Re: [OPSAWG] AD review of draft-ietf-opsawg-ntf-07 [2]

Haoyu Song <haoyu.song@futurewei.com> Thu, 07 October 2021 23:15 UTC

Return-Path: <haoyu.song@futurewei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01A43A12B1; Thu, 7 Oct 2021 16:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uM6_0nQQF58N; Thu, 7 Oct 2021 16:15:09 -0700 (PDT)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam08on2123.outbound.protection.outlook.com [40.107.101.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 978BC3A12B0; Thu, 7 Oct 2021 16:15:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WDN140gbMftJ4YnkzwU/IuNvK6Jh5tJno8MCIJ2bQC3OSYV96UeU2bLF13nys5UFp4e1VaB1ydSSebBg9RsCnw3iSUTY9Ui3m951kTpnqsJK9GvdyrSNA1tFm/5nYpnZxyYu97frazRr8R1rbX4PCRWET5hARSfFaoXaVXkEJxxRioJp3hCEYd9mCnj8hzMyvcZ37z0NZHEIl8D31WhGvvpT3I+gN32fgeTiHEHwinHMGvTaxQEecwUIrOQ5IrA86X6XpXB7lf6Qy3Hm/7lIP8DKgf24J5phF2Xep1pUg0pRmb3P+0JykLjQ6E+Y8jvS/fMfXxKRBt+eSbzwh/TN/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I0TD2S0NWlB1XWxDlLPjf00itugUKu0YllBKt+UZqlE=; b=W0FSm5NbvdNxWv1OJjFtuUl96Jj9VUYNiCkY3BvkXt3uACp8+v6u80U9iaC4IRLbaZ8ChDi2Ls8TATqc7iYyscHQP66e3WspW+9ljX1PE8raWoKNR0DZMoC1Z30JJDsZoo0Eb9zAX+xA3zuwy7YnpJAN6rPJvdq/5fGm/s+QbATTUBwcRSZTHYlkxOH6/crW9SqKt0puDOntjGBRMwaP/RMkf7xHRrBaR0vIGSemXIeVpvsjGGTdGWWN+VjHoyRA1RgzPZ8D7nQiKNEmZmKKjQ142JXYRrR13wnGVNFZQCI4iwzQnDMXSQ9VqsQQWEJZt2fGN/BqWap8l7X/3CLqvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I0TD2S0NWlB1XWxDlLPjf00itugUKu0YllBKt+UZqlE=; b=ltEz1zWZh/KrRw+M1ca+bnaKrcDEQZ6grDVviS71SScRsEoYyWjFkTLVnYiUTj8RqvzfXEgsZDijC5Njt2wkHO+LKoOD2ooGgiQZI9gM9TnLkyA/Q13TR42QRSB9uLi+a0wUFGI5pmLtyLDw1g2Mn9uRMZyr3X5JFtYrw5XJD9o=
Received: from BY3PR13MB4787.namprd13.prod.outlook.com (2603:10b6:a03:357::13) by BY5PR13MB3157.namprd13.prod.outlook.com (2603:10b6:a03:18f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.15; Thu, 7 Oct 2021 23:15:06 +0000
Received: from BY3PR13MB4787.namprd13.prod.outlook.com ([fe80::410d:64ed:3b3a:a6b5]) by BY3PR13MB4787.namprd13.prod.outlook.com ([fe80::410d:64ed:3b3a:a6b5%7]) with mapi id 15.20.4608.005; Thu, 7 Oct 2021 23:15:06 +0000
From: Haoyu Song <haoyu.song@futurewei.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "draft-ietf-opsawg-ntf.all@ietf.org" <draft-ietf-opsawg-ntf.all@ietf.org>
CC: "opsawg@ietf.org" <opsawg@ietf.org>, 'opsawg-chairs' <opsawg-chairs@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-ntf-07 [2]
Thread-Index: Ade6n0jxokCHl80FQnmpAPHvjB76BgAAJNkwAAtHC8AAQPKegA==
Date: Thu, 07 Oct 2021 23:15:05 +0000
Message-ID: <BY3PR13MB47872D0912FF8748DADA7A609AB19@BY3PR13MB4787.namprd13.prod.outlook.com>
References: <MWHPR1101MB2222E4F7BD0F9202A0B377FAB5B09@MWHPR1101MB2222.namprd11.prod.outlook.com> <MWHPR1101MB2222790FEEF7CE474D96A2BBB5B09@MWHPR1101MB2222.namprd11.prod.outlook.com> <BY3PR13MB4787B36CD6FDF2CDF42480979AB09@BY3PR13MB4787.namprd13.prod.outlook.com>
In-Reply-To: <BY3PR13MB4787B36CD6FDF2CDF42480979AB09@BY3PR13MB4787.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 953899f8-5e96-47b5-ad13-08d989e84c9b
x-ms-traffictypediagnostic: BY5PR13MB3157:
x-microsoft-antispam-prvs: <BY5PR13MB315750F14CF5299D3C9A7F149AB19@BY5PR13MB3157.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yVQG+RfygRKbnebGN35Gq3g89ZOaYTQul39jBb2wqnyAxPwen033Fde+gCtXh+omdpTFpcZfxqp+q4+en7++lVb2OxnNcy2c+7UJxrmipSPhidYwMB4slZ3+hct0t6blRNlkWKkXAcieRslHU++PlJrYWegrNsfGXgukT5k4tT69lYYd1YxDrNW+nT2GBqeVemIOq/h8qmtgs4sG7djuUbl07Qv1VPcX/MCtztqH7Vo6BndabdpJoFzNX5lueqSuen2Kgrm6kIu5Oxhi8DDi5gT4UPhumGZsaIMrCiw244hmMpagG6uRMNvCTGIiTYMp0YdJOxnvdV/1UWz135qhHdIibjAKomo8mIIie/BxS2zB8TrBNwUB9PbQ6Mu5HLgn7hE9PsrJU7uoVzJp4zq1WQRQmyaCcn3Vh2U3E6GiCK9YZ4q6zb87uTpCsj0KQrTGF5llGvrgjfTeJQ7T89gyWCYP6ZBvaHazmAKra9/0x1ynM7fMg9pJWrJnrFO1/gMyTc1ul4jaWRdbTgeSTmPPnf/iehhXUN28cv2+APK92HDdlePBhcbcnJtpNmAmJq4H2M7JADUmJJtJrv98Xypi1jQyDACp8/SQQGt6WBZKv9DTk69nKSVN6wJZ9oEoAzuQHOiOwR2QwRkq5vx30VB0tsHd56lXi/vi6s6tW14oy4NSDivcgiSkWJJ7zHc1jiD4kOjzPHkH8gA81GsrqyL6258i4TChZSaR18LFmJ/hF7nmfaP6JDlwFke3ZTb1CSSVYga6fQz3cYtg/ECn4Puz8J9Eu1eAL6pvr1dDCeuphKCgjEgr03yRyMcxCOZFAIjk3no0g5QOJxmGOq4VzGXfPA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR13MB4787.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(508600001)(54906003)(66556008)(8936002)(66446008)(966005)(2906002)(76116006)(66476007)(44832011)(66946007)(4326008)(316002)(83380400001)(71200400001)(7696005)(5660300002)(66574015)(52536014)(86362001)(110136005)(33656002)(8676002)(6506007)(53546011)(64756008)(38100700002)(26005)(122000001)(186003)(55016002)(38070700005)(45080400002)(30864003)(9686003)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: udFxQwuuXDI3Gs+m8frPK7B1J47AawUkShTOfA3nY4M3LzTuzeQL+t4KuSUGkOB1ni0dcmtlVS8gHmTCGu3iS8XT0CwpZ1pDn8nETfcU2WVv49EFY/gNLByRZZnZC5eAORWVpedtuQ2Mhgz8d7ojS8X9rbTVWh76Q5yqxec96DzXDzdcuPSI0p6yNd+TIy/c1+IZ58atTtjO1yPJ1vk/EPSS4ZcmarjT6z1Zo3exTBZZF5kht5CZmdRrZoRdQPvTKzFLvYjRuypL97qXylUlBozpUm4Xfb1RFYb52r2apSp7SKu4T7aZY2/7Y4MeECYHYfUns0i0s1fAOneoDMUVEosdqO5nlAeNQMUA6+jZ0Ep7QFjAoYSIkMTcqcQi2cfyCYvCfcGith63oEzVgIlnzjlrZ2mzcnT1bmpSO5qtcuqAI0eC2tzwBZ3qDlScr25NGQ2luqjmXpB0M59TYG7L7Uv57rUVGyBvT1wK/x6v7fK2r5XSegJtFiT9ENFI5I570MyJG4CBLDl7KEYQWGH7dLVqpw4z54vwcwLv9v0L2Jb75n2C/Deh+ztQyyGcTWrluPqOgwzFTlPvsLy2KOkZJPU5Yf0VtP1kpGeHPnL8xnJwRc2S7MP09ysok2o8Lo5ISB6v97UkNUTBXMsg28VfwJ9ijPiFALXdy8tpDv4hjdi6MOm+J4D8XGcRJpswix3sLbLRuavek+UeyibAA6G/KjXxyh3wfKFsQqB7J5JDEYtYYkdr8qz4Gb4pq4jyNPE+8eJUZp24vHxU/qd0bIbK+a/4jtXHiLAVGMbSEGPR//FPPn76LdEUdX1Bg/+TsYSWb6owyNG443BKBLESquNvJ2GbdbqcGFzijECO0Mq52yO4yuOVIiZmeZGgP/0gRd7cZMMQSBMUzY+ioadu2MuvOTZlRcpVM93PXEHURzdXbdHv7AfRdNWJNovNqAfZHok04RHT6tEyJdsIJ/0quZ/sD6rDOKQ/KBBwty039f5uPtvzvg+oIokCmuwGXoTQRA7HEzL3YOo7RC9HQxx3A9EBs+LtUN8GY0whjvF/0MnHDvciDBBg3gUyxupxMEhdIR07xlxc/b/YQs0QOWY6HymDr0JGhmj8ml+isDt4co2EwjEmFH6FIonmXrVujQ+m8RT5h6JvdGqedCjXJfuLIZ15gG2oS2PKBzq/zeRi+SubEGaZSeAc48/Qw5/h0YLeH1m6sYwySumCfATGiUQejkOhFWZHNycNvvKqCo4YQlFX9+DIZ69q/NvN9njLKe2TlLVHGS3KfhEKBNyJlQiczsQ67vAeqtYTbJVO4FSU7yix8YfrQLb+KljGTEM8H5U5xB8F
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY3PR13MB4787.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 953899f8-5e96-47b5-ad13-08d989e84c9b
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2021 23:15:05.8532 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZyybLz0Q+xQQCquGKrx3KHV6RLLSLkS65WflHKsvqneN49D6toApoyyi74F2Jh8HLYm4NnS+Zo5JiI66euYyKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3157
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/pvCjRXygcMxTABIpheJ_WTxvCKI>
Subject: Re: [OPSAWG] AD review of draft-ietf-opsawg-ntf-07 [2]
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2021 23:15:16 -0000

