IETF Logo Mail Archive

Re: [OPSAWG] AD review of draft-ietf-opsawg-sap-09

mohamed.boucadair@orange.com Wed, 09 November 2022 15:10 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B06F8C14F733; Wed, 9 Nov 2022 07:10:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70Xif58qpjTC; Wed, 9 Nov 2022 07:10:44 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5782BC1522B8; Wed, 9 Nov 2022 07:10:44 -0800 (PST)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr23.francetelecom.fr (ESMTP service) with ESMTPS id 4N6pLq0QFwz5wnr; Wed, 9 Nov 2022 16:10:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1668006643; bh=6TBhRIfSY14vyH3/itbdUoeDcGdUsGWbP0XEY8U9p0k=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=dEJHejPINzhFuRnywiAXgoSM+BZYAnEinCMDJGbcdIBcmt5Ol2qDFFCySvSuigqKN oPoHgsq+/p8WQrZP2uahWBumsZwUgJ0f1PddKEsQTSaYv+pK7SqWSNR20LS8dAM5hf DkoWv/cxG7mIZODu4OSWz9Cxl0Q++gIE04QstcGeJGP5phagtEe7HI07iSrYvRnoes s6rLA2bYgg3AEOqD+HGbFhVogTvMxZx6fgFkXc/0KkpPB7Oy3MN02xk71imFFCMdqw zI12JHU8pu04f/eHRYxCnhb8K/wunwYmG+7j3VeB/abjITyueWkw2bDJh8sFf2DZir v54S0IUQPjsuw==
From: mohamed.boucadair@orange.com
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "draft-ietf-opsawg-sap.all@ietf.org" <draft-ietf-opsawg-sap.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-sap-09
Thread-Index: AdjPQx6o5IkGa/MiRbSgFOql4kxVLAAATHXwAS1rwBAABRW0gAAFIiHwB6xNwiA=
Content-Class:
Date: Wed, 09 Nov 2022 15:10:42 +0000
Message-ID: <9635_1668006642_636BC2F2_9635_247_13_7e4598d105a54d1c90d7f96a01510be8@orange.com>
References: <BY5PR11MB41965219142B5D7477437604B5519@BY5PR11MB4196.namprd11.prod.outlook.com> <10618_1663938212_632DAEA4_10618_131_22_be9e97dad413420db9ac52ea0c8b38f0@orange.com> <BY5PR11MB4196EE66FFC3E63DE28AABA7B5579@BY5PR11MB4196.namprd11.prod.outlook.com> <11971_1664461105_6335A931_11971_276_1_ff1bd715600144a4831e519922785bbe@orange.com> <BY5PR11MB4196A321341B8076C67590BEB53D9@BY5PR11MB4196.namprd11.prod.outlook.com>
In-Reply-To: <BY5PR11MB4196A321341B8076C67590BEB53D9@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-11-07T18:09:49Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=7e88df74-b2c1-445a-9c9b-294eafff4365; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.115.27.53]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/umf4AmwJA61QHi-fybnZI6s0qQs>
Subject: Re: [OPSAWG] AD review of draft-ietf-opsawg-sap-09
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 15:10:48 -0000

Hi Rob, 

Thanks for the follow-up. 

Made some changes to hopefully fix the pending points: https://tinyurl.com/sap-latest. Also, added a NEW para to exemplify how controllers of each AS are using the model to provision inter-as VPN option A. This is to address a comment we received from an implementer.  

Please see inline for more context.

Will wait for your ACK before submitting the new version. 

