemi500014.china.huawei.com ([7.221.188.232]) with mapi id 15.01.2375.024; Tue, 13 Sep 2022 14:37:50 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org" <draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org>
CC: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-yang-vpn-service-pm-09
Thread-Index: AdjDgY74oamysRH/SPqEo+WFhVCtXADmwSfg
Date: Tue, 13 Sep 2022 06:37:50 +0000
Message-ID: <53d5992a47c7487fa0de55d2a34c05a8@huawei.com>
References: <BY5PR11MB4196E8A452961895B97B284CB5439@BY5PR11MB4196.namprd11.prod.outlook.com>
In-Reply-To: <BY5PR11MB4196E8A452961895B97B284CB5439@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.21.128]
Content-Type: multipart/alternative; boundary="_000_53d5992a47c7487fa0de55d2a34c05a8huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/IujvlnwSVokoH4YUl4UaktG-nnw>
Subject: [OPSAWG] 答复: AD review of draft-ietf-opsawg-yang-vpn-service-pm-09
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2022 06:38:00 -0000
Hi Rob, Many thanks for your thoughtful review. Please see inline. Thanks, Bo -----邮件原件----- 发件人: Rob Wilton (rwilton) [mailto:rwilton@cisco.com] 发送时间: 2022年9月9日 18:43 收件人: draft-ietf-opsawg-yang-vpn-service-pm.all@ietf.org 抄送: opsawg@ietf.org 主题: AD review of draft-ietf-opsawg-yang-vpn-service-pm-09 Hi, Here are my AD review comments for draft-ietf-opsawg-yang-vpn-service-pm-09, apologies for the delay. I think that this document is in good shape and hence most of my comments are only minor or nits. Minor level comments: (1) p 0, sec The data model for network topologies defined in RFC 8345 introduces vertical layering relationships between networks that can be augmented to cover network and service topologies. This document defines a YANG module for performance monitoring (PM) of both networks and VPN services that can be used to monitor and manage network performance on the topology at higher layer or the service topology between VPN sites. "the topology at higher layer" doesn't scan particularly well to me, please can you tweak it. Bo: Thanks for pointing this out. Is this better that we simply change to “the underlay topology”? (2) p 1, sec 1. Introduction [RFC8969] describes a framework for automating service and network management with YANG [RFC6020] models. Please update reference to RFC 7950 for YANG. Bo: Thanks. Will do. (3) p 4, sec 3. Network and VPN Service Performance Monitoring Model Usage As shown in Figure 1, in the context of the layering model architecture described in [RFC8309], the network and VPN service performance monitoring (PM) model can be used to expose a set of performance information to the above layer. Such information can be used by an orchestrator to subscribe to performance data. Perhaps rephase? I.e., is it the performance data that is being used to create a subscription based on the performance data, or is it just that the model makes the performance data readily available, which can then be subscribed do? Bo: Thanks for the suggestion. How about: The model makes the performance data readily available, which can then be subscribed by the client application, such as an orchestrator. (4) p 4, sec 3. Network and VPN Service Performance Monitoring Model Usage In addition, the amount of performance data collected from the devices can be huge. To avoid receiving a large amount of operational data of VPN instances, VPN interfaces, or tunnels, the network controller can specifically subscribe to metric-specific data using the tagging methods defined in [I-D.ietf-netmod-node-tags]. At the moment, my reading of the ietf-netmod-node-tags draft is that it doesn't currently allow you do this. I.e., you can't just make a subscription to all datanodes that have been tagged in a particular way. Hence, I would suggest removing this paragraph, since it doesn't seem to be directly related to what is described in this model. Bo: Thanks and agree with your suggestion. Will remove this paragraph. (5) p 5, sec 3.1. Collecting Data via Pub/Sub Mechanism Some applications such as service-assurance applications, which must maintain a continuous view of operational data and state, can use the subscription model specified in [RFC8641] to subscribe to the specific network performance data or VPN service performance data they are interested in, at the data source. For example, network or VPN topology updates may be obtained through on-change notifications [RFC8641]. For dynamic PM data, various notifications can be specified to obtain more complete data. Can you elaborate a bit on what is meant by dynamic PM data please. Bo: Thanks for pointing this out. How about we change: For dynamic PM data, e.g. VRF routes or MAC entries, link metrics, and interface metrics, various notifications can be specified to obtain more complete data. (6) p 5, sec 3.1. Collecting Data via Pub/Sub Mechanism A periodic notification [RFC8641] can be specified to obtain real-time performance data, a replay notification defined in [RFC5277] or [RFC8639] can be specified to obtain historical data If this data is coming from a device then ideally it would not hold on to much historical data. Bo: Is it better that we change to “can be specified to obtain historical data in a limited period of time.”