Hi Rob, 

We have updated the draft according to your review suggestions and uploaded the -08 version. In the new revision we believe all your suggestions/questions have been addressed. Please let me know if you have further questions. Thank you very much!

Best regards,
Haoyu 


-------------------------------------------------
A new version of I-D, draft-ietf-opsawg-ntf-08.txt has been successfully submitted by Haoyu Song and posted to the IETF repository.

Name:		draft-ietf-opsawg-ntf
Revision:	08
Title:		Network Telemetry Framework
Document date:	2021-10-07
Group:		opsawg
Pages:		40
URL:            https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-opsawg-ntf-08.txt&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7C96249f77ce0246132c2608d989e79553%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637692450027508042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=fm%2FeutvtbKzZN7c%2BvZzlzmZzSWQs0I52sn68EQ1bSv0%3D&amp;reserved=0
Status:         https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-opsawg-ntf%2F&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7C96249f77ce0246132c2608d989e79553%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637692450027508042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=mPDw6Gz2JqqJ%2F6X0ISjEH5MH1nL%2Bgn5MK4VnbaBAfRs%3D&amp;reserved=0
Htmlized:       https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-opsawg-ntf&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7C96249f77ce0246132c2608d989e79553%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637692450027508042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=x8mxaK3UugiiTtDDX1YCrs3a9%2FjhdUXBPMetNuoR1SM%3D&amp;reserved=0
Diff:           https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-opsawg-ntf-08&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7C96249f77ce0246132c2608d989e79553%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637692450027508042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=3QV9pT%2Fzs5xj6WxMLqIwGr2%2F4cD7xqclE3uznclsZfA%3D&amp;reserved=0


-----Original Message-----
From: Haoyu Song 
Sent: Wednesday, October 6, 2021 9:14 AM
To: Rob Wilton (rwilton) <rwilton@cisco.com>; draft-ietf-opsawg-ntf.all@ietf.org
Cc: opsawg@ietf.org
Subject: RE: AD review of draft-ietf-opsawg-ntf-07 [2]

Hi Rob,

Thank you very much for the review! We'll update the draft as you suggested. 

Best regards,
Haoyu

-----Original Message-----
From: Rob Wilton (rwilton) <rwilton@cisco.com> 
Sent: Wednesday, October 6, 2021 3:55 AM
To: draft-ietf-opsawg-ntf.all@ietf.org
Cc: opsawg@ietf.org
Subject: RE: AD review of draft-ietf-opsawg-ntf-07 [2]

Sigh, this also appears to be truncated in my email client.

To be sure that you see all the comments (i.e., to the end of the document), please either see the previous attachment. The full email can also be seen in the archives at https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fopsawg%2FWDnVtM_vLm15X28OTEwI9Q6gfx0%2F&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7Cf1e7980d22be45a356e608d988b7d5ba%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637691145441218654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=d3NH7iwGu4T99Y%2Fwh9jft0oWofQeKyfWhcuBCQSZcJM%3D&amp;reserved=0

Regards,
Rob


-----Original Message-----
From: Rob Wilton (rwilton) <rwilton@cisco.com> 
Sent: 06 October 2021 11:48
To: draft-ietf-opsawg-ntf.all@ietf.org
Cc: opsawg@ietf.org
Subject: AD review of draft-ietf-opsawg-ntf-07 [2]

Hi,



Here is my belated AD review of draft-ietf-opsawg-ntf-07.txt.  [Text file with comments attached in case this also gets truncated.]



I would like to thank you for the effort that you have put into this document, and apologise for my long delay in reviewing it.



Broadly, I think that this is a good and useful framework, but in some of the latter parts of the document it seems to give prominence to protocols that I don't think have IETF consensus behind them yet (particularly DNP).  I have flagged specific comments in comments inline within the document, but I think that the document will have been accuracy/longevity if text about the potential technologies is mostly kept to the appendices.



There were quite a lot of cases where the text doesn't scan, or read easily, particularly in the latter sections of this document, although I acknowledge that none of the authors appear to be native English speakers.  Ideally, these sorts of issues would have been highlighted and addressed during WG LC.  Although the RFC editor will improve the language of the documents, making the improvements now before IESG review will aid its passage, and hopefully result in a better document when it is published.  I have flagged and proposed alternative text/grammar where possible.  Once you have made the markups and resolved the issues/questions that I have raised then I can run it through a grammar checking tool (Lar's will run an equivalent tool during IESG review anyway ...)



All of my comments are directly inline, please search for "RW" or "RW:"









OPSAWG                                                           H. Song

Internet-Draft                                                 Futurewei

Intended status: Informational                                    F. Qin

Expires: August 23, 2021                                    China Mobile

                                                       P. Martinez-Julia

                                                                    NICT

                                                            L. Ciavaglia

                                                                   Nokia

                                                                 A. Wang

                                                          China Telecom

                                                       February 19, 2021





                      Network Telemetry Framework

                        draft-ietf-opsawg-ntf-07



Abstract



   Network telemetry is a technology for gaining network insight and

   facilitating efficient and automated network management.  It

   encompasses various techniques for remote data generation,

   collection, correlation, and consumption.  This document describes an

   architectural framework for network telemetry, motivated by

   challenges that are encountered as part of the operation of networks

   and by the requirements that ensue.  Network telemetry, as

   necessitated by best industry practices, covers technologies and

   protocols that extend beyond conventional network Operations,



   Administration, and Management (OAM).  The presented network

   telemetry framework promises flexibility, scalability, accuracy,

   coverage, and performance.  In addition, it facilitates the

   implementation of automated control loops to address both today's and

   tomorrow's network operational needs.  This document clarifies the

   terminologies and classifies the modules and components of a network

   telemetry system from several different perspectives.  The framework

   and taxonomy help to set a common ground for the collection of

   related work and provide guidance for related technique and standard

   developments.



RW:

I would suggest condensing the abstract to the following, and move the other text to the introduction if it is not already covered there.



   Network telemetry is a technology for gaining network insight and

   facilitating efficient and automated network management.  It

   encompasses various techniques for remote data generation,

   collection, correlation, and consumption.  This document describes an

   architectural framework for network telemetry, motivated by

   challenges that are encountered as part of the operation of networks

   and by the requirements that ensue.  This document clarifies the

   terminologies and classifies the modules and components of a network

   telemetry system from several different perspectives.  The framework

   and taxonomy help to set a common ground for the collection of

   related work and provide guidance for related technique and standard

   developments.





Status of This Memo



   This Internet-Draft is submitted in full conformance with the

   provisions of BCP 78 and BCP 79.



   Internet-Drafts are working documents of the Internet Engineering

   Task Force (IETF).  Note that other groups may also distribute

   working documents as Internet-Drafts.  The list of current Internet-

   Drafts is at https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdrafts%2Fcurrent%2F&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7Cf1e7980d22be45a356e608d988b7d5ba%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637691145441218654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4B6oa1Ks5lxCrKsVA33csv8LE2rTL1nZmfTlAv9n9ww%3D&amp;reserved=0.









