[OPSAWG] AD review of draft-ietf-opsawg-l2nm-12
"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 17 March 2022 20:53 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E76EA3A15AD; Thu, 17 Mar 2022 13:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.606
X-Spam-Level:
X-Spam-Status: No, score=-9.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=eBSzj29H; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=W/5T8JiE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15Ohe3tvn5Ha; Thu, 17 Mar 2022 13:53:32 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F25B3A15AF; Thu, 17 Mar 2022 13:53:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=47734; q=dns/txt; s=iport; t=1647550412; x=1648760012; h=from:to:cc:subject:date:message-id:mime-version; bh=xyo8zqnrlJsqsmM/BIExkIrSH5/vMS60CtIlRPmL+bg=; b=eBSzj29HN0pRWqSdCDtLAJHLjN+LNvYQOlX2dLPyrH9+LZedUcPWCGsA myTegB1oQaxbMp71NZUDB1mLhaBFau1fxFJJ4M5QmsLf0V95+UgidFr9p 1YSIGx+Ef27hmXhlpGwxApoUgCMNfJi+6746mIrdW4xwnRRk/PwyA2niT 8=;
X-Files: draft-ietf-opsawg-l2nm-12-ad-review.txt : 19696
IronPort-PHdr: A9a23:DXFEbhFpU57omJ2H5ds/GZ1GfiYY04WdBeZdwpYkircbdKOl8tyiOUHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvGsNEWRdl8ni3PFITFtz5YgjZo2a56ngZHRCsXTc=
IronPort-Data: A9a23:02oa+asklNBNNyVUndyFxGiB4ufnVO1cMUV32f8akzHdYApBs4E2ekKraxnSeK7cJn+sLp0gddL2thtB7ouJzIg+VQNusHhhCmhHt8vIGpKFPluY00i6cZ2ZE0tpscsUZombcpxoQ3OEqx7zOba6oSh2if7SF+ekULGVNiwuT1RqRi0q00I9xr5ljNU40NTiDQrXst78raUzVLPdN2lcazNKuvzrlS6DnMgemRsU5wA3Na8SsAfUzXdJVsITeK2/fiLzTtMJRb/mHOrOx5i0rzjTl/sP5nxJsVpannXnydc+BCDW4pZtc/Xk00AqShAaiP5hbqJHMBgP0F1lovgooDlznc3oIesWFvWkdNQ1C3G0IgkmVUF00OavzUuX6aR/+3b7n07EmJ2COq2Z0bowoY6bCUkWnRARxatkghqr34pay5rjIgVga1hKESXlAG8fkikIITDxF/0qR9XIRL/HoIAe1zYrjccIFvHbDyYbQWMwN1KbPFseYRFOVMlWcOSA3hETdxVCt1ORua0xy2PS1wd2lrPqNbI5f/TbHJsKxRjH+j6uE2PRR0ty2Mak4T2d6XuzicfOkD/1HoUIG9WQ+uRjjkHWx2EPBlgRTUCyvvb8jhS4XpRWL0g8+ycyo+417kPDczVXd3VUu1aetRIaHtFXCeB/t0eGy7Hf5ECSAW1sc9KIU/R+3OdeeNDg/gbhcwvVOAFS
IronPort-HdrOrdr: A9a23:Qix62a1fh54+8NxkUqUkWQqjBQpyeYIsimQD101hICG9Lfb3qyn+ppsmPEHP5Ar5AEtQ4+xpOMG7MBfhHO1OkPQs1NaZLUPbUQ6TTb2KgrGSuwEIdxeOlNK1tp0QPpSWaueAdmSS5PySiGLTfrZQo+Vvm5rY4ts2uk0dND2CHJsQiTuRZDzrd3FedU1jP94UBZCc7s1Iq36LYnIMdPm2AXEDQqzqu8DLvIiOW29LOzcXrC21yR+44r/zFBaVmj0EVSlU/Lsk+W/Z1yTk+6SYte2hwBO07R6d030Woqqu9jJwPr3NtiEnEESutu9uXvUiZ1S2hkF1nAho0idurDCDmWZlAy050QKsQoj8m2qT5+Cn6kdo15cnomXo2EcKZqfCNXQH4oN69PxkWwqc5Ew6sN5m1qVXm2qfqppMFBvF2D/w/t7SSnhR5wOJSFcZ4JkuZkZkIP0jgX5q3P4i1VIQFI1FEDPx6YghHuUrBMbA5OxOeVffa3zCpGFgzNGlQ3x2R369MwM/k93Q1yITkGFyzkMeysBalnAc9IglQ50B4+jfKKxnmLxHU8dTZ6NgA+UKR9exFwX2MFrxGXPXJU6iGLAMOnrLpZKy6LIp5PuycJhN15c2kISpaiItiYfzQTOaNSSj5uw6zvmWehTNYd3E8LAs26RE
