Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-operations-and-management
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 04 February 2009 19:56 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: opsawg@core3.amsl.com
Delivered-To: opsawg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC8063A6A70 for <opsawg@core3.amsl.com>; Wed, 4 Feb 2009 11:56:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.826
X-Spam-Level:
X-Spam-Status: No, score=-1.826 tagged_above=-999 required=5 tests=[AWL=0.772, BAYES_00=-2.599, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dy-9GuxT50sc for <opsawg@core3.amsl.com>; Wed, 4 Feb 2009 11:56:04 -0800 (PST)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by core3.amsl.com (Postfix) with ESMTP id D4AAC3A693B for <opsawg@ietf.org>; Wed, 4 Feb 2009 11:56:02 -0800 (PST)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.12.11.20060308/8.12.8) with ESMTP id n14JtFot004740; Wed, 4 Feb 2009 19:55:15 GMT
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id n14JtDJr004730; Wed, 4 Feb 2009 19:55:13 GMT
Message-ID: <5C8D68E9DDC2439B82F3CC0591A54F05@your029b8cecfe>
From: Adrian Farrel <adrian@olddog.co.uk>
To: opsawg@ietf.org
References: <EDC652A26FB23C4EB6384A4584434A040132E373@307622ANEX5.global.avaya.com>
Date: Wed, 04 Feb 2009 19:54:53 -0000
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailman-Approved-At: Wed, 04 Feb 2009 11:59:19 -0800
Cc: David B Harrington <dbharrington@comcast.net>, tseely5@gmail.com
Subject: Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-operations-and-management
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <adrian@olddog.co.uk>
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Feb 2009 19:56:09 -0000
Hi, Dan asked me to have a look at this which I do primarily with a routing area view on the world. I'm sorry that I haven't been following this I-D very closely and apologise if you have already discussed and reached conclusion on some of the points I make. I am largely supportive of this work (see draft-ietf-pce-manageability-requirements-06.txt), but I do have some issues. I would be comforted to know that the I-D had had extensive review from within the Ops Area without relying just on my comments! I would also like to understand how the recommendations parts of the draft will be interpreted by the Ops ADs as they perform IESG review of I-Ds from other areas. Depending on the answer (which I would like to see encapsulated in the document!) I might have other harsher comments about the content. More details below. Cheers, Adrian === Title is... Guidelines for Considering Operations and Management of New Protocols ...but the Abstract immediately includes... New protocols or protocol extensions === Obviously needs the new IPR boilerplate. === Abstract line 3 s/protocol/protocols/ === I am somewhat worried by "recommend appropriate standard management protocols ... to address the relevant operations and management needs." I understand the theory behind this guidance in terms of making equipment that will interwork with management systems, but I question its practicality given the vast array of management protocols available. And actually, I am not sure that this has a direct impact on the success of or development of a protocol. The introduction says that this "is similar to a WG considering which security threats are relevant to their protocol, and then recommending appropriate standard security protocols to mitigate the relevant threats." I dispute this. The security considerations normally make modifications to the protocol under development to make it secure, or mandate security features in other protocols that the protocol under development uses. But where there is a need for an external protocol, this is not usually mandated. For example, where key exchange is needed the text will usually say something like "may use some form of secure key exchange protocol (such as the Internet Key Exchange protocol v2 (IKE) [RFC4306]." This is far looser than a recommendation of a specific protocol. I believe that in practice operators want to go on using the management protocols that they already have deployed. If, for example, I have deployed routers that I manage using SNMP, I will not want to deploy a new routing protocol on those routers if that protocol is strongly recommended to be managed using TL1. Since data modeling is usually tied closely to the protocol used for management, it follows from this that developing specific data formats (SNMP MIB modules, XML schema, etc.) might also not be so very practical. (Arguably we have found this out with MIB modules over the last 10 years, but still churn them out.) What *would* be beneficial, however, is an abstract data model for management of the protocol. There are many ways of representing the data (XML, BNF, ASN.1, graphical representation, etc.) and the Ops Area could usefully pick one and standardise it. From there we would have a solid data set that all implementations could make available and which separate documents could easily map to suitable formats for use by specific management protocols. Smart implementers would be able to support multiple management protocols with ease. You do come to this to some extent in section 4.1, and the text there seems to be at odds with what you have said in the Introduction. === Section 1 Can you expand "WG" on first