Cheers,
Med

> -----Message d'origine-----
> De : Rob Wilton (rwilton) <rwilton@cisco.com>
> Envoyé : dimanche 6 novembre 2022 16:50
> À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; draft-
> ietf-opsawg-sap.all@ietf.org; opsawg@ietf.org
> Objet : RE: AD review of draft-ietf-opsawg-sap-09
> 
> Hi Med,
> 
> Apologies for the delay.  The behaviour is still not entirely clear to
> me.  Please see inline ...
> 
> > -----Original Message-----
> > From: mohamed.boucadair@orange.com
> > <mohamed.boucadair@orange.com>
> > Sent: 29 September 2022 15:18
> > To: Rob Wilton (rwilton) <rwilton@cisco.com>; draft-ietf-opsawg-
> > sap.all@ietf.org; opsawg@ietf.org
> > Subject: RE: AD review of draft-ietf-opsawg-sap-09
> >
> > Hi Rob,
> >
> > Thanks for the follow-up.
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Rob Wilton (rwilton) <rwilton@cisco.com> Envoyé : jeudi 29
> > > septembre 2022 15:24 À : BOUCADAIR Mohamed INNOV/NET
> > <mohamed.boucadair@orange.com>;
> > > draft-ietf-opsawg-sap.all@ietf.org; opsawg@ietf.org Objet : RE: AD
> > > review of draft-ietf-opsawg-sap-09
> > >
> > > Hi Med,
> > >
> > > Comments inline below ...
> > >
> > > I've snipped out anything that we have already reached agreement
> on.
> > >
> > >
> > > > -----Original Message-----
> > > > From: mohamed.boucadair@orange.com
> > > > <mohamed.boucadair@orange.com>
> > > > Sent: 23 September 2022 14:04
> > > > To: Rob Wilton (rwilton) <rwilton@cisco.com>; draft-ietf-opsawg-
> > > > sap.all@ietf.org; opsawg@ietf.org
> > > > Subject: RE: AD review of draft-ietf-opsawg-sap-09
> > > >
> > > > Hi Rob,
> > > >
> > > > Thank you for the review. The changes can be tracked at:
> > > > https://tinyurl.com/sap-latest
> > > >
> > > > Please note that I made a change to better allow for reuse of
> > > the SAP
> > > > information in other modules (this can be tracked here:
> > > > https://github.com/IETF-OPSAWG-
> > > > WG/lxnm/commit/e8b406d7fad5225dd84ad7ff03f6da446eae6736).
> > >
> > > Okay.
> > >
> > >
> > > >
> > > > Please see inline for more context.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : Rob Wilton (rwilton) <rwilton@cisco.com> Envoyé :
> > > vendredi 23
> > > > > septembre 2022 14:01 À : draft-ietf-opsawg-sap.all@ietf.org;
> > > > > opsawg@ietf.org Objet : AD review of draft-ietf-opsawg-sap-09
> > > > >
> > > > > Hi authors, WG,
> > > > >
> > > > > Thank you for this document.  I also think that this document
> > > is
> > > > > well written and in good shape, and I mostly found the
> > > explanations
> > > > > and examples clear.  There were two specific points that I
> > > found
> > > > > slightly confusing related to differentiating between SAPs in
> > > use,
> > > > > and those that are not, and also parent interfaces also be
> > > listed as
> > > > > SAPs, details below.
> > > >
> > > > [Med] Thanks
> > > >
> > > > >
> > > > > Moderate level comments:
> > > > >
> > > > > (1) p 10, sec 5.  SAP Module Tree Structure
> > > > >
> > > > >       SAPs that are associated with the interfaces that are
> > > directly
> > > > >       hosting services, interfaces that are ready to host per-
> > > > > service
> > > > >       sub-interfaces (but not yet activated), or service that
> > > are
> > > > >       already instantiated on sub-interfaces are listed as
> > > SAPs.
> > > > >
> > > > > >From the model, is isn't clear to me how different
> > > differentiates
> > > > > between a SAP that has been pre-provisioned to potentially be
> > > used
> > > > > for a service in future, v.s., one is that is actively
> > > provisioned.
> > > >
> > > > [Med] This is inferred from the service-status=down for these
> > > SAPs.
> > >
> > > So, thinking of this at device level configuration there is
> > > effectively 3 levels of configuration/activation (at least for
> > > L2VPNs):
> > >
> > > (1) A sub-interface is configured, but without any IP address or
> > > VRF (for L3VPN), or without being attached to an L2VPN or Bridge
> > > Domain (for L2VPNs).  I.e., the sub-interface isn't connected
> > > anyway.
> > > (2) The sub-interface is configured and connected into a bridge
> > > domain or P2P L2VPN but that service is down (e.g., perhaps
> > > because the AC at the remote end of the L2VPN is physically down).
> > > (3) The sub-interface is configured and connected into a bridge
> > > domain or P2P L2VPN and that service is up.
> > >
> > > I think that you are saying that you regard that both (1) and (2)
> > > would be indicated by service-status=down?  Would it be worth
> > > expanding the description at all to make this more explicit?
> >
> > [Med] The implicit model has some limitations, indeed. Glad to see
> that we
> > reached the same conclusion. Please see this note I sent early this
> week:
> >
> https://mailarchive.ietf.org/arch/msg/opsawg/C_aI8qsGbdUif9Ems8bN0s3E
> > kj4/
> >
> >
> >  But
> > > I'm still not convinced this will be sufficient (e.g., see my
> > > following response below related to the example for selecting a
> > > service).
> > >
> > > >
> > > >
> > > >   I think that it would be helpful if these two cases
> > > > > can be clearly distinguished.  Note, I have made a similar
> > > comment
> > > > > related to appendix D about identifying a "free" SAP.
> > > >
> > > > [Med] Added this NEW to the appendix:
> > > >
> > > > "SAPs that are ready to host per-service (but not yet activated)
> > > are
> > > > identified by the "service-status" set to "ietf-vpn-common:op-
> > > down"."
> > >
> > > But how do you distinguish between a SAP that hasn't been
> > > provisioned yet to a service vs a SAP that has been provisioned
> > > but the service is down?  E.g., trying to find a free SAP just by
> > > looking for a SAP with a service-status of op-down doesn't appear
> > > to be sufficient on its own.
> >
> > [Med] A SAP that is not provisioned yet will have a sap-status=down,
> while
> > the one that is provision but the service is not activated will have
> sap-
> > status=up and service-status=down. Isn't that sufficient?
> 
> I would have assumed:
>  - If sap-status is down then the service-status must also be down,
> right?

