Re: [OPSAWG] AD review of draft-ietf-opsawg-ntf-07
"Rob Wilton (rwilton)" <rwilton@cisco.com> Wed, 06 October 2021 10:45 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39A1A3A1AFD; Wed, 6 Oct 2021 03:45:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Toa15QuV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Dx/5/6MZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NSPEiFBQQFA9; Wed, 6 Oct 2021 03:45:14 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A28103A1AFB; Wed, 6 Oct 2021 03:45:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=44416; q=dns/txt; s=iport; t=1633517114; x=1634726714; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=FZdwdfyVMxqWoeySipiHq9jGDGEtQ6EJOre+sJJ2L40=; b=Toa15QuVxil1wV2rSMrnSaChlPT3SQMpdjJaWwYW21+ZbRIahEyfuQ+N J3OP2Eo51TGYS8IXezQDQjWDleRxoXGn01UJy8nB0486T6zDtkasjKwpm yz8QHukPHjtYr22jdhuqmgQagqrcVZAZvAEOysgn3WOGslWEzJfwb/eN/ 8=;
IronPort-PHdr: A9a23:ifpUUx9yTEEfu/9uWDnoyV9kXcBvk7T5IgBT7YAo2PpCcaWmqpLlOkGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzA0tHMDDDlf0f7bmaiUgF5FEU1lot3iwLUlSHpP4YFvf6n2/5DIfAFPxLw1wc+/0AYXVyc+w0rPaxg==
IronPort-Data: A9a23:RKFL3a+NW0q40ACVTOeNDrUDvnyTJUtcMsCJ2f8bNWPcYEJGY0x3yjMaCm/XM6nYazHwe9hybdm2pk9S7ZbRnd81QAc//31EQiMRo6IpJzg2wmQcns+qw0aqoHtPt63yUfGdapBpJpPgjk31aOG49SEijfjgqofUUYYoBAggHWeIdw954f5Ts7ZRbr9A2bBVMSvU0T/Bi5W31Gue5tJBGjl8B5RvB/9YlK+aVDsw5jTSbB3Q1bPUvyF94Jk3fcldI5ZkK7S4ENJWR86bpF241nnS8xFoAdS/n/OnNEYLWbXVewOJjxK6WYD73UME/XN0g/19badBAatUo23hc9RZ0spMsYC3Ty8iP7bHn6IWVBww/yRWbPEbpeedcCnu2SCU5wicG5f2+N1pFFo/IoIw++trDydJ7/NwADwXZx6fwuO73Lz+TfF3j9ssac/3MsUWvnVIzDzFA7AhW5+rfklgzbe0xx8qjcxIWP3ZfcdcNXxkbQ/LZFtEPVJ/NX73p8/w7lGXTtGSgAj9SXIL3lXu
IronPort-HdrOrdr: A9a23:MYwvXKHo8eOGSeR3pLqFsJLXdLJyesId70hD6qkvc31om52j+fxGws516fatskdvZJkh8erwX5VoMkmsi6KdhrNhfYtKPTOW+VdASbsD0WKM+UyaJ8STzJ856U4kSdkDNDSSNyk4sS+Z2njDLz9I+rDum8rE6Za8vhVQpENRGtxdBmxCe2Cm+zhNNXF77O0CZeOhD6R81l6dUEVSSv7+KmgOXuDFqdGOvonhewQ6Cxku7xTLpS+06ZbheiLonCs2Yndq+/MP4GLFmwv26uGIqPeg0CLR0GfV8tB/hMbh8N1eH8aB4/JlbwkEyzzYILiJaYfy+gzdk9vfsWrCV+O8+yvICv4DrE85uFvF+icFlTOQigrGoEWSuGNwyUGT0fARAghKVvaoQeliA0TkA41KhqAh7EsD5RPri7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4dkWUzxjIfLH47JlOx1GnnKpgYMOjMoPJNNV+KZXHQuWdihNSqQ3QoBx+DBkwPoNac3TRalG1wixJw/r1Rol4QsJYmD5VU7eXNNapl0LlIU88NdKp4QOMMW9G+BGDBSQ/FdGiSPVPkHqcaPG+lke+63JwloOWxPJAYxpo7n5rMFFteqG4pYkrrTdaD2ZVamyq9CFlVnQ6dg/22wqIJ9IEUaICbRBFreWpe5fdI+c9vcPEzc8zDTK5rPw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CYCACJfV1h/5tdJa1QCoEJgVmBUSMGKAd3WjcxiA4DhTmICQOBE48BiliBLhSBEQNUCwEBAQ0BATUMBAEBggiCdQKCRgIlNQgOAQIEAQEBEgEBBQEBAQIBBgSBEROFOwEBBAIlAQyGQgEBAQEDEgYCAQwTBgEBJQUBBQICAwELBAIBCBEBAwEBDQEREDIXBggBAQQOBQgTB4IETIJVAy8BDkKjTQGBOgKKH3iBATKBAYIIAQEGBASFChiCNQMGgTqDAYcGgVJ+gS8nHIFJRIEVQ4FmSjc+gmMCA4EgCAgEBwEBChiDTYIuiiIJAQMNASwoCAQCDQgFBxsCFAULAQMLAgsCAxAWCAYCAhIHBy0BCAgbCgwHCAsMFAINBQUBBwEWAQEOGQUGBgsCBBAZkSgEDxMHK6pWgSMKgzCKRYZthk+DUIMxFINnQosphkWOEoJmkzqCa4xJk0ErAgQYAYRoAgQCBAUCDgEBBoEwMgE5Kw4wcHAVO4JpURkPgzoBhEOGKQUWgQQBAgaCQ4UUhUkBdDgCBgsBAQMJkjwBJ4IeAQE
X-IronPort-AV: E=Sophos;i="5.85,350,1624320000"; d="scan'208";a="945502999"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Oct 2021 10:45:10 +0000
Received: from mail.cisco.com (xbe-rcd-001.cisco.com [173.37.102.16]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 196Aj8RY001921 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 6 Oct 2021 10:45:09 GMT
Received: from xfe-rtp-003.cisco.com (64.101.210.233) by xbe-rcd-001.cisco.com (173.37.102.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Wed, 6 Oct 2021 05:45:07 -0500
Received: from xfe-rtp-004.cisco.com (64.101.210.234) by xfe-rtp-003.cisco.com (64.101.210.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Wed, 6 Oct 2021 06:45:06 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-004.cisco.com (64.101.210.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Wed, 6 Oct 2021 06:45:06 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SWrrhxA4T3t3a2367bFQeLyHS0yLhu3HhIv9GPsgtGS9W1CvmB/TQMwWlZLhHcFWPwA6s5KDvGhYQ5sUbvi2XnCuVIU1vi8Hx8t5nV1p9I+9l7pOg+BtrYR/uaRN6nue8g9BeWCfXoHdqgxgqLee2EeGmunJdVo3Hepguf4asv9wgkdEQ14S4TNGFNSfeoj+xusMelVVphhGOCgDP80dmwOfnlnkQums7P+dO4Q9cfzzXrHvxG9MYf+MQMF3/Z1Orm09a5eG0GtnFiDKVUl44MlM/qHSsQRA23OL6wBVe8o7omMVOrFM4hdKQaCxcKj1SxPb1PIG2fY8k9q1oowVZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C8Sxhy2sWKTTd4FP82lwZwq/TLCoRLXcDUY6ubqNj/o=; b=gNd1GPgMTRIrXBAb/vpEyxm2kHGLqC9Mm3FW7nrlxkFEoV33Ji+77S69DgqCIvIOJrvVKD9RMipjN0QMGE0hcHwxsTHdN6l4C/HnyQzKdMP2Y4a+LmHw5gN25FI1W6UnDcgBdrDzUG/nKjHcMWgGHa+qQZF0QuzYFa64DxVV+jaqOueNpNm1XFyVq3GmSsYpuqVcc6ueIPYCrg6nGCHEcjxW06xPZMIk6dW0N0z0u2Papr+WIj60F26ce6Bg2L7hV9+1hFAVKAOjfhCw27dVwr7kTfieLroiNm8GN6brwiVaVUxO2oqTb99Kh4OOKy7IinlAkeOdDuEYXZaFt3V4Kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C8Sxhy2sWKTTd4FP82lwZwq/TLCoRLXcDUY6ubqNj/o=; b=Dx/5/6MZ6UubHKONat83jBvKg92GVJ5IVYjzM2oEGiYCiLQ2csoO25XWjY670J5hCOjkbclBlVPlowB/NxLmhpyg52zGf0n3GYWf6Moti4GXwqeNrGROdqGAehtP70nTVgOMOxt20bD8WU3pHaIxRkviA78qUJWPwDJ5ctTypDA=
Received: from MWHPR1101MB2222.namprd11.prod.outlook.com (2603:10b6:301:57::10) by CO1PR11MB5010.namprd11.prod.outlook.com (2603:10b6:303:93::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Wed, 6 Oct 2021 10:45:04 +0000
Received: from MWHPR1101MB2222.namprd11.prod.outlook.com ([fe80::e4e2:3bc5:c00:4]) by MWHPR1101MB2222.namprd11.prod.outlook.com ([fe80::e4e2:3bc5:c00:4%6]) with mapi id 15.20.4587.019; Wed, 6 Oct 2021 10:45:03 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "draft-ietf-opsawg-ntf.all@ietf.org" <draft-ietf-opsawg-ntf.all@ietf.org>
CC: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-ntf-07
Thread-Index: Ade6nZabn1AwbAcpT/OnNBQo4wDCMwAAYFEg
Date: Wed, 06 Oct 2021 10:45:03 +0000
Message-ID: <MWHPR1101MB2222DF6349C779D47656291EB5B09@MWHPR1101MB2222.namprd11.prod.outlook.com>