usage? === Section 1 We want to avoid seeming to impose a solution by putting in place a strict terminology - for example implying that a formal data model, or even using a management protocol is mandatory. <grin mode=wry> You want to avoid seeming to impose it? So, you want to impose it, but you don't want anyone to notice? </grin> === Section 1 Making a Management Considerations section a mandatory publication requirement for IETF documents is the responsibility of the IESG, or specific area directors, or working groups, and this document avoids recommending any mandatory publication requirements. I think you may need to go a step further to get this through the IESG. It would not be funny to see this paragraph as written, but to get a DISCUSS on an I-D from an Ops AD because the I-D did not contain a Management Considerations section. === Introduction We provide some objective criteria to promote interoperability <grin mode=laconic> There seems to be only one author. Are you royalty? Perhaps... "This document provides..." </grin> === Section 1 final line s/??/?"/ === 2.1. IETF Management Framework For years the IETF has stressed the use of the IETF Standard Management Framework and MIB modules [RFC2578] for managing new protocols. The IETF designed these to permit multiple protocols to utilize the MIB data [RFC1052], but it became a common s/became/is/ === 3.1. Operations Model o what are the typical user interfaces - Command line (CLI) or graphical user interface (GUI)? I am not sure that this last item is particularly relevant for a large number of the protocols designed in the IETF. We might say that the question is valid for a protocol such as FTP, but is it relevant for OSPF? Yes, there is a configuration interface to a device that runs OSPF, but it is surely nothing to do with the protocol design how that interface works. Indeed, you might reduce the question to: are the configuration interfaces local or remote? But I think you will find that the answer to the question is "both" as in the subsequent paragraph. === 3.1. Operations Model Auto-configuration and default parameters might be possible for some new protocols. I would make a much bigger noise about default parameters. There is a key question about how the protocol can operate "out of the box". If implementers are free to select their own defaults, the protocol needs to operate well with any choice of values. If there are sensible defaults, these need to be stated. Indeed, section 3.2 seems to say this. Perhaps a forward reference? === 3.1. Operations Model There may be a need to support a human interface, e.g., for troubleshooting, and a programmatic interface, e.g., for automated monitoring and root cause analysis. It might be important that the internal method routines used by the application programming interfaces and the human interfaces should be the same to ensure that data exchanged between these two interfaces is always consistent. Mixing methods leads to inconsistency, so identifying consistent methods of retrieving information is relevant. This is really sailing too close to the implementation. People must be free to construct sub-standard and unmarketable implementations. The IETF is not responsible for making all implementations successful. The job is to make it possible for all implementations to be successful given core competences in the developers. I think the furthest a protocol spec RFC could go would be to say what information must be available to an operator at a human interface for troubleshooting === 3.2. Installation and Initial Setup In view of the reasons you give why defaults might become out- dated, you might point out that sometimes it is not advisable to have defaults. In these cases explicit configuration is required. === 3.2. Installation and Initial Setup Is the text at the top of page 8 supposed to be a bullet list? === 3.4. Requirements on Other Protocols and Functional Components These considerations should generally remain illustrative to avoid creating restrictions or dependencies, or potentially impacting the behavior of existing protocols, or restricting the extensibility of other protocols, or assuming other protocols will not be extended in certain ways. Well, this is quite interesting. Suppose you decide to utilise a particular feature of a transport protocol. You are creating a hard requirement that that feature is implemented in all implementations of the set {your new protocol, the transport protocol}. But more importantly, perhaps, you are requiring that new versions of the transport protocol do not deprecate the feature you require. In short, I don't think you should be too nervous about creating restrictions or dependencies. If they exist, they must be stated. === 3.2. Installation and Initial Setup For example, the design of Resource ReSerVation Protocol (RSVP) I think this example is not well expressed. The problem in RSVP was that the IP packet was addressed to the ultimate RSVP-capable destination, but the RSVP-capable routers along the path needed to intercept and process the Path message. This they could only do by "deep packet inspection" or by the router alert option. I wonder whether this example adds significantly to the I-D. === 4. Management Considerations NETCONF addresses this in a generic manner by Add citation. === 4. Management Considerations However, debugging on-the-wire