Song, et al.             Expires August 23, 2021                [Page 1]




Internet-Draft         Network Telemetry Framework         February 2021





   Internet-Drafts are draft documents valid for a maximum of six months

   and may be updated, replaced, or obsoleted by other documents at any

   time.  It is inappropriate to use Internet-Drafts as reference

   material or to cite them other than as "work in progress."



   This Internet-Draft will expire on August 23, 2021.



Copyright Notice



   Copyright (c) 2021 IETF Trust and the persons identified as the

   document authors.  All rights reserved.



   This document is subject to BCP 78 and the IETF Trust's Legal

   Provisions Relating to IETF Documents

   (https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustee.ietf.org%2Flicense-info&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7Cf1e7980d22be45a356e608d988b7d5ba%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637691145441218654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=6bgdcWR1Sp3ry4Xg6iJN79hoSxXhzT2FvtcqMXUnmGs%3D&amp;reserved=0) in effect on the date of

   publication of this document.  Please review these documents

   carefully, as they describe your rights and restrictions with respect

   to this document.  Code Components extracted from this document must

   include Simplified BSD License text as described in Section 4.e of

   the Trust Legal Provisions and are provided without warranty as

   described in the Simplified BSD License.



Table of Contents



   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3

   2.  Glossary  . . . . . . . . . . . . . . . . . . . . . . . . . .   4

   3.  Background  . . . . . . . . . . . . . . . . . . . . . . . . .   6

     3.1.  Telemetry Data Coverage . . . . . . . . . . . . . . . . .   7

     3.2.  Use Cases . . . . . . . . . . . . . . . . . . . . . . . .   7

     3.3.  Challenges  . . . . . . . . . . . . . . . . . . . . . . .   9

     3.4.  Network Telemetry . . . . . . . . . . . . . . . . . . . .  10

   4.  The Necessity of a Network Telemetry Framework  . . . . . . .  12

   5.  Network Telemetry Framework . . . . . . . . . . . . . . . . .  13

     5.1.  Top Level Modules . . . . . . . . . . . . . . . . . . . .  14

       5.1.1.  Management Plane Telemetry  . . . . . . . . . . . . .  17

       5.1.2.  Control Plane Telemetry . . . . . . . . . . . . . . .  17

       5.1.3.  Forwarding Plane Telemetry  . . . . . . . . . . . . .  18

       5.1.4.  External Data Telemetry . . . . . . . . . . . . . . .  20

     5.2.  Second Level Function Components  . . . . . . . . . . . .  21

     5.3.  Data Acquisition Mechanism and Type Abstraction . . . . .  22

     5.4.  Mapping Existing Mechanisms into the Framework  . . . . .  24

   6.  Evolution of Network Telemetry Applications . . . . . . . . .  25

   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  26

   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  27

   9.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  27

   10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  28

  11. Informative References  . . . . . . . . . . . . . . . . . . .  28

   Appendix A.  A Survey on Existing Network Telemetry Techniques  .  32







Song, et al.             Expires August 23, 2021                [Page 2]




Internet-Draft         Network Telemetry Framework         February 2021





     A.1.  Management Plane Telemetry  . . . . . . . . . . . . . . .  32

       A.1.1.  Push Extensions for NETCONF . . . . . . . . . . . . .  32

       A.1.2.  gRPC Network Management Interface . . . . . . . . . .  32

     A.2.  Control Plane Telemetry . . . . . . . . . . . . . . . . .  33

       A.2.1.  BGP Monitoring Protocol . . . . . . . . . . . . . . .  33

     A.3.  Data Plane Telemetry  . . . . . . . . . . . . . . . . . .  33

       A.3.1.  The Alternate Marking (AM) technology . . . . . . . .  33

       A.3.2.  Dynamic Network Probe . . . . . . . . . . . . . . . .  34

       A.3.3.  IP Flow Information Export (IPFIX) protocol . . . . .  35

       A.3.4.  In-Situ OAM . . . . . . . . . . . . . . . . . . . . .  35

       A.3.5.  Postcard Based Telemetry  . . . . . . . . . . . . . .  35

     A.4.  External Data and Event Telemetry . . . . . . . . . . . .  35

       A.4.1.  Sources of External Events  . . . . . . . . . . . . .  36

       A.4.2.  Connectors and Interfaces . . . . . . . . . . . . . .  37

   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  37



1.  Introduction



   Network visibility is the ability of management tools to see the

   state and behavior of a network, which is essential for successful

   network operation.  Network Telemetry revolves around network data

   that can help provide insights about the current state of the

  network, including network devices, forwarding, control, and

   management planes, and that can be generated and obtained through a

   variety of techniques, including but not limited to network

   instrumentation and measurements, and that can be processed for

   purposes ranging from service assurance to network security using a

   wide variety of techniques including machine learning, data analysis,

   and correlation.  In this document, Network Telemetry refer to both

   the data itself (i.e., "Network Telemetry Data"), and the techniques

   and processes used to generate, export, collect, and consume that

   data for use by potentially automated management applications.

   Network telemetry extends beyond the conventional network Operations,

   Administration, and Management (OAM) techniques and expects to

   support better flexibility, scalability, accuracy, coverage, and

   performance.



RW: I suggest 'historical' rather than 'conventional'





   However, the term of network telemetry lacks a solid and unambiguous

   definition.  The scope and coverage of it cause confusion and

   misunderstandings.  It is beneficial to clarify the concept and

   provide a clear architectural framework for network telemetry, so we

   can articulate the technical field, and better align the related

   techniques and standard works.



RW: Rather than term of, perhaps 'the term "network telemetry" lacks an

    unambiguous definition'.





   To fulfill such an undertaking, we first discuss some key

   characteristics of network telemetry which set a clear distinction

   from the conventional network OAM and show that some conventional OAM

   technologies can be considered a subset of the network telemetry







Song, et al.             Expires August 23, 2021                [Page 3]




Internet-Draft         Network Telemetry Framework         February 2021





   technologies.  We then provide an architectural framework for network

   telemetry which includes four modules, each concerned with a

   different category of telemetry data and corresponding procedures.