References: <MWHPR1101MB2222E53FAB024A86D64CA7F4B5B09@MWHPR1101MB2222.namprd11.prod.outlook.com>
In-Reply-To: <MWHPR1101MB2222E53FAB024A86D64CA7F4B5B09@MWHPR1101MB2222.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86846bbf-65ce-42ed-7e33-08d988b65adc
x-ms-traffictypediagnostic: CO1PR11MB5010:
x-microsoft-antispam-prvs: <CO1PR11MB5010C7C081BE7FDD8AC84EA4B5B09@CO1PR11MB5010.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wHR09IcyKrDvh0QxVwul4U2PHZpRw1CJYAl/cTtwEWoTsUB/61kW7p/slYSd3Q6/hGCDgVYFvnCcLM56iarEdqljZC2o7c68EdGuq20BLaIL86L01Vg97a2mkwaTTjVqcgWUH1p7krVZqatKpIqB7oEbTP+FEASH/yrgwbJK+FvIy1v8s4fGjUJxR1/wxVxU6v3wyLNWOzoQKGYy4EbI4eGm7KwgWerYbaa1O9hpWPsLCD9xgXcYuaudXej0EzZd2JNbAc54uY5iFGmw+YHZpH1xxhHfyZdkogH2pTGQmg/ymeRunywpZgLtGNyJXcebqyHCQplrQZTXNrZnEM9ETkU9ba2Hr2Ac2FftrPnWnIdXtEJHBmo0OwkvfA8RTMqrAITTtHFnGT+BYHzuj+FOo37Tjd1I+fxiCZ7uu8riLHz8ko5lfi6qPGegDqZjORAHF3aVmtBlY/ormpaGt22U3EK1QJchlq8Xv6OJrRc8LhfQaiIQeVfl4p5MiMC5DoMbJwq2+y6SEEcBIhniqiSZkWCqVfyNvQZjGEHkxQVEsW3hBUyyaP0hLybAV3/MXRBcqLij/rclbwoLctPeR7h+GHNL7PBVoqXXr8Y6xdzNekHFv9+xUs9bNbp9GBXJK9aF/HEsoZSJszqKe1LUC8Clh22ldAxMz9NsCBqitHR58XBVL2CuUHQcEjAxEj55ak+cCJ/+bh203uPq7Jnfh8TSH9hwgz9xJlemR4LDfRfuruBp91mMBEkZfRF8kLCkQ6in+qqwAfObR70CdHWPNGD8neZoVRq98HVKuvPje/qb8Vo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR1101MB2222.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(6916009)(4326008)(30864003)(316002)(66574015)(122000001)(83380400001)(450100002)(26005)(8936002)(5660300002)(966005)(2940100002)(2906002)(71200400001)(33656002)(66946007)(52536014)(53546011)(76116006)(8676002)(38070700005)(6506007)(66446008)(38100700002)(66556008)(64756008)(66476007)(186003)(7696005)(86362001)(55016002)(9686003)(508600001)(559001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xl4rYOmB+XPgaec5YNOVQbqdnDT6edvd7A8RWdh9zL2FeGMpmGnfSFULE+dyd5BXnYomJcdwUQO2HUMlB9QANJen5hRrnSfEBOV1gPb8/NDcqlwZhsWr+tFNpfIyz2kw6tMOiEs1lKT7gjSsUV6PhVRkQG/IGphD47JJOxeUo/sZ2f+YXM7KgmUUyj6pnWPXT0OEtLtmmpoBq70/m3wE8hxh6GqsK8JfL2IKOZh8OoarFZ3V7B4f0i3MMfbd4znoGRFAY62sopY1JZkLiXmRRKb1YH4sNvRNle1xVUwqP+8ZTsnpjXAgnLJIUNC1ya424i8EIMkuMlxtBjZplspxkf+MRDUScS+OXMsdUJoEWu4HA75GgHNDuN33BimvifcijNR+ozRdilFn5OfIzrv30E+Vo0m8EYAUWQP9Kzedpmel+qHQOnDu0Oz2JsFcY9bnYYxRyV5GZFh6osm1JSDR6Ryz8HsT0SKj27LFdDopB4WDJp04yFpUt3puqJqNSgGMB/Zr2zhAySiTTf2k55W1YPoETOLZdZUck7FvePvX25oxV7tTa0+IBem3axL7znQ0TJPUiCnVj5SE7WgGGnacGe1btWht2Hn1asNouvqqAYb7Ai0Dm5FsESQiMLm5sFvHEpj09qCpsizHLfcQDa1rjhsAU1/pVylS6XkqTwsSDCS26P0EBvyduFS2ovVqx4dKmYocf6RiIUUgyKMST6+U84ukMJQwWM2AEQo17LIifiQ4pqB59CdSYNXNt4U+K6i6y1UJRl7NzWCOojtvG9xlTPDQNfDnLUODaP1ZFU0lMqZL+Jc0Ii6ZpJPbo4bl3gaCwE6bC5WBTiB5SyCfBKoWl5ae5dzNDGEGdx2DnFNhWuLnOEtGGG63RwH5jfY5vgUR2TZL10SwxvlBkZq3aQIQF3HF5uPP4aQTR9TjAmagGOii8Sr6EZethoQnEn3ZOb3Y9gRvQho3pJgjwEZVZwE5dZ0EWCciWtnb29D4vKLn5UgZrfq/02dlVA/b6Z6QgmAtVhYBHOK3Dep3kL9YdHjBtJdKDKdMNvfzMTdRAUzzSM4ETB0Pjgpf7pqJAdcGw0TVuAKft28y+WnLaMz82Wv4V0J4j5OmCkiy3SkMsAAljWi+1cteJhOkyoU1ZIAnXnBDTkneSazvgW7lnC9SvZk9c/EUcGwR9k7+W5DHMPASO7ksuKOpXnAeq3/zO4KD0c0A4hRRkwZ7uYR4Gl9OC9iGdrexLSt7nRE49Lh0g98o0mR3PYmGGnLjWaQ8PDsM6nK3Jo16DaBUQTYS/uAQ37EbToe765YDNH8pQWR5e0jR0xxjkZKvpZjCuwQDv/cQgD4h
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR1101MB2222.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86846bbf-65ce-42ed-7e33-08d988b65adc
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2021 10:45:03.7491 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cZZ5DOkx+c9OPGyYvL/KKxRhLERfV2GAOR5jMSQ/g18VvnIrgQjiFjCJZ3eJMN7+vqrV+cBN0daBdl/sittitQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5010
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xbe-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/rvclWNrtwYI7RRcUyEerNuGHIik>
Subject: Re: [OPSAWG] AD review of draft-ietf-opsawg-ntf-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 10:45:20 -0000
Sorry, the IETF mail filters have truncated my email. I'll resend as HTML to see if that helps. Rob -----Original Message----- From: Rob Wilton (rwilton) <rwilton@cisco.com> Sent: 06 October 2021 11:35 To: draft-ietf-opsawg-ntf.all@ietf.org Cc: opsawg@ietf.org Subject: AD review of draft-ietf-opsawg-ntf-07 Hi, Here is my belated AD review of draft-ietf-opsawg-ntf-07.txt. I would like to thank you for the effort that you have put into this document, and apologise for my long delay in reviewing it. Broadly, I think that this is a good and useful framework, but in some of the latter parts of the document it seems to give prominence to protocols that I don't think have IETF consensus behind them yet (particularly DNP). I have flagged specific comments in comments inline within the document, but I think that the document will have been accuracy/longevity if text about the potential technologies is mostly kept to the appendices. There were quite a lot of cases where the text doesn't scan, or read easily, particularly in the latter sections of this document, although I acknowledge that none of the authors appear to be native English speakers. Ideally, these sorts of issues would have been highlighted and addressed during WG LC. Although the RFC editor will improve the language of the documents, making the improvements now before IESG review will aid its passage, and hopefully result in a better document when it is published. I have flagged and proposed alternative text/grammar where possible. Once you have made the markups and resolved the issues/questions that I have raised then I can run it through a grammar checking tool (Lar's will run an equivalent tool during IESG review anyway ...) All of my comments are directly inline, please search for "RW" or "RW:" OPSAWG H. Song Internet-Draft Futurewei Intended status: Informational F. Qin Expires: August 23, 2021 China Mobile P. Martinez-Julia NICT L. Ciavaglia Nokia A. Wang China Telecom February 19, 2021 Network Telemetry Framework draft-ietf-opsawg-ntf-07 Abstract Network telemetry is a technology for gaining