interactions is a protocol issue: it is enormously helpful if a protocol has hooks to make debugging of network interactions easy, and/or is designed in such a way that debugging protocol behaviors is easy. Hand-waving this away is not something that operators like ... I think you are including this by hand-waving! What do you mean by "hooks"? Surely any protocol can be debugged simply by sniffing it. If you have specific hooks in mind you must set them out and not leave the reader guessing. But if you force the implementation I shall be peeved! You might, for example, say that there should be alerts issued when messages are received, or when there are state transitions in the protocol state machine, but you must recall that: - the messages can be seen by sniffing - the state machine is not part of the protocol specification. This latter point is key. The state machine explains how the protocol works in order that an implementer can decide how to react to a received event, but it does not require that the machine is implemented. === 4.1. Interoperability Interoperability needs to be considered on the syntactic level and the semantic level. While it can be irritating and time-consuming, application designers including operators who write their own scripts can make their processing conditional to accommodate differences s/differences/syntactic differences/ ? Then, whether the counter is gathered via SNMP or a CLI command or a SYSLOG message, the counter will have similar meaning. "similar"? I think that might not be good enough. Don't you need "the same"? o [RFC3805] - Printer MIB v2 (contains both an IM and a DM Missing ")" === 4.2. Management Information I would find it really helpful if you were able to recommend a language in which to write the information model. Ideally, all IETF IMs would be in the same language. It is important to be able to separately fetch configuration data, operational state data, and statistics from devices, and to be able to compare current state to initial state, and to compare data between devices. You seem to have drifted into DMs here. You cannot fetch data from an IM. It simply explains what data elements exist. In fact, an IM states all of the data that exists and so there is no confusion. Confusion can only arise as the DM is constructed and multiple IM data elements are conflated into single DM objects. === 4.3. Fault Management The protocol designer should document the basic faults and health indicators that need to be instrumented for the new protocol, and the alarms and events that must be propagated to management applications or exposed through a data model. Isn't "propagated to management applications" a subset of "exposed through a data model"? The protocol designer should consider how faults information will be s/faults/fault/ Should the event reporting provide gyaranteed accurate delivery of s/gyaranteed/guaranteed/ === 4.3.3. Fault Isolation It might be useful to isolate faults, such as a system that emits malformed messages necessary to coordinate connections properly. Spanning tree comes to mind. This might be able to be done by configuring next-hop devices to drop the faulty messages to prevent them from entering the rest of the network. This is not what *I* mean by fault isolation! Fault isolation is about working out where in the network the fault is. For example, if end-to-end data delivery is failing (reported by a notification), fault isolation will find the failed link or node in the end-to-end path. You seem to be describing the process of quarantining faulty devices. This may also be valuable. "Spanning tree comes to mind" is a rather strange sentence without much context. === 4.4. Configuration Management A protocol desoigners should document what the basic configuration s/desoigners/designers/ "Requirements for Configuration Management of IP-based Networks" [RFC3139] discusses requirements for configuration management. More precisely, "Requirements for Configuration Management of IP-based Networks" [RFC3139] discusses requirements for configuration management of IP-based networks. Which makes me wonder about the purpose of the sentence :-) This document includes... This document or that document? A number of efforts have existed in the IETF to develop policy-based management. "Terminology for Policy-Based Management" [RFC3198] was written to standardize the terminology across these efforts. Some of the efforts resulted in proposals that are NOT RECOMMENDED, so a protocol designer should check the current recommendation status before depending on a specific protocol suggestion. You have used RFC2119 language, but in section 1.1 you said This document deliberately does not use the (capitalized) keywords described in RFC 2119 [RFC2119]. Furthermore, it is not clear to me whether this I-D is doing the NOT RECOMMENDing or whether some other RFC has done it. If it is this I-D, you will need to give reasons. If is some other RFC, you will need to give references. It is highly desirable that text processing tools such as diff, and version management tools such as RCS or CVS or SVN, can be used to process configurations. This approach simplifies comparing the current operational state to the initial configuration. It is commonplace to compare configuration changes to e.g., last day, last week, last month, etc. -- having configuration in a text, and