? E.g. in some implementation, a controller can store PM data for a year? (7) p 6, sec 4.1. Layering Relationship between Multiple Layers of Topology Figure 3: Example of Topology Mapping Between VPN Service Topology and Underlying Network Note, I don't find this diagram brilliantly clear, it is hard to see when the dotted lines go but the explanatory text is clear (and probably sufficient). Bo: Thanks. We can remove the lines if it doesn't help. (8) p 7, sec 4.1. Layering Relationship between Multiple Layers of Topology Apart from the association between the VPN topology and the underlay topology, VPN Network PM can also provide the performance status of the underlay network and VPN services. For example, network PM can provide link PM statistics and port statistics. VPN PM can provide statistics on VPN access interfaces, the number of current VRF routes or L2VPN MAC entry of VPN nodes, and performance statistics on the logical point-to-point link between source and destination VPN nodes or between source and destination VPN access interfaces. Figure 4 illustrates an example of VPN PM and the difference between two VPN PM measurement methods. One is the VPN tunnel PM and the other is inter-VPN-access interface PM. By "VPN Network PM", do you mean the "VPN Network PM YANG module", or is this just referring to performance monitoring in general? Bo: "VPN Network PM" mean "VPN Network PM YANG module". How about we rephrase: Apart from the association between the VPN topology and the underlay topology, VPN Network PM YANG module can also provide the performance status of the underlay network and VPN services. For example, network PM the module can provide link PM statistics and port statistics of a underlay network. And it can also provide VPN PM statistics, which can be further split into PM for the VPN tunnel and PM at the VPN PE access node, as illustrated in the following diagram. such as statistics on VPN access interfaces, the number of current VRF routes or L2VPN MAC entry of VPN nodes, and performance statistics on the logical point-to-point link between source and destination VPN nodes or between source and destination VPN access interfaces. Figure 4 illustrates an example of the module VPN PM and shows the difference between two VPN PM measurement methods. One is including the VPN tunnel PM and the other is inter-VPN-access interface PM. // The newly added text are blue. Figure 4 illustrates an example of VPN PM and two VPN PM measurement methods including the VPN tunnel PM and the inter-VPN-access interface PM. VPN PM can also provide statistics on VPN access interfaces, the number of current VRF routes or L2VPN MAC entry of VPN node (9) p 7, sec 4.1. Layering Relationship between Multiple Layers of Topology Apart from the association between the VPN topology and the underlay topology, VPN Network PM can also provide the performance status of the underlay network and VPN services. For example, network PM can provide link PM statistics and port statistics. VPN PM can provide statistics on VPN access interfaces, the number of current VRF routes or L2VPN MAC entry of VPN nodes, and performance statistics on the logical point-to-point link between source and destination VPN nodes or between source and destination VPN access interfaces. Figure 4 illustrates an example of VPN PM and the difference between two VPN PM measurement methods. One is the VPN tunnel PM and the other is inter-VPN-access interface PM. I wonder if it would be better to move, and perhaps expand, the "Figure 4" explanation text to below the diagram? If so, then I would add a joining sentence here, something like: "VPN PM can be further split into PM for the VPN tunnel and PM at the VPN PE access node, as illustrated in the following diagram:" Bo: Agree with the suggestion. Please take a look at the previous one, which has been combined. (10) p 8, sec 4.2. Network Level Network Level -> Network Level PM? If so, please also change the titles for 4.3 and 4.4. Bo: Thanks. Will change to “Network Level