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BTAAAvnzNi/49dJa1QAQkcAQEBAQEBBwEBEgEBBAQBAUCBRgcBAQsBgVEoBigHgUkIN0SIHgOEWWCFEIMCgRaPLYp0gS4UgREDVAQHAQEBDQEBQQQBAYUHAoQsAiU0CQ4BAgQBAQESAQEFAQEBAgEHBIEJE4VoAQyGRRYIASUBATcBEQFQMCYBBA4NBg0HggRfgmUDLgGhfAGBOgKBDokReIEzgQGCCAEBBgQEhQsYgjAHCYE8AYMQi18cgUlEgRVDgjCEfAkCBgEDASoVFYMlgi6WewotEC4GAg8tAgsJEAQbFAkvOwEQGwpACwozBhkFAQEEBjgCkgcLjSpAgUGKfJNrCoNJhW2aIBWDc4wumBmWWSCfHoFiMgslhFcCBAIEBQIOAQEGgWE8Kz5wcBU7gmlRGQ+OIAwFEYNQil51OAIGCwEBAwmNBgEngiABAQ
X-IronPort-AV: E=Sophos;i="5.90,190,1643673600"; d="txt'?scan'208";a="916736744"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Mar 2022 20:53:30 +0000
Received: from mail.cisco.com (xfe-rtp-002.cisco.com [64.101.210.232]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 22HKrUsB024813 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 17 Mar 2022 20:53:30 GMT
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 17 Mar 2022 16:53:29 -0400
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Thu, 17 Mar 2022 16:53:29 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TWCGPPVctCsBTgFJ72OsAmICjUJmEoRiT/0ssjrTNUBYjFoBcQGgERvUiLoh4kKsP/oDv5ye5ewzpmxh0mYrsj1WO7cSjS27es9eUCDHsrRLC8MMgFDOu2r5kBO9lC46SyPGrthTubnBQhnX8sB2eNVAbNCseBjrD6nK/AXPben7XkU67/t2MU/CJoqq4SyYrSX0KvdFpmf0WyBD7ZfGunn56xReY64B7KBXd3HN+Q7sUl7bWk2OnlIqnqbQAHS5fH/ryteZ8BlezB+s5MublZYEaEZiM2Jqz8JVOmSMkKb7z9kWWyCisF3VvoyqlYojV1Y/reMLKkSkQgqmuEDGsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M7yyy9UcJcJsCHn/V//AhKr6BaAr6bFcNVg6e8GaN4I=; b=mt3LiCYErKWNv14mgi+II8xzt5t2a4HX3hsPqn4nIyjNi9/JvjT7ByJOleMyd7Tga+/ne/lE8ucsve4IBehpMkKSS3Ycbl+MSO5WXkvsdKVUooDbLYW2mlVALaVOBMX2KBJ9BoIsjekhvnHYi4IGivY818WIRQv+NfDq6ODNxi7hMIlKR6yPHCxpMQhcK8h2vSmoyrpqN92mEK4ABgbGhEszd0/S7OOtRNFaSvfEnkfDbchPCqmONZ+1Yf1IS+NrV7nJzNXKyTroB5vQmsfEPd3FEs4xD3OXFbfh1JAacU9uvn/dEtYApKAI8Swuvu7+Q98B3miay3+B+iFwGe0zsg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M7yyy9UcJcJsCHn/V//AhKr6BaAr6bFcNVg6e8GaN4I=; b=W/5T8JiEpbmzSNwSKT31oVoDtj6RLPDJoZbmOMHs8EnPztXHPStZBePl+NxoXctahvQ6bCUdrWrmuXwQ2EcfB8hETIgKOLaBfrh2yvXOp3xXKufThBX/ieCmDbg//saJNRku0s1I9U2g5onSExekPeaoqJaG0aLohiz6OCA29bE=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by BN8PR11MB3779.namprd11.prod.outlook.com (2603:10b6:408:8a::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Thu, 17 Mar 2022 20:53:27 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::98bf:c4ea:a0fe:42f3]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::98bf:c4ea:a0fe:42f3%7]) with mapi id 15.20.5081.017; Thu, 17 Mar 2022 20:53:27 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "draft-ietf-opsawg-l2nm.all@ietf.org" <draft-ietf-opsawg-l2nm.all@ietf.org>