network insight and facilitating efficient and automated network management. It encompasses various techniques for remote data generation, collection, correlation, and consumption. This document describes an architectural framework for network telemetry, motivated by challenges that are encountered as part of the operation of networks and by the requirements that ensue. Network telemetry, as necessitated by best industry practices, covers technologies and protocols that extend beyond conventional network Operations, Administration, and Management (OAM). The presented network telemetry framework promises flexibility, scalability, accuracy, coverage, and performance. In addition, it facilitates the implementation of automated control loops to address both today's and tomorrow's network operational needs. This document clarifies the terminologies and classifies the modules and components of a network telemetry system from several different perspectives. The framework and taxonomy help to set a common ground for the collection of related work and provide guidance for related technique and standard developments. RW: I would suggest condensing the abstract to the following and move the other text to the introduction if it is not already covered there. Network telemetry is a technology for gaining network insight and facilitating efficient and automated network management. It encompasses various techniques for remote data generation, collection, correlation, and consumption. This document describes an architectural framework for network telemetry, motivated by challenges that are encountered as part of the operation of networks and by the requirements that ensue. This document clarifies the terminologies and classifies the modules and components of a network telemetry system from several different perspectives. The framework and taxonomy help to set a common ground for the collection of related work and provide guidance for related technique and standard developments. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Song, et al. Expires August 23, 2021 [Page 1] Internet-Draft Network Telemetry Framework February 2021 Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 23, 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Telemetry Data Coverage . . . . . . . . . . . . . . . . . 7 3.2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 7 3.3. Challenges . . . . . . . . . . . . . . . . . . . . . . . 9 3.4. Network Telemetry . . . . . . . . . . . . . . . . . . . . 10 4. The Necessity of a Network Telemetry Framework . . . . . . . 12 5. Network Telemetry Framework . . . . . . . . . . . . . . . . . 13 5.1. Top Level Modules . . . . . . . . . . . . . . . . . . . . 14 5.1.1. Management Plane Telemetry . . . . . . . . . . . . . 17 5.1.2. Control Plane Telemetry . . . . . . . . . . . . . . . 17 5.1.3. Forwarding Plane Telemetry . . . . . . . . . . . . . 18 5.1.4. External Data Telemetry . . . . . . . . . . . . . . . 20 5.2. Second Level Function Components . . . . . . . . . . . . 21 5.3. Data Acquisition Mechanism and Type Abstraction . . . . . 22 5.4. Mapping Existing Mechanisms into the Framework . . . . . 24 6. Evolution of Network Telemetry Applications . . . . . . . . . 25 7. Security Considerations . . . . . . . . . . . . . . . . . . . 26 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 27 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28 11. Informative References . . . . . . . . . . . . . . . . . . . 28 Appendix A. A Survey on Existing Network Telemetry Techniques . 32 Song, et al. Expires August 23, 2021 [Page 2] Internet-Draft Network Telemetry Framework February 2021 A.1. Management Plane Telemetry . . . . . . . . . . . . . . . 32 A.1.1. Push Extensions for NETCONF . . . . . . . . . . . . . 32 A.1.2. gRPC Network Management Interface . . . . . . . . . . 32 A.2. Control Plane Telemetry . . . . . . . . . . . . . . . . . 33 A.2.1. BGP Monitoring Protocol . . . . . . . . . . . . . . . 33 A.3. Data Plane Telemetry . . . . . . . . . . . . . . . . . . 33 A.3.1. The Alternate Marking (AM) technology . . . . . . . . 33 A.3.2. Dynamic Network Probe . . . . . . . . . . . . . . . . 34 A.3.3. IP Flow Information Export (IPFIX) protocol . . . . . 35 A.3.4. In-Situ OAM . . . . . . . . . . . . . . . . . . . . . 35 A.3.5. Postcard Based Telemetry . . . . . . . . . . . . . . 35 A.4. External Data and Event Telemetry . . . . . . . . . . . . 35 A.4.1. Sources of External Events . . . . . . . . . . . . . 36 A.4.2. Connectors and Interfaces . . . . . . . . . . . . . . 37 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 1. Introduction Network visibility is the ability of management tools to see the state and behavior of a network, which is essential for successful network operation. Network Telemetry revolves around network data that can help provide insights about the current state of the network, including network devices, forwarding, control, and management planes, and that can be generated and obtained through a variety of techniques, including but not limited to network instrumentation and measurements, and that can be processed for purposes ranging from service assurance to network security using a wide variety of techniques including machine learning, data analysis, and correlation. In this document, Network Telemetry refer to both the data itself (i.e., "Network Telemetry Data"), and the techniques and processes used to generate, export, collect, and consume that data for use by potentially automated management applications. Network telemetry extends beyond the conventional network Operations, Administration, and Management (OAM) techniques and expects to support better flexibility, scalability, accuracy, coverage, and performance. RW: I suggest 'historical' rather than 'conventional' However, the term of network telemetry lacks a solid