   All the modules are internally structured in the same way, including

   components that allow to configure data sources with regards to what

   data to generate and how to make that available to client

   applications, components that instrument the underlying data sources,

   and components that perform the actual rendering, encoding, and

   exporting of the generated data.  We show how the network telemetry

   framework can benefit the current and future network operations.

   Based on the distinction of modules and function components, we can

   map the existing and emerging techniques and protocols into the

   framework.  The framework can also simplify the tasks for designing,

   maintaining, and understanding a network telemetry system.  At last,

   we outline the evolution stages of the network telemetry system and

   discuss the potential security concerns.



   The purpose of the framework and taxonomy is to set a common ground

   for the collection of related work and provide guidance for future

   technique and standard developments.  To the best of our knowledge,

   this document is the first such effort for network telemetry in

   industry standards organizations.





2.  Glossary



   Before further discussion, we list some key terminology and acronyms

   used in this documents.  We make an intended differentiation between

   the terms of network telemetry and OAM.  However, it should be

   understood that there is not a hard-line distinction between the two

   concepts.  Rather, network telemetry is considered as the extension

   of OAM.  It covers all the existing OAM protocols but puts more

   emphasis on the newer and emerging techniques and protocols

   concerning all aspects of network data from acquisition to

   consumption.





RW:

Nit: "this documents." -> "this document."

Nit: "as an extension" rather than "as the extension".



   AI:  Artificial Intelligence.  In network domain, AI refers to the

      machine-learning based technologies for automated network

      operation and other tasks.



   AM:  Alternate Marking, a flow performance measurement method,

      specified in [RFC8321].



   BMP:  BGP Monitoring Protocol, specified in [RFC7854].



   DNP:  Dynamic Network Probe, referring to programmable in-network

      sensors for network monitoring and measurement.











Song, et al.             Expires August 23, 2021                [Page 4]




Internet-Draft         Network Telemetry Framework         February 2021





   DPI:  Deep Packet Inspection, referring to the techniques that

      examines packet beyond packet L3/L4 headers.



   gNMI:  gRPC Network Management Interface, a network management

      protocol from OpenConfig Operator Working Group, mainly

      contributed by Google.  See [gnmi] for details.



   gRPC:  gRPC Remote Procedure Call, a open source high performance RPC

      framework that gNMI is based on.  See [grpc] for details.



   IPFIX:  IP Flow Information Export Protocol, specified in [RFC7011].



   IOAM:  In-situ OAM, a dataplane on-path telemetry technique.



  NETCONF:  Network Configuration Protocol, specified in [RFC6241].



   NetFlow:  A Cisco protocol for flow record collecting, described in

      [RFC3594].



   Network Telemetry:  The process and instrumentation for acquiring and

      utilizing network data remotely for network monitoring and

      operation.  A general term for a large set of network visibility

      techniques and protocols, concerning aspects like data generation,

      collection, correlation, and consumption.  Network telemetry

      addresses the current network operation issues and enables smooth

      evolution toward future intent-driven autonomous networks.



   NMS:  Network Management System, referring to applications that allow

      network administrators manage a network.



RW: referring to => refers to applications that allow network administrators to manage a network.







   OAM:  Operations, Administration, and Maintenance.  A group of

      network management functions that provide network fault

      indication, fault localization, performance information, and data

      and diagnosis functions.  Most conventional network monitoring

      techniques and protocols belong to network OAM.



   PBT:  Postcard-Based Telemetry, a dataplane on-path telemetry

      technique.



   SMIv2  Structure of Management Information Version 2, specified in

      [RFC2578].



RW:

Is SMIv2 a better reference than MIBs, that readers are more likely to be familiar with?





   SNMP:  Simple Network Management Protocol.  Version 1 and 2 are

      specified in [RFC1157] and [RFC3416], respectively.



   YANG:  The abbreviation of "Yet Another Next Generation".  YANG is a

      data modeling language for the definition of data sent over



RW:

Nit: Please drop the first sentence, and add a reference to RFC 7950.







Song, et al.             Expires August 23, 2021                [Page 5]




Internet-Draft         Network Telemetry Framework         February 2021





      network management protocols such as the NETCONF and RESTCONF.

      YANG is defined in [RFC6020].



   YANG ECA  A YANG model for Event-Condition-Action policies, defined

      in [I-D.wwx-netmod-event-yang].



   YANG PUSH:  A method to subscribe pushed data from remote YANG

      datastore on network devices.  Details are specified in [RFC8641]

      and [RFC8639].



RW:

Perhaps borrow from the abstract in RFC 8641.

  "A mechanism that allows subscriber applications to request a

   stream of updates from a YANG datastore on a network device".  Details are ...





3.  Background



   The term "big data" is used to describe the extremely large volume of

   data sets that can be analyzed computationally to reveal patterns,

   trends, and associations.  Networks are undoubtedly a source of big

   data because of their scale and the volume of network traffic they

   forward.  It is easy to see that network operations can benefit from

   network big data.



RW:

Also need to consider privacy.



I think that we need to be careful not to imply that the intention here is to read/snoop on the data being carried over the network rather than gather insights into flows







   Today one can access advanced big data analytics capability through a

   plethora of commercial and open source platforms (e.g., Apache

   Hadoop), tools (e.g., Apache Spark), and techniques (e.g., machine

   learning).  Thanks to the advance of computing and storage

   technologies, network big data analytics gives network operators an

   opportunity to gain network insights and move towards network

   autonomy.  Some operators start to explore the application of

   Artificial Intelligence (AI) to make sense of network data.  Software

   tools can use the network data to detect and react on network faults,

   anomalies, and policy violations, as well as predicting future

   events.  In turn, the network policy updates for planning, intrusion

   prevention, optimization, and self-healing may be applied.