CC: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-l2nm-12
Thread-Index: Adg6JPtifhjp1EZvStSuOAsRzkyF8g==
Date: Thu, 17 Mar 2022 20:53:27 +0000
Message-ID: <BY5PR11MB419654000FDB77787A24072CB5129@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3f964081-18b7-4b98-9b51-08da08582f81
x-ms-traffictypediagnostic: BN8PR11MB3779:EE_
x-microsoft-antispam-prvs: <BN8PR11MB3779F1136AB9765995C7D86CB5129@BN8PR11MB3779.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8qtrDysRDZPyHA5u4QgHLTNa/L3mSDroMEQIJkKWYo0FCfBhoqPtZUY3Z9Q43KvcfPncmepoKlNYvp8RIGG++pPOHY8TCrAb6PemCjfrPe5E5I0fq4BDlsaQ5/zEma7pgbyEHCRh5hWe1F3+d+vDDC6yVd5gfbVffZDPcrBGke+XA+9HN819VJ2DdQYPv8lcb2062y9ESR/I2OBXpLnnKlB0/p7lQl5MtIsvltqlyZUNjRKdis2qi7s2qx6Py/Z8M5YGKRAsQA4AUp50I6Ra+SccJjR1RGoHS6Y/rbViX0AZ33El7hMTKon0kjIQlhRyro1ldozVDX8bzpqBiM6zKe7ctyXQacolcjBgb8S7l2Yr9MMrKq2P5UiN2FkMLk6MRIwrBgGbXVE1KJZWToZ9GztbiA1pBnKAflcImkpd4xZXsFJ1K5OU6q2i8g15p7E7Vmp3p5uqwjDBosTvuUc6UDAvWPCCQvAcgISX+9VSG1NQFIfduJo3LDK2fnczwY1BBw4jOo80yQuh74eXWnY9R8n74hXLxQ9AFOcYEWQo9Bt92cGtsS5Jcu2JDVlQz0iC2STix+fJX9iMBXpJH0UNduEnpl26hkCqWUdCgZfvHRmzcew47XTH1ilTsg6kr11mmLij+u1IhE1bn/Y5TyWZdpBISJpew0tk5CpkIWUWezaC77bb7NCcxLyM9xOQYO3zzZysk4deK3chF8sm/oOS4fx5aQZexnWisHh/WNzyHhg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(66574015)(38070700005)(186003)(26005)(66946007)(99936003)(38100700002)(122000001)(83380400001)(8936002)(5660300002)(30864003)(52536014)(64756008)(66446008)(66556008)(4326008)(66476007)(55016003)(2906002)(76116006)(508600001)(7696005)(316002)(450100002)(9686003)(71200400001)(6916009)(86362001)(6506007)(33656002)(8676002)(357404004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: P1QIeAiKg9RUjZL2PPEdjmjp52VQd+0ivHM6fBiyt6Xv8nCnRE64Y1YqVCKl7s8WKyK2i1OD8NtlNIISqQUIVNVdlxx5wetgo0Vfkvmm1CYx6nYUxymyH4UEQtL2MWbOIcwtL0fCFZskNMF0++/Otm1+wqk+Y0HKiaiQkJ6taS2A/9Zu3GOX+BnXzV0BwR2yM5kZKHuvR1EjGvA2LQEmC8I8eFu5PDEq9Ehn2jRk6kHh8WYzMLBxNQH5AHkqB2UsuzkniTEJcO+vFgCC4SPKUFrIgmjQBom9Sm6jE80UC4pLJHUMrsnHjuKIe/uNpp6KVDVHbEGo/44W8H3JNOsN5AHJc1yJtDYN1OZcZ4OE296k8c5XeV/hUn9e5fr16ysFijEpmigkaAUvnZhKWEjCJXgGsp1RmJn9/Tlp5h+aIgwJBo/apn7m6bYkxi/QpEE96+iI93JJaPUIiOCvMJwDCcl+WCvl0z9t6FxkO0dRmP11AqObh1fOG6WVKE6VnYJlERTklk8nh3OiPw0YFbrt7iv+62OChSfjx2JYBQMCztGSxD64Pm6+z4O8omzQUmA5UQ1ARyAA1G5EIJ+vMeeDZpjNqtlIUVlDGM7vR3uXQrrCMervbr+MljmVwcclnxqm4j9+mX3RzFzkrrnsyNZZWS9GdqYFmuDzDhCV0rojJjVqmd8YH0CJY6G7zwz64r+yjs1uJf2sjmKXQzq6McksPeEmlRyAWQl7Q8oOuoTz+vxBfBu9ru5w6cIvcL+sBzVls1+iNO4jquBXR1l4VXPD7k3YR32a87znDI7gea+ZlP38BzfdhUVHrJoqOUcTWUhQmnPPWKHNwnhV7QKUV3qi/pIyn2UufQhW64R6oCyje1ObKBKGaJgOwWXcNBqkmx4Nk6LYogErDoIOieuhX7feZR/1WxoagFIi+1x8Lt6vlTmNQcYpD7cn8K6Oy7Sbv/00BufOCHWgGxBK3mNTf1pg7Hh3qNf54MU9L8XAq2d82U1PMAdBj9p5KSP6c8zNg+a3DarYzDr4vodulWYm2OW+zJJVQXsIv8D7esihWu86tAg/bQYBYlFjLh85kCEJJ2xpEc5pi9Lw+sQGTKf+lmBQrGsgYYmqhWFmLXhSr3Nh+KH7Y2fOAycafT+1AAD0ipWGInYUNvE1nG5dZUl9VnOkcqMTkQhKv9f5t8pu7Ps9jeAzmgRGSSDGiaBaC5T+N1RPx5Pgp4Uv9gvhCvNzL7bKbc6Wnyy9wbDzQb04Yxvk27+tdoJtOLCwJ2cuUfc3y560tNvpW2e5uhn/ZlcuGbsC6q/FhfJeeAoU3iVAM0HqUwXmE7KnukckUyXPIYGfv2MWbYkqBnoeOiE4BsbFFKduuKFRLmBDlwQqveS9WrBHq7qa0Dx2yNimhu94iFJmb3vW2hDow/83LKFBdbvMDbBHWqOzgVluwVSzhoz1j93IMDdZIYYiNc7DxKFMskiYyLsE
Content-Type: multipart/mixed; boundary="_002_BY5PR11MB419654000FDB77787A24072CB5129BY5PR11MB4196namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f964081-18b7-4b98-9b51-08da08582f81
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2022 20:53:27.1326 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z7GOUZy/Ix9NBL3mFtddU8GS36eR/VPZX+dxoKnPxfXPXeqvvqDAqZJdL4gn73Ge2/uDaDLdWtB16R2AFAaLJg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3779
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.232, xfe-rtp-002.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/xqr4GOBPivpEj_o65Arx9f9WMT0>
Subject: [OPSAWG] AD review of draft-ietf-opsawg-l2nm-12
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 20:53:38 -0000
Hi,
Apologies for the delay, but I have now managed my AD review of draft-ietf-opsawg-l2nm-12. (Also attached in case my email is truncated ...)
I would like to thank the authors, WG for their work on this document, and the shepherd for his review. I found the document to be well written and pretty straightforward to follow and understand. I also believe that this document is a useful addition to the YANG and Network Management Ecosystem, to thank you for that.
Anyway, here my comments. I think that they mostly pretty minor, but perhaps a few that my need a bit more thought. Hopefully they will help improve the doc.
---
Moderate comments:
(1)
The VPN network access is comprised of:
'id': Includes an identifier of the VPN network access.
'description': Includes a textual description of the VPN network
access.
'interface-id': Indicates the interface on which the VPN network
access is bound.
'global-parameters-profile': Provides a pointer to an active
'global-parameters-profile' at the VPN node level. Referencing an
active 'global-parameters-profile' implies that all associated
data nodes will be inherited by the VPN network access. However,
some of the inherited data nodes (e.g., ACL policies) can be
overridden at the VPN network access level. In such case,
adjusted values take precedence over inherited ones.