and unambiguous definition. The scope and coverage of it cause confusion and misunderstandings. It is beneficial to clarify the concept and provide a clear architectural framework for network telemetry, so we can articulate the technical field, and better align the related techniques and standard works. RW: Rather than term of, perhaps 'the term "network telemetry" lacks an unambiguous definition'. To fulfill such an undertaking, we first discuss some key characteristics of network telemetry which set a clear distinction from the conventional network OAM and show that some conventional OAM technologies can be considered a subset of the network telemetry Song, et al. Expires August 23, 2021 [Page 3] Internet-Draft Network Telemetry Framework February 2021 technologies. We then provide an architectural framework for network telemetry which includes four modules, each concerned with a different category of telemetry data and corresponding procedures. All the modules are internally structured in the same way, including components that allow to configure data sources with regards to what data to generate and how to make that available to client applications, components that instrument the underlying data sources, and components that perform the actual rendering, encoding, and exporting of the generated data. We show how the network telemetry framework can benefit the current and future network operations. Based on the distinction of modules and function components, we can map the existing and emerging techniques and protocols into the framework. The framework can also simplify the tasks for designing, maintaining, and understanding a network telemetry system. At last, we outline the evolution stages of the network telemetry system and discuss the potential security concerns. The purpose of the framework and taxonomy is to set a common ground for the collection of related work and provide guidance for future technique and standard developments. To the best of our knowledge, this document is the first such effort for network telemetry in industry standards organizations. 2. Glossary Before further discussion, we list some key terminology and acronyms used in this documents. We make an intended differentiation between the terms of network telemetry and OAM. However, it should be understood that there is not a hard-line distinction between the two concepts. Rather, network telemetry is considered as the extension of OAM. It covers all the existing OAM protocols but puts more emphasis on the newer and emerging techniques and protocols concerning all aspects of network data from acquisition to consumption. RW: Nit: "this documents." -> "this document." Nit: "as an extension" rather than "as the extension". AI: Artificial Intelligence. In network domain, AI refers to the machine-learning based technologies for automated network operation and other tasks. AM: Alternate Marking, a flow performance measurement method, specified in [RFC8321]. BMP: BGP Monitoring Protocol, specified in [RFC7854]. DNP: Dynamic Network Probe, referring to programmable in-network sensors for network monitoring and measurement. Song, et al. Expires August 23, 2021 [Page 4] Internet-Draft Network Telemetry Framework February 2021 DPI: Deep Packet Inspection, referring to the techniques that examines packet beyond packet L3/L4 headers. gNMI: gRPC Network Management Interface, a network management protocol from OpenConfig Operator Working Group, mainly contributed by Google. See [gnmi] for details. gRPC: gRPC Remote Procedure Call, a open source high performance RPC framework that gNMI is based on. See [grpc] for details. IPFIX: IP Flow Information Export Protocol, specified in [RFC7011]. IOAM: In-situ OAM, a dataplane on-path telemetry technique. NETCONF: Network Configuration Protocol, specified in [RFC6241]. NetFlow: A Cisco protocol for flow record collecting, described in [RFC3594]. Network Telemetry: The process and instrumentation for acquiring and utilizing network data remotely for network monitoring and operation. A general term for a large set of network visibility techniques and protocols, concerning aspects like data generation, collection, correlation, and consumption. Network telemetry addresses the current network operation issues and enables smooth evolution toward future intent-driven autonomous networks. NMS: Network Management System, referring to applications that allow network administrators manage a network. RW: referring to => refers to applications that allow network administrators to manage a network. OAM: Operations, Administration, and Maintenance. A group of network management functions that provide network fault indication, fault localization, performance information, and data and diagnosis functions. Most conventional network monitoring techniques and protocols belong to network OAM. PBT: Postcard-Based Telemetry, a dataplane on-path telemetry technique. SMIv2 Structure of Management Information Version 2, specified in [RFC2578]. RW: Is SMIv2 a better reference than MIBs, that readers are more likely to be familiar with? SNMP: Simple Network Management Protocol. Version 1 and 2 are specified in [RFC1157] and [RFC3416], respectively. YANG: The abbreviation of "Yet Another Next Generation". YANG is a data modeling language for the definition of data sent over RW: Nit: Please drop the first sentence, and add a reference to RFC 7950. Song, et al. Expires August 23, 2021 [Page 5] Internet-Draft Network Telemetry Framework February 2021 network management protocols such as the NETCONF and RESTCONF. YANG is defined in [RFC6020]. YANG ECA A YANG model for Event-Condition-Action policies, defined in [I-D.wwx-netmod-event-yang]. YANG PUSH: A method to subscribe pushed data from remote YANG datastore on network devices. Details are specified in [RFC8641] and [RFC8639]. RW: Perhaps borrow from the abstract in RFC 8641. "A mechanism that allows subscriber applications to request a stream of updates from a YANG datastore on a network device". Details are ... 