human- understandable format is very valuable for various reasons such as change control (or verification), configuration consistency checks, etc. Yes, but what has this to do with the protocol design? It might be related to device implementation. Or it might be relevant to EMS/NMS implementation. As you note in the subsequent paragraph, this may be impossible even in some text-based DMs. It would certainly be impossible in an SNMP MIB module. To simplify such configuration comparisons, devices should not arbitrarily reorder data such as access control lists. If a protocol designer defines mechanisms for configuration, it would be desirable to standardize the order of elements for consistency of configuration and of reporting across vendors, and across releases from vendors. This example seems a bit specific. And in any case, it is perfectly possible to sort a list before comparing. There are two parts to this: 1. An NMS system could optimize ACLs for performance reasons 2. Unless the device/NMS systems has correct rules/a lot of experience, reordering ACLs can lead to a huge security issue. Maybe what you are saying is: Implementations should not arbitrarily modify configuration data. In some cases (such as Access Control Lists) the order of data items is significant and comprises part of the configured data. Network wide configurations are ideally stored in central master databases This looks like an unsubstantiated assertion. You might get away with "Many operators prefer that..." It is important to distinguish between the distribution of configurations and the activation of a certain configuration. Devices should be able to hold multiple configurations. This is really an implementation issue and nothing to do with the protocol under design. Consensus of the 2002 IAB Workshop was that textual configuration files should be able to contain international characters. Do you have a citation? These timers may need default values suggested in the protocol specification and do not need to be otherwise configurable. I had formed the opinion that timers must be given default values in IETF protocol specifications, but I can't lay my hands on a reference. === 4.5. Accounting Management A protocol designer should consider whether it would be appropriate to collect usage information related to this protocol, and if so, what usage information would be appropriate to collect? s/collect?/collect./ "Introduction to Accounting Management" [RFC2975] discusses a number of factors relevant to monitoring usage of protocols for purposes of capacity and trend analysis, cost allocation, auditing, and billing. This document also discusses how Remote Authentication Dial In User This or that? Service (RADIUS) [RFC2865], Terminal Access Controller Access Control System (TACACS) [RFC1492], SNMP, IPFIX, and Packet Sampling (PSAMP) Protocol [I-D.ietf-psamp-protocol] protocols can be used for these purposes. Surely RFC 2975 does not mention PSAMP? Which makes me wonder what you are trying to achieve with a list of example protocols. Are they intended as recommendations (in which case say so and why), or as a non-exclusive list (in which case a "such as" would be useful). At the moment it reads like these are your favorites and you would be upset if someone used a different protocol! === 4.6. Performance Management There are several parts to performance management to be considered: protocol monitoring, services monitoring, and device monitoring (the impact of the new protocol/service activation on the device). s/services/service/ Consider scalability, such as whether performance will be affected by the number of protocol connections. Maybe say "protocol entities" rather than connections? This section seems to flit between the performance of the protocol under design and the network running the protocol under design, and the performance of the management of the protocol. Each is important, but it may be constructive to split them out into separate sections. The latter will also include a consideration of how the act of monitoring impacts on network performance. The Benchmarking Methodology WG (bmwg) has defined recommendations Later you have BMWG. === 4.7. Security Management It must be possible to do consistency checks of access control lists across devices. Protocol designers should consider information models to promote comparisons across devices and across vendors to permit checking the consistency of security configurations. I think this "must" is massively excessive! I would expect each router to have a different access list in the control plane (a list of its neighbors). Such a mechanism would actually open up a security vulnerability that has to be protected. Perhaps you are talking about management plane access lists. This takes us into the area of securing management activity - see my comments on Section 7. RADIUS and DIAMETER can provide authentication and authorization. A protocol designer should consider which attributes would be appropriate for their protocol. This paragraph is apropos of what? What are you trying to tell me? Should I run my management using Radius? Should I try to build Diameter into my new protocol? Different protocols use different assumptions about message security s/protocols/management protocols/ and data access controls. A protocol designer that recommends using different protocols should consider how security