It wasn't entirely clear to me how this works with the global parameters defined at the VPN network access level and the VPN node level work. Is this meant to be a 3 tier hierarchy, or is it always only 2 tiers? Are you allowed to reference different global profiles both at the VPN network access level and the VPN node level? Possibly, some slightly expanded description here may be helpful (and/or in the YANG module).
(2) | +--rw encapsulation
| | +--rw encap-type? identityref
| | +--rw dot1q
| | | +--rw tag-type? identityref
| | | +--rw cvlan-id? uint16
Did you consider adding support for ranges or sets of VLAN Ids (e.g., a list of non-overlapping ranges) (both for the single and double tagged cases)?
(3) | +--rw lag-interface
I'm slightly surprised that you don't have parameters for the physical interfaces, and I can understand your justification for this, but then you do have configuration for LAG, including configuration for the underlying member interfaces. This feels slightly inconsistent to me at the level that the configuration is being provided. Understanding the rationale a bit more here might be helpful, and I think that we should double check that this should definitely be in this model.
(4) +--rw svc-pe-to-ce-bandwidth
| {vpn-common:inbound-bw}?
| +--rw pe-to-ce-bandwidth* [bw-type]
Can you specify different bandwidths for multiple CoS fields? It looks like the list key is the bw-type, and hence you would only be able to specify the bandwidth for a single CoS field? Is that sufficient?
(5) 8.3. Ethernet Segments
The names used here don't seem to be particularly friendly. Is giving them more human understandable identity names an option, or are these names directly mirroring some other registry? Or perhaps even something like esi-type-1-lacp, esi-type-3-mac, etc?
(6) leaf svc-mtu {
type uint32;
description
"Service MTU, it is also known as the maximum transmission
unit or maximum frame size. When a frame is larger than
the MTU, it is fragmented to accommodate the MTU of the
network.";
}
MTU's turn up in various places. Given that MTUs seem to mean different things for different people, please can you check the descriptions and given that this model is for L2VPN's be super explicit about whether these MTUs are representing the L3 payload, or the max frame size including the L2 header and presumably FCS sequence as well.
(7) identity mac-action {
description
"Base identity for a MAC action.";
}
Would an VPN implementation ever want to drop and log rather than just doing one or the other?
(8) Hierarchical groupings and defaults
I want to check what the model/plan is regarding hierarchical config (e.g., grouping parameters-profile) and default values. It looks like some of the leaves in the provide have default values, which I believe will be ambiguous when it comes to hierarchical config. I.e., normally I would never expect that a leaf with a default value defined would fall back to the hierarchical policy because logically the leaf always has a value if it is in scope. One solution to this problem (that is a bit more verbose), would be to take the defaults out of the leaves in the grouping, and then add them back in using "refine" them using refine statements when the global parameters-profile is used. Another choice would be to not express these using the YANG "default" keyword at all, and instead describe the defaults in the description.
Generally, defining defaults where we can is probably useful, but we need to be careful with any hierarchical config/policies.
(9) Various comment related to handling VLAN tag rewrites:
container dot1q {
container rewrite {
description
leaf pop {
type enumeration {
enum 1 {
description
"Allows one (1) tag removal.";
}
enum 2 {
description
"Allows two (2) tags removal.";
}
}
description
"Tag removal.";
}
leaf translate {
type enumeration {
enum 1-to-1 {
description
"Allows one (1) to one (1) tag
translation.";
}
enum 1-to-2 {
description
"Allows one (1) to two (2) tags
translation.";
}
enum 2-to-1 {
description
"Allows two (2) to one (1) tag
translation.";
}
enum 2-to-2 {
description
"Allows two (2) to two (2) tags
translation.";
}
(i) This rewrite command is currently under dot1q and not qinq, hence it only seems to apply to single tagged interfaces.
(ii) Logically, any pops should be limited to only popping matched tags (e.g., don't allow a 2 tag pop if a single tag is matched) or otherwise the operation cannot be done symmetrically.
(iii) leaf pop could just be defined as an int8 (range 1-2) rather than an enumeration.
(iv) Currently there is no way of pushing more than one tag (which currently must be a C-VLAN tag).
(v) There is no choice in the Ethertype of the tag that is being pushed (but perhaps this is okay, if a single tag is pushed it is always a C-VLAN, if two tags are pushed then it is S-VLAN, C-VLAN).
(vi) Do you want/need the translate enumeration leaf alongside the push and pop?