3. Background The term "big data" is used to describe the extremely large volume of data sets that can be analyzed computationally to reveal patterns, trends, and associations. Networks are undoubtedly a source of big data because of their scale and the volume of network traffic they forward. It is easy to see that network operations can benefit from network big data. RW: Also need to consider privacy. I think that we need to be careful not to imply that the intention here is to read/snoop on the data being carried over the network rather than gather insights into flows Today one can access advanced big data analytics capability through a plethora of commercial and open source platforms (e.g., Apache Hadoop), tools (e.g., Apache Spark), and techniques (e.g., machine learning). Thanks to the advance of computing and storage technologies, network big data analytics gives network operators an opportunity to gain network insights and move towards network autonomy. Some operators start to explore the application of Artificial Intelligence (AI) to make sense of network data. Software tools can use the network data to detect and react on network faults, anomalies, and policy violations, as well as predicting future events. In turn, the network policy updates for planning, intrusion prevention, optimization, and self-healing may be applied. It is conceivable that an autonomic network [RFC7575] is the logical next step for network evolution following Software Defined Network (SDN), aiming to reduce (or even eliminate) human labor, make more efficient use of network resources, and provide better services more aligned with customer requirements. Intent-based Networking (IBN) [I-D.irtf-nmrg-ibn-concepts-definitions] requires network visibility and telemetry data in order to ensure that the network is behaving as intended. Although it takes time to reach the ultimate goal, the journey has started nevertheless. RW: It would be helpful for the text to link autonomic networking and Intent based networking, perhaps: The related technique of Intent-based Networking [...] requires ... RW: Not sure that the last sentence of the paragraph is required. However, while the data processing capability is improved and applications are hungry for more data, the networks lag behind in extracting and translating network data into useful and actionable information in efficient ways. The system bottleneck is shifting from data consumption to data supply. Both the number of network nodes and the traffic bandwidth keep increasing at a fast pace. The Song, et al. Expires August 23, 2021 [Page 6] Internet-Draft Network Telemetry Framework February 2021 network configuration and policy change at smaller time slots than before. More subtle events and fine-grained data through all network planes need to be captured and exported in real time. In a nutshell, it is a challenge to get enough high-quality data out of the network in a manner that is efficient, timely, and flexible. Therefore, we need to survey the existing technologies and protocols and identify any potential gaps. In the remainder of this section, first we clarify the scope of network data (i.e., telemetry data) concerned in the context. Then, we discuss several key use cases for today's and future network operations. Next, we show why the current network OAM techniques and protocols are insufficient for these use cases. The discussion underlines the need of new methods, techniques, and protocols which we assign under the umbrella term - Network Telemetry. RW: We should also include the possibilty of extending existing protocols, methods, techniques. 3.1. Telemetry Data Coverage Any information that can be extracted from networks (including data plane, control plane, and management plane) and used to gain visibility or as basis for actions is considered telemetry data. It includes statistics, event records and logs, snapshots of state, configuration data, etc. It also covers the outputs of any active and passive measurements [RFC7799]. Specially, raw data can be processed in-network before being sent to a data consumer. Such processed data is also considered telemetry data. A classification of telemetry data is provided in Section 5. RW: Specially - I would expand this. Perhaps: "In some cases, raw data is processed before being sent .." We should also discuss the quality of data, i.e., less, higher quality data may be better than lots of low quality data. 3.2. Use Cases The following set of use cases is essential for network operations. While the list is by no means exhaustive, it is enough to highlight the requirements for data velocity, variety, volume, and veracity in networks. o Security: Network intrusion detection and prevention systems need to monitor network traffic and activities and act upon anomalies. Given increasingly sophisticated attack vector coupled with increasingly severe consequences of security breaches, new tools and techniques need to be developed, relying on wider and deeper visibility into networks. RW: I agree with this, but it might be good to emphasize that the goal is to get to a place where this can be done without any, or only minimal, human intervention. o Policy and Intent Compliance: Network policies are the rules that constraint the services for network access, provide service differentiation, or enforce specific treatment on the traffic. For example, a service function chain is a policy that requires the selected flows to pass through a set of ordered network functions. Intent, as defined in RW: constraint => constrain Song, et al. Expires August 23, 2021 [Page 7] Internet-Draft Network