   It is conceivable that an autonomic network [RFC7575] is the logical

   next step for network evolution following Software Defined Network

   (SDN), aiming to reduce (or even eliminate) human labor, make more

   efficient use of network resources, and provide better services more

   aligned with customer requirements.  Intent-based Networking (IBN)

   [I-D.irtf-nmrg-ibn-concepts-definitions] requires network visibility

   and telemetry data in order to ensure that the network is behaving as

   intended.  Although it takes time to reach the ultimate goal, the

   journey has started nevertheless.

RW:

It would be helpful for the text to link autonomic networking and Intent based networking, perhaps:

The related technique of Intent-based Networking [...] requires ...



RW:

Not sure that the last sentence of the paragraph is required.





   However, while the data processing capability is improved and

   applications are hungry for more data, the networks lag behind in

   extracting and translating network data into useful and actionable

   information in efficient ways.  The system bottleneck is shifting

   from data consumption to data supply.  Both the number of network

   nodes and the traffic bandwidth keep increasing at a fast pace.  The







Song, et al.             Expires August 23, 2021                [Page 6]




Internet-Draft         Network Telemetry Framework         February 2021





   network configuration and policy change at smaller time slots than

   before.  More subtle events and fine-grained data through all network

   planes need to be captured and exported in real time.  In a nutshell,

   it is a challenge to get enough high-quality data out of the network

   in a manner that is efficient, timely, and flexible.  Therefore, we

   need to survey the existing technologies and protocols and identify

   any potential gaps.



   In the remainder of this section, first we clarify the scope of

   network data (i.e., telemetry data) concerned in the context.  Then,

   we discuss several key use cases for today's and future network

   operations.  Next, we show why the current network OAM techniques and

   protocols are insufficient for these use cases.  The discussion

   underlines the need of new methods, techniques, and protocols which

   we assign under the umbrella term - Network Telemetry.



RW:

We should also include the possibilty of extending existing protocols, methods, techniques.





3.1.  Telemetry Data Coverage



   Any information that can be extracted from networks (including data

   plane, control plane, and management plane) and used to gain

   visibility or as basis for actions is considered telemetry data.  It

   includes statistics, event records and logs, snapshots of state,

   configuration data, etc.  It also covers the outputs of any active

   and passive measurements [RFC7799].  Specially, raw data can be

   processed in-network before being sent to a data consumer.  Such

   processed data is also considered telemetry data.  A classification

   of telemetry data is provided in Section 5.



RW:

Specially - I would expand this.  Perhaps: "In some cases, raw data is processed before being sent .."

We should also discuss the quality of data, i.e., less, higher quality data may be better than lots of low quality data.





3.2.  Use Cases



   The following set of use cases is essential for network operations.

   While the list is by no means exhaustive, it is enough to highlight

   the requirements for data velocity, variety, volume, and veracity in

   networks.



   o  Security: Network intrusion detection and prevention systems need

      to monitor network traffic and activities and act upon anomalies.

      Given increasingly sophisticated attack vector coupled with

      increasingly severe consequences of security breaches, new tools

      and techniques need to be developed, relying on wider and deeper

      visibility into networks.



RW:

I agree with this, but it might be good to emphasize that the goal is

to get to a place where this can be done without any, or only minimal,

human intervention.





   o  Policy and Intent Compliance: Network policies are the rules that

      constraint the services for network access, provide service

      differentiation, or enforce specific treatment on the traffic.

      For example, a service function chain is a policy that requires

      the selected flows to pass through a set of ordered network

      functions.  Intent, as defined in



RW:

constraint => constrain





Song, et al.             Expires August 23, 2021                [Page 7]




Internet-Draft         Network Telemetry Framework         February 2021





      [I-D.irtf-nmrg-ibn-concepts-definitions], is a set of operational

      goal that a network should meet and outcomes that a network is

      supposed to deliver, defined in a declarative manner without

      specifying how to achieve or implement them.  An intent requires a

      complex translation and mapping process before being applied on

      networks.  While a policy or an intent is enforced, the compliance

      needs to be verified and monitored continuously, relying on

      visibility that is provided through network telemetry data, and

      any violation needs to be reported immediately.



RW:

Does it not also rely on visibility of the network to potentially modify

the mapping to ensure that the intent remains in force?



   o  SLA Compliance: A Service-Level Agreement (SLA) defines the level

      of service a user expects from a network operator, which include

      the metrics for the service measurement and remedy/penalty

      procedures when the service level misses the agreement.  Users

      need to check if they get the service as promised and network

      operators need to evaluate how they can deliver the services that

      can meet the SLA based on realtime network telemetry data,

      including data from network measurements.



   o  Root Cause Analysis: Any network failure can be the effect of a

      sequence of chained events.  Troubleshooting and recovery require

      quick identification of the root cause of any observable issues.

      However, the root cause is not always straightforward to identify,

      especially when the failure is sporadic and the number of event

      messages, both related and unrelated to the same cause, is

      overwhelming.  While machine learning technologies can be used for

      root cause analysis, it up to the network to sense and provide the

      relevant data to feed into machine learning applications.



RW:

In these sorts of scenarios, I would expect additional detailed diagnostics information to be requested from the device to figure out the root cause.  Or specifically, I think that this would contain data that wouldn't normally be exported via telemetry.





   o  Network Optimization: This covers all short-term and long-term

      network optimization techniques, including load balancing, Traffic

      Engineering (TE), and network planning.  Network operators are

      motivated to optimize their network utilization and differentiate

      services for better Return On Investment (ROI) or lower Capital

      Expenditures (CAPEX).  The first step is to know the real-time

      network conditions before applying policies for traffic

      manipulation.  In some cases, micro-bursts need to be detected in

      a very short time-frame so that fine-grained traffic control can

      be applied to avoid network congestion.  Long-term planning of

      network capacity and topology requires analysis of real-world

      network telemetry data that is obtained over long periods of time.



   o  Event Tracking and Prediction: The visibility into traffic path

      and performance is critical for services and applications that

      rely on healthy network operation.  Numerous related network

      events are of interest to network operators.  For example, Network

      operators want to learn where and why packets are dropped for an

      application flow.  They also want to be warned of issues in







Song, et al.             Expires August 23, 2021                [Page 8]




Internet-Draft         Network Telemetry Framework         February 2021





      advance so proactive actions can be taken to avoid catastrophic

      consequences.