(vii) The "direction" enum only has one option, perhaps allowing a deviation to support asymmetric rewrites? But those cannot really be expressed with how the current model is defined anyway. It might be worth making symmetric the default choice, but I'm not sure whether you want the leaf at all?
(10)
leaf speed {
type uint32;
units "mbps";
default "10";
description
"LACP speed.";
}
10 Mbps seems like a slow default LACP speed. Does this need a default at all, Ethernet interfaces would generally negotiate to the fastest supported speed. The same comment applies to the port speed.
(11)
I did wonder whether it is okay to include the BGP and PW types as part of this draft? Personally, since they will be controlled by IANA anyway, and this is where they are being used I think that is okay, but I was wondering whether IDR/BESS had been consulted on this at all, it might be worth checking with them that they are okay.
Minor comments/nits:
(1)
In particular, the model can be used in the communication
interface between the entity that interacts directly with the
customer, the service orchestrator (either fully automated or a human
operator), and the entity in charge of network orchestration and
control (a.k.a., network controller/orchestrator) by allowing for
more network-centric information to be included.
Nit (since this is explained more clearly later in the document): It was unclear to me whether this this sentence is about 3 entities or 2. I.e., specifically, whether the "entity that interacts directly with the customer" is the service orchestrator. For clarity, would it be clearer as: ",i.e., the service orchestrator,".
(2) 'signaling-type': Indicates the signaling that is used for setting
pseudowires.
Nit: setting pseudowires => setting up pseudowires?
(3)
'mac-loop-prevention': Container for MAC loop prevention.
'window': The timer when a MAC mobility event is detected.
'frequency': The number of times to detect MAC duplication,
where a 'duplicate MAC address' situation has occurred and
the duplicate MAC address has been added to a list of
duplicate MAC addresses.
The description of frequency wasn't really clear to me, perhaps this could be made clearer, or perhaps I just need educating!
(4) 'multicast-like': Controls whether multicast is allowed in the
service.
'multicast-like' seems like a strange name. Wouldn't the service either support/emulate multicast or not?
(5) 7.5. VPN Nodes
+--rw vpn-nodes
+--rw vpn-node* [vpn-node-id]
+--rw vpn-node-id vpn-common:vpn-id
+--rw description? string
+--rw ne-id? string
+--rw role? identityref
'role' doesn't seem to be described in the description that follows, or specifically, it is not in the description where I expected it to be.
(6)
| +--rw (signaling-option)?
| ...
| +--:(bgp)
| | ...
| +--:(ldp-or-l2tp)
It's not obvious to me why LDP and L2TP are bundled together in the same signaling option.
More generally, I was surprised that you don't have containers at the top-level of the signaling-options, e.g, to be explicit about what signaling option is being used (i.e., what branch of the choice is being selected). Is the thinking that you already have "signaling-type" earlier in the definition. Personally, I think that having containers here would probably be clearer, but I'm happy to leave it to the authors discretion.
(7) Section 8.1/8.2
Quite a lot of these types look like they are probably dead or not useful. I guess that publishing them all to keep them directly in sync with the associated IANA registries makes sense, but I wonder if it would be helpful to have any text indicating that only some of these types are likely to be useful, or perhaps highlight the ones that are more likely to be used?
(8)
leaf mac-num-limit {
type uint16;
default "2";
description
"Maximum number of MAC addresses learned from
the customer for a single service instance.";
}
"2" feels like a slightly strange default here, rather than say "1" or having no default. What is the basis of this value.
(9)
leaf action {
type identityref {
base mac-action;
}
default "warning";
description
"specify the action when the upper limit is
exceeded: drop the packet, flood the
packet, or simply send a warning log
message.";
}
In the case of sending a warning log message, does this mean that the packet is still forwarded normally? In the case of flood, does that mean that the MAC address is not learned?
(10)
leaf router-id {
type rt-types:router-id;
description
"A 32-bit number in the dotted-quad format that is
used to uniquely identify a node within an
autonomous system (AS). ";
}
Nit: Trailing space in the description.
(11) container bum-management {
description
"Broadcast-unknown-unicast-multicast
management.";
leaf discard-broadcast {
type boolean;
description
"Discards broadcast, when enabled.";
}
leaf discard-unknown-multicast {
type boolean;
description
"Discards unknown multicast, when
enabled.";
}
leaf discard-unknown-unicast {
type boolean;
description
"Discards unknown unicast, when
enabled.";
}
}
>From the descriptions, it looks like these could be default "false" (subject to the comment about hierarchical configuration)?