Telemetry Framework February 2021 [I-D.irtf-nmrg-ibn-concepts-definitions], is a set of operational goal that a network should meet and outcomes that a network is supposed to deliver, defined in a declarative manner without specifying how to achieve or implement them. An intent requires a complex translation and mapping process before being applied on networks. While a policy or an intent is enforced, the compliance needs to be verified and monitored continuously, relying on visibility that is provided through network telemetry data, and any violation needs to be reported immediately. RW: Does it not also rely on visibility of the network to potentially modify the mapping to ensure that the intent remains in force? o SLA Compliance: A Service-Level Agreement (SLA) defines the level of service a user expects from a network operator, which include the metrics for the service measurement and remedy/penalty procedures when the service level misses the agreement. Users need to check if they get the service as promised and network operators need to evaluate how they can deliver the services that can meet the SLA based on realtime network telemetry data, including data from network measurements. o Root Cause Analysis: Any network failure can be the effect of a sequence of chained events. Troubleshooting and recovery require quick identification of the root cause of any observable issues. However, the root cause is not always straightforward to identify, especially when the failure is sporadic and the number of event messages, both related and unrelated to the same cause, is overwhelming. While machine learning technologies can be used for root cause analysis, it up to the network to sense and provide the relevant data to feed into machine learning applications. RW: In these sorts of scenarios, I would expect additional detailed diagnostics information to be requested from the device to figure out the root cause. Or specifically, I think that this would contain data that wouldn't normally be exported via telemetry. o Network Optimization: This covers all short-term and long-term network optimization techniques, including load balancing, Traffic Engineering (TE), and network planning. Network operators are motivated to optimize their network utilization and differentiate services for better Return On Investment (ROI) or lower Capital Expenditures (CAPEX). The first step is to know the real-time network conditions before applying policies for traffic manipulation. In some cases, micro-bursts need to be detected in a very short time-frame so that fine-grained traffic control can be applied to avoid network congestion. Long-term planning of network capacity and topology requires analysis of real-world network telemetry data that is obtained over long periods of time. o Event Tracking and Prediction: The visibility into traffic path and performance is critical for services and applications that rely on healthy network operation. Numerous related network events are of interest to network operators. For example, Network operators want to learn where and why packets are dropped for an application flow. They also want to be warned of issues in Song, et al. Expires August 23, 2021 [Page 8] Internet-Draft Network Telemetry Framework February 2021 advance so proactive actions can be taken to avoid catastrophic consequences. 3.3. Challenges For a long time, network operators have relied upon SNMP [RFC3416], Command-Line Interface (CLI), or Syslog to monitor the network. Some other OAM techniques as described in [RFC7276] are also used to facilitate network troubleshooting. These conventional techniques are not sufficient to support the above use cases for the following reasons: o Most use cases need to continuously monitor the network and dynamically refine the data collection in real-time. The poll- based low-frequency data collection is ill-suited for these applications. Subscription-based streaming data directly pushed from the data source (e.g., the forwarding chip) is preferred to provide enough data quantity and precision at scale. o Comprehensive data is needed from packet processing engine to traffic manager, from line cards to main control board, from user flows to control protocol packets, from device configurations to operations, and from physical layer to application layer. Conventional OAM only covers a narrow range of data (e.g., SNMP only handles data from the Management Information Base (MIB)). Traditional network devices cannot provide all the necessary probes. More open and programmable network devices are therefore needed. o Many application scenarios need to correlate network-wide data from multiple sources (i.e., from distributed network devices, different components of a network device, or different network planes). A piecemeal solution is often lacking the capability to consolidate the data from multiple sources. The composition of a complete solution, as partly proposed by Autonomic Resource Control Architecture(ARCA) [I-D.pedro-nmrg-anticipated-adaptation], will be empowered and guided by a comprehensive framework. o Some of the conventional OAM techniques (e.g., CLI and Syslog) lack a formal data model. The unstructured data hinder the tool automation and application extensibility. Standardized data models are essential to support the programmable networks. o Although some conventional OAM techniques support data push (e.g., SNMP Trap [RFC2981][RFC3877], Syslog, and sFlow), the pushed data are limited to only predefined management plane warnings (e.g., SNMP Trap) or sampled user packets (e.g., sFlow). Network Song, et al. Expires August 23, 2021 [Page 9] Internet-Draft Network Telemetry Framework February 2021 operators require the data with arbitrary source, granularity, and precision which are beyond the capability of the existing techniques. o The conventional passive measurement techniques can either consume excessive network resources and render excessive redundant data, or lead to inaccurate results; on the other hand, the conventional active measurement techniques can interfere with the user traffic and their results are indirect. Techniques that can collect direct and on-demand data from user traffic are more favorable. These challenges were addressed by newer standards and techniques (e.g., IPFIX/Netflow, PSAMP, IOAM, and YANG-Push) and more are emerging. These standards and techniques need to be recognized and accommodated in a new framework. 