will be applied in a s/protocols/management protocols/ Although you talk about (presumably management) access lists, I think I would have expected a discussion of authority levels and policy with regard to management tasks. === 7. Security Considerations This document is informational and provides guidelines for considering manageability and operations. It introduces no new security concerns. I think that, although you introduce no new security concerns directly, you have some things to talk about. Firstly, the provision of a management portal to a network device provides a doorway through which an attack on the device may be launched. Since you are recommending that the protocol under development be manageable through the management protocol, you are requiring that the protocol be vulnerable to a new source of attacks. Therefore, you must talk about securing the protocol against these attacks. This might be as simple as saying that only management protocols with adequate (for some definition of adequate) security apparatus be used. I think it is also of note that a standard description of the manageable knobs and whistles on a protocol makes it easier for an attacker to understand what they may try to control and how to tweak it. On the other hand, it would be well worth pointing out that a well-designed protocol is usually more stable and secure. And that a protocol that can be managed and inspected offers the operator a better chance of spotting and quarantining any attacks. Conversely making a protocol inspectable, is a risk if the wrong person inspects it! If security events cause logs and or notifications/alerts, can a concerted attack be mounted by causing an excess of these events? In other words, to the security management mechanisms constitute the security vulnerability? Lastly, the management of security aspects is important, and you can just reference back to section 4.7. === 9. Informative References I (of course) would favor an informational reference to draft-ietf-pce- manageability-requirements-06.txt === [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. I think this has been obsoleted. === Appendix A. Operations and Management Review Checklist Maybe a forward reference to this appendix from sections 1 and 5? === A.3. Documentation Does the proposed protocol have a significant operational impact on the Internet. If it does, and the document under review targets standards track, is their enough proof of implementation and/or operational experience to grant Proposed Standard status? Whoah! You are going to use this I-D to try to block standards track I-Ds from becoming RFCs? You are going to get into such a fight!!! IMHO this sentence is a complete show-stopper in your I-D. (Oh, and s/their/there/) === Appendix B. Change Log Suggest you flag this for removal upon publication as an RFC. === > Sent: Sunday, January 25, 2009 6:40 PM > To: opsawg@ietf.org > Subject: [OPSAWG] (final) WGLC on > draft-ietf-opsawg-operations-and-management > > This is a (hopefully final) WGLC for > draft-ietf-opsawg-operations-and-management > there was not enough respose to the last one back in October > please let the list know what you think of the draft
- [OPSAWG] (final) WGLC on draft-ietf-opsawg-operat… Scott O. Bradner
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… Juergen Schoenwaelder
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… Scott O. Bradner
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… Bert Wijnen (IETF)
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… Adrian Farrel
- Re: [OPSAWG] (final) WGLC ondraft-ietf-opsawg-ope… David Harrington
- Re: [OPSAWG] (final) WGLC on draft-ietf-opsawg-op… C. M. Heard
- Re: [OPSAWG] (final) WGLC ondraft-ietf-opsawg-ope… tom.petch
- Re: [OPSAWG] (final) WGLCondraft-ietf-opsawg-oper… David Harrington
- [OPSAWG] FW: (final) WGLC on draft-ietf-opsawg-op… David B Harrington
- Re: [OPSAWG] (final) WGLCondraft-ietf-opsawg-oper… tom.petch
- Re: [OPSAWG] (final) WGLCondraft-ietf-opsawg-oper… David B Harrington
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final) WGLCon draft-ietf-opsawg-ope… David Harrington
- Re: [OPSAWG] (final)WGLCon draft-ietf-opsawg-oper… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final)WGLCon draft-ietf-opsawg-oper… Juergen Schoenwaelder
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final)WGLCon draft-ietf-opsawg-oper… Hannes Tschofenig
- Re: [OPSAWG] (final)WGLCon draft-ietf-opsawg-oper… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Juergen Schoenwaelder
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… David Harrington
- Re: [OPSAWG] (final) WGLCon draft-ietf-opsawg-ope… David Harrington
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Juergen Schoenwaelder
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Romascanu, Dan (Dan)
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Juergen Schoenwaelder
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… tom.petch
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… Juergen Schoenwaelder
- Re: [OPSAWG] (final)WGLCondraft-ietf-opsawg-opera… tom.petch
- [OPSAWG] In-band OAM Natale, Bob
- Re: [OPSAWG] In-band OAM Romascanu, Dan (Dan)
- Re: [OPSAWG] In-band OAM tom.petch
- Re: [OPSAWG] In-band OAM Phil Shafer
- Re: [OPSAWG] In-band OAM Natale, Bob
- Re: [OPSAWG] In-band OAM tom.petch
- Re: [OPSAWG] In-band OAM David Harrington