(12)
9. Security Considerations
* 'ethernet-segments' and 'vpn-services': An attacker who is able to
access network nodes can undertake various attacks, such as
deleting a running L2VPN service, interrupting all the traffic of
a client.
Is there a risk that an attacker could add a VPN endpoint that they control, and hence either inject or snoop traffic in the L2VPN service (which is arguably worse than either interrupting or deleting the L2VPN service)?
(13)
10.2. BGP Layer 2 Encapsulation Types
This document defines the initial version of the IANA-maintained
"iana-bgp-l2-encaps" YANG module.
Perhaps include the reference back to the section where the YANG module is defined? And similarly for the PW types YANG module.
(14)
When a Layer 2 encapsulation type is added to the "BGP Layer 2
Encapsulation Types" registry, a new "identity" statement must be
added to the "iana-bgp-l2-encaps" YANG module. The name of the
"identity" is the lower-case of encapsulation name provided in the
description. The "identity" statement should have the following sub-
statements defined:
Nit: of encapsulation name => of the encapsultion name
(15)
When the "iana-bgp-l2-encaps" YANG module is updated, a new
"revision" statement must be added in front of the existing revision
statements.
Possibly refine this to (for both modules) - there was a case where IANA accidentally created two entries with the same revision date when adding 2 types:
When the "iana-bgp-l2-encaps" YANG module is updated, a new
"revision" statement with a unique revision date must be added in front
of the existing revision statements.
(16)
A.5
"auto-ethernet-segment-identifier": "01:11:00:11:00:11:\
11:9A:00:00"
lowercase A would be canonical in the hex string.
--------
Grammar nits from an automated tool.
Grammar Warnings:
Section: 2, draft text:
The VPN node will identify the service providers node on which the VPN is deployed.
Warning: Apostrophe might be missing.
Suggested change: "providers'"
Section: 7.2, draft text:
An external connectivity may be an access to the Internet or a restricted connectivity such as access to a public/private cloud.
Warning: Uncountable nouns are usually not used with an indefinite article. Use simply access.
Suggested change: "access"
Section: 7.4, draft text:
Some of the data nodes can be adjusted at the VPN node or VPN network access levels.
Warning: If the text is a generality, 'of the' is not necessary.
Suggested change: "Some"
Section: 7.6, draft text:
A 'vpn-network-access' ([vpn_network_access_tree]) represents an entry point to a VPN service .
Warning: Don't put a space before the full stop.
Suggested change: "."
Section: 7.6, draft text:
A 'vpn-network-access' includes information such as the connection on which the access is defined , the specific Layer 2 service requirements, etc.
Warning: Put a space after the comma, but not before the comma.
Suggested change: ","
Section: 7.6, draft text:
The VPN network access is comprised of:
Warning: Did you mean comprises or consists of or is composed of?
Suggested change: "comprises"
Section: 7.6, draft text:
However, some of the inherited data nodes (e.g., ACL policies) can be overridden at the VPN network access level.
Warning: If the text is a generality, 'of the' is not necessary.
Suggested change: "some"
Section: 7.6.1, draft text:
The L2NM inherits the 'member-link-list' structure from the L2SM (including indication of OAM 802.3ah support [IEEE-802-3ah].
Warning: Unpaired symbol: ')' seems to be missing
Section: 7.6.4, draft text:
An ACL can be based on source MAC address, source MAC address mask, destination MAC address , and destination MAC address mask.
Warning: Put a space after the comma, but not before the comma.
Suggested change: ","
Section: 9, draft text:
Some of the readable data nodes in the "ietf-l2vpn-ntw" YANG module may be considered sensitive or vulnerable in some network environments.
Warning: If the text is a generality, 'of the' is not necessary.
Suggested change: "Some"
Section: A.1, draft text:
This section provides an example to illustrate how the L2NM can be used to mange BGP-based VPLS.
Warning: Did you mean manage?
Suggested change: "manage"
Regards,
Rob
- [OPSAWG] AD review of draft-ietf-opsawg-l2nm-12 Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-l2nm-… mohamed.boucadair
- Re: [OPSAWG] AD review of draft-ietf-opsawg-l2nm-… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-l2nm-… mohamed.boucadair