3.4. Network Telemetry Network telemetry has emerged as a mainstream technical term to refer to the network data collection and consumption techniques. Several network telemetry techniques and protocols (e.g., IPFIX [RFC7011] and gRPC [grpc]) have been widely deployed. Network telemetry allows separate entities to acquire data from network devices so that data can be visualized and analyzed to support network monitoring and operation. Network telemetry covers the conventional network OAM and has a wider scope. It is expected that network telemetry can provide the necessary network insight for autonomous networks and address the shortcomings of conventional OAM techniques. Network telemetry usually assumes machines as data consumers rather than human operators. Hence, the network telemetry can directly trigger the automated network operation, while in contrast some conventional OAM tools are designed and used to help human operators to monitor and diagnose the networks and guide manual network operations. Such a proposition leads to very different techniques. Although new network telemetry techniques are emerging and subject to continuous evolution, several characteristics of network telemetry have been well accepted. Note that network telemetry is intended to be an umbrella term covering a wide spectrum of techniques, so the following characteristics are not expected to be held by every specific technique. o Push and Streaming: Instead of polling data from network devices, telemetry collectors subscribe to streaming data pushed from data sources in network devices. Song, et al. Expires August 23, 2021 [Page 10] Internet-Draft Network Telemetry Framework February 2021 o Volume and Velocity: The telemetry data is intended to be consumed by machines rather than by human being. Therefore, the data volume can be huge and the processing is optimized for the needs of automation in realtime. o Normalization and Unification: Telemetry aims to address the overall network automation needs. Efforts are made to normalize the data representation and unify the protocols, so to simplify data analysis and provide integrated analysis across heterogeneous devices and data sources across a network. o Model-based: The telemetry data is modeled in advance which allows applications to configure and consume data with ease. o Data Fusion: The data for a single application can come from multiple data sources (e.g., cross-domain, cross-device, and cross-layer) and needs to be correlated to take effect. o Dynamic and Interactive: Since the network telemetry means to be used in a closed control loop for network automation, it needs to run continuously and adapt to the dynamic and interactive queries from the network operation controller. In addition, an ideal network telemetry solution may also have the following features or properties: o In-Network Customization: The data that is generated can be customized in network at run-time to cater to the specific need of applications. This needs the support of a programmable data plane which allows probes with custom functions to be deployed at flexible locations. o In-Network Data Aggregation and Correlation: Network devices and aggregation points can work out which events and what data needs to be stored, reported, or discarded thus reducing the load on the central collection and processing points while still ensuring that the right information is ready to be processed in a timely way. o In-Network Processing: Sometimes it is not necessary or feasible to gather all information to a central point to be processed and acted upon. It is possible for the data processing to be done in network, allowing reactive actions to be taken locally. o Direct Data Plane Export: The data originated from the data plane forwarding chips can be directly exported to the data consumer for efficiency, especially when the data bandwidth is large and the real-time processing is required. Song, et al. Expires August 23, 2021 [Page 11] Internet-Draft Network Telemetry Framework February 2021 o In-band Data Collection: In addition to the passive and active data collection approaches, the new hybrid approach allows to directly collect data for any target flow on its entire forwarding path [I-D.song-opsawg-ifit-framework]. It is worth noting that a network telemetry system should not be intrusive to normal network operations by avoiding the pitfall of the "observer effect". That is, it should not change the network behavior and affect the forwarding performance. Otherwise, the whole purpose of network telemetry is compromised. Although in many cases a system for network telemetry involves a remote data collecting and consuming entity, it is important to understand that there are no inherent assumptions about how a system should be architected. Telemetry data producers and consumers can work in distributed or peer-to-peer fashions rather than assuming a centralized data consuming entity. In such cases, a network node can be the direct consumer of telemetry data from other nodes. 