[Med] Actually, no. The service status indicates whether a service is associated with the SAP. Added both the admin and op status of the service status and added this NEW text: 

"This data node indicates whether a service is bound to this SAP and, as such, it is not influenced by the value of the 'sap-status'."

>  - if the sap is a sub-interface and the parent interface is down,
> then the sap-status would also be down?
> 
> Hence, I would have thought that you cannot distinguish between it not
> being provisioned and it is provisioned but the SAP is down either due
> to the parent, or perhaps the sub-interface has explicitly been forced
> down for some reason (perhaps due to config, or other reasons).
> 
> Perhaps you are saying that this isn't a problem in practice?
>

[Med] I think that having an admin status to explicitly indicate whether a service is activated for a SAP makes the checks to find a free SAP more easier. 
 
> 
> >
> > >
> > >
> > >
> > > >
> > > > >
> > > > >
> > > > > (2) p 28, sec Appendix B.  A Simple Example of SAP Network
> > > Model:
> > > > > Node Filter
> > > > >
> > > >
> > > > [Med] Please note "Simple" in the title :-)
> > >
> > > OK, noted. ;-)
> > >
> > >
> > > >
> > > > >    A service orchestrator can query what services are provided
> > > on
> > > > > which
> > > > >    SAPs of PE1 from the network controller by sending, e.g., a
> > > GET
> > > > >    RESTCONF request.  Figure 9 shows the body of the RESTCONF
> > > > > response
> > > > >    that is received from the network controller.
> > > > >
> > > > > In this example, you have GE0/6/4 as being ready to host SAPs,
> > > but I
> > > > > could equally imagine that given GE0/6/4 is just a UNI, then
> > > you may
> > > > > not want the parent interface to be available to host SAPs
> > > directly
> > > > > at all.  I.e., it may always the case that sub-interfaces are
> > > used
> > > > > as SAPs.  Hence, did you consider whether it makes sense for
> > > there
> > > > > to be a different category of SAP service-types for UNI's and
> > > NNI's
> > > > > that don't host services directly on the interface, but always
> > > on
> > > > > sub-interfaces?
> > > >
> > > > [Med] Yes, we do need this for the LxVPN case.
> > >
> > > It's still not clear to me.  E.g., in the example, GE0/6/4 is
> > > listed as an VPLS SAP and as an L3VPN SAP,
> >
> > [Med] I see. That SAP is a special one as it tags an interface that
> is ready to
> > host per-service sub-interfaces. This is now clearly indicated by
> the new leaf
> > "ready-child-sap". This is some kind of root or parent SAP.
> 
> Okay.
> 
> So, does "ready-child-sap" mean that the interface itself cannot be
> directly bound to a service, and only the child SAPs can be?  Or does
> it mean that a service could be bound both to the sap itself, and also
> as child SAPs?  Either way, I think that it would be helpful for that
> to be documented/clarified.
> 

Med: Added a note that basically says that this depends on the service. For example, a slice service can be bound to the parent and/or the childs.

> I still not a big fan of the name "ready-child-sap", because it seems
> to describe a point of time rather that what it is.  Would something
> like "allows-child-saps" or "child-sap-capable" be clearer?
> 

Med: Went for "allows-child-saps" 



_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email