3.3.  Challenges



   For a long time, network operators have relied upon SNMP [RFC3416],

   Command-Line Interface (CLI), or Syslog to monitor the network.  Some

   other OAM techniques as described in [RFC7276] are also used to

   facilitate network troubleshooting.  These conventional techniques

   are not sufficient to support the above use cases for the following

   reasons:



   o  Most use cases need to continuously monitor the network and

      dynamically refine the data collection in real-time.  The poll-

      based low-frequency data collection is ill-suited for these

      applications.  Subscription-based streaming data directly pushed

      from the data source (e.g., the forwarding chip) is preferred to

      provide enough data quantity and precision at scale.



   o  Comprehensive data is needed from packet processing engine to

      traffic manager, from line cards to main control board, from user

      flows to control protocol packets, from device configurations to

      operations, and from physical layer to application layer.

      Conventional OAM only covers a narrow range of data (e.g., SNMP

      only handles data from the Management Information Base (MIB)).

      Traditional network devices cannot provide all the necessary

      probes.  More open and programmable network devices are therefore

      needed.



   o  Many application scenarios need to correlate network-wide data

      from multiple sources (i.e., from distributed network devices,

      different components of a network device, or different network

      planes).  A piecemeal solution is often lacking the capability to

      consolidate the data from multiple sources.  The composition of a

      complete solution, as partly proposed by Autonomic Resource

      Control Architecture(ARCA)

      [I-D.pedro-nmrg-anticipated-adaptation], will be empowered and

      guided by a comprehensive framework.



   o  Some of the conventional OAM techniques (e.g., CLI and Syslog)

      lack a formal data model.  The unstructured data hinder the tool

      automation and application extensibility.  Standardized data

      models are essential to support the programmable networks.



   o  Although some conventional OAM techniques support data push (e.g.,

      SNMP Trap [RFC2981][RFC3877], Syslog, and sFlow), the pushed data

      are limited to only predefined management plane warnings (e.g.,

      SNMP Trap) or sampled user packets (e.g., sFlow).  Network







Song, et al.             Expires August 23, 2021                [Page 9]




Internet-Draft         Network Telemetry Framework         February 2021





      operators require the data with arbitrary source, granularity, and

      precision which are beyond the capability of the existing

      techniques.



   o  The conventional passive measurement techniques can either consume

      excessive network resources and render excessive redundant data,

      or lead to inaccurate results; on the other hand, the conventional

      active measurement techniques can interfere with the user traffic

      and their results are indirect.  Techniques that can collect

      direct and on-demand data from user traffic are more favorable.



   These challenges were addressed by newer standards and techniques

   (e.g., IPFIX/Netflow, PSAMP, IOAM, and YANG-Push) and more are

   emerging.  These standards and techniques need to be recognized and

   accommodated in a new framework.



3.4.  Network Telemetry



   Network telemetry has emerged as a mainstream technical term to refer

   to the network data collection and consumption techniques.  Several

   network telemetry techniques and protocols (e.g., IPFIX [RFC7011] and

   gRPC [grpc]) have been widely deployed.  Network telemetry allows

   separate entities to acquire data from network devices so that data

   can be visualized and analyzed to support network monitoring and

   operation.  Network telemetry covers the conventional network OAM and

   has a wider scope.  It is expected that network telemetry can provide

   the necessary network insight for autonomous networks and address the

   shortcomings of conventional OAM techniques.



   Network telemetry usually assumes machines as data consumers rather

   than human operators.  Hence, the network telemetry can directly

   trigger the automated network operation, while in contrast some

   conventional OAM tools are designed and used to help human operators

   to monitor and diagnose the networks and guide manual network

   operations.  Such a proposition leads to very different techniques.



   Although new network telemetry techniques are emerging and subject to

   continuous evolution, several characteristics of network telemetry

   have been well accepted.  Note that network telemetry is intended to

   be an umbrella term covering a wide spectrum of techniques, so the

   following characteristics are not expected to be held by every

   specific technique.



   o  Push and Streaming: Instead of polling data from network devices,

      telemetry collectors subscribe to streaming data pushed from data

      sources in network devices.











Song, et al.             Expires August 23, 2021               [Page 10]




Internet-Draft         Network Telemetry Framework         February 2021





   o  Volume and Velocity: The telemetry data is intended to be consumed

      by machines rather than by human being.  Therefore, the data

      volume can be huge and the processing is optimized for the needs

      of automation in realtime.



   o  Normalization and Unification: Telemetry aims to address the

      overall network automation needs.  Efforts are made to normalize

      the data representation and unify the protocols, so to simplify

      data analysis and provide integrated analysis across heterogeneous

      devices and data sources across a network.



   o  Model-based: The telemetry data is modeled in advance which allows

      applications to configure and consume data with ease.



   o  Data Fusion: The data for a single application can come from

      multiple data sources (e.g., cross-domain, cross-device, and

      cross-layer) and needs to be correlated to take effect.



   o  Dynamic and Interactive: Since the network telemetry means to be

      used in a closed control loop for network automation, it needs to

      run continuously and adapt to the dynamic and interactive queries

      from the network operation controller.



   In addition, an ideal network telemetry solution may also have the

   following features or properties:



   o  In-Network Customization: The data that is generated can be

      customized in network at run-time to cater to the specific need of

      applications.  This needs the support of a programmable data plane

      which allows probes with custom functions to be deployed at

      flexible locations.



   o  In-Network Data Aggregation and Correlation: Network devices and

      aggregation points can work out which events and what data needs

      to be stored, reported, or discarded thus reducing the load on the

      central collection and processing points while still ensuring that

      the right information is ready to be processed in a timely way.



   o  In-Network Processing: Sometimes it is not necessary or feasible

      to gather all information to a central point to be processed and

      acted upon.  It is possible for the data processing to be done in

      network, allowing reactive actions to be taken locally.



   o  Direct Data Plane Export: The data originated from the data plane

      forwarding chips can be directly exported to the data consumer for

      efficiency, especially when the data bandwidth is large and the

      real-time processing is required.