4. The Necessity of a Network Telemetry Framework RW: I think that the structure of the document might be better if this was a section 3.5 of the background rather than it's own top level section? Network data analytics and machine-learning technologies are applied for network operation automation, relying on abundant and coherent data from networks. Data acquisition that is limited to a single source and static in nature will in many cases not be sufficient to meet an application's telemetry data needs. As a result, multiple data sources, involving a variety of techniques and standards, will need to be integrated. It is desirable to have a framework that classifies and organizes different telemetry data source and types, defines different components of a network telemetry system and their interactions, and helps coordinate and integrate multiple telemetry approaches across layers. This allows flexible combinations of data for different applications, while normalizing and simplifying interfaces. In detail, such a framework would benefit application development for the following reasons: o Future networks, autonomous or otherwise, depend on holistic and comprehensive network visibility. All the use cases and applications are better to be supported uniformly and coherently under a single intelligent agent using an integrated, converged mechanism and common telemetry data representations wherever feasible. Therefore, the protocols and mechanisms should be consolidated into a minimum yet comprehensive set. A telemetry framework can help to normalize the technique developments. o Network visibility presents multiple viewpoints. For example, the device viewpoint takes the network infrastructure as the monitoring object from which the network topology and device Song, et al. Expires August 23, 2021 [Page 12] Internet-Draft Network Telemetry Framework February 2021 status can be acquired; the traffic viewpoint takes the flows or packets as the monitoring object from which the traffic quality and path can be acquired. An application may need to switch its viewpoint during operation. It may also need to correlate a service and its impact on user experience to acquire the comprehensive information. o Applications require network telemetry to be elastic in order to make efficient use of network resources and reduce the impact of processing related to network telemetry on network performance. For example, routine network monitoring should cover the entire network with a low data sampling rate. Only when issues arise or critical trends emerge should telemetry data source be modified and telemetry data rates boosted as needed. o Efficient data fusion is critical for applications to reduce the overall quantity of data and improve the accuracy of analysis. A telemetry framework collects together all of the telemetry-related works from different sources and working groups within IETF. This makes it possible to assemble a comprehensive network telemetry system and to avoid repetitious or redundant work. The framework should cover the concepts and components from the standardization perspective. This document describes the modules which make up a network telemetry framework and decomposes the telemetry system into a set of distinct components that existing and future work can easily map to. 5. Network Telemetry Framework The top level network telemetry framework partitions the network telemetry into four modules based on the telemetry data object source and represents their relationship. At the next level, the framework decomposes each module into separate components. Each of the modules follows the same underlying structure, with one component dedicated to the configuration of data subscriptions and data sources, a second component dedicated to encoding and exporting data, and a third component instrumenting the generation of telemetry related to the underlying resources. Throughout the framework, the same set of abstract data acquiring mechanisms and data types are applied. The two-level architecture with the uniform data abstraction helps accurately pinpoint a protocol or technique to its position in a network telemetry system or disaggregate a network telemetry system into manageable parts. RW: Relationship of telemetry data vs get requests. I.e., isn't telemtry just push rather than pulling data. Song, et al. Expires August 23, 2021 [Page 13] Internet-Draft Network Telemetry Framework February 2021 5.1. Top Level Modules Telemetry can be applied on the forwarding plane, the control plane, and the management plane in a network, as well as other sources out of the network, as shown in Figure 1. Therefore, we categorize the network telemetry into four distinct modules with each having its own interface to Network Operation Applications. +------------------------------+ | | | Network Operation |<-------+ | Applications | | | | | +------------------------------+ | ^ ^ ^ | | | | | V | V V +-----------|---+--------------+ +-----------+ | | | | | | | Control Pl|ane| | | External | | Telemetry | <---> | | Data and | | | | | | Event | | ^ V | Management | | Telemetry | +------|--------+ Plane | | | | V | Telemetry | +-----------+ | Forwarding | | | Plane <---> | | Telemetry | | | | | +---------------+--------------+ Figure 1: Modules in Layer Category of NTF RW: In this diagram, for me at least, I think that it would more natural to have Management Plane on the left, and Control/ Forwarding Plane on the right. The rationale of this partition lies in the different telemetry data objects which result in different data source and export locations. Such differences have profound implications on in-network data programming and processing capability, data encoding and transport protocol, and required data bandwidth and latency. RW: Data can be sent directly, or proxied via the control and management planes
- [OPSAWG] AD review of draft-ietf-opsawg-ntf-07 Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-ntf-07 Rob Wilton (rwilton)