Performance Monitoring Augmentation”. (11) p 8, sec 4.2. Network Level For network performance monitoring, the container of "networks" in [RFC8345] is not extended. I'm confused by what this sentence is meant to convey - did you mean augmented? In particular, it isn't clear to me how you express PM for the physical (or underlay networks). Is what you are trying to express that the "service-type" container is present for VPN service performance monitoring and absence otherwise? Probably more words required here, and in the YANG module. Bo: Thanks for pointing this out. Your understanding is exactly what we're trying to convey. How about we change to As VPN Network PM YANG module includes two types of PM augmentation, the underlay networks PM is augmented on [RFC8345] when the "service-type" presence container is not defined , and the VPN PM is augmented on [RFC8345] when the "service-type" presence container is defined. For the underlay network performance monitoring, the container of "networks" in [RFC8345] is not augmented. (12) p 8, sec 4.2. Network Level module: ietf-network-vpn-pm augment /nw:networks/nw:network/nw:network-types: +--rw service-type! +--rw service-type? identityref augment /nw:networks/nw:network: +--rw vpn-pm-attributes +--rw vpn-id? vpn-common:vpn-id +--rw vpn-service-topology? identityref These two leaves are added under vpn-pm-attributes, but I was wondering if they are actually PM specific (particularly vpn-id), or would be better directly added to the network? Bo: Agree with your suggestion. Will remove the top-level container “vpn-pm-attributes”. (13) p 8, sec 4.2. Network Level module: ietf-network-vpn-pm augment /nw:networks/nw:network/nw:network-types: +--rw service-type! +--rw service-type? identityref augment /nw:networks/nw:network: +--rw vpn-pm-attributes +--rw vpn-id? vpn-common:vpn-id +--rw vpn-service-topology? identityref I'm not sure that you need "attributes" in the name, isn't that implicit? The same comment applies for "pm-attributes", and whether just "pm" would be sufficient, or perfhaps "perf-mon" would be more descriptive in the various container names rather than "pm"? Bo: Thanks. Will modify all the top-level containers to "perf-mon". (14) p 8, sec 4.3. Node Level "node-type": Indicates the device type of Provider Edge (PE), As per above, is "node-type" actually PM specific? Bo: Thanks. Will change as previous one. (15) p 10, sec 4.4. Link and Termination Point Level The performance data of a link is a collection of counters and gauges that report the performance status. augment /nw:networks/nw:network/nt:link: +--rw pm-attributes +--rw low-percentile? percentile +--rw intermediate-percentile? percentile +--rw high-percentile? percentile +--rw measurement-interval? uint32 +--ro pm* [pm-type] | +--ro pm-type identityref | +--ro pm-attributes | +--ro start-time? yang:date-and-time | +--ro end-time? yang:date-and-time | +--ro pm-source? identityref | +--ro one-way-pm-statistics | | +--ro loss-statistics | | | +--ro packet-loss-count? yang:counter64 | | | +--ro loss-ratio? percentage | | +--ro delay-statistics | | | +--ro unit-value? identityref | | | +--ro min-delay-value? yang:gauge64 | | | +--ro max-delay-value? yang:gauge64 | | | +--ro low-delay-percentile? yang:gauge64 | | | +--ro intermediate-delay-percentile? yang:gauge64 | | | +--ro high-delay-percentile? yang:gauge64 | | +--ro jitter-statistics | | +--ro unit-value? identityref | | +--ro min-jitter-value? yang:gauge64 | | +--ro max-jitter-value? yang:gauge64 | | +--ro low-jitter-percentile? yang:gauge64 | | +--ro intermediate-jitter-percentile? yang:gauge64 | | +--ro high-jitter-percentile? yang:gauge64 I presume that it is intentional delay and jitter statistics can have different units, rather than always being aligned to the same units? Bo: Agree. Will change the jitter to gauge32. (16) p 18, sec 5. Network and VPN Service Performance Monitoring YANG Module typedef percentage { type decimal64 { fraction-digits 5; range "0..100"; } description "Percentage."; Perhaps "Percentage to 5 decimal places?" Bo: Thanks and agree with the suggestion. (17) p 18, sec 5. Network and VPN Service Performance Monitoring YANG Module typedef percentile { type decimal64 { fraction-digits 2; range "0..100"; } description "The percentile is a value between 0 and 100, Perhaps value between 0 and 100 to 2 decimal places? Bo: Agree the suggestion. Thanks. (18) p 24, sec 5. Network and VPN Service Performance Monitoring YANG Module augment "/nw:networks/nw:network/nw:network-types" { description "Defines the service topologies types."; container service-type { presence "Indicates network service topology."; Perhaps expand either in the presence statement, or the documentation what it means if this container isn't present. I.e., does this mean that the topology represents the underlying network? Bo: Thanks the suggestion. How about the change: “VPN PM is indicated through this presence containers. When the container is not present, the topology represents the underlying network.” (19) p 24, sec 5. Network and VPN Service Performance Monitoring YANG Module leaf service-type { type identityref { base vpn-common:service-type; } Should this leaf be marked as mandatory? I.e., is it okay to mark it as a service topology without identifying the srevice type? Bo: Yes. Thanks for the suggestion. (20) p 26, sec 5. Network and VPN Service Performance Monitoring YANG Module augment "/nw:networks/nw:network/nt:link" { description "Augments the network topology link with performance monitoring attributes."; container pm-attributes { description "Container for PM attributes."; leaf low-percentile { type percentile; default "10.00"; description "Low percentile to report. Setting low-percentile into 0.00 indicates the client is not interested in receiving low percentile."; } leaf intermediate-percentile { type percentile; default "50.00"; description "Intermediate percentile to report. Setting intermediate-percentile into 0.00 indicates the client is not interested in receiving intermediate percentile."; } leaf high-percentile { type percentile; default "95.00"; description "High percentile to report. Setting high-percentile into 0.00 indicates the client is not interested in receiving high percentile."; } leaf measurement-interval { type uint32 { range "1..max"; } units "seconds"; default "60"; description "Indicates the time interval to perform PM measurement."; Perhaps "The time interval to perform PM measurements over"? Bo: Agree with the suggestion. Thanks. (21) p 30, sec 6. Security Considerations * "/nw:networks/nw:network/nw:node/nt:termination-point/nvp:pm- statistics": Unauthorized access to this subtree can disclose the operational state information of network termination points or VPN network accesses. Perhaps add a sentence to state that the model does not define any RPC or Actions. Bo: Thanks. Will add the sentence. (22) p 38, sec Appendix A. Illustrative Examples The following shows an example of a percentile measurement for a VPN link. Please can you expand the description a bit. I.e., that this is an example of data that could be returned for for link foo:vpn1-link1 between vpn-node1 and vpn-node3. Bo: Thanks. Will rephrase as “This is an example of data that could be returned for a link foo:vpn1-link1 between vpn-node1 and vpn-node3”. Nit level comments: (23) p 3, sec 3. Network and VPN Service Performance Monitoring Model Usage As shown in Figure 1, in the context of the layering model architecture described in [RFC8309], the network and VPN service performance monitoring (PM) model can be used to expose a set of layering/layered Bo: Thanks for catching this. Fixed. Grammar Warnings (generated by tooling): Section: 4.4, draft text: The statistics of the VPN abstract links can be collected based upon VPN OAM mechanisms, e.g.,OAM mechanisms referenced in [RFC9182], or Ethernet service OAM [ITU-T-Y-1731] referenced in [I-D.ietf-opsawg-l2nm]. Warning: Put a space after the comma. Suggested change: ", OAM" Bo: Fixed. Section: 6, draft text: Unauthorized access to this subtree may disable the the VPN PM or render the VPN service topology invalid. Warning: Maybe you need to remove one determiner so that only the or the is left. Suggested change: "the" Bo: Fixed. Section: 6, draft text: Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. Warning: If the text is a generality, 'of the' is not necessary. Suggested change: "Some" Bo: Fixed. Section: 6, draft text: - /nw:networks/nw:network/nw:node/nt:termination-point/nvp:pm-statistics": Unauthorized access to this subtree can disclose the operational state information of network termination points or VPN network accesses. Warning: Unpaired symbol: '"' seems to be missing Bo: Fixed. Regards, Rob
- [OPSAWG] AD review of draft-ietf-opsawg-yang-vpn-… Rob Wilton (rwilton)
- [OPSAWG] 答复: AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- [OPSAWG] 答复: AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… tom petch
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Adrian Farrel
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Wubo (lana)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… tom petch
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-yang-… tom petch