Song, et al.             Expires August 23, 2021               [Page 11]




Internet-Draft         Network Telemetry Framework         February 2021





   o  In-band Data Collection: In addition to the passive and active

      data collection approaches, the new hybrid approach allows to

      directly collect data for any target flow on its entire forwarding

      path [I-D.song-opsawg-ifit-framework].



   It is worth noting that a network telemetry system should not be

   intrusive to normal network operations by avoiding the pitfall of the

   "observer effect".  That is, it should not change the network

   behavior and affect the forwarding performance.  Otherwise, the whole

   purpose of network telemetry is compromised.



   Although in many cases a system for network telemetry involves a

   remote data collecting and consuming entity, it is important to

   understand that there are no inherent assumptions about how a system

   should be architected.  Telemetry data producers and consumers can

   work in distributed or peer-to-peer fashions rather than assuming a

   centralized data consuming entity.  In such cases, a network node can

   be the direct consumer of telemetry data from other nodes.



4.  The Necessity of a Network Telemetry Framework



RW: I think that the structure of the document might be better if this was a section 3.5 of the background rather than it's own top level section?



   Network data analytics and machine-learning technologies are applied

   for network operation automation, relying on abundant and coherent

   data from networks.  Data acquisition that is limited to a single

   source and static in nature will in many cases not be sufficient to

   meet an application's telemetry data needs.  As a result, multiple

   data sources, involving a variety of techniques and standards, will

   need to be integrated.  It is desirable to have a framework that

   classifies and organizes different telemetry data source and types,

   defines different components of a network telemetry system and their

   interactions, and helps coordinate and integrate multiple telemetry

   approaches across layers.  This allows flexible combinations of data

   for different applications, while normalizing and simplifying

   interfaces.  In detail, such a framework would benefit application

   development for the following reasons:



   o  Future networks, autonomous or otherwise, depend on holistic and

      comprehensive network visibility.  All the use cases and

      applications are better to be supported uniformly and coherently

      under a single intelligent agent using an integrated, converged

      mechanism and common telemetry data representations wherever

      feasible.  Therefore, the protocols and mechanisms should be

      consolidated into a minimum yet comprehensive set.  A telemetry

      framework can help to normalize the technique developments.



   o  Network visibility presents multiple viewpoints.  For example, the

      device viewpoint takes the network infrastructure as the

      monitoring object from which the network topology and device







Song, et al.             Expires August 23, 2021               [Page 12]




Internet-Draft         Network Telemetry Framework         February 2021





      status can be acquired; the traffic viewpoint takes the flows or

      packets as the monitoring object from which the traffic quality

      and path can be acquired.  An application may need to switch its

      viewpoint during operation.  It may also need to correlate a

      service and its impact on user experience to acquire the

      comprehensive information.



   o  Applications require network telemetry to be elastic in order to

      make efficient use of network resources and reduce the impact of

      processing related to network telemetry on network performance.

      For example, routine network monitoring should cover the entire

      network with a low data sampling rate.  Only when issues arise or

      critical trends emerge should telemetry data source be modified

      and telemetry data rates boosted as needed.



   o  Efficient data fusion is critical for applications to reduce the

      overall quantity of data and improve the accuracy of analysis.



   A telemetry framework collects together all of the telemetry-related

   works from different sources and working groups within IETF.  This

   makes it possible to assemble a comprehensive network telemetry

   system and to avoid repetitious or redundant work.  The framework

   should cover the concepts and components from the standardization

   perspective.  This document describes the modules which make up a

   network telemetry framework and decomposes the telemetry system into

   a set of distinct components that existing and future work can easily

   map to.



5.  Network Telemetry Framework



   The top level network telemetry framework partitions the network

   telemetry into four modules based on the telemetry data object source

   and represents their relationship.  At the next level, the framework

   decomposes each module into separate components.  Each of the modules

   follows the same underlying structure, with one component dedicated

   to the configuration of data subscriptions and data sources, a second

   component dedicated to encoding and exporting data, and a third

   component instrumenting the generation of telemetry related to the

   underlying resources.  Throughout the framework, the same set of

   abstract data acquiring mechanisms and data types are applied.  The

   two-level architecture with the uniform data abstraction helps

   accurately pinpoint a protocol or technique to its position in a

   network telemetry system or disaggregate a network telemetry system

   into manageable parts.





RW: Relationship of telemetry data vs get requests.  I.e., isn't telemtry just push rather than pulling data.









Song, et al.             Expires August 23, 2021               [Page 13]




Internet-Draft         Network Telemetry Framework         February 2021





5.1.  Top Level Modules



   Telemetry can be applied on the forwarding plane, the control plane,

   and the management plane in a network, as well as other sources out

   of the network, as shown in Figure 1.  Therefore, we categorize the

   network telemetry into four distinct modules with each having its own

   interface to Network Operation Applications.



                   +------------------------------+

                   |                              |

                   |       Network Operation      |<-------+

                   |          Applications        |        |

                   |                              |        |

                   +------------------------------+        |

                        ^      ^           ^               |

                        |      |           |               |

                        V      |           V               V

                   +-----------|---+--------------+  +-----------+

                   |           |   |              |  |           |

                   | Control Pl|ane|              |  | External  |

                   | Telemetry | <--->            |  | Data and  |

                   |           |   |              |  | Event     |

                   |      ^    V   |  Management  |  | Telemetry |

                   +------|--------+  Plane       |  |           |

                   |      V        |  Telemetry   |  +-----------+

                   | Forwarding    |              |

                   | Plane       <--->            |

                   | Telemetry     |              |

                   |               |              |

                   +---------------+--------------+



                Figure 1: Modules in Layer Category of NTF



RW:

In this diagram, for me at least, I think that it would more natural to have Management Plane on the left, and Control/ Forwarding Plane on the right.



   The rationale of this partition lies in the different telemetry data

   objects which result in different data source and export locations.

   Such differences have profound implications on in-network data

   programming and processing capability, data encoding and transport

   protocol, and required data bandwidth and latency.



RW:

Data can be sent directly, or proxied via the control and management planes